summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
...
* Enhance null dereference diagnostics by indicating what variable (if any) ↵Ted Kremenek2009-11-242-4/+27
| | | | | | was dereferenced. Addresses <rdar://problem/7039161>. llvm-svn: 89726
* After performing a bounds check in ArrayBoundChecker, record the fact that a ↵Ted Kremenek2009-11-231-0/+6
| | | | | | bounds check succeeded by transitioning the ExplodedGraph. llvm-svn: 89712
* Clean up the Checker API a little more, resolving some hidden bugsTed Kremenek2009-11-2319-49/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | along the way. Important changes: 1) To generate a sink node, use GenerateSink(); GenerateNode() is for generating regular transitions. This makes the API clearer and also allows us to use the 'bool' option to GenerateNode() for a different purpose. 2) GenerateNode() now automatically adds the generated node to the destination ExplodedNodeSet (autotransition) unless the client specifies otherwise with a bool flag. Several checkers did not call 'addTransition()' after calling 'GenerateNode()', causing the simulation path to be prematurely culled when a non-fail stop bug was encountered. 3) Add variants of GenerateNode()/GenerateSink() that take neither a Stmt* or a GRState*; most callers of GenerateNode() just pass in the same Stmt* as provided when the CheckerContext object is created; we can just use that the majority of the time. This cleanup also allows us to potentially coelesce the APIs for evaluating branches and end-of-paths (which currently directly use builders). 4) addTransition() no longer needs to be called except for a few cases. We now have a variant of addTransition() that takes a GRState*; this allows one to propagate the updated state without caring about generating a new node explicitly. This nicely cleaned up a bunch of cases that called autoTransition() with a bunch of conditional logic surround the call (that common logic has now been swallowed up by addTransition() itself). llvm-svn: 89707
* Provide out-of-line definition for destructor of Checker.Ted Kremenek2009-11-232-0/+19
| | | | llvm-svn: 89688
* Tweak UndefBranchChecker to register the most nested "undefined" expression ↵Ted Kremenek2009-11-231-3/+4
| | | | | | with bugreporter::registerTrackNullOrUndefValue instead of the condition itself. llvm-svn: 89682
* Cleanup title/description of "undefined branch" BugType and add some test ↵Ted Kremenek2009-11-231-2/+1
| | | | | | cases for this check. llvm-svn: 89679
* Fix CMake buildDouglas Gregor2009-11-231-0/+1
| | | | llvm-svn: 89650
* UndefBranchChecker: more bug reporter helper information emit.Zhongxing Xu2009-11-232-90/+54
| | | | llvm-svn: 89643
* Initial refactor of UndefBranchChecker. We still use GRBranchNodeBuilderZhongxing Xu2009-11-234-41/+99
| | | | | | in the checker directly. But I don't have a better approach for now. llvm-svn: 89640
* Change CheckDeadStores to use Expr::isNullPointerConstant, which will ↵Ted Kremenek2009-11-221-6/+5
| | | | | | | | correctly determine whether an expression is a null pointer constant. Patch by Kovarththanan Rajaratnam! llvm-svn: 89621
* Undefined compound assignment result is checked in ↵Zhongxing Xu2009-11-221-9/+0
| | | | | | UndefinedAssignmentChecker. So this check is redundant. llvm-svn: 89592
* Remove invalid comments. The result is undefined only when operands are ↵Zhongxing Xu2009-11-221-2/+0
| | | | | | undefined. llvm-svn: 89591
* Save and restore the HasGen flag in MallocChecker.Zhongxing Xu2009-11-221-0/+1
| | | | llvm-svn: 89590
* Don't include a dead header.Benjamin Kramer2009-11-221-1/+0
| | | | llvm-svn: 89587
* Remove UndefinedAssignmentChecker's header.Zhongxing Xu2009-11-223-3/+21
| | | | llvm-svn: 89585
* Make FixedAddressChecker and experimental check; it currently produces a ton ↵Ted Kremenek2009-11-212-1/+2
| | | | | | of false positives when analyzing some projects (e.g., Wine). llvm-svn: 89560
* Restructure DereferenceChecker slightly to handle caching out when we would ↵Ted Kremenek2009-11-211-19/+22
| | | | | | report a null dereference more than once. llvm-svn: 89526
* Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker ↵Ted Kremenek2009-11-216-237/+191
| | | | | | also handled undefined receivers in message expressions. llvm-svn: 89524
* More checker refactoring. Passing undefined values in a message expression ↵Ted Kremenek2009-11-213-65/+34
| | | | | | is now handled by UndefinedArgChecker. llvm-svn: 89519
* Fix typo GCC 4.3 warned about.Benjamin Kramer2009-11-201-1/+1
| | | | llvm-svn: 89453
* Add simple static analyzer checker to check for sending 'release', 'retain', ↵Ted Kremenek2009-11-201-0/+61
| | | | | | etc. directly to a class. Fixes <rdar://problem/7252064>. llvm-svn: 89449
* Unused ivar checker: ivars referenced by lexically nested functions should ↵Ted Kremenek2009-11-201-1/+32
| | | | | | not be flagged as unused. Fixes <rdar://problem/7254495>. llvm-svn: 89448
* Revert r89437 and add a comment.Zhongxing Xu2009-11-201-1/+2
| | | | llvm-svn: 89446
* It's unnecessary to check for unknown at this point.Zhongxing Xu2009-11-201-2/+1
| | | | llvm-svn: 89437
* Fix null dereference in NSAutoreleasePoolChecker when analyzing messages ↵Ted Kremenek2009-11-201-0/+3
| | | | | | sent to blocks. llvm-svn: 89413
* Fix crash when using --analyzer-store=region when handling initializers with ↵Ted Kremenek2009-11-191-11/+39
| | | | | | nested arrays/structs whose values are not explicitly specified. Fixes <rdar://problem/7403269>. llvm-svn: 89384
* Remove printf statement.Ted Kremenek2009-11-191-2/+0
| | | | llvm-svn: 89383
* Only fetch the ASTContext object within the assertion.Ted Kremenek2009-11-191-4/+2
| | | | llvm-svn: 89375
* Silence -Asserts warning.Daniel Dunbar2009-11-191-0/+1
| | | | llvm-svn: 89373
* Add PreVisitReturn to Malloc checker. Now we can recognize returned memoryZhongxing Xu2009-11-171-0/+26
| | | | | | block. llvm-svn: 89071
* Add EvalEndPath interface to Checker. Now we can check memory leaked at theZhongxing Xu2009-11-172-20/+57
| | | | | | end of the path. Need to unify interfaces. llvm-svn: 89063
* Clear the dest set.Zhongxing Xu2009-11-171-0/+1
| | | | llvm-svn: 89060
* First part of changes to eliminate problems with cv-qualifiers andDouglas Gregor2009-11-163-7/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sugared types. The basic problem is that our qualifier accessors (getQualifiers, getCVRQualifiers, isConstQualified, etc.) only look at the current QualType and not at any qualifiers that come from sugared types, meaning that we won't see these qualifiers through, e.g., typedefs: typedef const int CInt; typedef CInt Self; Self.isConstQualified() currently returns false! Various bugs (e.g., PR5383) have cropped up all over the front end due to such problems. I'm addressing this problem by splitting each qualifier accessor into two versions: - the "local" version only returns qualifiers on this particular QualType instance - the "normal" version that will eventually combine qualifiers from this QualType instance with the qualifiers on the canonical type to produce the full set of qualifiers. This commit adds the local versions and switches a few callers from the "normal" version (e.g., isConstQualified) over to the "local" version (e.g., isLocalConstQualified) when that is the right thing to do, e.g., because we're printing or serializing the qualifiers. Also, switch a bunch of Context.getCanonicalType(T1).getUnqualifiedType() == Context.getCanonicalType(T2).getQualifiedType() expressions over to Context.hasSameUnqualifiedType(T1, T2) llvm-svn: 88969
* * Do the same thing to the basicstore as in r84163.Zhongxing Xu2009-11-164-30/+30
| | | | | | | | | | * Add a load type to GRExprEngine::EvalLoad(). * When retrieve from 'theValue' of OSAtomic funcitions, use the type of the region instead of the argument expression as the load type. * Then we can convert CastRetrievedSVal to a pure assertion. In the future we can let all Retrieve() methods simply return SVal. llvm-svn: 88888
* Remove an unused parameter.Zhongxing Xu2009-11-161-3/+2
| | | | llvm-svn: 88882
* Change *BugReport constructors to take StringRefs.Benjamin Kramer2009-11-1417-26/+20
| | | | | | | | - Eliminates many calls to std::string.c_str() - Fixes an invalid read in ReturnStackAddressChecker due to an unsafe call to StringRef.data() which doesn't guarantee null-termination. llvm-svn: 88779
* Move definition of GRExprEngine::ProcessEndPath() out-of-line.Ted Kremenek2009-11-141-0/+7
| | | | llvm-svn: 88729
* Add clang-cc option "--analyzer-experimental-internal-checks". ThisTed Kremenek2009-11-132-8/+15
| | | | | | | option enables new "internal" checks that will eventually be turned on by default but still require broader testing. llvm-svn: 88671
* Malloc checker basically works now.Zhongxing Xu2009-11-131-2/+24
| | | | llvm-svn: 87094
* Hook up Malloc checker.Zhongxing Xu2009-11-133-0/+14
| | | | llvm-svn: 87093
* Check in a new interface of Checker, which will soon be used.Zhongxing Xu2009-11-131-1/+23
| | | | llvm-svn: 87092
* GRStateManager::CurrentStmt is not used. Remove it.Zhongxing Xu2009-11-131-4/+0
| | | | llvm-svn: 87091
* Pull static variable within function (for slightly faster startup time).Ted Kremenek2009-11-131-2/+4
| | | | llvm-svn: 87065
* retain/release checker: refactor some of the summary lookup logic for ↵Ted Kremenek2009-11-131-288/+293
| | | | | | instance method summaries. No real functionality change, but it paves the way for new enhancements. llvm-svn: 87062
* Add clang-cc option "-analyzer-experimental-checks" to enable experimental ↵Ted Kremenek2009-11-132-0/+24
| | | | | | path-sensitive checks. The idea is to separate "barely working" or "skunkworks" checks from ones that should always run. Later we need more fine-grain checker control. llvm-svn: 87053
* Fix MSVC build.Benjamin Kramer2009-11-121-1/+1
| | | | llvm-svn: 86983
* update CMakefileZhongxing Xu2009-11-121-0/+1
| | | | llvm-svn: 86979
* Add boilerplate logic for a malloc/free checker.Zhongxing Xu2009-11-121-0/+126
| | | | llvm-svn: 86978
* PthreadLockChecker doesn't need PreVisitCallExpr() yet. All the current ↵Ted Kremenek2009-11-121-20/+6
| | | | | | logic should be done in PostVisitCallExpr() llvm-svn: 86959
* Add most of the boilerplate logic for a simple pthread_mutux_lock() -> ↵Ted Kremenek2009-11-123-1/+181
| | | | | | pthread_mutex_unlock() checker. We need to add a visitor method to Checker for handling dead symbols in order to detect locks that are not unlocked. llvm-svn: 86958
OpenPOWER on IntegriCloud