summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Finish size argument checking for strncat (and strncpy).Jordy Rose2011-06-201-30/+80
| | | | llvm-svn: 133472
* [analyzer] Replace stream-built error message with constant string. No ↵Jordy Rose2011-06-201-5/+4
| | | | | | functionality change. llvm-svn: 133410
* [analyzer] Re-enable checking for strncpy, along with a new validation of ↵Jordy Rose2011-06-201-9/+32
| | | | | | the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...) llvm-svn: 133408
* [analyzer] Eliminate "byte string function" from CStringChecker's ↵Jordy Rose2011-06-201-30/+67
| | | | | | diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking. llvm-svn: 133406
* [analyzer] Clean up modeling of strcmp, including cases where a string ↵Jordy Rose2011-06-161-41/+85
| | | | | | literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function. llvm-svn: 133154
* [analyzer] Fix trivial errors in previous commit.Jordy Rose2011-06-161-2/+3
| | | | | | | | I will not commit without building first. I will not commit without building first. I will not commit without building first... llvm-svn: 133150
* [analyzer] Cleanup: mainly 80-char violations and preferring ↵Jordy Rose2011-06-161-9/+12
| | | | | | SValBuilder::getComparisonType() to just referencing IntTy. llvm-svn: 133149
* Automatic Reference Counting.John McCall2011-06-152-7/+19
| | | | | | | | | | Language-design credit goes to a lot of people, but I particularly want to single out Blaine Garst and Patrick Beard for their contributions. Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself, in no particular order. llvm-svn: 133103
* [analyzer] Revise CStringChecker's modelling of strcpy() and strcat():Jordy Rose2011-06-151-51/+239
| | | | | | | | | | | | | | | - (bounded copies) Be more conservative about how much is being copied. - (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it. - (stpcpy) Fix the conjured return value at the end to actually be returned. This requires these supporting changes: - C string metadata symbols are still live even when buried in a SymExpr. - "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.) - The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager. This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list! llvm-svn: 133046
* [analyzer] If a C string length is UnknownVal, clear any existing length ↵Jordy Rose2011-06-151-3/+7
| | | | | | binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway. llvm-svn: 133044
* [analyzer] CStringChecker checks functions in the C standard library, not ↵Jordy Rose2011-06-141-4/+4
| | | | | | C++. Its external name is now unix.experimental.CString. llvm-svn: 132958
* [analyzer] Change large if body to early return. No functionality change.Jordy Rose2011-06-141-77/+78
| | | | llvm-svn: 132956
* [analyzer] Fix modeling of strnlen to be more conservative. Move tests we ↵Jordy Rose2011-06-141-23/+89
| | | | | | can't properly model (yet?) to string-fail.c. llvm-svn: 132955
* [analyzer] Change an indent-if to an early return. No functionality change.Jordy Rose2011-06-041-39/+39
| | | | llvm-svn: 132618
* [analyzer] Don't crash when copying an unknown number of bytes with ↵Jordy Rose2011-06-041-11/+25
| | | | | | memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside. llvm-svn: 132617
* [analyzer] Remove extra assignment that actually lost a few of the assumptions.Jordy Rose2011-06-041-1/+0
| | | | llvm-svn: 132614
* [analyzer] Fix comment for (still-disabled) evalStrncpyJordy Rose2011-06-041-1/+1
| | | | llvm-svn: 132608
* [analyzer] Fix handling of "copy zero bytes" for memcpy and friends.Jordy Rose2011-06-041-5/+2
| | | | llvm-svn: 132607
* [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)Jordy Rose2011-06-031-1/+1
| | | | llvm-svn: 132605
* Modify some deleted function methods to better reflect reality:Alexis Hunt2011-05-061-1/+1
| | | | | | | | | | | | | | | | | | | | - New isDefined() function checks for deletedness - isThisDeclarationADefinition checks for deletedness - New doesThisDeclarationHaveABody() does what isThisDeclarationADefinition() used to do - The IsDeleted bit is not propagated across redeclarations - isDeleted() now checks the canoncial declaration - New isDeletedAsWritten() does what it says on the tin. - isUserProvided() now correct (thanks Richard!) This fixes the bug that we weren't catching void foo() = delete; void foo() {} as being a redefinition. llvm-svn: 131013
* Removing strncpy() checking in CString checker for now. Some significant ↵Lenny Maiorani2011-05-031-1/+1
| | | | | | changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. llvm-svn: 130758
* Augment retain/release checker to not warn about tracked objects passed as ↵Ted Kremenek2011-05-021-0/+2
| | | | | | arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. llvm-svn: 130711
* Implements strncasecmp() checker and simplifies some of the logic around ↵Lenny Maiorani2011-05-021-22/+16
| | | | | | creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). llvm-svn: 130708
* Move the SelfInit checker to the 'cocoa.experimental' package.Ted Kremenek2011-04-301-4/+4
| | | | llvm-svn: 130598
* Use StringRef::substr() and unbounded StringRef::compare() instead of ↵Lenny Maiorani2011-04-281-1/+8
| | | | | | bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed. llvm-svn: 130425
* Eliminates an assert in the strncpy/strncat checker caused by not validating ↵Lenny Maiorani2011-04-281-0/+7
| | | | | | | | a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced. This fixes Bugzilla #9806. llvm-svn: 130422
* Implements strcasecmp() checker in Static Analyzer.Lenny Maiorani2011-04-281-6/+27
| | | | llvm-svn: 130398
* More accurately model realloc() when the size argument is 0. realloc() with ↵Lenny Maiorani2011-04-271-11/+27
| | | | | | | | a size of 0 is equivalent to free(). The memory region should be marked as free and not used again. Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks! llvm-svn: 130303
* Allow 'Environment::getSVal()' to allow an optional way for checkers to do a ↵Ted Kremenek2011-04-271-1/+6
| | | | | | | | direct lookup to values bound to expressions, without resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression. llvm-svn: 130292
* Implements the strncmp() checker just like the strcmp() checker, but with ↵Lenny Maiorani2011-04-251-2/+32
| | | | | | bounds. Requires LLVM svn r129582. llvm-svn: 130161
* Remove unused STL header includes.Jay Foad2011-04-231-1/+0
| | | | llvm-svn: 130068
* Make the VariadicMethodTypeChecker accept block pointers as Objective-C ↵Anders Carlsson2011-04-191-0/+4
| | | | | | pointers. Fixes PR9746. llvm-svn: 129741
* Support for C++11 (non-template) alias declarations.Richard Smith2011-04-152-2/+2
| | | | llvm-svn: 129567
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-152-2/+2
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
* Teach VariadicMethodTypeChecker to not crash when processing methods ↵Ted Kremenek2011-04-121-1/+2
| | | | | | declared in protocols. llvm-svn: 129395
* Fix another IdempotentOperationsChecker corner case when determining if an ↵Ted Kremenek2011-04-121-1/+1
| | | | | | | | active block on the worklist impacts the results of the check. llvm-svn: 129394
* ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the ↵Ted Kremenek2011-04-121-19/+42
| | | | | | 0-index of a symbolic region. In many cases that isn't really the base offset. llvm-svn: 129366
* This patch adds modeling of strcmp() to the CString checker. Validates ↵Lenny Maiorani2011-04-121-0/+83
| | | | | | inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. llvm-svn: 129364
* strcat() and strncat() model additions to CStringChecker.Lenny Maiorani2011-04-091-9/+64
| | | | | | Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value. llvm-svn: 129215
* Add security syntax checker for strcat() which causes the Static Analyzer to ↵Lenny Maiorani2011-04-051-57/+91
| | | | | | | | generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. Also, brings the security syntax checker more inline with coding standards. llvm-svn: 128916
* Refactoring the security checker a little bit so that each CallExpr check ↵Lenny Maiorani2011-04-031-60/+44
| | | | | | doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later. llvm-svn: 128785
* Remove a redundant method. We have a const version.Zhongxing Xu2011-04-021-0/+1
| | | | llvm-svn: 128762
* Teach IdempotentOperationsChecker about paths aborted because ExprEngine ↵Ted Kremenek2011-04-022-8/+17
| | | | | | didn't know how to handle a specific Expr type. llvm-svn: 128761
* static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that ↵Ted Kremenek2011-04-022-2/+2
| | | | | | a given CFGBlock was analyzed too many times. llvm-svn: 128760
* Add security syntax checker for strcpy() which causes the Static Analyzer to ↵Lenny Maiorani2011-03-311-0/+54
| | | | | | generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. llvm-svn: 128679
* Adding Static Analyzer checker for mempcpy().Lenny Maiorani2011-03-311-9/+73
| | | | | | Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied. llvm-svn: 128677
* Fix spelling in a comment. (test commit)Lenny Maiorani2011-03-311-1/+1
| | | | llvm-svn: 128670
* [analyzer] Allow all checkers of a group to be enabled.Argyrios Kyrtzidis2011-03-291-2/+3
| | | | llvm-svn: 128512
* [analyzer] For -analyzer-checker-help show all the info about groups, ↵Argyrios Kyrtzidis2011-03-292-5/+110
| | | | | | packages, and which packages/checkers are hidden. llvm-svn: 128511
* [analyzer] Checker Packages can now belong to a group. This requires llvm ↵Argyrios Kyrtzidis2011-03-291-30/+18
| | | | | | commit r128474. llvm-svn: 128475
OpenPOWER on IntegriCloud