summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] tracking stores/constraints now works for ObjC ivars or struct ↵Ted Kremenek2013-02-241-0/+8
| | | | | | | | | | | | | | | | | | | | | | | fields. This required more changes than I originally expected: - ObjCIvarRegion implements "canPrintPretty" et al - DereferenceChecker indicates the null pointer source is an ivar - bugreporter::trackNullOrUndefValue() uses an alternate algorithm to compute the location region to track by scouring the ExplodedGraph. This allows us to get the actual MemRegion for variables, ivars, fields, etc. We only hand construct a VarRegion for C++ references. - ExplodedGraph no longer drops nodes for expressions that are marked 'lvalue'. This is to facilitate the logic in the previous bullet. This may lead to a slight increase in size in the ExplodedGraph, which I have not measured, but it is likely not to be a big deal. I have validated each of the changed plist output. Fixes <rdar://problem/12114812> llvm-svn: 175988
* Add "KnownSVal" to represent SVals that cannot be UnknownSVal.Ted Kremenek2013-02-241-4/+4
| | | | | | | This provides a few sundry cleanups, and allows us to provide a compile-time check for a case that was a runtime assertion. llvm-svn: 175987
* Remove the CFGElement "Invalid" state.David Blaikie2013-02-233-10/+10
| | | | | | | | | | | | | Use Optional<CFG*> where invalid states were needed previously. In the one case where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy CFGAutomaticObjDtor. Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek and Doug Gregor. Post commit code review feedback on r175796 by Ted Kremenek. llvm-svn: 175938
* Add back implicitly dropped const.David Blaikie2013-02-211-1/+1
| | | | | | | (found due to incoming improvements to llvm::cast machinery that will error on this sort of mistake) llvm-svn: 175817
* Replace ProgramPoint llvm::cast support to be well-defined.David Blaikie2013-02-2110-32/+29
| | | | | | See r175462 for another example/more details. llvm-svn: 175812
* Replace CFGElement llvm::cast support to be well-defined.David Blaikie2013-02-213-8/+8
| | | | | | See r175462 for another example/more details. llvm-svn: 175796
* Avoid implicit conversions of Optional<T> to bool.David Blaikie2013-02-211-1/+1
| | | | | | | This is a precursor to making Optional<T>'s operator bool 'explicit' when building Clang & LLVM as C++11. llvm-svn: 175722
* Use None rather than Optional<T>() where possible.David Blaikie2013-02-211-1/+1
| | | | llvm-svn: 175705
* Include llvm::Optional in clang/Basic/LLVM.hDavid Blaikie2013-02-2014-66/+54
| | | | | | Post-commit CR feedback from Jordan Rose regarding r175594. llvm-svn: 175679
* Remove redundant Optional type in favor of llvm::OptionalDavid Blaikie2013-02-201-24/+4
| | | | llvm-svn: 175678
* Replace SVal llvm::cast support to be well-defined.David Blaikie2013-02-2023-185/+189
| | | | | | See r175462 for another example/more details. llvm-svn: 175594
* Disable dead stores checker for template instantations. Fixes ↵Ted Kremenek2013-02-181-0/+9
| | | | | | <rdar://problem/13213575>. llvm-svn: 175425
* objective-C: synthesize properties in order of theirFariborz Jahanian2013-02-141-1/+2
| | | | | | | | declarations to synthesize their ivars in similar determinstic order so they are laid out in a determinstic order. // rdar://13192366 llvm-svn: 175214
* Remove some stray uses of <ctype.h> functions.Jordan Rose2013-02-091-1/+2
| | | | | | These are causing assertions on some MSVC builds. llvm-svn: 174805
* [analyzer] Invalidation checker: move the "missing implementation" checkAnna Zaks2013-02-091-12/+13
| | | | | | | | | | | | The missing definition check should be in the same category as the missing ivar validation - in this case, the intent is to invalidate in the given class, as described in the declaration, but the implementation does not perform the invalidation. Whereas the MissingInvalidationMethod checker checks the cases where the method intention is not to invalidate. The second checker has potential to have a much higher false positive rate. llvm-svn: 174787
* [analyzer] Move DefaultBool so that all checkers can share it.Anna Zaks2013-02-082-14/+0
| | | | llvm-svn: 174782
* [analyzer] Split IvarInvalidation into two checkersAnna Zaks2013-02-082-45/+91
| | | | | | | Separate the checking for the missing invalidation methods into a separate checker so that it can be turned on/off independently. llvm-svn: 174781
* [analyzer] IvarInvalidation: refactor, pull out the diagnostic printingAnna Zaks2013-02-081-49/+69
| | | | llvm-svn: 174780
* [analyzer] IvarInvalidation: add annotation for partial invalidationAnna Zaks2013-02-081-39/+78
| | | | | | | | | | | The new annotation allows having methods that only partially invalidate IVars and might not be called from the invalidation methods directly (instead, are guaranteed to be called before the invalidation occurs). The checker is going to trust the programmer to call the partial invalidation method before the invalidator.This is common in cases when partial object tear down happens before the death of the object. llvm-svn: 174779
* [analyzer] Report bugs when freeing memory with offset pointerAnna Zaks2013-02-071-20/+71
| | | | | | | | | | | | | | | | | The malloc checker will now catch the case when a previously malloc'ed region is freed, but the pointer passed to free does not point to the start of the allocated memory. For example: int *p1 = malloc(sizeof(int)); p1++; free(p1); // warn From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry in the list of potential checkers. A patch by Branden Archer! llvm-svn: 174678
* [analyzer] Add pointer escape type param to checkPointerEscape callbackAnna Zaks2013-02-073-7/+19
| | | | | | | | | | | | | | The checkPointerEscape callback previously did not specify how a pointer escaped. This change includes an enum which describes the different ways a pointer may escape. This enum is passed to the checkPointerEscape callback when a pointer escapes. If the escape is due to a function call, the call is passed. This changes previous behavior where the call is passed as NULL if the escape was due to indirectly invalidating the region the pointer referenced. A patch by Branden Archer! llvm-svn: 174677
* [analyzer]RetainCount: Fix an autorelease related false positive.Anna Zaks2013-01-311-1/+1
| | | | | | | The Cnt variable is adjusted (incremented) for simplification of checking logic. The increment should not be stored in the state. llvm-svn: 174104
* [analyzer] Don't track autorelease pools created by +new.Jordan Rose2013-01-311-14/+2
| | | | | | | | | | | | | This matches our behavior for autorelease pools created by +alloc. Some people like to create autorelease pools in one method and release them somewhere else. If you want safe autorelease pool semantics, use the new ARC-compatible syntax: @autoreleasepool { ... } <rdar://problem/13121353> llvm-svn: 174096
* [analyzer] Track null object lvalues back through C++ method calls.Jordan Rose2013-01-261-0/+2
| | | | | | | | | | The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'. We emit an error if 'a' is NULL, but previously didn't actually track the null value back through the 'a->b' expression, which caused us to miss important false-positive-suppression cases, including <rdar://problem/12676053>. llvm-svn: 173547
* [analyzer] bugreporter::getDerefExpr now takes a Stmt, not an ExplodedNode.Jordan Rose2013-01-261-2/+2
| | | | | | | This allows it to be used in places where the interesting statement doesn't match up with the current node. No functionality change. llvm-svn: 173546
* Add missing null check. Not sure why my tests passed before.Ted Kremenek2013-01-231-4/+6
| | | | llvm-svn: 173292
* Honor attribute 'analyzer_noreturn' on Objective-C methods.Ted Kremenek2013-01-231-0/+7
| | | | | | | | | This isn't likely a full solution, but it catches the common cases and can be refined over time. Fixes <rdar://problem/11634353>. llvm-svn: 173291
* [analyzer] DirectIvarAssignment: allow suppression annotation on Ivars.Anna Zaks2013-01-171-7/+17
| | | | llvm-svn: 172766
* Implement C++11 semantics for [[noreturn]] attribute. This required splittingRichard Smith2013-01-171-1/+1
| | | | | | | | it apart from [[gnu::noreturn]] / __attribute__((noreturn)), since their semantics are not equivalent (for instance, we treat [[gnu::noreturn]] as affecting the function type, whereas [[noreturn]] does not). llvm-svn: 172691
* Rework the traversal of Objective-C categories and extensions toDouglas Gregor2013-01-162-7/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | consider (sub)module visibility. The bulk of this change replaces myriad hand-rolled loops over the linked list of Objective-C categories/extensions attached to an interface declaration with loops using one of the four new category iterator kinds: visible_categories_iterator: Iterates over all visible categories and extensions, hiding any that have their "hidden" bit set. This is by far the most commonly used iterator. known_categories_iterator: Iterates over all categories and extensions, ignoring the "hidden" bit. This tends to be used for redeclaration-like traversals. visible_extensions_iterator: Iterates over all visible extensions, hiding any that have their "hidden" bit set. known_extensions_iterator: Iterates over all extensions, whether they are visible to normal name lookup or not. The effect of this change is that any uses of the visible_ iterators will respect module-import visibility. See the new tests for examples. Note that the old accessors for categories and extensions are gone; there are *Raw() forms for some of them, for those (few) areas of the compiler that have to manipulate the linked list of categories directly. This is generally discouraged. Part two of <rdar://problem/10634711>. llvm-svn: 172665
* [analyzer] Add an annotation to allow suppression of direct ivarAnna Zaks2013-01-161-0/+18
| | | | | | assignment llvm-svn: 172597
* [analyzer] Fix warning typo.Anna Zaks2013-01-161-2/+2
| | | | llvm-svn: 172596
* [analyzer] Refactor: parameter rename.Anna Zaks2013-01-162-2/+2
| | | | llvm-svn: 172595
* [analyzer] -drain is not an alias for -release.Jordan Rose2013-01-141-4/+0
| | | | | | | | | | | This was previously added to support -[NSAutoreleasePool drain], which behaves like -release under non-GC and "please collect" under GC. We're not currently modeling the autorelease pool stack, though, so we can just take this out entirely. Fixes PR14927. llvm-svn: 172444
* Remove useless 'llvm::' qualifier from names like StringRef and others that areDmitri Gribenko2013-01-129-17/+17
| | | | | | brought into 'clang' namespace by clang/Basic/LLVM.h llvm-svn: 172323
* [analyzer] Rename the warning: state the issue before the hint of how itAnna Zaks2013-01-111-6/+5
| | | | | | can be fixed llvm-svn: 172170
* [analyzer]Recognize ivar invalidation protocol even if it was redeclaredAnna Zaks2013-01-111-2/+2
| | | | | | This will get rid of some false positives as well as false negatives. llvm-svn: 172169
* [analyzer] Ivar invalidation: track ivars declared in categories.Anna Zaks2013-01-111-7/+15
| | | | llvm-svn: 172168
* [analyzer] Allow IvarInvalidation checker to suppress warnings viaAnna Zaks2013-01-101-6/+14
| | | | | | | | | | | | assertions. To ensure that custom assertions/conditional would also be supported, just check if the ivar that needs to be invalidated or set to nil is compared against 0. Unfortunately, this will not work for code containing 'assert(IvarName)' llvm-svn: 172147
* [analyzer] Fix non-determinizm introduced in r172104.Anna Zaks2013-01-101-17/+29
| | | | | | | | In some cases, we just pick any ivar that needs invalidation and attach the warning to it. Picking the first from DenseMap of pointer keys was triggering non-deterministic output. llvm-svn: 172134
* [analyzer] Add more checks to the ObjC Ivar Invalidation checker.Anna Zaks2013-01-101-57/+118
| | | | | | | | | | | | | | Restructured the checker so that it could easily find two new classes of issues: - when a class contains an invalidatable ivar, but no declaration of an invalidation method - when a class contains an invalidatable ivar, but no definition of an invalidation method in the @implementation. The second case might trigger some false positives, for example, when the method is defined in a category. llvm-svn: 172104
* [analyzer] Include the bug uniqueing location in the issue_hash.Anna Zaks2013-01-082-28/+37
| | | | | | | | | | | | | | | The issue here is that if we have 2 leaks reported at the same line for which we cannot print the corresponding region info, they will get treated as the same by issue_hash+description. We need to AUGMENT the issue_hash with the allocation info to differentiate the two issues. Add the "hash" (offset from the beginning of a function) representing allocation site to solve the issue. We might want to generalize solution in the future when we decide to track more than just the 2 locations from the diagnostics. llvm-svn: 171825
* [analyzer] Fix a false positive in Secure Keychain API checker.Anna Zaks2013-01-072-8/+10
| | | | | | | | | Better handle the blacklisting of known bad deallocators when symbol escapes through a call to CFStringCreateWithBytesNoCopy. Addresses radar://12702952. llvm-svn: 171770
* [analyzer] Fix a false positive in the ivar invalidation checker.Anna Zaks2013-01-071-1/+3
| | | | | | | | | When a property is "inherited" through both a parent class and directly through a protocol, we should not require the child to invalidate it since the backing ivar belongs to the parent class. (Fixes radar://12913734) llvm-svn: 171769
* NSErrorChecker: remove quoting the parameter name in the diagnostic until we ↵Ted Kremenek2013-01-041-11/+8
| | | | | | | | | | actually include it's name. This is a possible regression of moving to using ImplicitNullDerefEvent. Fixing this for real (including the parameter name) requires more plumbing in ImplicitNullDerefEvent. This is just a stop gap fix. llvm-svn: 171502
* Tighten code. No functionality change.Ted Kremenek2013-01-041-7/+7
| | | | llvm-svn: 171501
* Make MallocChecker debug output useful.Ted Kremenek2013-01-031-2/+22
| | | | llvm-svn: 171439
* [analyzer] Rename callback EndPath -> EndFunctionAnna Zaks2013-01-034-14/+14
| | | | | | | This better reflects when callback is called and what the checkers are relying on. (Both names meant the same pre-IPA.) llvm-svn: 171432
* Fix typo: objc_no_direct_instance_variable_assignmemt => ↵Ted Kremenek2012-12-222-3/+3
| | | | | | | | objc_no_direct_instance_variable_assignment. Fixes <rdar://problem/12927551>. llvm-svn: 170971
* [analyzer] Convert SimpleStreamChecker to use the PointerEscape callbackAnna Zaks2012-12-221-80/+16
| | | | | | The new callback greatly simplifies the checker. llvm-svn: 170969
OpenPOWER on IntegriCloud