d1f65f61ee
Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.
...
llvm-svn: 129741
2011-04-19 01:16:46 +00:00
dda56e4b4a
Support for C++11 (non-template) alias declarations.
...
llvm-svn: 129567
2011-04-15 14:24:37 +00:00
57540c5be0
fix a bunch of comment typos found by codespell. Patch by
...
Luis Felipe Strano Moraes!
llvm-svn: 129559
2011-04-15 05:22:18 +00:00
9114759641
C1X: implement generic selections
...
As an extension, generic selection support has been added for all
supported languages. The syntax is the same as for C1X.
llvm-svn: 129554
2011-04-15 00:35:48 +00:00
02e85f3bc5
Add support for C++0x's range-based for loops, as specified by the C++11 draft standard (N3291).
...
llvm-svn: 129541
2011-04-14 22:09:26 +00:00
ced5feaec9
Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.
...
llvm-svn: 129395
2011-04-12 21:47:05 +00:00
905a602e0c
Fix another IdempotentOperationsChecker corner case when determining if an active block on the worklist
...
impacts the results of the check.
llvm-svn: 129394
2011-04-12 21:47:02 +00:00
8a4c760c20
ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.
...
llvm-svn: 129366
2011-04-12 17:21:33 +00:00
f3539ad5c7
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
...
llvm-svn: 129364
2011-04-12 17:08:43 +00:00
f52718899f
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
...
llvm-svn: 129349
2011-04-12 05:12:39 +00:00
57a4a152b2
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
...
llvm-svn: 129348
2011-04-12 03:49:37 +00:00
4f939da02d
RegionStoreManager::invalidateRegions: treat classes the same as structs.
...
llvm-svn: 129333
2011-04-12 00:44:31 +00:00
2979fe01da
After some discussion with Doug, we decided that it made a lot more sense
...
for __unknown_anytype resolution to destructively modify the AST. So that's
what it does now, which significantly simplifies some of the implementation.
Normal member calls work pretty cleanly now, and I added support for
propagating unknown-ness through &.
llvm-svn: 129331
2011-04-12 00:42:48 +00:00
8ef59e5c03
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
...
llvm-svn: 129308
2011-04-11 22:22:05 +00:00
2d2e870745
More __unknown_anytype work.
...
llvm-svn: 129269
2011-04-11 07:02:50 +00:00
8a01a751c9
Remove CK_DynamicToNull.
...
llvm-svn: 129265
2011-04-11 02:03:26 +00:00
c602006638
As a first step towards fixing PR9641, add a CK_DynamicToNull cast kind which
...
represents a dynamic cast where we know that the result is always null.
For example:
struct A {
virtual ~A();
};
struct B final : A { };
struct C { };
bool f(B* b) {
return dynamic_cast<C*>(b);
}
llvm-svn: 129256
2011-04-10 20:33:22 +00:00
467dbd5f13
strcat() and strncat() model additions to CStringChecker.
...
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
2011-04-09 15:12:58 +00:00
f603f3afbd
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
...
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
llvm-svn: 129166
2011-04-08 22:42:35 +00:00
319963434c
Basic, untested implementation for an "unknown any" type requested by LLDB.
...
The idea is that you can create a VarDecl with an unknown type, or a
FunctionDecl with an unknown return type, and it will still be valid to
access that object as long as you explicitly cast it at every use. I'm
still going back and forth about how I want to test this effectively, but
I wanted to go ahead and provide a skeletal implementation for the LLDB
folks' benefit and because it also improves some diagnostic goodness for
placeholder expressions.
llvm-svn: 129065
2011-04-07 08:22:57 +00:00
3337ca5f95
When updating the retain summary based on {cf,ns}_consumed attributes,
...
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
llvm-svn: 128998
2011-04-06 09:02:12 +00:00
de909e4946
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
...
Also, brings the security syntax checker more inline with coding standards.
llvm-svn: 128916
2011-04-05 20:18:46 +00:00
378819342e
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
...
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
llvm-svn: 128858
2011-04-04 23:29:12 +00:00
fca2e9618a
Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.
...
llvm-svn: 128785
2011-04-03 05:07:11 +00:00
a95594416e
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
...
Patch by Lei Zhang!
llvm-svn: 128784
2011-04-03 04:34:49 +00:00
850d35be16
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
...
llvm-svn: 128783
2011-04-03 04:09:15 +00:00
af2371e368
Remove a redundant method. We have a const version.
...
llvm-svn: 128762
2011-04-02 03:20:45 +00:00
8f89f7c893
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.
...
llvm-svn: 128761
2011-04-02 02:56:23 +00:00
c703a666f7
static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times.
...
llvm-svn: 128760
2011-04-02 02:56:17 +00:00
6ffe738f24
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
...
llvm-svn: 128679
2011-03-31 22:09:14 +00:00
79d74141b1
Adding Static Analyzer checker for mempcpy().
...
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
2011-03-31 21:36:53 +00:00
70568c2be7
Fix spelling in a comment. (test commit)
...
llvm-svn: 128670
2011-03-31 21:26:55 +00:00
40d16c0e75
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
...
recover some path-sensitivity by conjuring a symbol.
llvm-svn: 128612
2011-03-31 04:46:53 +00:00
61a4f6682a
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
...
llvm-svn: 128611
2011-03-31 04:04:48 +00:00
98a24e37c5
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
...
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
llvm-svn: 128557
2011-03-30 17:41:19 +00:00
84d7907797
[analyzer] Allow all checkers of a group to be enabled.
...
llvm-svn: 128512
2011-03-29 23:57:41 +00:00
437758cbe6
[analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden.
...
llvm-svn: 128511
2011-03-29 23:57:38 +00:00
4ee039647a
[analyzer] Checker Packages can now belong to a group. This requires llvm commit r128474.
...
llvm-svn: 128475
2011-03-29 18:54:02 +00:00
642b03413f
Don't add a symbolic region for 'this' if the member function is static.
...
llvm-svn: 128340
2011-03-26 14:30:44 +00:00
104f6dfd1f
Tweak grammar in checker description.
...
llvm-svn: 128310
2011-03-26 00:25:42 +00:00
49c79790de
Rework checker "packages" and groups to be more hierarchical.
...
llvm-svn: 128187
2011-03-24 00:28:47 +00:00
ddc06d0bd0
Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.
...
This rename serves two purposes:
- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.
llvm-svn: 127930
2011-03-19 01:00:33 +00:00
70727343cf
Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.
...
llvm-svn: 127798
2011-03-17 04:10:25 +00:00
6fa1daede5
Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.
...
llvm-svn: 127797
2011-03-17 04:01:35 +00:00
3e5ad5932e
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
...
invalidating the entire binding. Fixes PR 9455.
llvm-svn: 127796
2011-03-17 03:51:51 +00:00
4ceebbf54d
VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.
...
llvm-svn: 127719
2011-03-16 00:22:51 +00:00
cdb2ae587a
Remove bogus assertion in IdempotentOperationsChecker.
...
llvm-svn: 127687
2011-03-15 19:27:57 +00:00
161f9a3829
Sort
...
llvm-svn: 127624
2011-03-14 21:20:46 +00:00
066b226daa
Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.
...
Also add a test case showing that we correctly report multiple warnings for the same message expression.
llvm-svn: 127605
2011-03-14 19:50:37 +00:00
d91d5f162f
Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.
...
Ted or Argiris, I'd appreciate a review!
llvm-svn: 127572
2011-03-13 20:35:21 +00:00
a4a57c10da
Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.
...
llvm-svn: 127531
2011-03-12 06:14:28 +00:00
e5a89ac52a
Don't have side-effects (or rather non-trivial computation) in StringSwitch "cases."
...
llvm-svn: 127528
2011-03-12 04:08:07 +00:00
f89710b936
Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.
...
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).
llvm-svn: 127525
2011-03-12 02:49:15 +00:00
52d264cda5
Fix comments, and force auto progagation in VisitAggExpr.
...
llvm-svn: 127524
2011-03-12 02:49:11 +00:00
97474f7414
static analyzer: Handle 'ExprWithCleanups' in ExprEngine by essentially ignoring them.
...
llvm-svn: 127523
2011-03-12 02:49:09 +00:00
e190dee7a5
Add support for the OpenCL vec_step operator, by generalising and
...
extending the existing support for sizeof and alignof. Original
patch by Guy Benyei.
llvm-svn: 127475
2011-03-11 19:24:49 +00:00
2f1f023283
#include Store.h into BasicValueFactory.cpp to provide definitions of StoreRef constructor.
...
llvm-svn: 127291
2011-03-08 23:39:37 +00:00
4bb6c6b37e
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects.
...
llvm-svn: 127288
2011-03-08 23:18:00 +00:00
3c50aea73f
Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.
...
llvm-svn: 127268
2011-03-08 20:05:26 +00:00
b4526252db
Move some of the logic about classifying Objective-C methods into
...
conventional categories into Basic and AST. Update the self-init checker
to use this logic; CFRefCountChecker is complicated enough that I didn't
want to touch it.
llvm-svn: 126817
2011-03-02 01:50:55 +00:00
eff9a7ff91
Teach CFGBuilder to prune trivially unreachable case statements.
...
llvm-svn: 126797
2011-03-01 23:12:55 +00:00
96a7a59119
In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.
...
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.
llvm-svn: 126738
2011-03-01 03:15:10 +00:00
a9a0f5d206
[analyzer] Also make sure that the parameter is coming from the current stack frame.
...
llvm-svn: 126735
2011-03-01 01:59:41 +00:00
456b18c279
[analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted!
...
llvm-svn: 126734
2011-03-01 01:47:48 +00:00
918c847890
[analyzer] Move lib/StaticAnalyzer/Checkers/ExprEngine.cpp -> lib/StaticAnalyzer/Core
...
and hope the wrath of the buildbots will not descend upon me.
llvm-svn: 126728
2011-03-01 01:24:23 +00:00
6a5674ffa6
[analyzer] Rename CheckerV2 -> Checker.
...
llvm-svn: 126726
2011-03-01 01:16:21 +00:00
0036b19abd
[analyzer] Remove Checker V1.
...
llvm-svn: 126725
2011-03-01 01:16:08 +00:00
d665807901
[analyzer] Remove checker V1 registration and running from ExprEngine.
...
llvm-svn: 126724
2011-03-01 01:16:03 +00:00
5ad574c096
Improves the coding style in SValBuilder. This patch:
...
- renames evalCastNL and evalCastL to evalCastFromNonLoc and
evalCastFromLoc (avoid abbreviations that aren't well known).
- makes all function parameter names start with a lower case letter
for consistency and distinction from member variables.
- avoids abbreviations in function parameter names.
Reviewed by kremenek@apple.com .
llvm-svn: 126722
2011-03-01 00:45:32 +00:00
29b8656935
[analyzer] Remove unused checker stuff from AnalysisConsumer and some unused headers.
...
llvm-svn: 126690
2011-02-28 22:30:38 +00:00
9eb02dfa89
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
...
llvm-svn: 126676
2011-02-28 19:49:42 +00:00
6a1c760760
[analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers.
...
llvm-svn: 126674
2011-02-28 19:49:17 +00:00
20f5caa518
[analyzer] The current UninitializedValuesChecker will go away, remove '-warn-uninit-values'.
...
llvm-svn: 126673
2011-02-28 19:49:12 +00:00
2c49ec7f1d
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
...
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.
llvm-svn: 126659
2011-02-28 17:36:18 +00:00
a15dfec3f5
[analyzer] Introduce "event" mechanism in CheckerManager.
...
A checker can register as receiver/listener of "events" (basically it registers a callback
with a function getting called with an argument of the event type) and other checkers can
register as "dispatchers" and can pass an event object to all the listeners.
This allows cooperation amongst checkers but with very loose coupling.
llvm-svn: 126658
2011-02-28 17:36:09 +00:00
98b570ecad
[analyzer] Run AST checkers for ObjCMethodDecls.
...
llvm-svn: 126657
2011-02-28 17:36:04 +00:00
64965ad75d
Fix CMake build.
...
llvm-svn: 126629
2011-02-28 02:13:22 +00:00
4b45f6628e
[analyzer] Introduce SVal::getAsVarDecl().
...
llvm-svn: 126627
2011-02-28 01:28:18 +00:00
6d6801c5c7
[analzyer] Migrate CallAndMessageChecker to CheckerV2.
...
llvm-svn: 126626
2011-02-28 01:28:13 +00:00
64fe456a6b
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126625
2011-02-28 01:28:08 +00:00
0a5a41d799
[analyzer] Migrate AdjustedReturnValueChecker to CheckerV2.
...
llvm-svn: 126624
2011-02-28 01:28:05 +00:00
6fff2e3d36
[analyzer] Migrate AttrNonNullChecker to CheckerV2.
...
llvm-svn: 126623
2011-02-28 01:28:01 +00:00
4f7745a3b1
[analyzer] ExprEngine should not depend on checkers for not crashing.
...
llvm-svn: 126622
2011-02-28 01:27:57 +00:00
68ed625bd3
[analyzer] Migrate VLASizeChecker to CheckerV2.
...
llvm-svn: 126621
2011-02-28 01:27:54 +00:00
ae468f77fa
[analyzer] Migrate DivZeroChecker to CheckerV2.
...
llvm-svn: 126620
2011-02-28 01:27:50 +00:00
4dc7fb37cb
[analyzer] Migrate ReturnUndefChecker to CheckerV2.
...
llvm-svn: 126619
2011-02-28 01:27:46 +00:00
da6c7568e2
[analyzer] Migrate UndefinedArraySubscriptChecker to CheckerV2.
...
llvm-svn: 126618
2011-02-28 01:27:41 +00:00
098874a2f8
[analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.
...
llvm-svn: 126617
2011-02-28 01:27:37 +00:00
753b3ca32f
[analyzer] Migrate UndefBranchChecker to CheckerV2.
...
llvm-svn: 126616
2011-02-28 01:27:33 +00:00
60b6da721f
[analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2.
...
llvm-svn: 126615
2011-02-28 01:27:26 +00:00
d4d3cee6e4
[analyzer] Migrate UndefResultChecker to CheckerV2.
...
llvm-svn: 126614
2011-02-28 01:27:22 +00:00
142dbbfcd8
[analyzer] Migrate NoReturnFunctionChecker to CheckerV2.
...
llvm-svn: 126613
2011-02-28 01:27:17 +00:00
3e7ab19863
[analyzer] Move the DeadStores checker out of the 'core' package.
...
-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.
llvm-svn: 126612
2011-02-28 01:27:12 +00:00
f3ed8b631d
[analyzer] Migrate BuiltinFunctionChecker to CheckerV2.
...
llvm-svn: 126611
2011-02-28 01:27:07 +00:00
b2cf708395
[analyzer] Migrate OSAtomicChecker to CheckerV2.
...
llvm-svn: 126610
2011-02-28 01:27:02 +00:00
0a9ce3ec8f
[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.
...
Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow
llvm-svn: 126609
2011-02-28 01:26:57 +00:00
560bbb1241
[analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats
...
llvm-svn: 126608
2011-02-28 01:26:50 +00:00
21c9423ef4
[analyzer] Remove '-analyzer-experimental-checks' flag.
...
llvm-svn: 126607
2011-02-28 01:26:43 +00:00
183f0fb4cf
[analyzer] Migrate MallocChecker to CheckerV2.
...
llvm-svn: 126606
2011-02-28 01:26:35 +00:00
e925322f41
Update test cases.
...
llvm-svn: 126523
2011-02-25 22:19:14 +00:00
Anders Carlsson