|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| | llvm-svn: 246978 | 
| | 
| 
| 
| 
| 
| | to the caller instead of hiding it in emitReport. NFC.
llvm-svn: 240400 | 
| | 
| 
| 
| | llvm-svn: 238910 | 
| | 
| 
| 
| | llvm-svn: 209642 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | found with a smarter version of -Wunused-member-function that I'm playwing with.
Appologies in advance if I removed someone's WIP code.
 ARCMigrate/TransProperties.cpp                  |    8 -----
 AST/MicrosoftMangle.cpp                         |    1 
 Analysis/AnalysisDeclContext.cpp                |    5 ---
 Analysis/LiveVariables.cpp                      |   14 ----------
 Index/USRGeneration.cpp                         |   10 -------
 Sema/Sema.cpp                                   |   33 +++++++++++++++++++++---
 Sema/SemaChecking.cpp                           |    3 --
 Sema/SemaDecl.cpp                               |   20 ++------------
 StaticAnalyzer/Checkers/GenericTaintChecker.cpp |    1 
 9 files changed, 34 insertions(+), 61 deletions(-)
llvm-svn: 204561 | 
| | 
| 
| 
| 
| 
| | specific_attr_end() with iterator_range specific_attrs(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203474 | 
| | 
| 
| 
| 
| 
| | This compiles cleanly with lldb/lld/clang-tools-extra/llvm.
llvm-svn: 203279 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Summary:
In clang-tidy we'd like to know the name of the checker producing each
diagnostic message. PathDiagnostic has BugType and Category fields, which are
both arbitrary human-readable strings, but we need to know the exact name of the
checker in the form that can be used in the CheckersControlList option to
enable/disable the specific checker.
This patch adds the CheckName field to the CheckerBase class, and sets it in
the CheckerManager::registerChecker() method, which gets them from the
CheckerRegistry.
Checkers that implement multiple checks have to store the names of each check
in the respective registerXXXChecker method.
Reviewers: jordan_rose, krememek
Reviewed By: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D2557
llvm-svn: 201186 | 
| | 
| 
| 
| 
| 
| | StringArgument since that is a more accurate modeling.
llvm-svn: 189851 | 
| | 
| 
| 
| 
| 
| | Post-commit CR feedback from Jordan Rose regarding r175594.
llvm-svn: 175679 | 
| | 
| 
| 
| 
| 
| | See r175462 for another example/more details.
llvm-svn: 175594 | 
| | 
| 
| 
| 
| 
| | brought into 'clang' namespace by clang/Basic/LLVM.h
llvm-svn: 172323 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | uncovered.
This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.
I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.
llvm-svn: 169237 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | pull in all the generated Attr code.
Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.
llvm-svn: 169092 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.
This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait,
but it does get a lot of them.
llvm-svn: 167276 | 
| | 
| 
| 
| 
| 
| | No functionality change.
llvm-svn: 167275 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | This enables the faster SmallVector in clang and also allows clang's unused
variable warnings to be more effective. Fix the two instances that popped up.
The RetainCountChecker change actually changes functionality, it would be nice
if someone from the StaticAnalyzer folks could look at it.
llvm-svn: 160444 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | C++ method calls and C function calls both appear as CallExprs in the AST.
This was causing crashes for an object that had a 'free' method.
<rdar://problem/11822244>
llvm-svn: 160029 | 
| | 
| 
| 
| | llvm-svn: 157886 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | (Applied changes to CStringAPI, Malloc, and Taint.)
This might almost never happen, but we should not crash even if it does.
This fixes a crash on the internal analyzer buildbot, where postgresql's
configure was redefining memmove (radar://11219852).
llvm-svn: 154451 | 
| | 
| 
| 
| | llvm-svn: 151120 | 
| | 
| 
| 
| | llvm-svn: 149798 | 
| | 
| 
| 
| 
| 
| 
| 
| | At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.
llvm-svn: 149081 | 
| | 
| 
| 
| | llvm-svn: 148844 | 
| | 
| 
| 
| 
| 
| | Loc value. When this happens, use the default type.
llvm-svn: 148631 | 
| | 
| 
| 
| | llvm-svn: 148577 | 
| | 
| 
| 
| | llvm-svn: 148518 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | TaintPropagationRule::process().
Also remove the "should be a pointer argument" warning - should be
handled elsewhere.
llvm-svn: 148372 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | size (Ex: in malloc, memcpy, strncpy..)
(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)
llvm-svn: 148371 | 
| | 
| 
| 
| 
| 
| | functions.
llvm-svn: 148370 | 
| | 
| 
| 
| 
| 
| | taint propagation functions.
llvm-svn: 148266 | 
| | 
| 
| 
| 
| 
| | data.
llvm-svn: 148176 | 
| | 
| 
| 
| | llvm-svn: 148080 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.
Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.
llvm-svn: 148010 | 
| | 
| 
| 
| | llvm-svn: 147744 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.
llvm-svn: 147714 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via inlining.  Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.
This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back.  There are also potential performance implications
of enlarging the Environment.  Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment.  This patch
mainly introduces the functionality upon when we want to build upon (and clean up).
llvm-svn: 147688 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Check if the input parameters are tainted (or point to tainted data) on
a checkPreStmt<CallExpr>. If the output should be tainted, record it in
the state. On post visit (checkPostStmt<CallExpr>), use the state to
make decisions (in addition to the existing logic). Use this logic for
atoi and fscanf.
llvm-svn: 146793 | 
| | 
| 
| 
| | llvm-svn: 146748 | 
| | 
| 
| 
| 
| 
| 
| 
| | Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)
llvm-svn: 146536 | 
| | 
| 
| 
| | llvm-svn: 146533 | 
| | 
| 
| 
| 
| 
| | Also, allow adding taint to a region (not only a symbolic value).
llvm-svn: 146532 | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. 
In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)
This patch also contains 2 small bug fixes:
 - swap the order of operators inside SValBuilder::makeGenericVal.
 - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.
llvm-svn: 146343 | 
| | 
| 
| 
| 
| 
| 
| 
| | running taint checker).
There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.
llvm-svn: 144964 | 
|  | The checker is responsible for defining attack surface and adding taint to symbols.
llvm-svn: 144825 |