Commit Graph

3174 Commits

Author SHA1 Message Date
Ted Kremenek 82ff6d65bc Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.

The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.

llvm-svn: 49734
2008-04-15 18:35:30 +00:00
Argyrios Kyrtzidis 45887902b6 Fix a compiler error on MSVC (variable name 'E' clash).
llvm-svn: 49727
2008-04-15 16:30:10 +00:00
Ted Kremenek 6d41b82ea4 Improve dead store diagnostic.
llvm-svn: 49711
2008-04-15 05:31:00 +00:00
Ted Kremenek 8adeebb274 Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
in a block's terminator.  This expression is visited within a block, but it is accessed by the
terminator.  This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block.  So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).

llvm-svn: 49709
2008-04-15 04:39:08 +00:00
Ted Kremenek 66279073f7 Bug fix in dead stores: don't always check the liveness of the first decl
in a DeclStmt.

llvm-svn: 49708
2008-04-15 04:11:48 +00:00
Ted Kremenek cd76f95dd0 ++/-- makes a variable live since it is used; thus the liveness state is
"Alive" as opposed to staying the same.

llvm-svn: 49707
2008-04-15 04:08:54 +00:00
Ted Kremenek f4212bdbc3 Bug fix in LiveVariables: Operators ++/-- may kill a value, but the variable
is still live.

llvm-svn: 49705
2008-04-15 03:47:30 +00:00
Ted Kremenek 87bfc03f4a Don't flag dead stores that occur in macros.
llvm-svn: 49672
2008-04-14 18:28:25 +00:00
Ted Kremenek bae225d57a Have BugReporter::EmitWarning use the PathDiagnosticClient if it is available.
llvm-svn: 49668
2008-04-14 18:06:42 +00:00
Ted Kremenek 75ff623e2e Bug fix in dead-store checker when walking the Decls in a DeclStmt: don't
assume that DeclStmts only have VarDecls; they can have TypedefDecls.

llvm-svn: 49662
2008-04-14 17:52:13 +00:00
Ted Kremenek 12e721a728 Treat calls to unresolved functions in the CF-ref count checker as calls
to functions with NULL summaries.

llvm-svn: 49660
2008-04-14 17:45:13 +00:00
Ted Kremenek 7e15130dc9 Hooked up the dead-store checker to the BugReporter interface. Now dead-store
warnings are emitted as part of the warnings registered by GRSimpleVals.

llvm-svn: 49658
2008-04-14 17:39:48 +00:00
Ted Kremenek 8784a7c006 Add some boilerplate to report memory leaks at the end of an analyzed function.
Still need some boilerplate in BugReporter to report bugs at the end
of a function (not associated with a particular statement).

llvm-svn: 49564
2008-04-11 22:25:11 +00:00
Ted Kremenek 811c2b4edb Added "GREndPathNodeBuilder", a new node builder that will be used for
evaluating transfer functions at the end-of-path.

llvm-svn: 49561
2008-04-11 22:03:04 +00:00
Ted Kremenek 0a86fdb1ff Added FIXME
llvm-svn: 49558
2008-04-11 20:51:02 +00:00
Ted Kremenek 831f327568 Fix regression introduced by my last commit.
llvm-svn: 49556
2008-04-11 20:23:24 +00:00
Ted Kremenek a7c44113bc Changed behavior of how we handle "NULL" summaries: just call
GRSimpleVals::EvalCal(), and don't change reference counts.

Remove "getDoNothingSummary()", as a NULL summary does the same thing.

Added temporary hack for the "Get" rule for objects that return a pointer type:
treat them as non-owned CF objects.

Added test case to detect the release of a non-owned object.

llvm-svn: 49555
2008-04-11 20:11:19 +00:00
Ted Kremenek 988990f842 Use RangedBugReport to report better ranges for reference count errors.
llvm-svn: 49552
2008-04-11 18:40:51 +00:00
Ted Kremenek 6e38ffa517 Added "RangedBugReport".
llvm-svn: 49551
2008-04-11 18:40:29 +00:00
Ted Kremenek 4b77209694 Fixed some logic errors in the CF ref count checker; we now can detect simple
use-after-release errors.  Added test case.

llvm-svn: 49509
2008-04-10 23:44:06 +00:00
Ted Kremenek 3c03d52d6e Simplify CF ref. count checker state machine.
llvm-svn: 49505
2008-04-10 23:09:18 +00:00
Ted Kremenek 22bd628056 Fix some bonehead bugs in summary generation in CFRefCount.
llvm-svn: 49503
2008-04-10 22:58:08 +00:00
Ted Kremenek 4a78c3ae11 Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.

Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.

llvm-svn: 49500
2008-04-10 22:16:52 +00:00
Ted Kremenek ea1bc3bec6 CFRefCount analysis now properly calls "EmitWarnings" after analyzing a function.
llvm-svn: 49488
2008-04-10 16:21:09 +00:00
Ted Kremenek 42d9db75f0 When not emitting path diagnostics in BugReporter::EmitWarning(), use the
BugReport-specific SourceRanges (when available).

llvm-svn: 49486
2008-04-10 16:12:38 +00:00
Ted Kremenek 83744ddbd9 Fixed regressions in error reporting due to copy-paste errors (using the "begin"
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.

llvm-svn: 49485
2008-04-10 16:05:13 +00:00
Ted Kremenek c8bef6a076 Hooked up initial reference-count checks to the BugReporter interface.
llvm-svn: 49455
2008-04-09 23:49:11 +00:00
Ted Kremenek 7acc3a36ef Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.

GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.

ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.

llvm-svn: 49453
2008-04-09 21:41:14 +00:00
Ted Kremenek ce8e881dc3 Added some boilerplate for emitting warnings from the CF-reference count checker.
llvm-svn: 49414
2008-04-09 01:10:13 +00:00
Ted Kremenek 3cef454e2e Added new "BugReporterHelper" class which is used by BugReporter to emit
checker-specific diagnostics.

llvm-svn: 49412
2008-04-09 00:20:43 +00:00
Ted Kremenek e73006ee45 Improve BugReport diagnostics for loops and ? operator.
llvm-svn: 49356
2008-04-07 23:35:17 +00:00
Chris Lattner 1e830c07a2 templates can't be static.
llvm-svn: 49258
2008-04-06 04:22:39 +00:00
Ted Kremenek d1a2efadba Added investigate patch for an occasionally failing assertion (heisenbug?)
llvm-svn: 49193
2008-04-03 21:44:24 +00:00
Ted Kremenek 10569cdd87 Better range highlight for undefined-argument checks.
llvm-svn: 49184
2008-04-03 18:52:25 +00:00
Ted Kremenek 5f5592062b When reporting "bad receiver" warnings, highlight the receiver.
llvm-svn: 49183
2008-04-03 18:46:16 +00:00
Ted Kremenek 89575b7bcb Use "getRanges" in default implementation of "getEndPath" to determine
the ranges of highlighted elements in the source code.

llvm-svn: 49181
2008-04-03 18:00:37 +00:00
Ted Kremenek cb2dc8eca5 Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
the new BugReporter interface.

llvm-svn: 49180
2008-04-03 17:57:38 +00:00
Ted Kremenek ca40664275 Handle the case when getEndPath() returns NULL.
llvm-svn: 49155
2008-04-03 07:33:55 +00:00
Ted Kremenek e4c029e7aa Add back bug name to PathDiagnostic.
llvm-svn: 49139
2008-04-03 05:23:19 +00:00
Ted Kremenek 4e9cc3f272 When creating PathDiagnostics, created a trimmed graph first and report the
BFS path to the root.  This also avoids problems with loops in the ExplodedGraph.

llvm-svn: 49133
2008-04-03 04:59:14 +00:00
Ted Kremenek 505a36afc6 Created new path-sensitive bug-reporting scheme based on the classes
"BugReporter" and "BugDescription".  BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.

Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.

llvm-svn: 49127
2008-04-03 04:42:52 +00:00
Ted Kremenek 33d03a52f0 80 col violation
llvm-svn: 49120
2008-04-02 22:08:09 +00:00
Ted Kremenek 744fb6d9e7 Added more PathDiagnostic rendering for terminators: switch, goto, loops.
llvm-svn: 49119
2008-04-02 22:03:53 +00:00
Ted Kremenek 383bfd27d0 Shorted bug-description.
llvm-svn: 49102
2008-04-02 18:02:54 +00:00
Chris Lattner 182f660d8d simplify some code by using PointerLikeType.
llvm-svn: 49101
2008-04-02 17:45:06 +00:00
Ted Kremenek d12d21c000 Beginning of some cleanups; start generating path diagnostics using objects
that describe a bug.

llvm-svn: 49086
2008-04-02 07:05:46 +00:00
Ted Kremenek 2c71d51513 Added initial hacked support for display path diagnostics with
GRSimpleVals warnings.  Cleaning up, but now we get multiple bubbles (branches are annotated).

llvm-svn: 49077
2008-04-02 05:15:22 +00:00
Ted Kremenek 94896e17bb Patch by Argiris Kirtzidis: Fix a dangling pointer error!
llvm-svn: 49057
2008-04-01 22:35:58 +00:00
Ted Kremenek e9f2a90d1f Do not prepend the keyword "[CHECKER]" to checker messages when using
a PathDiagnosticClient.

llvm-svn: 48996
2008-03-31 20:42:43 +00:00
Ted Kremenek bb7f03f926 Include ranges in GRSimpleVals diagnostics.
llvm-svn: 48990
2008-03-31 18:44:32 +00:00
Ted Kremenek c27815ca82 Inlined clang/Analysis/Analyses/GRSimpleVals.h into LocalCheckers.h and removed
GRSimpleVals.h

Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.

llvm-svn: 48989
2008-03-31 18:26:32 +00:00
Ted Kremenek f646774f32 Added path-sensitive check for return statements that return the address
of a stack variable.  This is the path-sensitive version of a check that
is already done during semantic analysis.

llvm-svn: 48980
2008-03-31 15:02:58 +00:00
Ted Kremenek c719424caa Added skeleton checking for NSString's method initWithFormat: (do not pass nil). This won't be useful in most cases right now
because the analyzer isn't tracking expected types for an object, and [NSString alloc] just runs "id".

llvm-svn: 48917
2008-03-28 16:09:38 +00:00
Ted Kremenek 276278e5d2 Expanded NSString checking to check for nil for a few more methods.
llvm-svn: 48898
2008-03-27 22:05:32 +00:00
Ted Kremenek 2e4e7ccb22 Add line SourceLocation to NSString checks.
Added test case to test warning about passing 'nil' to NSString's compare: method.

llvm-svn: 48896
2008-03-27 21:23:57 +00:00
Ted Kremenek 27156c8c9f Hooked up initial NSString interface checking to GRSimpleVals.
llvm-svn: 48895
2008-03-27 21:15:17 +00:00
Ted Kremenek a4d60b6de3 Add creation of BasicObjCFoundationChecks when running GRSimpleVals from the driver.
llvm-svn: 48886
2008-03-27 17:17:22 +00:00
Ted Kremenek c04149299c Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer.
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.

llvm-svn: 48867
2008-03-27 07:25:52 +00:00
Ted Kremenek 710714c365 PathDiagnosticPiece no longer contains a vector of strings; just one string.
PathDiagnostic no longer contains a diagnostic ID or diagnostic level.

llvm-svn: 48864
2008-03-27 06:16:40 +00:00
Ted Kremenek 4fa20c9bba Added classes "PathDiagnosticPiece", "PathDiagnostic", and "PathDiagnosticClient", which encapsulate diagnostic reporting for paths.
llvm-svn: 48861
2008-03-27 03:49:32 +00:00
Ted Kremenek ea128437b3 Bug fix: use GetRVal instead of GetLVal (were getting the value of a DeclRefExpr, not it's address).
llvm-svn: 48846
2008-03-26 22:21:58 +00:00
Ted Kremenek cb047289a8 Bug fix in transfer function for ObjCMessageExpr: Visit the receiver expression as an ordinary expression, not using VisitLVal.
llvm-svn: 48842
2008-03-26 21:36:08 +00:00
Ted Kremenek 4b55badc39 GRSimple analysis now outputs additional diagnostic warnings about
passing an uninitialized value to a message expresion.

llvm-svn: 48776
2008-03-25 16:40:05 +00:00
Ted Kremenek 3335120f69 Tweak to transfer function for ObjCMessageExpr: handle both instance methods
and message expressions with a specified receiver.

llvm-svn: 48773
2008-03-25 16:07:41 +00:00
Ted Kremenek 945a246ad8 Added logic to check for uninitialized values as the receivers for message expressions
and uninitialized values passed-by-value as arguments to message expressions.

llvm-svn: 48760
2008-03-25 02:10:28 +00:00
Ted Kremenek 64100da427 Added initial transfer function support for ObjCMessageExpr.
llvm-svn: 48757
2008-03-25 00:34:37 +00:00
Ted Kremenek fb475ec504 Changed merge operation for uninitialized values analysis to "intersect" (previous union).
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized.  Previously we had the opposite behavior.  The new behavior is more conservative, and more in line with gcc's behavior.

llvm-svn: 48689
2008-03-22 20:11:00 +00:00
Ted Kremenek 181f72369f Rename "Nodify" to "MakeNode"
llvm-svn: 48659
2008-03-21 21:30:14 +00:00
Ted Kremenek b7151c7ca8 LiveVariables analysis now uses intersect for the merge of block-level expression liveness information.
The rationale is that a block-level expression cannot be live in a parent block unless it is live in all of the successor blocks.

llvm-svn: 48618
2008-03-20 21:46:49 +00:00
Ted Kremenek a9b30c0651 Fix assertion.
llvm-svn: 48470
2008-03-17 22:18:22 +00:00
Ted Kremenek 9eae403cde Fix integer overflow bug when processing switch statements.
llvm-svn: 48469
2008-03-17 22:17:56 +00:00
Ted Kremenek 58021a617b Properly hook up inline asm transfer function logic to the main GRExprEngine logic.
llvm-svn: 48468
2008-03-17 21:31:48 +00:00
Ted Kremenek 7c7a331f74 Added initial transfer function support for inline asm.
llvm-svn: 48466
2008-03-17 21:11:24 +00:00
Chris Lattner 7a51313d8a Make a major restructuring of the clang tree: introduce a top-level
lib dir and move all the libraries into it.  This follows the main
llvm tree, and allows the libraries to be built in parallel.  The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in.  This speeds
up parallel builds, particularly incremental ones.

llvm-svn: 48402
2008-03-15 23:59:48 +00:00