summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/GRExprEngine.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Process cast according to the cast kind. Prepare for more specific cast Zhongxing Xu2010-01-221-17/+47
| | | | | | handling (for C++). No functionality change for now. llvm-svn: 94153
* Fix a serious bug: Tmp3 is the wrong destination set. We should create a newZhongxing Xu2010-01-191-6/+6
| | | | | | intermediate destination set Tmp4. llvm-svn: 93873
* Roll out ASTContext::getTypeSizeInChars(), replacing instances ofKen Dyck2010-01-111-5/+7
| | | | | | | | | | "ASTContext::getTypeSize() / 8". Replace [u]int64_t variables with CharUnits ones as appropriate. Also rename RawType, fromRaw(), and getRaw() in CharUnits to QuantityType, fromQuantity(), and getQuantity() for clarity. llvm-svn: 93153
* Fix overzealous assertion in GRExprEngine::VisitLValue(). ATed Kremenek2010-01-091-7/+25
| | | | | | | | | CallExpr/ObjCMessageExpr can be visited in an "lvalue" context if it returns a struct temporary. Currently the analyzer doesn't reason about struct temporary returned by function calls, but we shouldn't crash here either. llvm-svn: 93081
* When binding an rvalue to a reference, create a temporary object. Use Zhongxing Xu2010-01-091-0/+25
| | | | | | | | CXXObjectRegion to represent it. In Environment, lookup a literal expression before make up a value for it. llvm-svn: 93047
* Fix handling in GRExprEngine of 'default' branch in switch statementsTed Kremenek2010-01-081-5/+12
| | | | | | | | | when the default case is winnowed down to be infeasible. When all cases were ruled out (and the analysis state for the default case would be infeasible) we would still consider the default case possible. This fixes PR 5969. llvm-svn: 93017
* Make static analysis support for C++ 'this' expression context-sensitive. ↵Ted Kremenek2010-01-051-2/+7
| | | | | | Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it. llvm-svn: 92675
* Remove references to 'Checker' and 'GRTransferFuncs' fromTed Kremenek2010-01-051-11/+27
| | | | | | | | | | | | GRStateManager. Having these references was an abstraction violation, as they really should only be known about GRExprEngine. This change required adding a new 'ProcessAssume' callback in GRSubEngine. GRExprEngine implements this callback by calling 'EvalAssume' on all registered Checker objects as well as the registered GRTransferFunc object. llvm-svn: 92549
* Let constraint manager inform checkers that some assumption logic has happend.Zhongxing Xu2009-12-311-1/+2
| | | | | | | | | Add new states for symbolic regions tracked by malloc checker. This enables us to do malloc checking more accurately. See test case. Based on Lei Zhang's patch and discussion. llvm-svn: 92342
* Remove some dead variables clang-analyzer found.Benjamin Kramer2009-12-251-2/+0
| | | | llvm-svn: 92162
* Fix typo spotted by MSVC.Benjamin Kramer2009-12-251-2/+2
| | | | | | GRExprEngine.cpp(1348) : warning C4305: 'argument' : truncation from 'clang::ProgramPoint::Kind' to 'bool' llvm-svn: 92154
* Teach GRExprEngine to handle the initialization of the condition variable of ↵Ted Kremenek2009-12-241-0/+6
| | | | | | a ForStmt. llvm-svn: 92114
* Teach GRExprEngine to handle the initialization of the condition variable of ↵Ted Kremenek2009-12-241-0/+6
| | | | | | a WhileStmt. llvm-svn: 92106
* Teach GRExprEngine to handle the initialization of the condition variable of ↵Ted Kremenek2009-12-241-7/+11
| | | | | | a SwitchStmt. llvm-svn: 92102
* Add CFG support for the condition variable that can appear in IfStmts in C++ ↵Ted Kremenek2009-12-231-0/+37
| | | | | | | | mode. Add transfer function support in GRExprEngine for IfStmts with initialized condition variables. llvm-svn: 91987
* Add stack trace pretty printing in GRExprEngine::VisitLValue().Ted Kremenek2009-12-231-0/+4
| | | | llvm-svn: 91985
* Teach GRExprEngine::VisitLValue to ignore CXXExprWithTempories (for now).Ted Kremenek2009-12-231-0/+1
| | | | llvm-svn: 91982
* Teach GRExprEngine::VisitLValue that we don't handle CXXZeroInitValueExprs yet.Ted Kremenek2009-12-231-1/+2
| | | | llvm-svn: 91970
* Also treat the type of the subexpression as a pointer in ↵Ted Kremenek2009-12-231-0/+1
| | | | | | GRExprEngine::VisitCast when the expression is handled as an lvalue. llvm-svn: 91969
* Add basic support for analyzing CastExprs as lvalues.Ted Kremenek2009-12-231-3/+27
| | | | llvm-svn: 91952
* Add transfer functions support for visiting an Objective-C message ↵Ted Kremenek2009-12-221-38/+73
| | | | | | expression as an lvalue when the return type is a C++ reference. llvm-svn: 91926
* Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. ↵Ted Kremenek2009-12-181-5/+52
| | | | | | Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer. llvm-svn: 91710
* Tweak formatting and comments.Ted Kremenek2009-12-171-6/+4
| | | | llvm-svn: 91615
* Convert GRExprEngine::VisitCallExpr() to use a worklist instead of recursion ↵Ted Kremenek2009-12-171-45/+64
| | | | | | to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments) llvm-svn: 91613
* Reduce nesting by using early exits. No functionality change.Ted Kremenek2009-12-171-35/+46
| | | | llvm-svn: 91610
* Sort switch statement. No functionality change.Ted Kremenek2009-12-171-15/+15
| | | | llvm-svn: 91591
* Fix check in GRExprEngine for the 'main' function to handle NULL ↵Ted Kremenek2009-12-171-16/+17
| | | | | | IdentifierInfo*'s. llvm-svn: 91577
* Add a new kind of region: CXXObjectRegion. Currently it has only one Zhongxing Xu2009-12-161-15/+30
| | | | | | | | attribute: the object type. Add initial support for visiting CXXThisExpr. Fix a bunch of 80-col violations. llvm-svn: 91535
* Add (initial?) static analyzer support for handling C++ references.Ted Kremenek2009-12-161-16/+63
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was a lot bigger than I originally anticipated; among other things it requires us storing more information in the CFG to record what block-level expressions need to be evaluated as lvalues. The big change is that CFGBlocks no longer contain Stmt*'s by CFGElements. Currently CFGElements just wrap Stmt*, but they also store a bit indicating whether the block-level expression should be evalauted as an lvalue. DeclStmts involving the initialization of a reference require us treating the initialization expression as an lvalue, even though that information isn't recorded in the AST. Conceptually this change isn't that complicated, but it required bubbling up the data through the CFGBuilder, to GRCoreEngine, and eventually to GRExprEngine. The addition of CFGElement is also useful for when we want to handle more control-flow constructs or other data we want to keep in the CFG that isn't represented well with just a block of statements. In GRExprEngine, this patch introduces logic for evaluating the lvalues of references, which currently retrieves the internal "pointer value" that the reference represents. EvalLoad does a two stage load to catch null dereferences involving an invalid reference (although this could possibly be caught earlier during the initialization of a reference). Symbols are currently symbolicated using the reference type, instead of a pointer type, and special handling is required creating ElementRegions that layer on SymbolicRegions (see the changes to RegionStoreManager). Along the way, the DeadStoresChecker also silences warnings involving dead stores to references. This was the original change I introduced (which I wrote test cases for) that I realized caused GRExprEngine to crash. llvm-svn: 91501
* Start the ball rolling on C++ support in the static analyzer. ForTed Kremenek2009-12-151-0/+35
| | | | | | | | now, don't construct CFGs that contain C++ try/catch statements, and have GRExprEngine abort a path if it encounters a C++ construct it doesn't understand (which is mostly everything at this point). llvm-svn: 91389
* Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on ↵Ted Kremenek2009-12-141-2/+3
| | | | | | captured block variables that are passed by reference llvm-svn: 91348
* Use insert to avoid destroying existing nodes.Zhongxing Xu2009-12-141-1/+1
| | | | llvm-svn: 91258
* Refactor OSAtomic evaluation logic into OSAtomicChecker.Zhongxing Xu2009-12-091-150/+2
| | | | llvm-svn: 90968
* Use a temporary destination set such that we can clear fake auto transitions.Zhongxing Xu2009-12-091-3/+24
| | | | | | | | Otherwise, even when real evaluation occurs, the previous fake auto transitions would still be in the destination set, causing fake state bifurcation. llvm-svn: 90967
* OSAtomic simulation: use the original region as the location to load from,Zhongxing Xu2009-12-091-2/+5
| | | | | | | | instead of the ElementRegion obtained from casts. Test cast: the leak cannot occur bacause the true branch cannot be taken. llvm-svn: 90964
* remove dead code.Zhongxing Xu2009-12-091-41/+0
| | | | llvm-svn: 90953
* Insert instead of assign to the dest node set, since we use the dest node setZhongxing Xu2009-12-091-1/+1
| | | | | | repeatedly. llvm-svn: 90952
* Fix a horrid bug in GRExprEngine::CheckerVisit() that was identifiedTed Kremenek2009-12-091-41/+58
| | | | | | | | | by the test case in PR 5627. Essentially we shouldn't clear the ExplodedNodeSet where we deposit newly constructed nodes if that set is the 'Dst' set passed in. It is not okay to clear that set because it may already contain nodes. llvm-svn: 90931
* Refactor builtin function evaluation into a checker.Zhongxing Xu2009-12-081-8/+1
| | | | llvm-svn: 90847
* Add analysis support for blocks. This includes a few key changes:Ted Kremenek2009-12-071-5/+27
| | | | | | | | | | | | | | | | | - Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters. - VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference) - Add transfer function support to GRExprEngine for BlockDeclRefExprs. This change also supports analyzing blocks as an analysis entry point (top-of-the-stack), which required pushing more context-sensitivity around in the MemRegion hierarchy via the use of LocationContext objects. Functionally almost everything is the same, except we track LocationContexts in a few more areas and StackSpaceRegions now refer to a StackFrameContext object. In the future we will need to modify MemRegionManager to allow multiple StackSpaceRegions in flight at once (for the analysis of multiple stack frames). llvm-svn: 90809
* Add EvalCallExpr interface to checker, and migrate the no-return functionZhongxing Xu2009-12-071-59/+53
| | | | | | | | | handler to this interface. GRExprEngine::CheckerEvalCall() will return true if one of the checkers has processed the node. In the future this might return void when we have some default checker. llvm-svn: 90755
* Hard bifurcate the state into nil receiver and non-nil receiver, so thatZhongxing Xu2009-12-021-40/+58
| | | | | | | | | | | we don't need to use the DoneEvaluation hack when check for ObjCMessageExpr. PreVisitObjCMessageExpr() only checks for undefined receiver or arguments. Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface. llvm-svn: 90296
* Eliminate another VISIBILITY_HIDDENDouglas Gregor2009-11-301-4/+1
| | | | llvm-svn: 90139
* Adapt to the DOTGraphTraits changes in LLVM.Tobias Grosser2009-11-301-1/+4
| | | | llvm-svn: 90137
* lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespaceKovarththanan Rajaratnam2009-11-281-2/+4
| | | | llvm-svn: 90028
* Refine MemRegions for blocks. Add a new region calledTed Kremenek2009-11-251-1/+3
| | | | | | | | | | | 'BlockDataRegion' to distinguish between the code associated with a block (which is represented by 'BlockTextRegion') and an instance of a block, which includes both code and data. 'BlockDataRegion' has an associated LocationContext, which can be used to eventually model the lifetime of a block object once LocationContexts can represent scopes (and iterations around a loop, etc.). llvm-svn: 89900
* Add post-visit Checker support in GRExprEngine for BlockExpr.Ted Kremenek2009-11-251-1/+7
| | | | llvm-svn: 89890
* Make RegisterInternalChecks() part of GRExprEngine's private implementation ↵Ted Kremenek2009-11-251-30/+32
| | | | | | by making it a static function within GRExprEngine.cpp. llvm-svn: 89884
* Register internal checks with GRExprEngine when it is constructed, not ↵Ted Kremenek2009-11-251-1/+5
| | | | | | manually in AnalysisConsumer.cpp. llvm-svn: 89883
* When dispatching to Checker objects in GRExprEngine::CheckerVisit(),Ted Kremenek2009-11-251-4/+12
| | | | | | | | | only stop processing the checkers after all the nodes for a current check have been processed. This (I believe) handles the case where PredSet (the input nodes) contains more than one node due to state bifurcation. Zhongxing: can you review this? llvm-svn: 89882
OpenPOWER on IntegriCloud