summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks2012-02-141-2/+4
| | | | | | | | | | | | (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. llvm-svn: 150513
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-071-9/+62
| | | | | | separately. llvm-svn: 149947
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-4/+4
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-1/+1
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-72/+72
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-36/+49
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
* [analyzer] CStringChecker should not rely on the analyzer generating ↵Anna Zaks2011-12-111-4/+5
| | | | | | | | | | | | | | UndefOrUnknown value when it cannot reason about the expression. We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.) This patch also contains 2 small bug fixes: - swap the order of operators inside SValBuilder::makeGenericVal. - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol. llvm-svn: 146343
* [analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use itAnna Zaks2011-12-061-2/+2
| | | | | | for finding dependent symbols for taint. llvm-svn: 145986
* [analyzer] Refactor checkers to use helper function for getting callee Decl ↵Anna Zaks2011-12-011-13/+2
| | | | | | | | and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. llvm-svn: 145576
* [analyzer] Add getLocationContext to CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | | CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. llvm-svn: 143061
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-14/+14
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Simplify CheckerContextAnna Zaks2011-10-251-11/+11
| | | | | | | | | Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? llvm-svn: 142946
* Change operator<< for raw_ostream and NamedDecl to take a reference instead ↵Benjamin Kramer2011-10-141-1/+1
| | | | | | | | of a pointer. Passing a pointer was a bad idea as it collides with the overload for void*. llvm-svn: 141971
* [analyzer] Fix a typo.Anna Zaks2011-10-111-1/+1
| | | | llvm-svn: 141678
* [analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers ↵Anna Zaks2011-10-041-8/+8
| | | | | | can obtain block count directly from the Context. llvm-svn: 141112
* [analyzer] Change the check::RegionChanges callback to include the regions ↵Jordy Rose2011-08-271-7/+8
| | | | | | | | | | explicitly requested for invalidation. Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well. Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming). llvm-svn: 138716
* Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) ↵Anna Zaks2011-08-191-1/+1
| | | | | | | | | | | | API in favor of addVisitor(BugReporterVisitor*). 1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well. 2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor. 3) Modify all the checkers to use the new API. llvm-svn: 138126
* Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks2011-08-171-8/+8
| | | | | | functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. llvm-svn: 137894
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-98/+126
| | | | llvm-svn: 137665
* Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek2011-08-121-2/+2
| | | | | | and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. llvm-svn: 137537
* [analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't inJordy Rose2011-08-121-3/+2
| | | | | | time. One is cleanup, the other is me being OCD about enum group nesting. llvm-svn: 137517
* [analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can ↵Ted Kremenek2011-08-121-6/+5
| | | | | | | | separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! llvm-svn: 137498
* remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner2011-07-231-7/+7
| | | | | | | | LLVM.h imports them into the clang namespace. llvm-svn: 135852
* [analyzer] Finish size argument checking for strncat (and strncpy).Jordy Rose2011-06-201-30/+80
| | | | llvm-svn: 133472
* [analyzer] Replace stream-built error message with constant string. No ↵Jordy Rose2011-06-201-5/+4
| | | | | | functionality change. llvm-svn: 133410
* [analyzer] Re-enable checking for strncpy, along with a new validation of ↵Jordy Rose2011-06-201-9/+32
| | | | | | the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...) llvm-svn: 133408
* [analyzer] Eliminate "byte string function" from CStringChecker's ↵Jordy Rose2011-06-201-30/+67
| | | | | | diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking. llvm-svn: 133406
* [analyzer] Clean up modeling of strcmp, including cases where a string ↵Jordy Rose2011-06-161-41/+85
| | | | | | literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function. llvm-svn: 133154
* [analyzer] Fix trivial errors in previous commit.Jordy Rose2011-06-161-2/+3
| | | | | | | | I will not commit without building first. I will not commit without building first. I will not commit without building first... llvm-svn: 133150
* [analyzer] Cleanup: mainly 80-char violations and preferring ↵Jordy Rose2011-06-161-9/+12
| | | | | | SValBuilder::getComparisonType() to just referencing IntTy. llvm-svn: 133149
* [analyzer] Revise CStringChecker's modelling of strcpy() and strcat():Jordy Rose2011-06-151-51/+239
| | | | | | | | | | | | | | | - (bounded copies) Be more conservative about how much is being copied. - (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it. - (stpcpy) Fix the conjured return value at the end to actually be returned. This requires these supporting changes: - C string metadata symbols are still live even when buried in a SymExpr. - "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.) - The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager. This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list! llvm-svn: 133046
* [analyzer] If a C string length is UnknownVal, clear any existing length ↵Jordy Rose2011-06-151-3/+7
| | | | | | binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway. llvm-svn: 133044
* [analyzer] Change large if body to early return. No functionality change.Jordy Rose2011-06-141-77/+78
| | | | llvm-svn: 132956
* [analyzer] Fix modeling of strnlen to be more conservative. Move tests we ↵Jordy Rose2011-06-141-23/+89
| | | | | | can't properly model (yet?) to string-fail.c. llvm-svn: 132955
* [analyzer] Change an indent-if to an early return. No functionality change.Jordy Rose2011-06-041-39/+39
| | | | llvm-svn: 132618
* [analyzer] Don't crash when copying an unknown number of bytes with ↵Jordy Rose2011-06-041-11/+25
| | | | | | memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside. llvm-svn: 132617
* [analyzer] Remove extra assignment that actually lost a few of the assumptions.Jordy Rose2011-06-041-1/+0
| | | | llvm-svn: 132614
* [analyzer] Fix comment for (still-disabled) evalStrncpyJordy Rose2011-06-041-1/+1
| | | | llvm-svn: 132608
* [analyzer] Fix handling of "copy zero bytes" for memcpy and friends.Jordy Rose2011-06-041-5/+2
| | | | llvm-svn: 132607
* [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)Jordy Rose2011-06-031-1/+1
| | | | llvm-svn: 132605
* Removing strncpy() checking in CString checker for now. Some significant ↵Lenny Maiorani2011-05-031-1/+1
| | | | | | changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. llvm-svn: 130758
* Augment retain/release checker to not warn about tracked objects passed as ↵Ted Kremenek2011-05-021-0/+2
| | | | | | arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. llvm-svn: 130711
* Implements strncasecmp() checker and simplifies some of the logic around ↵Lenny Maiorani2011-05-021-22/+16
| | | | | | creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). llvm-svn: 130708
* Use StringRef::substr() and unbounded StringRef::compare() instead of ↵Lenny Maiorani2011-04-281-1/+8
| | | | | | bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed. llvm-svn: 130425
* Eliminates an assert in the strncpy/strncat checker caused by not validating ↵Lenny Maiorani2011-04-281-0/+7
| | | | | | | | a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced. This fixes Bugzilla #9806. llvm-svn: 130422
* Implements strcasecmp() checker in Static Analyzer.Lenny Maiorani2011-04-281-6/+27
| | | | llvm-svn: 130398
* Implements the strncmp() checker just like the strcmp() checker, but with ↵Lenny Maiorani2011-04-251-2/+32
| | | | | | bounds. Requires LLVM svn r129582. llvm-svn: 130161
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-151-1/+1
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
OpenPOWER on IntegriCloud