summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/GRCoreEngine.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Split libAnalysis into two libraries: libAnalysis and libChecker.Ted Kremenek2010-01-251-599/+0
| | | | | | | | | | | | | | | | | | | | | | | | | (1) libAnalysis is a generic analysis library that can be used by Sema. It defines the CFG, basic dataflow analysis primitives, and inexpensive flow-sensitive analyses (e.g. LiveVariables). (2) libChecker contains the guts of the static analyzer, incuding the path-sensitive analysis engine and domain-specific checks. Now any clients that want to use the frontend to build their own tools don't need to link in the entire static analyzer. This change exposes various obvious cleanups that can be made to the layout of files and headers in libChecker. More changes pending. :) This change also exposed a layering violation between AnalysisContext and MemRegion. BlockInvocationContext shouldn't explicitly know about BlockDataRegions. For now I've removed the BlockDataRegion* from BlockInvocationContext (removing context-sensitivity; although this wasn't used yet). We need to have a better way to extend BlockInvocationContext (and any LocationContext) to add context-sensitivty. llvm-svn: 94406
* For inter-procedural analysis, predecessor node may be in another function.Zhongxing Xu2009-12-231-3/+3
| | | | | | So we should use the current program point. llvm-svn: 91989
* Add (initial?) static analyzer support for handling C++ references.Ted Kremenek2009-12-161-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was a lot bigger than I originally anticipated; among other things it requires us storing more information in the CFG to record what block-level expressions need to be evaluated as lvalues. The big change is that CFGBlocks no longer contain Stmt*'s by CFGElements. Currently CFGElements just wrap Stmt*, but they also store a bit indicating whether the block-level expression should be evalauted as an lvalue. DeclStmts involving the initialization of a reference require us treating the initialization expression as an lvalue, even though that information isn't recorded in the AST. Conceptually this change isn't that complicated, but it required bubbling up the data through the CFGBuilder, to GRCoreEngine, and eventually to GRExprEngine. The addition of CFGElement is also useful for when we want to handle more control-flow constructs or other data we want to keep in the CFG that isn't represented well with just a block of statements. In GRExprEngine, this patch introduces logic for evaluating the lvalues of references, which currently retrieves the internal "pointer value" that the reference represents. EvalLoad does a two stage load to catch null dereferences involving an invalid reference (although this could possibly be caught earlier during the initialization of a reference). Symbols are currently symbolicated using the reference type, instead of a pointer type, and special handling is required creating ElementRegions that layer on SymbolicRegions (see the changes to RegionStoreManager). Along the way, the DeadStoresChecker also silences warnings involving dead stores to references. This was the original change I introduced (which I wrote test cases for) that I realized caused GRExprEngine to crash. llvm-svn: 91501
* lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespaceKovarththanan Rajaratnam2009-11-281-4/+3
| | | | llvm-svn: 90028
* Refactor DereferenceChecker to use only the new Checker API instead ofTed Kremenek2009-11-111-31/+18
| | | | | | | | | | the old builder API. This percolated a bunch of changes up to the Checker class (where CheckLocation has been renamed VisitLocation) and GRExprEngine. ProgramPoint now has the notion of a "LocationCheck" point (with PreLoad and PreStore respectively), and a bunch of the old ProgramPoints that are no longer used have been removed. llvm-svn: 86798
* Change ExplodedNode to have its NodeGroups all BumpPtrAllocated, avoiding ↵Ted Kremenek2009-10-071-8/+8
| | | | | | | | malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT). This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file. llvm-svn: 83439
* Remove tabs, and whitespace cleanups.Mike Stump2009-09-091-115/+115
| | | | llvm-svn: 81346
* Remove Decl and CFG from ExplodedGraph. This leads to a series small changes.Zhongxing Xu2009-08-251-3/+3
| | | | llvm-svn: 79973
* To make the analysis independent on the locally stored liveness and cfgZhongxing Xu2009-08-171-1/+1
| | | | | | | of GRStateManager and GRExprEngine, pass the initial location context to the getInitialState() method. llvm-svn: 79228
* Extend the ProgramPoint to include the context information LocationContext,Zhongxing Xu2009-08-151-22/+30
| | | | | | | which is either a stack frame context of the function or a local scope context. llvm-svn: 79072
* Last step of template cleanup: merge *BuilderImpl to *Builder.Zhongxing Xu2009-08-061-54/+47
| | | | | | Some Builders need further cleanup. llvm-svn: 78301
* Core analysis engine template cleanup step 2:Zhongxing Xu2009-08-061-15/+41
| | | | | | | | | merge GRCoreEngineImpl and GRCoreEngine. Introduce a new interface class GRSubEngine as the subengine of GRCoreEngine. GRExprEngine subclasses GRSubEngine now. llvm-svn: 78298
* Core analysis engine template cleanup step 2: Zhongxing Xu2009-08-061-18/+18
| | | | | | merge ExplodedGraphImpl and ExplodedGraph. llvm-svn: 78291
* As GRState seems general enough, it is time to merge some template classes Zhongxing Xu2009-08-061-27/+27
| | | | | | | and their impl base classes. This can greatly simply some code of the core analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode. llvm-svn: 78270
* Refactor 'PostStmt' and 'PreStmt' to subclass a common parent 'StmtPoint'.Ted Kremenek2009-07-221-2/+2
| | | | | | | | | | | | Educate GRExprEngine::VisitGraph() about 'PreStmt'. Mark the constructor of 'PostStmt' to be explicit, preventing implicit conversions and the selection of the wrong 'generateNode' method in GRStmtNodeBuilder. Constify a bunch of arguments, which falls out of the changes to ProgramPoint. llvm-svn: 76809
* Add support for 'PreStmt' program points to GRCoreEngine and GRStmtNodeBuilder.Ted Kremenek2009-07-221-2/+5
| | | | llvm-svn: 76792
* Enhance GRBranchNodeBuilderImpl (part of GRCoreEngine) to understand the caseTed Kremenek2009-07-201-3/+10
| | | | | | | | where the true or false CFGBlock* for a branch could be NULL. This will handle the case where we can determine during CFG construction that a branch is infeasible. llvm-svn: 76450
* Delete extra whitespaces.Zhongxing Xu2009-07-151-1/+1
| | | | llvm-svn: 75761
* More hacking on autorelease errors. We now can emit basic errors (disabled forTed Kremenek2009-05-091-1/+0
| | | | | | now until ready). llvm-svn: 71303
* Make BlockEntrace program points taggable.Ted Kremenek2009-05-081-6/+7
| | | | llvm-svn: 71280
* analyzer: Add ProgramPoint 'PostLValue' just to distinguish (forTed Kremenek2009-05-071-0/+3
| | | | | | | analysis introspection) when we computed an lvalue. This shouldn't effect the current analysis results in any way. llvm-svn: 71169
* Add a new BFS GRWorkList and make it the default worklist model forTed Kremenek2009-05-011-1/+23
| | | | | | GRCoreEngine. This tends to result in shorter paths for pathological cases. llvm-svn: 70585
* Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"Ted Kremenek2009-04-111-12/+14
| | | | | | | | | ProgramPoints all the way through to GRCoreEngine. NSString.m now fails with RegionStoreManager because of the void** cast. Disabling use of region store for that test for now. llvm-svn: 68845
* Added a new method to GRStmtNodeBuilder to build nodes using an arbitraryTed Kremenek2009-02-191-4/+7
| | | | | | | PostStmt program point. This allows clients to pass in PostStmtCustom program points. llvm-svn: 65080
* Add new GRWorkList class that uses two queues:Ted Kremenek2008-12-161-5/+63
| | | | | | | | - one queue (FIFO) to queue up nodes at block entrances - another queue (LIFO) to queue up other nodes - The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks. llvm-svn: 61106
* Add (preliminary) transfer function support for ObjCForCollectionStmt. ↵Ted Kremenek2008-11-121-3/+18
| | | | | | | | Still need to flesh out some logic. When processing DeclStmt, use the new interface to StateManager::BindDecl. Conjuring of symbols is now done in VisitDeclStmt. llvm-svn: 59155
* Fixed an elusive caching bug in ExplodedGraph construction when a ↵Ted Kremenek2008-10-171-0/+3
| | | | | | PostStmtKind was used instead of a PostStoreKind. llvm-svn: 57719
* ProgramPoint now takes the space of two pointers instead of one. This change wasTed Kremenek2008-09-161-12/+8
| | | | | | | | | motivated because it became clear that the number of subclasses of ProgramPoint would expand and we ran out of bits to represent a pointer variant. As a plus of this change, BlockEdge program points can now be represented explicitly without using a cache of CFGBlock* pairs in CFG. llvm-svn: 56245
* Remove default value for 'Pred' argument to GRCoreEngineImpl::GenerateNode().Ted Kremenek2008-08-261-1/+1
| | | | llvm-svn: 55392
* Fix memory leak found by Sam Bishop: delete WList in the dstor of ↵Ted Kremenek2008-08-131-0/+3
| | | | | | GRCoreEngineImpl. llvm-svn: 54714
* Refactored most of the "Store" piece of ValueState into a Store type. TheTed Kremenek2008-07-101-8/+10
| | | | | | | | | current store implementation is now encapsulated by BasicStore. These changes prompted some long due constification of ValueState. Much of the diffs in this patch include adding "const" qualifiers. llvm-svn: 53423
* Modified the dead stores checker to...Ted Kremenek2008-06-201-13/+0
| | | | | | | | | | | | | | | | | 1) Check if a dead store appears as a subexpression. For such cases, we emit a verbose diagnostic so that users aren't confused. This addresses: <rdar://problem/5968508> checker gives misleading report for dead store in loop 2) Don't emit a dead store warning when assigning a null value to a pointer. This is a common form of defensive programming. We may wish to make this an option to the the checker one day. This addresses the feature request in the following email: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html llvm-svn: 52555
* Added a new ProgramPoint: PostPurgeDeadSymbols. This new program point ↵Ted Kremenek2008-06-181-2/+20
| | | | | | distinguishes between the cases when we just evaluated the transfer function of a Stmt* (PostStmt) or performed a load (PostLoad). This solves a caching bug observed in a recent bug report. llvm-svn: 52443
* Major rewrite/refactoring of static analysis engine. We now useTed Kremenek2008-04-291-4/+7
| | | | | | | | | | | | EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us to do checks for null dereferences, etc., at any arbitrary load/store (these were missed checks before). This also resulted in some major cleanups, some conceptual, and others just in the structure of the code. This temporarily introduces a regression in the test suite (null-deref-ps.c) before I add a new LVal type for structure fields. llvm-svn: 50443
* Fixed more caching bugs related to the one fixed in r49914. SilenceTed Kremenek2008-04-181-3/+1
| | | | | | compiler warning introduced by a recent patch of mine. llvm-svn: 49917
* Fixed bug in GREndPathNodeBuilder: only return a node if it wasn't in the ↵Ted Kremenek2008-04-181-1/+2
| | | | | | node cache. llvm-svn: 49907
* Bug fix in GREndPathNodeBuilderImpl: Use the specified state to constructTed Kremenek2008-04-161-1/+1
| | | | | | a node, not the state of the predecessor. llvm-svn: 49823
* Added "GREndPathNodeBuilder", a new node builder that will be used forTed Kremenek2008-04-111-9/+27
| | | | | | evaluating transfer functions at the end-of-path. llvm-svn: 49561
* Make a major restructuring of the clang tree: introduce a top-levelChris Lattner2008-03-151-0/+444
lib dir and move all the libraries into it. This follows the main llvm tree, and allows the libraries to be built in parallel. The top level now enforces that all the libs are built before Driver, but we don't care what order the libs are built in. This speeds up parallel builds, particularly incremental ones. llvm-svn: 48402
OpenPOWER on IntegriCloud