summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Add LocationContext information to SymbolMetadata.Artem Dergachev2016-08-171-0/+1
| | | | | | | | | | | | | | | | | | | | | Like SymbolConjured, SymbolMetadata also needs to be uniquely identified by the moment of its birth. Such moments are coded by the (Statement, LocationContext, Block count) triples. Each such triple represents the moment of analyzing a statement with a certain call backtrace, with corresponding CFG block having been entered a given amount of times during analysis of the current code body. The LocationContext information was accidentally omitted for SymbolMetadata, which leads to reincarnation of SymbolMetadata upon re-entering a code body with a different backtrace; the new symbol is incorrectly unified with the old symbol, which leads to unsound assumptions. Patch by Alexey Sidorin! Differential Revision: https://reviews.llvm.org/D21978 llvm-svn: 278937
* StaticAnalyzer: Report found fields order in PaddingCheckerSaleem Abdulrasool2016-08-151-22/+36
| | | | | | | | Report the found fields order in PaddingChecker. Patch by Alexander Shaposhnikov! llvm-svn: 278730
* Revert test commitAlexander Droste2016-08-121-1/+0
| | | | llvm-svn: 278534
* Test commit - first LLVM repo commitAlexander Droste2016-08-121-0/+1
| | | | llvm-svn: 278533
* [analyzer] Teach RetainCountChecker about CVFooRetainDevin Coughlin2016-08-111-4/+6
| | | | | | | | | | | | Change the retain count checker to treat CoreFoundation-style "CV"-prefixed reference types from CoreVideo similarly to CoreGraphics types. With this change, we treat CVFooRetain() on a CVFooRef type as a retain. CVFooRelease() APIs are annotated as consuming their parameter, so this change prevents false positives about incorrect decrements of reference counts. <rdar://problem/27116090> llvm-svn: 278382
* [analyzer] Update two comments in MPI-Checker. NFC.Devin Coughlin2016-08-022-7/+4
| | | | | | | | | | Correct two comments that do not match the current behavior of the checker. A patch by Alexander Droste! Differential Revision: https://reviews.llvm.org/D22670 llvm-svn: 277547
* [analyzer] Update APIs taking user-facing strings.Devin Coughlin2016-07-301-6/+22
| | | | | | | | | | | Add new APIs that require localized strings and remove two APIs that were incorrectly marked as requiring a user-facing string. A patch by Kulpreet Chilana! Differential Revision: https://reviews.llvm.org/D22926 llvm-svn: 277273
* [analyzer] Fix misleading indentation in ObjCDeallocChecker. NFC.Devin Coughlin2016-07-281-1/+1
| | | | llvm-svn: 277009
* [analyzer] Add check::BeginFunction to CheckerDocumentation checks. NFC.Devin Coughlin2016-07-281-0/+1
| | | | | | This was an oversight from when I added BeginFunction support in r261293. llvm-svn: 276950
* [analyzer] Hotfix for build failure due to declaration shadowing in r276782.Artem Dergachev2016-07-261-3/+3
| | | | | | | CloneDetector member variable is shadowing the class with the same name, which causes build failures on some platforms. llvm-svn: 276791
* [analyzer] Add basic capabilities to detect source code clones.Artem Dergachev2016-07-262-0/+97
| | | | | | | | | | | | | | | | | | | | | This patch adds the CloneDetector class which allows searching source code for clones. For every statement or group of statements within a compound statement, CloneDetector computes a hash value, and finds clones by detecting identical hash values. This initial patch only provides a simple hashing mechanism that hashes the kind of each sub-statement. This patch also adds CloneChecker - a simple static analyzer checker that uses CloneDetector to report copy-pasted code. Patch by Raphael Isemann! Differential Revision: https://reviews.llvm.org/D20795 llvm-svn: 276782
* MPI-Checker: move MPIFunctionClassifier.hAlexander Kornienko2016-07-255-106/+10
| | | | | | | | | | | | | | | | Summary: This patch moves the MPIFunctionClassifier header to `clang/include/clang/StaticAnalyzer/Checkers`, in order to make it accessible in other parts of the architecture. Reviewers: dcoughlin, zaks.anna Subscribers: alexfh, cfe-commits Patch by Alexander Droste! Differential Revision: https://reviews.llvm.org/D22671 llvm-svn: 276639
* [analyzer] Add checker modeling potential C++ self-assignmentDevin Coughlin2016-07-212-0/+63
| | | | | | | | | | | | | | | | | | | | | This checker checks copy and move assignment operators whether they are protected against self-assignment. Since C++ core guidelines discourages explicit checking for `&rhs==this` in general we take a different approach: in top-frame analysis we branch the exploded graph for two cases, where &rhs==this and &rhs!=this and let existing checkers (e.g. unix.Malloc) do the rest of the work. It is important that we check all copy and move assignment operator in top frame even if we checked them already since self-assignments may happen undetected even in the same translation unit (e.g. using random indices for an array what may or may not be the same). This reapplies r275820 after fixing a string-lifetime issue discovered by the bots. A patch by Ádám Balogh! Differential Revision: https://reviews.llvm.org/D19311 llvm-svn: 276365
* [NFC] Header cleanupMehdi Amini2016-07-187-10/+3
| | | | | | | | | | Summary: Removed unused headers, replaced some headers with forward class declarations Patch by: Eugene <claprix@yandex.ru> Differential Revision: https://reviews.llvm.org/D20100 llvm-svn: 275882
* Revert "[analyzer] Add checker modeling potential C++ self-assignment"Devin Coughlin2016-07-182-63/+0
| | | | | | This reverts commit r275820. It is failing on the bots. llvm-svn: 275880
* [analyzer] Add checker modeling potential C++ self-assignmentDevin Coughlin2016-07-182-0/+63
| | | | | | | | | | | | | | | | | | This checker checks copy and move assignment operators whether they are protected against self-assignment. Since C++ core guidelines discourages explicit checking for `&rhs==this` in general we take a different approach: in top-frame analysis we branch the exploded graph for two cases, where &rhs==this and &rhs!=this and let existing checkers (e.g. unix.Malloc) do the rest of the work. It is important that we check all copy and move assignment operator in top frame even if we checked them already since self-assignments may happen undetected even in the same translation unit (e.g. using random indices for an array what may or may not be the same). A patch by Ádám Balogh! Differential Revision: https://reviews.llvm.org/D19311 llvm-svn: 275820
* [analyzer] Implement a methond to discover origin region of a symbol.Artem Dergachev2016-07-132-18/+2
| | | | | | | | | | | | | This encourages checkers to make logical decisions depending on value of which region was the symbol under consideration introduced to denote. A similar technique is already used in a couple of checkers; they were modified to call the new method. Differential Revision: http://reviews.llvm.org/D22242 llvm-svn: 275290
* [analyzer] Older version of GCC 4.7 crash on lambdas in default arguments.Benjamin Kramer2016-07-091-8/+9
| | | | llvm-svn: 274975
* [analyzer] Rewrite manual erase loop using remove_if.Benjamin Kramer2016-07-091-15/+14
| | | | | | No functionality change intended. llvm-svn: 274974
* DeadStoresChecker: Don't warn about dead stores into volatile variablesStephan Bergmann2016-06-241-0/+2
| | | | llvm-svn: 273689
* Use more ArrayRefsDavid Majnemer2016-06-242-3/+3
| | | | | | No functional change is intended, just a small refactoring. llvm-svn: 273647
* [analyzer] Teach ObjCDeallocChecker about XCTestCaseDevin Coughlin2016-06-221-9/+11
| | | | | | | | | | | Like with SenTestCase, subclasses of XCTestCase follow a "tear down" idiom to release instance variables and so typically do not release ivars in -dealloc. This commit applies the existing special casing for SenTestCase to XCTestCase as well. rdar://problem/25884696 llvm-svn: 273441
* MPIBugReporter.h: Fix a warning. [-Wdocumentation]NAKAMURA Takumi2016-06-131-1/+1
| | | | llvm-svn: 272534
* [analyzer] Remove some list initialization from MPI Checker to make MSVC ↵Devin Coughlin2016-06-132-19/+19
| | | | | | | | | | bots happy. This is a speculative attempt to fix the compiler error: "list initialization inside member initializer list or non-static data member initializer is not implemented" with r272529. llvm-svn: 272530
* [analyzer] Add checker to verify the correct usage of the MPI APIDevin Coughlin2016-06-138-0/+975
| | | | | | | | | | | | | | | | | | | | | This commit adds a static analysis checker to verify the correct usage of the MPI API in C and C++. This version updates the reverted r271981 to fix a memory corruption found by the ASan bots. Three path-sensitive checks are included: - Double nonblocking: Double request usage by nonblocking calls without intermediate wait - Missing wait: Nonblocking call without matching wait. - Unmatched wait: Waiting for a request that was never used by a nonblocking call Examples of how to use the checker can be found at https://github.com/0ax1/MPI-Checker A patch by Alexander Droste! Reviewers: zaks.anna, dcoughlin Differential Revision: http://reviews.llvm.org/D21081 llvm-svn: 272529
* Prune away some unused using decls. NFC.Benjamin Kramer2016-06-081-1/+0
| | | | | | Found by clang's misc-unused-using-decls. llvm-svn: 272156
* Revert "[analyzer] Reapply r271907 (2nd try)."Devin Coughlin2016-06-078-981/+0
| | | | | | | | Even with the fix in r271981, ASan is finding a stack use after return. This reverts commits r271977 and r271981. llvm-svn: 271984
* [analyzer] Speculative fix for r271907.Devin Coughlin2016-06-071-1/+1
| | | | | | | | Fix a compilation error on the bots involving brace initialization. Differential Revision: http://reviews.llvm.org/D12761 llvm-svn: 271981
* [analyzer] Reapply r271907 (2nd try).Devin Coughlin2016-06-078-0/+981
| | | | | | | | | | | | | | Second try at reapplying "[analyzer] Add checker for correct usage of MPI API in C and C++." Special thanks to Dan Liew for helping test the fix for the template specialization compiler error with gcc. The original patch is by Alexander Droste! Differential Revision: http://reviews.llvm.org/D12761 llvm-svn: 271977
* Revert "Reapply "[analyzer] Add checker for correct usage of MPI API in C ↵Devin Coughlin2016-06-068-981/+0
| | | | | | | | and C++."" This reverts commit r271914. It is still breaking bots. llvm-svn: 271920
* Reapply "[analyzer] Add checker for correct usage of MPI API in C and C++."Devin Coughlin2016-06-068-0/+981
| | | | | | | | | Reapply r271907 with a fix for the compiler error with gcc about specializing clang::ento::ProgramStateTrait in a different namespace. Differential Revision: http://reviews.llvm.org/D12761 llvm-svn: 271914
* Revert "[analyzer] Add checker for correct usage of MPI API in C and C++."Devin Coughlin2016-06-068-979/+0
| | | | | | | This reverts commit r271907. It broke a bunch of bots with compile errors about specializations in different namespaces. llvm-svn: 271909
* [analyzer] Add checker for correct usage of MPI API in C and C++.Devin Coughlin2016-06-068-0/+979
| | | | | | | | | | | | | | | | | | | | | | | | This commit adds a static analysis checker to check for the correct usage of the MPI API in C and C++. 3 path-sensitive checks are included: - Double nonblocking: Double request usage by nonblocking calls without intermediate wait. - Missing wait: Nonblocking call without matching wait. - Unmatched wait: Waiting for a request that was never used by a nonblocking call. Examples of how to use the checker can be found at https://github.com/0ax1/MPI-Checker Reviewers: zaks.anna A patch by Alexander Droste! Differential Revision: http://reviews.llvm.org/D12761 llvm-svn: 271907
* Apply clang-tidy's misc-move-constructor-init throughout Clang.Benjamin Kramer2016-05-275-6/+11
| | | | | | No functionality change intended, maybe a tiny performance improvement. llvm-svn: 270996
* [Analyzer] Correct stack address escape diagnosticSean Eveson2016-05-261-1/+6
| | | | | | | | | | | | | | | | | | Summary: Leaking a stack address via a static variable refers to it in the diagnostic as a 'global'. This patch corrects the diagnostic for static variables. Patch by Phil Camp, SN Systems Reviewers: dcoughlin, zaks.anna Subscribers: xazax.hun, cfe-commits Differential Revision: http://reviews.llvm.org/D19866 Patch by Phil Camp llvm-svn: 270849
* [analyzer] Fix for PR23790 : constrain return value of strcmp() rather than ↵Anton Yartsev2016-05-191-17/+20
| | | | | | | | | | returning a concrete value. The function strcmp() can return any value, not just {-1,0,1} : "The strcmp(const char *s1, const char *s2) function returns an integer greater than, equal to, or less than zero, accordingly as the string pointed to by s1 is greater than, equal to, or less than the string pointed to by s2." [C11 7.24.4.2p3] https://llvm.org/bugs/show_bug.cgi?id=23790 http://reviews.llvm.org/D16317 llvm-svn: 270154
* [analyzer] Fix crash in ObjCGenericsCheckerDevin Coughlin2016-05-111-0/+25
| | | | | | | | | | | | | | | Fix a crash in the generics checker where DynamicTypePropagation tries to get the superclass of a root class. This is a spot-fix for a deeper issue where the checker makes assumptions that may not hold about subtyping between the symbolically-tracked type of a value and the compile-time types of a cast on that value. I've added a TODO to address the underlying issue. rdar://problem/26086914 llvm-svn: 269227
* [analyzer] Add path note for localizability checker.Devin Coughlin2016-04-281-0/+64
| | | | | | | | | Add a path note indicating the location of the non-localized string literal in NonLocalizedStringChecker. rdar://problem/25981525 llvm-svn: 267924
* [analyzer] Move Checkers.inc to clang/include/...Chih-Hung Hsieh2016-04-284-658/+2
| | | | | | | | Simplify sharing of Checkers.inc with other files like ClangTidy.cpp. Differential Revision: http://reviews.llvm.org/19393 llvm-svn: 267832
* [analyzer] Let TK_PreserveContents span across the whole base region.Artem Dergachev2016-04-251-1/+1
| | | | | | | | | | | | If an address of a field is passed through a const pointer, the whole structure's base region should receive the TK_PreserveContents trait and avoid invalidation. Additionally, include a few FIXME tests shown up during testing. Differential Revision: http://reviews.llvm.org/D19057 llvm-svn: 267413
* [analyzer] Nullability: Suppress diagnostic on bind with cast.Devin Coughlin2016-04-131-6/+28
| | | | | | | | | | | | | | Update the nullability checker to allow an explicit cast to nonnull to suppress a warning on an assignment of nil to a nonnull: id _Nonnull x = (id _Nonnull)nil; // no-warning This suppression as already possible for diagnostics on returns and function/method arguments. rdar://problem/25381178 llvm-svn: 266219
* [analyzer] Nullability: Treat nil _Nonnull ivar as invariant violation.Devin Coughlin2016-04-131-14/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Treat a _Nonnull ivar that is nil as an invariant violation in a similar fashion to how a nil _Nonnull parameter is treated as a precondition violation. This avoids warning on defensive returns of nil on defensive internal checks, such as the following common idiom: @class InternalImplementation @interface PublicClass { InternalImplementation * _Nonnull _internal; } -(id _Nonnull)foo; @end @implementation PublicClass -(id _Nonnull)foo { if (!_internal) return nil; // no-warning return [_internal foo]; } @end rdar://problem/24485171 llvm-svn: 266157
* [analyzer] Nullability: Suppress return diagnostics in inlined functions.Devin Coughlin2016-04-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The nullability checker can sometimes miss detecting nullability precondition violations in inlined functions because the binding for the parameter that violated the precondition becomes dead before the return: int * _Nonnull callee(int * _Nonnull p2) { if (!p2) // p2 becomes dead here, so binding removed. return 0; // warning here because value stored in p2 is symbolic. else return p2; } int *caller(int * _Nonnull p1) { return callee(p1); } The fix, which is quite blunt, is to not warn about null returns in inlined methods/functions. This won’t lose much coverage for ObjC because the analyzer always analyzes each ObjC method at the top level in addition to inlined. It *will* lose coverage for C — but there aren’t that many codebases with C nullability annotations. rdar://problem/25615050 llvm-svn: 266109
* Remove redundant conditions of the form (A || (!A && B)) -> (A || B)Benjamin Kramer2016-04-111-2/+1
| | | | | | Found by cppcheck! PR27286 PR27287 PR27288 PR27289 llvm-svn: 265918
* [analyzer] Nullability: Don't warn along paths where null returned from ↵Devin Coughlin2016-03-281-55/+79
| | | | | | | | | | | | | | | | non-null. Change the nullability checker to not warn along paths where null is returned from a method with a non-null return type, even when the diagnostic for this return has been suppressed. This prevents warning from methods with non-null return types that inline methods that themselves return nil but that suppressed the diagnostic. Also change the PreconditionViolated state component to be called "InvariantViolated" because it is set when a post-condition is violated, as well. rdar://problem/25393539 llvm-svn: 264647
* [analyzer] Add CIFIlter modeling to DeallocChecker.Devin Coughlin2016-03-251-10/+56
| | | | | | | | | | | | | | | | | | | | The -dealloc method in CIFilter is highly unusual in that it will release instance variables belonging to its *subclasses* if the variable name starts with "input" or backs a property whose name starts with "input". Subclasses should not release these ivars in their own -dealloc method -- doing so could result in an over release. Before this commit, the DeallocChecker would warn about missing releases for such "input" properties -- which could cause users of the analyzer to add over releases to silence the warning. To avoid this, DeallocChecker now treats CIFilter "input-prefixed" ivars as MustNotReleaseDirectly and so will not require a release. Further, it will now warn when such an ivar is directly released in -dealloc. rdar://problem/25364901 llvm-svn: 264463
* [analyzer] Fix typo s/initalize/initialize/Chih-Hung Hsieh2016-03-231-1/+1
| | | | | | Differential Revision: http://reviews.llvm.org/D18363 llvm-svn: 264164
* StaticAnalyzer: Avoid an unintentional copyJustin Bogner2016-03-221-1/+1
| | | | | | | | | | The range here isn't over references, so using `auto &` here incites a copy. Switching to `auto *` would do, but we might as well list an explicit type for clarity. Found by -Wrange-loop-analysis. llvm-svn: 264071
* [analyzer] Fix missed leak from MSVC specific allocation functionsAnna Zaks2016-03-081-13/+23
| | | | | | | | | | | | Add the wide character strdup variants (wcsdup, _wcsdup) and the MSVC version of alloca (_alloca) and other differently named function used by the Malloc checker. A patch by Alexander Riccio! Differential Revision: http://reviews.llvm.org/D17688 llvm-svn: 262894
* [analyzer] Nullability: add option to not report on calls to system headers.Devin Coughlin2016-03-051-2/+25
| | | | | | | | | | | | | | Add an -analyzer-config 'nullability:NoDiagnoseCallsToSystemHeaders' option to the nullability checker. When enabled, this option causes the analyzer to not report about passing null/nullable values to functions and methods declared in system headers. This option is motivated by the observation that large projects may have many nullability warnings. These projects may find warnings about nullability annotations that they have explicitly added themselves higher priority to fix than warnings on calls to system libraries. llvm-svn: 262763
OpenPOWER on IntegriCloud