summaryrefslogtreecommitdiffstats
path: root/clang/lib/Checker/GRExprEngine.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Actually use reduced set of checkers in EvalAssume.Jordy Rose2010-08-121-2/+1
| | | | llvm-svn: 110904
* MemRegion can refer to ASTContext without external help.Zhongxing Xu2010-08-111-2/+2
| | | | llvm-svn: 110784
* Allow reference binding of a reference of Objective-C object type toDouglas Gregor2010-08-071-1/+2
| | | | | | | | an lvalue of another, compatible Objective-C object type (e.g., a subclass). Introduce a new initialization sequence step kind to describe this binding, along with a new cast kind. Fixes PR7741. llvm-svn: 110513
* Removed IdempotentOperationChecker from default analysis and returned back ↵Tom Care2010-08-061-1/+0
| | | | | | | | | to a flag (-analyzer-check-idempotent-operations) - Added IdempotentOperationChecker to experimental analyses for testing purposes - Updated test cases to explictly call the checker llvm-svn: 110482
* If all nodes are sunk, bail out early. This make the later check for ↵Zhongxing Xu2010-08-061-1/+4
| | | | | | checkersEvaluated really meaningful. llvm-svn: 110430
* Revert r110317, and add a comment why the assertion is not an invariant.Ted Kremenek2010-08-051-4/+4
| | | | llvm-svn: 110330
* Turn the predicate into an assertion. When could the unequal case happen?Zhongxing Xu2010-08-051-1/+3
| | | | llvm-svn: 110317
* Change the checker callback cache in GRExprEngine to be more compact (and ↵Jordy Rose2010-08-041-25/+64
| | | | | | | | IMHO a little easier to understand), and add the same sort of caching for EvalAssume (tied for least-used callback), mostly as proof-of-concept. Before we go further with these, we should figure out a way to reuse the visit-and-cache code in CheckerVisit. llvm-svn: 110191
* Makes GRState::makeWithStore private, to encourage clients to make store ↵Jordy Rose2010-08-031-2/+1
| | | | | | | | changes through GRState instead of directly accessing the StoreManager. Also adds cover methods for InvalidateRegion(s) and EnterStackFrame to GRState. This is in preparation for proposed region change notifications. No functionality change. llvm-svn: 110137
* Changed GRExprEngine to pass down a reference to itself when checkers are ↵Tom Care2010-08-031-1/+1
| | | | | | | | | doing postanalysis. This allows the checker to gather information about the state of the engine when it has finished. - Exposed the worklist and BlockAborted flag in GRCoreEngine - Changed postanalysis checkers to use the new infrastructure llvm-svn: 110095
* Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, ↵Ted Kremenek2010-07-291-0/+3
| | | | | | and CharacterLiteral. Fixes an assertion failure reported in PR 7675. llvm-svn: 109719
* Remove extraneous guards around the call to getConjuredSymbolVal(). These ↵Ted Kremenek2010-07-291-6/+4
| | | | | | checks are already done within getConjuredSymbolVal() itself. llvm-svn: 109707
* Delete unnecessary const_cast.Zhongxing Xu2010-07-231-1/+1
| | | | llvm-svn: 109211
* AnalysisContext is not const.Zhongxing Xu2010-07-231-1/+1
| | | | llvm-svn: 109210
* Constify all references to Stmt* and CFGBlock* in libChecker.Zhongxing Xu2010-07-201-107/+115
| | | | llvm-svn: 108811
* Constify.Zhongxing Xu2010-07-201-8/+9
| | | | llvm-svn: 108800
* Reapply r108617.Zhongxing Xu2010-07-191-13/+26
| | | | llvm-svn: 108668
* Revert r108617, it broke the build.Benjamin Kramer2010-07-171-26/+13
| | | | llvm-svn: 108621
* Prepare the analyzer for the callee in another translation unit:Zhongxing Xu2010-07-171-13/+26
| | | | | | | Let AnalysisContext contain a TranslationUnit. Let CallEnter refer to an AnalysisContext instead of a FunctionDecl. llvm-svn: 108617
* Fix '<rdar://problem/8202272> __imag passed non-complex should not crash' by ↵Ted Kremenek2010-07-171-2/+1
| | | | | | removing a bogus assertion. llvm-svn: 108602
* Improved false positive rate for the idempotent operations checker and moved ↵Tom Care2010-07-161-0/+1
| | | | | | | | | | it into the default path-sensitive analysis options. - Added checks for static local variables, self assigned parameters, and truncating/extending self assignments - Removed command line option (now default with --analyze) - Updated test cases to pass with idempotent operation warnings llvm-svn: 108550
* Introduce a new cast kind for an "lvalue bitcast", which handlesDouglas Gregor2010-07-131-0/+1
| | | | | | | | | | | | | | | | reinterpret_casts (possibly indirectly via C-style/functional casts) on values, e.g., int i; reinterpret_cast<short&>(i); The IR generated for this is essentially the same as for *reinterpret_cast<short*>(&i). Fixes PR6437, PR7593, and PR7344. llvm-svn: 108294
* Reinstate the fix for PR7556. A silly use of isTrivial() wasDouglas Gregor2010-07-081-2/+2
| | | | | | suppressing copies of objects with trivial copy constructors. llvm-svn: 107857
* Revert r107828 and r107827, the fix for PR7556, which seems to beDouglas Gregor2010-07-071-2/+2
| | | | | | breaking bootstrap on Linux. llvm-svn: 107837
* Rename CXXZeroInitValueExpr to CXXScalarValueInitExpr, to reflect itsDouglas Gregor2010-07-071-2/+2
| | | | | | newly-narrowed scope. No functionality change. llvm-svn: 107828
* Introduce Decl::hasBody() and FunctionDecl::hasBody() and use them instead ↵Argyrios Kyrtzidis2010-07-071-1/+1
| | | | | | | | of getBody() when we are just checking the existence of a body, to avoid de-serialization of the body from PCH. Makes de-serialization of the function body even more "lazier". llvm-svn: 107768
* Support sizeof for VLA expressions (sizeof(someVLA)). sizeof(int[n]) still ↵Jordy Rose2010-07-051-3/+32
| | | | | | unimplemented. A VLA region's sizeof value matches its extent. llvm-svn: 107611
* Add an ivar to SymbolReaper for the current statement, and then stop passing ↵Jordy Rose2010-07-011-3/+3
| | | | | | the current statement around everywhere. Preparation for symbolic extents. llvm-svn: 107422
* ExplodedGraph never uses ASTContext, remove it.Zhongxing Xu2010-07-011-3/+3
| | | | llvm-svn: 107388
* Correctly implement the CheckerVisit optimization introduced in r106884, but ↵Ted Kremenek2010-06-301-1/+1
| | | | | | this time actually used the cached checker list when calling back to Checker visit methods. This reduces the analysis time for sqlite3.c by 8%. llvm-svn: 107259
* Allow '__extension__' to be analyzed in a lvalue context.Ted Kremenek2010-06-261-2/+6
| | | | llvm-svn: 106964
* Relax assertion since non-pod C++ classes are not aggregates, but still can ↵Ted Kremenek2010-06-251-4/+9
| | | | | | appear in this context. llvm-svn: 106919
* Add "checker caching" to GRExprEngine::CheckerVisit to progressively buildTed Kremenek2010-06-251-3/+51
| | | | | | | | | | | | a winowed list of checkers that actually do something for a given StmtClass. As the number of checkers grows, this may potentially significantly reduce the number of checkers called at any one time. My own measurements show that for the ~20 registered Checker objects, only ~5 of them respond at any one time to a give statement. While this isn't a net performance win right now (there is a minor slowdown on sqlite.3) this improvement does greatly improve debugging when stepping through the checkers used to evaluate a given statement. llvm-svn: 106884
* Add 'VisitEndAnalysis' callback to Checker class. This callback is called ↵Ted Kremenek2010-06-231-0/+7
| | | | | | | | | by GRExprEngine when the worklist algorithm has terminated. This allows some checkers to do a post-analysis phase after all paths have been analyzed. llvm-svn: 106689
* Don't assert on C++ casts that are currently not handled by the static analyzer.Ted Kremenek2010-06-221-6/+24
| | | | | | | Instead, halt the analysis of the current path, which is what we do in GRExprEngine::ProcessStmt for all other C++ constructs not currently handled by the analyzer. llvm-svn: 106561
* Register CallAndMessageChecker before AttrNonNullChecker. Then we can assumeZhongxing Xu2010-06-161-1/+3
| | | | | | arguments are not undefined. llvm-svn: 106083
* Merge StackAddrLeakChecker and ReturnStackAddressChecker.Zhongxing Xu2010-06-091-1/+1
| | | | llvm-svn: 105687
* Add comments.Zhongxing Xu2010-06-031-1/+2
| | | | llvm-svn: 105382
* Add option '-analyzer-max-loop', which specifies the maximum Zhongxing Xu2010-05-181-2/+1
| | | | | | number of times the analyzer will go through a loop. llvm-svn: 104007
* Substantially alter the design of the Objective C type AST by introducingJohn McCall2010-05-151-2/+2
| | | | | | | | | | | | | | | | | | | | | ObjCObjectType, which is basically just a pair of one of {primitive-id, primitive-Class, user-defined @class} with a list of protocols. An ObjCObjectPointerType is therefore just a pointer which always points to one of these types (possibly sugared). ObjCInterfaceType is now just a kind of ObjCObjectType which happens to not carry any protocols. Alter a rather large number of use sites to use ObjCObjectType instead of ObjCInterfaceType. Store an ObjCInterfaceType as a pointer on the decl rather than hashing them in a FoldingSet. Remove some number of methods that are no longer used, at least after this patch. By simplifying ObjCObjectPointerType, we are now able to easily remove and apply pointers to Objective-C types, which is crucial for a certain kind of ObjC++ metaprogramming common in WebKit. llvm-svn: 103870
* Fixes for compilation with Microsoft Visual Studio 2010, from Steven Watanabe!Douglas Gregor2010-05-111-1/+1
| | | | llvm-svn: 103458
* Turn -analyzer-inline-call on for C functions. This also fixed a bug thatZhongxing Xu2010-05-061-0/+26
| | | | | | after inlining post-call checking shouldn't be done. llvm-svn: 103161
* Completely reimplement __builtin_offsetof, based on a patch by RobertoDouglas Gregor2010-04-281-9/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Amadini. This change introduces a new expression node type, OffsetOfExpr, that describes __builtin_offsetof. Previously, __builtin_offsetof was implemented using a unary operator whose subexpression involved various synthesized array-subscript and member-reference expressions, which was ugly and made it very hard to instantiate as a template. OffsetOfExpr represents the AST more faithfully, with proper type source information and a more compact representation. OffsetOfExpr also has support for dependent __builtin_offsetof expressions; it can be value-dependent, but will never be type-dependent (like sizeof or alignof). This commit introduces template instantiation for __builtin_offsetof as well. There are two major caveats to this patch: 1) CodeGen cannot handle the case where __builtin_offsetof is not a constant expression, so it produces an error. So, to avoid regressing in C, we retain the old UnaryOperator-based __builtin_offsetof implementation in C while using the shiny new OffsetOfExpr implementation in C++. The old implementation can go away once we have proper CodeGen support for this case, which we expect won't cause much trouble in C++. 2) __builtin_offsetof doesn't work well with non-POD class types, particularly when the designated field is found within a base class. I will address this in a subsequent patch. Fixes PR5880 and a bunch of assertions when building Boost.Python tests. llvm-svn: 102542
* Introduce Type::isStructureOrClassType(), which does the obviousDouglas Gregor2010-04-261-3/+1
| | | | | | | | thing. Audit all uses of Type::isStructure(), changing those calls to isStructureOrClassType() as needed (which is alsmost everywhere). Fixes the remaining failure in Boost.Utility/Swap. llvm-svn: 102386
* CXXNamedCastExpr is actually an abstract expression.Zhongxing Xu2010-04-211-1/+0
| | | | llvm-svn: 101994
* Add initial support for C++ delete expr.Zhongxing Xu2010-04-211-1/+5
| | | | llvm-svn: 101980
* Overhaul the AST representation of Objective-C message sendDouglas Gregor2010-04-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | expressions, to improve source-location information, clarify the actual receiver of the message, and pave the way for proper C++ support. The ObjCMessageExpr node represents four different kinds of message sends in a single AST node: 1) Send to a object instance described by an expression (e.g., [x method:5]) 2) Send to a class described by the class name (e.g., [NSString method:5]) 3) Send to a superclass class (e.g, [super method:5] in class method) 4) Send to a superclass instance (e.g., [super method:5] in instance method) Previously these four cases where tangled together. Now, they have more distinct representations. Specific changes: 1) Unchanged; the object instance is represented by an Expr*. 2) Previously stored the ObjCInterfaceDecl* referring to the class receiving the message. Now stores a TypeSourceInfo* so that we know how the class was spelled. This both maintains typedef information and opens the door for more complicated C++ types (e.g., dependent types). There was an alternative, unused representation of these sends by naming the class via an IdentifierInfo *. In practice, we either had an ObjCInterfaceDecl *, from which we would get the IdentifierInfo *, or we fell into the case below... 3) Previously represented by a class message whose IdentifierInfo * referred to "super". Sema and CodeGen would use isStr("super") to determine if they had a send to super. Now represented as a "class super" send, where we have both the location of the "super" keyword and the ObjCInterfaceDecl* of the superclass we're targetting (statically). 4) Previously represented by an instance message whose receiver is a an ObjCSuperExpr, which Sema and CodeGen would check for via isa<ObjCSuperExpr>(). Now represented as an "instance super" send, where we have both the location of the "super" keyword and the ObjCInterfaceDecl* of the superclass we're targetting (statically). Note that ObjCSuperExpr only has one remaining use in the AST, which is for "super.prop" references. The new representation of ObjCMessageExpr is 2 pointers smaller than the old one, since it combines more storage. It also eliminates a leak when we loaded message-send expressions from a precompiled header. The representation also feels much cleaner to me; comments welcome! This patch attempts to maintain the same semantics we previously had with Objective-C message sends. In several places, there are massive changes that boil down to simply replacing a nested-if structure such as: if (message has a receiver expression) { // instance message if (isa<ObjCSuperExpr>(...)) { // send to super } else { // send to an object } } else { // class message if (name->isStr("super")) { // class send to super } else { // send to class } } with a switch switch (E->getReceiverKind()) { case ObjCMessageExpr::SuperInstance: ... case ObjCMessageExpr::Instance: ... case ObjCMessageExpr::SuperClass: ... case ObjCMessageExpr::Class:... } There are quite a few places (particularly in the checkers) where send-to-super is effectively ignored. I've placed FIXMEs in most of them, and attempted to address send-to-super in a reasonable way. This could use some review. llvm-svn: 101972
* Use GetState() to get the possible cleaned state.Zhongxing Xu2010-04-201-3/+3
| | | | llvm-svn: 101867
* Move all C++ expression evaluation logic into its own file.Zhongxing Xu2010-04-191-234/+0
| | | | llvm-svn: 101772
* Analyzer: add support for CXXNewExpr.Zhongxing Xu2010-04-191-1/+33
| | | | llvm-svn: 101771
OpenPOWER on IntegriCloud