summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Catch the first taint propagation implied buffer overflow.Anna Zaks2011-11-161-5/+13
| | | | | | | | | | | | | | Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows when the offset is tainted. Previously, we did not report bugs when the state was underconstrained (not enough information about the bound to determine if there is an overflow) to avoid false positives. However, if we know that the buffer offset is tainted - comes in from the user space and can be anything, we should report it as a bug. + The very first example of us catching a taint related bug. This is the only example we can currently handle. More to come... llvm-svn: 144826
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Remove the dependency on CheckerContext::getStmt() as well as the ↵Anna Zaks2011-10-061-1/+3
| | | | | | method itself. llvm-svn: 141262
* Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks2011-08-171-1/+1
| | | | | | functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. llvm-svn: 137894
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-11/+11
| | | | llvm-svn: 137665
* Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek2011-08-121-2/+2
| | | | | | and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. llvm-svn: 137537
* remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner2011-07-231-2/+2
| | | | | | | | LLVM.h imports them into the clang namespace. llvm-svn: 135852
* ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the ↵Ted Kremenek2011-04-121-19/+42
| | | | | | 0-index of a symbolic region. In many cases that isn't really the base offset. llvm-svn: 129366
* [analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis2011-03-011-2/+2
| | | | llvm-svn: 126726
* [analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.Argyrios Kyrtzidis2011-02-281-18/+15
| | | | | | Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow llvm-svn: 126609
* Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek2011-02-101-3/+3
| | | | | | | | 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. llvm-svn: 125251
* [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> ↵Argyrios Kyrtzidis2011-02-081-1/+1
| | | | | | lib/StaticAnalyzer/Checkers/InternalChecks.h llvm-svn: 125121
* [analyzer] Add 'isLoad' parameter in Checker::visitLocation() to ↵Argyrios Kyrtzidis2011-01-111-2/+2
| | | | | | conveniently distinguish between loads/stores. llvm-svn: 123261
* Chris Lattner has strong opinions about directoryTed Kremenek2010-12-231-0/+277
layout. :) Rename the 'EntoSA' directories to 'StaticAnalyzer'. Internally we will still use the 'ento' namespace for the analyzer engine (unless there are further sabre rattlings...). llvm-svn: 122514
OpenPOWER on IntegriCloud