summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Core
Commit message (Collapse)AuthorAgeFilesLines
...
* Output "rule" information in SARIF exports.Aaron Ballman2018-11-011-0/+38
| | | | | | SARIF allows you to export descriptions about rules that are present in the SARIF log. Expose the help text table generated into Checkers.inc as the rule's "full description" and export all of the rules present in the analysis output. This information is useful for analysis result viewers like CodeSonar. llvm-svn: 345874
* Update to the 10-10 SARIF spec.Aaron Ballman2018-11-011-8/+7
| | | | | | This removes the Step property (which can be calculated by consumers trivially), and updates the schema and version numbers accordingly. llvm-svn: 345823
* [analyzer] Re-add custom OSIterator rule for RetainCountCheckerGeorge Karpenkov2018-10-311-4/+9
| | | | | | | | Turns out the rule is quite ubiquitous. Revert of https://reviews.llvm.org/D53628 llvm-svn: 345747
* [analyzer] RetainCountChecker: for now, do not trust the summaries of ↵George Karpenkov2018-10-311-4/+5
| | | | | | | | | | | | | | | | inlined code Trusting summaries of inlined code would require a more thorough work, as the current approach was causing too many false positives, as the new example in test. The culprit lies in the fact that we currently escape all variables written into a field (but not passed off to unknown functions!), which can result in inconsistent behavior. rdar://45655344 Differential Revision: https://reviews.llvm.org/D53902 llvm-svn: 345746
* [analyzer][PlistMacroExpansion] Part 1.: New expand-macros flagKristof Umann2018-10-313-15/+101
| | | | | | | | | | | | | This is the first part of the implementation of the inclusion of macro expansions into the plist output. It adds a new flag that adds a new "macro_expansions" entry to each report that has PathDiagnosticPieces that were expanded from a macro. While there's an entry for each macro expansion, both the name of the macro and what it expands to is missing, and will be implemented in followup patches. Differential Revision: https://reviews.llvm.org/D52742 llvm-svn: 345724
* Create ConstantExpr classBill Wendling2018-10-314-5/+11
| | | | | | | | | | | | | | | | A ConstantExpr class represents a full expression that's in a context where a constant expression is required. This class reflects the path the evaluator took to reach the expression rather than the syntactic context in which the expression occurs. In the future, the class will be expanded to cache the result of the evaluated expression so that it's not needlessly re-evaluated Reviewed By: rsmith Differential Revision: https://reviews.llvm.org/D53475 llvm-svn: 345692
* Silencing a -Wunused-variable warning; NFC.Aaron Ballman2018-10-301-2/+0
| | | | llvm-svn: 345633
* Fixing some build bot failures from r345628; NFC intended.Aaron Ballman2018-10-301-1/+1
| | | | llvm-svn: 345630
* Add the ability to output static analysis results to SARIF.Aaron Ballman2018-10-302-2/+273
| | | | | | This allows users to specify SARIF (https://github.com/oasis-tcs/sarif-spec) as the output from the clang static analyzer so that the results can be read in by other tools, such as extensions to Visual Studio and VSCode, as well as static analyzers like CodeSonar. llvm-svn: 345628
* PR23833, DR2140: an lvalue-to-rvalue conversion on a glvalue of typeRichard Smith2018-10-301-1/+6
| | | | | | | | | nullptr_t does not access memory. We now reuse CK_NullToPointer to represent a conversion from a glvalue of type nullptr_t to a prvalue of nullptr_t where necessary. llvm-svn: 345562
* [analyzer][NFC] Refactor PlistDiagnostics to use a class instead of passing ↵Kristof Umann2018-10-291-151/+180
| | | | | | | | | | | 9 parameters around This has been a long time coming. Note the usage of AnalyzerOptions: I'll need it for D52742, and added it in rC343620. The main motivation for this was that I'll need to add yet another parameter to every single function, and some functions would reach their 10th parameter with that change. llvm-svn: 345531
* [analyzer] Fix a bug in "collapsed" graph viewerGeorge Karpenkov2018-10-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | Nodes which have only one predecessor and only one successor can not always be hidden, even if all states are the same. An additional condition is needed: the predecessor may have only one successor. This can be seen on this example: ``` A / \ B C \ / D ``` Nodes B and C can not be hidden even if all nodes in the graph have the same state. Differential Revision: https://reviews.llvm.org/D53735 llvm-svn: 345341
* [analyzer] [RetainCountChecker] Do not invalidate references passed to ↵George Karpenkov2018-10-251-1/+5
| | | | | | | | constructors and operators Differential Revision: https://reviews.llvm.org/D53660 llvm-svn: 345340
* [analyzer] Remove custom rule for OSIterator in RetainCountCheckerGeorge Karpenkov2018-10-251-8/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D53628 llvm-svn: 345339
* [analyzer] Correct modelling of OSDynamicCast: eagerly state splitGeorge Karpenkov2018-10-251-17/+28
| | | | | | | | | | | | | | | | | | | | | Previously, OSDynamicCast was modeled as an identity. This is not correct: the output of OSDynamicCast may be zero even if the input was not zero (if the class is not of desired type), and thus the modeling led to false positives. Instead, we are doing eager state split: in one branch, the returned value is identical to the input parameter, and in the other branch, the returned value is zero. This patch required a substantial refactoring of canEval infrastructure, as now it can return different function summaries, and not just true/false. rdar://45497400 Differential Revision: https://reviews.llvm.org/D53624 llvm-svn: 345338
* [analyzer] Move canReasonAbout from Z3ConstraintManager to SMTConstraintManagerMikhail R. Gadelha2018-10-251-43/+2
| | | | | | | | | | | | | | | | | | | Summary: This patch moves the last method in `Z3ConstraintManager` to `SMTConstraintManager`: `canReasonAbout()`. The `canReasonAbout()` method checks if a given `SVal` can be encoded in SMT. I've added a new method to the SMT API to return true if a solver can encode floating-point arithmetics and it was enough to make `canReasonAbout()` solver independent. As an annoying side-effect, `Z3ConstraintManager` is pretty empty now and only (1) creates the Z3 solver object by calling `CreateZ3Solver()` and (2) instantiates `SMTConstraintManager`. Maybe we can get rid of this class altogether in the future: a `CreateSMTConstraintManager()` method that does (1) and (2) and returns the constraint manager object? Reviewers: george.karpenkov, NoQ Reviewed By: george.karpenkov Subscribers: mehdi_amini, xazax.hun, szepet, a.sidorin, dexonsmith, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53694 llvm-svn: 345284
* [analyzer] Fixed bitvector from model always being unsignedMikhail R. Gadelha2018-10-251-3/+5
| | | | | | | | | | | | | | | | | Summary: Getting an `APSInt` from the model always returned an unsigned integer because of the unused parameter. This was not breaking any test case because no code relies on the actual value of the integer returned here, but rather it is only used to check if a symbol has more than one solution in `getSymVal`. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53637 llvm-svn: 345283
* [analyzer] [NFC] Change scanReachableSymbols to use rangesGeorge Karpenkov2018-10-231-16/+5
| | | | | | | | Remove unused overload. Clean up some usages. Differential Revision: https://reviews.llvm.org/D53615 llvm-svn: 345101
* [analyzer] Do not stop tracking CXX methods touching OSObject.George Karpenkov2018-10-231-8/+24
| | | | | | | | Trust generalized annotations for OSObject. Differential Revision: https://reviews.llvm.org/D53550 llvm-svn: 345100
* [analyzer] Trust summaries for OSObject::retain and OSObject::releaseGeorge Karpenkov2018-10-231-10/+15
| | | | | | | | Refactor the way in which summaries are consumed for safeMetaCast Differential Revision: https://reviews.llvm.org/D53549 llvm-svn: 345099
* [analyzer] Rename trackNullOrUndefValue to trackExpressionValueGeorge Karpenkov2018-10-231-36/+14
| | | | | | | | | | | | trackNullOrUndefValue is a long and confusing name, and it does not actually reflect what the function is doing. Give a function a new name, with a relatively clear semantics. Also remove some dead code. Differential Revision: https://reviews.llvm.org/D52758 llvm-svn: 345064
* [Fixed Point Arithmetic] Fixed Point to Boolean CastLeonard Chan2018-10-231-1/+2
| | | | | | | | | | This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split the casting logic up into smaller patches. This contains the code for casting from fixed point types to boolean types. Differential Revision: https://reviews.llvm.org/D53308 llvm-svn: 345063
* [OpenCL][NFC] Unify ZeroToOCL* cast typesAndrew Savonichev2018-10-231-2/+1
| | | | | | | | | | | | Reviewers: Anastasia, yaxunl Reviewed By: Anastasia Subscribers: asavonic, cfe-commits Differential Revision: https://reviews.llvm.org/D52654 llvm-svn: 345038
* [analyzer] Fix dumping for SymbolConjured conjured at no particular statement.Artem Dergachev2018-10-221-4/+7
| | | | llvm-svn: 344944
* Fix MSVC "not all control paths return a value" warning. NFCI.Simon Pilgrim2018-10-221-0/+1
| | | | llvm-svn: 344892
* [analyzer][NFC] Fix inconsistencies in AnalyzerOptionsKristof Umann2018-10-212-51/+48
| | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. This first NFC patch contains small modifications to make AnalyzerOptions.cpp a little more consistent. Differential Revision: https://reviews.llvm.org/D53274 llvm-svn: 344870
* [NFC][Test commit] Fix typos in a commentAleksei Sidorin2018-10-201-2/+2
| | | | llvm-svn: 344847
* [analyzer] Be more plugin-friendly by moving static locals into .cpp files.Artem Dergachev2018-10-206-0/+41
| | | | | | | | | | | | | | | | | | The GDMIndex functions return a pointer that's used as a key for looking up data, but addresses of local statics defined in header files aren't the same across shared library boundaries and the result is that analyzer plugins can't access this data. Event types are uniqued by using the addresses of a local static defined in a header files, but it isn't the same across shared library boundaries and plugins can't currently handle ImplicitNullDerefEvents. Patches by Joe Ranieri! Differential Revision: https://reviews.llvm.org/D52905 Differential Revision: https://reviews.llvm.org/D52906 llvm-svn: 344823
* [analyzer] Teach CallEvent about C++17 aligned operator new().Artem Dergachev2018-10-151-0/+4
| | | | | | | | | | | | | | | | | | | | In C++17, when class C has large alignment value, a special case of overload resolution rule kicks in for expression new C that causes the aligned version of operator new() to be called. The aligned new has two arguments: size and alignment. However, the new-expression has only one "argument": the construct-expression for C(). This causes a false positive in core.CallAndMessage's check for matching number of arguments and number of parameters. Update CXXAllocatorCall, which is a CallEvent sub-class for operator new calls within new-expressions, so that the number of arguments always matched the number of parameters. rdar://problem/44738501 Differential Revision: https://reviews.llvm.org/D52957 llvm-svn: 344539
* [Fixed Point Arithmetic] FixedPointCastLeonard Chan2018-10-151-1/+2
| | | | | | | | | | | | | This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split them up. This contains the code for casting between fixed point types and other fixed point types. The method for converting between fixed point types is based off the convert() method in APFixedPoint. Differential Revision: https://reviews.llvm.org/D50616 llvm-svn: 344530
* Move some helpers from the global namespace into anonymous ones.Benjamin Kramer2018-10-131-1/+3
| | | | llvm-svn: 344468
* [analyzer] Improved cmake configuration for Z3Enrico Steffinlongo2018-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | Summary: Enhanced support for Z3 in the cmake configuration of clang; now it is possible to specify any arbitrary Z3 install prefix (CLANG_ANALYZER_Z3_PREFIX) to cmake with lib (or bin) and include folders. Before the patch only in cmake default locations were searched (https://cmake.org/cmake/help/v3.4/command/find_path.html). Specifying any CLANG_ANALYZER_Z3_PREFIX will force also CLANG_ANALYZER_BUILD_Z3 to ON. Removed also Z3 4.5 version requirement since it was not checked, and now Clang works with Z3 4.7 Reviewers: NoQ, george.karpenkov, mikhail.ramalho Reviewed By: george.karpenkov Subscribers: rnkovacs, NoQ, esteffin, george.karpenkov, delcypher, ddcc, mgorny, xazax.hun, szepet, a.sidorin, Szelethus Tags: #clang Differential Revision: https://reviews.llvm.org/D50818 llvm-svn: 344464
* [analyzer] Small SMT API improvementEnrico Steffinlongo2018-10-131-1/+1
| | | | | | | | | | | | | | Summary: Removed const qualifier from reset method of SMTSolver and Z3Solver objects. Reviewers: mikhail.ramalho, george.karpenkov, NoQ, ddcc Reviewed By: NoQ Subscribers: xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D52031 llvm-svn: 344463
* [analyzer] Fix a bug in unexplored_first_location_queue iteration order.George Karpenkov2018-10-121-2/+2
| | | | | | Pointed out by Artem in post-commit review for https://reviews.llvm.org/D53058 llvm-svn: 344322
* [analyzer] Experiment with an iteration order only based on location, and ↵George Karpenkov2018-10-113-2/+67
| | | | | | | | not using the stack frame Differential Revision: https://reviews.llvm.org/D53058 llvm-svn: 344313
* [analyzer] Fix symbol discovery in nonloc::LocAsInteger values.Artem Dergachev2018-10-021-1/+1
| | | | | | | | | Doesn't do much despite sounding quite bad, but fixes an exotic test case where liveness of a nonloc::LocAsInteger array index is now evaluated correctly. Differential Revision: https://reviews.llvm.org/D52667 llvm-svn: 343631
* [analyzer][NFC] Refactor functions in PlistDiagnostics to take ↵Kristof Umann2018-10-021-23/+34
| | | | | | | | | | | | | AnalyzerOptions as parameter I intend to add a new flag macro-expnasions-as-events, and unfortunately I'll only be able to convert the macro piece into an event one once I'm about to emit it, due to the lack of an avaible Preprocessor object in the BugReporter. Differential Revision: https://reviews.llvm.org/D52787 llvm-svn: 343620
* [analyzer] Improvements to the SMT APIMikhail R. Gadelha2018-10-022-38/+12
| | | | | | | | | | | | | | | | | | | | | | | | | Summary: Several improvements in preparation for the new backends. Refactoring: - Removed duplicated methods `fromBoolean`, `fromAPSInt`, `fromInt` and `fromAPFloat`. The methods `mkBoolean`, `mkBitvector` and `mkFloat` are now used instead. - The names of the functions that convert BVs to FPs were swapped (`mkSBVtoFP`, `mkUBVtoFP`, `mkFPtoSBV`, `mkFPtoUBV`). - Added a couple of comments in function calls. Crosscheck encoding: - Changed how constraints are encoded in the refutation manager so it doesn't start with (false OR ...). This change introduces one duplicated line (see file `BugReporterVisitors.cpp`, the `SMTConv::getRangeExpr is called twice, so I can remove this change if the duplication is a problem. Reviewers: george.karpenkov, NoQ Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D52365 llvm-svn: 343581
* [analyzer][NFC] Refactor functions in PlistDiagnostics to take Preproc as ↵Kristof Umann2018-10-011-71/+72
| | | | | | | | | | parameter This is patch is a preparation for the proposed inclusion of macro expansions in the plist output. Differential Revision: https://reviews.llvm.org/D52735 llvm-svn: 343511
* [analyzer] [NFC] Remove unused parameters, as found by -Wunused-parameterGeorge Karpenkov2018-09-2810-96/+73
| | | | | | Differential Revision: https://reviews.llvm.org/D52640 llvm-svn: 343353
* [analyzer] Provide an option to dump generated exploded graphs to a given file.George Karpenkov2018-09-281-5/+30
| | | | | | | | | | | Dumping graphs instead of opening them is often very useful, e.g. for transfer or converting to SVG. Basic sanity check for generated exploded graphs. Differential Revision: https://reviews.llvm.org/D52637 llvm-svn: 343352
* [analyzer] Hotfix for the bug in exploded graph printingGeorge Karpenkov2018-09-271-0/+2
| | | | llvm-svn: 343276
* [analyzer] Highlight nodes which have error reports in them in red in ↵George Karpenkov2018-09-271-25/+65
| | | | | | | | exploded graph Differential Revision: https://reviews.llvm.org/D52584 llvm-svn: 343239
* [analyzer] [NFC] Move the code for dumping the program point to ProgramPointGeorge Karpenkov2018-09-271-179/+1
| | | | | | | | So we can dump them outside of viewing the exploded grpah. Differential Revision: https://reviews.llvm.org/D52583 llvm-svn: 343160
* [analyzer] [NFC] Heavy refactoring of trackNullOrUndefValueGeorge Karpenkov2018-09-271-117/+56
| | | | | | Differential Revision: https://reviews.llvm.org/D52519 llvm-svn: 343159
* llvm::sort(C.begin(), C.end(), ...) -> llvm::sort(C, ...)Fangrui Song2018-09-262-5/+4
| | | | | | | | | | | | | | Summary: The convenience wrapper in STLExtras is available since rL342102. Reviewers: rsmith, #clang, dblaikie Reviewed By: rsmith, #clang Subscribers: mgrang, arphaman, kadircet, cfe-commits Differential Revision: https://reviews.llvm.org/D52576 llvm-svn: 343147
* [analyzer] Fix a crash on casting symbolic pointers to derived classes.Artem Dergachev2018-09-261-1/+11
| | | | | | | | | | | Commit r340984 causes a crash when a pointer to a completely unrelated type UnrelatedT (eg., opaque struct pattern) is being casted from base class BaseT to derived class DerivedT, which results in an ill-formed region Derived{SymRegion{$<UnrelatedT x>}, DerivedT}. Differential Revision: https://reviews.llvm.org/D52189 llvm-svn: 343051
* [analyzer] NFC: CallDescription: Improve array management.Artem Dergachev2018-09-251-7/+10
| | | | | | | | | | Combine the two constructor overrides into a single ArrayRef constructor to allow easier brace initializations and simplify how the respective field is used internally. Differential Revision: https://reviews.llvm.org/D51390 llvm-svn: 343037
* [analyzer] NFC: Legalize state manager factory injection.Artem Dergachev2018-09-251-3/+2
| | | | | | | | | | | | | | | | | | | | | When a checker maintains a program state trait that isn't a simple list/set/map, but is a combination of multiple lists/sets/maps (eg., a multimap - which may be implemented as a map from something to set of something), ProgramStateManager only contains the factory for the trait itself. All auxiliary lists/sets/maps need a factory to be provided by the checker, which is annoying. So far two checkers wanted a multimap, and both decided to trick the ProgramStateManager into keeping the auxiliary factory within itself by pretending that it's some sort of trait they're interested in, but then never using this trait but only using the factory. Make this trick legal. Define a convenient macro. One thing that becomes apparent once all pieces are put together is that these two checkers are in fact using the same factory, because the type that identifies it, ImmutableMap<const MemRegion *, ImmutableSet<SymbolRef>>, is the same. This situation is different from two checkers registering similar primitive traits. Differential Revision: https://reviews.llvm.org/D51388 llvm-svn: 343035
* [analyzer] Prevent crashes in FindLastStoreBRVisitorGeorge Karpenkov2018-09-241-4/+13
| | | | | | | | | | This patch is a band-aid. A proper solution would be too change trackNullOrUndefValue to only try to dereference the pointer when it is relevant to the problem. Differential Revision: https://reviews.llvm.org/D52435 llvm-svn: 342920
OpenPOWER on IntegriCloud