about, whether they are builtins or not. Use this to add the
appropriate "format" attribute to NSLog, NSLogv, asprintf, and
vasprintf, and to translate builtin attributes (from Builtins.def)
into actual attributes on the function declaration.
Use the "printf" format attribute on function declarations to
determine whether we should do format string checking, rather than
looking at an ad hoc list of builtins and "known" function names.
Be a bit more careful about when we consider a function a "builtin" in
C++.
llvm-svn: 64561
ConstraintManager:
- constify getSymVal()
BasicConstraintManager:
- Pull out logic that would be common to ConstraintManagers of a similar nature
and put them in a parent class called 'SimpleConstraintManager'.
RangeConstraintManager:
- Added a new prototype ConstraintManager to track ranges of variables! This
ConstraintManager keeps tracks of ranges of concrete integers that a symbolic
integer may have.
AnalysisConsumer:
- Add driver option to use RangeConstraintManager with GRExprEngine-based
analyses.
llvm-svn: 64558
symbols from an SVal.
- Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark
live all the symbols reachable from a live block-level expression.
- Fixed a bug in the retain/release checker where it did not stop tracking
symbols that 'escaped' via compound literals being assigned to something the
BasicStoreManager didn't reason about.
llvm-svn: 64534
- Added a new 'node builder' class called GRStmtNodeBuilderRef (name may
change). This is essentially a smart reference to a GRStmtNodeBuilder object
that keeps track of the current context (predecessor node, GRExprEngine
object, etc.) The idea is to gradually simplify the interface between
GRExprEngine and GRTransferFuncs using this new builder (i.e., passing 1
argument instead of 5). It also handles some of the "auto-transition" for node
creation, simplifying some of the logic in GRExprEngine itself.
- Used GRStmtBuilderRef to replace GRTransferFuncs::EvalStore with
GRTransferFuncs::EvalBind. The new EvalBind method will be used at any
arbitrary places where a binding between a location and value takes place.
Moreover, GRTransferFuncs no longer has the responsibility to request
StoreManager to do the binding; this is now in GRExprEngine::EvalBind. All
GRTransferFuncs::EvalBind does is checker-specific logic (which can be a
no-op).
llvm-svn: 64525
etc.) when we perform name lookup on them. This ensures that we
produce the correct signature for these functions, which has two
practical impacts:
1) When we're supporting the "implicit function declaration" feature
of C99, these functions will be implicitly declared with the right
signature rather than as a function returning "int" with no
prototype. See PR3541 for the reason why this is important (hint:
GCC always predeclares these functions).
2) If users attempt to redeclare one of these library functions with
an incompatible signature, we produce a hard error.
This patch does a little bit of work to give reasonable error
messages. For example, when we hit case #1 we complain that we're
implicitly declaring this function with a specific signature, and then
we give a note that asks the user to include the appropriate header
(e.g., "please include <stdlib.h> or explicitly declare 'malloc'"). In
case #2, we show the type of the implicit builtin that was incorrectly
declared, so the user can see the problem. We could do better here:
for example, when displaying this latter error message we say
something like:
'strcpy' was implicitly declared here with type 'char *(char *, char
const *)'
but we should really print out a fake code line showing the
declaration, like this:
'strcpy' was implicitly declared here as:
char *strcpy(char *, char const *)
This would also be good for printing built-in candidates with C++
operator overloading.
The set of C library functions supported by this patch includes all
functions from the C99 specification's <stdlib.h> and <string.h> that
(a) are predefined by GCC and (b) have signatures that could cause
codegen issues if they are treated as functions with no prototype
returning and int. Future work could extend this set of functions to
other C library functions that we know about.
llvm-svn: 64504
- Add 'EvalBind', which will be used by 'EvalStore' to pull much of the value binding logic out of GRTransferFuncs.
- Rename many cases of 'St' to 'state'.
llvm-svn: 64426
- rename isObjCIdType/isObjCClassType -> isObjCIdStructType/isObjCClassStructType. The previous name didn't do what you would expect.
- add back isObjCIdType/isObjCClassType to do what you would expect. Not currently used, however many of the isObjCIdStructType/isObjCClassStructType clients could be converted over time.
- move static Sema function areComparableObjCInterfaces to ASTContext (renamed to areComparableObjCPointerTypes, since it now operates on pointer types).
llvm-svn: 64385
for FieldRegion. This enables us to track more values.
Simplify SymbolicRegion::getRValueType(). We assume the symbol always has
pointer type.
llvm-svn: 63928
do the symblic regions associated with them and we need them to be typed.
Current SymbolicRegion::getRValueType() method is very restricting. It may be
modified when we are more clear about what could be the types of symblic
regions.
BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a
subclass of SubRegion.
llvm-svn: 63844
checker. This was previously needed because BugReport objects were previously
allocated on the stack and not owned by BugReporter. Now we can just issue them
on the fly. This change was motivated because we were seeing some weird cases
where some really long paths would get issued for bugs (particularly leaks)
because of some double-caching.
llvm-svn: 63840
the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.
The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.
Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).
llvm-svn: 63796
makes it clear to clients that they have to pick an instantiation
or spelling location before calling it and allows optimization based
on that.
llvm-svn: 63698
the liveness state of block-level expressions could oscillate because
of two issues:
- The initial value before a merge was not always set to "Top"
- The set of live block-level expressions is a union, not an intersection
This fixes <rdar://problem/650084>.
llvm-svn: 63421
type" rather than the C definition. We do this because both C99 and
Clang always use "aggregate type" as "aggregate or union type", and
the C++ definition includes union types.
llvm-svn: 63395
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
ASTContext for the size (in bits) of 'int'. While it worked, it was a
conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
type "ConstantArray", and handles the case when uses use ordinary variables
as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
"array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>
llvm-svn: 63347
Chris Lattner