summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* Get rid of "smart" quotes. Per report on cfe-dev.Eli Friedman2009-08-051-1/+1
| | | | llvm-svn: 78230
* Use feedback from RegionStoreSubRegionMap::add() to prune off adding a superTed Kremenek2009-08-051-7/+11
| | | | | | region to the worklist used to create the subregion map. llvm-svn: 78228
* Fix a bug in RegionStoreSubRegionManager::add() where multiple subregions ↵Ted Kremenek2009-08-051-2/+4
| | | | | | wouldn't correctly get registered in the SubRegion map. llvm-svn: 78162
* If the UnaryOperator has non-location type, use its type to create theZhongxing Xu2009-08-051-2/+11
| | | | | | | | | constant value. If the UnaryOperator has location type, create the constant with int type and pointer width. This fixes the bug that all pointer increments 'p++' evaluated to Unknown. llvm-svn: 78147
* Handle disgusting corner case where a byte is loaded from the address of a ↵Ted Kremenek2009-08-031-1/+3
| | | | | | function. llvm-svn: 78000
* add a bunch of routine methods to AnalysisContext.Zhongxing Xu2009-08-031-0/+50
| | | | llvm-svn: 77961
* Remove RegionViews and RegionCasts. These are no longer used.Ted Kremenek2009-08-021-135/+4
| | | | llvm-svn: 77876
* RegionStoreManager::RemoveDeadBindings() now removes dead 'default' bindings ↵Ted Kremenek2009-08-021-2/+32
| | | | | | as well. llvm-svn: 77875
* Generalize the interface of 'StoreManager::RemoveDeadBindings()' to ↵Ted Kremenek2009-08-023-21/+20
| | | | | | manipulate the entire GRState, not just the Store. llvm-svn: 77870
* Fix regression in StoreManager::CastRegion() to always treat casts toTed Kremenek2009-08-021-3/+7
| | | | | | 'void*' (or 'const void*') as an identity transformation. llvm-svn: 77860
* This is a fairly large patch, which resulted from a cascade of changesTed Kremenek2009-08-015-203/+437
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | made to RegionStore (and related classes) in order to handle some analyzer failures involving casts and manipulation of symbolic memory. The root of the change is in StoreManager::CastRegion(). Instead of using ad hoc heuristics to decide when to layer an ElementRegion on a casted MemRegion, we now always layer an ElementRegion when the cast type is different than the original type of the region. This carries the current cast information associated with a region around without resorting to the error prone recording of "casted types" in GRState. Along with this new policy of layering ElementRegions, I added a new algorithm to strip away existing ElementRegions when they simply represented casts of a base memory object. This algorithm computes the raw "byte offset" that an ElementRegion represents from the base region, and allows the new ElementRegion to be based off that offset. The added benefit is that this naturally handles a series of casts of a MemRegion without building up a set of redundant ElementRegions (thus canonicalizing the region view). Other related changes that cascaded from this one (as tests were failing in RegionStore): - Revamped RegionStoreManager::InvalidateRegion() to completely remove all bindings and default values from a region and all subregions. Now invalidated fields are not bound directly to new symbolic values; instead the base region has a "default" symbol value from which "derived symbols" can be created. The main advantage of this approach is that it allows us to invalidate a region hierarchy and then lazily instantiate new values no matter how deep the hierarchy went (i.e., regardless of the number of field accesses, e.g. x->f->y->z->...). The previous approach did not do this. - Slightly reworked RegionStoreManager::RemoveDeadBindings() to also incorporate live symbols and live regions that do not have direct bindings but also have "default values" used for lazy instantiation. The changes to 'InvalidateRegion' revealed that these were necessary in order to achieve lazy instantiation of values in the region store with those bindings being removed too early. - The changes to InvalidateRegion() and RemoveDeadBindings() revealed a serious bug in 'getSubRegionMap()' where not all region -> subregion relationships involved in actually bindings (explicit and implicit) were being recorded. This has been fixed by using a worklist algorithm to iteratively fill in the region map. - Added special support to RegionStoreManager::Bind()/Retrieve() to handle OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the layering of ElementRegions. - Fixed a bug in SymbolReaper::isLive() where derived symbols were not being marked live if the symbol they were derived from was also live. This fix was critical for getting lazy instantiation in RegionStore to work. - Tidied up the implementation of ValueManager::getXXXSymbolVal() methods to use SymbolManager::canSymbolicate() to decide whether or not a symbol should be symbolicated. - 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been moved to 'test/Analysis/misc-ps.m'. - Tweaked some pretty-printing of MemRegions, and implemented 'ElementRegion::getRawOffset()' for use with the CastRegion changes. llvm-svn: 77782
* Temporarily disable out-of-bounds checking. The current checking logic will ↵Ted Kremenek2009-08-011-1/+6
| | | | | | not work quite right with the changes I'm about to commit. llvm-svn: 77779
* Fix build warnings.Mike Stump2009-07-311-1/+2
| | | | llvm-svn: 77651
* fix cmake buildBenjamin Kramer2009-07-301-0/+1
| | | | llvm-svn: 77589
* Make AnalysisManager into its own source file and a pure data management class. Zhongxing Xu2009-07-301-0/+36
| | | | | | Move all components creation code into AnalysisConsumer::DigestAnalyzerOptions(). llvm-svn: 77585
* Update CMakeLists.txtDaniel Dunbar2009-07-301-0/+1
| | | | llvm-svn: 77577
* This patch collects all analysis context data into a new class Zhongxing Xu2009-07-301-0/+73
| | | | | | AnalysisContext. llvm-svn: 77563
* Change uses of:Ted Kremenek2009-07-296-21/+21
| | | | | | | | | | | | | | | | | | | | Type::getAsReferenceType() -> Type::getAs<ReferenceType>() Type::getAsRecordType() -> Type::getAs<RecordType>() Type::getAsPointerType() -> Type::getAs<PointerType>() Type::getAsBlockPointerType() -> Type::getAs<BlockPointerType>() Type::getAsLValueReferenceType() -> Type::getAs<LValueReferenceType>() Type::getAsRValueReferenceType() -> Type::getAs<RValueReferenceType>() Type::getAsMemberPointerType() -> Type::getAs<MemberPointerType>() Type::getAsReferenceType() -> Type::getAs<ReferenceType>() Type::getAsTagType() -> Type::getAs<TagType>() And remove Type::getAsReferenceType(), etc. This change is similar to one I made a couple weeks ago, but that was partly reverted pending some additional design discussion. With Doug's pending smart pointer changes for Types, it seemed natural to take this approach. llvm-svn: 77510
* Remove 'StoreManager::OldCastRegion()', TypedViewRegion (which onlyTed Kremenek2009-07-296-157/+11
| | | | | | | OldCastRegion used), and the associated command line option '-analyzer-store=old-basic-cast'. llvm-svn: 77509
* Remove some uses of TypedViewRegion, and use getBaseRegion() in a context whereTed Kremenek2009-07-292-9/+6
| | | | | | we don't care about ElementRegions layered on top of a base region. llvm-svn: 77484
* Make StoreManager::InvalidateRegion() virtual, move the current implementationTed Kremenek2009-07-293-93/+128
| | | | | | | | | | in StoreManager to RegionStoreManager, and create a special, highly reduced version in BasicStoreManager. These changes are in preparation for future RegionStore-specific changes to InvalidateRegion. llvm-svn: 77483
* Add 'MemRegion::getBaseRegion()', a utility method to strip ElementRegions withTed Kremenek2009-07-292-2/+26
| | | | | | index 0. This will be used for refinements to InvalidateRegion and CastRegion. llvm-svn: 77481
* canSymbolicate() should only return true for integer types that are scalars.Ted Kremenek2009-07-291-1/+1
| | | | llvm-svn: 77479
* add a fixmeZhongxing Xu2009-07-291-2/+4
| | | | llvm-svn: 77447
* Fix PR 4631. The compound initializers of unions were not being evaluated, whichTed Kremenek2009-07-281-8/+2
| | | | | | | | | could cause false positives if any the subexpressions had side-effects. These initializers weren't evaluated because the StoreManager would need to handle them, but that's an orthogonal problem of whether or not the StoreManager can handle the binding. llvm-svn: 77361
* Fix regression in attribute 'nonnull' checking when a transition nodeTed Kremenek2009-07-281-1/+1
| | | | | | was created but not added to the destination NodeSet. This fixes PR 4630. llvm-svn: 77353
* Fix helper function GetNextStmt() to look for the first statement that has aTed Kremenek2009-07-281-0/+5
| | | | | | valid SourceLocation. llvm-svn: 77280
* Add noreturn as a type attribute, handle printing for them and handleMike Stump2009-07-251-16/+20
| | | | | | calls to noreturn function pointers when CFG building. llvm-svn: 77089
* Update for LLVM API change.Owen Anderson2009-07-241-1/+1
| | | | llvm-svn: 77012
* In the "use of floating point variable as loop counter" check, checkTed Kremenek2009-07-241-5/+7
| | | | | | if the DeclRefExpr is a float, not just either argument. llvm-svn: 76998
* Add doxygen comments and simplify expression.Ted Kremenek2009-07-241-1/+6
| | | | llvm-svn: 76955
* Introduce a new variant type 'TryResult' to represent the result ofTed Kremenek2009-07-241-106/+61
| | | | | | | | | | | TryEvaluateBool instead of using a raw 'int'. This avoids any confusion of how 'int' converts to bool, and makes the resultant code easier to read. Condense a bunch of 'addSuccessor()' calls in 'if ... else' to use the ternary operator instead. llvm-svn: 76947
* Add getDecl() to CallGraph and CallGraphNode.Zhongxing Xu2009-07-241-0/+7
| | | | llvm-svn: 76940
* Mark destructor of Checker virtual.Ted Kremenek2009-07-241-0/+1
| | | | llvm-svn: 76924
* Refactor and push the evaluation as late as possible.Mike Stump2009-07-231-105/+54
| | | | llvm-svn: 76911
* Implement: <rdar://problem/6335715> rule request: gets() buffer overflowTed Kremenek2009-07-231-2/+64
| | | | llvm-svn: 76905
* Add comments.Ted Kremenek2009-07-231-0/+2
| | | | llvm-svn: 76901
* Refine checking and diagnostics for use of floating point variable as a counter.Ted Kremenek2009-07-231-57/+104
| | | | | | | This implements <rdar://problem/6336718> and checks for CERT secure coding advisory FLP30-C. llvm-svn: 76900
* Add two nodes to the call graph:Zhongxing Xu2009-07-231-0/+12
| | | | | | | - Root is the main function or 0. - ExternalCallingNode has edges to all external functions. llvm-svn: 76876
* Add template specializations to view the call graph in dot format.Zhongxing Xu2009-07-231-0/+21
| | | | | | | - change the DenseMap used in callgraph to std::map, since DenseMap cannot be used with mapped_iterator and friends. llvm-svn: 76874
* Revert r76831, there are many Analyzer test failures on multiple platforms.Daniel Dunbar2009-07-231-16/+3
| | | | | | | | --- Reverse-merging r76831 into '.': U include/clang/Analysis/PathSensitive/GRExprEngine.h U lib/Analysis/GRExprEngine.cpp llvm-svn: 76851
* Add initial implementation of checking for uses of floating point as a loop ↵Ted Kremenek2009-07-232-0/+123
| | | | | | counter. llvm-svn: 76833
* Add 'previsit' Checker pass for ObjCMessageExprs.Ted Kremenek2009-07-231-3/+16
| | | | llvm-svn: 76831
* Improve CFG support for C++ throw expressions.Mike Stump2009-07-221-0/+21
| | | | llvm-svn: 76814
* Refactor 'PostStmt' and 'PreStmt' to subclass a common parent 'StmtPoint'.Ted Kremenek2009-07-228-67/+73
| | | | | | | | | | | | Educate GRExprEngine::VisitGraph() about 'PreStmt'. Mark the constructor of 'PostStmt' to be explicit, preventing implicit conversions and the selection of the wrong 'generateNode' method in GRStmtNodeBuilder. Constify a bunch of arguments, which falls out of the changes to ProgramPoint. llvm-svn: 76809
* Migrate the path-sensitive checking of 'nonnull' arguments over to the newTed Kremenek2009-07-221-31/+63
| | | | | | | | | 'Checker' interface. An updated test case illustrates that after calling a function with the 'nonnull' attribute we now register the fact that the passed pointer must be non-null. This retention of information was not possible with the previously used GRSimpleAPICheck interface. llvm-svn: 76797
* Make 'SaveAndRestore' and friends reusable classes in libAnalysis.Ted Kremenek2009-07-221-12/+1
| | | | llvm-svn: 76795
* Add support for registering 'Checker' objects with GRExprEngine.Ted Kremenek2009-07-221-5/+48
| | | | | | Add a 'previsit' stage (that dispatches to registered Checkers) when evaluating the effects of CallExprs. llvm-svn: 76794
* Add support for 'PreStmt' program points to GRCoreEngine and GRStmtNodeBuilder.Ted Kremenek2009-07-221-2/+5
| | | | llvm-svn: 76792
* Move bug reporter "visitors" to their own file and make them part of the publicTed Kremenek2009-07-223-326/+343
| | | | | | BugReporter API. No real functionality change. llvm-svn: 76760
OpenPOWER on IntegriCloud