summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/BugReporter.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Split libAnalysis into two libraries: libAnalysis and libChecker.Ted Kremenek2010-01-251-1879/+0
| | | | | | | | | | | | | | | | | | | | | | | | | (1) libAnalysis is a generic analysis library that can be used by Sema. It defines the CFG, basic dataflow analysis primitives, and inexpensive flow-sensitive analyses (e.g. LiveVariables). (2) libChecker contains the guts of the static analyzer, incuding the path-sensitive analysis engine and domain-specific checks. Now any clients that want to use the frontend to build their own tools don't need to link in the entire static analyzer. This change exposes various obvious cleanups that can be made to the layout of files and headers in libChecker. More changes pending. :) This change also exposed a layering violation between AnalysisContext and MemRegion. BlockInvocationContext shouldn't explicitly know about BlockDataRegions. For now I've removed the BlockDataRegion* from BlockInvocationContext (removing context-sensitivity; although this wasn't used yet). We need to have a better way to extend BlockInvocationContext (and any LocationContext) to add context-sensitivty. llvm-svn: 94406
* Teach BugReporter to "escape" the occurance of '%' characters in diagnostic ↵Ted Kremenek2010-01-151-2/+17
| | | | | | messages when emitted results to the standard Diagnostics output. Fixes PR 6033. llvm-svn: 93507
* Convert a few more uses of std::string& to llvm::StringRef.Ted Kremenek2010-01-151-1/+1
| | | | llvm-svn: 93506
* Teach 'ExecutionContinues' (part of BugReporter's diagnostic generation) ↵Ted Kremenek2009-12-041-4/+13
| | | | | | about BlockDecls. llvm-svn: 90584
* Port BugReporter and BugType to StringRef.Benjamin Kramer2009-11-291-3/+4
| | | | llvm-svn: 90086
* lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespaceKovarththanan Rajaratnam2009-11-281-8/+8
| | | | llvm-svn: 90028
* Change ExplodedNode to have its NodeGroups all BumpPtrAllocated, avoiding ↵Ted Kremenek2009-10-071-1/+1
| | | | | | | | malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT). This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file. llvm-svn: 83439
* Re-introduce diagnostic caching in BugReporter that was originally added inTed Kremenek2009-09-181-0/+47
| | | | | | | r82198 and then reverted. This is an intermediate solution, as diagnostic caching should not rely on static variables. llvm-svn: 82301
* Revert most of r82198, which was causing a large number of crashesTed Kremenek2009-09-181-47/+0
| | | | | | | | | | when running the analyzer on real projects. We'll keep the change to AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code correctly in both GC and non-GC modes, although this may emit two diagnostics for each bug in some cases (a better solution will come later). llvm-svn: 82201
* Introduce caching of diagnostics in BugReporter. This provides extraTed Kremenek2009-09-181-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | pruning of diagnostics that may be emitted multiple times. This is accomplished by adding FoldingSet profiling support to PathDiagnostic, and then having BugReporter record what diagnostics have been issued. This was motived to a serious bug introduced by moving the 'divide-by-zero' checking outside of GRExprEngine into a separate 'Checker' class. When analyzing code using the '-fobjc-gc' option, a given function would be analyzed twice, but the second time various "internal checks" would be disabled to avoid emitting multiple diagnostics (e.g., "null dereference") for the same issue. The problem is that such checks also effect path pruning and don't just emit diagnostics. This resulted in an assertion failure involving a real divide-by-zero in some analyzed code where we would get an assertion failure in APInt because the 'DivZero' check was disabled and didn't prune the logic that resulted in the divide-by-zero in the analyzer. The implemented solution is somewhat of a hack, and may not perform extremely well. This will need to be cleaned up over time. As a regression test, 'misc-ps.m' has been modified so that its tests are run using -fobjc-gc to test this diagnostic pruning behavior. llvm-svn: 82198
* Fix typo in comment.Ted Kremenek2009-09-151-1/+1
| | | | llvm-svn: 81825
* Fix: <rdar://problem/5905851> do not report a leak when post-dominated by a callTed Kremenek2009-09-141-11/+108
| | | | | | to a noreturn or panic function llvm-svn: 81803
* Implement FIXME: free up BugReportEquivClass objects when deleting BugTypes.Ted Kremenek2009-09-141-4/+10
| | | | llvm-svn: 81783
* Introduce "DefinedOrUnknownSVal" into the SVal class hierarchy, providing a wayTed Kremenek2009-09-111-1/+4
| | | | | | | | | | | | to statically type various methods in SValuator/GRState as required either a defined value or a defined-but-possibly-unknown value. This leads to various logic cleanups in GRExprEngine, and lets the compiler enforce via type checking our assumptions about what symbolic values are possibly undefined and what are not. Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values. llvm-svn: 81579
* Make AnalysisManager stateless. Now other analyzer components only depends onZhongxing Xu2009-09-101-13/+3
| | | | | | local node information. llvm-svn: 81433
* Remove tabs, and whitespace cleanups.Mike Stump2009-09-091-321/+320
| | | | llvm-svn: 81346
* Do not call FlushReports() in GRBugReporter's dtor. We already call it inZhongxing Xu2009-09-051-1/+1
| | | | | | ActionGRExprEngine(). llvm-svn: 81064
* Remove CodeDecl and CFG from GRExprEngine and GRStateManager.Zhongxing Xu2009-08-251-0/+8
| | | | | | | Now AnalysisManager is the only place we can get CodeDecl. This leads to an API change: GRState::bindExpr() now takes the CFG argument. llvm-svn: 79980
* Remove Decl and CFG from ExplodedGraph. This leads to a series small changes.Zhongxing Xu2009-08-251-2/+1
| | | | llvm-svn: 79973
* Rename: ProgramPoint::getContext() => ProgramPoint::getLocationContext().Zhongxing Xu2009-08-201-1/+1
| | | | llvm-svn: 79502
* Get the Decl from the current ExplodedNode. Eventually the diagnostic clientZhongxing Xu2009-08-191-2/+4
| | | | | | and other core analysis logic will be untied to a particular Decl. llvm-svn: 79420
* Remove unused parameter BugReporter due to previous patch.Zhongxing Xu2009-08-181-5/+3
| | | | llvm-svn: 79328
* Now we can get the CFG from the ProgramPoint. No need to pass in the Zhongxing Xu2009-08-181-4/+6
| | | | | | BugReporter. llvm-svn: 79327
* Enhance static analyzer diagnostics by introducing a new 'EnhancedBugReporter'Ted Kremenek2009-08-181-2/+2
| | | | | | | | | which allows custom checks to register callback creator functions for creating BugReporterVisitor objects. This allows various checks to include diagnostics such as 'assuming value is null' with little extra work. Eventually this API should be refactored to be cleaner and more simple. llvm-svn: 79302
* Core analysis engine template cleanup step 2: Zhongxing Xu2009-08-061-14/+11
| | | | | | merge ExplodedGraphImpl and ExplodedGraph. llvm-svn: 78291
* As GRState seems general enough, it is time to merge some template classes Zhongxing Xu2009-08-061-52/+52
| | | | | | | and their impl base classes. This can greatly simply some code of the core analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode. llvm-svn: 78270
* add a fixmeZhongxing Xu2009-07-291-2/+4
| | | | llvm-svn: 77447
* Fix helper function GetNextStmt() to look for the first statement that has aTed Kremenek2009-07-281-0/+5
| | | | | | valid SourceLocation. llvm-svn: 77280
* Refactor 'PostStmt' and 'PreStmt' to subclass a common parent 'StmtPoint'.Ted Kremenek2009-07-221-23/+26
| | | | | | | | | | | | Educate GRExprEngine::VisitGraph() about 'PreStmt'. Mark the constructor of 'PostStmt' to be explicit, preventing implicit conversions and the selection of the wrong 'generateNode' method in GRStmtNodeBuilder. Constify a bunch of arguments, which falls out of the changes to ProgramPoint. llvm-svn: 76809
* Move the source-level CFG from libAST to libAnalysis.Ted Kremenek2009-07-161-1/+1
| | | | llvm-svn: 76092
* Remove the ASTContext parameter from the getBody() methods of Decl and ↵Argyrios Kyrtzidis2009-06-301-4/+3
| | | | | | | | subclasses. Timings showed no significant difference before and after the commit. llvm-svn: 74504
* Introduce a new concept to the static analyzer: SValuator.Ted Kremenek2009-06-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | GRTransferFuncs had the conflated role of both constructing SVals (symbolic expressions) as well as handling checker-specific logic. Now SValuator has the role of constructing SVals from expressions and GRTransferFuncs just handles checker-specific logic. The motivation is by separating these two concepts we will be able to much more easily create richer constraint-generating logic without coupling it to the main checker transfer function logic. We now have one implementation of SValuator: SimpleSValuator. SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals (which is removed in this patch). This includes the logic for EvalBinOp, EvalCast, etc. Because SValuator has a narrower role than the old GRTransferFuncs, the interfaces are much simpler, and so is the implementation of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of SVal-related logic in GRSimpleVals and cleaned it up while moving it over to SimpleSValuator. As a consequence of removing GRSimpleVals, there is no longer a '-checker-simple' option. The '-checker-cfref' did everything that option did but also ran the retain/release checker. Of course a user may not always wish to run the retain/release checker, nor do we wish core analysis logic buried in the checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp to separate out these pieces into the core analysis engine. llvm-svn: 74229
* API cleanup: move more methods from GRStateManager to GRState.Ted Kremenek2009-06-231-1/+1
| | | | llvm-svn: 73968
* Move clients over from using GRStateManager::BindXXX and friends toTed Kremenek2009-06-181-1/+1
| | | | | | GRState->bindXXX and friends (and constify some arguments along the way). llvm-svn: 73740
* Fix another bug in BugReporter where we wouldn't always select the bug ↵Ted Kremenek2009-05-161-14/+20
| | | | | | report in a bug equivalence class with the shortest path. llvm-svn: 71920
* BugReporter (extensive diagnostics): Do not include the range of target '}'Ted Kremenek2009-05-151-4/+6
| | | | llvm-svn: 71832
* BugReporter (extensive diagnostics): Add control-flow piece to '}' inTed Kremenek2009-05-151-16/+36
| | | | | | | loop body when generating 'Looping back to the head of the loop' diagnostics. llvm-svn: 71829
* BugReport::getEndPath() - Only add a Stmt's range to the constructed ↵Ted Kremenek2009-05-111-5/+8
| | | | | | PathDiagnosticEventPiece if the BugReport contained no explicit ranges. llvm-svn: 71516
* EdgeBuilder: DeclStmts and BinaryOperators are not the enclosing location ↵Ted Kremenek2009-05-111-1/+26
| | | | | | context when they are used as initialization code for loops. llvm-svn: 71480
* EdgeBuilder::cleanUpLocation() should used the PathDiagnosticLocation ↵Ted Kremenek2009-05-111-16/+31
| | | | | | constructor for a single point, not a range. llvm-svn: 71477
* BugReporter (extensive diagnostics): Add EdgeBuilder::cleanUpLocation for ↵Ted Kremenek2009-05-111-28/+34
| | | | | | canonicalization locations and use this in both popLocation and rawAddEdge. llvm-svn: 71470
* analyzer:Ted Kremenek2009-05-101-1/+1
| | | | | | | | - Improve -autorelease diagnostics. - Improve VLA diagnostics. - Use "short description" for bug when outputting to TextDiagnostics llvm-svn: 71383
* Add preliminary support for enhancing null-pointer dereference diagnostics.Ted Kremenek2009-05-071-46/+54
| | | | llvm-svn: 71135
* Refactor BugReporter interface to have a new 'BugReporterContext' andTed Kremenek2009-05-061-64/+55
| | | | | | | | | | | 'BugReporterVisitor'. This simplifies callbacks from BugReporter to BugReports (via VisitNode). It also lays the foundation for arbitrary visitor "call backs" that can be registered to a BugReporterContext as a PathDiagnostic is constructed. These call backs can help operate as separate "experts" that can work on constructed pieces of a PathDiagnostic for which they possess special knowledge. llvm-svn: 71121
* BugReporter (extensive diagnostics): improve location context generation for theTed Kremenek2009-05-051-3/+29
| | | | | | start of 'do' and '@synchronized' statements. llvm-svn: 71038
* BugReporter (extensive diagnostics): Fix getEnclosingStmtLocation to reasonTed Kremenek2009-05-051-7/+8
| | | | | | | about Exprs that are not consumed and fix where the loop iteration diagnostic goes. llvm-svn: 71027
* BugReporter (extensive diagnostics): don't mark location contexts that areTed Kremenek2009-05-041-2/+3
| | | | | | control-flow expressions as dead. llvm-svn: 70887
* BugReporter (extensive diagnostics): introduce the notion of a "dead"Ted Kremenek2009-05-011-10/+41
| | | | | | | | location context. This allows us to postpone the decision of whether or not a context should add a control-flow piece to the diagnostics when inspecting its subexpressions. llvm-svn: 70545
* Remove #if 0'ed code.Ted Kremenek2009-05-011-173/+0
| | | | llvm-svn: 70542
* Fix null dereference.Ted Kremenek2009-04-291-1/+1
| | | | llvm-svn: 70417
OpenPOWER on IntegriCloud