summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [StaticAnalyzer] Completely unrolling specific loops with known bound optionPeter Szecsi2017-07-251-0/+1
| | | | | | | | | | | | | | | | | This feature allows the analyzer to consider loops to completely unroll. New requirements/rules (for unrolling) can be added easily via ASTMatchers. Right now it is hidden behind a flag, the aim is to find the correct heuristic and create a solution which results higher coverage % and more precise analysis, thus can be enabled by default. Right now the blocks which belong to an unrolled loop are marked by the LoopVisitor which adds them to the ProgramState. Then whenever we encounter a CFGBlock in the processCFGBlockEntrance which is marked then we skip its investigating. That means, it won't be considered to be visited more than the maximal bound for visiting since it won't be checked. llvm-svn: 309006
* [analyzer] Add diagnostic text for generalized refcount annotations.Devin Coughlin2017-07-251-11/+13
| | | | | | | | | | | | | | | Add a 'Generalized' object kind to the retain-count checker and suitable generic diagnostic text for retain-count diagnostics involving those objects. For now the object kind is introduced in summaries by 'annotate' attributes. Once we have more experience with these annotations we will propose explicit attributes. Patch by Malhar Thakkar! Differential Revision: https://reviews.llvm.org/D35613 llvm-svn: 308990
* Remove Bitrig: Clang ChangesErich Keane2017-07-211-1/+0
| | | | | | | | Bitrig code has been merged back to OpenBSD, thus the OS has been abandoned. Differential Revision: https://reviews.llvm.org/D35708 llvm-svn: 308797
* Revert "[StaticAnalyzer] Completely unrolling specific loops with known ↵Peter Szecsi2017-07-201-1/+0
| | | | | | | | | | bound option" Revert r308561 and r308558. Clang-ppc64be-linux seems to crash while running the test cases. llvm-svn: 308592
* This feature allows the analyzer to consider loops to completely unroll. NewPeter Szecsi2017-07-191-0/+1
| | | | | | | | | | | | | | | | requirements/rules (for unrolling) can be added easily via ASTMatchers. The current implementation is hidden behind a flag. Right now the blocks which belong to an unrolled loop are marked by the LoopVisitor which adds them to the ProgramState. Then whenever we encounter a CFGBlock in the processCFGBlockEntrance which is marked then we skip its investigating. That means, it won't be considered to be visited more than the maximal bound for visiting since it won't be checked. Differential Revision: https://reviews.llvm.org/D34260 llvm-svn: 308558
* [analyzer] Add annotation attribute to trust retain count implementationDevin Coughlin2017-07-191-4/+31
| | | | | | | | | | | | | | | | | Add support to the retain-count checker for an annotation indicating that a function's implementation should be trusted by the retain count checker. Functions with these attributes will not be inlined and the arguments will be treating as escaping. Adding this annotation avoids spurious diagnostics when the implementation of a reference counting operation is visible but the analyzer can't reason precisely about the ref count. Patch by Malhar Thakkar! Differential Revision: https://reviews.llvm.org/D34937 llvm-svn: 308416
* [analyzer] Add annotation for functions taking user-facing stringsErik Verbruggen2017-07-141-10/+59
| | | | | | | | | | | | | | | | There was already a returns_localized_nsstring annotation to indicate that the return value could be passed to UIKit methods that would display them. However, those UIKit methods were hard-coded, and it was not possible to indicate that other classes/methods in a code-base would do the same. The takes_localized_nsstring annotation can be put on function parameters and selector parameters to indicate that those will also show the string to the user. Differential Revision: https://reviews.llvm.org/D35186 llvm-svn: 308012
* [analyzer] Move zero-size allocation checks to optin.portability.Artem Dergachev2017-06-271-20/+35
| | | | | | | | | | | | | | This is a new checker package. It contains checkers that highlight well-documented implementation-defined behavior. Such checkers are only useful to developers that intend to write portable code. Code that is only compiled for a single platform should be allowed to rely on this platform's specific documented behavior. rdar://problem/30545046 Differential Revision: https://reviews.llvm.org/D34102 llvm-svn: 306396
* [analyzer] Do not continue to analyze a path if the constraints contradict ↵Gabor Horvath2017-06-221-1/+3
| | | | | | | | with builtin assume Differential Revision: https://reviews.llvm.org/D34502 llvm-svn: 305991
* [analyzer] LocalizationChecker: Support new localizable APIs.Artem Dergachev2017-06-211-0/+43
| | | | | | | | | | | | Add support for new methods that were added in macOS High Sierra & iOS 11 and require a localized string. Patch by Kulpreet Chilana! rdar://problem/32795210 Differential Revision: https://reviews.llvm.org/D34266 llvm-svn: 305896
* [analyzer] Teach CloneDetection about Qt Meta-Object Compiler to filter auto ↵Leslie Zhai2017-06-201-1/+1
| | | | | | | | | | | | generated files Reviewers: v.g.vassilev, teemperor Reviewed By: teemperor Differential Revision: https://reviews.llvm.org/D34353 llvm-svn: 305774
* [analyzer] Check NULL pointer dereference issue for memset functionLeslie Zhai2017-06-201-0/+51
| | | | | | | | | | Reviewers: dcoughlin, zaks.anna, NoQ, danielmarjamaki Reviewed By: NoQ, danielmarjamaki Differential Revision: https://reviews.llvm.org/D31868 llvm-svn: 305773
* [analyzer] Teach CloneDetection about Qt Meta-Object CompilerLeslie Zhai2017-06-191-1/+6
| | | | | | | | | | Reviewers: v.g.vassilev, zaks.anna, NoQ, teemperor Reviewed By: v.g.vassilev, zaks.anna, NoQ, teemperor Differential Revision: https://reviews.llvm.org/D31320 llvm-svn: 305659
* [analyzer] Nullability: fix notes around synthesized ObjC property accessors.Artem Dergachev2017-06-051-1/+1
| | | | | | | | | | | | | Nullable-to-nonnull checks used to crash when the custom bug visitor was trying to add its notes to autosynthesized accessors of Objective-C properties. Now we avoid this, mostly automatically outside of checker control, by moving the diagnostic to the parent stack frame where the accessor has been called. Differential revision: https://reviews.llvm.org/D32437 llvm-svn: 304710
* Added LLVM_FALLTHROUGH to address warning: this statement may fall through. NFC.Galina Kistanova2017-06-031-0/+1
| | | | llvm-svn: 304644
* [analyzer] Support partially tainted records.Artem Dergachev2017-05-291-59/+24
| | | | | | | | | | | | | | | | The analyzer's taint analysis can now reason about structures or arrays originating from taint sources in which only certain sections are tainted. In particular, it also benefits modeling functions like read(), which may read tainted data into a section of a structure, but RegionStore is incapable of expressing the fact that the rest of the structure remains intact, even if we try to model read() directly. Patch by Vlad Tsyrklevich! Differential revision: https://reviews.llvm.org/D28445 llvm-svn: 304162
* [analyzer] Initial commit for the upcoming refactoring of the IteratorChecker.Artem Dergachev2017-05-293-841/+834
| | | | | | | | | | | | | | | The new checker currently contains the very core infrastructure for tracking the state of iterator-type objects in the analyzer: relating iterators to their containers, tracking symbolic begin and end iterator values for containers, and solving simple equality-type constraints over iterators. A single specific check over this infrastructure is capable of finding usage of out-of-range iterators in some simple cases. Patch by Ádám Balogh! Differential revision: https://reviews.llvm.org/D32592 llvm-svn: 304160
* [analyzer] PthreadLockChecker: model failed pthread_mutex_destroy() calls.Artem Dergachev2017-05-291-13/+133
| | | | | | | | | | | | | pthread_mutex_destroy() may fail, returning a non-zero error number, and keeping the mutex untouched. The mutex can be used on the execution branch that follows such failure, so the analyzer shouldn't warn on using a mutex that was previously destroyed, when in fact the destroy call has failed. Patch by Malhar Thakkar! Differential revision: https://reviews.llvm.org/D32449 llvm-svn: 304159
* [analyzer] Add modelling of __builtin_assumeGabor Horvath2017-05-121-0/+16
| | | | | | Differential Revision: https://reviews.llvm.org/D33092 llvm-svn: 302880
* [analyzer] Avoid an allocation in Std C function modellingGabor Horvath2017-05-121-1/+4
| | | | | | Differential Revision: https://reviews.llvm.org/D33095 llvm-svn: 302879
* Use clang++-3.5 compatible initializer_list constructorSerge Guelton2017-05-101-1/+1
| | | | | | Otherwise, a warning is issued. llvm-svn: 302654
* Suppress all uses of LLVM_END_WITH_NULL. NFC.Serge Guelton2017-05-094-85/+52
| | | | | | | | | | Use variadic templates instead of relying on <cstdarg> + sentinel. This enforces better type checking and makes code more readable. Differential revision: https://reviews.llvm.org/D32550 llvm-svn: 302572
* [analyzer] Fix memory error bug category capitalization.Artem Dergachev2017-05-033-18/+22
| | | | | | | | | | | | It was written as "Memory Error" in most places and as "Memory error" in a few other places, however it is the latter that is more consistent with other categories (such as "Logic error"). rdar://problem/31718115 Differential Revision: https://reviews.llvm.org/D32702 llvm-svn: 302016
* [analyzer] Detect bad free of function pointersDaniel Marjamaki2017-05-021-1/+44
| | | | | | Differential Revision: https://reviews.llvm.org/D31650 llvm-svn: 301913
* [analyzer] Teach the MallocChecker about Glib API for two argumentsLeslie Zhai2017-04-261-28/+74
| | | | | | | | | | | | Reviewers: zaks.anna, NoQ, danielmarjamaki Reviewed By: zaks.anna, NoQ, danielmarjamaki Subscribers: cfe-commits, kalev, pwithnall Differential Revision: https://reviews.llvm.org/D30771 llvm-svn: 301384
* [analyzer] Enforce super-region classes for various memory regions.Artem Dergachev2017-04-131-2/+2
| | | | | | | | | | | | We now check the type of the super-region pointer for most SubRegion classes in compile time; some checks are run-time though. This is an API-breaking change (we now require explicit casts to specific region sub-classes), but in practice very few checkers are affected. Differential Revision: https://reviews.llvm.org/D26838 llvm-svn: 300189
* [analyzer] Reland r299544 "Add a modular constraint system to the CloneDetector"Artem Dergachev2017-04-061-31/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | Hopefully fix crashes by unshadowing the variable. Original commit message: A big part of the clone detection code is functionality for filtering clones and clone groups based on different criteria. So far this filtering process was hardcoded into the CloneDetector class, which made it hard to understand and, ultimately, to extend. This patch splits the CloneDetector's logic into a sequence of reusable constraints that are used for filtering clone groups. These constraints can be turned on and off and reodreder at will, and new constraints are easy to implement if necessary. Unit tests are added for the new constraint interface. This is a refactoring patch - no functional change intended. Patch by Raphael Isemann! Differential Revision: https://reviews.llvm.org/D23418 llvm-svn: 299653
* Revert "[analyzer] Add a modular constraint system to the CloneDetector"Artem Dergachev2017-04-051-69/+31
| | | | | | | | This reverts commit r299544. Crashes on tests on some buildbots. llvm-svn: 299550
* [analyzer] Add a modular constraint system to the CloneDetectorArtem Dergachev2017-04-051-31/+69
| | | | | | | | | | | | | | | | | | | | | | A big part of the clone detection code is functionality for filtering clones and clone groups based on different criteria. So far this filtering process was hardcoded into the CloneDetector class, which made it hard to understand and, ultimately, to extend. This patch splits the CloneDetector's logic into a sequence of reusable constraints that are used for filtering clone groups. These constraints can be turned on and off and reodreder at will, and new constraints are easy to implement if necessary. Unit tests are added for the new constraint interface. This is a refactoring patch - no functional change intended. Patch by Raphael Isemann! Differential Revision: https://reviews.llvm.org/D23418 llvm-svn: 299544
* [analyzer] alpha.core.Conversion - Fix false positive for 'U32 += S16;' ↵Daniel Marjamaki2017-04-051-10/+32
| | | | | | | | | | | expression, that is not unsafe Summary: The alpha.core.Conversion was too strict about compound assignments and could warn even though there is no problem. Differential Revision: https://reviews.llvm.org/D25596 llvm-svn: 299523
* Spelling mistakes in comments. NFCI. (PR27635)Simon Pilgrim2017-03-302-3/+3
| | | | llvm-svn: 299083
* [analyzer] When creating a temporary object, properly copy the value into it.Artem Dergachev2017-03-281-9/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adjustments should be considered properly; we should copy the unadjusted object over the whole temporary base region. If the unadjusted object is no longer available in the Environment, invalidate the temporary base region, and then copy the adjusted object into the adjusted sub-region of the temporary region. This fixes a regression introduced by r288263, that caused various false positives, due to copying only adjusted object into the adjusted region; the rest of the base region therefore remained undefined. Before r288263, the adjusted value was copied over the unadjusted region, which is incorrect, but accidentally worked better due to how region store disregards compound value bindings to non-base regions. An additional test machinery is introduced to make sure that despite making two binds, we only notify checkers once for both of them, without exposing the partially copied objects. This fix is a hack over a hack. The proper fix would be to model C++ temporaries in the CFG, and after that dealing with adjustments would no longer be necessary, and the values we need would no longer disappear from the Environment. rdar://problem/30658168 Differential Revision: https://reviews.llvm.org/D30534 llvm-svn: 298924
* [analyzer] MisusedMovedObject: Remove deprecated callback. NFCArtem Dergachev2017-03-241-7/+0
| | | | | | | | wantsRegionChangeUpdate() checker callback is no longer used since recently. Fixes a buildbot warning. llvm-svn: 298699
* [analyzer] Add MisusedMovedObjectChecker for detecting use-after-move errors.Artem Dergachev2017-03-242-0/+489
| | | | | | | | | | | | The checker currently warns on copying, moving, or calling methods on an object that was recently std::move'd from. It understands a set of "state reset" methods that bring a moved-from object back to a well-specified state. Patch by Peter Szecsi! Differential Revision: https://reviews.llvm.org/D24246 llvm-svn: 298698
* Remove repeated code (PR32250). NFCI.Simon Pilgrim2017-03-151-2/+0
| | | | llvm-svn: 297905
* [analyzer] Fix a rare crash for valist check.Gabor Horvath2017-03-131-6/+2
| | | | | | | | | It looks like on some host-triples the result of a valist related expr can be a LazyCompoundVal. Handle that case in the check. Patch by Abramo Bagnara! llvm-svn: 297619
* [analyzer] Extend block in critical section check with C11 and Pthread APIs.Gabor Horvath2017-03-101-13/+57
| | | | | | | | Patch by Zoltan Daniel Torok! Differential Revision: https://reviews.llvm.org/D29567 llvm-svn: 297461
* [analyzer] Extend taint propagation and checking to support LazyCompoundValAnna Zaks2017-03-091-0/+37
| | | | | | | | A patch by Vlad Tsyrklevich! Differential Revision: https://reviews.llvm.org/D28445 llvm-svn: 297326
* [analyzer] Improve usability of ExprInspectionCheckerAnna Zaks2017-03-091-2/+2
| | | | | | | | | | | | | | | | Some of the magic functions take arguments of arbitrary type. However, for semantic correctness, the compiler still requires a declaration of these functions with the correct type. Since C does not have argument-type-overloaded function, this made those functions hard to use in C code. Improve this situation by allowing arbitrary suffixes in the affected magic functions' names, thus allowing the user to create different declarations for different types. A patch by Keno Fischer! Differential Revision: https://reviews.llvm.org/D30589 llvm-svn: 297325
* [analyzer] Add bug visitor for taint checker.Anna Zaks2017-03-091-2/+46
| | | | | | | | | | | | Add a bug visitor to the taint checker to make it easy to distinguish where the tainted value originated. This is especially useful when the original taint source is obscured by complex data flow. A patch by Vlad Tsyrklevich! Differential Revision: https://reviews.llvm.org/D30289 llvm-svn: 297324
* [analyzer] Teach the MallocChecker about about Glib APIAnna Zaks2017-03-091-7/+40
| | | | | | | | A patch by Leslie Zhai! Differential Revision: https://reviews.llvm.org/D28348 llvm-svn: 297323
* [analyzer] Clarify 'uninitialized function argument' messagesDaniel Marjamaki2017-03-081-31/+45
| | | | | | Differential Revision: https://reviews.llvm.org/D30341 llvm-svn: 297283
* [analyzer] Fix crashes in CastToStruct checker for undefined structsDaniel Marjamaki2017-03-071-0/+4
| | | | | | | | This crash was reported in https://bugs.llvm.org//show_bug.cgi?id=31173 Differential Revision: https://reviews.llvm.org/D28297 llvm-svn: 297187
* [analyzer] Improve valist checks and move it out from alpha state.Gabor Horvath2017-03-071-24/+65
| | | | | | | | | This patch makes the valist check more robust to the different AST variants on different platforms and also fixes a FIXME. Differential Revision: https://reviews.llvm.org/D30157 llvm-svn: 297153
* [Analyzer] Fix crash in ObjCPropertyChecker on protocol propertyDevin Coughlin2017-03-011-2/+1
| | | | | | | | | | | Fix a crash in the ObjCPropertyChecker when analyzing a 'copy' property of an NSMutable* type in a protocol. rdar://problem/30766684 Differential Revision: https://reviews.llvm.org/D30482 llvm-svn: 296562
* [analyzer] clarify 'result is garbage value' when it is out of boundsDaniel Marjamaki2017-02-271-0/+26
| | | | | | Differential Revision: https://reviews.llvm.org/D28278 llvm-svn: 296326
* [analyzer] Revert 295545. There are buildbot failures.Daniel Marjamaki2017-02-181-7/+0
| | | | llvm-svn: 295548
* [analyzer] Fix crash in CastToStruct when there is no record definitionDaniel Marjamaki2017-02-181-0/+7
| | | | | | | | This crash was reported in https://bugs.llvm.org//show_bug.cgi?id=31173 Differential Revision: https://reviews.llvm.org/D28297 llvm-svn: 295545
* [analyzer] Fix an assertion fail in CStringSyntaxChecker.Gabor Horvath2017-02-021-17/+15
| | | | | | Differential Revision: https://reviews.llvm.org/D29384 llvm-svn: 293874
* In VirtualCallChecker, handle indirect callsSam McCall2017-01-311-1/+2
| | | | | | | | | | | | | | | Summary: In VirtualCallChecker, handle indirect calls. getDirectCallee() can be nullptr, and dyn_cast(nullptr) is UB Reviewers: bkramer Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D29303 llvm-svn: 293604
OpenPOWER on IntegriCloud