summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Add a checker option to detect nested dead storesKristof Umann2019-09-031-9/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables the users to specify an optional flag which would warn for more dead stores. Previously it ignored if the dead store happened e.g. in an if condition. if ((X = generate())) { // dead store to X } This patch introduces the `WarnForDeadNestedAssignments` option to the checker, which is `false` by default - so this change would not affect any previous users. I have updated the code, tests and the docs as well. If I missed something, tell me. I also ran the analysis on Clang which generated 14 more reports compared to the unmodified version. All of them seemed reasonable for me. Related previous patches: rGf224820b45c6847b91071da8d7ade59f373b96f3 Reviewers: NoQ, krememek, Szelethus, baloghadamsoftware Reviewed By: Szelethus Patch by Balázs Benics! Differential Revision: https://reviews.llvm.org/D66733 llvm-svn: 370767
* [Analyzer] Iterator Checkers - Make range errors and invalidated access fatalAdam Balogh2019-08-291-8/+6
| | | | | | | | | | | | | | Range errors (dereferencing or incrementing the past-the-end iterator or decrementing the iterator of the first element of the range) and access of invalidated iterators lead to undefined behavior. There is no point to continue the analysis after such an error on the same execution path, but terminate it by a sink node (fatal error). This also improves the performance and helps avoiding double reports (e.g. in case of nested iterators). Differential Revision: https://reviews.llvm.org/D62893 llvm-svn: 370314
* [analyzer] Fix analyzer warnings on analyzer.Artem Dergachev2019-08-2812-51/+69
| | | | | | | | | Write tests for the actual crash that was found. Write comments and refactor code around 17 style bugs and suppress 3 false positives. Differential Revision: https://reviews.llvm.org/D66847 llvm-svn: 370246
* [analyzer] Avoid unnecessary enum range check on LValueToRValue castsKristof Umann2019-08-231-0/+16
| | | | | | | | | | | | | | | | Summary: EnumCastOutOfRangeChecker should not perform enum range checks on LValueToRValue casts, since this type of cast does not actually change the underlying type. Performing the unnecessary check actually triggered an assertion failure deeper in EnumCastOutOfRange for certain input (which is captured in the accompanying test code). Reviewers: #clang, Szelethus, gamesh411, NoQ Reviewed By: Szelethus, gamesh411, NoQ Subscribers: NoQ, gamesh411, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, bjope, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D66014 llvm-svn: 369760
* [analyzer] CastValueChecker: Correctly model results of based-to-derived casts.Artem Dergachev2019-08-231-9/+27
| | | | | | | | | | Our SVal hierarchy doesn't allow modeling pointer casts as no-op. The pointer type is instead encoded into the pointer object. Defer to our usual pointer casting facility, SValBuilder::evalBinOp(). Fixes a crash. llvm-svn: 369729
* [analyzer] CastValueChecker: Provide DynamicTypeMap with pointer types only.Artem Dergachev2019-08-231-25/+20
| | | | | | | | | The idea to drop this requirement is good, but for now every other user of DynamicTypeInfo expects pointer types. Fixes a crash. llvm-svn: 369728
* [analyzer] CastValueChecker: Avoid modeling casts between objects.Artem Dergachev2019-08-231-2/+7
| | | | | | | | | Our method only works correctly when casting a pointer to a pointer or a reference to a reference. Fixes a crash. llvm-svn: 369727
* Remove an unused function, suppress -Wunused-function warning.Haojian Wu2019-08-221-6/+0
| | | | llvm-svn: 369629
* [analyzer] CastValueChecker: Model isa(), isa_and_nonnull()Csaba Dabis2019-08-221-5/+100
| | | | | | | | | | Summary: - Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D66423 llvm-svn: 369615
* [analyzer] CastValueChecker: Try to fix the buildbotsCsaba Dabis2019-08-221-1/+1
| | | | llvm-svn: 369609
* [analyzer] CastValueChecker: Rewrite dead header hotfixCsaba Dabis2019-08-225-5/+5
| | | | llvm-svn: 369607
* [analyzer] CastValueChecker: Store the dynamic types and castsCsaba Dabis2019-08-222-112/+179
| | | | | | | | | | | | | | Summary: This patch introduces `DynamicCastInfo` similar to `DynamicTypeInfo` which is stored in `CastSets` which are storing the dynamic cast informations of objects based on memory regions. It could be used to store and check the casts and prevent infeasible paths. Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D66325 llvm-svn: 369605
* [analyzer] Improve VirtualCallChecker and enable parts of it by default.Artem Dergachev2019-08-201-125/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling a pure virtual method during construction or destruction is undefined behavior. It's worth it to warn about it by default. That part is now known as the cplusplus.PureVirtualCall checker. Calling a normal virtual method during construction or destruction may be fine, but does behave unexpectedly, as it skips virtual dispatch. Do not warn about this by default, but let projects opt in into it by enabling the optin.cplusplus.VirtualCall checker manually. Give the two parts differentiated warning text: Before: Call to virtual function during construction or destruction: Call to pure virtual function during construction Call to virtual function during construction or destruction: Call to virtual function during destruction After: Pure virtual method call: Call to pure virtual method 'X::foo' during construction has undefined behavior Unexpected loss of virtual dispatch: Call to virtual method 'Y::bar' during construction bypasses virtual dispatch Also fix checker names in consumers that support them (eg., clang-tidy) because we now have different checker names for pure virtual calls and regular virtual calls. Also fix capitalization in the bug category. Differential Revision: https://reviews.llvm.org/D64274 llvm-svn: 369449
* [Clang] Migrate llvm::make_unique to std::make_uniqueJonas Devlieghere2019-08-1463-150/+150
| | | | | | | | | | Now that we've moved to C++14, we no longer need the llvm::make_unique implementation from STLExtras.h. This patch is a mechanical replacement of (hopefully) all the llvm::make_unique instances across the monorepo. Differential revision: https://reviews.llvm.org/D66259 llvm-svn: 368942
* [analyzer] Don't delete TaintConfig copy constructorAlex Langford2019-08-141-2/+2
| | | | | | | | | | | | | | | | | | | | | Summary: Explicitly deleting the copy constructor makes compiling the function `ento::registerGenericTaintChecker` difficult with some compilers. When we construct an `llvm::Optional<TaintConfig>`, the optional is constructed with a const TaintConfig reference which it then uses to invoke the deleted TaintConfig copy constructor. I've observered this failing with clang 3.8 on Ubuntu 16.04. Reviewers: compnerd, Szelethus, boga95, NoQ, alexshap Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, llvm-commits, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D66192 llvm-svn: 368779
* [analyzer][NFC] Prepare visitors for different tracking kindsKristof Umann2019-08-143-4/+6
| | | | | | | | | | | | | | | | | | | | | | | When we're tracking a variable that is responsible for a null pointer dereference or some other sinister programming error, we of course would like to gather as much information why we think that the variable has that specific value as possible. However, the newly introduced condition tracking shows that tracking all values this thoroughly could easily cause an intolerable growth in the bug report's length. There are a variety of heuristics we discussed on the mailing list[1] to combat this, all of them requiring to differentiate in between tracking a "regular value" and a "condition". This patch introduces the new `bugreporter::TrackingKind` enum, adds it to several visitors as a non-optional argument, and moves some functions around to make the code a little more coherent. [1] http://lists.llvm.org/pipermail/cfe-dev/2019-June/062613.html Differential Revision: https://reviews.llvm.org/D64270 llvm-svn: 368777
* [analyzer][NFC] Make sure that the BugReport is not modified during the ↵Kristof Umann2019-08-131-1/+1
| | | | | | | | | | | | construction of non-visitor pieces I feel this is kinda important, because in a followup patch I'm adding different kinds of interestingness, and propagating the correct kind in BugReporter.cpp is just one less thing to worry about. Differential Revision: https://reviews.llvm.org/D65578 llvm-svn: 368755
* [analyzer][NFC] Refactoring BugReporter.cpp P4.: If it can be const, make it ↵Kristof Umann2019-08-134-5/+5
| | | | | | | | | | | | | | const When I'm new to a file/codebase, I personally find C++'s strong static type system to be a great aid. BugReporter.cpp is still painful to read however: function calls are made with mile long parameter lists, seemingly all of them taken with a non-const reference/pointer. This patch fixes nothing but this: make a few things const, and hammer it until it compiles. Differential Revision: https://reviews.llvm.org/D65382 llvm-svn: 368735
* [analyzer][NFC] Refactoring BugReporter.cpp P3.: ↵Kristof Umann2019-08-1318-120/+104
| | | | | | | | | | | | | std::shared_pointer<PathDiagnosticPiece> -> PathDiagnosticPieceRef find clang/ -type f -exec sed -i 's/std::shared_ptr<PathDiagnosticPiece>/PathDiagnosticPieceRef/g' {} \; git diff -U3 --no-color HEAD^ | clang-format-diff-6.0 -p1 -i Just as C++ is meant to be refactored, right? Differential Revision: https://reviews.llvm.org/D65381 llvm-svn: 368717
* [analyzer] CastValueChecker: Model castAs(), getAs()Csaba Dabis2019-08-091-91/+161
| | | | | | | | | | Summary: Thanks to Kristóf Umann for the great idea! Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D65889 llvm-svn: 368383
* [Analyzer] Iterator Checkers - Fix for Crash on Iterator DifferencesAdam Balogh2019-08-051-4/+8
| | | | | | | Iterators differences were mistakenly handled as random decrements which causes an assertion. This patch fixes this. llvm-svn: 367802
* Buildbot fix for r367190Gabor Borsik2019-07-281-1/+1
| | | | llvm-svn: 367193
* [analyzer] Add yaml parser to GenericTaintCheckerGabor Borsik2019-07-282-22/+215
| | | | | | | | | | | | | | | | | | | | | While we implemented taint propagation rules for several builtin/standard functions, there's a natural desire for users to add such rules to custom functions. A series of patches will implement an option that allows users to annotate their functions with taint propagation rules through a YAML file. This one adds parsing of the configuration file, which may be specified in the commands line with the analyzer config: alpha.security.taint.TaintPropagation:Config. The configuration may contain propagation rules, filter functions (remove taint) and sink functions (give a warning if it gets a tainted value). I also added a new header for future checkers to conveniently read YAML files as checker options. Differential Revision: https://reviews.llvm.org/D59555 llvm-svn: 367190
* [analyzer] MallocChecker: Prevent Integer Set Library false positivesCsaba Dabis2019-07-181-1/+38
| | | | | | | | | | | | | | Summary: Integer Set Library using retain-count based allocation which is not modeled in MallocChecker. Reviewed By: NoQ Tags: #clang Differential Revision: https://reviews.llvm.org/D64680 llvm-svn: 366391
* Fix parameter name comments using clang-tidy. NFC.Rui Ueyama2019-07-1611-14/+14
| | | | | | | | | | | | | | | | | | | | | This patch applies clang-tidy's bugprone-argument-comment tool to LLVM, clang and lld source trees. Here is how I created this patch: $ git clone https://github.com/llvm/llvm-project.git $ cd llvm-project $ mkdir build $ cd build $ cmake -GNinja -DCMAKE_BUILD_TYPE=Debug \ -DLLVM_ENABLE_PROJECTS='clang;lld;clang-tools-extra' \ -DCMAKE_EXPORT_COMPILE_COMMANDS=On -DLLVM_ENABLE_LLD=On \ -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ ../llvm $ ninja $ parallel clang-tidy -checks='-*,bugprone-argument-comment' \ -config='{CheckOptions: [{key: StrictMode, value: 1}]}' -fix \ ::: ../llvm/lib/**/*.{cpp,h} ../clang/lib/**/*.{cpp,h} ../lld/**/*.{cpp,h} llvm-svn: 366177
* Delete dead storesFangrui Song2019-07-121-2/+1
| | | | llvm-svn: 365901
* [analyzer] CastValueChecker: Remove a dump()Csaba Dabis2019-07-101-1/+0
| | | | | Summary: Fix a nit. llvm-svn: 365590
* [analyzer] CastValueChecker: Model castsCsaba Dabis2019-07-102-0/+192
| | | | | | | | | | | | | | | | | | | | | Summary: It models the LLVM casts: - `cast<>` - `dyn_cast<>` - `cast_or_null<>` - `dyn_cast_or_null<>` It has a very basic support without checking the `classof()` function. (It reapplies the reverted 'llvm-svn: 365582' patch with proper test file.) Reviewed By: NoQ Tags: #clang Differential Revision: https://reviews.llvm.org/D64374 llvm-svn: 365585
* Revert "[analyzer] CastValueChecker: Model casts"Csaba Dabis2019-07-092-191/+0
| | | | | | This reverts commit 27cf6664437efd640bb6db5594bafcce68fa2854. llvm-svn: 365584
* [analyzer] CastValueChecker: Model castsCsaba Dabis2019-07-092-0/+191
| | | | | | | | | | | | | | | | | | | Summary: It models the LLVM casts: - `cast<>` - `dyn_cast<>` - `cast_or_null<>` - `dyn_cast_or_null<>` It has a very basic support without checking the `classof()` function. Reviewed By: NoQ Tags: #clang Differential Revision: https://reviews.llvm.org/D64374 llvm-svn: 365582
* [analyzer][IDF] Add a control dependency calculator + a new debug checkerKristof Umann2019-07-051-6/+31
| | | | | | | | | | | | | | | | | | | | | | | I intend to improve the analyzer's bug reports by tracking condition expressions. 01 bool b = messyComputation(); 02 int i = 0; 03 if (b) // control dependency of the bug site, let's explain why we assume val 04 // to be true 05 10 / i; // warn: division by zero I'll detail this heuristic in the followup patch, strictly related to this one however: * Create the new ControlDependencyCalculator class that uses llvm::IDFCalculator to (lazily) calculate control dependencies for Clang's CFG. * A new debug checker debug.DumpControlDependencies is added for lit tests * Add unittests Differential Revision: https://reviews.llvm.org/D62619 llvm-svn: 365197
* [analyzer] ReturnValueChecker: Model the guaranteed boolean return value of ↵Csaba Dabis2019-07-042-0/+171
| | | | | | | | | | | | | | | | | | | function calls Summary: It models the known LLVM methods paired with their class. Reviewers: NoQ, xazax.hun, ravikandhadai, baloghadamsoftware, Szelethus Reviewed By: NoQ Subscribers: dschuff, aheejin, mgorny, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D63915 llvm-svn: 365103
* [analyzer][Dominator] Add post dominators to CFG + a new debug checkerKristof Umann2019-07-031-2/+28
| | | | | | | | | | | | | | | | Transform clang::DominatorTree to be able to also calculate post dominators. * Tidy up the documentation * Make it clang::DominatorTree template class (similarly to how llvm::DominatorTreeBase works), rename it to clang::CFGDominatorTreeImpl * Clang's dominator tree is now called clang::CFGDomTree * Clang's brand new post dominator tree is called clang::CFGPostDomTree * Add a lot of asserts to the dump() function * Create a new checker to test the functionality Differential Revision: https://reviews.llvm.org/D62551 llvm-svn: 365028
* Change std::{lower,upper}_bound to llvm::{lower,upper}_bound or ↵Fangrui Song2019-07-031-4/+2
| | | | | | llvm::partition_point. NFC llvm-svn: 365006
* [analyzer] Support kfree in MallocCheckerNathan Huckleberry2019-07-011-12/+14
| | | | | | | | | | | | | | | | | | | Summary: kmalloc is freed with kfree in the linux kernel. kmalloc support was added in r204832, but kfree was not. Adding kfree fixes incorrectly detected memory leaks. Reviewers: NoQ, nickdesaulniers, dcoughlin, Szelethus Reviewed By: NoQ, Szelethus Subscribers: xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, Charusso, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D64030 llvm-svn: 364875
* [analyzer] NonnullGlobalConstants: Don't be confused by a _Nonnull attribute.Artem Dergachev2019-07-011-8/+15
| | | | | | | | | | | | | | | The NonnullGlobalConstants checker models the rule "it doesn't make sense to make a constant global pointer and initialize it to null"; it makes sure that whatever it's initialized with is known to be non-null. Ironically, annotating the type of the pointer as _Nonnull breaks the checker. Fix handling of the _Nonnull annotation so that it was instead one more reason to believe that the value is non-null. Differential Revision: https://reviews.llvm.org/D63956 llvm-svn: 364869
* [analyzer] CStringChecker: Modernize to use CallDescriptions.Artem Dergachev2019-07-011-147/+58
| | | | | | | | | | | | | This patch uses the new CDF_MaybeBuiltin flag to handle C library functions. It's mostly an NFC/refactoring pass, but it does fix a bug in handling memset() when it expands to __builtin___memset_chk() because the latter has one more argument and memset() handling code was trying to match the exact number of arguments. Now the code is deduplicated and there's less room for mistakes. Differential Revision: https://reviews.llvm.org/D62557 llvm-svn: 364868
* [analyzer] DeadStores: Update the crude suppression for files generated by IIG.Artem Dergachev2019-06-201-1/+1
| | | | | | They changed the comments that we were looking for. llvm-svn: 363995
* [analyzer] NFC: Change evalCall() to provide a CallEvent.Artem Dergachev2019-06-199-78/+84
| | | | | | | | | | | | This changes the checker callback signature to use the modern, easy to use interface. Additionally, this unblocks future work on allowing checkers to implement evalCall() for calls that don't correspond to any call-expression or require additional information that's only available as part of the CallEvent, such as C++ constructors and destructors. Differential Revision: https://reviews.llvm.org/D62440 llvm-svn: 363893
* [analyzer] DeadStores: Add a crude suppression files generated by DriverKit IIG.Artem Dergachev2019-06-191-0/+23
| | | | | | | | | | | | IIG is a replacement for MIG in DriverKit: IIG is autogenerating C++ code. Suppress dead store warnings on such code, as the tool seems to be producing them regularly, and the users of IIG are not in position to address these warnings, as they don't control the autogenerated code. IIG-generated code is identified by looking at the comments at the top of the file. Differential Revision: https://reviews.llvm.org/D63118 llvm-svn: 363892
* [analyzer] print() JSONify: Type information implementationCsaba Dabis2019-05-291-2/+2
| | | | | | | | | | | | | | | | | Summary: - Reviewers: NoQ, xazax.hun, ravikandhadai, baloghadamsoftware, Szelethus Reviewed By: NoQ Subscribers: szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D62083 llvm-svn: 361979
* [Analyzer] Replace `CXXSelfAssignmentBRVisitor` with `NoteTags`Adam Balogh2019-05-281-2/+18
| | | | | | | | | | | | The `cplusplus.SelfAssignment` checker has a visitor that is added to every `BugReport` to mark the to branch of the self assignment operator with e.g. `rhs == *this` and `rhs != *this`. With the new `NoteTag` feature this visitor is not needed anymore. Instead the checker itself marks the two branches using the `NoteTag`s. Differential Revision: https://reviews.llvm.org/D62479 llvm-svn: 361818
* [Analyzer] Checker for non-determinism caused by iteration of unordered ↵Mandeep Singh Grang2019-05-242-0/+101
| | | | | | | | | | | | | | | | | | container of pointers Summary: Added a checker for non-determinism caused by iterating unordered containers like std::unordered_set containing pointer elements. Reviewers: NoQ, george.karpenkov, whisperity, Szelethus, baloghadamsoftware Reviewed By: Szelethus Subscribers: mgorny, xazax.hun, baloghadamsoftware, szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, jdoerfert, Charusso, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D59279 llvm-svn: 361664
* [CFG] NFC: Remove implicit conversion from CFGTerminator to Stmt *.Artem Dergachev2019-05-241-2/+2
| | | | | | | | | | | Turn it into a variant class instead. This conversion does indeed save some code but there's a plan to add support for more kinds of terminators that aren't necessarily based on statements, and with those in mind it becomes more and more confusing to have CFGTerminators implicitly convertible to a Stmt *. Differential Revision: https://reviews.llvm.org/D61814 llvm-svn: 361586
* [Analyzer] Refactor begin and end symbol creationAdam Balogh2019-05-201-22/+36
| | | | | | | | | | | | This patch refactors begin and end symbol creation by moving symbol conjuration into the `create...` functions. This way the functions' responsibilities are clearer and makes possible to add more functions handling these symbols (e.g. functions for handling the container's size) without code multiplication. Differential Revision: https://reviews.llvm.org/D61136 llvm-svn: 361141
* MIGChecker - assert we have a non-null LocationContext. NFCI.Simon Pilgrim2019-05-181-0/+2
| | | | | | Fixes scan-build warning. llvm-svn: 361097
* [analyzer] Remove the default value arg from getChecker*OptionKristof Umann2019-05-1711-24/+19
| | | | | | | | | | | | | | | | | | | Since D57922, the config table contains every checker option, and it's default value, so having it as an argument for getChecker*Option is redundant. By the time any of the getChecker*Option function is called, we verified the value in CheckerRegistry (after D57860), so we can confidently assert here, as any irregularities detected at this point must be a programmer error. However, in compatibility mode, verification won't happen, so the default value must be restored. This implies something else, other than adding removing one more potential point of failure -- debug.ConfigDumper will always contain valid values for checker/package options! Differential Revision: https://reviews.llvm.org/D59195 llvm-svn: 361042
* [analyzer] RetainCount: Fix os_returns_retained_on_zero with weird return types.Artem Dergachev2019-05-151-0/+5
| | | | | | | | | The checker was crashing when it was trying to assume a structure to be null or non-null so that to evaluate the effect of the annotation. Differential Revision: https://reviews.llvm.org/D61958 llvm-svn: 360790
* [analyzer] MIGChecker: Fix redundant semicolon.Artem Dergachev2019-05-151-1/+1
| | | | llvm-svn: 360739
* [analyzer] MIGChecker: Add support for os_ref_retain().Artem Dergachev2019-05-151-5/+28
| | | | | | | | | | Suppress MIG checker false positives that occur when the programmer increments the reference count before calling a MIG destructor, and the MIG destructor literally boils down to decrementing the reference count. Differential Revision: https://reviews.llvm.org/D61925 llvm-svn: 360737
OpenPOWER on IntegriCloud