summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Malloc checker: make a bit safer.Anna Zaks2012-02-151-2/+6
| | | | llvm-svn: 150556
* [analyzer] Malloc Checker: add support for reallocf, which always freesAnna Zaks2012-02-151-22/+44
| | | | | | the passed in pointer on failure. llvm-svn: 150533
* [analyzer] Malloc Checker: add support for valloc + minor codeAnna Zaks2012-02-151-12/+19
| | | | | | hardening. llvm-svn: 150532
* [analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks2012-02-144-59/+124
| | | | | | | | | | | | (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. llvm-svn: 150513
* [analyzer] Malloc Checker: realloc: add dependency between the symbolsAnna Zaks2012-02-141-9/+6
| | | | | | | | | | | | | in realloc map. If there is no dependency, the reallocated ptr will get garbage collected before we know that realloc failed, which would lead us to missing a memory leak warning. Also added new test cases, which we can handle now. Plus minor cleanups. llvm-svn: 150446
* [analyzer] Malloc Checker: realloc: correct the way we are handing theAnna Zaks2012-02-131-8/+9
| | | | | | case when size is 0. llvm-svn: 150412
* [analyzer] Malloc checker: rework realloc handling:Anna Zaks2012-02-131-34/+80
| | | | | | | | | | | | | | | | | | | 1) Support the case when realloc fails to reduce False Positives. (We essentially need to restore the state of the pointer being reallocated.) 2) Realloc behaves differently under special conditions (from pointer is null, size is 0). When detecting these cases, we should consider under-constrained states (size might or might not be 0). The old version handled this in a very hacky way. The code did not differentiate between definite and possible (no consideration for under-constrained states). Further, after processing each special case, the realloc processing function did not return but chained to the next special case processing. So you could end up in an execution in which you first see the states in which size is 0 and realloc ~ free(), followed by the states corresponding to size is not 0 followed by the evaluation of the regular realloc behavior. llvm-svn: 150402
* [analyzer] Malloc Checker: reduce false negatives rate by assuming thatAnna Zaks2012-02-111-6/+28
| | | | | | | a pointer cannot escape through calls to system functions. Also, stop after reporting the first use-after-free. llvm-svn: 150315
* [analyzer] Malloc Checker: Report a leak when we are returning freedAnna Zaks2012-02-111-0/+6
| | | | | | | | | memory. (As per one test case, the existing checker thought that this could cause a lot of false positives - not sure if that's valid, to be verified.) llvm-svn: 150313
* [analyzer] Malloc checker: Leak bugs should be suppressed by sinks.Anna Zaks2012-02-111-18/+28
| | | | | | | Resolves a common false positive, where we were reporting a leak inside asserts llvm-svn: 150312
* [analyzer] MallocChecker: refactor/improve the symbol escape logic.Anna Zaks2012-02-111-71/+103
| | | | | | We use the same logic here as the RetainRelease checker. llvm-svn: 150311
* [analyzer] New checker for assignment of non-0/1 values to Boolean variables.Ryan Govostes2012-02-113-0/+162
| | | | llvm-svn: 150306
* [analyzer] MallocChecker Cleanup - harden against crashes, fix an errorAnna Zaks2012-02-101-12/+23
| | | | | | (use of return instead of continue), wording. llvm-svn: 150215
* Remove unused fun.Benjamin Kramer2012-02-091-1/+0
| | | | llvm-svn: 150172
* [analyzer] MallocChecker: address a diagnostic "fixme".Anna Zaks2012-02-091-11/+11
| | | | llvm-svn: 150158
* [analyzer] Add custom path diagnostic to the Malloc Checker.Anna Zaks2012-02-091-1/+77
| | | | | | | Very simple so far - we just highlight every allocation and release site. llvm-svn: 150156
* [analyzer] MallocChecker cleanup, more tests.Anna Zaks2012-02-091-1/+0
| | | | llvm-svn: 150155
* [analyzer] MallocChecker: implement pessimistic version of the checker,Anna Zaks2012-02-081-29/+62
| | | | | | | | | | | | which allows values to escape through unknown calls. Assumes all calls but the malloc family are unknown. Also, catch a use-after-free when a pointer is passed to a function after a call to free (previously, you had to explicitly dereference the pointer value). llvm-svn: 150112
* [analyzer] Split the MallocChecker into two versions - pessimistic andAnna Zaks2012-02-082-4/+22
| | | | | | | | | | | | optimistic. TODO: actually implement the pessimistic version of the checker. Ex: it needs to assume that any function that takes a pointer might free it. The optimistic version relies on annotations to tell us which functions can free the pointer. llvm-svn: 150111
* [analyzer] MallocChecker: convert from using evalCall toAnna Zaks2012-02-081-36/+33
| | | | | | | | | post visit of CallExpr. In general, we should avoid using evalCall as it leads to interference with other checkers. llvm-svn: 150086
* Revert my patches which removed Diagnostic.h includes by moving some ↵Benjamin Kramer2012-02-075-5/+0
| | | | | | | | | | | | | | | | | | operator overloads out of line. This seems to negatively affect compile time onsome ObjC tests (which use a lot of partial diagnostics I assume). I have to come up with a way to keep them inline without including Diagnostic.h everywhere. Now adding a new diagnostic requires a full rebuild of e.g. the static analyzer which doesn't even use those diagnostics. This reverts commit 6496bd10dc3a6d5e3266348f08b6e35f8184bc99. This reverts commit 7af19b817ba964ac560b50c1ed6183235f699789. This reverts commit fdd15602a42bbe26185978ef1e17019f6d969aa7. This reverts commit 00bd44d5677783527d7517c1ffe45e4d75a0f56f. This reverts commit ef9b60ffed980864a8db26ad30344be429e58ff5. llvm-svn: 150006
* Print NamedDecls directly to a raw_ostream where possible.Benjamin Kramer2012-02-072-4/+4
| | | | llvm-svn: 149982
* Switch the ObjC*Decl raw_stream overloads to take a reference, for ↵Benjamin Kramer2012-02-071-2/+2
| | | | | | consistency with NamedDecls. llvm-svn: 149981
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-072-12/+77
| | | | | | separately. llvm-svn: 149947
* Add basic BugReporter support for CallEnter/CallExit. WIP.Ted Kremenek2012-02-071-0/+7
| | | | llvm-svn: 149939
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-0523-41/+41
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-0536-65/+65
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-0421-2/+21
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-0410-0/+10
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* [analyzer] Make sure Containers OutOfBounds checker does not crash on ↵Anna Zaks2012-02-041-20/+14
| | | | | | undefined arguments, when CF functions are called with wrong number of arguments. llvm-svn: 149771
* [analyzer] Turn on by default two checkers:Anna Zaks2012-02-041-11/+12
| | | | | | | - osx.coreFoundation.containers.IndexOutOfBounds - osx.cocoa.SelfInit llvm-svn: 149747
* [analyzer] Minor cleanups to the ObjCSelfInitChecker.Anna Zaks2012-02-043-17/+7
| | | | | | (Also renames in other ObjC checkers to create one category of checks.) llvm-svn: 149745
* [analyzer] Fix a false positive in the CFArrayCreate check that surfacesAnna Zaks2012-02-021-1/+10
| | | | | | | | | | the the code like this (due to x and &x being the same value but different size): void* x[] = { ptr1, ptr2, ptr3 }; CFArrayCreate(NULL, (const void **) &x, count, NULL); llvm-svn: 149579
* Fix an assertion failure in isMacOSXVersionLT for IOS targets.Bob Wilson2012-01-311-4/+3
| | | | | | | Check if the triple OS is IOS instead of checking for arm/thumb architectures and check that before calling isMacOSXVersionLT. llvm-svn: 149454
* [analyzer] Add checks for common anti-patterns in strncat.Anna Zaks2012-01-313-4/+203
| | | | | | | (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407
* [analyzer] Change the warning to suggest 'strlcat/strlcpy' asAnna Zaks2012-01-311-2/+2
| | | | | | replacements for 'starcat/strcpy' instead of 'strncat/strncpy'. llvm-svn: 149406
* Convert checker over to using ProgramStateRef.Ted Kremenek2012-01-311-4/+4
| | | | llvm-svn: 149319
* [analyzer] Rename the checker as per Ted's comment. Remove the referenceAnna Zaks2012-01-301-4/+6
| | | | | | from the driver. llvm-svn: 149276
* [analyzer] Make osx.cocos.CFContainersSyntax a default checker.Anna Zaks2012-01-301-4/+4
| | | | llvm-svn: 149258
* [analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.Anna Zaks2012-01-303-0/+166
| | | | llvm-svn: 149228
* StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers ↵Benjamin Kramer2012-01-284-1/+4
| | | | | | that don't care about the language don't have to pull in all the headers. llvm-svn: 149178
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-2639-318/+318
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* StaticAnalyzer/Checkers: Fix CMake build.NAKAMURA Takumi2012-01-261-1/+1
| | | | llvm-svn: 149009
* [analyzer] Add an AST checker that checks for a common pitfall whenAnna Zaks2012-01-263-0/+168
| | | | | | | | | | | using CFArrayCreate & family. Specifically, CFArrayCreate's input should be: 'A C array of the pointer-sized values to be in the new array.' (radar://10717339) llvm-svn: 149008
* [analyzer] Add more C taint sources/sinks.Anna Zaks2012-01-241-22/+45
| | | | llvm-svn: 148844
* [analyzer] It's possible to have a non PointerType expression evaluate to a ↵Anna Zaks2012-01-211-2/+2
| | | | | | Loc value. When this happens, use the default type. llvm-svn: 148631
* [analyzer] Make VLA checker taint aware. Anna Zaks2012-01-213-34/+65
| | | | | | Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later). llvm-svn: 148626
* More dead code removal (using -Wunreachable-code)David Blaikie2012-01-202-4/+0
| | | | llvm-svn: 148577
* [analyzer] Add taint awareness to DivZeroChecker.Anna Zaks2012-01-201-11/+26
| | | | llvm-svn: 148566
* Reenable DeadStoresChecker under --analyze, and move the ↵Ted Kremenek2012-01-201-4/+3
| | | | | | IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>. llvm-svn: 148533
OpenPOWER on IntegriCloud