summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [Analyzer] Iterator Checker - Part 8: Support for assign, clear, insert, ↵Adam Balogh2018-09-101-2/+354
| | | | | | | | | | emplace and erase operations This patch adds support for the following operations in the iterator checkers: assign, clear, insert, insert_after, emplace, emplace_after, erase and erase_after. This affects mismatched iterator checks ("this" and parameter must match) and invalidation checks (according to the standard). Differential Revision: https://reviews.llvm.org/D32904 llvm-svn: 341794
* [Analyzer] Iterator Checker - Part 7: Support for push and pop operationsAdam Balogh2018-09-101-0/+312
| | | | | | | | This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_front, pop_back and pop_front. This affects iterator range checks (range is extended after push and emplace and reduced after pop operations) and invalidation checks (according to the standard). Differential Revision: https://reviews.llvm.org/D32902 llvm-svn: 341793
* [Analyzer] Iterator Checker - Part 6: Mismatched iterator checker for ↵Adam Balogh2018-09-101-1/+60
| | | | | | | | | | constructors and comparisons Extension of the mismatched iterator checker for constructors taking range of first..last (first and last must be iterators of the same container) and also for comparisons of iterators of different containers (one does not compare iterators of different containers, since the set of iterators is partially ordered, there are no relations between iterators of different containers, except that they are always non-equal). Differential Revision: https://reviews.llvm.org/D32860 llvm-svn: 341792
* [Analyzer] Iterator Checker - Part 5: Move Assignment of ContainersAdam Balogh2018-09-101-6/+153
| | | | | | | | If a container is moved by its move assignment operator, according to the standard all their iterators except the past-end iterators remain valid but refer to the new container. This patch introduces support for this case in the iterator checkers. Differential Revision: https://reviews.llvm.org/D32859 llvm-svn: 341791
* [Analyzer] Iterator Checker - Part 4: Mismatched iterator checker for ↵Adam Balogh2018-09-101-1/+116
| | | | | | | | | | function parameters New check added to the checker which checks whether iterator parameters of template functions typed by the same template parameter refer to the same container. Differential Revision: https://reviews.llvm.org/D32845 llvm-svn: 341790
* [analyzer] InnerPointerChecker: Fix a segfault when checking symbolic strings.Artem Dergachev2018-08-301-0/+3
| | | | | | | | | | Return value of dyn_cast_or_null should be checked before use. Otherwise we may put a null pointer into the map as a key and eventually crash in checkDeadSymbols. Differential Revision: https://reviews.llvm.org/D51385 llvm-svn: 341092
* [analyzer] Improve tracing for uninitialized struct fieldsGeorge Karpenkov2018-08-291-0/+2
| | | | | | | | rdar://13729267 Differential Revision: https://reviews.llvm.org/D51323 llvm-svn: 340986
* [analyzer] CFRetainReleaseChecker: Don't check C++ methods with the same name.Artem Dergachev2018-08-291-61/+28
| | | | | | | | | | | Don't try to understand what's going on when there's a C++ method called eg. CFRetain(). Refactor the checker a bit, to use more modern APIs. Differential Revision: https://reviews.llvm.org/D50866 llvm-svn: 340982
* [analyzer] Resolve the crash in ReturnUndefCheckerGeorge Karpenkov2018-08-291-0/+1
| | | | | | | | | | | By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965
* [analyzer] [NFC] Move class definition out of the functionGeorge Karpenkov2018-08-291-41/+40
| | | | | | Differential Revision: https://reviews.llvm.org/D51322 llvm-svn: 340964
* [analyzer] Better retain count rules for OSObjectsGeorge Karpenkov2018-08-291-8/+11
| | | | | | Differential Revision: https://reviews.llvm.org/D51184 llvm-svn: 340961
* [Analyzer] Iterator Checker - Part 3: Invalidation check, first for (copy) ↵Adam Balogh2018-08-281-45/+138
| | | | | | | | | | | assignments We add check for invalidation of iterators. The only operation we handle here is the (copy) assignment. Differential Revision: https://reviews.llvm.org/D32747 llvm-svn: 340805
* fix comment typoNico Weber2018-08-271-1/+1
| | | | llvm-svn: 340743
* [analyzer] Preliminary version of retain count checking for OSObjectsGeorge Karpenkov2018-08-233-14/+41
| | | | | | | | Has quite a lot of false positives, disabled behind the flag. Differential Revision: https://reviews.llvm.org/D50880 llvm-svn: 340502
* Revert "[CStringSyntaxChecker] Check strlcat sizeof check"George Karpenkov2018-08-231-50/+4
| | | | | | | | This reverts commit 3073790e87378fea9a68fb052185fec9596ef135. The check is not correct, strlact(dest, "mystr", sizeof(dest)) is fine. llvm-svn: 340501
* Revert "[CStringSyntaxChecker] Reduces space around error message for strlcat."George Karpenkov2018-08-231-1/+1
| | | | | | This reverts commit 6b43b80320722da41ca6ef7a3b57cc300fb83094. llvm-svn: 340500
* [analyzer] Track the problematic subexpression in UndefResultCheckerGeorge Karpenkov2018-08-221-0/+4
| | | | | | | | This is tested in a subsequent commit, which allows tracking those values. Differential Revision: https://reviews.llvm.org/D51139 llvm-svn: 340474
* [analyzer] Improve `CallDescription` to handle c++ method.Henry Wong2018-08-221-48/+37
| | | | | | | | | | | | | | | | | Summary: `CallDecription` can only handle function for the time being. If we want to match c++ method, we can only use method name to match and can't improve the matching accuracy through the qualifiers. This patch add the support for `QualifiedName` matching to improve the matching accuracy. Reviewers: xazax.hun, NoQ, george.karpenkov, rnkovacs Reviewed By: xazax.hun, NoQ, rnkovacs Subscribers: Szelethus, szepet, rnkovacs, a.sidorin, mikhail.ramalho, cfe-commits, MTC Differential Revision: https://reviews.llvm.org/D48027 llvm-svn: 340407
* [analyzer] [NFC] Fix minor formatting issues in RetainCountCheckerGeorge Karpenkov2018-08-223-10/+8
| | | | | | Differential Revision: https://reviews.llvm.org/D51072 llvm-svn: 340378
* [analyzer] [NFC] Extract a method for creating RefVal from RetEffect in ↵George Karpenkov2018-08-221-34/+17
| | | | | | | | RetainCountChecker Differential Revision: https://reviews.llvm.org/D51071 llvm-svn: 340377
* [analyzer] Correctly marked a virtual function 'override'Kristof Umann2018-08-211-1/+1
| | | | llvm-svn: 340280
* [analyzer][UninitializedObjectChecker] Explicit namespace resolution for ↵Kristof Umann2018-08-212-7/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | inherited data members For the following example: struct Base { int x; }; // In a different translation unit struct Derived : public Base { Derived() {} }; For a call to Derived::Derived(), we'll receive a note that this->x is uninitialized. Since x is not a direct field of Derived, it could be a little confusing. This patch aims to fix this, as well as the case when the derived object has a field that has the name as an inherited uninitialized data member: struct Base { int x; // note: uninitialized field 'this->Base::x' }; struct Derived : public Base { int x = 5; Derived() {} }; Differential Revision: https://reviews.llvm.org/D50905 llvm-svn: 340272
* [analyzer][UninitializedObjectChecker] Added documentation to the checker listKristof Umann2018-08-211-12/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D50904 llvm-svn: 340266
* [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing ↵Kristof Umann2018-08-212-56/+63
| | | | | | | | | | | | to a function Now that it has it's own file, it makes little sense for isPointerOrReferenceUninit to be this large, so I moved dereferencing to a separate function. Differential Revision: https://reviews.llvm.org/D50509 llvm-svn: 340265
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker - try #2George Karpenkov2018-08-2110-1503/+19
| | | | | | | | | | Turns out it can't be removed from the analyzer since it relies on CallEvent. Moving to staticAnalyzer/core Differential Revision: https://reviews.llvm.org/D51023 llvm-svn: 340247
* [NFC] Don't define static function in header (UninitializedObject.h)Andrei Elovikov2018-08-202-5/+3
| | | | | | | | | | | | | | | | Summary: See also http://lists.llvm.org/pipermail/cfe-users/2016-January/000854.html for the reasons why it's bad. Reviewers: Szelethus, erichkeane Reviewed By: Szelethus Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D50963 llvm-svn: 340174
* Revert "[analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker"Bruno Cardoso Lopes2018-08-1810-19/+1500
| | | | | | | | | | | | | | This reverts commit a786521fa66c72edd308baff0c08961b6d964fb1. Bots haven't caught up yet, but broke modules build with: ../tools/clang/include/clang/StaticAnalyzer/Checkers/MPIFunctionClassifier.h:18:10: fatal error: cyclic dependency in module 'Clang_StaticAnalyzer_Core': Clang_StaticAnalyzer_Core -> Clang_Analysis -> Clang_StaticAnalyzer_Checkers -> Clang_StaticAnalyzer_Core ^ llvm-svn: 340117
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountCheckerGeorge Karpenkov2018-08-1810-1500/+19
| | | | | | | | | | | | | ARCMigrator is using code from RetainCountChecker, which is a layering violation (and it also does it badly, by using a different header, and then relying on implementation being present in a header file). This change splits up RetainSummaryManager into a separate library in lib/Analysis, which can be used independently of a checker. Differential Revision: https://reviews.llvm.org/D50934 llvm-svn: 340114
* [analyzer] [NFC] Minor refactoring of ISL-specific code in RetainCountCheckerGeorge Karpenkov2018-08-172-14/+9
| | | | | | Differential Revision: https://reviews.llvm.org/D50879 llvm-svn: 340098
* [analyzer] Re-instate support for MakeCollectable is RetainCountCheckerGeorge Karpenkov2018-08-173-5/+24
| | | | | | Differential Revision: https://reviews.llvm.org/D50872 llvm-svn: 340097
* [analyzer] [NFC] Move ObjCRetainCount to include/AnalysisGeorge Karpenkov2018-08-172-2/+2
| | | | | | Differential Revision: https://reviews.llvm.org/D50869 llvm-svn: 340096
* [analyzer] [NFC] Move canEval function from RetainCountChecker to ↵George Karpenkov2018-08-173-72/+85
| | | | | | | | RetainCountSummaries Differential Revision: https://reviews.llvm.org/D50863 llvm-svn: 340094
* [analyzer] [NFC] Split up summary generation in RetainCountChecker in two ↵George Karpenkov2018-08-172-204/+195
| | | | | | | | methods Differential Revision: https://reviews.llvm.org/D50830 llvm-svn: 340093
* [analyzer] [NFC] Split up RetainCountCheckerGeorge Karpenkov2018-08-178-3894/+4036
| | | | | | | | At some point, staring at 4k+ LOC file becomes a bit hard. Differential Revision: https://reviews.llvm.org/D50821 llvm-svn: 340092
* [analyzer] Drop support for GC mode in RetainCountCheckerGeorge Karpenkov2018-08-171-324/+61
| | | | | | | | | | | | A lot of code in RetainCountChecker deals with GC mode. Given that GC mode is deprecated, Apple does not ship runtime for it, and modern compiler toolchain does not support it, it makes sense to remove the code dealing with it in order to aid understanding of RetainCountChecker. Differential Revision: https://reviews.llvm.org/D50747 llvm-svn: 340091
* [CStringSyntaxChecker] Reduces space around error message for strlcat.David Carlier2018-08-151-1/+1
| | | | llvm-svn: 339808
* [analyzer] Add support for constructors of arguments.Artem Dergachev2018-08-151-0/+5
| | | | | | | | | | | | | | | | | | | | | Once CFG-side support for argument construction contexts landed in r338436, the analyzer could make use of them to evaluate argument constructors properly. When evaluated as calls, constructors of arguments now use the variable region of the parameter as their target. The corresponding stack frame does not yet exist when the parameter is constructed, and this stack frame is created eagerly. Construction of functions whose body is unavailable and of virtual functions is not yet supported. Part of the reason is the analyzer doesn't consistently use canonical declarations o identify the function in these cases, and every re-declaration or potential override comes with its own set of parameter declarations. Also it is less important because if the function is not inlined, there's usually no benefit in inlining the argument constructor. Differential Revision: https://reviews.llvm.org/D49443 llvm-svn: 339745
* [analyzer] Made a buildbot happy.Kristof Umann2018-08-141-2/+4
| | | | llvm-svn: 339655
* [analyzer][UninitializedObjectChecker] Void pointers are casted back to ↵Kristof Umann2018-08-141-2/+40
| | | | | | | | their dynamic type in note message Differential Revision: https://reviews.llvm.org/D49228 llvm-svn: 339653
* [CStringSyntaxChecker] Check strlcat sizeof checkDavid Carlier2018-08-141-4/+50
| | | | | | | | | | | | | - Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. - Advising the proper usual pattern. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 339641
* [analyzer] Fix UninitializedObjectChecker to not crash on uninitialized "id" ↵George Karpenkov2018-08-132-2/+2
| | | | | | | | fields Differential Revision: https://reviews.llvm.org/D50673 llvm-svn: 339631
* Fix Clang warnings and bad #include filenames in r339595 and r339599.Richard Smith2018-08-133-5/+7
| | | | llvm-svn: 339624
* [analyzer][UninitializedObjectChecker] Refactoring p5.: Handle pedantic mode ↵Kristof Umann2018-08-132-14/+19
| | | | | | | | in the checker class only Differential Revision: https://reviews.llvm.org/D50508 llvm-svn: 339601
* [analyzer][UninitializedObjectChecker] Refactoring p4.: Wrap FieldRegions ↵Kristof Umann2018-08-133-113/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and reduce weight on FieldChainInfo Before this patch, FieldChainInfo used a spaghetti: it took care of way too many cases, even though it was always meant as a lightweight wrapper around ImmutableList<const FieldRegion *>. This problem is solved by introducing a lightweight polymorphic wrapper around const FieldRegion *, FieldNode. It is an interface that abstracts away special cases like pointers/references, objects that need to be casted to another type for a proper note messages. Changes to FieldChainInfo: * Now wraps ImmutableList<const FieldNode &>. * Any pointer/reference related fields and methods were removed * Got a new add method. This replaces it's former constructors as a way to create a new FieldChainInfo objects with a new element. Changes to FindUninitializedField: * In order not to deal with dynamic memory management, when an uninitialized field is found, the note message for it is constructed and is stored instead of a FieldChainInfo object. (see doc around addFieldToUninits). Some of the test files are changed too, from now on uninitialized pointees of references always print "uninitialized pointee" instead of "uninitialized field" (which should've really been like this from the beginning). I also updated every comment according to these changes. Differential Revision: https://reviews.llvm.org/D50506 llvm-svn: 339599
* [analyzer][UninitializedObjectChecker] Refactoring p3.: printTail moved out ↵Kristof Umann2018-08-133-16/+17
| | | | | | | | | | from FieldChainInfo This is a standalone part of the effort to reduce FieldChainInfos inteerface. Differential Revision: https://reviews.llvm.org/D50505 llvm-svn: 339596
* [analyzer][UninitializedObjectChecker] Refactoring p2.: Moving pointer ↵Kristof Umann2018-08-134-297/+376
| | | | | | | | | | | | | | | | | | | | chasing to a separate file In this patch, the following classes and functions have been moved to a header file: FieldChainInfo FindUninitializedFields isPrimitiveType This also meant that they moved from anonymous namespace to clang::ento. Code related to pointer chasing now relies in its own file. There's absolutely no functional change in this patch -- its literally just copy pasting. Differential Revision: https://reviews.llvm.org/D50504 llvm-svn: 339595
* [analyzer][UninitializedObjectChecker] Refactoring p1.: ImmutableList ↵Kristof Umann2018-08-131-7/+8
| | | | | | | | | | | | | | | | factory is no longer static This patch is the first part of a series of patches to refactor UninitializedObjectChecker. The goal of this effort is to Separate pointer chasing from the rest of the checker, Increase readability and reliability, Don't impact performance (too bad). In this one, ImmutableList's factory is moved to FindUninitializedFields. Differential Revision: https://reviews.llvm.org/D50503 llvm-svn: 339591
* [analyzer] InnerPointerChecker: improve warning messages and notes.Reka Kovacs2018-08-103-21/+56
| | | | | | Differential Revision: https://reviews.llvm.org/D49570 llvm-svn: 339489
* [analyzer] Record nullability implications on getting items from NSDictionaryGeorge Karpenkov2018-08-101-14/+173
| | | | | | | | | | | | | | | | | | | | If we get an item from a dictionary, we know that the item is non-null if and only if the key is non-null. This patch is a rather hacky way to record this implication, because some logic needs to be duplicated from the solver. And yet, it's pretty simple, performant, and works. Other possible approaches: - Record the implication, in future rely on Z3 to pick it up. - Generalize the current code and move it to the constraint manager. rdar://34990742 Differential Revision: https://reviews.llvm.org/D50124 llvm-svn: 339482
* Port getLocStart -> getBeginLocStephen Kelly2018-08-0910-13/+13
| | | | | | | | | | Reviewers: teemperor! Subscribers: jholewinski, whisperity, jfb, cfe-commits Differential Revision: https://reviews.llvm.org/D50350 llvm-svn: 339385
OpenPOWER on IntegriCloud