Project Ortega BCM5719 LLVM https://git.raptorcs.com/git/bcm5719-llvm/atom?h=meklort-10.0.0 2018-08-29T20:29:17+00:00 2018-08-29T20:29:17+00:00 George Karpenkov ekarpenkov@apple.com 2018-08-29T20:29:17+00:00 urn:sha1:a393e68b27fcc8b78256407c99c6179acea056fe Differential Revision: https://reviews.llvm.org/D51251 llvm-svn: 340963 2018-05-04T21:56:51+00:00 Artem Dergachev artem.dergachev@gmail.com 2018-05-04T21:56:51+00:00 urn:sha1:806486c7818ece98a00fb0ed988b2a3dd982f5c4 The bindDefault() API of the ProgramState allows setting a default value for reads from memory regions that were not preceded by writes. It was used for implementing C++ zeroing constructors (i.e. default constructors that boil down to setting all fields of the object to 0). Because differences between zeroing consturctors and other forms of default initialization have been piling up (in particular, zeroing constructors can be called multiple times over the same object, probably even at the same offset, requiring a careful and potentially slow cleanup of previous bindings in the RegionStore), we split the API in two: bindDefaultInitial() for modeling initial values and bindDefaultZero() for modeling zeroing constructors. This fixes a few assertion failures from which the investigation originated. The imperfect protection from both inability of the RegionStore to support binding extents and lack of information in ASTRecordLayout has been loosened because it's, well, imperfect, and it is unclear if it fixing more than it was breaking. Differential Revision: https://reviews.llvm.org/D46368 llvm-svn: 331561 2018-02-27T21:10:08+00:00 Artem Dergachev artem.dergachev@gmail.com 2018-02-27T21:10:08+00:00 urn:sha1:4449e7f008cbb6da6dbe8a93fdf4cfd89851f7b1 The SVal for any empty C++ object is an UnknownVal. Because RegionStore does not have binding extents, binding an empty object to an UnknownVal may potentially overwrite existing bindings at the same offset. Therefore, when performing a trivial copy of an empty object, don't try to take the value of the object and bind it to the copy. Doing nothing is accurate enough, and it doesn't screw any existing bindings. Differential Revision: https://reviews.llvm.org/D43714 llvm-svn: 326247 2018-01-24T21:24:10+00:00 Artem Dergachev artem.dergachev@gmail.com 2018-01-24T21:24:10+00:00 urn:sha1:d3c54313abe723c834462e9ed8f738fc0b7ca542 In order to provide more test coverage for inlined operator new(), add more run-lines to existing test cases, which would trigger our fake header to provide a body for operator new(). Most of the code should still behave reasonably. When behavior intentionally changes, #ifs are provided. Differential Revision: https://reviews.llvm.org/D42221 llvm-svn: 323376 2018-01-24T20:59:40+00:00 Artem Dergachev artem.dergachev@gmail.com 2018-01-24T20:59:40+00:00 urn:sha1:a396df34725fcbb03a96ba196b58eb2244447df7 This allows the analyzer to analyze ("inline") custom operator new() calls and, even more importantly, inline constructors of objects that were allocated by any operator new() - not necessarily a custom one. All changes in the tests in the current commit are intended improvements, even if they didn't carry any explicit FIXME flag. It is possible to restore the old behavior via -analyzer-config c++-allocator-inlining=false (this flag is supported by scan-build as well, and it can be into a clang --analyze invocation via -Xclang .. -Xclang ..). There is no intention to remove the old behavior for now. Differential Revision: https://reviews.llvm.org/D42219 rdar://problem/12180598 llvm-svn: 323373 2017-10-04T15:59:40+00:00 Artem Dergachev artem.dergachev@gmail.com 2017-10-04T15:59:40+00:00 urn:sha1:9445b89c498d8cc4de3f77ae461e594548a95402 In ProgramState::getSVal(Location, Type) API which dereferences a pointer value, when the optional Type parameter is not supplied and the Location is not typed, type should have been guessed on a best-effort basis by inspecting the Location more deeply. However, this never worked; the auto-detected type was instead a pointer type to the correct type. Fixed the issue and added various test cases to demonstrate which parts of the analyzer were affected (uninitialized pointer argument checker, C++ trivial copy modeling, Google test API modeling checker). Additionally, autodetected void types are automatically replaced with char, in order to simplify checker APIs. Which means that if the location is a void pointer, getSVal() would read the first byte through this pointer and return its symbolic value. Fixes pr34305. Differential Revision: https://reviews.llvm.org/D38358 llvm-svn: 314910 2017-08-18T18:20:43+00:00 Alexander Shaposhnikov shal1t712@gmail.com 2017-08-18T18:20:43+00:00 urn:sha1:291d658e1923e7a1f0fcecb07115a788d0bea4a7 This diff fixes analyzer's crash (triggered assert) on the newly added test case. The assert being discussed is assert(!B.lookup(R, BindingKey::Direct)) in lib/StaticAnalyzer/Core/RegionStore.cpp, however the root cause is different. For classes with empty bases the offsets might be tricky. For example, let's assume we have struct S: NonEmptyBase, EmptyBase { ... }; In this case Clang applies empty base class optimization and the offset of EmptyBase will be 0, it can be verified via clang -cc1 -x c++ -v -fdump-record-layouts main.cpp -emit-llvm -o /dev/null. When the analyzer tries to perform zero initialization of EmptyBase it will hit the assert because that region has already been "written" by the constructor of NonEmptyBase. Test plan: make check-all Differential revision: https://reviews.llvm.org/D36851 llvm-svn: 311182 2017-03-03T18:02:02+00:00 Dominic Chen d.c.ddcc@gmail.com 2017-03-03T18:02:02+00:00 urn:sha1:184c6242faca0be0188611d45b41235e68ef282a Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895 2017-03-02T23:30:53+00:00 Dominic Chen d.c.ddcc@gmail.com 2017-03-02T23:30:53+00:00 urn:sha1:09d66f7528fcdd16178120c107f71aaaea6b79e1 This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841 2017-03-02T23:05:45+00:00 Dominic Chen d.c.ddcc@gmail.com 2017-03-02T23:05:45+00:00 urn:sha1:feaf9ff5eeb7fcdd76770e7d471f3a26df366fd3 Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837