346169fa3d
Added more assertions and checks in transfer function logic to check for
...
UninitializedVals and UnknownVals.
llvm-svn: 47288
2008-02-18 22:57:02 +00:00
3b1beb224b
Temporary solution to push analysis through to analyzing PCRE.
...
We will implement symbol "unification" later.
llvm-svn: 47284
2008-02-18 21:19:49 +00:00
1d88371663
A couple of msvc compile fixes from the ml; I haven't tested with msvc,
...
but the fixes are reasonable.
llvm-svn: 47224
2008-02-16 23:17:23 +00:00
074965c5cb
Further cleanup. Moved definitions for SymbolManager and ValueManager into
...
their own [.cpp;.h] files.
llvm-svn: 47201
2008-02-16 01:12:31 +00:00
6698cb8aa3
Refactored code for transfer functions for binary operators involving two LValues.
...
Fixed bug in transfer functions for sizeof(*); we were incorrectly evaluating to
a value of the wrong type.
Fixed bug in transfer functions for compound assignments where we did not properly
handle assignments involving dereferences of symbolic values.
llvm-svn: 47190
2008-02-15 23:15:23 +00:00
8db4b110c3
Added transfer function support for conditional branches with a NULL condition (e.g., "for(;;)").
...
Fixed bug in transfer function for compound assignment operators when both operands where variables but had a non-pointer type (we fired an assertion).
llvm-svn: 47184
2008-02-15 22:29:00 +00:00
e81734b01c
Simplified transfer function logic for ++/-- operators.
...
Added more boilerplate transfer function support for pointer arithmetic.
Added more pretty-printing support for symbolic constraints.
Added transfer function support for handling enum values.
Minor pointer types cleanup in ExplodedGraphImpl.
llvm-svn: 47183
2008-02-15 22:09:30 +00:00
783a5c262b
Remove unnecessary references to VariableArrayType from Analysis.
...
llvm-svn: 47157
2008-02-15 12:28:27 +00:00
bc0ba39a1e
Added boilerplate transfer function support for pointer arithmetic operations.
...
llvm-svn: 47147
2008-02-15 00:52:26 +00:00
e161afc4dd
Added --grsimple-view option to clang driver; this is the same as
...
--grsimple except that it visualizes the ExplodedGraph using dot and
outputs the current function being analyzed. --grsimple is now silent
except when it emits diagnostics.
llvm-svn: 47146
2008-02-15 00:35:38 +00:00
8e6f6e05c3
Added "symbol iterators" for RValues, allowing easy iteration over the symbols
...
referenced by an RValue, instead of having to query the type of the RValue.
Modified ValueState::RemoveDeadBindings to also prune dead symbols.
llvm-svn: 47142
2008-02-14 23:25:54 +00:00
5b70a22656
When visualizing ExplodedNodes created by GRExprEngine, color nodes with
...
null-dereferences or bad control-flow red.
llvm-svn: 47140
2008-02-14 22:54:53 +00:00
5d8bab7ecd
Don't analyze functions when we have parse errors.
...
llvm-svn: 47139
2008-02-14 22:54:17 +00:00
d3122cb83c
Renamed GRConstants => GRSimpleVals.
...
Moved driver logic for --grsimple to GRSimpleVals.cpp.
llvm-svn: 47137
2008-02-14 22:36:46 +00:00
bd8957b6b2
#include cleanups in GRExprEngine.cpp/GRExprEngine.h. Moved GRExprEngine to
...
clang namespace.
llvm-svn: 47136
2008-02-14 22:16:04 +00:00
64de207c52
Partitioned definition/implementation of GRExperEngine into .h and .cpp.
...
Still some cleanup to do, but this initial checkin compiles and runs correctly.
llvm-svn: 47135
2008-02-14 22:13:12 +00:00
cf7cf8e8b0
Migrated transfer functions for binary operators for simple value tracking
...
from RValues to GRTransferFuncs/GRSimpleVals.
llvm-svn: 47131
2008-02-14 19:37:24 +00:00
4bad8f7ad6
Migrated transfer functions for unary "~" and "-" to GRTransferFuncs/GRSimpleVals.
...
llvm-svn: 47126
2008-02-14 18:40:24 +00:00
3ca942969e
Started partitioning of transfer function logic (and thus the policy behind
...
these operations) into GRTransferFuncs and its subclasses. Originally all
of this logic was handled by the class RValue, but in reality different
analyses will want more flexibility on how they evaluate different values.
Transfer functions migrated so far: "Cast"
llvm-svn: 47125
2008-02-14 18:28:23 +00:00
747c777bde
Moved Rvalues.h from "Analysis/" to "include/clang/Analysis/PathSensitive".
...
llvm-svn: 47123
2008-02-14 17:30:51 +00:00
80ebc1d1c9
Added support to GRCoreEngine/GRExprEngine for processing control-flow
...
from switch...case...default statements.
llvm-svn: 47100
2008-02-13 23:08:21 +00:00
cd44b12f96
Fixed 80 col violations.
...
llvm-svn: 47076
2008-02-13 18:06:44 +00:00
755d39b233
Unbreak the build.
...
llvm-svn: 47072
2008-02-13 17:45:18 +00:00
1c16527774
Renamed files to match class renaming in r47070:
...
http://llvm.org/viewvc/llvm-project?rev=47070&view=rev
llvm-svn: 47071
2008-02-13 17:43:07 +00:00
f6c62f3459
Renamed class GREngine => GRCoreEngine.
...
Renamed class GRConstants => GRExprEngine.
This was done with a Perl script, and will result in 80 col. violations that
I will gradually fix up.
llvm-svn: 47070
2008-02-13 17:41:41 +00:00
2bba901a36
Simplify GRIndirectGotoNodeBuilder.
...
llvm-svn: 47068
2008-02-13 17:27:37 +00:00
632bcb82a7
Added GREngine support for "break" and "continue".
...
llvm-svn: 47064
2008-02-13 16:56:51 +00:00
7022efbe7b
Added support to GREngine/GRConstants for handling computed gotos.
...
llvm-svn: 47038
2008-02-13 00:24:44 +00:00
822f7370b2
Added GREngine support for GotoStmt.
...
llvm-svn: 47034
2008-02-12 21:51:20 +00:00
736e441266
Added transfer function/value track logic for taking the address of a label.
...
llvm-svn: 47030
2008-02-12 21:37:56 +00:00
1f3d4a73f5
Minor (cosmetic) reshuffling of code. Fixed a bug in "Assume" logic when
...
handling Non-Lvalues of the type nonlval::SymbolVal; we were accidentally
casting them to lval::SymbolVal.
llvm-svn: 47029
2008-02-12 21:37:25 +00:00
002bf74fbc
Added transfer function logic for sizeof(expr)/sizeof(type). This currently
...
doesn't support VLAs.
Reordered some cases in the switch statement of GRConstant::Visit() so
that they are ordered alphabetically based on AST node type.
llvm-svn: 47021
2008-02-12 19:49:57 +00:00
fb9cc188af
Renamed local variable.
...
Added transfer function support for CharacterLiteral.
llvm-svn: 47014
2008-02-12 18:50:32 +00:00
90ae68fe71
Added GRBlockCounter class, which tracks the number of times blocks
...
have been visited in a path. Added GRBlockCounter as an item to be
enqueued to the worklist.
Modified "ProcessBranch" in GRConstants to prune branches with symbolic
conditions that have been already taken.
llvm-svn: 47010
2008-02-12 18:08:17 +00:00
633654ffab
Consolidated use of BumpPtrAllocator shared by various ImmutableSet/ImmutableMap
...
factories.
Fixed a horrible bug in lval:DeclVar::classof(RValue* V); we weren't checking
V was an LValue, allowing nonlval::ConcereteInts to match isa<lval::DeclVar>.
llvm-svn: 46976
2008-02-11 23:12:59 +00:00
ed3be17b6f
Separate bindings for subexpressions to be in a separate map for
...
bindings for block-level expressions.
Moved pretty-printing logic (DOT) for ValueStates to ValueState.cpp.
llvm-svn: 46965
2008-02-11 19:21:59 +00:00
b54312d5a0
Split off expression-bindings in ValueState from variable-bindings.
...
llvm-svn: 46892
2008-02-08 21:10:02 +00:00
4142cc834b
Changed "GetValue" methods to take an
...
Expr* instead of a Stmt*, since we only
store bindings for Expr*.
llvm-svn: 46891
2008-02-08 20:29:23 +00:00
80ff44ff30
Moved implementation of "RemoveDeadBindings" from the main
...
GRConstants logic to ValueStateManager.
llvm-svn: 46888
2008-02-08 19:17:19 +00:00
5d9073c776
Removed ability to create symbol bindings
...
in VarKey and VariableBindingsTy.
llvm-svn: 46887
2008-02-08 19:08:13 +00:00
fd39e73b7a
Implemented transfer functions for "<<" and ">>" when the RValues are
...
ConcreteInts.
llvm-svn: 46883
2008-02-08 07:14:58 +00:00
707b07ccf9
Implemented transfer functions for Statement-Expressions and Commas.
...
Fixed bug in dispatching to the correct transfer function for |=, &=, and ^|.
llvm-svn: 46880
2008-02-08 07:05:39 +00:00
fd641f1056
More variable renamings.
...
llvm-svn: 46875
2008-02-08 03:02:48 +00:00
173743da67
Renamed InvalidValue to UnknownVal.
...
Renamed UninitializedValue to UninitializedVal.
llvm-svn: 46874
2008-02-08 02:57:34 +00:00
e187d0511f
Added some more opcode pretty-printing.
...
Minor cleanups with generating nodes for NULL-pointer dereferences.
llvm-svn: 46851
2008-02-07 15:20:13 +00:00
d74da0838f
Added proof-of-concept NULL pointer diagnostics to GRConstants.
...
Modified the driver to pass the Diagnostic object to GRConstants.
llvm-svn: 46847
2008-02-07 06:33:19 +00:00
149512c013
Added support to distinguish between both implicit and explicit null dereferences.
...
llvm-svn: 46846
2008-02-07 06:04:18 +00:00
e324704e62
Added recording of "implicit" NULL dereferences of symbolic pointers.
...
llvm-svn: 46843
2008-02-07 05:48:01 +00:00
6bd4c7f94f
get the tree building again
...
llvm-svn: 46840
2008-02-07 05:01:42 +00:00
88da1de048
Added several guards in transfer functions for "InvalidValues".
...
Fixed bug in RemoveDeadBindings by implementing a simple "mark-and-sweep"
cleaner over the bindings, starting from the Decls and block-level expressions
that are considered "live" by the Liveness analysis.
Fixed bug in isa<> implementation for class LValue.
Added "VisitDeclRefExpr" to GRConstants so that we explicitly bind the current
value of variable to the Block-level Expression (i.e., when the DeclRefExpr is
at the CFGBlock level).
llvm-svn: 46839
2008-02-07 04:16:04 +00:00
a56c08a2e4
Fixed bug in LiveVariables analysis where Block-level exprs appearing
...
as the initializers for DeclStmts were not being registered as being
live at the start of the DeclStmt.
llvm-svn: 46837
2008-02-07 02:38:55 +00:00
43523e0fe8
Added transfer function logic for ReturnStmts.
...
Fixed insidious bug in handling dereferences.
llvm-svn: 46835
2008-02-07 01:08:27 +00:00
cdd0be1dc1
Major code refactoring/cleanup with transfer function logic. Now the
...
code structure is more suitable for additional symbolic analysis.
llvm-svn: 46831
2008-02-06 22:50:25 +00:00
afa5f492e5
Added main transfer function support for unary operator "!".
...
llvm-svn: 46815
2008-02-06 17:56:00 +00:00
17b65b557b
Added assumption logic for symbolic non-lvalues when used in conditions such as
...
"if(x)". On the true branch we know the value is != 0, and on the false branch
we know it is 0.
llvm-svn: 46814
2008-02-06 17:32:17 +00:00
73451846a7
Fixed bug in '=' transfer function: RHS does not have to be a non-LValue.
...
llvm-svn: 46797
2008-02-06 04:41:14 +00:00
d17f05435a
Fixed signedness bug in cast transfer function when casting integers to pointers.
...
Removed lval::SymIntConstraintVal; wrappers for symbolic constraints are not lvalues (only integers that evaluate to !0 or 0).
llvm-svn: 46796
2008-02-06 04:31:33 +00:00
b2652827e6
Modified state pretty-printing to include the '!=' and '==' constraints on
...
symbols (for constant integers).
llvm-svn: 46795
2008-02-06 03:56:15 +00:00
0ea8fea0ba
Disabled operator= for ValueStateImpl.
...
ValueState no longer inherits FoldingSetNode (not needed).
Removed redundant operator= implementation for ValueState (it simply did the default behavior).
llvm-svn: 46794
2008-02-06 02:50:36 +00:00
4ff4e7ce9f
Fixed bug when allocating a ValueStateImpl object in getPersistentState()
...
using the bump-pointer allocator and a placed new; we accidentally allocated
a ValueStateImpl* instead, causing an overrun when we did a placed new().
llvm-svn: 46793
2008-02-06 02:45:20 +00:00
03e7b55f22
Added some skeleton code for performing "assume" on symbols: e.g. assume($0 != 0).
...
This action will add constraints to the possible values of a symbol.
Still needs to be debugged.
llvm-svn: 46789
2008-02-06 00:54:14 +00:00
38b32e976c
Added pretty-printing support for lval::SymIntConstraintVal and
...
nonlval::SymIntConstraintVal.
Reworked transfer function for '==' and '!=' for LValues to return
SymIntConstraintVal when comparing a symbol with a constant.
llvm-svn: 46778
2008-02-05 23:08:41 +00:00
8f6dcfaa30
Moved implementation of cast<> for SymbolData closer to SymbolData's definition.
...
llvm-svn: 46772
2008-02-05 22:21:54 +00:00
1ee50cd9c1
Added new "NonLValue" class: SymIntConstraintVal. This class represents a binary
...
contraint between a symbol and an integer constant.
llvm-svn: 46771
2008-02-05 22:10:48 +00:00
1e3fa134de
Moved subclasses of LValue and NonLValue into their own namespaces.
...
This noticeably cleans up the naming of these classes.
llvm-svn: 46770
2008-02-05 21:52:21 +00:00
a4aa95bd9d
Added "SymIntConstraint", a utility class to represent intermediate values for
...
transfer function evaluation that represent constraints between symbolic values
and constant integers.
llvm-svn: 46769
2008-02-05 21:32:43 +00:00
e1bbf8e549
Added "batch" processing versions of Nodify and SetValue. Created typedefs
...
for buffers for RValues and States.
llvm-svn: 46759
2008-02-05 19:35:18 +00:00
1cc95f6cd3
Added a "ConstantNotEq" map to ValueState (and added necessary typedefs and factory objects to ValueStateManager).
...
llvm-svn: 46758
2008-02-05 18:51:06 +00:00
961ec7bc22
Added some comments.
...
llvm-svn: 46756
2008-02-05 18:24:17 +00:00
db814b5415
Renamed typedef "iterator" in ValueState to "vb_iterator" (for "VariableBindings").
...
llvm-svn: 46755
2008-02-05 18:19:15 +00:00
17e5b5c99e
Reordered fields/methods in ValueState to make it more aesthetically pleasing.
...
llvm-svn: 46754
2008-02-05 18:17:58 +00:00
d8902e06ba
Overhauling of "ValueState" so that it represents its own functional data
...
structure that can contain several maps, not just one.
llvm-svn: 46744
2008-02-05 07:17:49 +00:00
0a04690fda
ValueManager now uses the BumpPtrAllocator owned by the ExplodedGraph.
...
llvm-svn: 46740
2008-02-05 05:15:51 +00:00
4894c56ba7
Simplified transfer functions for '++' and '--'
...
llvm-svn: 46732
2008-02-05 00:43:43 +00:00
3f2f1ade4c
Implemented initial transfer function support for '&&', '||', '?', and
...
__builtin_choose.
llvm-svn: 46731
2008-02-05 00:26:40 +00:00
7746a6279b
Added file that should have been in my previous commit.
...
llvm-svn: 46722
2008-02-04 21:59:22 +00:00
723fe3f863
Created ValueStateManager, a full-blown class to manage the states
...
created for GRConstants. Moved instances of ValueManager and SymbolManager
inside this class. The goal is to gradually separate more of the state
management from the state transformation.
llvm-svn: 46721
2008-02-04 21:59:01 +00:00
2cdfd6670e
Implemented transfer function for unary '~'.
...
llvm-svn: 46708
2008-02-04 16:58:30 +00:00
effdafa62a
Implemented casts for ConcreteInt and ConcreteIntLValue.
...
Implemented '==' and '!=' for ConcreteIntLValue.
llvm-svn: 46630
2008-02-01 06:36:40 +00:00
2820b9c893
Added skeleton for new LValue class ConcereteIntLValue.
...
llvm-svn: 46624
2008-01-31 22:17:03 +00:00
2838799859
Moved RValue code in GRConstants.cpp to RValue.[h,cpp].
...
Moved ValueKey/ValueMap declaration to ValueState.h.
llvm-svn: 46618
2008-01-31 19:34:24 +00:00
6f4a9ef4b6
Fixed misspelling of "LLVM" due to some editor+Ted madness.
...
llvm-svn: 46604
2008-01-31 06:49:09 +00:00
a0be8264b5
Added transfer function support for unary '&' and '*', providing basic
...
(local) aliasing support.
Modified ExplodedGraph pretty-printer (for GRConstants) to also print out the
pointer value of the state associated with a node. This way one can easily
see that two states are identical.
llvm-svn: 46595
2008-01-31 02:35:41 +00:00
b5474fc529
Added 'SymbolicLValue' class to represent LValues whose value is symbolic.
...
Improved pretty-printing of LValues.
Parameters whose values are pointers/references are now assigned SymbolicLValues.
llvm-svn: 46584
2008-01-31 00:09:56 +00:00
2531fce319
We now delay adding nodes created by GRBranchNodeBuilder to the analysis
...
worklist until the dstor of GRBranchNodeBuilderImpl. This way clients can mark
creates nodes as "sinks" before they are added to the worklist.
llvm-svn: 46582
2008-01-30 23:24:39 +00:00
a50d98565f
Implemented some branch pruning in GRConstants using != and == for
...
constant integers.
llvm-svn: 46581
2008-01-30 23:03:39 +00:00
90962af0e8
Minor cosmetic cleanups: replaced some integer literals with constants and
...
more cleanups with pretty-printing of analysis results.
llvm-svn: 46564
2008-01-30 18:54:06 +00:00
7ff1893f86
Implemented more boilerplate in GREngine for processing branches. Now
...
we automatically generate a new successor node along an edge if the checker
did not explicitly do so (i.e., we just propagate the current state).
llvm-svn: 46536
2008-01-29 23:32:35 +00:00
ee2d5a540c
Fixed bit-setting bug for ExplodedNodeImpl::NodeGroup.
...
llvm-svn: 46535
2008-01-29 23:31:09 +00:00
9b4211d25d
Added boilerplate logic in GREngine for processing branches.
...
llvm-svn: 46532
2008-01-29 22:56:11 +00:00
b2cad31aae
Renamed GRNodeBuilder to GRStmtNodeBuilder.
...
llvm-svn: 46531
2008-01-29 22:11:49 +00:00
71b49503d8
Minor fix in transfer function of '!=' where a 'false' literal should
...
have been 'true'.
llvm-svn: 46530
2008-01-29 21:27:49 +00:00
8d5bfe5844
Added preliminary transfer function support for '==' and '!='.
...
Made some internal API cleanups with creating ConcreteInt values, which lead to
some code reduction in implementing "++", "--".
llvm-svn: 46528
2008-01-29 19:43:15 +00:00
b6056cfea4
Added "SymbolManager", which manages the set of symbolic values used
...
for analyzing a function.
The initial state for GRConstants now assigns symbolic values to parameters.
llvm-svn: 46517
2008-01-29 17:27:31 +00:00
75bc4cd620
Fixed bug where not all dead subexpressions were being pruned from the analysis
...
state.
llvm-svn: 46491
2008-01-29 05:25:31 +00:00
8ff7705a6c
Modified LiveVariables to perform all of its base initialization in the ctor,
...
and now we require a FunctionDecl* object so that we can also keep track of
all of the ParmDecls.
Modified clients of LiveVariables to conform to the new interface.
llvm-svn: 46490
2008-01-29 05:13:23 +00:00
e3d965f4b1
Added skeleton code for tracking the values of function parameters.
...
llvm-svn: 46477
2008-01-29 00:43:03 +00:00
997d872375
Driver now passes the top-level FunctionDecl* to GRConstants.
...
Refactoring: for GREngine and GRConstants, pushed references to CFG, ASTContext,
and the top-level FunctionDecl into ExplodedGraphImpl.
llvm-svn: 46475
2008-01-29 00:33:40 +00:00
64d9524dcb
Added RValue class "UninitializedValue".
...
llvm-svn: 46471
2008-01-28 22:51:57 +00:00
fe9cf4f38b
Added transfer function logic for "%=" operator.
...
llvm-svn: 46470
2008-01-28 22:28:54 +00:00
Ted Kremenek