summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/RetainCountChecker
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert rL349876 from cfe/trunk: [analyzer] Perform escaping in ↵Simon Pilgrim2018-12-211-28/+23
| | | | | | | | | | | | | | RetainCountChecker on type mismatch even for inlined functions The fix done in D55465 did not previously apply when the function was inlined. rdar://46889541 Differential Revision: https://reviews.llvm.org/D55976 ........ Fixes broken buildbot: http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win/builds/14764 llvm-svn: 349894
* [analyzer] Perform escaping in RetainCountChecker on type mismatch even for ↵George Karpenkov2018-12-211-23/+28
| | | | | | | | | | | | inlined functions The fix done in D55465 did not previously apply when the function was inlined. rdar://46889541 Differential Revision: https://reviews.llvm.org/D55976 llvm-svn: 349876
* [analyzer] Fix a bug in RetainCountDiagnostics while printing a note on ↵George Karpenkov2018-12-211-3/+2
| | | | | | | | | | | | mismatched summary in inlined functions Previously, we were not printing a note at all if at least one of the parameters was not annotated. rdar://46888422 Differential Revision: https://reviews.llvm.org/D55972 llvm-svn: 349875
* [analyzer][NFC] Move CheckerRegistry from the Core directory to FrontendKristof Umann2018-12-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ClangCheckerRegistry is a very non-obvious, poorly documented, weird concept. It derives from CheckerRegistry, and is placed in lib/StaticAnalyzer/Frontend, whereas it's base is located in lib/StaticAnalyzer/Core. It was, from what I can imagine, used to circumvent the problem that the registry functions of the checkers are located in the clangStaticAnalyzerCheckers library, but that library depends on clangStaticAnalyzerCore. However, clangStaticAnalyzerFrontend depends on both of those libraries. One can make the observation however, that CheckerRegistry has no place in Core, it isn't used there at all! The only place where it is used is Frontend, which is where it ultimately belongs. This move implies that since include/clang/StaticAnalyzer/Checkers/ClangCheckers.h only contained a single function: class CheckerRegistry; void registerBuiltinCheckers(CheckerRegistry &registry); it had to re purposed, as CheckerRegistry is no longer available to clangStaticAnalyzerCheckers. It was renamed to BuiltinCheckerRegistration.h, which actually describes it a lot better -- it does not contain the registration functions for checkers, but only those generated by the tblgen files. Differential Revision: https://reviews.llvm.org/D54436 llvm-svn: 349275
* [analyzer] Hack for backwards compatibility for options for RetainCountChecker.George Karpenkov2018-12-111-1/+13
| | | | | | To be removed once the clients update. llvm-svn: 348821
* [analyzer] Display a diagnostics when an inlined function violates its ↵George Karpenkov2018-12-111-12/+93
| | | | | | | | | | | | | os_consumed summary This is currently a diagnostics, but might be upgraded to an error in the future, especially if we introduce os_return_on_success attributes. rdar://46359592 Differential Revision: https://reviews.llvm.org/D55530 llvm-svn: 348820
* [analyzer] Resolve another bug where the name of the leaked object was not ↵George Karpenkov2018-12-111-3/+3
| | | | | | | | printed properly Differential Revision: https://reviews.llvm.org/D55528 llvm-svn: 348819
* Misc typos fixes in ./lib folderRaphael Isemann2018-12-101-1/+1
| | | | | | | | | | | | | | Summary: Found via `codespell -q 3 -I ../clang-whitelist.txt -L uint,importd,crasher,gonna,cant,ue,ons,orign,ned` Reviewers: teemperor Reviewed By: teemperor Subscribers: teemperor, jholewinski, jvesely, nhaehnle, whisperity, jfb, cfe-commits Differential Revision: https://reviews.llvm.org/D55475 llvm-svn: 348755
* Stop tracking retain count of OSObject after escape to void * / other ↵George Karpenkov2018-12-081-0/+23
| | | | | | | | | | | | | | primitive types Escaping to void * / uint64_t / others non-OSObject * should stop tracking, as such functions can have heterogeneous semantics depending on context, and can not always be annotated. rdar://46439133 Differential Revision: https://reviews.llvm.org/D55465 llvm-svn: 348675
* [analyzer] Move out tracking retain count for OSObjects into a separate checkerGeorge Karpenkov2018-12-072-10/+13
| | | | | | | | | Allow enabling and disabling tracking of ObjC/CF objects separately from tracking of OS objects. Differential Revision: https://reviews.llvm.org/D55400 llvm-svn: 348638
* [analyzer] RetainCountChecker: remove untested, unused, incorrect option ↵George Karpenkov2018-12-073-17/+7
| | | | | | | | | | | | IncludeAllocationLine The option has no tests, is not used anywhere, and is actually incorrect: it prints the line number without the reference to a file, which can be outright incorrect. Differential Revision: https://reviews.llvm.org/D55385 llvm-svn: 348637
* Fix warning about unused variable [NFC]Mikael Holmen2018-11-301-1/+1
| | | | llvm-svn: 347987
* Fix a use-after-scope bug.Haojian Wu2018-11-301-1/+1
| | | | llvm-svn: 347970
* [analyzer] Fix the "Zombie Symbols" bug.Artem Dergachev2018-11-301-8/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's an old bug that consists in stale references to symbols remaining in the GDM if they disappear from other program state sections as a result of any operation that isn't the actual dead symbol collection. The most common example here is: FILE *fp = fopen("myfile.txt", "w"); fp = 0; // leak of file descriptor In this example the leak were not detected previously because the symbol disappears from the public part of the program state due to evaluating the assignment. For that reason the checker never receives a notification that the symbol is dead, and never reports a leak. This patch not only causes leak false negatives, but also a number of other problems, including false positives on some checkers. What's worse, even though the program state contains a finite number of symbols, the set of symbols that dies is potentially infinite. This means that is impossible to compute the set of all dead symbols to pass off to the checkers for cleaning up their part of the GDM. No longer compute the dead set at all. Disallow iterating over dead symbols. Disallow querying if any symbols are dead. Remove the API for marking symbols as dead, as it is no longer necessary. Update checkers accordingly. Differential Revision: https://reviews.llvm.org/D18860 llvm-svn: 347953
* [analyzer] RetainCountChecker: recognize that OSObject can be created ↵George Karpenkov2018-11-301-0/+2
| | | | | | | | directly using an operator "new" Differential Revision: https://reviews.llvm.org/D55076 llvm-svn: 347949
* [analyzer] Switch retain count checker for OSObject to use OS_* attributesGeorge Karpenkov2018-11-301-1/+2
| | | | | | | | Instead of generalized reference counting annotations. Differential Revision: https://reviews.llvm.org/D55041 llvm-svn: 347948
* [analyzer] [NFC] Minor refactoring of RetainCountDiagnosticsGeorge Karpenkov2018-11-304-217/+252
| | | | | | | | | Move visitors to the implementation file, move a complicated logic into a function. Differential Revision: https://reviews.llvm.org/D55036 llvm-svn: 347946
* [analyzer] Print a fully qualified name for functions in RetainCountChecker ↵George Karpenkov2018-11-301-3/+12
| | | | | | | | | | | diagnostics Attempt to get a fully qualified name from AST if an SVal corresponding to the object is not available. Differential Revision: https://reviews.llvm.org/D55034 llvm-svn: 347944
* [analyzer] Add the type of the leaked object to the diagnostic messageGeorge Karpenkov2018-11-302-5/+22
| | | | | | | | | | | | If the object is a temporary, and there is no variable it binds to, let's at least print out the object name in order to help differentiate it from other temporaries. rdar://45175098 Differential Revision: https://reviews.llvm.org/D55033 llvm-svn: 347943
* [analyzer] Reference leaked object by name, even if it was created in an ↵George Karpenkov2018-11-301-15/+17
| | | | | | | | | | inlined function. rdar://45532181 Differential Revision: https://reviews.llvm.org/D54973 llvm-svn: 347942
* [analyzer] [NFC] Some miscellaneous clean ups and documentation fixes.George Karpenkov2018-11-301-87/+90
| | | | | | Differential Revision: https://reviews.llvm.org/D54971 llvm-svn: 347940
* [analyzer] Restrict AnalyzerOptions' interface so that non-checker objects ↵Kristof Umann2018-11-051-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | have to be registered One of the reasons why AnalyzerOptions is so chaotic is that options can be retrieved from the command line whenever and wherever. This allowed for some options to be forgotten for a looooooong time. Have you ever heard of "region-store-small-struct-limit"? In order to prevent this in the future, I'm proposing to restrict AnalyzerOptions' interface so that only checker options can be retrieved without special getters. I would like to make every option be accessible only through a getter, but checkers from plugins are a thing, so I'll have to figure something out for that. This also forces developers who'd like to add a new option to register it properly in the .def file. This is done by * making the third checker pointer parameter non-optional, and checked by an assert to be non-null. * I added new, but private non-checkers option initializers, meant only for internal use, * Renamed these methods accordingly (mind the consistent name for once with getBooleanOption!): - getOptionAsString -> getCheckerStringOption, - getOptionAsInteger -> getCheckerIntegerOption * The 3 functions meant for initializing data members (with the not very descriptive getBooleanOption, getOptionAsString and getOptionAsUInt names) were renamed to be overloads of the getAndInitOption function name. * All options were in some way retrieved via getCheckerOption. I removed it, and moved the logic to getStringOption and getCheckerStringOption. This did cause some code duplication, but that's the only way I could do it, now that checker and non-checker options are separated. Note that the non-checker version inserts the new option to the ConfigTable with the default value, but the checker version only attempts to find already existing entries. This is how it always worked, but this is clunky and I might end reworking that too, so we can eventually get a ConfigTable that contains the entire configuration of the analyzer. Differential Revision: https://reviews.llvm.org/D53483 llvm-svn: 346113
* [analyzer][NFC] Fix some incorrect uses of -analyzer-config optionsKristof Umann2018-11-022-14/+13
| | | | | | | | | | | | | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. In this patch, I found some flags that should've been used as checker options, or have absolutely no mention of in AnalyzerOptions, or are nonexistent. - NonLocalizedStringChecker now uses its "AggressiveReport" flag as a checker option - lib/StaticAnalyzer/Frontend/ModelInjector.cpp now accesses the "model-path" option through a getter in AnalyzerOptions - -analyzer-config path-diagnostics-alternate=false is not a thing, I removed it, - lib/StaticAnalyzer/Checkers/AllocationDiagnostics.cpp and lib/StaticAnalyzer/Checkers/AllocationDiagnostics.h are weird, they actually only contain an option getter. I deleted them, and fixed RetainCountChecker to get it's "leak-diagnostics-reference-allocation" option as a checker option, - "region-store-small-struct-limit" has a proper getter now. Differential Revision: https://reviews.llvm.org/D53276 llvm-svn: 345985
* Fix clang -Wimplicit-fallthrough warnings across llvm, NFCReid Kleckner2018-11-011-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch should not introduce any behavior changes. It consists of mostly one of two changes: 1. Replacing fall through comments with the LLVM_FALLTHROUGH macro 2. Inserting 'break' before falling through into a case block consisting of only 'break'. We were already using this warning with GCC, but its warning behaves slightly differently. In this patch, the following differences are relevant: 1. GCC recognizes comments that say "fall through" as annotations, clang doesn't 2. GCC doesn't warn on "case N: foo(); default: break;", clang does 3. GCC doesn't warn when the case contains a switch, but falls through the outer case. I will enable the warning separately in a follow-up patch so that it can be cleanly reverted if necessary. Reviewers: alexfh, rsmith, lattner, rtrieu, EricWF, bollu Differential Revision: https://reviews.llvm.org/D53950 llvm-svn: 345882
* [analyzer] RetainCountChecker: for now, do not trust the summaries of ↵George Karpenkov2018-10-311-10/+2
| | | | | | | | | | | | | | | | inlined code Trusting summaries of inlined code would require a more thorough work, as the current approach was causing too many false positives, as the new example in test. The culprit lies in the fact that we currently escape all variables written into a field (but not passed off to unknown functions!), which can result in inconsistent behavior. rdar://45655344 Differential Revision: https://reviews.llvm.org/D53902 llvm-svn: 345746
* [analyzer] Enable retain count checking for OSObject by defaGeorge Karpenkov2018-10-311-1/+1
| | | | | | | | The FP rate seems to be good enough now. Differential Revision: https://reviews.llvm.org/D53849 llvm-svn: 345745
* [analyzer] Correct modelling of OSDynamicCast: eagerly state splitGeorge Karpenkov2018-10-251-5/+25
| | | | | | | | | | | | | | | | | | | | | Previously, OSDynamicCast was modeled as an identity. This is not correct: the output of OSDynamicCast may be zero even if the input was not zero (if the class is not of desired type), and thus the modeling led to false positives. Instead, we are doing eager state split: in one branch, the returned value is identical to the input parameter, and in the other branch, the returned value is zero. This patch required a substantial refactoring of canEval infrastructure, as now it can return different function summaries, and not just true/false. rdar://45497400 Differential Revision: https://reviews.llvm.org/D53624 llvm-svn: 345338
* [analyzer] [NFC] Change scanReachableSymbols to use rangesGeorge Karpenkov2018-10-231-3/+1
| | | | | | | | Remove unused overload. Clean up some usages. Differential Revision: https://reviews.llvm.org/D53615 llvm-svn: 345101
* [analyzer] Do not stop tracking CXX methods touching OSObject.George Karpenkov2018-10-231-1/+1
| | | | | | | | Trust generalized annotations for OSObject. Differential Revision: https://reviews.llvm.org/D53550 llvm-svn: 345100
* [analyzer] Trust summaries for OSObject::retain and OSObject::releaseGeorge Karpenkov2018-10-231-16/+12
| | | | | | | | Refactor the way in which summaries are consumed for safeMetaCast Differential Revision: https://reviews.llvm.org/D53549 llvm-svn: 345099
* [analyzer] NFC: RetainCountChecker: Don't dump() symbols into program point ↵Artem Dergachev2018-10-151-15/+2
| | | | | | | | | | | | | | | | tags. We don't need a separate node for every symbol, because whenever the first symbol leaks, a bug is emitted, the analysis is sinked, and the checker callback immediately returns due to State variable turning into null, so we never get to see the second leaking symbol. Additionally, we are no longer able to break normal analysis while experimenting with debug dumps. Differential Revision: https://reviews.llvm.org/D52804 llvm-svn: 344538
* Remove top-level using declaration from header files, as these aliases leak.Sam McCall2018-10-121-2/+0
| | | | | | | | | | Reviewers: ilya-biryukov Subscribers: arphaman, cfe-commits Differential Revision: https://reviews.llvm.org/D53135 llvm-svn: 344337
* [analyzer] Avoid unneeded invalidation in RetainCountCheckerGeorge Karpenkov2018-10-111-19/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D53168 llvm-svn: 344312
* [analyzer] Retain count checker for OSObject: recognize OSDynamicCastGeorge Karpenkov2018-10-111-1/+12
| | | | | | | | | | | For now, tresting the cast as a no-op, and disregarding the case where the output becomes null due to the type mismatch. rdar://45174557 Differential Revision: https://reviews.llvm.org/D53156 llvm-svn: 344311
* [analyzer] [NFC] Remove unused parameters, as found by -Wunused-parameterGeorge Karpenkov2018-09-282-3/+2
| | | | | | Differential Revision: https://reviews.llvm.org/D52640 llvm-svn: 343353
* [analyzer] Process state in checkEndFunction in RetainCountCheckerGeorge Karpenkov2018-09-212-44/+57
| | | | | | | | | | | | | | Modify the RetainCountChecker to perform state "adjustments" in checkEndFunction, as performing work in PreStmt<ReturnStmt> does not work with destructors. The previous version made an implicit assumption that no code runs after the return statement is executed. rdar://43945028 Differential Revision: https://reviews.llvm.org/D52338 llvm-svn: 342770
* [analyzer] [NFC] Prefer make_unique over "new"George Karpenkov2018-09-211-14/+11
| | | | | | Differential Revision: https://reviews.llvm.org/D52336 llvm-svn: 342767
* [analyzer] Better retain count rules for OSObjectsGeorge Karpenkov2018-08-291-8/+11
| | | | | | Differential Revision: https://reviews.llvm.org/D51184 llvm-svn: 340961
* [analyzer] Preliminary version of retain count checking for OSObjectsGeorge Karpenkov2018-08-233-14/+41
| | | | | | | | Has quite a lot of false positives, disabled behind the flag. Differential Revision: https://reviews.llvm.org/D50880 llvm-svn: 340502
* [analyzer] [NFC] Fix minor formatting issues in RetainCountCheckerGeorge Karpenkov2018-08-223-10/+8
| | | | | | Differential Revision: https://reviews.llvm.org/D51072 llvm-svn: 340378
* [analyzer] [NFC] Extract a method for creating RefVal from RetEffect in ↵George Karpenkov2018-08-221-34/+17
| | | | | | | | RetainCountChecker Differential Revision: https://reviews.llvm.org/D51071 llvm-svn: 340377
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker - try #2George Karpenkov2018-08-215-1450/+16
| | | | | | | | | | Turns out it can't be removed from the analyzer since it relies on CallEvent. Moving to staticAnalyzer/core Differential Revision: https://reviews.llvm.org/D51023 llvm-svn: 340247
* Revert "[analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker"Bruno Cardoso Lopes2018-08-185-16/+1450
| | | | | | | | | | | | | | This reverts commit a786521fa66c72edd308baff0c08961b6d964fb1. Bots haven't caught up yet, but broke modules build with: ../tools/clang/include/clang/StaticAnalyzer/Checkers/MPIFunctionClassifier.h:18:10: fatal error: cyclic dependency in module 'Clang_StaticAnalyzer_Core': Clang_StaticAnalyzer_Core -> Clang_Analysis -> Clang_StaticAnalyzer_Checkers -> Clang_StaticAnalyzer_Core ^ llvm-svn: 340117
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountCheckerGeorge Karpenkov2018-08-185-1450/+16
| | | | | | | | | | | | | ARCMigrator is using code from RetainCountChecker, which is a layering violation (and it also does it badly, by using a different header, and then relying on implementation being present in a header file). This change splits up RetainSummaryManager into a separate library in lib/Analysis, which can be used independently of a checker. Differential Revision: https://reviews.llvm.org/D50934 llvm-svn: 340114
* [analyzer] [NFC] Minor refactoring of ISL-specific code in RetainCountCheckerGeorge Karpenkov2018-08-172-14/+9
| | | | | | Differential Revision: https://reviews.llvm.org/D50879 llvm-svn: 340098
* [analyzer] Re-instate support for MakeCollectable is RetainCountCheckerGeorge Karpenkov2018-08-173-5/+24
| | | | | | Differential Revision: https://reviews.llvm.org/D50872 llvm-svn: 340097
* [analyzer] [NFC] Move ObjCRetainCount to include/AnalysisGeorge Karpenkov2018-08-172-2/+2
| | | | | | Differential Revision: https://reviews.llvm.org/D50869 llvm-svn: 340096
* [analyzer] [NFC] Move canEval function from RetainCountChecker to ↵George Karpenkov2018-08-173-72/+85
| | | | | | | | RetainCountSummaries Differential Revision: https://reviews.llvm.org/D50863 llvm-svn: 340094
* [analyzer] [NFC] Split up summary generation in RetainCountChecker in two ↵George Karpenkov2018-08-172-204/+195
| | | | | | | | methods Differential Revision: https://reviews.llvm.org/D50830 llvm-svn: 340093
* [analyzer] [NFC] Split up RetainCountCheckerGeorge Karpenkov2018-08-176-0/+4033
At some point, staring at 4k+ LOC file becomes a bit hard. Differential Revision: https://reviews.llvm.org/D50821 llvm-svn: 340092
OpenPOWER on IntegriCloud