summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove many superfluous SmallString::str() calls.Yaron Keren2015-03-182-2/+2
| | | | | | | | | | | | | | | Now that SmallString is a first-class citizen, most SmallString::str() calls are not required. This patch removes a whole bunch of them, yet there are lots more. There are two use cases where str() is really needed: 1) To use one of StringRef member functions which is not available in SmallString. 2) To convert to std::string, as StringRef implicitly converts while SmallString do not. We may wish to change this, but it may introduce ambiguity. llvm-svn: 232622
* Enable security checks for arc4random() on CloudABI as well.Ed Schouten2015-03-111-0/+1
| | | | | | | CloudABI also supports the arc4random() function. We can enable compiler warnings for rand(), random() and *rand48() on this system as well. llvm-svn: 231914
* [analyzer] Make getCheckIfTracked() return either leak or regular checker.Anton Yartsev2015-03-101-19/+29
| | | | llvm-svn: 231863
* [analyzer] RetainCountChecker: CF properties are always manually retain-counted.Jordan Rose2015-03-071-8/+13
| | | | | | | | | | | In theory we could assume a CF property is stored at +0 if there's not a custom setter, but that's not really worth the complexity. What we do know is that a CF property can't have ownership attributes, and so we shouldn't assume anything about the ownership of the ivar. rdar://problem/20076963 llvm-svn: 231553
* [analyzer] Remove unused type (addition to r231540: "Revert changes from ↵Anton Yartsev2015-03-071-1/+0
| | | | | | r229593") llvm-svn: 231548
* [analyzer] Revert changes from r229593; an enhancement is under discussionAnton Yartsev2015-03-071-87/+67
| | | | llvm-svn: 231540
* [analyzer] Bug fix: do not report leaks for alloca()Anton Yartsev2015-03-041-0/+5
| | | | llvm-svn: 231314
* [analyzer] Individual configuration options can be specified for checkers.Gabor Horvath2015-03-042-30/+20
| | | | | | | | | | Reviewed by: Anna Zaks Original patch by: Aleksei Sidorin Differential Revision: http://reviews.llvm.org/D7905 llvm-svn: 231266
* [analyzer] unix.Malloc: preserve AllocaRegion bound to __builtin_alloca().Anton Yartsev2015-03-031-13/+17
| | | | | | Binding __builtin_alloca() return value to the symbolic value kills previous binding to a AllocaRegion established by the core.BuiltinFunctions checker. Other checkers may rely upon this information. Rollback handling of __builtin_alloca() to the way prior to r229850. llvm-svn: 231160
* Sema: Parenthesized bound destructor member expressions can be calledDavid Majnemer2015-02-251-1/+1
| | | | | | | | | We would wrongfully reject (a.~A)() in both the destructor and pseudo-destructor cases. This fixes PR22668. llvm-svn: 230512
* [analyzer] RetainCountChecker: don't try to track ivars known to be nil.Jordan Rose2015-02-191-2/+4
| | | | | | | | | | | We expect in general that any nil value has no retain count information associated with it; violating this results in unexpected state unification /later/ when we decide to throw the information away. Unexpectedly caching out can lead to an assertion failure or crash. rdar://problem/19862648 llvm-svn: 229934
* [analyzer] Different handling of alloca().Anton Yartsev2015-02-191-30/+78
| | | | | | | | | | + separate bug report for "Free alloca()" error to be able to customize checkers responsible for this error. + Muted "Free alloca()" error for NewDelete checker that is not responsible for c-allocated memory, turned on for unix.MismatchedDeallocator checker. + RefState for alloca() - to be able to detect usage of zero-allocated memory by upcoming ZeroAllocDereference checker. + AF_Alloca family to handle alloca() consistently - keep proper family in RefState, handle 'alloca' by getCheckIfTracked() facility, etc. + extra tests. llvm-svn: 229850
* [analyzer] Refactoring: clarified the way the proper check kind is chosen.Anton Yartsev2015-02-181-64/+86
| | | | llvm-svn: 229593
* [analyzer] Pass actual state to alloc/dealloc handling functions.Anton Yartsev2015-02-101-43/+78
| | | | | | The state obtained from CheckerContext::getState() may be outdated by the time the alloc/dealloc handling function is called (e.g. the state was modified but the transition was not performed). State argument was added to all alloc/dealloc handling functions in order to get the latest state and to allow sequential calls to those functions. llvm-svn: 228737
* Update APIs that return a pair of iterators to return an iterator_range instead.Benjamin Kramer2015-02-061-3/+2
| | | | | | Convert uses of those APIs into ranged for loops. NFC. llvm-svn: 228404
* [analyzer] Do not crash in the KeychainAPI checker on user defined 'free()'.Anna Zaks2015-02-051-2/+10
| | | | llvm-svn: 228248
* [analyzer] Look for allocation site in the parent frames as well as the ↵Anna Zaks2015-02-053-26/+23
| | | | | | | | | | | | | current one. Instead of handling edge cases (mostly involving blocks), where we have difficulty finding an allocation statement, allow the allocation site to be in a parent node. Previously we assumed that the allocation site can always be found in the same frame as allocation, but there are scenarios in which an element is leaked in a child frame but is allocated in the parent. llvm-svn: 228247
* [analyzer] RetainCountChecker: be forgiving when ivars are accessed directly.Jordan Rose2015-02-041-82/+216
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A refinement of r204730, itself a refinement of r198953, to better handle cases where an object is accessed both through a property getter and through direct ivar access. An object accessed through a property should always be treated as +0, i.e. not owned by the caller. However, an object accessed through an ivar may be at +0 or at +1, depending on whether the ivar is a strong reference. Outside of ARC, we don't always have that information. The previous attempt would clear out the +0 provided by a getter, but only if that +0 hadn't already participated in other retain counting operations. (That is, "self.foo" is okay, but "[[self.foo retain] autorelease]" is problematic.) This turned out to not be good enough when our synthesized getters get involved. This commit drops the notion of "overridable" reference counting and instead just tracks whether a value ever came from a (strong) ivar. If it has, we allow one more release than we otherwise would. This has the added benefit of being able to catch /some/ overreleases of instance variables, though it's not likely to come up in practice. We do still get some false negatives because we currently throw away refcount state upon assigning a value into an ivar. We should probably improve on that in the future, especially once we synthesize setters as well as getters. rdar://problem/18075108 llvm-svn: 228174
* Use nullptr to silence -Wsentinel when self-hosting on WindowsReid Kleckner2014-12-011-7/+7
| | | | | | | | | | | Richard rejected my Sema change to interpret an integer literal zero in a varargs context as a null pointer, so -Wsentinel sees an integer literal zero and fires off a warning. Only CodeGen currently knows that it promotes integer literal zeroes in this context to pointer size on Windows. I didn't want to teach -Wsentinel about that compatibility hack. Therefore, I'm migrating to C++11 nullptr. llvm-svn: 223079
* Use the new LLVM_END_WITH_NULL nameReid Kleckner2014-11-041-2/+2
| | | | llvm-svn: 221217
* [analyzer] Move the NewDeleteLeaks checker from CplusplusAlpha to Cplusplus ↵Anton Yartsev2014-10-211-4/+4
| | | | | | package. llvm-svn: 220289
* [analyzer] Tweak MallocSizeOfChecker to not warn when using sizeof(void*) to ↵Ted Kremenek2014-10-191-0/+4
| | | | | | | | | | | allocate a bunch of any pointer type. This suppresses a common false positive when analyzing libc++. Along the way, introduce some tests to show this checker actually works with C++ static_cast<>. llvm-svn: 220160
* [analyzer] Check all 'nonnull' attributes, not just the first one.Jordan Rose2014-10-131-5/+16
| | | | | | Patch by Daniel Fahlgren! llvm-svn: 219625
* Remove stray enum keywords. MSVC sees this as a redeclaration at global scope.Benjamin Kramer2014-10-031-2/+2
| | | | llvm-svn: 219031
* [analyzer] Refactor and cleanup IsCompleteTypeAnna Zaks2014-10-031-12/+1
| | | | | | | | | | There are three copies of IsCompleteType(...) functions in CSA and all of them are incomplete (I experienced crashes in some CSA's test cases). I have replaced these function calls with Type::isIncompleteType() calls. A patch by Aleksei Sidorin! llvm-svn: 219026
* [analyzer] Make Malloc Checker track memory allocated by if_nameindexAnna Zaks2014-10-031-37/+81
| | | | | | | | | | | | | | | The MallocChecker does currently not track the memory allocated by if_nameindex. That memory is dynamically allocated and should be freed by calling if_freenameindex. The attached patch teaches the checker about these functions. Memory allocated by if_nameindex is treated as a separate allocation "family". That way the checker can verify it is freed by the correct function. A patch by Daniel Fahlgren! llvm-svn: 219025
* [analyzer] Make CStringChecker correctly calculate return value of mempcpyAnna Zaks2014-10-031-1/+6
| | | | | | | | | | The return value of mempcpy is only correct when the destination type is one byte in size. This patch casts the argument to a char* so the calculation is also correct for structs, ints etc. A patch by Daniel Fahlgren! llvm-svn: 219024
* Avoid some unnecessary SmallVector copies.Benjamin Kramer2014-09-111-8/+6
| | | | | | No functionality change. llvm-svn: 217586
* Teach the analyzer that __builtin_assume_aligned returns its first argument.Jordan Rose2014-09-091-1/+3
| | | | | | Patch by Daniel Fahlgren! llvm-svn: 217461
* [analyzer] Don't crash if malloc() has an unexpected function prototype.Jordan Rose2014-09-051-4/+4
| | | | | | Patch by Daniel Fahlgren! llvm-svn: 217258
* unique_ptrify BugReporter::visitorsDavid Blaikie2014-09-045-17/+18
| | | | llvm-svn: 217205
* unique_ptr-ify PathDiagnosticPiece ownershipDavid Blaikie2014-08-292-17/+16
| | | | llvm-svn: 216751
* Fix representation of __attribute__((nonnull)) to support correctly modelingRichard Smith2014-08-271-0/+2
| | | | | | | | | | | | | | | the no-arguments case. Don't expand this to an __attribute__((nonnull(A, B, C))) attribute, since that does the wrong thing for function templates and varargs functions. In passing, fix a grammar error in the diagnostic, a crash if __attribute__((nonnull(N))) is applied to a varargs function, a bug where the same null argument could be diagnosed multiple times if there were multiple nonnull attributes referring to it, and a bug where nonnull attributes would not be accumulated correctly across redeclarations. llvm-svn: 216520
* [analyzer] Remove check covered by -Wobjc-missing-super-calls.Jordan Rose2014-08-221-39/+0
| | | | | | | | | The ObjCDealloc checker is currently disabled because it was too aggressive, but this is a good first step in getting it back to a useful state. Patch by David Kilzer! llvm-svn: 216272
* Objective-C. Warn if user has made explicit callFariborz Jahanian2014-08-221-0/+1
| | | | | | | to +initilize as this results in an extra call to this method. rdar://16628028 llvm-svn: 216271
* [analyzer] Don't warn on virtual calls in ctors to final methods.Benjamin Kramer2014-08-211-3/+10
| | | | | | | The call will never go to a more derived class, but that's intentional in those cases. llvm-svn: 216167
* [analyzer] UnixAPI: Check that the third argument to open(2) (if present) is ↵Jordan Rose2014-08-201-0/+9
| | | | | | | | an integer. Patch by Daniel Fahlgren. llvm-svn: 216079
* [analyzer] UnixAPI: Check when open(2) is called with more than three arguments.Jordan Rose2014-08-201-21/+36
| | | | | | Patch by Daniel Fahlgren. llvm-svn: 216078
* [analyzer] IdenticalExpr: don't try to compare integer literals with ↵Jordan Rose2014-08-201-1/+6
| | | | | | | | different widths. PR20659. Patch by Anders Rönnholm. llvm-svn: 216076
* [analyzer] IdenticalExpr: use getBytes rather than getString to compare ↵Jordan Rose2014-08-201-1/+1
| | | | | | | | string literals. PR20693. Patch by Anders Rönnholm. llvm-svn: 216075
* Header guard canonicalization, clang part.Benjamin Kramer2014-08-134-8/+8
| | | | | | Modifications made by clang-tidy with minor tweaks. llvm-svn: 215557
* [analyzer] Check for negative values used as the size of a C variable-length ↵Jordan Rose2014-08-121-2/+24
| | | | | | | | array. Patch by Daniel Fahlgren! llvm-svn: 215456
* [Analyzer] fix for PR19102Anton Yartsev2014-08-051-0/+41
| | | | | | Newly-created unconsumed instance is now assumed escaped if an invoked constructor has an argument of a pointer-to-record type. llvm-svn: 214909
* TestAfterDivZeroChecker.cpp: Avoid member initializer. It is unsupported in ↵NAKAMURA Takumi2014-07-111-2/+2
| | | | | | msc17. llvm-svn: 212789
* [analyzer] Check for code testing a variable for 0 after using it as a ↵Jordan Rose2014-07-103-0/+269
| | | | | | | | | | | | | | | | | | | denominator. This new checker, alpha.core.TestAfterDivZero, catches issues like this: int sum = ... int avg = sum / count; // potential division by zero... if (count == 0) { ... } // ...caught here Because the analyzer does not necessarily explore /all/ paths through a program, this check is restricted to only work on zero checks that immediately follow a division operation (/ % /= %=). This could later be expanded to handle checks dominated by a division operation but not necessarily in the same CFG block. Patch by Anders Rönnholm! (with very minor modifications by me) llvm-svn: 212731
* Track IntrusiveRefCntPtr::get() changes from LLVM r212366Alp Toker2014-07-051-4/+4
| | | | llvm-svn: 212369
* [analyzer] Check for NULL passed to CFAutorelease.Jordan Rose2014-06-211-6/+11
| | | | | | Patch by Sean McBride, tests adjusted by me. llvm-svn: 211453
* Fix a crash in Retain Count checker error reportingAnna Zaks2014-06-131-5/+18
| | | | | | | | | Fixes a crash in Retain Count checker error reporting logic by handing the allocation statement retrieval from a BlockEdge program point. Also added a simple CFG dump routine for debugging. llvm-svn: 210960
* Move the logic for testing for namespace std into one location. This check canRichard Trieu2014-05-281-1/+1
| | | | | | be performed by using Decl::isInStdNamespace or DeclContext::isStdNamespace llvm-svn: 209708
* [C++11] Use 'nullptr'. StaticAnalyzer edition.Craig Topper2014-05-2736-229/+239
| | | | llvm-svn: 209642
OpenPOWER on IntegriCloud