| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
old logic to determine the value of a switch 'case' label.
llvm-svn: 62395
|
| |
|
|
|
|
| |
Stmt::printPretty() for the StringLiteral.
llvm-svn: 62340
|
| |
|
|
|
|
| |
typedefs.
llvm-svn: 62331
|
| |
|
|
|
|
| |
"logical" location, refer to the "instantiation" location.
llvm-svn: 62316
|
| |
|
|
|
|
|
| |
the "physical" location of tokens, refer to the "spelling" location.
This is more concrete and useful, tokens aren't really physical objects!
llvm-svn: 62309
|
| |
|
|
|
|
| |
and uninitialized use options.
llvm-svn: 62270
|
| |
|
|
| |
llvm-svn: 62142
|
| |
|
|
|
|
|
|
| |
- put the killed region in the kill set.
- set its default value to unknown.
- removes all bindings for its subregions.
llvm-svn: 62138
|
| |
|
|
| |
llvm-svn: 62130
|
| |
|
|
|
|
| |
return 'unknown' on most cases.
llvm-svn: 62129
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Refactor a bunch of logic in the retain/release checker, making it more
condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework
retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.
llvm-svn: 62106
|
| |
|
|
|
|
| |
escape hatch for 'unused variable' warnings).
llvm-svn: 62010
|
| |
|
|
| |
llvm-svn: 61924
|
| |
|
|
|
|
| |
StoreManager::GetRegionSVal.
llvm-svn: 61894
|
| |
|
|
|
|
| |
functionality change.
llvm-svn: 61888
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).
Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:
1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.
2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).
llvm-svn: 61837
|
| |
|
|
|
|
| |
regions. This silences a warning when compiling Release-Asserts builds.
llvm-svn: 61818
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
information for declarations that were referenced via a qualified-id,
e.g., N::C::value. We keep track of the location of the start of the
nested-name-specifier. Note that the difference between
QualifiedDeclRefExpr and DeclRefExpr does have an effect on the
semantics of function calls in two ways:
1) The use of a qualified-id instead of an unqualified-id suppresses
argument-dependent lookup
2) If the name refers to a virtual function, the qualified-id
version will call the function determined statically while the
unqualified-id version will call the function determined dynamically
(by looking up the appropriate function in the vtable).
Neither of these features is implemented yet, but we do print out
qualified names for QualifiedDeclRefExprs as part of the AST printing.
llvm-svn: 61789
|
| |
|
|
| |
llvm-svn: 61419
|
| |
|
|
|
|
| |
struct.
llvm-svn: 61418
|
| |
|
|
|
|
| |
identify GDM entries.
llvm-svn: 61409
|
| |
|
|
| |
llvm-svn: 61333
|
| |
|
|
|
|
| |
us to measure the effect of this optimization.
llvm-svn: 61319
|
| |
|
|
| |
llvm-svn: 61304
|
| |
|
|
| |
llvm-svn: 61300
|
| |
|
|
| |
llvm-svn: 61299
|
| |
|
|
|
|
|
|
|
|
| |
which can refer to static data members, enumerators, and member
functions as well as to non-static data members.
Implement correct lvalue computation for member references in C++.
Compute the result type of non-static data members of reference type properly.
llvm-svn: 61294
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Now Bind() methods take and return GRState* because binding could
also alter GDM.
* No variables are initialized except those declared with initial
values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.
llvm-svn: 61274
|
| |
|
|
|
|
| |
statements with no default case.
llvm-svn: 61270
|
| |
|
|
|
|
| |
passed-by-reference to a function/method.
llvm-svn: 61224
|
| |
|
|
|
|
|
| |
- Fix regression reported in <rdar://problem/6452745>. After a null check, null references to resources should not have a retain count. This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.
llvm-svn: 61155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
had a regression in the "symbolication" of variable values passed-by-reference
to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
blasting through the layer of AnonTypedRegions when symbolicating the value of
the variable. This logic may get moved elsewhere. Note that this change
affects only -checker-cfref and not -checker-simple; eventually this logic
should get pulled out of CFRefCount.cpp into a more common place. All users
use -checker-cfref by default, and -checker-simple should probably just be
removed.
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
a test case for this regression.
llvm-svn: 61147
|
| |
|
|
| |
llvm-svn: 61146
|
| |
|
|
|
|
|
|
| |
- one queue (FIFO) to queue up nodes at block entrances
- another queue (LIFO) to queue up other nodes
- The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks.
llvm-svn: 61106
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Added four new ProgramPoint types that subclass PostStmt for use in
GRExprEngine::EvalLocation:
- PostOutOfBoundsCheckFailed
- PostUndefLocationCheckFailed
- PostNullCheckFailed
- PostLocationChecksSucceed
These were created because of a horribly subtle caching bug in EvalLocation
where a node representing an "bug condition" in EvalLocation (e.g. a null
dereference) could be re-used as the "non-bug condition" because the Store did
not contain any information to differentiate between the two. The extra
program points just disables any accidental caching between EvalLocation and
its callers.
GRExprEngine:
- EvalLocation now returns a NodeTy* instead of GRState*. This should be used as the "vetted" predecessor for EvalLoad/EvalStore.
llvm-svn: 61105
|
| |
|
|
| |
llvm-svn: 61069
|
| |
|
|
| |
llvm-svn: 61039
|
| |
|
|
|
|
| |
'pointer to array'.
llvm-svn: 61003
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
llvm-svn: 60995
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
llvm-svn: 60990
|
| |
|
|
| |
llvm-svn: 60897
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and separates lexical name lookup from qualified name lookup. In
particular:
* Make DeclContext the central data structure for storing and
looking up declarations within existing declarations, e.g., members
of structs/unions/classes, enumerators in C++0x enums, members of
C++ namespaces, and (later) members of Objective-C
interfaces/implementations. DeclContext uses a lazily-constructed
data structure optimized for fast lookup (array for small contexts,
hash table for larger contexts).
* Implement C++ qualified name lookup in terms of lookup into
DeclContext.
* Implement C++ unqualified name lookup in terms of
qualified+unqualified name lookup (since unqualified lookup is not
purely lexical in C++!)
* Limit the use of the chains of declarations stored in
IdentifierInfo to those names declared lexically.
* Eliminate CXXFieldDecl, collapsing its behavior into
FieldDecl. (FieldDecl is now a ScopedDecl).
* Make RecordDecl into a DeclContext and eliminates its
Members/NumMembers fields (since one can just iterate through the
DeclContext to get the fields).
llvm-svn: 60878
|
| |
|
|
| |
llvm-svn: 60870
|
| |
|
|
|
|
| |
to them.
llvm-svn: 60868
|
| |
|
|
|
|
| |
layer an AnonTypedRegion on top of it.
llvm-svn: 60808
|
| |
|
|
|
|
| |
BasicStoreManager::getLValueField() (i.e., don't just return the 'base' as the SVal)
llvm-svn: 60795
|
| |
|
|
|
|
| |
is a temporary solution.
llvm-svn: 60789
|
| |
|
|
| |
llvm-svn: 60758
|
| |
|
|
| |
llvm-svn: 60734
|
| |
|
|
|
|
| |
that functioned as the size of a VLA to be live.
llvm-svn: 60730
|
