summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Core/RangeConstraintManager.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [Clang] Migrate llvm::make_unique to std::make_uniqueJonas Devlieghere2019-08-141-1/+1
| | | | | | | | | | Now that we've moved to C++14, we no longer need the llvm::make_unique implementation from STLExtras.h. This patch is a mechanical replacement of (hopefully) all the llvm::make_unique instances across the monorepo. Differential revision: https://reviews.llvm.org/D66259 llvm-svn: 368942
* [analyzer] print() JSONify: Constraints implementationCsaba Dabis2019-05-291-15/+26
| | | | | | | | | | | | | | | | | Summary: - Reviewers: NoQ, xazax.hun, ravikandhadai, baloghadamsoftware, Szelethus Reviewed By: NoQ Subscribers: szepet, rnkovacs, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D62082 llvm-svn: 361978
* [Analyzer] Constraint Manager - Calculate Effective Range for DifferencesAdam Balogh2019-03-281-5/+28
| | | | | | | | | | | | | | | | | | | | | Since rL335814, if the constraint manager cannot find a range set for `A - B` (where `A` and `B` are symbols) it looks for a range for `B - A` and returns it negated if it exists. However, if a range set for both `A - B` and `B - A` is stored then it only returns the first one. If we both use `A - B` and `B - A`, these expressions behave as two totally unrelated symbols. This way we miss some useful deductions which may lead to false negatives or false positives. This tiny patch changes this behavior: if the symbolic expression the constraint manager is looking for is a difference `A - B`, it tries to retrieve the range for both `A - B` and `B - A` and if both exists it returns the intersection of range `A - B` and the negated range of `B - A`. This way every time a checker applies new constraints to the symbolic difference or to its negated it always affects both the original difference and its negated. Differential Revision: https://reviews.llvm.org/D55007 llvm-svn: 357167
* [analyzer] ConditionBRVisitor: Remove GDM checkingCsaba Dabis2019-03-161-0/+5
| | | | | | | | | | | | | | | | | | | | Summary: Removed the `GDM` checking what could prevent reports made by this visitor. Now we rely on constraint changes instead. (It reapplies 356318 with a feature from 356319 because build-bot failure.) Reviewers: NoQ, george.karpenkov Reviewed By: NoQ Subscribers: cfe-commits, jdoerfert, gerazo, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D54811 llvm-svn: 356322
* Revert "[analyzer] ConditionBRVisitor: Remove GDM checking"Csaba Dabis2019-03-161-5/+0
| | | | | | This reverts commit f962485adad9d646511fd3240c0408d9554e6784. llvm-svn: 356321
* [analyzer] ConditionBRVisitor: Remove GDM checkingCsaba Dabis2019-03-161-0/+5
| | | | | | | | | | | | | | | | Summary: Removed the `GDM` checking what could prevent reports made by this visitor. Now we rely on constraint changes instead. Reviewers: NoQ, george.karpenkov Reviewed By: NoQ Subscribers: jdoerfert, gerazo, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, Szelethus, donat.nagy, dkrupp Tags: #clang Differential Revision: https://reviews.llvm.org/D54811 llvm-svn: 356318
* Update the file headers across all of the LLVM projects in the monorepoChandler Carruth2019-01-191-4/+3
| | | | | | | | | | | | | | | | | to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636
* [analyzer] Fix the "Zombie Symbols" bug.Artem Dergachev2018-11-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's an old bug that consists in stale references to symbols remaining in the GDM if they disappear from other program state sections as a result of any operation that isn't the actual dead symbol collection. The most common example here is: FILE *fp = fopen("myfile.txt", "w"); fp = 0; // leak of file descriptor In this example the leak were not detected previously because the symbol disappears from the public part of the program state due to evaluating the assignment. For that reason the checker never receives a notification that the symbol is dead, and never reports a leak. This patch not only causes leak false negatives, but also a number of other problems, including false positives on some checkers. What's worse, even though the program state contains a finite number of symbols, the set of symbols that dies is potentially infinite. This means that is impossible to compute the set of all dead symbols to pass off to the checkers for cleaning up their part of the GDM. No longer compute the dead set at all. Disallow iterating over dead symbols. Disallow querying if any symbols are dead. Remove the API for marking symbols as dead, as it is no longer necessary. Update checkers accordingly. Differential Revision: https://reviews.llvm.org/D18860 llvm-svn: 347953
* [analyzer] pr38273: Legalize Loc<>NonLoc comparison symbols.Artem Dergachev2018-07-231-2/+4
| | | | | | | | | Remove an assertion in RangeConstraintManager that expects such symbols to never appear, while admitting that the constraint manager doesn't yet handle them. Differential Revision: https://reviews.llvm.org/D49703 llvm-svn: 337769
* [Analyzer] Constraint Manager Negates DifferenceAdam Balogh2018-06-281-1/+68
| | | | | | | | If range [m .. n] is stored for symbolic expression A - B, then we can deduce the range for B - A which is [-n .. -m]. This is only true for signed types, unless the range is [0 .. 0]. Differential Revision: https://reviews.llvm.org/D35110 llvm-svn: 335814
* Revert "[Analyzer] Moved RangeConstraintManager to header. NFC."Mikhail R. Gadelha2018-06-271-0/+83
| | | | | | | | This broke a number of bots. This reverts commit 5e1a89912d37a21c3b49ccf30600d7f498dffa9c. llvm-svn: 335752
* [Analyzer] Moved RangeConstraintManager to header. NFC.Mikhail R. Gadelha2018-06-271-83/+0
| | | | | | | | | | | | | | Summary: While at it, added a dump method to RangeSet. Reviewers: george.karpenkov, NoQ Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin Differential Revision: https://reviews.llvm.org/D48561 llvm-svn: 335726
* Moved RangedConstraintManager header to the StaticAnalyser include dirMikhail R. Gadelha2018-06-041-1/+1
| | | | | | | | | | | | | | | Summary: Moved `RangedConstraintManager` header from `lib/StaticAnalyzer/Core/` to `clang/StaticAnalyzer/Core/PathSensitive/`. No changes to the code. Reviewers: NoQ, george.karpenkov, dcoughlin Reviewed By: george.karpenkov Subscribers: NoQ, george.karpenkov, dcoughlin, ddcc Differential Revision: https://reviews.llvm.org/D47640 llvm-svn: 333862
* [analyzer] Move RangeSet related declarations into the ↵Mikhail R. Gadelha2018-05-241-236/+144
| | | | | | | | | | | | | | | | | | RangedConstraintManager header. Summary: I could also move `RangedConstraintManager.h` under `include/` if you agree as it seems slightly out of place under `lib/`. Patch by Réka Kovács Reviewers: NoQ, george.karpenkov, dcoughlin, rnkovacs Reviewed By: NoQ Subscribers: mikhail.ramalho, whisperity, xazax.hun, baloghadamsoftware, szepet, a.sidorin, dkrupp, cfe-commits Differential Revision: https://reviews.llvm.org/D45920 llvm-svn: 333179
* Remove \brief commands from doxygen comments.Adrian Prantl2018-05-091-1/+1
| | | | | | | | | | | | | | | | | | | This is similar to the LLVM change https://reviews.llvm.org/D46290. We've been running doxygen with the autobrief option for a couple of years now. This makes the \brief markers into our comments redundant. Since they are a visual distraction and we don't want to encourage more \brief markers in new code either, this patch removes them all. Patch produced by for i in $(git grep -l '\@brief'); do perl -pi -e 's/\@brief //g' $i & done for i in $(git grep -l '\\brief'); do perl -pi -e 's/\\brief //g' $i & done Differential Revision: https://reviews.llvm.org/D46320 llvm-svn: 331834
* [c++20] P0515R3: Parsing support and basic AST construction for operator <=>.Richard Smith2017-12-141-1/+3
| | | | | | | | | | | | | | | Adding the new enumerator forced a bunch more changes into this patch than I would have liked. The -Wtautological-compare warning was extended to properly check the new comparison operator, clang-format needed updating because it uses precedence levels as weights for determining where to break lines (and several operators increased their precedence levels with this change), thread-safety analysis needed changes to build its own IL properly for the new operator. All "real" semantic checking for this operator has been deferred to a future patch. For now, we use the relational comparison rules and arbitrarily give the builtin form of the operator a return type of 'void'. llvm-svn: 320707
* [analyzer] [NFC] remove duplicated functionGeorge Karpenkov2017-12-041-31/+12
| | | | | | | | | | | Two copies of getSymLERange in RangeConstraintManager are virtually identical, which is clearly bad. This patch uses lambdas to call one from another (assuming that we would like to avoid getting ranges from the state when necessary). Differential Revision: https://reviews.llvm.org/D39709 llvm-svn: 319697
* [analyzer] assume bitwise arithmetic axiomsGeorge Karpenkov2017-11-091-6/+54
| | | | | | | | | | | | | | | Patches the solver to assume that bitwise OR of an unsigned value with a constant always produces a value larger-or-equal than the constant, and bitwise AND with a constant always produces a value less-or-equal than the constant. This patch is especially useful in the context of using bitwise arithmetic for error code encoding: the analyzer would be able to state that the error code produced using a bitwise OR is non-zero. Differential Revision: https://reviews.llvm.org/D39707 llvm-svn: 317820
* [analyzer] Refactor and simplify SimpleConstraintManagerDominic Chen2017-02-251-24/+78
| | | | | | | | | | | | Summary: SimpleConstraintManager is difficult to use, and makes assumptions about capabilities of the constraint manager. This patch refactors out those portions into a new RangedConstraintManager, and also fixes some issues with camel case, formatting, and confusing naming. Reviewers: zaks.anna, dcoughlin Subscribers: mgorny, xazax.hun, NoQ, rgov, cfe-commits Differential Revision: https://reviews.llvm.org/D26061 llvm-svn: 296242
* [analyzer] Run clang-format and fix styleDominic Chen2016-12-131-103/+94
| | | | | | | | | | | | Summary: Split out formatting and style changes from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26691 llvm-svn: 289511
* [analyzer] Minor optimization: avoid setting state if unchangedDominic Chen2016-11-151-4/+6
| | | | | | | | | | | | Summary: Split out optimization from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26642 llvm-svn: 286925
* [NFC] Header cleanupMehdi Amini2016-07-181-1/+0
| | | | | | | | | | Summary: Removed unused headers, replaced some headers with forward class declarations Patch by: Eugene <claprix@yandex.ru> Differential Revision: https://reviews.llvm.org/D20100 llvm-svn: 275882
* [analyzer] Fix RangeConstraintManager's pinning of single value ranges.Pierre Gousseau2016-01-121-2/+2
| | | | | | | | This fix a bug in RangeSet::pin causing single value ranges to be considered non conventionally ordered. Differential Revision: http://reviews.llvm.org/D12901 llvm-svn: 257467
* [analyzer] Create one state for a range switch case instead of multiple.Devin Coughlin2015-09-221-34/+142
| | | | | | | | | | | | | This fixes PR16833, in which the analyzer was using large amounts of memory for switch statements with large case ranges. rdar://problem/14685772 A patch by Aleksei Sidorin! Differential Revision: http://reviews.llvm.org/D5102 llvm-svn: 248318
* [analyzer] Apply whitespace cleanups by Honggyu Kim.Ted Kremenek2015-09-081-7/+7
| | | | llvm-svn: 246978
* unique_ptrify the result of ConstraintManagerCreator and StoreManagerCreatorDavid Blaikie2014-09-041-2/+2
| | | | llvm-svn: 217206
* [C++11] Use 'nullptr'. StaticAnalyzer edition.Craig Topper2014-05-271-16/+16
| | | | llvm-svn: 209642
* [C++11] Add 'override' keyword to virtual methods that override their base ↵Craig Topper2014-03-151-10/+12
| | | | | | class. llvm-svn: 203999
* [analyzer] Teach constraint managers about unsigned comparisons.Jordan Rose2013-03-231-8/+8
| | | | | | | | | | | In C, comparisons between signed and unsigned numbers are always done in unsigned-space. Thus, we should know that "i >= 0U" is always true, even if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0' is signed. Part of <rdar://problem/13239003> (false positives related to std::vector) llvm-svn: 177806
* [analyzer] Translate "a != b" to "(b - a) != 0" in the constraint manager.Jordan Rose2013-03-231-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Canonicalizing these two forms allows us to better model containers like std::vector, which use "m_start != m_finish" to implement empty() but "m_finish - m_start" to implement size(). The analyzer should have a consistent interpretation of these two symbolic expressions, even though it's not properly reasoning about either one yet. The other unfortunate thing is that while the size() expression will only ever be written "m_finish - m_start", the comparison may be written "m_finish == m_start" or "m_start == m_finish". Right now the analyzer does not attempt to canonicalize those two expressions, since it doesn't know which length expression to pick. Doing this correctly will probably require implementing unary minus as a new SymExpr kind (<rdar://problem/12351075>). For now, the analyzer inverts the order of arguments in the comparison to build the subtraction, on the assumption that "begin() != end()" is written more often than "end() != begin()". This is purely speculation. <rdar://problem/13239003> llvm-svn: 177801
* Sort all of Clang's files under 'lib', and fix up the broken headersChandler Carruth2012-12-041-1/+1
| | | | | | | | | | | | | uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. llvm-svn: 169237
* [analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.hJordan Rose2012-11-051-1/+3
| | | | | | | | | | | | As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. llvm-svn: 167385
* [analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).Jordan Rose2012-11-021-14/+1
| | | | | | | | | Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. llvm-svn: 167276
* [analyzer] Let ConstraintManager subclasses provide a more efficient checkNull.Jordan Rose2012-10-311-0/+25
| | | | | | | | | | | Previously, every call to a ConstraintManager's isNull would do a full assumeDual to test feasibility. Now, ConstraintManagers can override checkNull if they have a cheaper way to do the same thing. RangeConstraintManager can do this in less than half the work. <rdar://problem/12608209> llvm-svn: 167138
* [analyzer] Make ProgramStateManager's SubEngine parameter optional.Jordan Rose2012-10-011-2/+2
| | | | | | | | | It is possible and valid to have a state manager and associated objects without having a SubEngine or checkers. Patch by Olaf Krzikalla! llvm-svn: 164947
* Revert "Use sep instead of ' '."Ted Kremenek2012-09-261-1/+1
| | | | | | This isn't correct, as Jordan correctly points out. llvm-svn: 164711
* Use sep instead of ' '.Ted Kremenek2012-09-261-1/+1
| | | | llvm-svn: 164709
* Remove unnecessary ASTContext& parameter from SymExpr::getType().Ted Kremenek2012-09-261-1/+1
| | | | llvm-svn: 164661
* Remove ConstraintManager:isEqual(). It is no longer used.Ted Kremenek2012-09-071-6/+0
| | | | llvm-svn: 163425
* Despite me asking Jordan to do r162313, revert it. We can provideTed Kremenek2012-08-221-1/+11
| | | | | | another way to whitelist these special cases. This is an intermediate patch. llvm-svn: 162386
* [analyzer] Push "references are non-null" knowledge up to the common parent.Jordan Rose2012-08-211-11/+1
| | | | | | | | | | This reduces duplication across the Basic and Range constraint managers, and keeps their internals free of dealing with the semantics of C++. It's still a little unfortunate that the constraint manager is dealing with this at all, but this is pretty much the only place to put it so that it will apply to all symbolic values, even when embedded in larger expressions. llvm-svn: 162313
* [analyzer] Assume that reference symbols are non-null.Jordan Rose2012-08-211-1/+11
| | | | | | | | By doing this in the constraint managers, we can ensure that ANY reference whose value we don't know gets the effect, even if it's not a top-level parameter. llvm-svn: 162246
* [analyzer] Rework both constraint managers to handle mixed-type comparisons.Jordy Rose2012-05-081-74/+201
| | | | | | | | | | | | | | | | | | This involves keeping track of three separate types: the symbol type, the adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL", if the type of $x is 'signed char', the adjustment type is 'int' and the comparison type is 'unsigned long long'. Most of the time these three types will be the same, but we should still do the right thing when the comparison value is out of range, and wraparound should be calculated in the adjustment type. This also re-disables an out-of-bounds test; we were extracting the symbol from non-additive SymIntExprs, but then throwing away the integer. Sorry for the large patch; both the basic and range constraint managers needed to be updated together, since they share code in SimpleConstraintManager. llvm-svn: 156361
* Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek2012-01-261-28/+28
| | | | | | | | At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. llvm-svn: 149081
* [analyzer] Minor improvements on RangeConstraint pretty-printing.Anna Zaks2011-12-051-3/+5
| | | | llvm-svn: 145830
* [analyzer] Remove TransferFuncs.h, then deal with the fallout.Jordy Rose2011-09-021-1/+0
| | | | | | And with that, TransferFuncs is gone! llvm-svn: 139003
* Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek2011-08-151-34/+34
| | | | llvm-svn: 137665
* Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek2011-08-121-20/+20
| | | | | | and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. llvm-svn: 137537
* remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner2011-07-231-3/+3
| | | | | | | | LLVM.h imports them into the clang namespace. llvm-svn: 135852
* [analyzer] Remove ManagerRegistry which is not used. In the future we may ↵Argyrios Kyrtzidis2011-02-141-1/+0
| | | | | | | | load analyzer plugins dynamically but registration through static constructors should be avoided. llvm-svn: 125502
OpenPOWER on IntegriCloud