summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Remove obsolete GenericNodeBuilderRefCount from RetainCountChecker.Jordan Rose2012-08-181-39/+16
| | | | | | | | | | This was once an adapter class between callbacks that had CheckerContexts and those that don't, but for a while now it's essentially just been a wrapper around a ProgramPointTag. We can just pass the tag around instead. No functionality change. llvm-svn: 162155
* [analyzer] Remove other #if 0 from Retain Count checker.Anna Zaks2012-08-141-37/+1
| | | | | | These date back to 2009, 2011. llvm-svn: 161876
* [analyzer] Remove autorelease pools code from the Retain Count checker.Anna Zaks2012-08-141-113/+0
| | | | llvm-svn: 161875
* [analyzer] Fixup to r161821Anna Zaks2012-08-141-3/+1
| | | | llvm-svn: 161854
* [analyzer] Disable autorelease pool tracking.Anna Zaks2012-08-141-2/+21
| | | | | | | | | The autorelease pool has not been implemented completely: we were adding the autoreleased symbols to the state, but never looking at them. Until we have a complete implementation, remove the overhead and comment out the unused code. llvm-svn: 161821
* [analyzer] Refactor RetainReleaseChecker to go through a function callAnna Zaks2012-08-141-40/+53
| | | | | | | | | | | to set/get/remove the RefBinding. No functional change here. Having these setter and getter methods will make it much easier when replacing the underlining representation of RefBindings (I just went through the exercise). It makes the code more readable as well. llvm-svn: 161820
* [analyzer] Ignore OS X 10.8's annotations for NSMakeCollectable.Jordan Rose2012-08-061-1/+6
| | | | | | | | | | The frameworks correctly use the 'cf_consumed' and 'ns_returns_retained' attributes for NSMakeCollectable, but we can model the behavior under garbage collection more precisely than that. No functionality change. llvm-svn: 161349
* [analyzer] Only allow CallEvents to be created by CallEventManager.Jordan Rose2012-07-301-2/+5
| | | | | | | | | | This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. llvm-svn: 160986
* [analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.Jordan Rose2012-07-261-1/+1
| | | | llvm-svn: 160815
* Fix a typo (the the => the)Sylvestre Ledru2012-07-231-1/+1
| | | | llvm-svn: 160622
* [analyzer] Combine all ObjC message CallEvents into ObjCMethodCall.Jordan Rose2012-07-181-21/+15
| | | | | | | | | | | | As pointed out by Anna, we only differentiate between explicit message sends This also adds support for ObjCSubscriptExprs, which are basically the same as properties in many ways. We were already checking these, but not emitting nice messages for them. This depends on the llvm::PointerIntPair change in r160456. llvm-svn: 160461
* Remove trivial destructor from SVal.Benjamin Kramer2012-07-181-1/+1
| | | | | | | | | | This enables the faster SmallVector in clang and also allows clang's unused variable warnings to be more effective. Fix the two instances that popped up. The RetainCountChecker change actually changes functionality, it would be nice if someone from the StaticAnalyzer folks could look at it. llvm-svn: 160444
* [analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPointsJordan Rose2012-07-101-1/+8
| | | | | | | These ProgramPoints are used in inlining calls, and not all calls have associated statements anymore. llvm-svn: 160021
* [analyzer] Add a CXXDestructorCall CallEvent.Jordan Rose2012-07-101-0/+1
| | | | | | | | While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. llvm-svn: 160020
* [analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.Jordan Rose2012-07-101-1/+2
| | | | | | | | | | | | | | | | | These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. llvm-svn: 160019
* [analyzer] For now, don't inline non-static member overloaded operators.Jordan Rose2012-07-031-0/+1
| | | | | | | | | | | | | | Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. llvm-svn: 159692
* [analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation.Jordan Rose2012-07-021-0/+1
| | | | | | | This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. llvm-svn: 159608
* [analyzer] Convert existing checkers to use check::preCall and check::postCall.Jordan Rose2012-07-021-59/+9
| | | | llvm-svn: 159563
* [analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.Jordan Rose2012-07-021-10/+4
| | | | | | | | The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall argument, which can represent an explicit message send (ObjCMessageSend) or an implicit message generated by a property access (ObjCPropertyAccess). llvm-svn: 159559
* [analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.Jordan Rose2012-07-021-8/+9
| | | | | | | | | | | | Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper around the existing ObjCMessage abstraction (over message sends and property accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses ObjCMessageSend and ObjCPropertyAccess. In addition to removing yet another wrapper object, this should make it easy to add a ObjCSubscriptAccess call event soon. llvm-svn: 159558
* [analyzer] Convert RetainCountChecker to use CallEvent as much as possible.Jordan Rose2012-07-021-188/+237
| | | | | | | | | | | | | | | | | | | | | | | | | This ended allowing quite a bit of cleanup, and some minor changes. - CallEvent makes it easy to use hasNonZeroCallbackArg more aggressively, which we check in order to avoid false positives with callbacks that might release the object. - In order to support this for functions which consume their arguments, there are two new ArgEffects: DecRefAndStopTracking and DecRefMsgAndStopTracking. These act just like StopTracking, except that if the object only had a return count of +1 it's now considered released instead (so we still get use-after-free messages). - On the plus side, we no longer have to special-case +[NSObject performSelector:withObject:afterDelay:] and friends. - The use of IdentifierInfos in the method summary cache is now hidden; only the ObjCInterfaceDecl gets passed around most of the time. - Since we cache all "simple" summaries and check every function call, there is no real benefit to having NULL stand in for default summaries anymore. - Whitespace, unused methods, etc. Even more simplification to come when we get check::postCall and can unify all these other post* checks. llvm-svn: 159555
* [analyzer] Add a new abstraction over all types of calls: CallEventJordan Rose2012-07-021-2/+2
| | | | | | | | | | This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. llvm-svn: 159554
* [analyzer] RetainCountChecker: remove unused SelfOwn ArgEffect kind.Jordan Rose2012-06-271-4/+1
| | | | llvm-svn: 159245
* [analyzer] RetainCount: don't track objects init'd with a delegateJordan Rose2012-06-151-4/+9
| | | | | | | | | We already didn't track objects that have delegates or callbacks or objects that are passed through void * "context pointers". It's a not-uncommon pattern to release the object in its callback, and so the leak message we give is not very helpful. llvm-svn: 158532
* Remove unused private member variables found by clang's new ↵Benjamin Kramer2012-06-061-32/+15
| | | | | | -Wunused-private-field. llvm-svn: 158086
* Replace some custom hash combines with the standard stuff from DenseMapInfo.Benjamin Kramer2012-05-271-8/+5
| | | | llvm-svn: 157531
* [analyzer] RetainCountChecker: track ObjC boxed expression objects.Jordy Rose2012-05-121-0/+45
| | | | llvm-svn: 156699
* Teach the static analyzer that NSLog() and friends do not hold on to object ↵Ted Kremenek2012-05-081-0/+6
| | | | | | references (thus extending their lifetime). llvm-svn: 156346
* [analyzer]Fixup r156215: use StopTracking summary instead of ScratchArgsAnna Zaks2012-05-071-4/+2
| | | | | | | As per Jordy's and Ted's comment, use the default StopTracking summary instead of adding all arguments to ScratchArs. llvm-svn: 156310
* [analyzer] RetainCountChecker: Allow objects to escape through callbacksAnna Zaks2012-05-041-8/+20
| | | | | | Fixes radar://10973977. llvm-svn: 156215
* [analyzer] RetainRelease: Self assignment should not suppress a leakAnna Zaks2012-05-021-1/+5
| | | | | | warning. llvm-svn: 155966
* Teach RetainCountchecker about IORegistryEntrySearchCFProperty returning ↵Ted Kremenek2012-05-011-0/+1
| | | | | | retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap. llvm-svn: 155887
* Teach RetainCountChecker that it doesn't quite understand ↵Ted Kremenek2012-04-261-3/+3
| | | | | | pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>. llvm-svn: 155613
* Require that all static analyzer issues have a category. As part of this ↵Ted Kremenek2012-04-051-1/+1
| | | | | | | | | | change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. llvm-svn: 154121
* [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.Anna Zaks2012-03-301-0/+7
| | | | | | | | Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. llvm-svn: 153731
* Change RetainCountChecker to eagerly "escape" retained objects when they areTed Kremenek2012-03-271-0/+6
| | | | | | | | | | | | assigned to a struct. This is fallout from inlining results, which expose far more patterns where people stuff CF objects into structs and pass them around (and we can reason about it). The problem is that we don't have a general way to detect when values have escaped, so as an intermediate step we need to eagerly prune out such tracking. Fixes <rdar://problem/11104566>. llvm-svn: 153489
* [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able ↵Jordy Rose2012-03-241-1/+10
| | | | | | to reset diagnostic generation. llvm-svn: 153368
* Avoid applying retain/release effects twice in RetainCountChecker when a ↵Ted Kremenek2012-03-231-0/+3
| | | | | | function call was inlined (i.e., we do not need to apply summaries in such cases). llvm-svn: 153309
* "Teach" RetainCountChecker about dispatch_set_context, which can indirectly ↵Ted Kremenek2012-03-221-0/+8
| | | | | | free its argument later. Fixes <rdar://problem/11059275>. llvm-svn: 153244
* [analyser] Factor out FindUniqueBinding from RetainCount checker.Anna Zaks2012-03-211-33/+1
| | | | | | So that others could use it as well. No functionality change. llvm-svn: 153211
* [analyzer] Use a FoldingSet to cache simple RetainSummary instances, rather ↵Jordy Rose2012-03-181-40/+58
| | | | | | | | | | than explicitly keeping DoNothing and StopTracking summaries and nothing else. I tried to test the effects of this change on memory usage and run time, but what I saw on retain-release.m was indistinguishable from noise (debug and release builds). Even so, some caveman profiling showed 101 cache hits that we would have generated new summaries for before (i.e. not default or stop summaries), and the more code we analyze, the more memory we should save. Maybe we should have a standard project for benchmarking the retain count checker's memory and time? llvm-svn: 153007
* [analyzer] Unify retain-count summary generation for class and instance ↵Jordy Rose2012-03-171-53/+26
| | | | | | methods. No functionality change. llvm-svn: 153001
* [analyzer] Remove duplicate work on deriving method behavior. No ↵Jordy Rose2012-03-171-83/+74
| | | | | | | | | | functionality change. The cocoa::deriveNamingConventions helper is just using method families anyway now, and the way RetainSummaryTemplate works means we're allocating an extra summary for every method with a relevant family. Also, fix RetainSummaryTemplate to do the right thing w/r/t annotating an /existing/ summary. This was probably the real cause of <rdar://problem/10824732> and the fix in r152448. llvm-svn: 152998
* [analyzer] Don't claim an object was returned with +1 retain count before ↵Jordy Rose2012-03-171-4/+8
| | | | | | | | counting autoreleases. Fixes PR10376. (Also, 80-column violations.) llvm-svn: 152976
* Unify naming of LangOptions variable/get function across the Clang stack ↵David Blaikie2012-03-111-7/+7
| | | | | | | | | | (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner llvm-svn: 152536
* Teach RetainCountChecker about mixing method families with explicit ↵Ted Kremenek2012-03-091-0/+30
| | | | | | annotations. Fixes <rdar://problem/10824732>. llvm-svn: 152448
* [analyzer] Implement basic path diagnostic pruning based on "interesting" ↵Ted Kremenek2012-03-091-4/+2
| | | | | | | | | | | | | | | | | symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. llvm-svn: 152361
* Add static analyzer support for new NSArray/NSDictionary/NSNumber literals.Ted Kremenek2012-03-061-31/+89
| | | | llvm-svn: 152139
* [analyzer] Leaks should be uniqued by the allocation point in theAnna Zaks2012-02-281-4/+16
| | | | | | closest function context (RetainCountChecker). llvm-svn: 151661
* [analyzer] Retain release: drop the line number info from the leakAnna Zaks2012-02-281-3/+2
| | | | | | message. llvm-svn: 151657
OpenPOWER on IntegriCloud