summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
* [static analyzer] Don't flag nil storage into NSMutableDictionary.Anna Zaks2015-11-111-2/+1
| | | | | | This is now allowed and has the behavior of removing the mapping. llvm-svn: 252679
* [analyzer] Add VforkChecker to find unsafe code in vforked process.Yury Gribov2015-11-064-9/+229
| | | | | | | | | | | | This checker looks for unsafe constructs in vforked process: function calls (excluding whitelist), memory write and returns. This was originally motivated by a vfork-related bug in xtables package. Patch by Yury Gribov. Differential revision: http://reviews.llvm.org/D14014 llvm-svn: 252285
* Fix some Clang-tidy modernize warnings, other minor fixes.Eugene Zelenko2015-11-041-3/+3
| | | | | | Differential revision: http://reviews.llvm.org/D14311 llvm-svn: 252081
* [analyzer] Add 'optin' checker package and move localizability checkers into it.Devin Coughlin2015-11-042-13/+44
| | | | | | | | | | | | | | | | | | | | | | This commit creates a new 'optin' top-level checker package and moves several of the localizability checkers into it. This package is for checkers that are not alpha and that would normally be on by default but where the driver does not have enough information to determine when they are applicable. The localizability checkers fit this criterion because the driver cannot determine whether a project is localized or not -- this is best determined at the IDE or build-system level. This new package is *not* intended for checkers that are too noisy to be on by default. The hierarchy under 'optin' mirrors that in 'alpha': checkers under 'optin' should be organized in the hierarchy they would have had if they were truly top level (e.g., optin.osx.cocoa.MyOptInChecker). Differential Revision: http://reviews.llvm.org/D14303 llvm-svn: 252080
* [analyzer] Move the ObjCGenericsChecker out of the alpha package.Devin Coughlin2015-11-031-4/+4
| | | | | | | It is now in the osx.cocoa package and so will be on by default for Apple toolchains. llvm-svn: 251966
* Support watchOS and tvOS driver optionsTim Northover2015-10-301-1/+2
| | | | | | | | This patch should add support for almost all command-line options and driver tinkering necessary to produce a correct "clang -cc1" invocation for watchOS and tvOS. llvm-svn: 251706
* Put global classes into the appropriate namespace.Benjamin Kramer2015-10-281-0/+2
| | | | | | | Most of the cases belong into an anonymous namespace. No functionality change intended. llvm-svn: 251514
* [analyzer] Assume escape is possible through system functions taking void*Anna Zaks2015-10-271-1/+1
| | | | | | | | | | | | | | | | | | The analyzer assumes that system functions will not free memory or modify the arguments in other ways, so we assume that arguments do not escape when those are called. However, this may lead to false positive leak errors. For example, in code like this where the pointers added to the rb_tree are freed later on: struct alarm_event *e = calloc(1, sizeof(*e)); <snip> rb_tree_insert_node(&alarm_tree, e); Add a heuristic to assume that calls to system functions taking void* arguments allow for pointer escape. llvm-svn: 251449
* [analyzer] Bug identificationGabor Horvath2015-10-222-0/+39
| | | | | | | | | | | | | | | | This patch adds hashes to the plist and html output to be able to identfy bugs for suppressing false positives or diff results against a baseline. This hash aims to be resilient for code evolution and is usable to identify bugs in two different snapshots of the same software. One missing piece however is a permanent unique identifier of the checker that produces the warning. Once that issue is resolved, the hashes generated are going to change. Until that point this feature is marked experimental, but it is suitable for early adoption. Differential Revision: http://reviews.llvm.org/D10305 Original patch by: Bence Babati! llvm-svn: 251011
* Roll-back r250822.Angel Garcia Gomez2015-10-201-1/+1
| | | | | | | | | | Summary: It breaks the build for the ASTMatchers Subscribers: klimek, cfe-commits Differential Revision: http://reviews.llvm.org/D13893 llvm-svn: 250827
* Apply modernize-use-default to clang.Angel Garcia Gomez2015-10-201-1/+1
| | | | | | | | | | | | Summary: Replace empty bodies of default constructors and destructors with '= default'. Reviewers: bkramer, klimek Subscribers: klimek, alexfh, cfe-commits Differential Revision: http://reviews.llvm.org/D13890 llvm-svn: 250822
* Fix Clang-tidy modernize-use-nullptr warnings in source directories; other ↵Hans Wennborg2015-10-061-8/+10
| | | | | | | | | | minor cleanups Patch by Eugene Zelenko! Differential Revision: http://reviews.llvm.org/D13406 llvm-svn: 249484
* SourceRanges are small and trivially copyable, don't them by reference.Craig Topper2015-10-041-2/+2
| | | | llvm-svn: 249259
* [analyzer] When memcpy'ing into a fixed-size array, do not invalidate entire ↵Devin Coughlin2015-09-241-7/+91
| | | | | | | | | | | | | | | | | | | | region. Change the analyzer's modeling of memcpy to be more precise when copying into fixed-size array fields. With this change, instead of invalidating the entire containing region the analyzer now invalidates only offsets for the array itself when it can show that the memcpy stays within the bounds of the array. This addresses false positive memory leak warnings of the kind reported by krzysztof in https://llvm.org/bugs/show_bug.cgi?id=22954 (This is the second attempt, now with assertion failures resolved.) A patch by Pierre Gousseau! Differential Revision: http://reviews.llvm.org/D12571 llvm-svn: 248516
* Drop useless const in for-range loops.Benjamin Kramer2015-09-241-1/+1
| | | | | | | | StringRefs always point to immutable memory so the const doesn't add value here. Also quiets clang's -Wrange-loop-analysis which warns about the implicit copying. llvm-svn: 248496
* [analyzer] Discard malloc-overflow bug-report when a known size is malloc'ed.Devin Coughlin2015-09-231-33/+101
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch ignores malloc-overflow bug in two cases: Case1: x = a/b; where n < b malloc (x*n); Then x*n will not overflow. Case2: x = a; // when 'a' is a known value. malloc (x*n); Also replaced isa with dyn_cast. Reject multiplication by zero cases in MallocOverflowSecurityChecker Currently MallocOverflowSecurityChecker does not catch cases like: malloc(n * 0 * sizeof(int)); This patch rejects such cases. Two test cases added. malloc-overflow2.c has an example inspired from a code in linux kernel where the current checker flags a warning while it should not. A patch by Aditya Kumar! Differential Revision: http://reviews.llvm.org/D9924 llvm-svn: 248446
* [analyzer] Improve localizability checks for iOS / OS X.Devin Coughlin2015-09-232-97/+707
| | | | | | | | | | | | | | | | | | | | Various improvements to the localization checker: * Adjusted copy to be consistent with diagnostic text in other Apple API checkers. * Added in ~150 UIKit / AppKit methods that require localized strings in UnlocalizedStringsChecker. * UnlocalizedStringChecker now checks for UI methods up the class hierarchy and UI methods that conform for a certain Objective-C protocol. * Added in alpha version of PluralMisuseChecker and some regression tests. False positives are still not ideal. (This is the second attempt, with the memory issues on Linux resolved.) A patch by Kulpreet Chilana! Differential Revision: http://reviews.llvm.org/D12417 llvm-svn: 248432
* Revert "[analyzer] Improve localizability checks for iOS / OS X."Devin Coughlin2015-09-232-707/+97
| | | | | | This reverts commit r248350. The pluralization checks are failing on some bots. llvm-svn: 248351
* [analyzer] Improve localizability checks for iOS / OS X.Devin Coughlin2015-09-222-97/+707
| | | | | | | | | | | | | | | | | | Various improvements to the localization checker: * Adjusted copy to be consistent with diagnostic text in other Apple API checkers. * Added in ~150 UIKit / AppKit methods that require localized strings in UnlocalizedStringsChecker. * UnlocalizedStringChecker now checks for UI methods up the class hierarchy and UI methods that conform for a certain Objective-C protocol. * Added in alpha version of PluralMisuseChecker and some regression tests. False positives are still not ideal. A patch by Kulpreet Chilana! Differential Revision: http://reviews.llvm.org/D12417 llvm-svn: 248350
* [analyzer] Make realloc(ptr, 0) handling equivalent to malloc(0).Devin Coughlin2015-09-221-13/+25
| | | | | | | | | | | | | | | | | | Currently realloc(ptr, 0) is treated as free() which seems to be not correct. C standard (N1570) establishes equivalent behavior for malloc(0) and realloc(ptr, 0): "7.22.3 Memory management functions calloc, malloc, realloc: If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object." The patch equalizes the processing of malloc(0) and realloc(ptr,0). The patch also enables unix.Malloc checker to detect references to zero-allocated memory returned by realloc(ptr,0) ("Use of zero-allocated memory" warning). A patch by Антон Ярцев! Differential Revision: http://reviews.llvm.org/D9040 llvm-svn: 248336
* [Static Analyzer] Fixed a false positive case in DynamicTypeChecker when ↵Gabor Horvath2015-09-181-0/+11
| | | | | | dealing with forward declarations. llvm-svn: 248065
* [Static Analyzer] General type checker based on dynamic type information.Gabor Horvath2015-09-184-52/+207
| | | | | | Differential Revision: http://reviews.llvm.org/D12973 llvm-svn: 248041
* [Static Analyzer] Use generics related information to infer dynamic types.Gabor Horvath2015-09-181-13/+31
| | | | | | Differential Revision: http://reviews.llvm.org/D12916 llvm-svn: 248002
* [Static Analyzer] Generics Checker: When an ObjC method returns a ↵Gabor Horvath2015-09-161-76/+136
| | | | | | | | specialized object, track it properly. Differential Revision: http://reviews.llvm.org/D12889 llvm-svn: 247861
* [analyzer] Add generateErrorNode() APIs to CheckerContext.Devin Coughlin2015-09-1642-102/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The analyzer trims unnecessary nodes from the exploded graph before reporting path diagnostics. However, in some cases it can trim all nodes (including the error node), leading to an assertion failure (see https://llvm.org/bugs/show_bug.cgi?id=24184). This commit addresses the issue by adding two new APIs to CheckerContext to explicitly create error nodes. Unless the client provides a custom tag, these APIs tag the node with the checker's tag -- preventing it from being trimmed. The generateErrorNode() method creates a sink error node, while generateNonFatalErrorNode() creates an error node for a path that should continue being explored. The intent is that one of these two methods should be used whenever a checker creates an error node. This commit updates the checkers to use these APIs. These APIs (unlike addTransition() and generateSink()) do not take an explicit Pred node. This is because there are not any error nodes in the checkers that were created with an explicit different than the default (the CheckerContext's Pred node). It also changes generateSink() to require state and pred nodes (previously these were optional) to reduce confusion. Additionally, there were several cases where checkers did check whether a generated node could be null; we now explicitly check for null in these places. This commit also includes a test case written by Ying Yi as part of http://reviews.llvm.org/D12163 (that patch originally addressed this issue but was reverted because it introduced false positive regressions). Differential Revision: http://reviews.llvm.org/D12780 llvm-svn: 247859
* [analyzer] Skip Pre/Post handlers for ObjC calls when receiver is nil.Devin Coughlin2015-09-152-13/+22
| | | | | | | | | | | | | | | | | | | | | | | | | In Objective-C, method calls with nil receivers are essentially no-ops. They do not fault (although the returned value may be garbage depending on the declared return type and architecture). Programmers are aware of this behavior and will complain about a false alarm when the analyzer diagnoses API violations for method calls when the receiver is known to be nil. Rather than require each individual checker to be aware of this behavior and suppress a warning when the receiver is nil, this commit changes ExprEngineObjC so that VisitObjCMessage skips calling checker pre/post handlers when the receiver is definitely nil. Instead, it adds a new event, ObjCMessageNil, that is only called in that case. The CallAndMessageChecker explicitly cares about this case, so I've changed it to add a callback for ObjCMessageNil and moved the logic in PreObjCMessage that handles nil receivers to the new callback. rdar://problem/18092611 Differential Revision: http://reviews.llvm.org/D12123 llvm-svn: 247653
* [Static Analyzer] Nullability checker optimization.Gabor Horvath2015-09-141-1/+6
| | | | | | Differential Revision: http://reviews.llvm.org/D12848 llvm-svn: 247612
* [Static Analyzer] Moving nullability checkers out of alpha.Gabor Horvath2015-09-141-2/+2
| | | | llvm-svn: 247595
* [Static Analyzer] Moving nullability checkers to a top level package.Gabor Horvath2015-09-142-12/+29
| | | | | | Differential Revision: http://reviews.llvm.org/D12852 llvm-svn: 247590
* [Static Analyzer] Remove a redundant file.Gabor Horvath2015-09-131-623/+0
| | | | llvm-svn: 247533
* [Static Analyzer] Merge the Objective-C Generics Checker into Dynamic Type ↵Gabor Horvath2015-09-133-20/+635
| | | | | | | | Propagation checker. Differential Revision: http://reviews.llvm.org/D12381 llvm-svn: 247532
* [Static Analyzer] Fixed a typo in a diagnostic message.Gabor Horvath2015-09-111-1/+1
| | | | llvm-svn: 247444
* [Static Analyzer] Properly clean up the dynamic type information for dead ↵Gabor Horvath2015-09-111-8/+25
| | | | | | | | regions. Differential Revision: http://reviews.llvm.org/D12767 llvm-svn: 247430
* [Static Analyzer] Minor cleanups for the nullability checker.Gabor Horvath2015-09-111-46/+40
| | | | | | Differential Revision: http://reviews.llvm.org/D12619 llvm-svn: 247423
* [Static Analyzer] Objective-C Generics Checker improvements.Gabor Horvath2015-09-082-150/+204
| | | | | | Differential Revision: http://reviews.llvm.org/D12701 llvm-svn: 247071
* [analyzer] Apply whitespace cleanups by Honggyu Kim.Ted Kremenek2015-09-0846-425/+425
| | | | llvm-svn: 246978
* [Static Analyzer] Remove sinks from nullability checks.Gabor Horvath2015-09-031-26/+146
| | | | | | Differential Revision: http://reviews.llvm.org/D12445 llvm-svn: 246818
* add __builtin_unpredictable and convert to metadataSanjay Patel2015-09-021-2/+3
| | | | | | | | | | | | | | | | | | | | | | | This patch depends on r246688 (D12341). The goal is to make LLVM generate different code for these functions for a target that has cheap branches (see PR23827 for more details): int foo(); int normal(int x, int y, int z) { if (x != 0 && y != 0) return foo(); return 1; } int crazy(int x, int y) { if (__builtin_unpredictable(x != 0 && y != 0)) return foo(); return 1; } Differential Revision: http://reviews.llvm.org/D12458 llvm-svn: 246699
* Revert r246345 until an assertion is fixed.Gabor Horvath2015-08-311-85/+7
| | | | llvm-svn: 246479
* [analyzer] When memcpy'ing into a fixed-size array, do not invalidate entire ↵Devin Coughlin2015-08-281-7/+85
| | | | | | | | | | | | | | | | | | region. Change the analyzer's modeling of memcpy to be more precise when copying into fixed-size array fields. With this change, instead of invalidating the entire containing region the analyzer now invalidates only offsets for the array itself when it can show that the memcpy stays within the bounds of the array. This addresses false positive memory leak warnings of the kind reported by krzysztof in https://llvm.org/bugs/show_bug.cgi?id=22954 A patch by Pierre Gousseau! Differential Revision: http://reviews.llvm.org/D11832 llvm-svn: 246345
* [Static Analyzer] Make NonNullParamChecker emit implicit null dereference ↵Gabor Horvath2015-08-273-21/+34
| | | | | | | | events. Differential Revision: http://reviews.llvm.org/D11433 llvm-svn: 246182
* [Static Analyzer] Checks to catch nullability related issues.Gabor Horvath2015-08-263-0/+864
| | | | | | Differential Revision: http://reviews.llvm.org/D11468 llvm-svn: 246105
* Add missing newline.Ted Kremenek2015-08-261-1/+1
| | | | llvm-svn: 246003
* [Static Analyzer] Fixed a typo in a diagnostic message.Gabor Horvath2015-08-251-1/+1
| | | | llvm-svn: 245949
* [OPENMP 4.0] Initial support for array sections.Alexey Bataev2015-08-252-0/+10
| | | | | | | | Adds parsing/sema analysis/serialization/deserialization for array sections in OpenMP constructs (introduced in OpenMP 4.0). Currently it is allowed to use array sections only in OpenMP clauses that accepts list of expressions. Differential Revision: http://reviews.llvm.org/D10732 llvm-svn: 245937
* [Static Analyzer] Add checker to catch lightweight generics related type ↵Gabor Horvath2015-08-213-0/+574
| | | | | | | | errors in Objective-C. Differential Revision: http://reviews.llvm.org/D11427 llvm-svn: 245646
* clangStaticAnalyzerCheckers: Update libdesp.NAKAMURA Takumi2015-08-151-0/+1
| | | | llvm-svn: 245145
* [analyzer] Add checkers for OS X / iOS localizability issuesAnna Zaks2015-08-143-0/+604
| | | | | | | | | | | | | | | Add checkers that detect code-level localizability issues for OS X / iOS: - A path sensitive checker that warns about uses of non-localized NSStrings passed to UI methods expecting localized strings. - A syntax checker that warns against not including a comment in NSLocalizedString macros. A patch by Kulpreet Chilana! (This is the second attempt with the compilation issue on Windows and the random test failures resolved.) llvm-svn: 245093
* Wdeprecated: Make the SecKeychainBugVisitor copyable (for the clone support ↵David Blaikie2015-08-131-1/+0
| | | | | | | | | in the CRTP base) my removing the user-declared dtor The implicit dtor is just as good, and avoid suppressing implicit copy/move ops. llvm-svn: 244981
* Wdeprecated: BugReporterVisitors are copied for cloning ↵David Blaikie2015-08-131-3/+2
| | | | | | | | | | (BugReporterVisitorImpl), make sure such copies are safe Make the copy/move ctors defaulted in the base class and make the derived classes final to avoid any intermediate hierarchy slicing if these types were further derived. llvm-svn: 244979
OpenPOWER on IntegriCloud