| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about.
In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)
This patch also contains 2 small bug fixes:
- swap the order of operators inside SValBuilder::makeGenericVal.
- handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.
llvm-svn: 146343
|
| |
|
|
|
|
| |
for finding dependent symbols for taint.
llvm-svn: 145986
|
| |
|
|
|
|
|
|
| |
and name.
We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext.
llvm-svn: 145576
|
| |
|
|
|
|
|
| |
CheckerContext::getPredecessor is only used to get to the LocationContext
half of the times.
llvm-svn: 143061
|
| |
|
|
|
|
| |
Also document addTransition methods.
llvm-svn: 143059
|
| |
|
|
|
|
|
|
|
| |
Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?
llvm-svn: 142946
|
| |
|
|
|
|
|
|
| |
of a pointer.
Passing a pointer was a bad idea as it collides with the overload for void*.
llvm-svn: 141971
|
| |
|
|
| |
llvm-svn: 141678
|
| |
|
|
|
|
| |
can obtain block count directly from the Context.
llvm-svn: 141112
|
| |
|
|
|
|
|
|
|
|
| |
explicitly requested for invalidation.
Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.
Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).
llvm-svn: 138716
|
| |
|
|
|
|
|
|
|
|
|
|
| |
API in favor of addVisitor(BugReporterVisitor*).
1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well.
2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor.
3) Modify all the checkers to use the new API.
llvm-svn: 138126
|
| |
|
|
|
|
| |
functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.
llvm-svn: 137894
|
| |
|
|
| |
llvm-svn: 137665
|
| |
|
|
|
|
| |
and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
|
| |
|
|
|
|
| |
time. One is cleanup, the other is me being OCD about enum group nesting.
llvm-svn: 137517
|
| |
|
|
|
|
|
|
| |
separate TypedRegions that implement getValueType() from those that don't.
Patch by Olaf Krzikalla!
llvm-svn: 137498
|
| |
|
|
|
|
|
|
| |
LLVM.h imports
them into the clang namespace.
llvm-svn: 135852
|
| |
|
|
| |
llvm-svn: 133472
|
| |
|
|
|
|
| |
functionality change.
llvm-svn: 133410
|
| |
|
|
|
|
| |
the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
llvm-svn: 133408
|
| |
|
|
|
|
| |
diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
llvm-svn: 133406
|
| |
|
|
|
|
| |
literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
llvm-svn: 133154
|
| |
|
|
|
|
|
|
| |
I will not commit without building first.
I will not commit without building first.
I will not commit without building first...
llvm-svn: 133150
|
| |
|
|
|
|
| |
SValBuilder::getComparisonType() to just referencing IntTy.
llvm-svn: 133149
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
llvm-svn: 133046
|
| |
|
|
|
|
| |
binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
llvm-svn: 133044
|
| |
|
|
| |
llvm-svn: 132956
|
| |
|
|
|
|
| |
can't properly model (yet?) to string-fail.c.
llvm-svn: 132955
|
| |
|
|
| |
llvm-svn: 132618
|
| |
|
|
|
|
| |
memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
llvm-svn: 132617
|
| |
|
|
| |
llvm-svn: 132614
|
| |
|
|
| |
llvm-svn: 132608
|
| |
|
|
| |
llvm-svn: 132607
|
| |
|
|
| |
llvm-svn: 132605
|
| |
|
|
|
|
| |
changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
llvm-svn: 130758
|
| |
|
|
|
|
| |
arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
llvm-svn: 130711
|
| |
|
|
|
|
| |
creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
llvm-svn: 130708
|
| |
|
|
|
|
| |
bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.
llvm-svn: 130425
|
| |
|
|
|
|
|
|
| |
a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.
This fixes Bugzilla #9806.
llvm-svn: 130422
|
| |
|
|
| |
llvm-svn: 130398
|
| |
|
|
|
|
| |
bounds. Requires LLVM svn r129582.
llvm-svn: 130161
|
| |
|
|
|
|
| |
Luis Felipe Strano Moraes!
llvm-svn: 129559
|
| |
|
|
|
|
| |
inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
llvm-svn: 129364
|
| |
|
|
|
|
| |
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
|
| |
|
|
|
|
| |
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
|
| |
|
|
| |
llvm-svn: 126726
|
| |
|
|
| |
llvm-svn: 126350
|
| |
|
|
| |
llvm-svn: 126188
|
| |
|
|
| |
llvm-svn: 126187
|
| |
|
|
| |
llvm-svn: 125777
|
