summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/BasicObjCFoundationChecks.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Kill some unnecessary calls to c_str().Benjamin Kramer2009-11-291-2/+2
| | | | llvm-svn: 90084
* lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespaceKovarththanan Rajaratnam2009-11-281-6/+5
| | | | llvm-svn: 90028
* Clean up the Checker API a little more, resolving some hidden bugsTed Kremenek2009-11-231-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | along the way. Important changes: 1) To generate a sink node, use GenerateSink(); GenerateNode() is for generating regular transitions. This makes the API clearer and also allows us to use the 'bool' option to GenerateNode() for a different purpose. 2) GenerateNode() now automatically adds the generated node to the destination ExplodedNodeSet (autotransition) unless the client specifies otherwise with a bool flag. Several checkers did not call 'addTransition()' after calling 'GenerateNode()', causing the simulation path to be prematurely culled when a non-fail stop bug was encountered. 3) Add variants of GenerateNode()/GenerateSink() that take neither a Stmt* or a GRState*; most callers of GenerateNode() just pass in the same Stmt* as provided when the CheckerContext object is created; we can just use that the majority of the time. This cleanup also allows us to potentially coelesce the APIs for evaluating branches and end-of-paths (which currently directly use builders). 4) addTransition() no longer needs to be called except for a few cases. We now have a variant of addTransition() that takes a GRState*; this allows one to propagate the updated state without caring about generating a new node explicitly. This nicely cleaned up a bunch of cases that called autoTransition() with a bunch of conditional logic surround the call (that common logic has now been swallowed up by addTransition() itself). llvm-svn: 89707
* Fix typo GCC 4.3 warned about.Benjamin Kramer2009-11-201-1/+1
| | | | llvm-svn: 89453
* Add simple static analyzer checker to check for sending 'release', 'retain', ↵Ted Kremenek2009-11-201-0/+61
| | | | | | etc. directly to a class. Fixes <rdar://problem/7252064>. llvm-svn: 89449
* Rename: StripCasts describes what it does better. Zhongxing Xu2009-11-101-1/+1
| | | | | | getBaseRegion will be used in another method. llvm-svn: 86649
* Implement: <rdar://problem/6250216> Warn against using -[NSAutoreleasePool ↵Ted Kremenek2009-11-031-0/+1
| | | | | | release] in GC mode llvm-svn: 85887
* PR5218: Replace IdentifierInfo::getName with StringRef version, now that clientsDaniel Dunbar2009-10-181-1/+1
| | | | | | are updated. llvm-svn: 84447
* Move clients to use IdentifierInfo::getNameStart() instead of getName()Daniel Dunbar2009-10-181-3/+3
| | | | llvm-svn: 84436
* Simplify.Daniel Dunbar2009-10-171-15/+5
| | | | llvm-svn: 84338
* Change all the Type::getAsFoo() methods to specializations of Type::getAs().John McCall2009-09-211-1/+1
| | | | | | | | | | | Several of the existing methods were identical to their respective specializations, and so have been removed entirely. Several more 'leaf' optimizations were introduced. The getAsFoo() methods which imposed extra conditions, like getAsObjCInterfacePointerType(), have been left in place. llvm-svn: 82501
* Remove tabs, and whitespace cleanups.Mike Stump2009-09-091-105/+105
| | | | llvm-svn: 81346
* Tie the local check NSErrorCheck to a Decl to pave the wayZhongxing Xu2009-08-211-2/+2
| | | | | | to untie the ExplodedGraph from a specific Decl. llvm-svn: 79588
* Last step of template cleanup: merge *BuilderImpl to *Builder.Zhongxing Xu2009-08-061-7/+7
| | | | | | Some Builders need further cleanup. llvm-svn: 78301
* As GRState seems general enough, it is time to merge some template classes Zhongxing Xu2009-08-061-8/+8
| | | | | | | and their impl base classes. This can greatly simply some code of the core analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode. llvm-svn: 78270
* Remove some uses of TypedViewRegion, and use getBaseRegion() in a context whereTed Kremenek2009-07-291-8/+5
| | | | | | we don't care about ElementRegions layered on top of a base region. llvm-svn: 77484
* Refactor 'PostStmt' and 'PreStmt' to subclass a common parent 'StmtPoint'.Ted Kremenek2009-07-221-13/+14
| | | | | | | | | | | | Educate GRExprEngine::VisitGraph() about 'PreStmt'. Mark the constructor of 'PostStmt' to be explicit, preventing implicit conversions and the selection of the wrong 'generateNode' method in GRStmtNodeBuilder. Constify a bunch of arguments, which falls out of the changes to ProgramPoint. llvm-svn: 76809
* Add basic checking for passing NULL to CFRetain/CFRelease, since those functionsTed Kremenek2009-07-141-3/+79
| | | | | | | are not explicitly marked as not accepting NULL pointers. This check illustrates how we need more refactoring in the custom-check logic. llvm-svn: 75570
* This patch includes a conceptually simple, but very intrusive/pervasive change. Steve Naroff2009-07-101-19/+12
| | | | | | | | | | | | The idea is to segregate Objective-C "object" pointers from general C pointers (utilizing the recently added ObjCObjectPointerType). The fun starts in Sema::GetTypeForDeclarator(), where "SomeInterface *" is now represented by a single AST node (rather than a PointerType whose Pointee is an ObjCInterfaceType). Since a significant amount of code assumed ObjC object pointers where based on C pointers/structs, this patch is very tedious. It should also explain why it is hard to accomplish this in smaller, self-contained patches. This patch does most of the "heavy lifting" related to moving from PointerType->ObjCObjectPointerType. It doesn't include all potential "cleanups". The good news is additional cleanups can be done later (some are noted in the code). This patch is so large that I didn't want to include any changes that are purely aesthetic. By making the ObjC types truly built-in, they are much easier to work with (and require fewer "hacks"). For example, there is no need for ASTContext::isObjCIdStructType() or ASTContext::isObjCClassStructType()! We believe this change (and the follow-up cleanups) will pay dividends over time. Given the amount of code change, I do expect some fallout from this change (though it does pass all of the clang tests). If you notice any problems, please let us know asap! Thanks. llvm-svn: 75314
* Move clients over from using GRStateManager::BindXXX and friends toTed Kremenek2009-06-181-26/+15
| | | | | | GRState->bindXXX and friends (and constify some arguments along the way). llvm-svn: 73740
* As discussed with Ted, rename TypedRegion::getObjectType() to Zhongxing Xu2009-05-091-1/+1
| | | | | | TypedRegion::getValueType(). llvm-svn: 71321
* rename: MemRegion:Zhongxing Xu2009-05-091-1/+1
| | | | | | | | | RValueType => ObjectType LValueType => LocationType No functionality change. llvm-svn: 71304
* get a CodeTextRegion when visiting FunctionDecl reference.Zhongxing Xu2009-04-201-2/+2
| | | | | | get FunctionDecl with more general utility method. llvm-svn: 69570
* Rename AnonTypedRegion to TypedViewRegion.Ted Kremenek2009-03-011-1/+1
| | | | llvm-svn: 65764
* Overhaul BugReporter interface and implementation. The new interface cleans upTed Kremenek2009-02-041-138/+48
| | | | | | | | | | | | | | | | | | | | | the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes, and BugTypes are owned by the BugReporter object. The major functionality change in this patch is that reports are not immediately emitted by a call to BugReporter::EmitWarning (now called EmitReport), but instead of queued up in report "equivalence classes". When BugReporter::FlushReports() is called, it emits one diagnostic per report equivalence class. This provides a nice cleanup with the caching of reports as well as enables the BugReporter engine to select the "best" path for reporting a path-sensitive bug based on all the locations in the ExplodedGraph that the same bug could occur. Along with this patch, Leaks are now coalesced into a common equivalence class by their allocation site, and the "summary" diagnostic for leaks now reports the allocation site as the location of the bug (this may later be augmented to also provide an example location where the leak occurs). llvm-svn: 63796
* MemRegion:Ted Kremenek2008-12-131-3/+6
| | | | | | | | | | | | | | | | | | | | | | - Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs. - Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts. StoreManager: - Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*. - BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes. - Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion(). AuditCFNumberCreate check: - Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion. GRExprEngine::VisitCast: - Conform to the new interface of StoreManager::CastRegion. Tests: - None of the analysis tests fail now for using the "basic store". - Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing. llvm-svn: 60995
* Rename Selector::getName() to Selector::getAsString(), and addChris Lattner2008-11-241-2/+2
| | | | | | | | | | | | | a new NamedDecl::getAsString() method. Change uses of Selector::getName() to just pass in a Selector where possible (e.g. to diagnostics) instead of going through an std::string. This also adds new formatters for objcinstance and objcclass as described in the dox. llvm-svn: 59933
* Added method "getSelfRegion" to Store. This method returns the region ↵Ted Kremenek2008-10-241-1/+1
| | | | | | associated with the "this" or "self" object (C++ and Objective-C respectively). llvm-svn: 58107
* - constify some uses of MemRegion* (MemRegion should be immutable).Ted Kremenek2008-10-171-3/+3
| | | | | | | | | - Added new region "SymbolicRegion", which maps symbol values to the region domain. - Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion) - Added some utility methods to GRState for fetch svals from the store. - Fixed regression in CheckNSError (we weren't getting the value bound to the parameter) llvm-svn: 57717
* This patch did the following renaming. There should be no functional changes.Zhongxing Xu2008-10-171-11/+11
| | | | | | | | | | RVal => SVal LVal => Loc NonLVal => NonLoc lval => loc nonlval => nonloc llvm-svn: 57671
* This is a big patch, but the functionality change is small and the rest of ↵Ted Kremenek2008-10-041-5/+11
| | | | | | | | | | | | | | the patch consists of deltas due to API changes. This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on. The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables. There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized. The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker. llvm-svn: 57042
* The checks in BasicObjCFoundationChecks now have a category: "API Misuse ↵Ted Kremenek2008-09-211-3/+10
| | | | | | (Apple)" llvm-svn: 56403
* Change implementation of NSError** coding-style check to be invoked at the ↵Ted Kremenek2008-09-181-1/+4
| | | | | | end of the retain/release analysis. llvm-svn: 56312
* Remove dead method.Ted Kremenek2008-08-291-1/+0
| | | | llvm-svn: 55526
* Rename ValueState -> GRState.Ted Kremenek2008-08-131-20/+20
| | | | | | Rename ValueStateManager -> GRStateManager. llvm-svn: 54721
* More #include cleaningDaniel Dunbar2008-08-111-0/+1
| | | | | | | | - Drop {Decl.h,DeclObjC.h,IdentifierTable.h} from Expr.h - Moved Sema::getCurMethodDecl() out of line (dependent on ObjCMethodDecl via dyn_cast). llvm-svn: 54629
* change more instances of QualType::getCanonicalType to callChris Lattner2008-07-261-2/+1
| | | | | | ASTContext::getCanonicalType instead (PR2189) llvm-svn: 54105
* Moved registration of basic path-sensitive checks from GRSimpleVals.cpp to ↵Ted Kremenek2008-07-221-0/+15
| | | | | | GRExprEngineInternalChecks.cpp. llvm-svn: 53909
* Added path-sensitive checking for null pointer values passed to function ↵Ted Kremenek2008-07-221-4/+5
| | | | | | | | arguments marked nonnull. This implements <rdar://problem/6069935> llvm-svn: 53891
* Refactored most of the "Store" piece of ValueState into a Store type. TheTed Kremenek2008-07-101-3/+3
| | | | | | | | | current store implementation is now encapsulated by BasicStore. These changes prompted some long due constification of ValueState. Much of the diffs in this patch include adding "const" qualifiers. llvm-svn: 53423
* Added a simple static analysis check to look for improper uses of ↵Ted Kremenek2008-06-261-0/+257
| | | | | | CFCreateNumber. llvm-svn: 52799
* - Move ObjC Expresssion AST's from Expr.h => ExprObjC.hSteve Naroff2008-05-291-0/+1
| | | | | | - #include ExprObjC.h in many places llvm-svn: 51703
* fix warning with gcc 4.1 (ptr to bool convertion)Nuno Lopes2008-05-201-2/+2
| | | | llvm-svn: 51324
* Do not highlight bogus ranges for leaks.Ted Kremenek2008-05-011-1/+2
| | | | llvm-svn: 50549
* More cleanups with ObjCQualifiedIdType in the static analyzer.Ted Kremenek2008-04-301-8/+8
| | | | llvm-svn: 50503
* Teach more of the static analyzer about ObjCQualifiedIdType.Ted Kremenek2008-04-301-4/+1
| | | | llvm-svn: 50494
* Gracefully handle when the receiver of a message expression is not a pointer ↵Ted Kremenek2008-04-191-1/+5
| | | | | | type. llvm-svn: 49959
* Generalize caching mechanism for bugs reports. Now individual BugTypesTed Kremenek2008-04-181-1/+1
| | | | | | | | can decide the policy on how to cache related bugs. This allows us to properly to handle warning about multiple leaks in the same location in the ref count checker (not yet done). llvm-svn: 49918
* Simplified internal logic of BugReporter, consolidating EmitWarning andTed Kremenek2008-04-181-1/+1
| | | | | | | | EmitPathWarning into one method. We now properly handle emitting warnings without a PathDiagnosticClient when the warning does not involve a particular statement. llvm-svn: 49884
* Hooked up the dead-store checker to the BugReporter interface. Now dead-storeTed Kremenek2008-04-141-25/+10
| | | | | | warnings are emitted as part of the warnings registered by GRSimpleVals. llvm-svn: 49658
OpenPOWER on IntegriCloud