summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers/UnixAPIChecker.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] introduce getSVal(Stmt *) helper on ExplodedNode, make sure the ↵George Karpenkov2018-01-171-5/+4
| | | | | | | | | | | | | | | | | | helper is used consistently In most cases using `N->getState()->getSVal(E, N->getLocationContext())` is ugly, verbose, and also opens up more surface area for bugs if an inconsistent location context is used. This patch introduces a helper on an exploded node, and ensures consistent usage of either `ExplodedNode::getSVal` or `CheckContext::getSVal` across the codebase. As a result, a large number of redundant lines is removed. Differential Revision: https://reviews.llvm.org/D42155 llvm-svn: 322753
* [analyzer] Move zero-size allocation checks to optin.portability.Artem Dergachev2017-06-271-20/+35
| | | | | | | | | | | | | | This is a new checker package. It contains checkers that highlight well-documented implementation-defined behavior. Such checkers are only useful to developers that intend to write portable code. Code that is only compiled for a single platform should be allowed to rely on this platform's specific documented behavior. rdar://problem/30545046 Differential Revision: https://reviews.llvm.org/D34102 llvm-svn: 306396
* [analyzer] UnixAPIChecker: Don't diagnose for functions in C++ namespacesDevin Coughlin2016-12-171-0/+6
| | | | | | | | | | Update the UnixAPIChecker to not diagnose for calls to functions that are declared in C++ namespaces. This avoids false positives when a namespaced function has the same name as a Unix API. This address PR28331. llvm-svn: 290023
* [analyzer] Extend UnixAPIChecker open() checks to handle openat().Devin Coughlin2016-12-161-11/+80
| | | | | | | | | The openat() API has similar constraints to the open() API -- it just takes an extra parameter. rdar://problem/29526458 llvm-svn: 290005
* Add support for __builtin_alloca_with_alignDavid Majnemer2016-10-311-0/+8
| | | | | | | | | | __builtin_alloca always uses __BIGGEST_ALIGNMENT__ for the alignment of the allocation. __builtin_alloca_with_align allows the programmer to specify the alignment of the allocation. This fixes PR30658. llvm-svn: 285544
* [analyzer] Add generateErrorNode() APIs to CheckerContext.Devin Coughlin2015-09-161-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The analyzer trims unnecessary nodes from the exploded graph before reporting path diagnostics. However, in some cases it can trim all nodes (including the error node), leading to an assertion failure (see https://llvm.org/bugs/show_bug.cgi?id=24184). This commit addresses the issue by adding two new APIs to CheckerContext to explicitly create error nodes. Unless the client provides a custom tag, these APIs tag the node with the checker's tag -- preventing it from being trimmed. The generateErrorNode() method creates a sink error node, while generateNonFatalErrorNode() creates an error node for a path that should continue being explored. The intent is that one of these two methods should be used whenever a checker creates an error node. This commit updates the checkers to use these APIs. These APIs (unlike addTransition() and generateSink()) do not take an explicit Pred node. This is because there are not any error nodes in the checkers that were created with an explicit different than the default (the CheckerContext's Pred node). It also changes generateSink() to require state and pred nodes (previously these were optional) to reduce confusion. Additionally, there were several cases where checkers did check whether a generated node could be null; we now explicitly check for null in these places. This commit also includes a test case written by Ying Yi as part of http://reviews.llvm.org/D12163 (that patch originally addressed this issue but was reverted because it introduced false positive regressions). Differential Revision: http://reviews.llvm.org/D12780 llvm-svn: 247859
* [analyzer] Apply whitespace cleanups by Honggyu Kim.Ted Kremenek2015-09-081-5/+5
| | | | llvm-svn: 246978
* Clarify pointer ownership semantics by hoisting the std::unique_ptr creation ↵Aaron Ballman2015-06-231-6/+6
| | | | | | to the caller instead of hiding it in emitReport. NFC. llvm-svn: 240400
* [analyzer] UnixAPI: Check that the third argument to open(2) (if present) is ↵Jordan Rose2014-08-201-0/+9
| | | | | | | | an integer. Patch by Daniel Fahlgren. llvm-svn: 216079
* [analyzer] UnixAPI: Check when open(2) is called with more than three arguments.Jordan Rose2014-08-201-21/+36
| | | | | | Patch by Daniel Fahlgren. llvm-svn: 216078
* [C++11] Use 'nullptr'. StaticAnalyzer edition.Craig Topper2014-05-271-3/+3
| | | | llvm-svn: 209642
* [analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.Jordan Rose2014-03-261-0/+1
| | | | | | | | | | | | | | | | | | | | | Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD, NetBSD, and OpenBSD in a similar fashion to O_CREAT for open(2). These systems have a three-argument malloc() in the kernel where the third argument contains flags; the M_ZERO flag will zero-initialize the allocated buffer. This should reduce the number of false positives when running static analysis on BSD kernels. Additionally, add kmalloc() (Linux kernel malloc()) and treat __GFP_ZERO like M_ZERO on Linux. Future work involves a better method of checking for named flags without hardcoding values. Patch by Conrad Meyer, with minor modifications by me. llvm-svn: 204832
* Replace OwningPtr with std::unique_ptr.Ahmed Charles2014-03-071-2/+2
| | | | | | This compiles cleanly with lldb/lld/clang-tools-extra/llvm. llvm-svn: 203279
* [C++11] Replace llvm::tie with std::tie.Benjamin Kramer2014-03-021-2/+2
| | | | llvm-svn: 202639
* Expose the name of the checker producing each diagnostic message.Alexander Kornienko2014-02-111-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Summary: In clang-tidy we'd like to know the name of the checker producing each diagnostic message. PathDiagnostic has BugType and Category fields, which are both arbitrary human-readable strings, but we need to know the exact name of the checker in the form that can be used in the CheckersControlList option to enable/disable the specific checker. This patch adds the CheckName field to the CheckerBase class, and sets it in the CheckerManager::registerChecker() method, which gets them from the CheckerRegistry. Checkers that implement multiple checks have to store the names of each check in the respective registerXXXChecker method. Reviewers: jordan_rose, krememek Reviewed By: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D2557 llvm-svn: 201186
* Fix a tranche of comment, test and doc typosAlp Toker2013-12-051-1/+1
| | | | llvm-svn: 196510
* Include llvm::Optional in clang/Basic/LLVM.hDavid Blaikie2013-02-201-1/+0
| | | | | | Post-commit CR feedback from Jordan Rose regarding r175594. llvm-svn: 175679
* Replace SVal llvm::cast support to be well-defined.David Blaikie2013-02-201-7/+6
| | | | | | See r175462 for another example/more details. llvm-svn: 175594
* Sort all of Clang's files under 'lib', and fix up the broken headersChandler Carruth2012-12-041-3/+3
| | | | | | | | | | | | | uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. llvm-svn: 169237
* Include pruning and general cleanup.Benjamin Kramer2012-12-011-0/+1
| | | | llvm-svn: 169095
* [analyzer] Rename 'EmitReport' to 'emitReport'.Jordan Rose2012-11-021-3/+3
| | | | | | No functionality change. llvm-svn: 167275
* [analyzer] Warn about reallocf with an allocation size of 0, like realloc.Jordan Rose2012-10-301-1/+9
| | | | | | Patch by Sean McBride! llvm-svn: 166995
* [analyzer] Rename addTrackNullOrUndefValueVisitor to trackNullOrUndefValue.Jordan Rose2012-08-281-1/+1
| | | | | | | | | | | This helper function (in the clang::ento::bugreporter namespace) may add more than one visitor, but conceptually it's tracking a single use of a null or undefined value and should do so as best it can. Also, the BugReport parameter has been made a reference to underscore that it is non-optional. llvm-svn: 162720
* [analyzer] When a symbol is null, we should track its constraints.Jordan Rose2012-08-031-2/+1
| | | | | | | | Because of this, we would previously emit NO path notes when a parameter is constrained to null (because there are no stores). Now we show where we made the assumption, which is much more useful. llvm-svn: 161280
* Fix a typo (the the => the)Sylvestre Ledru2012-07-231-2/+2
| | | | llvm-svn: 160622
* [analyzer] Guard against C++ member functions that look like system functions.Jordan Rose2012-07-101-1/+5
| | | | | | | | | C++ method calls and C function calls both appear as CallExprs in the AST. This was causing crashes for an object that had a 'free' method. <rdar://problem/11822244> llvm-svn: 160029
* Require that all static analyzer issues have a category. As part of this ↵Ted Kremenek2012-04-051-1/+1
| | | | | | | | | | change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. llvm-svn: 154121
* [analyzer] Implement basic path diagnostic pruning based on "interesting" ↵Ted Kremenek2012-03-091-1/+2
| | | | | | | | | | | | | | | | | symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. llvm-svn: 152361
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-051-2/+2
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-041-0/+1
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-12/+12
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* "This change adds alloca/valloc checks to UnixAPIChecker. It includes a ↵Ted Kremenek2012-01-111-48/+61
| | | | | | | | | | | | small refactoring for the common *alloc functions as well as a few tiny wibbles (adds a note to CWE/CERT advisory numbers in the bug output, and fixes a couple 80-column-wide violations.)" Patch by Austin Seipp! llvm-svn: 147931
* [analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek2012-01-061-5/+6
| | | | | | | | | | | | | | | | | | entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). llvm-svn: 147688
* Enhance UnixAPIChecker to also warn about zero-sized allocations to calloc() ↵Ted Kremenek2012-01-031-25/+113
| | | | | | and realloc(). Patch by Cyril Roelandt! llvm-svn: 147500
* [analyzer] Refactor checkers to use helper function for getting callee Decl ↵Anna Zaks2011-12-011-12/+3
| | | | | | | | and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. llvm-svn: 145576
* [analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks2011-10-261-1/+1
| | | | | | Also document addTransition methods. llvm-svn: 143059
* [analyzer] Simplify CheckerContextAnna Zaks2011-10-251-1/+1
| | | | | | | | | Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? llvm-svn: 142946
* Extend the ASTContext constructor to delay the initialization ofDouglas Gregor2011-09-021-1/+2
| | | | | | | | builtin types (When requested). This is another step toward making ASTUnit build the ASTContext as needed when loading an AST file, rather than doing so after the fact. No actual functionality change (yet). llvm-svn: 138985
* Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) ↵Anna Zaks2011-08-191-2/+2
| | | | | | | | | | | | API in favor of addVisitor(BugReporterVisitor*). 1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well. 2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor. 3) Modify all the checkers to use the new API. llvm-svn: 138126
* Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks2011-08-171-5/+5
| | | | | | functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. llvm-svn: 137894
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-6/+6
| | | | llvm-svn: 137665
* Clean up UnixAPIChecker, including switching its array of BugTypes to ↵Jordy Rose2011-07-151-70/+40
| | | | | | llvm::OwningPtr<BugType> vars (the new convention). No functionality change. llvm-svn: 135255
* [analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis2011-03-011-2/+2
| | | | llvm-svn: 126726
* [analyzer] Migrate to CheckerV2:Argyrios Kyrtzidis2011-02-231-23/+27
| | | | | | | | | | | | CastToStructChecker FixedAddressChecker MacOSXAPIChecker PointerArithChecker PointerSubChecker PthreadLockChecker UnixAPIChecker llvm-svn: 126284
* [analyzer] Pass CheckerManager to the registration functions.Argyrios Kyrtzidis2011-02-171-1/+6
| | | | llvm-svn: 125777
* [analyzer] Use the new registration mechanism on some of the internal ↵Argyrios Kyrtzidis2011-02-151-2/+2
| | | | | | | | | | | | | checks. These are: StackAddrLeakChecker ObjCAtSyncChecker UnixAPIChecker MacOSXAPIChecker The rest have/create implicit dependencies between checkers and need to be handled differently. llvm-svn: 125559
* Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek2011-02-101-2/+2
| | | | | | | | 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. llvm-svn: 125251
* [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> ↵Argyrios Kyrtzidis2011-02-081-1/+1
| | | | | | lib/StaticAnalyzer/Checkers/InternalChecks.h llvm-svn: 125121
OpenPOWER on IntegriCloud