summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/BuiltinFunctionChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] NFC: Change evalCall() to provide a CallEvent.Artem Dergachev2019-06-191-13/+18
| | | | | | | | | | | | This changes the checker callback signature to use the modern, easy to use interface. Additionally, this unblocks future work on allowing checkers to implement evalCall() for calls that don't correspond to any call-expression or require additional information that's only available as part of the CallEvent, such as C++ constructors and destructors. Differential Revision: https://reviews.llvm.org/D62440 llvm-svn: 363893
* [analyzer] When failing to evaluate a __builtin_constant_p, presume it's false.Artem Dergachev2019-04-031-1/+9
| | | | | | | | | | | | | | | | | | | | | __builtin_constant_p(x) is a compiler builtin that evaluates to 1 when its argument x is a compile-time constant and to 0 otherwise. In CodeGen it is simply lowered to the respective LLVM intrinsic. In the Analyzer we've been trying to delegate modeling to Expr::EvaluateAsInt, which is allowed to sometimes fail for no apparent reason. When it fails, let's conservatively return false. Modeling it as false is pretty much never wrong, and it is only required to return true on a best-effort basis, which every user should expect. Fixes VLAChecker false positives on code that tries to emulate static asserts in C by constructing a VLA of dynamic size -1 under the assumption that this dynamic size is actually a constant in the sense of __builtin_constant_p. Differential Revision: https://reviews.llvm.org/D60110 llvm-svn: 357557
* Add a new builtin: __builtin_dynamic_object_sizeErik Pilkington2019-01-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | This builtin has the same UI as __builtin_object_size, but has the potential to be evaluated dynamically. It is meant to be used as a drop-in replacement for libraries that use __builtin_object_size when a dynamic checking mode is enabled. For instance, __builtin_object_size fails to provide any extra checking in the following function: void f(size_t alloc) { char* p = malloc(alloc); strcpy(p, "foobar"); // expands to __builtin___strcpy_chk(p, "foobar", __builtin_object_size(p, 0)) } This is an overflow if alloc < 7, but because LLVM can't fold the object size intrinsic statically, it folds __builtin_object_size to -1. With __builtin_dynamic_object_size, alloc is passed through to __builtin___strcpy_chk. rdar://32212419 Differential revision: https://reviews.llvm.org/D56760 llvm-svn: 352665
* [analyzer] Supply all checkers with a shouldRegister functionKristof Umann2019-01-261-0/+4
| | | | | | | | | | | | | | | | | | Introduce the boolean ento::shouldRegister##CHECKERNAME(const LangOptions &LO) function very similarly to ento::register##CHECKERNAME. This will force every checker to implement this function, but maybe it isn't that bad: I saw a lot of ObjC or C++ specific checkers that should probably not register themselves based on some LangOptions (mine too), but they do anyways. A big benefit of this is that all registry functions now register their checker, once it is called, registration is guaranteed. This patch is a part of a greater effort to reinvent checker registration, more info here: D54438#1315953 Differential Revision: https://reviews.llvm.org/D55424 llvm-svn: 352277
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [analyzer][NFC] Move CheckerRegistry from the Core directory to FrontendKristof Umann2018-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ClangCheckerRegistry is a very non-obvious, poorly documented, weird concept. It derives from CheckerRegistry, and is placed in lib/StaticAnalyzer/Frontend, whereas it's base is located in lib/StaticAnalyzer/Core. It was, from what I can imagine, used to circumvent the problem that the registry functions of the checkers are located in the clangStaticAnalyzerCheckers library, but that library depends on clangStaticAnalyzerCore. However, clangStaticAnalyzerFrontend depends on both of those libraries. One can make the observation however, that CheckerRegistry has no place in Core, it isn't used there at all! The only place where it is used is Frontend, which is where it ultimately belongs. This move implies that since include/clang/StaticAnalyzer/Checkers/ClangCheckers.h only contained a single function: class CheckerRegistry; void registerBuiltinCheckers(CheckerRegistry &registry); it had to re purposed, as CheckerRegistry is no longer available to clangStaticAnalyzerCheckers. It was renamed to BuiltinCheckerRegistration.h, which actually describes it a lot better -- it does not contain the registration functions for checkers, but only those generated by the tblgen files. Differential Revision: https://reviews.llvm.org/D54436 llvm-svn: 349275
* Revert "Revert r347417 "Re-Reinstate 347294 with a fix for the failures.""Fangrui Song2018-11-301-2/+3
| | | | | | | | | It seems the two failing tests can be simply fixed after r348037 Fix 3 cases in Analysis/builtin-functions.cpp Delete the bad CodeGen/builtin-constant-p.c for now llvm-svn: 348053
* Revert r347417 "Re-Reinstate 347294 with a fix for the failures."Fangrui Song2018-11-301-3/+2
| | | | | | | | | | Kept the "indirect_builtin_constant_p" test case in test/SemaCXX/constant-expression-cxx1y.cpp while we are investigating why the following snippet fails: extern char extern_var; struct { int a; } a = {__builtin_constant_p(extern_var)}; llvm-svn: 348039
* Re-commit r347417 "Re-Reinstate 347294 with a fix for the failures."Hans Wennborg2018-11-281-2/+3
| | | | | | | This was reverted in r347656 due to me thinking it caused a miscompile of Chromium. Turns out it was the Chromium code that was broken. llvm-svn: 347756
* Revert r347417 "Re-Reinstate 347294 with a fix for the failures."Hans Wennborg2018-11-271-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This caused a miscompile in Chrome (see crbug.com/908372) that's illustrated by this small reduction: static bool f(int *a, int *b) { return !__builtin_constant_p(b - a) || (!(b - a)); } int arr[] = {1,2,3}; bool g() { return f(arr, arr + 3); } $ clang -O2 -S -emit-llvm a.cc -o - g() should return true, but after r347417 it became false for some reason. This also reverts the follow-up commits. r347417: > Re-Reinstate 347294 with a fix for the failures. > > Don't try to emit a scalar expression for a non-scalar argument to > __builtin_constant_p(). > > Third time's a charm! r347446: > The result of is.constant() is unsigned. r347480: > A __builtin_constant_p() returns 0 with a function type. r347512: > isEvaluatable() implies a constant context. > > Assume that we're in a constant context if we're asking if the expression can > be compiled into a constant initializer. This fixes the issue where a > __builtin_constant_p() in a compound literal was diagnosed as not being > constant, even though it's always possible to convert the builtin into a > constant. r347531: > A "constexpr" is evaluated in a constant context. Make sure this is reflected > if a __builtin_constant_p() is a part of a constexpr. llvm-svn: 347656
* Re-Reinstate 347294 with a fix for the failures.Bill Wendling2018-11-211-2/+3
| | | | | | | | | Don't try to emit a scalar expression for a non-scalar argument to __builtin_constant_p(). Third time's a charm! llvm-svn: 347417
* Revert r347364 again, the fix was incomplete.Nico Weber2018-11-211-3/+2
| | | | llvm-svn: 347389
* Reinstate 347294 with a fix for the failures.Bill Wendling2018-11-201-2/+3
| | | | | | | EvaluateAsInt() is sometimes called in a constant context. When that's the case, we need to specify it as so. llvm-svn: 347364
* [analyzer] Add support for __builtin_constant_p.Artem Dergachev2018-02-101-1/+2
| | | | | | | | | | | This builtin is evaluated in compile time. But in the analyzer we don't yet automagically evaluate all calls that can be evaluated in compile time. Patch by Felix Kostenzer! Differential Revision: https://reviews.llvm.org/D42745 llvm-svn: 324789
* [analyzer] introduce getSVal(Stmt *) helper on ExplodedNode, make sure the ↵George Karpenkov2018-01-171-4/+3
| | | | | | | | | | | | | | | | | | helper is used consistently In most cases using `N->getState()->getSVal(E, N->getLocationContext())` is ugly, verbose, and also opens up more surface area for bugs if an inconsistent location context is used. This patch introduces a helper on an exploded node, and ensures consistent usage of either `ExplodedNode::getSVal` or `CheckContext::getSVal` across the codebase. As a result, a large number of redundant lines is removed. Differential Revision: https://reviews.llvm.org/D42155 llvm-svn: 322753
* [analyzer] Do not continue to analyze a path if the constraints contradict ↵Gabor Horvath2017-06-221-1/+3
| | | | | | | | with builtin assume Differential Revision: https://reviews.llvm.org/D34502 llvm-svn: 305991
* [analyzer] Add modelling of __builtin_assumeGabor Horvath2017-05-121-0/+16
| | | | | | Differential Revision: https://reviews.llvm.org/D33092 llvm-svn: 302880
* Add support for __builtin_alloca_with_alignDavid Majnemer2016-10-311-0/+1
| | | | | | | | | | __builtin_alloca always uses __BIGGEST_ALIGNMENT__ for the alignment of the allocation. __builtin_alloca_with_align allows the programmer to specify the alignment of the allocation. This fixes PR30658. llvm-svn: 285544
* add __builtin_unpredictable and convert to metadataSanjay Patel2015-09-021-2/+3
| | | | | | | | | | | | | | | | | | | | | | | This patch depends on r246688 (D12341). The goal is to make LLVM generate different code for these functions for a target that has cheap branches (see PR23827 for more details): int foo(); int normal(int x, int y, int z) { if (x != 0 && y != 0) return foo(); return 1; } int crazy(int x, int y) { if (__builtin_unpredictable(x != 0 && y != 0)) return foo(); return 1; } Differential Revision: http://reviews.llvm.org/D12458 llvm-svn: 246699
* Teach the analyzer that __builtin_assume_aligned returns its first argument.Jordan Rose2014-09-091-1/+3
| | | | | | Patch by Daniel Fahlgren! llvm-svn: 217461
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-6/+19
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* [analyzer] Add support for __builtin_addressof.Jordan Rose2013-07-121-1/+4
| | | | | | ...so we don't regress on std::addressof. llvm-svn: 186140
* Replace SVal llvm::cast support to be well-defined.David Blaikie2013-02-201-1/+1
| | | | | | See r175462 for another example/more details. llvm-svn: 175594
* Sort all of Clang's files under 'lib', and fix up the broken headersChandler Carruth2012-12-041-1/+1
| | | | | | | | | | | | | uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. llvm-svn: 169237
* [analyzer] Fix a crash reported in PR 14400.Anna Zaks2012-11-261-0/+1
| | | | | | | | The AllocaRegion did not have the superRegion (based on LocationContext) as part of it's hash. As a consequence, the AllocaRegions from different frames were uniqued to be the same region. llvm-svn: 168599
* Rename 'currentX' to 'currX' throughout analyzer and libAnalysis.Ted Kremenek2012-08-221-1/+1
| | | | | | | | | Also rename 'getCurrentBlockCounter()' to 'blockCount()'. This ripples a bunch of code simplifications; mostly aesthetic, but makes the code a bit tighter. llvm-svn: 162349
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-1/+1
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-4/+5
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
* [analyzer] Refactor checkers to use helper function for getting callee Decl ↵Anna Zaks2011-12-011-5/+2
| | | | | | | | and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. llvm-svn: 145576
* [analyzer] Add getLocationContext to CheckerContextAnna Zaks2011-10-261-2/+1
| | | | | | | CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. llvm-svn: 143061
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-2/+2
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers ↵Anna Zaks2011-10-041-1/+1
| | | | | | can obtain block count directly from the Context. llvm-svn: 141112
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-1/+1
| | | | llvm-svn: 137665
* [analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis2011-03-011-2/+2
| | | | llvm-svn: 126726
* [analyzer] Migrate BuiltinFunctionChecker to CheckerV2.Argyrios Kyrtzidis2011-02-281-10/+12
| | | | llvm-svn: 126611
* Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek2011-02-101-1/+1
| | | | | | | | 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. llvm-svn: 125251
* [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> ↵Argyrios Kyrtzidis2011-02-081-1/+1
| | | | | | lib/StaticAnalyzer/Checkers/InternalChecks.h llvm-svn: 125121
* Chris Lattner has strong opinions about directoryTed Kremenek2010-12-231-0/+83
layout. :) Rename the 'EntoSA' directories to 'StaticAnalyzer'. Internally we will still use the 'ento' namespace for the analyzer engine (unless there are further sabre rattlings...). llvm-svn: 122514
OpenPOWER on IntegriCloud