summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
...
* Add pretty-printing (for GraphViz) support for RangeConstraintManager.Ted Kremenek2009-02-161-36/+8
| | | | llvm-svn: 64646
* Do not register 'RangeConstraintManager' as the default ConstraintManager.Ted Kremenek2009-02-161-2/+0
| | | | llvm-svn: 64627
* Remove accidental duplication of content in .h file.Ted Kremenek2009-02-151-81/+1
| | | | llvm-svn: 64596
* Add hook to add attributes to function declarations that we knowDouglas Gregor2009-02-141-1/+2
| | | | | | | | | | | | | | | | about, whether they are builtins or not. Use this to add the appropriate "format" attribute to NSLog, NSLogv, asprintf, and vasprintf, and to translate builtin attributes (from Builtins.def) into actual attributes on the function declaration. Use the "printf" format attribute on function declarations to determine whether we should do format string checking, rather than looking at an ad hoc list of builtins and "known" function names. Be a bit more careful about when we consider a function a "builtin" in C++. llvm-svn: 64561
* Patch by Ben Laurie:Ted Kremenek2009-02-144-238/+1121
| | | | | | | | | | | | | | | | | | | | ConstraintManager: - constify getSymVal() BasicConstraintManager: - Pull out logic that would be common to ConstraintManagers of a similar nature and put them in a parent class called 'SimpleConstraintManager'. RangeConstraintManager: - Added a new prototype ConstraintManager to track ranges of variables! This ConstraintManager keeps tracks of ranges of concrete integers that a symbolic integer may have. AnalysisConsumer: - Add driver option to use RangeConstraintManager with GRExprEngine-based analyses. llvm-svn: 64558
* GRExprEngine: Handle empty statement expressions.Ted Kremenek2009-02-141-8/+12
| | | | llvm-svn: 64541
* Added GRStateManager::scanReachableSymbols(), a method which scans the reachableTed Kremenek2009-02-144-23/+73
| | | | | | | | | | | | | symbols from an SVal. - Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark live all the symbols reachable from a live block-level expression. - Fixed a bug in the retain/release checker where it did not stop tracking symbols that 'escaped' via compound literals being assigned to something the BasicStoreManager didn't reason about. llvm-svn: 64534
* Use GRTransferFuncs::EvalBind when processing variable initializations.Ted Kremenek2009-02-141-26/+34
| | | | llvm-svn: 64527
* Static analyzer:Ted Kremenek2009-02-143-95/+44
| | | | | | | | | | | | | | | | | | | | - Added a new 'node builder' class called GRStmtNodeBuilderRef (name may change). This is essentially a smart reference to a GRStmtNodeBuilder object that keeps track of the current context (predecessor node, GRExprEngine object, etc.) The idea is to gradually simplify the interface between GRExprEngine and GRTransferFuncs using this new builder (i.e., passing 1 argument instead of 5). It also handles some of the "auto-transition" for node creation, simplifying some of the logic in GRExprEngine itself. - Used GRStmtBuilderRef to replace GRTransferFuncs::EvalStore with GRTransferFuncs::EvalBind. The new EvalBind method will be used at any arbitrary places where a binding between a location and value takes place. Moreover, GRTransferFuncs no longer has the responsibility to request StoreManager to do the binding; this is now in GRExprEngine::EvalBind. All GRTransferFuncs::EvalBind does is checker-specific logic (which can be a no-op). llvm-svn: 64525
* Implicitly declare certain C library functions (malloc, strcpy, memmove,Douglas Gregor2009-02-131-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | etc.) when we perform name lookup on them. This ensures that we produce the correct signature for these functions, which has two practical impacts: 1) When we're supporting the "implicit function declaration" feature of C99, these functions will be implicitly declared with the right signature rather than as a function returning "int" with no prototype. See PR3541 for the reason why this is important (hint: GCC always predeclares these functions). 2) If users attempt to redeclare one of these library functions with an incompatible signature, we produce a hard error. This patch does a little bit of work to give reasonable error messages. For example, when we hit case #1 we complain that we're implicitly declaring this function with a specific signature, and then we give a note that asks the user to include the appropriate header (e.g., "please include <stdlib.h> or explicitly declare 'malloc'"). In case #2, we show the type of the implicit builtin that was incorrectly declared, so the user can see the problem. We could do better here: for example, when displaying this latter error message we say something like: 'strcpy' was implicitly declared here with type 'char *(char *, char const *)' but we should really print out a fake code line showing the declaration, like this: 'strcpy' was implicitly declared here as: char *strcpy(char *, char const *) This would also be good for printing built-in candidates with C++ operator overloading. The set of C library functions supported by this patch includes all functions from the C99 specification's <stdlib.h> and <string.h> that (a) are predefined by GCC and (b) have signatures that could cause codegen issues if they are treated as functions with no prototype returning and int. Future work could extend this set of functions to other C library functions that we know about. llvm-svn: 64504
* GRExprEngine:Ted Kremenek2009-02-131-194/+209
| | | | | | | - Add 'EvalBind', which will be used by 'EvalStore' to pull much of the value binding logic out of GRTransferFuncs. - Rename many cases of 'St' to 'state'. llvm-svn: 64426
* Several cleanups:Steve Naroff2009-02-121-1/+1
| | | | | | | | - rename isObjCIdType/isObjCClassType -> isObjCIdStructType/isObjCClassStructType. The previous name didn't do what you would expect. - add back isObjCIdType/isObjCClassType to do what you would expect. Not currently used, however many of the isObjCIdStructType/isObjCClassStructType clients could be converted over time. - move static Sema function areComparableObjCInterfaces to ASTContext (renamed to areComparableObjCPointerTypes, since it now operates on pointer types). llvm-svn: 64385
* Per PR 3187, disable the missing -dealloc check for classes that subclass ↵Ted Kremenek2009-02-111-3/+15
| | | | | | SenTestCase. llvm-svn: 64292
* BugReporter: Use llvm::raw_string_stream instead of std::ostringstream.Ted Kremenek2009-02-101-29/+25
| | | | llvm-svn: 64259
* Fix a crash in GRSimpleVals::EvalCast due not handling transparent unions.Ted Kremenek2009-02-101-0/+5
| | | | llvm-svn: 64200
* Fix PR 2514: Do not flag dead initializations for variables initialized to a ↵Ted Kremenek2009-02-091-2/+15
| | | | | | constant global variable. llvm-svn: 64149
* Fix null dereference.Ted Kremenek2009-02-071-2/+5
| | | | llvm-svn: 64044
* For retain/release leaks, have the BugReport description indicate the ↵Ted Kremenek2009-02-071-12/+15
| | | | | | allocation site and initial bindings. llvm-svn: 64041
* Tidy up bug descriptions.Ted Kremenek2009-02-071-1/+1
| | | | llvm-svn: 64039
* Use BugReport::getDescription() for the compiler warning text.Ted Kremenek2009-02-071-2/+2
| | | | llvm-svn: 64038
* Determining the allocation site for a leak when constructing a ↵Ted Kremenek2009-02-071-17/+34
| | | | | | CFRefLeakReport. This avoids repeated calls to GetAllocationSite when Profiling a CFRefLeakReport object. llvm-svn: 64036
* Split logic for 'getEndPath()' for CFRefReport and CFRefLeakReport.Ted Kremenek2009-02-071-8/+18
| | | | llvm-svn: 64034
* Convert a use of 'std::ostringstream' to 'llvm::raw_string_ostream'.Ted Kremenek2009-02-071-3/+2
| | | | llvm-svn: 64033
* Ensure that we assert if given an unhandled value.Mike Stump2009-02-071-0/+1
| | | | llvm-svn: 64004
* GRExprEngine: When processing compound assignments, do a switch table lookup ↵Ted Kremenek2009-02-071-6/+13
| | | | | | to get the non-compound opcode from the compound opcode instead of relying on the order of BinaryOperator::opcode values. This unbreaks the misc-ps.c test. llvm-svn: 63991
* SymbolicRegions really have unknown sizes.Zhongxing Xu2009-02-061-3/+1
| | | | llvm-svn: 63929
* Create ElementRegion when the base is SymbolicRegion. This is like what we doZhongxing Xu2009-02-062-13/+20
| | | | | | | | | for FieldRegion. This enables us to track more values. Simplify SymbolicRegion::getRValueType(). We assume the symbol always has pointer type. llvm-svn: 63928
* handle fatal errors, rely on warnings to point out missing cases.Chris Lattner2009-02-061-1/+2
| | | | llvm-svn: 63913
* Add 'AppendValue' to the list of magic CF function names that cause a ↵Ted Kremenek2009-02-051-1/+2
| | | | | | tracked object to escape. Fixes <rdar://problem/6560661>. llvm-svn: 63891
* Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so Zhongxing Xu2009-02-054-19/+40
| | | | | | | | | | | | | | do the symblic regions associated with them and we need them to be typed. Current SymbolicRegion::getRValueType() method is very restricting. It may be modified when we are more clear about what could be the types of symblic regions. BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a subclass of SubRegion. llvm-svn: 63844
* Remove a bunch of obscene double-buffering of BugReports in the retain/releaseTed Kremenek2009-02-051-181/+137
| | | | | | | | | | checker. This was previously needed because BugReport objects were previously allocated on the stack and not owned by BugReporter. Now we can just issue them on the fly. This change was motivated because we were seeing some weird cases where some really long paths would get issued for bugs (particularly leaks) because of some double-caching. llvm-svn: 63840
* Fix regression: Leak (BugType) object should have 'isLeak()' return true.Ted Kremenek2009-02-051-0/+2
| | | | llvm-svn: 63803
* Overhaul BugReporter interface and implementation. The new interface cleans upTed Kremenek2009-02-049-702/+569
| | | | | | | | | | | | | | | | | | | | | the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes, and BugTypes are owned by the BugReporter object. The major functionality change in this patch is that reports are not immediately emitted by a call to BugReporter::EmitWarning (now called EmitReport), but instead of queued up in report "equivalence classes". When BugReporter::FlushReports() is called, it emits one diagnostic per report equivalence class. This provides a nice cleanup with the caching of reports as well as enables the BugReporter engine to select the "best" path for reporting a path-sensitive bug based on all the locations in the ExplodedGraph that the same bug could occur. Along with this patch, Leaks are now coalesced into a common equivalence class by their allocation site, and the "summary" diagnostic for leaks now reports the allocation site as the location of the bug (this may later be augmented to also provide an example location where the leak occurs). llvm-svn: 63796
* Remove dead code.Zhongxing Xu2009-02-041-11/+1
| | | | llvm-svn: 63715
* make SM::getColumnNumber take a predecomposed FileID/offset, whichChris Lattner2009-02-041-4/+7
| | | | | | | | makes it clear to clients that they have to pick an instantiation or spelling location before calling it and allows optimization based on that. llvm-svn: 63698
* Fix horrible non-termination bug in LiveVariables. The issue was thatTed Kremenek2009-01-301-2/+2
| | | | | | | | | | | the liveness state of block-level expressions could oscillate because of two issues: - The initial value before a merge was not always set to "Top" - The set of live block-level expressions is a union, not an intersection This fixes <rdar://problem/650084>. llvm-svn: 63421
* Move method out-of-line.Ted Kremenek2009-01-301-0/+30
| | | | llvm-svn: 63412
* Switch Type::isAggregateType to use the C++ definition of "aggregateDouglas Gregor2009-01-301-2/+1
| | | | | | | | type" rather than the C definition. We do this because both C99 and Clang always use "aggregate type" as "aggregate or union type", and the C++ definition includes union types. llvm-svn: 63395
* update for change in API.Chris Lattner2009-01-301-4/+4
| | | | llvm-svn: 63363
* Fix a couple bugs:Ted Kremenek2009-01-303-17/+24
| | | | | | | | | | | | | | - NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting ASTContext for the size (in bits) of 'int'. While it worked, it was a conflation of concepts and using ASTContext.IntTy is 100% correct. - RegionStore::getSizeInElements() no longer assumes that a VarRegion has the type "ConstantArray", and handles the case when uses use ordinary variables as if they were arrays. - Fixed ElementRegion::getRValueType() to just return the rvalue type of its "array region" in the case the array didn't have ArrayType. - All of this fixes <rdar://problem/6541136> llvm-svn: 63347
* retain/release checker: When generating summaries for CF/CG functions, allow ↵Ted Kremenek2009-01-291-6/+21
| | | | | | arguments to "escape" if they are passed to a function containing the terms "InsertValue", "SetValue", or "AddValue". This fixes <rdar://problem/6539791>. llvm-svn: 63341
* move library-specific diagnostic headers into library private dirs. ReduceChris Lattner2009-01-291-1/+1
| | | | | | redundant #includes. Patch by Anders Johnsen! llvm-svn: 63271
* Remove '#if 0' code.Ted Kremenek2009-01-281-5/+0
| | | | llvm-svn: 63250
* Remove method 'AddNE' from the public interface of ConstraintManager.Ted Kremenek2009-01-282-3/+6
| | | | llvm-svn: 63249
* retain/release checker: Always generate an "autorelease" summary for an ↵Ted Kremenek2009-01-281-9/+9
| | | | | | "autorelease" message, and have the summary processing logic treat it as a no-op in GC mode. This change is motivated to encode more of the semantics in the summaries themselves for eventual better diagnostics. llvm-svn: 63241
* retain/release checker: Improve diagnostics to indicate that CF objects are ↵Ted Kremenek2009-01-281-2/+9
| | | | | | not automatically garbage collected. llvm-svn: 63187
* retain/release checker: Indicate whether a tracked object is a Core ↵Ted Kremenek2009-01-281-1/+7
| | | | | | Foundation or Objective-C object. llvm-svn: 63186
* retain/release checker: More diagnostic refactoring.Ted Kremenek2009-01-281-6/+4
| | | | llvm-svn: 63184
* retain/release checker: Embed an "object type" into the RetEffect/RetVal ↵Ted Kremenek2009-01-281-42/+53
| | | | | | objects to help distinguish between Objective-C and Core Foundation objects (for better diagnostics). llvm-svn: 63183
* retain/release checker: More cleanups (no real functionality change).Ted Kremenek2009-01-281-15/+10
| | | | llvm-svn: 63181
OpenPOWER on IntegriCloud