summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Checkers
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove a whole lot of unused variablesAlp Toker2013-11-272-3/+1
| | | | | | | There are about 30 removed in this patch, generated by a new FixIt I haven't got round to submitting yet. llvm-svn: 195814
* Remove 'DistinctSpellings' support from Attr.td and change its only user toRichard Smith2013-11-271-9/+9
| | | | | | | | look at the attribute spelling instead. The 'ownership_*' attributes should probably be split into separate *Attr classes, but that's more than I wanted to do here. llvm-svn: 195805
* [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).Anton Yartsev2013-11-171-13/+41
| | | | | | | | | | | | | | New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } llvm-svn: 194953
* [analyzer] Treat MSVC's _wassert as noreturn.Jordan Rose2013-11-141-0/+3
| | | | | | | | This makes sure the analyzer actually honors assert() in an MSVC project. Patch by Anders Montonen! llvm-svn: 194716
* Move classes into anonymous namespaces.Benjamin Kramer2013-11-141-0/+4
| | | | llvm-svn: 194706
* Revert 'Tweak ContainerNonEmptyMap with "int" instead of "bool"'.Jordan Rose2013-11-081-3/+3
| | | | | | | | | I've added the missing ImutProfileInfo [sic] specialization for bool, so this patch on r194235 is no longer needed. This reverts r194244 / 2baea2887dfcf023c8e3560e5d4713c42eed7b6b. llvm-svn: 194265
* StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp: Tweak ↵NAKAMURA Takumi2013-11-081-3/+3
| | | | | | | | | ContainerNonEmptyMap with "int" instead of "bool", to appease building since r194235. In ADT/ImmutableSet, ImutProfileInfo<bool> cannot be matched to ImutProfileInteger. I didn't have idea it'd the right way if PROFILE_INTEGER_INFO(bool) could be added there. llvm-svn: 194244
* [analyzer] Add IdenticalExprChecker, to find copy-pasted code.Jordan Rose2013-11-083-0/+227
| | | | | | | | | | | | | This syntactic checker looks for expressions on both sides of comparison operators that are structurally the same. As a special case, the floating-point idiom "x != x" for "isnan(x)" is left alone. Currently this only checks comparison operators, but in the future we could extend this to include logical operators or chained if-conditionals. Checker by Per Viberg! llvm-svn: 194236
* [analyzer] Track whether an ObjC for-in loop had zero iterations.Jordan Rose2013-11-081-16/+85
| | | | | | | | | | | | | | | | | An Objective-C for-in loop will have zero iterations if the collection is empty. Previously, we could only detect this case if the program asked for the collection's -count /before/ the for-in loop. Now, the analyzer distinguishes for-in loops that had zero iterations from those with at least one, and can use this information to constrain the result of calling -count after the loop. In order to make this actually useful, teach the checker that methods on NSArray, NSDictionary, and the other immutable collection classes don't change the count. <rdar://problem/14992886> llvm-svn: 194235
* [analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.Anna Zaks2013-11-041-1/+2
| | | | llvm-svn: 194005
* StaticAnalyzer/Checkers/DynamicTypePropagation.cpp: Fix in comments. 80-col ↵NAKAMURA Takumi2013-10-281-2/+2
| | | | | | and an utf8 char. llvm-svn: 193513
* Forgot some references to misspelled enums.Benjamin Kramer2013-10-201-4/+4
| | | | llvm-svn: 193047
* Miscellaneous speling fixes.Benjamin Kramer2013-10-201-1/+1
| | | | llvm-svn: 193046
* [analyzer] ArrayRef-ize BugReporter::EmitBasicReport.Jordan Rose2013-10-077-32/+19
| | | | | | No functionality change. llvm-svn: 192114
* [analyzer] RetainCountChecker: add support for CFAutorelease.Jordan Rose2013-10-071-8/+22
| | | | | | <rdar://problems/13710586&13710643> llvm-svn: 192113
* [analyzer] Replace bug category magic strings with shared constants, take 2.Jordan Rose2013-10-045-25/+6
| | | | | | | Re-commit r191910 (reverted in r191936) with layering violation fixed, by moving the bug categories to StaticAnalyzerCore instead of ...Checkers. llvm-svn: 191937
* Temporarily revert r191910 until the layering violation can be fixed.Richard Smith2013-10-033-6/+5
| | | | llvm-svn: 191936
* [analyzer] Replace bug category magic strings with shared constants.Jordan Rose2013-10-033-5/+6
| | | | | | | | | | One small functionality change is to bring the sizeof-pointer checker in line with the other checkers by making its category be "Logic error" instead of just "Logic". There should be no other functionality changes. Patch by Daniel Marjamäki! llvm-svn: 191910
* [analyzer] Add new debug helper clang_analyzer_warnIfReached.Jordan Rose2013-10-031-0/+13
| | | | | | | | | | | | | This will emit a warning if a call to clang_analyzer_warnIfReached is executed, printing REACHABLE. This is a more explicit way to declare expected reachability than using clang_analyzer_eval or triggering a bug (divide-by-zero or null dereference), and unlike the former will work the same in inlined functions and top-level functions. Like the other debug helpers, it is part of the debug.ExprInspection checker. Patch by Jared Grubb! llvm-svn: 191909
* [analyzer] Add missing return after function pointer null check.Jordan Rose2013-10-021-0/+1
| | | | | | | | | | | | | | | | | Also add some tests that there is actually a message and that the bug is actually a hard error. This actually behaved correctly before, because: - addTransition() doesn't actually add a transition if the new state is null; it assumes you want to propagate the predecessor forward and does nothing. - generateSink() is called in order to emit a bug report. - If at least one new node has been generated, the predecessor node is /not/ propagated forward. But now it's spelled out explicitly. Found by Richard Mazorodze, who's working on a patch that may require this. llvm-svn: 191805
* [analyzer] Handle destructors for the argument to C++ 'delete'.Jordan Rose2013-09-251-1/+2
| | | | | | | | | | | | | | | | | Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! llvm-svn: 191381
* Fix array_pod_sort predicates after LLVM change.Benjamin Kramer2013-09-221-3/+3
| | | | llvm-svn: 191176
* array_pod_sort loses some type safety, better use the right types.Benjamin Kramer2013-09-221-2/+2
| | | | llvm-svn: 191174
* Rewrite a cold use of std::sort to array_pod_sort.Benjamin Kramer2013-09-221-12/+16
| | | | | | No functionality change. llvm-svn: 191173
* [analyzer] Stop tracking the objects with attribute cleanup in the ↵Anna Zaks2013-09-171-0/+10
| | | | | | | | RetainCountChecker. This suppresses false positive leaks. We stop tracking a value if it is assigned to a variable declared with a cleanup attribute. llvm-svn: 190835
* New message for cases when ownership is taken:Anton Yartsev2013-09-161-10/+23
| | | | | | | | "+method_name: cannot take ownership of memory allocated by 'new'." instead of the old "Memory allocated by 'new' should be deallocated by 'delete', not +method_name" llvm-svn: 190800
* Clean up some Triple usage in clang.Cameron Esfahani2013-09-141-2/+1
| | | | llvm-svn: 190737
* Fix two incorrect comments.Jordan Rose2013-09-131-2/+2
| | | | | | Patch by Jared Grubb! llvm-svn: 190652
* Get rid of unused isPodLike definition.Eli Friedman2013-09-111-2/+0
| | | | llvm-svn: 190463
* Switched FormatAttr to using an IdentifierArgument instead of a ↵Aaron Ballman2013-09-031-1/+2
| | | | | | StringArgument since that is a more accurate modeling. llvm-svn: 189851
* Use pop_back_val() instead of both back() and pop_back().Robert Wilhelm2013-08-231-3/+2
| | | | | | No functionality change intended. llvm-svn: 189112
* [analyzer] Don't run unreachable code checker on inlined functions.Jordan Rose2013-08-191-0/+3
| | | | | | | | | This is still an alpha checker, but we use it in certain tests to make sure something is not being executed. This should fix the buildbots. llvm-svn: 188682
* [analyzer] Assume that strings are no longer than SIZE_MAX/4.Jordan Rose2013-08-191-2/+15
| | | | | | | | | This keeps the analyzer from making silly assumptions, like thinking strlen(foo)+1 could wrap around to 0. This fixes PR16558. Patch by Karthik Bhat! llvm-svn: 188680
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-6/+19
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* Use the number of parameters in the actual method or function to determine ↵Ted Kremenek2013-08-161-7/+1
| | | | | | the CallEffects size. llvm-svn: 188587
* RetainCountChecker: Replace some loops with std:: algorithms.Benjamin Kramer2013-08-161-17/+5
| | | | llvm-svn: 188581
* Revert r188574. Turns out it isn't needed.Ted Kremenek2013-08-161-1/+0
| | | | llvm-svn: 188578
* Need summary info. about arguments toFariborz Jahanian2013-08-161-0/+1
| | | | | | CF functions coming from static analyzer API. llvm-svn: 188574
* [analyzer] If realloc fails on an escaped region, that region doesn't leak.Jordan Rose2013-08-151-1/+1
| | | | | | | | | | | | | | | | | | When a region is realloc()ed, MallocChecker records whether it was known to be allocated or not. If it is, and the reallocation fails, the original region has to be freed. Previously, when an allocated region escaped, MallocChecker completely stopped tracking it, so a failed reallocation still (correctly) wouldn't require freeing the original region. Recently, however, MallocChecker started tracking escaped symbols, so that if it were freed we could check that the deallocator matched the allocator. This broke the reallocation model for whether or not a symbol was allocated. Now, MallocChecker will actually check if a symbol is owned, and only require freeing after a failed reallocation if it was owned before. PR16730 llvm-svn: 188468
* [static analyzer] add a simple "CallEffects" API to query the retain count ↵Ted Kremenek2013-08-141-0/+44
| | | | | | | | | | | | | | semantics of a method. This is intended to be a simplified API, whose internals are deliberately less efficient for the purpose of a simplified interface, for use with clients that want to query the analyzer's heuristics for determining retain count semantics. There are no immediate clients, but it is intended to be used by the ObjC modernizer. llvm-svn: 188433
* [static analyzer] Factor out ArgEffect and RetEffect into public header file.Ted Kremenek2013-08-141-93/+14
| | | | | | | This is a WIP change to allow other clients to query the retain count heuristics of the static analyzer. llvm-svn: 188432
* DirectIvarAssignment: Replace vtable'd objects with simple functions.Benjamin Kramer2013-08-091-31/+19
| | | | | | Avoids unnecessary static constructors. llvm-svn: 188083
* [analyzer] Warn when using 'delete' on an uninitialized variable.Jordan Rose2013-08-091-1/+29
| | | | | | Patch by Karthik Bhat, modified slightly by me. llvm-svn: 188043
* Eliminate CXXConstructorDecl::IsImplicitlyDefined.Jordan Rose2013-08-071-1/+1
| | | | | | | | | | | | This field is just IsDefaulted && !IsDeleted; in all places it's used, a simple check for isDefaulted() is superior anyway, and we were forgetting to set it in a few cases. Also eliminate CXXDestructorDecl::IsImplicitlyDefined, for the same reasons. No intended functionality change. llvm-svn: 187891
* [analyzer] Don't process autorelease counts in synthesized function bodies.Jordan Rose2013-08-011-1/+8
| | | | | | | | | | | | | | | We process autorelease counts when we exit functions, but if there's an issue in a synthesized body the report will get dropped. Just skip the processing for now and let it get handled when the caller gets around to processing autoreleases. (This is still suboptimal: objects autoreleased in the caller context should never be warned about when exiting a callee context, synthesized or not.) Second half of <rdar://problem/14611722> llvm-svn: 187625
* Make IgnoreParens() look through ChooseExprs.Eli Friedman2013-07-201-13/+2
| | | | | | | | | | | | | This is the same way GenericSelectionExpr works, and it's generally a more consistent approach. A large part of this patch is devoted to caching the value of the condition of a ChooseExpr; it's needed to avoid threading an ASTContext into IgnoreParens(). Fixes <rdar://problem/14438917>. llvm-svn: 186738
* [analyzer] Include analysis stack in crash traces.Jordan Rose2013-07-191-0/+7
| | | | | | | | | | | | | Sample output: 0. Program arguments: ... 1. <eof> parser at end of file 2. While analyzing stack: #0 void inlined() #1 void test() 3. crash-trace.c:6:3: Error evaluating statement llvm-svn: 186639
* Add 'static' and 'const' qualifiers to some arrays of strings.Craig Topper2013-07-151-1/+1
| | | | llvm-svn: 186314
* [analyzer] Add support for __builtin_addressof.Jordan Rose2013-07-121-1/+4
| | | | | | ...so we don't regress on std::addressof. llvm-svn: 186140
* Use SmallVectorImpl instead of SmallVector for iterators and references to ↵Craig Topper2013-07-042-4/+4
| | | | | | avoid specifying the vector size unnecessarily. llvm-svn: 185610
OpenPOWER on IntegriCloud