| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
arguments...which are allowed if the access length is 0!
llvm-svn: 107759
|
| |
|
|
|
|
| |
IdempotentOperationChecker::PreVisitBinaryOperator.
llvm-svn: 107748
|
| |
|
|
|
|
|
| |
making the other switch case unreachable, or sinking the 'continue' into it
doesn't silence this.
llvm-svn: 107745
|
| |
|
|
|
|
| |
consider them for warnings.
llvm-svn: 107741
|
| |
|
|
|
|
|
|
| |
SubRegions. Fixes assertion failure
reported in PR 7572.
llvm-svn: 107738
|
| |
|
|
|
|
| |
StaticGlobalSpaceRegion.
llvm-svn: 107731
|
| |
|
|
| |
llvm-svn: 107728
|
| |
|
|
|
|
| |
null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon.
llvm-svn: 107722
|
| |
|
|
| |
llvm-svn: 107709
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(-analyzer-idempotent-operation). Finds idempotent and/or tautological operations in a path sensitive context, flagging operations that have no effect or a predictable effect.
Example:
{
int a = 1;
int b = 5;
int c = b / a; // a is 1 on all paths
}
- New IdempotentOperationChecker class
- Moved recursive Stmt functions in r107675 to IdempotentOperationChecker
- Minor refactoring of SVal to allow checking for any integer
- Added command line option for check
- Added basic test cases
llvm-svn: 107706
|
| |
|
|
| |
llvm-svn: 107645
|
| |
|
|
|
|
| |
expression equals a certain value, use SValuator::EvalEQ and GRState::Assume to see if it can, must, or must not equal that value.
llvm-svn: 107638
|
| |
|
|
|
|
| |
argument was non-NULL, and we report where the null assumption came from (like AttrNonNullChecker already did).
llvm-svn: 107633
|
| |
|
|
|
|
| |
unimplemented. A VLA region's sizeof value matches its extent.
llvm-svn: 107611
|
| |
|
|
| |
llvm-svn: 107603
|
| |
|
|
|
|
|
|
|
|
| |
regions that may not be known at compile-time (such as those created by malloc). This replaces the old setExtent/getExtent API on Store, which used the GRState's GDM to store SVals.
Also adds a getKnownValue() method to SValuator, which gets the integer value of an SVal if it is known to only have one possible value. There are more places in the code that could be using this, but in general we want to be dealing entirely in SVals, so its usefulness is limited.
The only visible functionality change is that extents are now honored for any DeclRegion, such as fields and Objective-C ivars, rather than just variables. This shows up in bounds-checking and cast-size-checking.
llvm-svn: 107577
|
| |
|
|
|
|
|
|
|
|
|
| |
non-static global variables
when calling a function/method whose impact on global variables we cannot accurately estimate.
This change introduces two new MemSpaceRegions that divide up the memory space of globals, and causes
RegionStore and BasicStore to consult a binding to the NonStaticGlobalsMemSpaceRegion when lazily
determining the value of a global.
llvm-svn: 107423
|
| |
|
|
|
|
| |
the current statement around everywhere. Preparation for symbolic extents.
llvm-svn: 107422
|
| |
|
|
| |
llvm-svn: 107388
|
| |
|
|
|
|
| |
this time actually used the cached checker list when calling back to Checker visit methods. This reduces the analysis time for sqlite3.c by 8%.
llvm-svn: 107259
|
| |
|
|
|
|
| |
don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.
llvm-svn: 107236
|
| |
|
|
|
|
|
| |
be true if some paths were aborted because they exceeded
the maximum loop unrolling count.
llvm-svn: 107209
|
| |
|
|
| |
llvm-svn: 107012
|
| |
|
|
|
|
| |
SimpleSValuator::EvalBinOpLL().
llvm-svn: 106992
|
| |
|
|
|
|
| |
constraints. Part of PR7491.
llvm-svn: 106972
|
| |
|
|
| |
llvm-svn: 106964
|
| |
|
|
|
|
| |
appear in this context.
llvm-svn: 106919
|
| |
|
|
|
|
| |
scaled as well.
llvm-svn: 106911
|
| |
|
|
|
|
|
|
|
|
|
|
| |
a winowed list of checkers that actually do something for a given StmtClass.
As the number of checkers grows, this may potentially significantly reduce
the number of checkers called at any one time. My own measurements show that
for the ~20 registered Checker objects, only ~5 of them respond at any one time
to a give statement. While this isn't a net performance win right now (there
is a minor slowdown on sqlite.3) this improvement does greatly improve debugging
when stepping through the checkers used to evaluate a given statement.
llvm-svn: 106884
|
| |
|
|
|
|
| |
regression test.
llvm-svn: 106883
|
| |
|
|
|
|
| |
from the context when it is not already available.
llvm-svn: 106868
|
| |
|
|
| |
llvm-svn: 106755
|
| |
|
|
| |
llvm-svn: 106742
|
| |
|
|
| |
llvm-svn: 106741
|
| |
|
|
| |
llvm-svn: 106738
|
| |
|
|
|
|
|
|
|
| |
by GRExprEngine
when the worklist algorithm has terminated. This allows some checkers to do a post-analysis
phase after all paths have been analyzed.
llvm-svn: 106689
|
| |
|
|
| |
llvm-svn: 106617
|
| |
|
|
| |
llvm-svn: 106616
|
| |
|
|
|
|
|
|
| |
Fixes analyzer
crash reported in PR 7450.
llvm-svn: 106609
|
| |
|
|
|
|
|
|
|
| |
types, updating callers of both isFloatingType() and
isRealFloatingType() accordingly. Caught at least one issue where we
allowed one to declare a vector of vectors (!), along with cleaning up
the standard-conversion logic for C++.
llvm-svn: 106595
|
| |
|
|
|
|
|
| |
Instead, halt the analysis of the current path, which is what we do in GRExprEngine::ProcessStmt
for all other C++ constructs not currently handled by the analyzer.
llvm-svn: 106561
|
| |
|
|
| |
llvm-svn: 106530
|
| |
|
|
|
|
| |
assuming relationships, convert the integers to the same type as the symbol, at least for now.
llvm-svn: 106458
|
| |
|
|
| |
llvm-svn: 106456
|
| |
|
|
| |
llvm-svn: 106403
|
| |
|
|
|
|
| |
as "a*0" and "a+0". This is not very powerful, but does make the analyzer look a little smarter than it actually is.
llvm-svn: 106402
|
| |
|
|
|
|
| |
pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
llvm-svn: 106401
|
| |
|
|
|
|
| |
const2
llvm-svn: 106339
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to use them instead of SourceRange. CharSourceRange is just a SourceRange
plus a bool that indicates whether the range has the end character resolved
or whether the end location is the start of the end token. While most of
the compiler wants to think of ranges that have ends that are the start of
the end token, the printf diagnostic stuff wants to highlight ranges within
tokens.
This is transparent to the diagnostic stuff. To start taking advantage of
the new capabilities, you can do something like this:
Diag(..) << CharSourceRange::getCharRange(Begin,End)
llvm-svn: 106338
|
| |
|
|
| |
llvm-svn: 106274
|
