summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Add a CXXDestructorCall CallEvent.Jordan Rose2012-07-101-0/+1
| | | | | | | | While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. llvm-svn: 160020
* [analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.Jordan Rose2012-07-101-1/+2
| | | | | | | | | | | | | | | | | These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. llvm-svn: 160019
* [analyzer] For now, don't inline non-static member overloaded operators.Jordan Rose2012-07-031-0/+1
| | | | | | | | | | | | | | Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. llvm-svn: 159692
* [analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation.Jordan Rose2012-07-021-0/+1
| | | | | | | This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. llvm-svn: 159608
* [analyzer] Convert existing checkers to use check::preCall and check::postCall.Jordan Rose2012-07-021-59/+9
| | | | llvm-svn: 159563
* [analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.Jordan Rose2012-07-021-10/+4
| | | | | | | | The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall argument, which can represent an explicit message send (ObjCMessageSend) or an implicit message generated by a property access (ObjCPropertyAccess). llvm-svn: 159559
* [analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.Jordan Rose2012-07-021-8/+9
| | | | | | | | | | | | Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper around the existing ObjCMessage abstraction (over message sends and property accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses ObjCMessageSend and ObjCPropertyAccess. In addition to removing yet another wrapper object, this should make it easy to add a ObjCSubscriptAccess call event soon. llvm-svn: 159558
* [analyzer] Convert RetainCountChecker to use CallEvent as much as possible.Jordan Rose2012-07-021-188/+237
| | | | | | | | | | | | | | | | | | | | | | | | | This ended allowing quite a bit of cleanup, and some minor changes. - CallEvent makes it easy to use hasNonZeroCallbackArg more aggressively, which we check in order to avoid false positives with callbacks that might release the object. - In order to support this for functions which consume their arguments, there are two new ArgEffects: DecRefAndStopTracking and DecRefMsgAndStopTracking. These act just like StopTracking, except that if the object only had a return count of +1 it's now considered released instead (so we still get use-after-free messages). - On the plus side, we no longer have to special-case +[NSObject performSelector:withObject:afterDelay:] and friends. - The use of IdentifierInfos in the method summary cache is now hidden; only the ObjCInterfaceDecl gets passed around most of the time. - Since we cache all "simple" summaries and check every function call, there is no real benefit to having NULL stand in for default summaries anymore. - Whitespace, unused methods, etc. Even more simplification to come when we get check::postCall and can unify all these other post* checks. llvm-svn: 159555
* [analyzer] Add a new abstraction over all types of calls: CallEventJordan Rose2012-07-021-2/+2
| | | | | | | | | | This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. llvm-svn: 159554
* [analyzer] RetainCountChecker: remove unused SelfOwn ArgEffect kind.Jordan Rose2012-06-271-4/+1
| | | | llvm-svn: 159245
* [analyzer] RetainCount: don't track objects init'd with a delegateJordan Rose2012-06-151-4/+9
| | | | | | | | | We already didn't track objects that have delegates or callbacks or objects that are passed through void * "context pointers". It's a not-uncommon pattern to release the object in its callback, and so the leak message we give is not very helpful. llvm-svn: 158532
* Remove unused private member variables found by clang's new ↵Benjamin Kramer2012-06-061-32/+15
| | | | | | -Wunused-private-field. llvm-svn: 158086
* Replace some custom hash combines with the standard stuff from DenseMapInfo.Benjamin Kramer2012-05-271-8/+5
| | | | llvm-svn: 157531
* [analyzer] RetainCountChecker: track ObjC boxed expression objects.Jordy Rose2012-05-121-0/+45
| | | | llvm-svn: 156699
* Teach the static analyzer that NSLog() and friends do not hold on to object ↵Ted Kremenek2012-05-081-0/+6
| | | | | | references (thus extending their lifetime). llvm-svn: 156346
* [analyzer]Fixup r156215: use StopTracking summary instead of ScratchArgsAnna Zaks2012-05-071-4/+2
| | | | | | | As per Jordy's and Ted's comment, use the default StopTracking summary instead of adding all arguments to ScratchArs. llvm-svn: 156310
* [analyzer] RetainCountChecker: Allow objects to escape through callbacksAnna Zaks2012-05-041-8/+20
| | | | | | Fixes radar://10973977. llvm-svn: 156215
* [analyzer] RetainRelease: Self assignment should not suppress a leakAnna Zaks2012-05-021-1/+5
| | | | | | warning. llvm-svn: 155966
* Teach RetainCountchecker about IORegistryEntrySearchCFProperty returning ↵Ted Kremenek2012-05-011-0/+1
| | | | | | retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap. llvm-svn: 155887
* Teach RetainCountChecker that it doesn't quite understand ↵Ted Kremenek2012-04-261-3/+3
| | | | | | pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>. llvm-svn: 155613
* Require that all static analyzer issues have a category. As part of this ↵Ted Kremenek2012-04-051-1/+1
| | | | | | | | | | change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. llvm-svn: 154121
* [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.Anna Zaks2012-03-301-0/+7
| | | | | | | | Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. llvm-svn: 153731
* Change RetainCountChecker to eagerly "escape" retained objects when they areTed Kremenek2012-03-271-0/+6
| | | | | | | | | | | | assigned to a struct. This is fallout from inlining results, which expose far more patterns where people stuff CF objects into structs and pass them around (and we can reason about it). The problem is that we don't have a general way to detect when values have escaped, so as an intermediate step we need to eagerly prune out such tracking. Fixes <rdar://problem/11104566>. llvm-svn: 153489
* [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able ↵Jordy Rose2012-03-241-1/+10
| | | | | | to reset diagnostic generation. llvm-svn: 153368
* Avoid applying retain/release effects twice in RetainCountChecker when a ↵Ted Kremenek2012-03-231-0/+3
| | | | | | function call was inlined (i.e., we do not need to apply summaries in such cases). llvm-svn: 153309
* "Teach" RetainCountChecker about dispatch_set_context, which can indirectly ↵Ted Kremenek2012-03-221-0/+8
| | | | | | free its argument later. Fixes <rdar://problem/11059275>. llvm-svn: 153244
* [analyser] Factor out FindUniqueBinding from RetainCount checker.Anna Zaks2012-03-211-33/+1
| | | | | | So that others could use it as well. No functionality change. llvm-svn: 153211
* [analyzer] Use a FoldingSet to cache simple RetainSummary instances, rather ↵Jordy Rose2012-03-181-40/+58
| | | | | | | | | | than explicitly keeping DoNothing and StopTracking summaries and nothing else. I tried to test the effects of this change on memory usage and run time, but what I saw on retain-release.m was indistinguishable from noise (debug and release builds). Even so, some caveman profiling showed 101 cache hits that we would have generated new summaries for before (i.e. not default or stop summaries), and the more code we analyze, the more memory we should save. Maybe we should have a standard project for benchmarking the retain count checker's memory and time? llvm-svn: 153007
* [analyzer] Unify retain-count summary generation for class and instance ↵Jordy Rose2012-03-171-53/+26
| | | | | | methods. No functionality change. llvm-svn: 153001
* [analyzer] Remove duplicate work on deriving method behavior. No ↵Jordy Rose2012-03-171-83/+74
| | | | | | | | | | functionality change. The cocoa::deriveNamingConventions helper is just using method families anyway now, and the way RetainSummaryTemplate works means we're allocating an extra summary for every method with a relevant family. Also, fix RetainSummaryTemplate to do the right thing w/r/t annotating an /existing/ summary. This was probably the real cause of <rdar://problem/10824732> and the fix in r152448. llvm-svn: 152998
* [analyzer] Don't claim an object was returned with +1 retain count before ↵Jordy Rose2012-03-171-4/+8
| | | | | | | | counting autoreleases. Fixes PR10376. (Also, 80-column violations.) llvm-svn: 152976
* Unify naming of LangOptions variable/get function across the Clang stack ↵David Blaikie2012-03-111-7/+7
| | | | | | | | | | (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner llvm-svn: 152536
* Teach RetainCountChecker about mixing method families with explicit ↵Ted Kremenek2012-03-091-0/+30
| | | | | | annotations. Fixes <rdar://problem/10824732>. llvm-svn: 152448
* [analyzer] Implement basic path diagnostic pruning based on "interesting" ↵Ted Kremenek2012-03-091-4/+2
| | | | | | | | | | | | | | | | | symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. llvm-svn: 152361
* Add static analyzer support for new NSArray/NSDictionary/NSNumber literals.Ted Kremenek2012-03-061-31/+89
| | | | llvm-svn: 152139
* [analyzer] Leaks should be uniqued by the allocation point in theAnna Zaks2012-02-281-4/+16
| | | | | | closest function context (RetainCountChecker). llvm-svn: 151661
* [analyzer] Retain release: drop the line number info from the leakAnna Zaks2012-02-281-3/+2
| | | | | | message. llvm-svn: 151657
* RetainCountChecker: don't adjust the retain count when analyzing a ↵Ted Kremenek2012-02-251-0/+15
| | | | | | ReturnStmt unless we are in the top-level call frame. We can do more later, but this makes the checker self-consistent (and fixes a crash). llvm-svn: 151426
* Teach analyzer about NSAutoreleasePool -allocWithZone:. Fixes ↵Ted Kremenek2012-02-181-3/+5
| | | | | | <rdar://problem/10640253>. llvm-svn: 150892
* Have conjured symbols depend on LocationContext, to add context sensitivity ↵Ted Kremenek2012-02-171-2/+2
| | | | | | for functions called more than once. llvm-svn: 150849
* [analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks2012-02-141-2/+4
| | | | | | | | | | | | (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. llvm-svn: 150513
* Print NamedDecls directly to a raw_ostream where possible.Benjamin Kramer2012-02-071-1/+1
| | | | llvm-svn: 149982
* Add basic BugReporter support for CallEnter/CallExit. WIP.Ted Kremenek2012-02-071-0/+7
| | | | llvm-svn: 149939
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-7/+7
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-51/+51
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* Remove unreachable code in Clang. (replace with llvm_unreachable where ↵David Blaikie2012-01-171-6/+1
| | | | | | appropriate or when GCC requires it) llvm-svn: 148292
* Remove unnecessary default cases in switches over enums.David Blaikie2012-01-171-1/+0
| | | | | | This allows -Wswitch-enum to find switches that need updating when these enums are modified. llvm-svn: 148281
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-17/+24
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
OpenPOWER on IntegriCloud