summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/StackAddrEscapeChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Remove trailing spaceFangrui Song2018-07-301-5/+5
| | | | | | sed -Ei 's/[[:space:]]+$//' include/**/*.{def,h,td} lib/**/*.{cpp,h} llvm-svn: 338291
* [analyzer] Make checkEndFunction() give access to the return statement.Reka Kovacs2018-07-161-2/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D49387 llvm-svn: 337215
* [analyzer] [NFC] A convenient getter for getting a current stack frameGeorge Karpenkov2018-06-271-3/+2
| | | | | | Differential Revision: https://reviews.llvm.org/D44756 llvm-svn: 335701
* [analyzer] introduce getSVal(Stmt *) helper on ExplodedNode, make sure the ↵George Karpenkov2018-01-171-2/+1
| | | | | | | | | | | | | | | | | | helper is used consistently In most cases using `N->getState()->getSVal(E, N->getLocationContext())` is ugly, verbose, and also opens up more surface area for bugs if an inconsistent location context is used. This patch introduces a helper on an exploded node, and ensures consistent usage of either `ExplodedNode::getSVal` or `CheckContext::getSVal` across the codebase. As a result, a large number of redundant lines is removed. Differential Revision: https://reviews.llvm.org/D42155 llvm-svn: 322753
* [analyzer] StackAddrEscape: For now, disable the new async escape checks.Artem Dergachev2017-12-121-3/+24
| | | | | | | | | | | | | | | | | The new check introduced in r318705 is useful, but suffers from a particular class of false positives, namely, it does not account for dispatch_barrier_sync() API which allows one to ensure that the asyncronously executed block that captures a pointer to a local variable does not actually outlive that variable. The new check is split into a separate checker, under the name of alpha.core.StackAddressAsyncEscape, which is likely to get enabled by default again once these positives are fixed. The rest of the StackAddressEscapeChecker is still enabled by default. Differential Revision: https://reviews.llvm.org/D41042 llvm-svn: 320455
* [analyzer] Diagnose stack leaks via block capturesAlexander Shaposhnikov2017-11-201-99/+192
| | | | | | | | | | | This diff extends StackAddrEscapeChecker to catch stack addresses leaks via block captures if the block is executed asynchronously or returned from a function. Differential revision: https://reviews.llvm.org/D39438 llvm-svn: 318705
* [Analyzer] Correct stack address escape diagnosticSean Eveson2016-05-261-1/+6
| | | | | | | | | | | | | | | | | | Summary: Leaking a stack address via a static variable refers to it in the diagnostic as a 'global'. This patch corrects the diagnostic for static variables. Patch by Phil Camp, SN Systems Reviewers: dcoughlin, zaks.anna Subscribers: xazax.hun, cfe-commits Differential Revision: http://reviews.llvm.org/D19866 Patch by Phil Camp llvm-svn: 270849
* [analyzer] Suppress stack address escape on CK_CopyAndAutoreleaseBlockObject.Devin Coughlin2015-12-031-0/+9
| | | | | | | | | | Don't warn about addresses of stack-allocated blocks escaping if the block region was cast with CK_CopyAndAutoreleaseBlockObject. These casts, which are introduced in the implicit conversion operator for lambda-to-block conversions, cause the block to be copied to the heap -- so the warning is spurious. llvm-svn: 254639
* [analyzer] Add generateErrorNode() APIs to CheckerContext.Devin Coughlin2015-09-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The analyzer trims unnecessary nodes from the exploded graph before reporting path diagnostics. However, in some cases it can trim all nodes (including the error node), leading to an assertion failure (see https://llvm.org/bugs/show_bug.cgi?id=24184). This commit addresses the issue by adding two new APIs to CheckerContext to explicitly create error nodes. Unless the client provides a custom tag, these APIs tag the node with the checker's tag -- preventing it from being trimmed. The generateErrorNode() method creates a sink error node, while generateNonFatalErrorNode() creates an error node for a path that should continue being explored. The intent is that one of these two methods should be used whenever a checker creates an error node. This commit updates the checkers to use these APIs. These APIs (unlike addTransition() and generateSink()) do not take an explicit Pred node. This is because there are not any error nodes in the checkers that were created with an explicit different than the default (the CheckerContext's Pred node). It also changes generateSink() to require state and pred nodes (previously these were optional) to reduce confusion. Additionally, there were several cases where checkers did check whether a generated node could be null; we now explicitly check for null in these places. This commit also includes a test case written by Ying Yi as part of http://reviews.llvm.org/D12163 (that patch originally addressed this issue but was reverted because it introduced false positive regressions). Differential Revision: http://reviews.llvm.org/D12780 llvm-svn: 247859
* [analyzer] Apply whitespace cleanups by Honggyu Kim.Ted Kremenek2015-09-081-16/+16
| | | | llvm-svn: 246978
* Clarify pointer ownership semantics by hoisting the std::unique_ptr creation ↵Aaron Ballman2015-06-231-4/+4
| | | | | | to the caller instead of hiding it in emitReport. NFC. llvm-svn: 240400
* Revert r240270 ("Fixed/added namespace ending comments using clang-tidy").Alexander Kornienko2015-06-221-1/+1
| | | | llvm-svn: 240353
* Fixed/added namespace ending comments using clang-tidy. NFCAlexander Kornienko2015-06-221-1/+1
| | | | | | | | | | | | The patch is generated using this command: $ tools/extra/clang-tidy/tool/run-clang-tidy.py -fix \ -checks=-*,llvm-namespace-comment -header-filter='llvm/.*|clang/.*' \ work/llvm/tools/clang To reduce churn, not touching namespaces spanning less than 10 lines. llvm-svn: 240270
* [C++11] Add 'override' keyword to virtual methods that override their base ↵Craig Topper2014-03-151-2/+2
| | | | | | class. llvm-svn: 203999
* Replace OwningPtr with std::unique_ptr.Ahmed Charles2014-03-071-2/+2
| | | | | | This compiles cleanly with lldb/lld/clang-tools-extra/llvm. llvm-svn: 203279
* Expose the name of the checker producing each diagnostic message.Alexander Kornienko2014-02-111-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Summary: In clang-tidy we'd like to know the name of the checker producing each diagnostic message. PathDiagnostic has BugType and Category fields, which are both arbitrary human-readable strings, but we need to know the exact name of the checker in the form that can be used in the CheckersControlList option to enable/disable the specific checker. This patch adds the CheckName field to the CheckerBase class, and sets it in the CheckerManager::registerChecker() method, which gets them from the CheckerRegistry. Checkers that implement multiple checks have to store the names of each check in the respective registerXXXChecker method. Reviewers: jordan_rose, krememek Reviewed By: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D2557 llvm-svn: 201186
* [analyzer] StackAddrEscapeChecker: strip qualifiers from temporary types.Jordan Rose2013-02-261-10/+11
| | | | | | | | | | | | With the new support for trivial copy constructors, we are not always consistent about whether a CXXTempObjectRegion gets reused or created from scratch, which affects whether qualifiers are preserved. However, we probably don't care anyway. This also switches to using the current PrintingPolicy for the type, which means C++ types don't get a spurious 'struct' prefix anymore. llvm-svn: 176068
* [analyzer] Rename callback EndPath -> EndFunctionAnna Zaks2013-01-031-3/+3
| | | | | | | This better reflects when callback is called and what the checkers are relying on. (Both names meant the same pre-IPA.) llvm-svn: 171432
* Sort all of Clang's files under 'lib', and fix up the broken headersChandler Carruth2012-12-041-3/+3
| | | | | | | | | | | | | uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. llvm-svn: 169237
* Include pruning and general cleanup.Benjamin Kramer2012-12-011-0/+1
| | | | llvm-svn: 169095
* Don't include Type.h in DeclarationName.h.Benjamin Kramer2012-12-011-0/+1
| | | | | | Recursively prune some includes. llvm-svn: 169094
* [analyzer] Rename 'EmitReport' to 'emitReport'.Jordan Rose2012-11-021-2/+2
| | | | | | No functionality change. llvm-svn: 167275
* [analyzer] C++ objects returned on the stack may be wrapped in ExprWithCleanups.Jordan Rose2012-08-291-1/+5
| | | | | | | | | | | | In C++, objects being returned on the stack are actually copy-constructed into the return value. That means that when a temporary is returned, it still has to be destroyed, i.e. the returned expression will be wrapped in an ExprWithCleanups node. Our "returning stack memory" checker needs to look through this node to see if we really are returning an object by value. PR13722 llvm-svn: 162817
* [analyzer] Inline constructors for any object with a trivial destructor.Jordan Rose2012-08-271-4/+11
| | | | | | | | | | | | This allows us to better reason about status objects, like Clang's own llvm::Optional (when its contents are trivially destructible), which are often intended to be passed around by value. We still don't inline constructors for temporaries in the general case. <rdar://problem/11986434> llvm-svn: 162681
* Unify naming of LangOptions variable/get function across the Clang stack ↵David Blaikie2012-03-111-2/+2
| | | | | | | | | | (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner llvm-svn: 152536
* [analyzer] do not warn about returning stack-allocated memory when it comes ↵Ted Kremenek2012-03-031-10/+18
| | | | | | from an ancestor stack frame. llvm-svn: 151964
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | llvm-svn: 149798
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-1/+1
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-1/+1
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
* [analyzer] Add getLocationContext to CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | | CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. llvm-svn: 143061
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyze] Convert EndOfPath callback to use CheckerContextAnna Zaks2011-10-251-13/+13
| | | | | | | | Get rid of the EndOfPathBuilder completely. Use the generic NodeBuilder to generate nodes. Enqueue the end of path frontier explicitly. llvm-svn: 142943
* Change operator<< for raw_ostream and NamedDecl to take a reference instead ↵Benjamin Kramer2011-10-141-1/+1
| | | | | | | | of a pointer. Passing a pointer was a bad idea as it collides with the overload for void*. llvm-svn: 141971
* Switch assert(0/false) llvm_unreachable.David Blaikie2011-09-231-1/+1
| | | | llvm-svn: 140367
* Handle CXXTempObjectRegion in StackAddrEscapeChecker.Jeffrey Yasskin2011-08-261-0/+5
| | | | | | | | Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now that it doesn't crash, and extract the stack-block test into another file since it errors, and that prevents the analyzer from running. llvm-svn: 138613
* [analyzer] Replace calls to getNameAsString() with StringRef equivalents.Jordy Rose2011-08-211-1/+1
| | | | llvm-svn: 138215
* Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks2011-08-171-2/+2
| | | | | | functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. llvm-svn: 137894
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-2/+2
| | | | llvm-svn: 137665
* Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek2011-08-121-2/+2
| | | | | | and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. llvm-svn: 137537
* Rename getInstantiationLineNumber to getExpansionLineNumber in bothChandler Carruth2011-07-251-3/+3
| | | | | | SourceManager and FullSourceLoc. llvm-svn: 135969
* remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner2011-07-231-3/+3
| | | | | | | | LLVM.h imports them into the clang namespace. llvm-svn: 135852
* Automatic Reference Counting.John McCall2011-06-151-4/+16
| | | | | | | | | | Language-design credit goes to a lot of people, but I particularly want to single out Blaine Garst and Patrick Beard for their contributions. Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself, in no particular order. llvm-svn: 133103
* [analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis2011-03-011-2/+2
| | | | llvm-svn: 126726
* Tidy up help text in Checkers.td, and rename StackAddrLeakChecker to ↵Ted Kremenek2011-02-251-0/+205
StackAddrEscapeChecker. llvm-svn: 126522
OpenPOWER on IntegriCloud