summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Add ObjCLoopChecker: objects from NSArray et al are non-nil.Jordan Rose2012-06-112-0/+78
| | | | | | | | | | | | While collections containing nil elements can still be iterated over in an Objective-C for-in loop, the most common Cocoa collections -- NSArray, NSDictionary, and NSSet -- cannot contain nil elements. This checker adds that assumption to the analyzer state. This was the cause of some minor false positives concerning CFRelease calls on objects in an NSArray. llvm-svn: 158319
* [analyzer] When looking for a known class, only traverse the hierarchy once.Jordan Rose2012-06-111-48/+50
| | | | | | | | | This has a small hit in the case where only one class is interesting (NilArgChecker) but is a big improvement when looking for one of several interesting classes (VariadicMethodTypeChecker), in which the most common case is that there is no match. llvm-svn: 158318
* [analyzer] MallocSizeofChecker false positive: when sizeof is argumentAnna Zaks2012-06-081-5/+0
| | | | | | | | | | | | | | to addition. We should not to warn in case the malloc size argument is an addition containing 'sizeof' operator - it is common to use the pattern to pack values of different sizes into a buffer. Ex: uint8_t *buffer = (uint8_t*)malloc(dataSize + sizeof(length)); llvm-svn: 158219
* [analyzer] Anti-aliasing: different heap allocations do not aliasAnna Zaks2012-06-071-5/+13
| | | | | | | | | | | | Add a concept of symbolic memory region belonging to heap memory space. When comparing symbolic regions allocated on the heap, assume that they do not alias. Use symbolic heap region to suppress a common false positive pattern in the malloc checker, in code that relies on malloc not returning the memory aliased to other malloc allocations, stack. llvm-svn: 158136
* Revert Decl's iterators back to pointer value_type rather than reference ↵David Blaikie2012-06-064-8/+8
| | | | | | | | | | | | | | value_type In addition, I've made the pointer and reference typedef 'void' rather than T* just so they can't get misused. I would've omitted them entirely but std::distance likes them to be there even if it doesn't use them. This rolls back r155808 and r155869. Review by Doug Gregor incorporating feedback from Chandler Carruth. llvm-svn: 158104
* Remove unused private member variables found by clang's new ↵Benjamin Kramer2012-06-063-38/+19
| | | | | | -Wunused-private-field. llvm-svn: 158086
* Disable path pruning for UndefResultChecker. It turns out we usually want ↵Ted Kremenek2012-06-061-0/+2
| | | | | | | | to see more of the path to discover how a value was used uninitialized. llvm-svn: 158048
* Fix typos found by http://github.com/lyda/misspell-checkBenjamin Kramer2012-06-022-3/+3
| | | | llvm-svn: 157886
* Disable diagnosic path pruning for ReturnUndefChecker.Ted Kremenek2012-06-011-0/+1
| | | | llvm-svn: 157851
* [analyzer] Fix BugType memory leak in IdempotentOperationChecker.Tom Care2012-05-311-1/+4
| | | | llvm-svn: 157772
* Allow some BugReports to opt-out of PathDiagnostic callstack pruning until ↵Ted Kremenek2012-05-314-0/+4
| | | | | | | | | we have significantly improved the pruning heuristics. The current heuristics are pretty good, but they make diagnostics for uninitialized variables warnings particularly useless in some cases. llvm-svn: 157734
* Replace some custom hash combines with the standard stuff from DenseMapInfo.Benjamin Kramer2012-05-271-8/+5
| | | | llvm-svn: 157531
* [analyzer] Minor cleanup to checkers' help text.Anna Zaks2012-05-241-4/+4
| | | | llvm-svn: 157402
* [analyzer] Malloc checker: remove unnecessary comparisons.Anna Zaks2012-05-181-16/+10
| | | | llvm-svn: 157081
* [analyzer]Malloc: refactor and report use after free by memoryAnna Zaks2012-05-181-10/+57
| | | | | | allocating functions. llvm-svn: 157037
* [analyzer] Introduce clang_analyzer_eval for regression test constraint checks.Jordy Rose2012-05-163-0/+90
| | | | | | | | | | The new debug.ExprInspection checker looks for calls to clang_analyzer_eval, and emits a warning of TRUE, FALSE, or UNKNOWN (or UNDEFINED) based on the constrained value of its (boolean) argument. It does not modify the analysis state though the conditions tested can result in branches (e.g. through the use of short-circuit operators). llvm-svn: 156919
* [analyzer] Fix a regression in ObjCUnusedIVars checker.Anna Zaks2012-05-151-0/+9
| | | | | | | We can no longer rely on children iterator to visit all the AST tree children of an expression (OpaqueValueExpr has no children). llvm-svn: 156870
* [analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.Jordy Rose2012-05-141-0/+18
| | | | | | | | | | We check the address of the last element accessed, but with 0 calculating that address results in element -1. This patch bails out early (and avoids a bunch of other work at that). Fixes PR12807. llvm-svn: 156769
* [analyzer] RetainCountChecker: track ObjC boxed expression objects.Jordy Rose2012-05-121-0/+45
| | | | llvm-svn: 156699
* [analyzer] Do not highlight the range of the statement in case of leak.Anna Zaks2012-05-101-8/+24
| | | | | | | | | | We report a leak at a point a leaked variable is no longer accessible. The statement that happens to be at that point is not relevant to the leak diagnostic and, thus, should not be highlighted. radar://11178519 llvm-svn: 156530
* [analyzer] SelfInit: Stop tracking self if it's assigned a value weAnna Zaks2012-05-081-1/+25
| | | | | | | | | | | | | | don't reason about. Self is just like a local variable in init methods, so it can be assigned anything like result of static functions, other methods ... So to suppress false positives that result in such cases, stop tracking the checker-specific state after self is being assigned to (unless the value is't being assigned to is either self or conforms to our rules). This change does not invalidate any existing regression tests. llvm-svn: 156420
* Teach the static analyzer that NSLog() and friends do not hold on to object ↵Ted Kremenek2012-05-081-0/+6
| | | | | | references (thus extending their lifetime). llvm-svn: 156346
* [analyzer]Turn on MallocSizeOfChecker by default; shorten the diagnosticAnna Zaks2012-05-072-8/+7
| | | | llvm-svn: 156341
* [analyzer]Fixup r156215: use StopTracking summary instead of ScratchArgsAnna Zaks2012-05-071-4/+2
| | | | | | | As per Jordy's and Ted's comment, use the default StopTracking summary instead of adding all arguments to ScratchArs. llvm-svn: 156310
* [analyzer] RetainCountChecker: Allow objects to escape through callbacksAnna Zaks2012-05-041-8/+20
| | | | | | Fixes radar://10973977. llvm-svn: 156215
* [analyzer] Allow pointers escape through calls containing callback args.Anna Zaks2012-05-031-0/+10
| | | | | | | (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) llvm-svn: 156134
* [analyzer] CString Checker: Do not split the path unless the userAnna Zaks2012-05-031-1/+2
| | | | | | | | | | specifically checks for equality to null. Enforcing this general practice, which keeps the analyzer less noisy, in the CString Checker. This change suppresses "Assigned value is garbage or undefined" warning in the added test case. llvm-svn: 156085
* [analyzer] RetainRelease: Self assignment should not suppress a leakAnna Zaks2012-05-021-1/+5
| | | | | | warning. llvm-svn: 155966
* [analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker.Anna Zaks2012-05-021-1/+16
| | | | llvm-svn: 155963
* Teach RetainCountchecker about IORegistryEntrySearchCFProperty returning ↵Ted Kremenek2012-05-011-0/+1
| | | | | | retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap. llvm-svn: 155887
* malloc size checker: Ignore const'ness of pointer types when determining of ↵Ted Kremenek2012-05-011-1/+24
| | | | | | | | a sizeof() type is compatible with a pointed type. Fixes <rdar://problem/11292586>. llvm-svn: 155864
* Remove the ref/value inconsistency in filter_decl_iterator.David Blaikie2012-04-304-12/+12
| | | | | | | | | | | | | filter_decl_iterator had a weird mismatch where both op* and op-> returned T* making it difficult to generalize this filtering behavior into a reusable library of any kind. This change errs on the side of value, making op-> return T* and op* return T&. (reviewed by Richard Smith) llvm-svn: 155808
* Teach RetainCountChecker that it doesn't quite understand ↵Ted Kremenek2012-04-261-3/+3
| | | | | | pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>. llvm-svn: 155613
* [analyzer] Fix a false alarm in SelfInitChecker (radar://11235991).Anna Zaks2012-04-161-5/+20
| | | | | | Along with it, fix a couple of other corner cases and add more tests. llvm-svn: 154866
* [analyzer] Don't crash even when the system functions are redefined.Anna Zaks2012-04-103-7/+72
| | | | | | | | | | (Applied changes to CStringAPI, Malloc, and Taint.) This might almost never happen, but we should not crash even if it does. This fixes a crash on the internal analyzer buildbot, where postgresql's configure was redefining memmove (radar://11219852). llvm-svn: 154451
* Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that ↵Ted Kremenek2012-04-061-4/+4
| | | | | | | | | | | | | | | | | | when we generate a new ExplodedNode we use the same Expr* as the one being currently visited. This is preparation for transitioning to having ProgramPoints refer to CFGStmts. This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact, as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but it will look a lot cleaner when were start using CFGStmt* in the appropriate places. As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed. I have audited these, and they look reasonable. llvm-svn: 154214
* [analyzer] Check that the arguments to NSOrderedSet creation methods are ↵Jordy Rose2012-04-061-0/+12
| | | | | | | | valid ObjC objects. Patch by Sean McBride! llvm-svn: 154194
* Require that all static analyzer issues have a category. As part of this ↵Ted Kremenek2012-04-0512-13/+39
| | | | | | | | | | change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. llvm-svn: 154121
* Teach ObjCContainersChecker that the array passed to CFArrayGetValueAtIndex ↵Ted Kremenek2012-04-051-3/+6
| | | | | | might not be a symbolic value. llvm-svn: 154083
* Look through chains of 'x = y = z' when employing silencing heuristics in ↵Ted Kremenek2012-04-041-8/+30
| | | | | | | | the DeadStoresChecker. Fixes <rdar://problem/11185138>. llvm-svn: 154040
* Include the "issue context" (e.g. function or method) where a static ↵Ted Kremenek2012-04-0415-49/+68
| | | | | | | | analyzer issue occurred in the plist output. Fixes <rdar://problem/11004527> llvm-svn: 154030
* Analyzer: Store BugReports directly in a ilist instead of adding another ↵Benjamin Kramer2012-04-011-1/+1
| | | | | | layer of inderection with std::list llvm-svn: 153847
* [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.Anna Zaks2012-03-302-0/+12
| | | | | | | | Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. llvm-svn: 153731
* [analyzer] Refactor: Use Decl when determining if the Block belongs toAnna Zaks2012-03-281-7/+6
| | | | | | | | the root function. (This is a bit cleaner then using the StackFrame.) llvm-svn: 153580
* [analyzer] Stats checker: minor interprocedural tweaks.Anna Zaks2012-03-271-15/+20
| | | | | | | | | Report root function name with exhausted block diagnostic. Also, use stack frames, not just any location context when checking if the basic block is in the same context. llvm-svn: 153532
* Change RetainCountChecker to eagerly "escape" retained objects when they areTed Kremenek2012-03-271-0/+6
| | | | | | | | | | | | assigned to a struct. This is fallout from inlining results, which expose far more patterns where people stuff CF objects into structs and pass them around (and we can reason about it). The problem is that we don't have a general way to detect when values have escaped, so as an intermediate step we need to eagerly prune out such tracking. Fixes <rdar://problem/11104566>. llvm-svn: 153489
* [analyzer] Malloc: Allow a pointer to escape through OSAtomicEnqueue.Anna Zaks2012-03-261-1/+2
| | | | llvm-svn: 153453
* [analyzer] Tighten up the realloc() failure path note generation...make sure ↵Jordy Rose2012-03-241-22/+31
| | | | | | we get the right realloc()! llvm-svn: 153370
* [analyzer] Restart path diagnostic generation if any of the visitors change ↵Jordy Rose2012-03-241-4/+0
| | | | | | | | | | the report configuration while walking the path. This required adding a change count token to BugReport, but also allowed us to ditch ImmutableList as the BugReporterVisitor data type. Also, remove the hack from MallocChecker, now that visitors appear in the opposite order. This is not exactly a fix, but the common case -- custom diagnostics after generic ones -- is now the default behavior. llvm-svn: 153369
* [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able ↵Jordy Rose2012-03-243-3/+13
| | | | | | to reset diagnostic generation. llvm-svn: 153368
OpenPOWER on IntegriCloud