| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
CallExpr/ObjCMessageExpr can be visited in an "lvalue" context if it
returns a struct temporary. Currently the analyzer doesn't reason
about struct temporary returned by function calls, but we shouldn't
crash here either.
llvm-svn: 93081
|
| |
|
|
| |
llvm-svn: 93071
|
| |
|
|
|
|
|
|
| |
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
llvm-svn: 93047
|
| |
|
|
|
|
|
|
|
| |
when the default case is winnowed down to be infeasible. When all
cases were ruled out (and the analysis state for the default case
would be infeasible) we would still consider the default case
possible. This fixes PR 5969.
llvm-svn: 93017
|
| |
|
|
|
|
| |
ASTContext::hasSameUnqualifiedType() when one of the type is VariableArrayType.
llvm-svn: 92723
|
| |
|
|
|
|
| |
Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
llvm-svn: 92675
|
| |
|
|
|
|
|
|
|
|
|
|
| |
GRStateManager. Having these references was an abstraction violation,
as they really should only be known about GRExprEngine.
This change required adding a new 'ProcessAssume' callback in
GRSubEngine. GRExprEngine implements this callback by calling
'EvalAssume' on all registered Checker objects as well as the
registered GRTransferFunc object.
llvm-svn: 92549
|
| |
|
|
|
|
|
|
|
| |
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
llvm-svn: 92342
|
| |
|
|
| |
llvm-svn: 92305
|
| |
|
|
| |
llvm-svn: 92162
|
| |
|
|
|
|
| |
GRExprEngine.cpp(1348) : warning C4305: 'argument' : truncation from 'clang::ProgramPoint::Kind' to 'bool'
llvm-svn: 92154
|
| |
|
|
| |
llvm-svn: 92121
|
| |
|
|
|
|
| |
hooks for the initialization of condition variables.
llvm-svn: 92119
|
| |
|
|
| |
llvm-svn: 92116
|
| |
|
|
|
|
| |
a ForStmt.
llvm-svn: 92114
|
| |
|
|
| |
llvm-svn: 92113
|
| |
|
|
|
|
| |
every time the condition is checked.
llvm-svn: 92111
|
| |
|
|
|
|
| |
a WhileStmt.
llvm-svn: 92106
|
| |
|
|
| |
llvm-svn: 92105
|
| |
|
|
|
|
| |
a SwitchStmt.
llvm-svn: 92102
|
| |
|
|
| |
llvm-svn: 92101
|
| |
|
|
|
|
| |
times.
llvm-svn: 92087
|
| |
|
|
| |
llvm-svn: 92012
|
| |
|
|
| |
llvm-svn: 91991
|
| |
|
|
|
|
| |
So we should use the current program point.
llvm-svn: 91989
|
| |
|
|
|
|
|
|
| |
mode.
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
llvm-svn: 91987
|
| |
|
|
|
|
| |
CXXExprTemporaries.
llvm-svn: 91986
|
| |
|
|
| |
llvm-svn: 91985
|
| |
|
|
| |
llvm-svn: 91982
|
| |
|
|
|
|
| |
pointer value, we were not correctly layering the correct ElementRegion on the original SymbolicRegion.
llvm-svn: 91981
|
| |
|
|
| |
llvm-svn: 91970
|
| |
|
|
|
|
| |
GRExprEngine::VisitCast when the expression is handled as an lvalue.
llvm-svn: 91969
|
| |
|
|
| |
llvm-svn: 91952
|
| |
|
|
|
|
| |
expression as an lvalue when the return type is a C++ reference.
llvm-svn: 91926
|
| |
|
|
| |
llvm-svn: 91818
|
| |
|
|
| |
llvm-svn: 91751
|
| |
|
|
|
|
| |
Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
llvm-svn: 91710
|
| |
|
|
| |
llvm-svn: 91615
|
| |
|
|
|
|
| |
to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments)
llvm-svn: 91613
|
| |
|
|
| |
llvm-svn: 91610
|
| |
|
|
| |
llvm-svn: 91591
|
| |
|
|
|
|
| |
IdentifierInfo*'s.
llvm-svn: 91577
|
| |
|
|
| |
llvm-svn: 91572
|
| |
|
|
| |
llvm-svn: 91557
|
| |
|
|
| |
llvm-svn: 91553
|
| |
|
|
|
|
|
|
| |
attribute: the object type.
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.
llvm-svn: 91535
|
| |
|
|
|
|
| |
'FD->getIdentifier()' will not always return a non-null IdentifierInfo*.
llvm-svn: 91512
|
| |
|
|
|
|
| |
IdentifierInfo*.
llvm-svn: 91511
|
| |
|
|
|
|
| |
guaranteed to return a non-null IdentifierInfo*.
llvm-svn: 91510
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
llvm-svn: 91501
|
