summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* Now StoreManager::CastRegion() takes a MemRegion, returns a MemRegion.Zhongxing Xu2009-10-142-36/+27
| | | | llvm-svn: 84081
* Remove dead code.Zhongxing Xu2009-10-141-13/+0
| | | | llvm-svn: 84073
* * Remove unused GRState* parameterZhongxing Xu2009-10-143-50/+34
| | | | | | * Make all Base value the last argument. llvm-svn: 84071
* retain/release checker: Recognize that calls toTed Kremenek2009-10-141-3/+26
| | | | | | | | | | 'CVPixelBufferCreateWithPlanarBytes()' and 'CVPixelBufferCreateWithBytes' (Core Video API) can indirectly release a pixel buffer object via a callback. This fixes <rdar://problem/7283567>. llvm-svn: 84064
* retain/release checker: retained objects passed to pthread_create (asTed Kremenek2009-10-131-1/+7
| | | | | | | | the data argument) should not be tracked further until we support full IPA. (fixes <rdar://problem/7299394>) llvm-svn: 84047
* Now we can call into another function with the CallInliner transfer function.Zhongxing Xu2009-10-131-1/+35
| | | | llvm-svn: 83936
* Add an initial implementation of EnterStackFrame() to the StoreManager.Zhongxing Xu2009-10-131-0/+22
| | | | llvm-svn: 83934
* Use a BumpPtrAllocator to allocate all aspects of CFG, including CFGBlocks, ↵Ted Kremenek2009-10-121-63/+72
| | | | | | | | | | | | successor and predecessor vectors, etc. Speedup: when doing 'clang-cc -analyze -dump-cfg' (without actual printing, just CFG building) on the amalgamated SQLite source (all of SQLite in one source file), runtime reduced by 9%. This fixes: <rdar://problem/7250745> llvm-svn: 83899
* Introduces a new BindingVal which combines direct andZhongxing Xu2009-10-111-190/+165
| | | | | | | | default binding for regions. This allows us to simply a lot of code. A further simplification could be done is that many methods of regionstore can only work on Store instead of GRState. llvm-svn: 83762
* Make the behavior explicit by not using the method call.Zhongxing Xu2009-10-091-2/+2
| | | | llvm-svn: 83611
* Remove unused code.Zhongxing Xu2009-10-091-7/+0
| | | | llvm-svn: 83610
* Installation of Clang libraries and headers, from Axel Naumann!Douglas Gregor2009-10-081-3/+0
| | | | llvm-svn: 83582
* Change ExplodedNode to have its NodeGroups all BumpPtrAllocated, avoiding ↵Ted Kremenek2009-10-073-44/+35
| | | | | | | | malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT). This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file. llvm-svn: 83439
* Fix 'clang-cc -analyzer-display-progress' by flushing standard error after ↵Ted Kremenek2009-10-061-3/+3
| | | | | | printing the name of the analyzed function. llvm-svn: 83369
* Fix crash introduced by r83358 where a symbol could be eagerlyTed Kremenek2009-10-061-2/+7
| | | | | | | evaluated to an APSInt with a different bitwidth than the other operand in a binary expression. llvm-svn: 83368
* Fix: <rdar://problem/7275774> Static analyzer warns about NULL pointer whenTed Kremenek2009-10-064-16/+47
| | | | | | | | | | | | | | | | | adding assert This fix required a few changes: SimpleSValuator: - Eagerly replace a symbolic value with its constant value in EvalBinOpNN when it is constrained to a constant. This allows us to better constant fold values along a path. - Handle trivial case of '<', '>' comparison of pointers when the two pointers are exactly the same. RegionStoreManager: llvm-svn: 83358
* Fix bad grammar in static analyzer diagnostic. Reported by Robert Purves!Ted Kremenek2009-10-011-2/+2
| | | | llvm-svn: 83204
* Desugaring optimizations. Add single-step desugaring methods to allJohn McCall2009-09-291-1/+1
| | | | | | | | | concrete types. Use unqualified desugaring for getAs<> and sundry. Fix a few users to either not desugar or use qualified desugar, as seemed appropriate. Removed Type's qualified desugar method, as it was easy to accidentally use instead of QualType's. llvm-svn: 83116
* Modify ASTLocation and apart from being a Decl or Stmt, allow it to also be:Argyrios Kyrtzidis2009-09-291-4/+1
| | | | | | | -A NamedDecl reference -A TypeLoc llvm-svn: 83095
* Add more const-goodness to ASTLocation.Argyrios Kyrtzidis2009-09-291-1/+1
| | | | llvm-svn: 83087
* Fix: <rdar://problem/7261075> [RegionStore] crash when handling load: ↵Ted Kremenek2009-09-291-1/+8
| | | | | | | | '*((unsigned int *)"????")' This issue was originally reported via personal email by Thomas Clement! llvm-svn: 83069
* Fix really insidious bug in RegionStoreManager::RemoveDeadBindings()Ted Kremenek2009-09-291-155/+161
| | | | | | | | | | identified with a false positive reported by Thomas Clement. This involved doing another rewrite of RegionStoreManager::RemoveDeadBindings(), which phrases the entire problem of scanning for dead regions as a graph exploration problem. It is more methodic than the previous implementation. llvm-svn: 83053
* Reapply most of r82939, but add a guard that FieldRegions and friendsTed Kremenek2009-09-291-4/+9
| | | | | | | | | are only specially treated by RegionStore::InvalidateRegion() when their super region is also invalidated. When this isn't the case, conjure a new symbol for a FieldRegion. Thanks to Zhongxing Xu and Daniel Dunbar for pointing out this issue. llvm-svn: 83043
* Revert r82939. We can only not special case FieldRegions when the super ↵Ted Kremenek2009-09-291-9/+5
| | | | | | region has also been invalidated. llvm-svn: 83040
* Specially handle fields, elements, and ivars inTed Kremenek2009-09-271-5/+9
| | | | | | | RegionStoreManager::InvalidateRegion() by only removing their old binding, not conjuring a new symbol. llvm-svn: 82939
* Add FIXME comment.Ted Kremenek2009-09-271-0/+4
| | | | llvm-svn: 82924
* Fix:Ted Kremenek2009-09-275-62/+95
| | | | | | | | | | | | | | | | <rdar://problem/6914474> checker doesn't realize that variable might have been assigned if a pointer to that variable was passed to another function via a structure The problem here was the RegionStoreManager::InvalidateRegion didn't invalidate the bindings of invalidated regions. This required a rewrite of this method using a worklist. As part of this fix, changed ValueManager::getConjuredSymbolVal() to require a 'void*' SymbolTag argument. This tag is used to differentiate two different symbols created at the same location. llvm-svn: 82920
* Fix checking for a null pointer constant when the expression itself isDouglas Gregor2009-09-251-2/+4
| | | | | | | | | | | | value-dependent. Audit (and fixed) all calls to Expr::isNullPointerConstant() to provide the correct behavior with value-dependent expressions. Fixes PR5041 and a crash in libstdc++ <locale>. In the same vein, properly compute value- and type-dependence for ChooseExpr. Fixes PR4996. llvm-svn: 82748
* Fix <rdar://problem/7249327> by allowing silent conversions between signed ↵Ted Kremenek2009-09-252-2/+22
| | | | | | and unsigned integer values for symbolic values. This is an intermediate solution (i.e. hack) until we support extension/truncation of symbolic integers. llvm-svn: 82737
* When building CFGs, no longer reverse the statements in the CFGBlock. InsteadTed Kremenek2009-09-241-16/+8
| | | | | | | | | have the iterators and operator[] handle the traversal of statements, as they are stored in reverse order. Tests show this has no real performance impact, but it does simply the CFG construction logic and will make it slightly easier to change the allocation strategy for CFGBlocks (as we have fewer copies). llvm-svn: 82702
* Fix crash in RegionStoreManager::Bind() by using 'getAs<PointerType>()' ↵Ted Kremenek2009-09-241-1/+1
| | | | | | instead of 'cast<PointerType>()' (to handle pointer typedefs). llvm-svn: 82686
* Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic ↵Ted Kremenek2009-09-241-6/+22
| | | | | | | | | | parameter regions The issue was a discrepancy between how RegionStoreManager::Bind() and RegionStoreManager::Retrieve() derived the "key" for the first element of a symbolic region. llvm-svn: 82680
* Shorten the static analyzer diagnostic for 'use of garbage value'.Ted Kremenek2009-09-241-2/+2
| | | | llvm-svn: 82672
* Fix PR 4988 by removing an invalid assertion (a function can be referenced inTed Kremenek2009-09-231-1/+1
| | | | | | GRExprEngine::VisitDeclRefExpr without 'asLValue' being true). llvm-svn: 82598
* Fix: <rdar://problem/7242006> [RegionStore] compound literal assignment with ↵Ted Kremenek2009-09-222-4/+6
| | | | | | floats not honored llvm-svn: 82575
* Fix: <rdar://problem/7242015> [RegionStore] variable passed-by-reference ↵Ted Kremenek2009-09-221-8/+9
| | | | | | (via integer) to function call not invalidated llvm-svn: 82523
* Change all the Type::getAsFoo() methods to specializations of Type::getAs().John McCall2009-09-215-12/+12
| | | | | | | | | | | Several of the existing methods were identical to their respective specializations, and so have been removed entirely. Several more 'leaf' optimizations were introduced. The getAsFoo() methods which imposed extra conditions, like getAsObjCInterfacePointerType(), have been left in place. llvm-svn: 82501
* Provide intermediate solution to handling assignments to structs via anTed Kremenek2009-09-211-0/+4
| | | | | | | | integer pointer. For now just invalidate the fields of the struct. This addresses: <rdar://problem/7185607> [RegionStore] support invalidation of bit fields using integer assignment llvm-svn: 82492
* Re-introduce diagnostic caching in BugReporter that was originally added inTed Kremenek2009-09-181-0/+47
| | | | | | | r82198 and then reverted. This is an intermediate solution, as diagnostic caching should not rely on static variables. llvm-svn: 82301
* Reintroduce FoldingSet profiling for PathDiagnostics.Ted Kremenek2009-09-181-0/+62
| | | | llvm-svn: 82299
* Revert most of r82198, which was causing a large number of crashesTed Kremenek2009-09-182-109/+0
| | | | | | | | | | when running the analyzer on real projects. We'll keep the change to AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code correctly in both GC and non-GC modes, although this may emit two diagnostics for each bug in some cases (a better solution will come later). llvm-svn: 82201
* Introduce caching of diagnostics in BugReporter. This provides extraTed Kremenek2009-09-182-0/+109
| | | | | | | | | | | | | | | | | | | | | | | | | | | pruning of diagnostics that may be emitted multiple times. This is accomplished by adding FoldingSet profiling support to PathDiagnostic, and then having BugReporter record what diagnostics have been issued. This was motived to a serious bug introduced by moving the 'divide-by-zero' checking outside of GRExprEngine into a separate 'Checker' class. When analyzing code using the '-fobjc-gc' option, a given function would be analyzed twice, but the second time various "internal checks" would be disabled to avoid emitting multiple diagnostics (e.g., "null dereference") for the same issue. The problem is that such checks also effect path pruning and don't just emit diagnostics. This resulted in an assertion failure involving a real divide-by-zero in some analyzed code where we would get an assertion failure in APInt because the 'DivZero' check was disabled and didn't prune the logic that resulted in the divide-by-zero in the analyzer. The implemented solution is somewhat of a hack, and may not perform extremely well. This will need to be cleaned up over time. As a regression test, 'misc-ps.m' has been modified so that its tests are run using -fobjc-gc to test this diagnostic pruning behavior. llvm-svn: 82198
* Have divide-by-zero checker not handled undefined denominators. This is ↵Ted Kremenek2009-09-161-26/+18
| | | | | | handled by the generic checking for undefined operands for BinaryOperators. llvm-svn: 82019
* Remove ImplicitBadDivides/ExplicitBadDivides node sets. This checking is ↵Ted Kremenek2009-09-161-6/+0
| | | | | | now down by a 'Checker' and not build into GRExprEngine. llvm-svn: 82017
* Fix static analyzer regression when emitting undefined value warningsTed Kremenek2009-09-151-9/+16
| | | | | | | with binary operators. The result of a binary operator may be undefined even if its operands are well-defined. llvm-svn: 81874
* Per feedback from Eli, recognize in the transfer function logic forTed Kremenek2009-09-151-6/+12
| | | | | | | | | __builtin_offsetof in the static analyzer that __builtin_offsetof is not guaranteed to return an integer constant. We will need to shore this up later, but now at least we have correct support for when this *is* an integer constant. llvm-svn: 81830
* Fix typo in comment.Ted Kremenek2009-09-151-1/+1
| | | | llvm-svn: 81825
* Add static analyzer transfer function support for __builtin_offsetof.Ted Kremenek2009-09-151-3/+8
| | | | llvm-svn: 81820
* Fix: <rdar://problem/5905851> do not report a leak when post-dominated by a callTed Kremenek2009-09-142-11/+112
| | | | | | to a noreturn or panic function llvm-svn: 81803
* Implement FIXME: free up BugReportEquivClass objects when deleting BugTypes.Ted Kremenek2009-09-141-4/+10
| | | | llvm-svn: 81783
OpenPOWER on IntegriCloud