summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports.Artem Dergachev2019-09-091-1/+1
| | | | | | | | | | | | | Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 llvm-svn: 371450
* [Clang] Migrate llvm::make_unique to std::make_uniqueJonas Devlieghere2019-08-141-2/+2
| | | | | | | | | | Now that we've moved to C++14, we no longer need the llvm::make_unique implementation from STLExtras.h. This patch is a mechanical replacement of (hopefully) all the llvm::make_unique instances across the monorepo. Differential revision: https://reviews.llvm.org/D66259 llvm-svn: 368942
* [analyzer] Move taint API from ProgramState to a separate header. NFC.Artem Dergachev2019-03-291-1/+3
| | | | | | | | | | It is now an inter-checker communication API, similar to the one that connects MallocChecker/CStringChecker/InnerPointerChecker: simply a set of setters and getters for a state trait. Differential Revision: https://reviews.llvm.org/D59861 llvm-svn: 357326
* [analyzer] Supply all checkers with a shouldRegister functionKristof Umann2019-01-261-0/+4
| | | | | | | | | | | | | | | | | | Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO) function very similarly to ento::register##CHECKERNAME. This will force every checker to implement this function, but maybe it isn't that bad: I saw a lot of ObjC or C++ specific checkers that should probably not register themselves based on some LangOptions (mine too), but they do anyways. A big benefit of this is that all registry functions now register their checker, once it is called, registration is guaranteed. This patch is a part of a greater effort to reinvent checker registration, more info here: D54438#1315953 Differential Revision: https://reviews.llvm.org/D55424 llvm-svn: 352277
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [analyzer][NFC] Move CheckerRegistry from the Core directory to FrontendKristof Umann2018-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ClangCheckerRegistry is a very non-obvious, poorly documented, weird concept. It derives from CheckerRegistry, and is placed in lib/StaticAnalyzer/Frontend, whereas it's base is located in lib/StaticAnalyzer/Core. It was, from what I can imagine, used to circumvent the problem that the registry functions of the checkers are located in the clangStaticAnalyzerCheckers library, but that library depends on clangStaticAnalyzerCore. However, clangStaticAnalyzerFrontend depends on both of those libraries. One can make the observation however, that CheckerRegistry has no place in Core, it isn't used there at all! The only place where it is used is Frontend, which is where it ultimately belongs. This move implies that since include/clang/StaticAnalyzer/Checkers/ClangCheckers.h only contained a single function: class CheckerRegistry; void registerBuiltinCheckers(CheckerRegistry &registry); it had to re purposed, as CheckerRegistry is no longer available to clangStaticAnalyzerCheckers. It was renamed to BuiltinCheckerRegistration.h, which actually describes it a lot better -- it does not contain the registration functions for checkers, but only those generated by the tblgen files. Differential Revision: https://reviews.llvm.org/D54436 llvm-svn: 349275
* [analyzer] Remove the redundant check about same state transition in ↵Henry Wong2018-05-301-3/+1
| | | | | | | | | | | | | | | | `ArrayBoundCheckerV2.cpp`. Summary: Since the `addTransitionImpl()` has a check about same state transition, there is no need to check it in `ArrayBoundCheckerV2.cpp`. Reviewers: NoQ, xazax.hun, george.karpenkov Reviewed By: NoQ Subscribers: szepet, rnkovacs, a.sidorin, cfe-commits, MTC Differential Revision: https://reviews.llvm.org/D47451 llvm-svn: 333531
* [analyzer] Add `TaintBugVisitor` to the ArrayBoundV2, DivideZero and VLASize.Henry Wong2018-05-021-9/+12
| | | | | | | | | | | | | | Summary: Add `TaintBugVisitor` to the ArrayBoundV2, DivideZero, VLASize to be able to indicate where the taint information originated from. Reviewers: NoQ, george.karpenkov, xazax.hun, a.sidorin Reviewed By: NoQ Subscribers: szepet, rnkovacs, cfe-commits, MTC Differential Revision: https://reviews.llvm.org/D46007 llvm-svn: 331345
* Add NDEBUG checks around LLVM_DUMP_METHOD functions for Wunused-function ↵Eric Christopher2017-11-161-1/+2
| | | | | | warnings. llvm-svn: 318371
* [analyzer] Calculate extent size for memory regions allocated by new expression.Gabor Horvath2016-09-191-12/+5
| | | | | | | | | | | ArrayBoundChecker did not detect out of bounds memory access errors in case an array was allocated by the new expression. This patch resolves this issue. Patch by Daniel Krupp! Differential Revision: https://reviews.llvm.org/D24307 llvm-svn: 281934
* [analyzer] Correctly add assumptions based on array bounds.Gabor Horvath2016-08-221-12/+67
| | | | | | | | Also simplify the constraints generated by the checker. Differential Revision: https://reviews.llvm.org/D23112 llvm-svn: 279425
* Annotate dump() methods with LLVM_DUMP_METHOD, addressing Richard Smith ↵Yaron Keren2016-01-291-1/+1
| | | | | | r259192 post commit comment. llvm-svn: 259232
* [analyzer] Add generateErrorNode() APIs to CheckerContext.Devin Coughlin2015-09-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The analyzer trims unnecessary nodes from the exploded graph before reporting path diagnostics. However, in some cases it can trim all nodes (including the error node), leading to an assertion failure (see https://llvm.org/bugs/show_bug.cgi?id=24184). This commit addresses the issue by adding two new APIs to CheckerContext to explicitly create error nodes. Unless the client provides a custom tag, these APIs tag the node with the checker's tag -- preventing it from being trimmed. The generateErrorNode() method creates a sink error node, while generateNonFatalErrorNode() creates an error node for a path that should continue being explored. The intent is that one of these two methods should be used whenever a checker creates an error node. This commit updates the checkers to use these APIs. These APIs (unlike addTransition() and generateSink()) do not take an explicit Pred node. This is because there are not any error nodes in the checkers that were created with an explicit different than the default (the CheckerContext's Pred node). It also changes generateSink() to require state and pred nodes (previously these were optional) to reduce confusion. Additionally, there were several cases where checkers did check whether a generated node could be null; we now explicitly check for null in these places. This commit also includes a test case written by Ying Yi as part of http://reviews.llvm.org/D12163 (that patch originally addressed this issue but was reverted because it introduced false positive regressions). Differential Revision: http://reviews.llvm.org/D12780 llvm-svn: 247859
* [analyzer] Apply whitespace cleanups by Honggyu Kim.Ted Kremenek2015-09-081-21/+21
| | | | llvm-svn: 246978
* Clarify pointer ownership semantics by hoisting the std::unique_ptr creation ↵Aaron Ballman2015-06-231-1/+2
| | | | | | to the caller instead of hiding it in emitReport. NFC. llvm-svn: 240400
* Revert r240270 ("Fixed/added namespace ending comments using clang-tidy").Alexander Kornienko2015-06-221-1/+1
| | | | llvm-svn: 240353
* Fixed/added namespace ending comments using clang-tidy. NFCAlexander Kornienko2015-06-221-1/+1
| | | | | | | | | | | | The patch is generated using this command: $ tools/extra/clang-tidy/tool/run-clang-tidy.py -fix \ -checks=-*,llvm-namespace-comment -header-filter='llvm/.*|clang/.*' \ work/llvm/tools/clang To reduce churn, not touching namespaces spanning less than 10 lines. llvm-svn: 240270
* [analyzer] Refactor and cleanup IsCompleteTypeAnna Zaks2014-10-031-12/+1
| | | | | | | | | | There are three copies of IsCompleteType(...) functions in CSA and all of them are incomplete (I experienced crashes in some CSA's test cases). I have replaced these function calls with Type::isIncompleteType() calls. A patch by Aleksei Sidorin! llvm-svn: 219026
* [C++11] Use 'nullptr'. StaticAnalyzer edition.Craig Topper2014-05-271-2/+2
| | | | llvm-svn: 209642
* Replace OwningPtr with std::unique_ptr.Ahmed Charles2014-03-071-2/+2
| | | | | | This compiles cleanly with lldb/lld/clang-tools-extra/llvm. llvm-svn: 203279
* [C++11] Replace llvm::tie with std::tie.Benjamin Kramer2014-03-021-2/+2
| | | | llvm-svn: 202639
* Expose the name of the checker producing each diagnostic message.Alexander Kornienko2014-02-111-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Summary: In clang-tidy we'd like to know the name of the checker producing each diagnostic message. PathDiagnostic has BugType and Category fields, which are both arbitrary human-readable strings, but we need to know the exact name of the checker in the form that can be used in the CheckersControlList option to enable/disable the specific checker. This patch adds the CheckName field to the CheckerBase class, and sets it in the CheckerManager::registerChecker() method, which gets them from the CheckerRegistry. Checkers that implement multiple checks have to store the names of each check in the respective registerXXXChecker method. Reviewers: jordan_rose, krememek Reviewed By: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D2557 llvm-svn: 201186
* Include llvm::Optional in clang/Basic/LLVM.hDavid Blaikie2013-02-201-3/+3
| | | | | | Post-commit CR feedback from Jordan Rose regarding r175594. llvm-svn: 175679
* Replace SVal llvm::cast support to be well-defined.David Blaikie2013-02-201-15/+14
| | | | | | See r175462 for another example/more details. llvm-svn: 175594
* Sort all of Clang's files under 'lib', and fix up the broken headersChandler Carruth2012-12-041-2/+2
| | | | | | | | | | | | | uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. llvm-svn: 169237
* Include pruning and general cleanup.Benjamin Kramer2012-12-011-1/+1
| | | | llvm-svn: 169095
* [analyzer] Rename 'EmitReport' to 'emitReport'.Jordan Rose2012-11-021-1/+1
| | | | | | No functionality change. llvm-svn: 167275
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-1/+1
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-1/+1
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-10/+10
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* [analyzer] Make VLA checker taint aware. Anna Zaks2012-01-211-5/+14
| | | | | | Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later). llvm-svn: 148626
* [analyzer] Catch the first taint propagation implied buffer overflow.Anna Zaks2011-11-161-5/+13
| | | | | | | | | | | | | | Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows when the offset is tainted. Previously, we did not report bugs when the state was underconstrained (not enough information about the bound to determine if there is an overflow) to avoid false positives. However, if we know that the buffer offset is tainted - comes in from the user space and can be anything, we should report it as a bug. + The very first example of us catching a taint related bug. This is the only example we can currently handle. More to come... llvm-svn: 144826
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Remove the dependency on CheckerContext::getStmt() as well as the ↵Anna Zaks2011-10-061-1/+3
| | | | | | method itself. llvm-svn: 141262
* Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks2011-08-171-1/+1
| | | | | | functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. llvm-svn: 137894
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-11/+11
| | | | llvm-svn: 137665
* Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek2011-08-121-2/+2
| | | | | | and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. llvm-svn: 137537
* remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner2011-07-231-2/+2
| | | | | | | | LLVM.h imports them into the clang namespace. llvm-svn: 135852
* ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the ↵Ted Kremenek2011-04-121-19/+42
| | | | | | 0-index of a symbolic region. In many cases that isn't really the base offset. llvm-svn: 129366
* [analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis2011-03-011-2/+2
| | | | llvm-svn: 126726
* [analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.Argyrios Kyrtzidis2011-02-281-18/+15
| | | | | | Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow llvm-svn: 126609
* Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek2011-02-101-3/+3
| | | | | | | | 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. llvm-svn: 125251
* [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> ↵Argyrios Kyrtzidis2011-02-081-1/+1
| | | | | | lib/StaticAnalyzer/Checkers/InternalChecks.h llvm-svn: 125121
* [analyzer] Add 'isLoad' parameter in Checker::visitLocation() to ↵Argyrios Kyrtzidis2011-01-111-2/+2
| | | | | | conveniently distinguish between loads/stores. llvm-svn: 123261
* Chris Lattner has strong opinions about directoryTed Kremenek2010-12-231-0/+277
layout. :) Rename the 'EntoSA' directories to 'StaticAnalyzer'. Internally we will still use the 'ento' namespace for the analyzer engine (unless there are further sabre rattlings...). llvm-svn: 122514
OpenPOWER on IntegriCloud