fd8352c2b9
Added string "[CHECKER]" to the output diagnostics produced by the GRSimpleVals analysis.
...
llvm-svn: 47678
2008-02-27 17:56:16 +00:00
cbb21b61c8
Small fix to VisitLVal: this method can be called on Block-Level expressions.
...
In such cases, handle them just like Visit().
llvm-svn: 47665
2008-02-27 07:04:16 +00:00
1c64daba5b
When analyzing a function, eagerly create symbolic values for all
...
globals/parameters at the beginning of the analysis.
llvm-svn: 47664
2008-02-27 06:47:26 +00:00
c025841dd4
Header file cleanups: reduce number of includes; move ValueState.h into include directory tree.
...
llvm-svn: 47661
2008-02-27 06:07:00 +00:00
947528f000
Similar bug fix to r47650; when processing CallExprs if we did not generate an
...
ExplodedNode for the Callee subexpression we would not evaluate the CallExpr
transfer function.
llvm-svn: 47651
2008-02-27 00:46:25 +00:00
76a2e985c3
Fixed bug in the core transfer function logic for CallExprs where we would
...
sometimes skip evaluating all the arguments when some arguments would not
create new ExplodedNodes.
llvm-svn: 47650
2008-02-27 00:44:11 +00:00
6217dffec3
Fix bug when processing '?' operator: invalidate the old "Uninitialized" value of the block-level expression for ?.
...
llvm-svn: 47645
2008-02-26 23:37:01 +00:00
448538d860
Added boilerplate for plug-in transfer function support for CallExprs.
...
GRSimpleVals performs the following action: invalidate all values passed-by-reference.
llvm-svn: 47638
2008-02-26 23:04:29 +00:00
dea8c07899
Don't emit divide-by-zero errors when we divide by an unknown (not
...
uninitialized) value. At this point we're just too imprecise.
llvm-svn: 47636
2008-02-26 22:27:51 +00:00
e9f30d3288
Removed static analysis-specific diagnostics from DiagnosticKinds.def.
...
Use custom diagnostics for static analysis checkers. Added warnings
for dereferencing uninitialized values and divide-by-zeroes.
llvm-svn: 47626
2008-02-26 21:31:18 +00:00
c7ba873dc7
Removed hack with toggling the signedness flag of the APSInt stored
...
in an EnumConstantDecl. This was made possible because of a recent fix
in the parser:
http://llvm.org/viewvc/llvm-project?rev=47581&view=rev
llvm-svn: 47624
2008-02-26 21:04:29 +00:00
bc54390803
Small fixes to shore up overhauling of transfer function logic for '&&' and '||.
...
llvm-svn: 47620
2008-02-26 19:40:44 +00:00
9b69ed398b
optimization: no longer create ExplodedNodes for IntegerLiteral and
...
CharacterLiteral expressions.
llvm-svn: 47617
2008-02-26 19:17:09 +00:00
f3a4b9617e
Major cleanup of the transfer function logic for '&&', '||', and '?'. We
...
now store in the state essentially which branch we took. This removes
a bunch of bogus assumptions (and likely bugs), reduces the complexity of
the implementation, and facilitates more optimizations.
llvm-svn: 47613
2008-02-26 19:05:15 +00:00
ce3563445c
Fixed inverted condition.
...
llvm-svn: 47590
2008-02-26 03:44:25 +00:00
06b671097d
Added lazy "symbolication" of parameter variables and global variables.
...
Added recording of divide-by-zero and divide-by-uninitialized nodes.
llvm-svn: 47586
2008-02-26 02:15:56 +00:00
733f810600
Added FIXME.
...
llvm-svn: 47578
2008-02-26 00:20:52 +00:00
7845b2607a
Minor bug fix in LiveVariables: don't "kill" decls referenced by a DeclStmt
...
that aren't VarDecls.
llvm-svn: 47572
2008-02-25 22:28:54 +00:00
3a6fd9c177
Better handling of calls to functions via function pointers.
...
llvm-svn: 47562
2008-02-25 21:16:03 +00:00
eb079dc502
Fixed bug in RemoveDeadBindings when performing the mark-and-sweep over the
...
symbolic store: VarDecl's inserted into the sweep may not always bind to
anything; handle this special case just like bindings to uninitialized values.
llvm-svn: 47550
2008-02-25 18:56:23 +00:00
3866746569
Expanded transfer function support for divide-by-zero checking to include
...
"remainder-by-zero" checking (operator '%').
llvm-svn: 47549
2008-02-25 18:42:54 +00:00
b23cc7191f
Added hack to transfer function logic to handle the case where a DeclRefExpr
...
wrapping an EnumConstantDecl evaluates to an integer type that has a different
signedness than the APSInt stored in the EnumConstantDecl. Will file a Bugzilla
report.
llvm-svn: 47548
2008-02-25 18:34:45 +00:00
6f92e2294a
Added transfer function support for checking for divide-by-zero errors.
...
llvm-svn: 47547
2008-02-25 17:51:31 +00:00
b0b7d28f67
Fixed horrid bug in LiveVariables analysis where we were only merging at
...
confluence points the liveness information for variables (Decls) and NOT
block-level expressions.
llvm-svn: 47506
2008-02-22 23:17:20 +00:00
43638a87e5
Punt on unifying symbolic lvalues. This won't be needed for many checkers.
...
llvm-svn: 47489
2008-02-22 18:41:59 +00:00
cb507025d4
Added "assumption" logic for lval::FuncVal and lval::GotoLabel, and simplified
...
assumption logic for lval::DeclVal.
llvm-svn: 47466
2008-02-22 00:54:56 +00:00
51017b5432
Bug fix: For transfer function for unary "!", compare the subexpression value
...
against '0' of the same bit-width.
llvm-svn: 47465
2008-02-22 00:42:36 +00:00
20c91421fe
Bug fix in liveness: Only compute liveness information for VarDecls.
...
llvm-svn: 47464
2008-02-22 00:34:10 +00:00
eb653882de
Return "Unknown" when using the value of a function pointer whose value
...
is symbolic.
llvm-svn: 47463
2008-02-21 23:17:39 +00:00
9f1ed12bc4
Added transfer function support for dispatching to functions we don't know
...
about. The default logic is to invalidate the values of all values
passed-by-reference.
llvm-svn: 47456
2008-02-21 19:46:04 +00:00
e82c7a44d6
RemoveDeadBindings should now check for UninitalizedVal, as it is a now
...
an error to cast it to LVal.
llvm-svn: 47450
2008-02-21 19:30:14 +00:00
7328fa6ec8
Regression fix: Handle pointer arithmetic in unary ++/--.
...
llvm-svn: 47449
2008-02-21 19:29:23 +00:00
7f8ebb73af
Removed bogus assertions regard LValues binding to UnknownVal; they can
...
do so implicitly.
llvm-svn: 47447
2008-02-21 19:15:37 +00:00
d21429a8e7
Remove incorrect casts from UnknownVal to NonLVal.
...
llvm-svn: 47446
2008-02-21 19:10:12 +00:00
b1e3218125
FIX: Promote the correct operand.
...
llvm-svn: 47445
2008-02-21 18:46:24 +00:00
7e4861b3c1
Simplified and generalized transfer function logic for casts, allowing
...
the transfer function to be invoked without an Expr* for the Cast operation.
Added implicit promotions to the transfer function logic for compound
assignments.
llvm-svn: 47444
2008-02-21 18:43:30 +00:00
d2332f9625
Added transfer function support for sizeof(void)
...
llvm-svn: 47443
2008-02-21 18:15:29 +00:00
7f0639b039
Major cleanup of path-sensitive analysis engine and the current analysis
...
based on constant. prop. and limited symbolics.
- Renamed class: RValue -> RVal, LValue -> LVal, etc.
- Minor method renamings and interface cleanups.
- Tightened the RVal "type system" so that UninitializedVal and UnknownVal
cannot be cast to LVal or NonLVal. This forces these corner cases values
to be explicitly handled early before being dispatched to plug-in transfer
function logic.
- Major cleanup in the transfer function logic for binary and unary operators.
Still fixing some regressions, but we now explicitly handle Uninitialized
and Unknown values in a more rigorous way.
llvm-svn: 47441
2008-02-21 18:02:17 +00:00
34e83b80fd
Implemented transfer function logic for unary '+'
...
llvm-svn: 47357
2008-02-20 04:12:31 +00:00
b597bb9c4a
Placed transfer function logic for dereferences in its own method, while at
...
the same time clearing up some logic of how the unary '*' operator is processed.
llvm-svn: 47356
2008-02-20 04:02:35 +00:00
4ae9985285
Added missing case in constant propagation logic for handling the Xor of
...
two concrete integer values.
llvm-svn: 47341
2008-02-19 20:53:37 +00:00
9c08512656
Added special handling for UninitializedVals for the transfer function logic
...
for pointer dereferences.
llvm-svn: 47340
2008-02-19 20:53:06 +00:00
4baef06bbc
Implemented "getType()" for symbolic values representing the "contents" of
...
another symbolic value.
llvm-svn: 47339
2008-02-19 20:51:40 +00:00
9fd2531b5e
Fixed transfer function for casts to always evaluate the effects of the
...
cast's subexpression even if the cast itself has no effect.
llvm-svn: 47335
2008-02-19 18:52:54 +00:00
fe0b5740ce
Added transfer function support for casting to "void".
...
llvm-svn: 47333
2008-02-19 18:47:04 +00:00
86dc7ae58e
Fixed bug classof() bug with RValues that could cause an UninitializedVal
...
or UnknownVal to be interpreted as an actual NonLValue/LValue.
llvm-svn: 47304
2008-02-19 02:34:18 +00:00
8b51dc2754
Added back explicit state/node creation when visiting IntegerLiterals and
...
CharacterLiterals. This may not be a permanent solution; it doesn't cost that
much, however, to create a few additional states, and solves a whole bunch
of edge cases when handling ?, ||, and &&.
llvm-svn: 47299
2008-02-19 02:01:16 +00:00
e0188e6ad7
Added boilerplate transfer function support for CallExprs.
...
llvm-svn: 47298
2008-02-19 01:44:53 +00:00
58cc30b64b
Added FIXME for properly handling local arrays using symbolic LValues.
...
For now we just treat their values as "Unknown."
llvm-svn: 47294
2008-02-19 00:29:51 +00:00
0f7130adc4
--grsimple now reports the number of nodes in the ExplodedGraph for
...
an analyzed function.
GRExprEngine now records stores to "uninitialized lvalues" (which are sinks in
the ExplodedGraph).
llvm-svn: 47293
2008-02-19 00:22:37 +00:00
Ted Kremenek