summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.Anna Zaks2013-11-041-1/+2
| | | | llvm-svn: 194005
* StaticAnalyzer/Checkers/DynamicTypePropagation.cpp: Fix in comments. 80-col ↵NAKAMURA Takumi2013-10-281-2/+2
| | | | | | and an utf8 char. llvm-svn: 193513
* Forgot some references to misspelled enums.Benjamin Kramer2013-10-201-4/+4
| | | | llvm-svn: 193047
* Miscellaneous speling fixes.Benjamin Kramer2013-10-201-1/+1
| | | | llvm-svn: 193046
* [analyzer] ArrayRef-ize BugReporter::EmitBasicReport.Jordan Rose2013-10-077-32/+19
| | | | | | No functionality change. llvm-svn: 192114
* [analyzer] RetainCountChecker: add support for CFAutorelease.Jordan Rose2013-10-071-8/+22
| | | | | | <rdar://problems/13710586&13710643> llvm-svn: 192113
* [analyzer] Replace bug category magic strings with shared constants, take 2.Jordan Rose2013-10-045-25/+6
| | | | | | | Re-commit r191910 (reverted in r191936) with layering violation fixed, by moving the bug categories to StaticAnalyzerCore instead of ...Checkers. llvm-svn: 191937
* Temporarily revert r191910 until the layering violation can be fixed.Richard Smith2013-10-033-6/+5
| | | | llvm-svn: 191936
* [analyzer] Replace bug category magic strings with shared constants.Jordan Rose2013-10-033-5/+6
| | | | | | | | | | One small functionality change is to bring the sizeof-pointer checker in line with the other checkers by making its category be "Logic error" instead of just "Logic". There should be no other functionality changes. Patch by Daniel Marjamäki! llvm-svn: 191910
* [analyzer] Add new debug helper clang_analyzer_warnIfReached.Jordan Rose2013-10-031-0/+13
| | | | | | | | | | | | | This will emit a warning if a call to clang_analyzer_warnIfReached is executed, printing REACHABLE. This is a more explicit way to declare expected reachability than using clang_analyzer_eval or triggering a bug (divide-by-zero or null dereference), and unlike the former will work the same in inlined functions and top-level functions. Like the other debug helpers, it is part of the debug.ExprInspection checker. Patch by Jared Grubb! llvm-svn: 191909
* [analyzer] Add missing return after function pointer null check.Jordan Rose2013-10-021-0/+1
| | | | | | | | | | | | | | | | | Also add some tests that there is actually a message and that the bug is actually a hard error. This actually behaved correctly before, because: - addTransition() doesn't actually add a transition if the new state is null; it assumes you want to propagate the predecessor forward and does nothing. - generateSink() is called in order to emit a bug report. - If at least one new node has been generated, the predecessor node is /not/ propagated forward. But now it's spelled out explicitly. Found by Richard Mazorodze, who's working on a patch that may require this. llvm-svn: 191805
* [analyzer] Handle destructors for the argument to C++ 'delete'.Jordan Rose2013-09-251-1/+2
| | | | | | | | | | | | | | | | | Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! llvm-svn: 191381
* Fix array_pod_sort predicates after LLVM change.Benjamin Kramer2013-09-221-3/+3
| | | | llvm-svn: 191176
* array_pod_sort loses some type safety, better use the right types.Benjamin Kramer2013-09-221-2/+2
| | | | llvm-svn: 191174
* Rewrite a cold use of std::sort to array_pod_sort.Benjamin Kramer2013-09-221-12/+16
| | | | | | No functionality change. llvm-svn: 191173
* [analyzer] Stop tracking the objects with attribute cleanup in the ↵Anna Zaks2013-09-171-0/+10
| | | | | | | | RetainCountChecker. This suppresses false positive leaks. We stop tracking a value if it is assigned to a variable declared with a cleanup attribute. llvm-svn: 190835
* New message for cases when ownership is taken:Anton Yartsev2013-09-161-10/+23
| | | | | | | | "+method_name: cannot take ownership of memory allocated by 'new'." instead of the old "Memory allocated by 'new' should be deallocated by 'delete', not +method_name" llvm-svn: 190800
* Clean up some Triple usage in clang.Cameron Esfahani2013-09-141-2/+1
| | | | llvm-svn: 190737
* Fix two incorrect comments.Jordan Rose2013-09-131-2/+2
| | | | | | Patch by Jared Grubb! llvm-svn: 190652
* Get rid of unused isPodLike definition.Eli Friedman2013-09-111-2/+0
| | | | llvm-svn: 190463
* Switched FormatAttr to using an IdentifierArgument instead of a ↵Aaron Ballman2013-09-031-1/+2
| | | | | | StringArgument since that is a more accurate modeling. llvm-svn: 189851
* Use pop_back_val() instead of both back() and pop_back().Robert Wilhelm2013-08-231-3/+2
| | | | | | No functionality change intended. llvm-svn: 189112
* [analyzer] Don't run unreachable code checker on inlined functions.Jordan Rose2013-08-191-0/+3
| | | | | | | | | This is still an alpha checker, but we use it in certain tests to make sure something is not being executed. This should fix the buildbots. llvm-svn: 188682
* [analyzer] Assume that strings are no longer than SIZE_MAX/4.Jordan Rose2013-08-191-2/+15
| | | | | | | | | This keeps the analyzer from making silly assumptions, like thinking strlen(foo)+1 could wrap around to 0. This fixes PR16558. Patch by Karthik Bhat! llvm-svn: 188680
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-6/+19
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* Use the number of parameters in the actual method or function to determine ↵Ted Kremenek2013-08-161-7/+1
| | | | | | the CallEffects size. llvm-svn: 188587
* RetainCountChecker: Replace some loops with std:: algorithms.Benjamin Kramer2013-08-161-17/+5
| | | | llvm-svn: 188581
* Revert r188574. Turns out it isn't needed.Ted Kremenek2013-08-161-1/+0
| | | | llvm-svn: 188578
* Need summary info. about arguments toFariborz Jahanian2013-08-161-0/+1
| | | | | | CF functions coming from static analyzer API. llvm-svn: 188574
* [analyzer] If realloc fails on an escaped region, that region doesn't leak.Jordan Rose2013-08-151-1/+1
| | | | | | | | | | | | | | | | | | When a region is realloc()ed, MallocChecker records whether it was known to be allocated or not. If it is, and the reallocation fails, the original region has to be freed. Previously, when an allocated region escaped, MallocChecker completely stopped tracking it, so a failed reallocation still (correctly) wouldn't require freeing the original region. Recently, however, MallocChecker started tracking escaped symbols, so that if it were freed we could check that the deallocator matched the allocator. This broke the reallocation model for whether or not a symbol was allocated. Now, MallocChecker will actually check if a symbol is owned, and only require freeing after a failed reallocation if it was owned before. PR16730 llvm-svn: 188468
* [static analyzer] add a simple "CallEffects" API to query the retain count ↵Ted Kremenek2013-08-141-0/+44
| | | | | | | | | | | | | | semantics of a method. This is intended to be a simplified API, whose internals are deliberately less efficient for the purpose of a simplified interface, for use with clients that want to query the analyzer's heuristics for determining retain count semantics. There are no immediate clients, but it is intended to be used by the ObjC modernizer. llvm-svn: 188433
* [static analyzer] Factor out ArgEffect and RetEffect into public header file.Ted Kremenek2013-08-141-93/+14
| | | | | | | This is a WIP change to allow other clients to query the retain count heuristics of the static analyzer. llvm-svn: 188432
* DirectIvarAssignment: Replace vtable'd objects with simple functions.Benjamin Kramer2013-08-091-31/+19
| | | | | | Avoids unnecessary static constructors. llvm-svn: 188083
* [analyzer] Warn when using 'delete' on an uninitialized variable.Jordan Rose2013-08-091-1/+29
| | | | | | Patch by Karthik Bhat, modified slightly by me. llvm-svn: 188043
* Eliminate CXXConstructorDecl::IsImplicitlyDefined.Jordan Rose2013-08-071-1/+1
| | | | | | | | | | | | This field is just IsDefaulted && !IsDeleted; in all places it's used, a simple check for isDefaulted() is superior anyway, and we were forgetting to set it in a few cases. Also eliminate CXXDestructorDecl::IsImplicitlyDefined, for the same reasons. No intended functionality change. llvm-svn: 187891
* [analyzer] Don't process autorelease counts in synthesized function bodies.Jordan Rose2013-08-011-1/+8
| | | | | | | | | | | | | | | We process autorelease counts when we exit functions, but if there's an issue in a synthesized body the report will get dropped. Just skip the processing for now and let it get handled when the caller gets around to processing autoreleases. (This is still suboptimal: objects autoreleased in the caller context should never be warned about when exiting a callee context, synthesized or not.) Second half of <rdar://problem/14611722> llvm-svn: 187625
* Make IgnoreParens() look through ChooseExprs.Eli Friedman2013-07-201-13/+2
| | | | | | | | | | | | | This is the same way GenericSelectionExpr works, and it's generally a more consistent approach. A large part of this patch is devoted to caching the value of the condition of a ChooseExpr; it's needed to avoid threading an ASTContext into IgnoreParens(). Fixes <rdar://problem/14438917>. llvm-svn: 186738
* [analyzer] Include analysis stack in crash traces.Jordan Rose2013-07-191-0/+7
| | | | | | | | | | | | | Sample output: 0. Program arguments: ... 1. <eof> parser at end of file 2. While analyzing stack: #0 void inlined() #1 void test() 3. crash-trace.c:6:3: Error evaluating statement llvm-svn: 186639
* Add 'static' and 'const' qualifiers to some arrays of strings.Craig Topper2013-07-151-1/+1
| | | | llvm-svn: 186314
* [analyzer] Add support for __builtin_addressof.Jordan Rose2013-07-121-1/+4
| | | | | | ...so we don't regress on std::addressof. llvm-svn: 186140
* Use SmallVectorImpl instead of SmallVector for iterators and references to ↵Craig Topper2013-07-042-4/+4
| | | | | | avoid specifying the vector size unnecessarily. llvm-svn: 185610
* [analyzer] Improve handling of noreturn destructorsPavel Labath2013-07-031-13/+11
| | | | | | | | | | | | | | | | Summary: The analyzer incorrectly handled noreturn destructors which were hidden inside function calls. This happened because NoReturnFunctionChecker only listened for PostStmt events, which are not executed for destructor calls. I've changed it to listen to PostCall events, which should catch both cases. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1056 llvm-svn: 185522
* Use getAs<> where appropriate on QualTypes instead of using dyn_cast.Eli Friedman2013-06-241-14/+7
| | | | llvm-svn: 184775
* [analyzer] Add a debug checker that prints Exploded GraphAnna Zaks2013-06-242-0/+25
| | | | | | | | | | | Add a debug checker that is useful to understand how the ExplodedGraph is built; it can be triggered using the following command: clang -cc1 -analyze -analyzer-checker=debug.ViewExplodedGraph my_program.c A patch by Béatrice Creusillet! llvm-svn: 184768
* Check the canonical parameter type with getAs<>() in a static checkerReid Kleckner2013-06-241-5/+5
| | | | | | This will prevent breakage when I introduce the DecayedType sugar node. llvm-svn: 184755
* [analyzer] Use output form collections’ count to decide if ObjC for loop ↵Anna Zaks2013-06-221-8/+175
| | | | | | | | | | | should be entered This fixes false positives by allowing us to know that a loop is always entered if the collection count method returns a positive value and vice versa. Addresses radar://14169391. llvm-svn: 184618
* Fix a crash in the static analyzer (bug #16307)Pavel Labath2013-06-191-1/+24
| | | | | | | | | | | | | | | Summary: When processing a call to a function, which got passed less arguments than it expects, the analyzer would crash. I've also added a test for that and a analyzer warning which detects these cases. CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D994 llvm-svn: 184288
* [analyzer] Do not report uninitialized value warnings inside swap functions.Anna Zaks2013-06-182-0/+17
| | | | | | | | | | This silences warnings that could occur when one is swapping partially initialized structs. We suppress not only the assignments of uninitialized members, but any values inside swap because swap could potentially be used as a subroutine to swap class members. This silences a warning from std::try::function::swap() on partially initialized objects. llvm-svn: 184256
* [AST] Don't include RecursiveASTVisitor.h in ASTContext.hReid Kleckner2013-06-171-0/+1
| | | | | | | | | | | | | | | | | | | | The untemplated implementation of getParents() doesn't need to be in a header file. RecursiveASTVisitor.h is full of repeated macro expansion. Moving this include to ASTContext.cpp speeds up compilation of LambdaMangleContext.cpp, a small C++ file with few includes, from 3.7s to 2.8s for me locally. I haven't measured a full build, but it can't hurt. I had to fix a few static analyzer files that were depending on transitive includes of C++ AST headers. Reviewers: rsmith, klimek Differential Revision: http://llvm-reviews.chandlerc.com/D982 llvm-svn: 184075
* Fix memory corruption in CStringCheckerPavel Labath2013-06-121-4/+1
| | | | | | | | | | | | | | | Summary: "register" functions for the checker were caching the checker objects in a static variable. This caused problems when the function is called with a different CheckerManager. Reviewers: klimek CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D955 llvm-svn: 183823
OpenPOWER on IntegriCloud