summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] MallocChecker Cleanup - harden against crashes, fix an errorAnna Zaks2012-02-101-12/+23
| | | | | | (use of return instead of continue), wording. llvm-svn: 150215
* Remove unused fun.Benjamin Kramer2012-02-091-1/+0
| | | | llvm-svn: 150172
* [analyzer] MallocChecker: address a diagnostic "fixme".Anna Zaks2012-02-091-11/+11
| | | | llvm-svn: 150158
* [analyzer] Add custom path diagnostic to the Malloc Checker.Anna Zaks2012-02-091-1/+77
| | | | | | | Very simple so far - we just highlight every allocation and release site. llvm-svn: 150156
* [analyzer] MallocChecker cleanup, more tests.Anna Zaks2012-02-091-1/+0
| | | | llvm-svn: 150155
* [analyzer] MallocChecker: implement pessimistic version of the checker,Anna Zaks2012-02-081-29/+62
| | | | | | | | | | | | which allows values to escape through unknown calls. Assumes all calls but the malloc family are unknown. Also, catch a use-after-free when a pointer is passed to a function after a call to free (previously, you had to explicitly dereference the pointer value). llvm-svn: 150112
* [analyzer] Split the MallocChecker into two versions - pessimistic andAnna Zaks2012-02-082-4/+22
| | | | | | | | | | | | optimistic. TODO: actually implement the pessimistic version of the checker. Ex: it needs to assume that any function that takes a pointer might free it. The optimistic version relies on annotations to tell us which functions can free the pointer. llvm-svn: 150111
* [analyzer] MallocChecker: convert from using evalCall toAnna Zaks2012-02-081-36/+33
| | | | | | | | | post visit of CallExpr. In general, we should avoid using evalCall as it leads to interference with other checkers. llvm-svn: 150086
* Revert my patches which removed Diagnostic.h includes by moving some ↵Benjamin Kramer2012-02-075-5/+0
| | | | | | | | | | | | | | | | | | operator overloads out of line. This seems to negatively affect compile time onsome ObjC tests (which use a lot of partial diagnostics I assume). I have to come up with a way to keep them inline without including Diagnostic.h everywhere. Now adding a new diagnostic requires a full rebuild of e.g. the static analyzer which doesn't even use those diagnostics. This reverts commit 6496bd10dc3a6d5e3266348f08b6e35f8184bc99. This reverts commit 7af19b817ba964ac560b50c1ed6183235f699789. This reverts commit fdd15602a42bbe26185978ef1e17019f6d969aa7. This reverts commit 00bd44d5677783527d7517c1ffe45e4d75a0f56f. This reverts commit ef9b60ffed980864a8db26ad30344be429e58ff5. llvm-svn: 150006
* Print NamedDecls directly to a raw_ostream where possible.Benjamin Kramer2012-02-072-4/+4
| | | | llvm-svn: 149982
* Switch the ObjC*Decl raw_stream overloads to take a reference, for ↵Benjamin Kramer2012-02-071-2/+2
| | | | | | consistency with NamedDecls. llvm-svn: 149981
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-072-12/+77
| | | | | | separately. llvm-svn: 149947
* Add basic BugReporter support for CallEnter/CallExit. WIP.Ted Kremenek2012-02-071-0/+7
| | | | llvm-svn: 149939
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-0523-41/+41
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-0536-65/+65
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-0421-2/+21
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-0410-0/+10
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* [analyzer] Make sure Containers OutOfBounds checker does not crash on ↵Anna Zaks2012-02-041-20/+14
| | | | | | undefined arguments, when CF functions are called with wrong number of arguments. llvm-svn: 149771
* [analyzer] Turn on by default two checkers:Anna Zaks2012-02-041-11/+12
| | | | | | | - osx.coreFoundation.containers.IndexOutOfBounds - osx.cocoa.SelfInit llvm-svn: 149747
* [analyzer] Minor cleanups to the ObjCSelfInitChecker.Anna Zaks2012-02-043-17/+7
| | | | | | (Also renames in other ObjC checkers to create one category of checks.) llvm-svn: 149745
* [analyzer] Fix a false positive in the CFArrayCreate check that surfacesAnna Zaks2012-02-021-1/+10
| | | | | | | | | | the the code like this (due to x and &x being the same value but different size): void* x[] = { ptr1, ptr2, ptr3 }; CFArrayCreate(NULL, (const void **) &x, count, NULL); llvm-svn: 149579
* Fix an assertion failure in isMacOSXVersionLT for IOS targets.Bob Wilson2012-01-311-4/+3
| | | | | | | Check if the triple OS is IOS instead of checking for arm/thumb architectures and check that before calling isMacOSXVersionLT. llvm-svn: 149454
* [analyzer] Add checks for common anti-patterns in strncat.Anna Zaks2012-01-313-4/+203
| | | | | | | (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407
* [analyzer] Change the warning to suggest 'strlcat/strlcpy' asAnna Zaks2012-01-311-2/+2
| | | | | | replacements for 'starcat/strcpy' instead of 'strncat/strncpy'. llvm-svn: 149406
* Convert checker over to using ProgramStateRef.Ted Kremenek2012-01-311-4/+4
| | | | llvm-svn: 149319
* [analyzer] Rename the checker as per Ted's comment. Remove the referenceAnna Zaks2012-01-301-4/+6
| | | | | | from the driver. llvm-svn: 149276
* [analyzer] Make osx.cocos.CFContainersSyntax a default checker.Anna Zaks2012-01-301-4/+4
| | | | llvm-svn: 149258
* [analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.Anna Zaks2012-01-303-0/+166
| | | | llvm-svn: 149228
* StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers ↵Benjamin Kramer2012-01-284-1/+4
| | | | | | that don't care about the language don't have to pull in all the headers. llvm-svn: 149178
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-2639-318/+318
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* StaticAnalyzer/Checkers: Fix CMake build.NAKAMURA Takumi2012-01-261-1/+1
| | | | llvm-svn: 149009
* [analyzer] Add an AST checker that checks for a common pitfall whenAnna Zaks2012-01-263-0/+168
| | | | | | | | | | | using CFArrayCreate & family. Specifically, CFArrayCreate's input should be: 'A C array of the pointer-sized values to be in the new array.' (radar://10717339) llvm-svn: 149008
* [analyzer] Add more C taint sources/sinks.Anna Zaks2012-01-241-22/+45
| | | | llvm-svn: 148844
* [analyzer] It's possible to have a non PointerType expression evaluate to a ↵Anna Zaks2012-01-211-2/+2
| | | | | | Loc value. When this happens, use the default type. llvm-svn: 148631
* [analyzer] Make VLA checker taint aware. Anna Zaks2012-01-213-34/+65
| | | | | | Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later). llvm-svn: 148626
* More dead code removal (using -Wunreachable-code)David Blaikie2012-01-202-4/+0
| | | | llvm-svn: 148577
* [analyzer] Add taint awareness to DivZeroChecker.Anna Zaks2012-01-201-11/+26
| | | | llvm-svn: 148566
* Reenable DeadStoresChecker under --analyze, and move the ↵Ted Kremenek2012-01-201-4/+3
| | | | | | IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>. llvm-svn: 148533
* Implement checker that looks for calls to mktemps and friends that have ↵Ted Kremenek2012-01-202-3/+107
| | | | | | fewer than 6 Xs. Implements <rdar://problem/6336672>. llvm-svn: 148531
* Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure ↵Ted Kremenek2012-01-202-10/+86
| | | | | | | | | APIs. Now multiple checks are exposed as separate checkers, but CheckerManager only creates one Checker object. llvm-svn: 148525
* [analyzer] Add socket API as a source of taint.Anna Zaks2012-01-201-0/+27
| | | | llvm-svn: 148518
* [analyzer] Refactor: prePropagateTaint ->Anna Zaks2012-01-181-43/+27
| | | | | | | | | TaintPropagationRule::process(). Also remove the "should be a pointer argument" warning - should be handled elsewhere. llvm-svn: 148372
* [analyzer] Taint: warn when tainted data is used to specify a bufferAnna Zaks2012-01-181-4/+62
| | | | | | | | | | size (Ex: in malloc, memcpy, strncpy..) (Maybe some of this could migrate to the CString checker. One issue with that is that we might want to separate security issues from regular API misuse.) llvm-svn: 148371
* [analyzer] Taint: add taint propagation rules for string and memory copyAnna Zaks2012-01-181-53/+111
| | | | | | functions. llvm-svn: 148370
* Remove unreachable code in Clang. (replace with llvm_unreachable where ↵David Blaikie2012-01-171-6/+1
| | | | | | appropriate or when GCC requires it) llvm-svn: 148292
* Remove unnecessary default cases in switches over enums.David Blaikie2012-01-173-6/+0
| | | | | | This allows -Wswitch-enum to find switches that need updating when these enums are modified. llvm-svn: 148281
* [analyzer] Taint: generalize taint propagation to simplify adding moreAnna Zaks2012-01-171-4/+128
| | | | | | taint propagation functions. llvm-svn: 148266
* [analyzer] Taint: add system and popen as undesirable sinks for taintAnna Zaks2012-01-141-20/+77
| | | | | | data. llvm-svn: 148176
* [analyzer] Taint: when looking up a binding, provide the type.Anna Zaks2012-01-131-1/+4
| | | | llvm-svn: 148080
* [analyzer] Rename Store::Retrieve() -> getBinding().Anna Zaks2012-01-122-2/+2
| | | | | | + all the other Retrieve..() methods + a comment for ElementRegion. llvm-svn: 148011
OpenPOWER on IntegriCloud