Commit Graph

159 Commits

Author SHA1 Message Date
Balázs Kéri 60f3b07118 [clang][analyzer] Add checker for bad use of 'errno'.
Extend checker 'ErrnoModeling' with a state of 'errno' to indicate
the importance of the 'errno' value and how it should be used.
Add a new checker 'ErrnoChecker' that observes use of 'errno' and
finds possible wrong uses, based on the "errno state".
The "errno state" should be set (together with value of 'errno')
by other checkers (that perform modeling of the given function)
in the future. Currently only a test function can set this value.
The new checker has no user-observable effect yet.

Reviewed By: martong, steakhal

Differential Revision: https://reviews.llvm.org/D122150
2022-06-20 10:07:31 +02:00
Balázs Kéri d8a2afb244 [clang][analyzer] Add modeling of 'errno'.
Add a checker to maintain the system-defined value 'errno'.
The value is supposed to be set in the future by existing or
new checkers that evaluate errno-modifying function calls.

Reviewed By: NoQ, steakhal

Differential Revision: https://reviews.llvm.org/D120310
2022-03-01 08:20:33 +01:00
Aaron Ballman f9e8e92cf5 Revert "[clang][analyzer] Add modeling of 'errno'."
This reverts commit 29b512ba32.

This broke several build bots:

https://lab.llvm.org/buildbot/#/builders/86/builds/30183
https://lab.llvm.org/buildbot/#/builders/216/builds/488
2022-02-25 07:21:01 -05:00
Balázs Kéri 29b512ba32 [clang][analyzer] Add modeling of 'errno'.
Add a checker to maintain the system-defined value 'errno'.
The value is supposed to be set in the future by existing or
new checkers that evaluate errno-modifying function calls.

Reviewed By: NoQ, steakhal

Differential Revision: https://reviews.llvm.org/D120310
2022-02-25 12:42:55 +01:00
Rashmi Mudduluru faabdfcf7f [analyzer] Add support for __attribute__((returns_nonnull)).
Differential Revision: https://reviews.llvm.org/D118657
2022-02-02 11:46:52 -08:00
Balazs Benics e1fdec875f [analyzer] Add std::string checker
This patch adds a checker checking `std::string` operations.
At first, it only checks the `std::string` single `const char *`
constructor for nullness.
If It might be `null`, it will constrain it to non-null and place a note
tag there.

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D111247
2021-10-25 11:15:40 +02:00
Zurab Tsinadze 811b1736d9 [analyzer] Add InvalidPtrChecker
This patch introduces a new checker: `alpha.security.cert.env.InvalidPtr`

Checker finds usage of invalidated pointers related to environment.

Based on the following SEI CERT Rules:
ENV34-C: https://wiki.sei.cmu.edu/confluence/x/8tYxBQ
ENV31-C: https://wiki.sei.cmu.edu/confluence/x/5NUxBQ

Reviewed By: martong

Differential Revision: https://reviews.llvm.org/D97699
2021-10-04 17:08:34 +02:00
Jan Korous 8a64689e26 [Analyzer][WebKit] UncountedLocalVarsChecker
Differential Review: https://reviews.llvm.org/D83259
2020-09-22 11:05:04 -07:00
Jan Korous 820e8d8656 [Analyzer][WebKit] UncountedLambdaCaptureChecker
Differential Revision: https://reviews.llvm.org/D82837
2020-08-05 15:23:55 -08:00
Nithin Vadukkumchery Rajendrakumar 20e271a98d [analyzer] Warning for default constructed unique_ptr dereference
Summary: Add support for warning incase of default constructed unique pointer dereferences

Reviewed By: NoQ, Szelethus, vsavchenko, xazax.hun

Tags: #clang

Differential Revision: https://reviews.llvm.org/D81315
2020-07-08 09:51:02 +02:00
Valentin Clement d90443b1d9 [openmp] Base of tablegen generated OpenMP common declaration
Summary:
As discussed previously when landing patch for OpenMP in Flang, the idea is
to share common part of the OpenMP declaration between the different Frontend.
While doing this it was thought that moving to tablegen instead of Macros will also
give a cleaner and more powerful way of generating these declaration.
This first part of a future series of patches is setting up the base .td file for
DirectiveLanguage as well as the OpenMP version of it. The base file is meant to
be used by other directive language such as OpenACC.
In this first patch, the Directive and Clause enums are generated with tablegen
instead of the macros on OMPConstants.h. The next pacth will extend this
to other enum and move the Flang frontend to use it.

Reviewers: jdoerfert, DavidTruby, fghanim, ABataev, jdenny, hfinkel, jhuber6, kiranchandramohan, kiranktp

Reviewed By: jdoerfert, jdenny

Subscribers: arphaman, martong, cfe-commits, mgorny, yaxunl, hiraditya, guansong, jfb, sstefan1, aaron.ballman, llvm-commits

Tags: #llvm, #openmp, #clang

Differential Revision: https://reviews.llvm.org/D81736
2020-06-23 10:32:32 -04:00
Jan Korous a7eb3692e7 [Analyzer][WebKit] UncountedCallArgsChecker
Differential Revision: https://reviews.llvm.org/D77179
2020-06-15 13:53:36 -07:00
Jan Korous 660cda572d [Analyzer][WebKit] NoUncountedMembersChecker
Differential Revision: https://reviews.llvm.org/D77178
2020-05-27 19:46:32 -07:00
Jan Korous 54e91a3c70 Reland "[Analyzer][WebKit] RefCntblBaseVirtualDtorChecker"
This reverts commit 1108f5c737.
2020-05-21 16:41:00 -07:00
Nico Weber 1108f5c737 Revert "[Analyzer][WebKit] RefCntblBaseVirtualDtorChecker"
This reverts commit f7c7e8a523.
Breaks build everywhere.
2020-05-21 15:49:46 -04:00
Jan Korous f7c7e8a523 [Analyzer][WebKit] RefCntblBaseVirtualDtorChecker
Differential Revision: https://reviews.llvm.org/D77177
2020-05-21 11:54:49 -07:00
Johannes Doerfert f9d558c871 [OpenMP] "UnFix" layering problem with FrontendOpenMP
This reverts commit 97aa593a83 as it
causes problems (PR45453) https://reviews.llvm.org/D77574#1966321.

This additionally adds an explicit reference to FrontendOpenMP to
clang-tidy where ASTMatchers is used.

This is hopefully just a temporary solution. The dependence on
`FrontendOpenMP` from `ASTMatchers` should be handled by CMake
implicitly, not us explicitly.

Reviewed By: aheejin

Differential Revision: https://reviews.llvm.org/D77666
2020-04-07 14:41:18 -05:00
Johannes Doerfert 97aa593a83 [OpenMP] Fix layering problem with FrontendOpenMP
Summary:
ASTMatchers is used in various places and it now exposes the
LLVMFrontendOpenMP library to its users without them needing to depend
on it explicitly.

Reviewers: lebedev.ri

Subscribers: mgorny, yaxunl, bollu, guansong, martong, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D77574
2020-04-06 13:04:26 -05:00
Johannes Doerfert 419a559c5a [OpenMP][NFCI] Move OpenMP clause information to `lib/Frontend/OpenMP`
This is a cleanup and normalization patch that also enables reuse with
Flang later on. A follow up will clean up and move the directive ->
clauses mapping.

Reviewed By: fghanim

Differential Revision: https://reviews.llvm.org/D77112
2020-04-05 22:30:29 -05:00
Johannes Doerfert 1858f4b50d Revert "[OpenMP][NFCI] Move OpenMP clause information to `lib/Frontend/OpenMP`"
This reverts commit c18d55998b.

Bots have reported uses that need changing, e.g.,
  clang-tools-extra/clang-tidy/openmp/UseDefaultNoneCheck.cp
as reported by
  http://lab.llvm.org:8011/builders/clang-ppc64be-linux/builds/46591
2020-04-02 02:23:22 -05:00
Johannes Doerfert c18d55998b [OpenMP][NFCI] Move OpenMP clause information to `lib/Frontend/OpenMP`
This is a cleanup and normalization patch that also enables reuse with
Flang later on. A follow up will clean up and move the directive ->
clauses mapping.

Differential Revision: https://reviews.llvm.org/D77112
2020-04-02 01:39:07 -05:00
Zurab Tsinadze a54d81f597 [analyzer] CERT: POS34-C
Summary:
This patch introduces a new checker:
`alpha.security.cert.pos.34c`

This checker is implemented based on the following rule:
https://wiki.sei.cmu.edu/confluence/x/6NYxBQ
The check warns if  `putenv` function is
called with automatic storage variable as an argument.

Differential Revision: https://reviews.llvm.org/D71433
2020-02-19 18:12:19 +01:00
Adam Balogh b198f16e1e [Analyzer] Model STL Algoirthms to improve the iterator checkers
STL Algorithms are usually implemented in a tricky for performance
reasons which is too complicated for the analyzer. Furthermore inlining
them is costly. Instead of inlining we should model their behavior
according to the specifications.

This patch is the first step towards STL Algorithm modeling. It models
all the `find()`-like functions in a simple way: the result is either
found or not. In the future it can be extended to only return success if
container modeling is also extended in a way the it keeps track of
trivial insertions and deletions.

Differential Revision: https://reviews.llvm.org/D70818
2020-02-05 17:59:08 +01:00
Adam Balogh 9a08a3fab9 [Analyzer] Split container modeling from iterator modeling
Iterator modeling depends on container modeling,
but not vice versa. This enables the possibility
to arrange these two modeling checkers into
separate layers.

There are several advantages for doing this: the
first one is that this way we can keep the
respective modeling checkers moderately simple
and small. Furthermore, this enables creation of
checkers on container operations which only
depend on the container modeling. Thus iterator
modeling can be disabled together with the
iterator checkers if they are not needed.

Since many container operations also affect
iterators, container modeling also uses the
iterator library: it creates iterator positions
upon calling the `begin()` or `end()` method of
a containter (but propagation of the abstract
position is left to the iterator modeling),
shifts or invalidates iterators according to the
rules upon calling a container modifier and
rebinds the iterator to a new container upon
`std::move()`.

Iterator modeling propagates the abstract
iterator position, handles the relations between
iterator positions and models iterator
operations such as increments and decrements.

Differential Revision: https://reviews.llvm.org/D73547
2020-01-29 16:10:45 +01:00
Gabor Marton 5e7beb0a41 [analyzer] Add PlacementNewChecker
Summary:
This checker verifies if default placement new is provided with pointers
to sufficient storage capacity.

Noncompliant Code Example:
  #include <new>
  void f() {
    short s;
    long *lp = ::new (&s) long;
  }

Based on SEI CERT rule MEM54-CPP
https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM54-CPP.+Provide+placement+new+with+properly+aligned+pointe
This patch does not implement checking of the alignment.

Reviewers: NoQ, xazax.hun

Subscribers: mgorny, whisperity, xazax.hun, baloghadamsoftware, szepet,
rnkovacs, a.sidorin, mikhail.ramalho, donat

Tags: #clang

Differential Revision: https://reviews.llvm.org/D71612
2020-01-10 17:59:06 +01:00
Gabor Horvath 82923c71ef [analyzer] Add Fuchsia Handle checker
The checker can diagnose handle use after releases, double releases, and
handle leaks.

Differential Revision: https://reviews.llvm.org/D70470
2019-12-20 12:33:16 -08:00
Adam Balogh afb13afcf2 [Analyzer][NFC] Iterator Checkers - Separate iterator modeling and the actual checkers
A monolithic checker class is hard to maintain. This patch splits it up
into a modeling part, the three checkers and a debug checker. The common
functions are moved into a library.

Differential Revision: https://reviews.llvm.org/D70320
2019-12-11 13:06:19 +01:00
Csaba Dabis 693936ab8f [analyzer] CastValueChecker: Model casts
Summary:
It models the LLVM casts:
- `cast<>`
- `dyn_cast<>`
- `cast_or_null<>`
- `dyn_cast_or_null<>`

It has a very basic support without checking the `classof()` function.

(It reapplies the reverted 'llvm-svn: 365582' patch with proper test file.)

Reviewed By: NoQ

Tags: #clang

Differential Revision: https://reviews.llvm.org/D64374

llvm-svn: 365585
2019-07-10 00:20:03 +00:00
Csaba Dabis 6a29680efb Revert "[analyzer] CastValueChecker: Model casts"
This reverts commit 27cf666443.

llvm-svn: 365584
2019-07-09 23:47:09 +00:00
Csaba Dabis 27cf666443 [analyzer] CastValueChecker: Model casts
Summary:
It models the LLVM casts:
- `cast<>`
- `dyn_cast<>`
- `cast_or_null<>`
- `dyn_cast_or_null<>`

It has a very basic support without checking the `classof()` function.

Reviewed By: NoQ

Tags: #clang

Differential Revision: https://reviews.llvm.org/D64374

llvm-svn: 365582
2019-07-09 23:33:23 +00:00
Csaba Dabis 57835bcfbd [analyzer] ReturnValueChecker: Model the guaranteed boolean return value of function calls
Summary: It models the known LLVM methods paired with their class.

Reviewers: NoQ, xazax.hun, ravikandhadai, baloghadamsoftware, Szelethus

Reviewed By: NoQ

Subscribers: dschuff, aheejin, mgorny, szepet, rnkovacs, a.sidorin,
             mikhail.ramalho, donat.nagy, dkrupp, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D63915

llvm-svn: 365103
2019-07-04 00:50:50 +00:00
Mandeep Singh Grang 0cdc5dddca [Analyzer] Checker for non-determinism caused by iteration of unordered container of pointers
Summary: Added a checker for non-determinism caused by iterating unordered containers like std::unordered_set containing pointer elements.

Reviewers: NoQ, george.karpenkov, whisperity, Szelethus, baloghadamsoftware

Reviewed By: Szelethus

Subscribers: mgorny, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, jdoerfert, Charusso, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D59279

llvm-svn: 361664
2019-05-24 19:24:08 +00:00
Artem Dergachev 8c6119a442 [analyzer] PR41269: Add a bit of C++ smart pointer modeling.
Implement cplusplus.SmartPtrModeling, a new checker that doesn't
emit any warnings but models methods of smart pointers more precisely.

For now the only thing it does is make `(bool) P` return false when `P`
is a freshly moved pointer. This addresses a false positive in the
use-after-move-checker.

Differential Revision: https://reviews.llvm.org/D60796

llvm-svn: 358944
2019-04-23 02:45:42 +00:00
Artem Dergachev 44551cf693 [analyzer] Move taint API from ProgramState to a separate header. NFC.
It is now an inter-checker communication API, similar to the one that
connects MallocChecker/CStringChecker/InnerPointerChecker: simply a set of
setters and getters for a state trait.

Differential Revision: https://reviews.llvm.org/D59861

llvm-svn: 357326
2019-03-29 22:49:30 +00:00
Mandeep Singh Grang c0773ab6a1 [Analyzer] Checker for non-determinism caused by sorting of pointer-like elements
Summary:
Added a new category of checkers for non-determinism. Added a checker for non-determinism
caused due to sorting containers with pointer-like elements.

Reviewers: NoQ, george.karpenkov, whisperity, Szelethus

Reviewed By: NoQ, Szelethus

Subscribers: Charusso, baloghadamsoftware, jdoerfert, donat.nagy, dkrupp, martong, dblaikie, MTC, Szelethus, mgorny, xazax.hun, szepet, rnkovacs, a.sidorin, mikhail.ramalho, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D50488

llvm-svn: 355720
2019-03-08 20:13:53 +00:00
Artem Dergachev 32531b25df [analyzer] MIGChecker: A checker for Mach Interface Generator conventions.
This checker detects use-after-free bugs in (various forks of) the Mach kernel
that are caused by errors in MIG server routines - functions called remotely by
MIG clients. The MIG convention forces the server to only deallocate objects
it receives from the client when the routine is executed successfully.
Otherwise, if the server routine exits with an error, the client assumes that
it needs to deallocate the out-of-line data it passed to the server manually.
This means that deallocating such data within the MIG routine and then returning
a non-zero error code is always a dangerous use-after-free bug.

rdar://problem/35380337

Differential Revision: https://reviews.llvm.org/D57558

llvm-svn: 354635
2019-02-21 23:55:28 +00:00
George Karpenkov 2add627e35 [analyzer] Opt-in C Style Cast Checker for OSObject pointers
Differential Revision: https://reviews.llvm.org/D57261

llvm-svn: 353566
2019-02-08 21:09:00 +00:00
Kristof Umann 76a21502fd [analyzer][NFC] Move CheckerRegistry from the Core directory to Frontend
ClangCheckerRegistry is a very non-obvious, poorly documented, weird concept.
It derives from CheckerRegistry, and is placed in lib/StaticAnalyzer/Frontend,
whereas it's base is located in lib/StaticAnalyzer/Core. It was, from what I can
imagine, used to circumvent the problem that the registry functions of the
checkers are located in the clangStaticAnalyzerCheckers library, but that
library depends on clangStaticAnalyzerCore. However, clangStaticAnalyzerFrontend
depends on both of those libraries.

One can make the observation however, that CheckerRegistry has no place in Core,
it isn't used there at all! The only place where it is used is Frontend, which
is where it ultimately belongs.

This move implies that since
include/clang/StaticAnalyzer/Checkers/ClangCheckers.h only contained a single function:

class CheckerRegistry;

void registerBuiltinCheckers(CheckerRegistry &registry);

it had to re purposed, as CheckerRegistry is no longer available to
clangStaticAnalyzerCheckers. It was renamed to BuiltinCheckerRegistration.h,
which actually describes it a lot better -- it does not contain the registration
functions for checkers, but only those generated by the tblgen files.

Differential Revision: https://reviews.llvm.org/D54436

llvm-svn: 349275
2018-12-15 16:23:51 +00:00
Artem Dergachev 2c5945ca20 [analyzer] Rename MisusedMovedObjectChecker to MoveChecker
This follows the Static Analyzer's tradition to name checkers after
things in which they find bugs, not after bugs they find.

Differential Revision: https://reviews.llvm.org/D54556

llvm-svn: 348201
2018-12-03 22:32:32 +00:00
Kristof Umann e0466f570e [analyzer] INT50-CPP. Do not cast to an out-of-range enumeration checker
This checker implements a solution to the "INT50-CPP. Do not cast to an
out-of-range enumeration value" rule [1].
It lands in alpha for now, and a number of followup patches are planned in order
to enable it by default.

[1] https://www.securecoding.cert.org/confluence/display/cplusplus/INT50-CPP.+Do+not+cast+to+an+out-of-range+enumeration+value

Patch by: Endre Fülöp and Alexander Zaitsev!

Differential Revision: https://reviews.llvm.org/D33672

llvm-svn: 347513
2018-11-24 12:24:27 +00:00
Kristof Umann c83b0dda49 [analyzer][NFC] Fix some incorrect uses of -analyzer-config options
I'm in the process of refactoring AnalyzerOptions. The main motivation behind
here is to emit warnings if an invalid -analyzer-config option is given from
the command line, and be able to list them all.

In this patch, I found some flags that should've been used as checker options,
or have absolutely no mention of in AnalyzerOptions, or are nonexistent.

- NonLocalizedStringChecker now uses its "AggressiveReport" flag as a checker
    option
- lib/StaticAnalyzer/Frontend/ModelInjector.cpp now accesses the "model-path"
    option through a getter in AnalyzerOptions
- -analyzer-config path-diagnostics-alternate=false is not a thing, I removed it,
- lib/StaticAnalyzer/Checkers/AllocationDiagnostics.cpp and
    lib/StaticAnalyzer/Checkers/AllocationDiagnostics.h are weird, they actually
    only contain an option getter. I deleted them, and fixed RetainCountChecker
    to get it's "leak-diagnostics-reference-allocation" option as a checker option,
- "region-store-small-struct-limit" has a proper getter now.

Differential Revision: https://reviews.llvm.org/D53276

llvm-svn: 345985
2018-11-02 15:48:10 +00:00
George Karpenkov efef49cd2f [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker - try #2
Turns out it can't be removed from the analyzer since it relies on CallEvent.

Moving to staticAnalyzer/core

Differential Revision: https://reviews.llvm.org/D51023

llvm-svn: 340247
2018-08-21 03:09:02 +00:00
Bruno Cardoso Lopes bb3b7cff96 Revert "[analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker"
This reverts commit a786521fa66c72edd308baff0c08961b6d964fb1.

Bots haven't caught up yet, but broke modules build with:

../tools/clang/include/clang/StaticAnalyzer/Checkers/MPIFunctionClassifier.h:18:10:
fatal error: cyclic dependency in module 'Clang_StaticAnalyzer_Core':
Clang_StaticAnalyzer_Core -> Clang_Analysis ->
Clang_StaticAnalyzer_Checkers -> Clang_StaticAnalyzer_Core
         ^

llvm-svn: 340117
2018-08-18 03:22:11 +00:00
George Karpenkov 0ac54fad53 [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker
ARCMigrator is using code from RetainCountChecker, which is a layering
violation (and it also does it badly, by using a different header, and
then relying on implementation being present in a header file).

This change splits up RetainSummaryManager into a separate library in
lib/Analysis, which can be used independently of a checker.

Differential Revision: https://reviews.llvm.org/D50934

llvm-svn: 340114
2018-08-18 01:45:50 +00:00
George Karpenkov 70c2ee30bc [analyzer] [NFC] Split up RetainCountChecker
At some point, staring at 4k+ LOC file becomes a bit hard.

Differential Revision: https://reviews.llvm.org/D50821

llvm-svn: 340092
2018-08-17 21:41:07 +00:00
Kristof Umann 56963aec8b [analyzer][UninitializedObjectChecker] Refactoring p2.: Moving pointer chasing to a separate file
In this patch, the following classes and functions have been moved to a header file:

    FieldChainInfo
    FindUninitializedFields
    isPrimitiveType

This also meant that they moved from anonymous namespace to clang::ento.

Code related to pointer chasing now relies in its own file.

There's absolutely no functional change in this patch -- its literally just copy pasting.

Differential Revision: https://reviews.llvm.org/D50504

llvm-svn: 339595
2018-08-13 18:17:05 +00:00
George Karpenkov 7112483272 [analyzer] Syntactic matcher for leaks associated with run loop and autoreleasepool
A checker for detecting leaks resulting from allocating temporary
autoreleasing objects before starting the main run loop.

Checks for two antipatterns:

1. ObjCMessageExpr followed by [[NARunLoop mainRunLoop] run] in the same
autorelease pool.

2. ObjCMessageExpr followed by [[NARunLoop mainRunLoop] run] in no
autorelease pool.

Happens-before relationship is modeled purely syntactically.

rdar://39299145

Differential Revision: https://reviews.llvm.org/D49528

llvm-svn: 337876
2018-07-25 01:27:15 +00:00
Reka Kovacs 88ad704b5b [analyzer] Rename DanglingInternalBufferChecker to InnerPointerChecker.
Differential Revision: https://reviews.llvm.org/D49553

llvm-svn: 337559
2018-07-20 15:14:49 +00:00
Kristof Umann 30f086565c [analyzer] Checker for uninitialized C++ objects
This checker analyzes C++ constructor calls, and reports uninitialized fields.

Due to the nature of this problem (uninitialized fields after an object
construction), this checker doesn't search for bugs, but rather is a tool to
enforce a specific programming model where every field needs to be initialized.

This checker lands in alpha for now, and a number of followup patches will be
made to reduce false negatives and to make it easier for the user to understand
what rules the checker relies on, eg. whether a derived class' constructor is
responsible for initializing inherited data members or whether it should be
handled in the base class' constructor.

Differential Revision: https://reviews.llvm.org/D45532

llvm-svn: 334935
2018-06-18 11:50:17 +00:00
Reka Kovacs 18775fc9b7 [analyzer] Add dangling internal buffer check.
This check will mark raw pointers to C++ standard library container internal
buffers 'released' when the objects themselves are destroyed. Such information
can be used by MallocChecker to warn about use-after-free problems.

In this first version, 'std::basic_string's are supported.

Differential Revision: https://reviews.llvm.org/D47135

llvm-svn: 334348
2018-06-09 13:03:49 +00:00