summaryrefslogtreecommitdiffstats
path: root/clang/lib/Checker/GRExprEngine.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add option '-analyzer-max-loop', which specifies the maximum Zhongxing Xu2010-05-181-2/+1
| | | | | | number of times the analyzer will go through a loop. llvm-svn: 104007
* Substantially alter the design of the Objective C type AST by introducingJohn McCall2010-05-151-2/+2
| | | | | | | | | | | | | | | | | | | | | ObjCObjectType, which is basically just a pair of one of {primitive-id, primitive-Class, user-defined @class} with a list of protocols. An ObjCObjectPointerType is therefore just a pointer which always points to one of these types (possibly sugared). ObjCInterfaceType is now just a kind of ObjCObjectType which happens to not carry any protocols. Alter a rather large number of use sites to use ObjCObjectType instead of ObjCInterfaceType. Store an ObjCInterfaceType as a pointer on the decl rather than hashing them in a FoldingSet. Remove some number of methods that are no longer used, at least after this patch. By simplifying ObjCObjectPointerType, we are now able to easily remove and apply pointers to Objective-C types, which is crucial for a certain kind of ObjC++ metaprogramming common in WebKit. llvm-svn: 103870
* Fixes for compilation with Microsoft Visual Studio 2010, from Steven Watanabe!Douglas Gregor2010-05-111-1/+1
| | | | llvm-svn: 103458
* Turn -analyzer-inline-call on for C functions. This also fixed a bug thatZhongxing Xu2010-05-061-0/+26
| | | | | | after inlining post-call checking shouldn't be done. llvm-svn: 103161
* Completely reimplement __builtin_offsetof, based on a patch by RobertoDouglas Gregor2010-04-281-9/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Amadini. This change introduces a new expression node type, OffsetOfExpr, that describes __builtin_offsetof. Previously, __builtin_offsetof was implemented using a unary operator whose subexpression involved various synthesized array-subscript and member-reference expressions, which was ugly and made it very hard to instantiate as a template. OffsetOfExpr represents the AST more faithfully, with proper type source information and a more compact representation. OffsetOfExpr also has support for dependent __builtin_offsetof expressions; it can be value-dependent, but will never be type-dependent (like sizeof or alignof). This commit introduces template instantiation for __builtin_offsetof as well. There are two major caveats to this patch: 1) CodeGen cannot handle the case where __builtin_offsetof is not a constant expression, so it produces an error. So, to avoid regressing in C, we retain the old UnaryOperator-based __builtin_offsetof implementation in C while using the shiny new OffsetOfExpr implementation in C++. The old implementation can go away once we have proper CodeGen support for this case, which we expect won't cause much trouble in C++. 2) __builtin_offsetof doesn't work well with non-POD class types, particularly when the designated field is found within a base class. I will address this in a subsequent patch. Fixes PR5880 and a bunch of assertions when building Boost.Python tests. llvm-svn: 102542
* Introduce Type::isStructureOrClassType(), which does the obviousDouglas Gregor2010-04-261-3/+1
| | | | | | | | thing. Audit all uses of Type::isStructure(), changing those calls to isStructureOrClassType() as needed (which is alsmost everywhere). Fixes the remaining failure in Boost.Utility/Swap. llvm-svn: 102386
* CXXNamedCastExpr is actually an abstract expression.Zhongxing Xu2010-04-211-1/+0
| | | | llvm-svn: 101994
* Add initial support for C++ delete expr.Zhongxing Xu2010-04-211-1/+5
| | | | llvm-svn: 101980
* Overhaul the AST representation of Objective-C message sendDouglas Gregor2010-04-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | expressions, to improve source-location information, clarify the actual receiver of the message, and pave the way for proper C++ support. The ObjCMessageExpr node represents four different kinds of message sends in a single AST node: 1) Send to a object instance described by an expression (e.g., [x method:5]) 2) Send to a class described by the class name (e.g., [NSString method:5]) 3) Send to a superclass class (e.g, [super method:5] in class method) 4) Send to a superclass instance (e.g., [super method:5] in instance method) Previously these four cases where tangled together. Now, they have more distinct representations. Specific changes: 1) Unchanged; the object instance is represented by an Expr*. 2) Previously stored the ObjCInterfaceDecl* referring to the class receiving the message. Now stores a TypeSourceInfo* so that we know how the class was spelled. This both maintains typedef information and opens the door for more complicated C++ types (e.g., dependent types). There was an alternative, unused representation of these sends by naming the class via an IdentifierInfo *. In practice, we either had an ObjCInterfaceDecl *, from which we would get the IdentifierInfo *, or we fell into the case below... 3) Previously represented by a class message whose IdentifierInfo * referred to "super". Sema and CodeGen would use isStr("super") to determine if they had a send to super. Now represented as a "class super" send, where we have both the location of the "super" keyword and the ObjCInterfaceDecl* of the superclass we're targetting (statically). 4) Previously represented by an instance message whose receiver is a an ObjCSuperExpr, which Sema and CodeGen would check for via isa<ObjCSuperExpr>(). Now represented as an "instance super" send, where we have both the location of the "super" keyword and the ObjCInterfaceDecl* of the superclass we're targetting (statically). Note that ObjCSuperExpr only has one remaining use in the AST, which is for "super.prop" references. The new representation of ObjCMessageExpr is 2 pointers smaller than the old one, since it combines more storage. It also eliminates a leak when we loaded message-send expressions from a precompiled header. The representation also feels much cleaner to me; comments welcome! This patch attempts to maintain the same semantics we previously had with Objective-C message sends. In several places, there are massive changes that boil down to simply replacing a nested-if structure such as: if (message has a receiver expression) { // instance message if (isa<ObjCSuperExpr>(...)) { // send to super } else { // send to an object } } else { // class message if (name->isStr("super")) { // class send to super } else { // send to class } } with a switch switch (E->getReceiverKind()) { case ObjCMessageExpr::SuperInstance: ... case ObjCMessageExpr::Instance: ... case ObjCMessageExpr::SuperClass: ... case ObjCMessageExpr::Class:... } There are quite a few places (particularly in the checkers) where send-to-super is effectively ignored. I've placed FIXMEs in most of them, and attempted to address send-to-super in a reasonable way. This could use some review. llvm-svn: 101972
* Use GetState() to get the possible cleaned state.Zhongxing Xu2010-04-201-3/+3
| | | | llvm-svn: 101867
* Move all C++ expression evaluation logic into its own file.Zhongxing Xu2010-04-191-234/+0
| | | | llvm-svn: 101772
* Analyzer: add support for CXXNewExpr.Zhongxing Xu2010-04-191-1/+33
| | | | llvm-svn: 101771
* Fix PR 6844, a regression caused by the introduction of llvm_unreachable for ↵Ted Kremenek2010-04-151-25/+61
| | | | | | | | | | the default case in GRExprEngine::Visit (in r101129). Instead, enumerate all Stmt cases and have no 'default' case in the switch statement. When we encounter a Stmt we don't handle, we should explicitly add it to the switch statement. llvm-svn: 101378
* Add support for CXXBoolLiteralExpr.Zhongxing Xu2010-04-141-1/+2
| | | | llvm-svn: 101238
* Make all cases that we don't handle explicit. Zhongxing Xu2010-04-131-1/+12
| | | | llvm-svn: 101129
* Dispatch all C++ cast expr to VisitCast().Zhongxing Xu2010-04-131-7/+6
| | | | llvm-svn: 101128
* Initial support for visiting CXXMemberCallExpr.Zhongxing Xu2010-04-011-5/+88
| | | | llvm-svn: 100098
* Improve C++ constructor handling.Zhongxing Xu2010-04-011-2/+4
| | | | llvm-svn: 100080
* Introduce a new kind of derived-to-base cast which bypasses the need forJohn McCall2010-03-301-0/+1
| | | | | | | null checks, and make sure we elide null checks when accessing base class members. llvm-svn: 99963
* Change the analyzer to recognize (but ignore) assignments to isa. Fixes PR ↵Ted Kremenek2010-03-301-0/+5
| | | | | | 6302. llvm-svn: 99904
* Checker: random include cleanup.Benjamin Kramer2010-03-271-0/+2
| | | | llvm-svn: 99731
* Add methods to remove a GDM entry.Zhongxing Xu2010-03-251-1/+1
| | | | | | Instead of setting the ReturnExpr GDM to NULL, remove it. llvm-svn: 99470
* Bind the constructed object value to CXXConstructExpr.Zhongxing Xu2010-03-231-4/+22
| | | | llvm-svn: 99271
* Clear the return expr GDM after using it.Zhongxing Xu2010-03-231-1/+4
| | | | llvm-svn: 99268
* Add a AggExprVisitor class. It contains lots of boilerZhongxing Xu2010-03-231-0/+4
| | | | | | plate code for evaluating expressions of C++ class type. llvm-svn: 99267
* Since we now may have basicblocks with the same block is in different function,Zhongxing Xu2010-03-231-2/+3
| | | | | | | change the block counter map from unsigned -> unsigned to <StackFrameContext*, unsigned> -> unsigned. llvm-svn: 99255
* Mark CXXThisRegion in the current or parent stack frame context as live so thatZhongxing Xu2010-03-171-1/+3
| | | | | | their bindings are not removed. llvm-svn: 98705
* Add VisitCXXContructExpr logic to the analyzer. This still has not fully workedZhongxing Xu2010-03-161-2/+80
| | | | | | since RemoveDeadBinding mistakenly remove the binding to CXXThisRegion. llvm-svn: 98629
* Remove unused headers.Duncan Sands2010-03-081-1/+0
| | | | llvm-svn: 97941
* Remove reference to AnalysisContext in Environment. We already have ↵Zhongxing Xu2010-03-051-4/+4
| | | | | | | | LocationContext information in ExplodedNode. llvm-svn: 97785
* When profiling Environment, also profile with AnalysisContext*, bacauseZhongxing Xu2010-03-041-0/+1
| | | | | | | | | | we now may have identical states with different analysis context. Set the right AnalysisContext in state when entering and leaving a callee. With both of the above changes, we can pass the test case. llvm-svn: 97724
* Don't conjure a symbol for DeclStmts when the variable is a C++ reference.Ted Kremenek2010-03-021-5/+5
| | | | llvm-svn: 97590
* Use a GDM to record the returned expression in the state when VisitReturnStmt.Zhongxing Xu2010-02-261-10/+28
| | | | | | | | | | | Use this information to find the returned value and bind it to CallExpr in ProcessCallExit. And there is no need to remove dead bindings in ProcessCallExit, because a. it would clean up the return value bound to CallExpr b. we still would do it in the next ProcessStmt(), where we would not misclean up the return value. llvm-svn: 97225
* Remove derelict GRStmtNodeBuilder::LastNode.Zhongxing Xu2010-02-261-1/+1
| | | | llvm-svn: 97207
* Restore Zhongxing's commits r97122 r97127 r97129 r97131 which were reverted ↵Douglas Gregor2010-02-251-0/+40
| | | | | | due to a Clang-on-Clang failure llvm-svn: 97162
* Revert patches r97122 r97127 r97129 r97131.Jakob Stoklund Olesen2010-02-251-40/+0
| | | | | | They were breaking clang-x86_64-darwin10-selfhost llvm-svn: 97138
* Move the dead bindings removal logic from CallInliner to ↵Zhongxing Xu2010-02-251-1/+15
| | | | | | GRExprEngine::ProcessCallExit(). llvm-svn: 97129
* Call inliner improvements:Zhongxing Xu2010-02-251-0/+26
| | | | | | | | | | | | | | This patch implements the CallEnter/CallExit idea of Ted. Add two interfaces to GRSubEngine: ProcessCallEnter, ProcessCallExit. The CallEnter program point uses caller's location context. The CallExit program point uses callee's location context. CallEnter is built by GRStmtNodeBuilder. CallExit is built by GREndPathNodeBuilder. llvm-svn: 97122
* Add MacOSXAPIChecker, a meta checker to include various precondition checks ↵Ted Kremenek2010-02-251-0/+1
| | | | | | | | | | | | for calls to various MacOS X functions. The checks in BasicObjCFoundationChecks.cpp will gradually be migrated here. As a first check, check that when 'dispatch_once()' is passed a predicate value that has non-local storage. llvm-svn: 97116
* Add UnixAPIChecker, a meta checker to include various precondition checks ↵Ted Kremenek2010-02-251-0/+1
| | | | | | | | | | | for calls to various unix/posix functions, e.g. 'open()'. As a first check, check that when 'open()' is passed 'O_CREAT' that it has a third argument. llvm-svn: 97086
* Add simpler checker to check if variables captured by a block are uninitialized.Ted Kremenek2010-02-161-0/+1
| | | | llvm-svn: 96341
* Convert GRExprEngine's handling of ObjCMessageExprs to use a worklistTed Kremenek2010-02-151-202/+208
| | | | | | to evaluate arguments. llvm-svn: 96293
* Revert 95541.Ted Kremenek2010-02-081-48/+46
| | | | llvm-svn: 95545
* Rename: GRState::getSVal(Stmt*) => getExprVal(),Zhongxing Xu2010-02-081-46/+48
| | | | | | GRState::getSVal(MemRegion*) => Load(). llvm-svn: 95541
* Cast evaluation no longer touch GRState.Zhongxing Xu2010-02-041-10/+7
| | | | llvm-svn: 95290
* static analyzer: handle casts of a function to a function pointer withTed Kremenek2010-02-041-0/+1
| | | | | | | | a different return type. While we don't emit any errors (yet), at least we avoid cases where we might crash because of an assertion failure later on (when the return type differs from what is expected). llvm-svn: 95268
* Fix bug in GRExprEngine::VisitSizeOfAlignOfExpr() where we do not addTed Kremenek2010-02-021-0/+2
| | | | | | | 'Pred' to 'Dst' for cases we currently don't handle. This fixes <rdar://problem/7593875>. llvm-svn: 95048
* Use getTypeAlignInChars() for alignment in VisitSizeOfAlignOfExpr().Ken Dyck2010-01-271-1/+1
| | | | llvm-svn: 94677
* Split libAnalysis into two libraries: libAnalysis and libChecker.Ted Kremenek2010-01-251-0/+3325
(1) libAnalysis is a generic analysis library that can be used by Sema. It defines the CFG, basic dataflow analysis primitives, and inexpensive flow-sensitive analyses (e.g. LiveVariables). (2) libChecker contains the guts of the static analyzer, incuding the path-sensitive analysis engine and domain-specific checks. Now any clients that want to use the frontend to build their own tools don't need to link in the entire static analyzer. This change exposes various obvious cleanups that can be made to the layout of files and headers in libChecker. More changes pending. :) This change also exposed a layering violation between AnalysisContext and MemRegion. BlockInvocationContext shouldn't explicitly know about BlockDataRegions. For now I've removed the BlockDataRegion* from BlockInvocationContext (removing context-sensitivity; although this wasn't used yet). We need to have a better way to extend BlockInvocationContext (and any LocationContext) to add context-sensitivty. llvm-svn: 94406
OpenPOWER on IntegriCloud