summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Core
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix for PR15623 (corrected r290413 reverted at 290415). The patch eliminates ↵Anton Yartsev2016-12-252-18/+20
| | | | | | | | | unwanted ProgramState checker data propagation from an operand of the logical operation to operation result. The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall. https://reviews.llvm.org/D22862 llvm-svn: 290505
* Fix problems in "[OpenCL] Enabling the usage of CLK_NULL_QUEUE as compare ↵Egor Churaev2016-12-231-0/+1
| | | | | | | | | | | | | | operand." Summary: Fixed warnings in commit: https://reviews.llvm.org/rL290171 Reviewers: djasper, Anastasia Subscribers: yaxunl, cfe-commits, bader Differential Revision: https://reviews.llvm.org/D27981 llvm-svn: 290431
* Revert changes made by r290413 until regression is fixed.Anton Yartsev2016-12-232-22/+18
| | | | llvm-svn: 290415
* Fix for PR15623. The patch eliminates unwanted ProgramState checker data ↵Anton Yartsev2016-12-232-18/+22
| | | | | | | | | propagation from an operand of the logical operation to operation result. The patch also simplifies an assume of a constraint of the form: "(exp comparison_op expr) != 0" to true into an assume of "exp comparison_op expr" to true. (And similarly, an assume of the form "(exp comparison_op expr) == 0" to true as an assume of exp comparison_op expr to false.) which improves precision overall. https://reviews.llvm.org/D22862 llvm-svn: 290413
* [analyzer] Improve suppress-on-sink behavior in incomplete analyses.Artem Dergachev2016-12-221-0/+26
| | | | | | | | | | | | | | | | | | | | | | | Warnings with suppress-on-sink are discarded during FlushReports when BugReporter notices that all paths in ExplodedGraph that pass through the warning eventually run into a sink node. However, suppress-on-sink fails to filter out false positives when the analysis terminates too early - by running into analyzer limits, such as block count limits or graph size limits - and the interruption hits the narrow window between throwing the leak report and reaching the no-return function call. In such case the report is there, however suppression-on-sink doesn't work, because the sink node was never constructed in the incomplete ExplodedGraph. This patch implements a very partial solution: also suppress reports thrown against a statement-node that corresponds to a statement that belongs to a no-return block of the CFG. rdar://problem/28832541 Differential Revision: https://reviews.llvm.org/D28023 llvm-svn: 290341
* [analyzer] Add sink after construction of temporary with no-return destructor.Devin Coughlin2016-12-191-0/+24
| | | | | | | | | | | | | | | | | | | The analyzer's CFG currently doesn't have nodes for calls to temporary destructors. This causes the analyzer to explore infeasible paths in which a no-return destructor would have stopped exploration and so results in false positives when no-return destructors are used to implement assertions. To mitigate these false positives, this patch stops generates a sink after evaluating a constructor on a temporary object that has a no-return destructor. This results in a loss of coverage because the time at which the destructor is called may be after the time of construction (especially for lifetime-extended temporaries). This addresses PR15599. rdar://problem/29131566 llvm-svn: 290140
* [OpenMP] Sema and parsing for 'target teams' pragmaKelvin Li2016-12-171-0/+1
| | | | | | | | This patch is to implement sema and parsing for 'target teams' pragma. Differential Revision: https://reviews.llvm.org/D27818 llvm-svn: 290038
* [analyzer] Teach the analyzer that pointers can escape into __cxa_demangleAnna Zaks2016-12-151-0/+5
| | | | | | | | This fixes a reported false positive in the malloc checker. Differential Revision: https://reviews.llvm.org/D27599 llvm-svn: 289886
* [analyzer] Refer to macro names in diagnostics for macros representing a literalAnna Zaks2016-12-151-5/+49
| | | | | | | | | | | | | When a macro expending to a literal is used in a comparison, use the macro name in the diagnostic rather than the literal. This improves readability of path notes. Added tests for various macro literals that could occur. Only BOOl, Int, and NULL tests have changed behavior with this patch. Differential Revision: https://reviews.llvm.org/D27726 llvm-svn: 289884
* [analyzer] Add a new SVal to support pointer-to-member operations.Devin Coughlin2016-12-156-42/+267
| | | | | | | | | | | Add a new type of NonLoc SVal for C++ pointer-to-member operations. This SVal supports both pointers to member functions and pointers to member data. A patch by Kirill Romanenkov! Differential Revision: https://reviews.llvm.org/D25475 llvm-svn: 289873
* Remove custom handling of array copies in lambda by-value array capture andRichard Smith2016-12-143-5/+7
| | | | | | | | | | | copy constructors of classes with array members, instead using ArrayInitLoopExpr to represent the initialization loop. This exposed a bug in the static analyzer where it was unable to differentiate between zero-initialized and unknown array values, which has also been fixed here. llvm-svn: 289618
* [analyzer] Run clang-format and fix styleDominic Chen2016-12-133-213/+193
| | | | | | | | | | | | Summary: Split out formatting and style changes from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26691 llvm-svn: 289511
* Add two new AST nodes to represent initialization of an array in terms ofRichard Smith2016-12-121-0/+2
| | | | | | | | | | | | | | | | | | | | initialization of each array element: * ArrayInitLoopExpr is a prvalue of array type with two subexpressions: a common expression (an OpaqueValueExpr) that represents the up-front computation of the source of the initialization, and a subexpression representing a per-element initializer * ArrayInitIndexExpr is a prvalue of type size_t representing the current position in the loop This will be used to replace the creation of explicit index variables in lambda capture of arrays and copy/move construction of classes with array elements, and also C++17 structured bindings of arrays by value (which inexplicably allow copying an array by value, unlike all of C++'s other array declarations). No uses of these nodes are introduced by this change, however. llvm-svn: 289413
* [OpenMP] Sema and parsing for 'teams distribute parallel for' pragmaKelvin Li2016-12-091-0/+1
| | | | | | | | This patch is to implement sema and parsing for 'teams distribute parallel for' pragma. Differential Revision: https://reviews.llvm.org/D27345 llvm-svn: 289179
* [analyzer] Print type for SymbolRegionValues when dumping to streamDominic Chen2016-12-051-1/+2
| | | | | | | | | | Reviewers: NoQ, dcoughlin, zaks.anna Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D27365 llvm-svn: 288696
* DR1213: element access on an array xvalue or prvalue produces an xvalue. In theRichard Smith2016-12-051-9/+1
| | | | | | | | | | | | | | latter case, a temporary array object is materialized, and can be lifetime-extended by binding a reference to the member access. Likewise, in an array-to-pointer decay, an rvalue array is materialized before being converted into a pointer. This caused IR generation to stop treating file-scope array compound literals as having static storage duration in some cases in C++; that has been rectified by modeling such a compound literal as an lvalue. This also improves clang's compatibility with GCC for those cases. llvm-svn: 288654
* [OpenMP] Sema and parsing for 'teams distribute parallel for simd' pragmaKelvin Li2016-11-301-0/+1
| | | | | | | | This patch is to implement sema and parsing for 'teams distribute parallel for simd' pragma. Differential Revision: https://reviews.llvm.org/D27084 llvm-svn: 288294
* [analyzer] Construct temporary objects of correct types, destroy them properly.Artem Dergachev2016-11-301-30/+49
| | | | | | | | | | | | | | | | | | | | | | | When constructing a temporary object region, which represents the result of MaterializeTemporaryExpr, track down the sub-expression for which the temporary is necessary with a trick similar to the approach used in CodeGen, namely by using Expr::skipRValueSubobjectAdjustments(). Then, create the temporary object region with type of that sub-expression. That type would propagate further in a path-sensitive manner. During destruction of lifetime-extened temporaries, consult the type of the temporary object region, rather than the type of the lifetime-extending variable, in order to call the correct destructor (fixes pr17001) and, at least, not to crash by trying to call a destructor of a plain type (fixes pr19539). rdar://problem/29131302 rdar://problem/29131576 Differential Revision: https://reviews.llvm.org/D26839 llvm-svn: 288263
* [analyzer] Fix a crash on accessing a field within a literal-initialized union.Artem Dergachev2016-11-221-1/+2
| | | | | | | | | | | Because in case of unions we currently default-bind compound values in the store, this quick fix avoids the crash for this case. Patch by Ilya Palachev and independently by Alexander Shaposhnikov! Differential Revision: https://reviews.llvm.org/D26442 llvm-svn: 287618
* [analyzer] Refactor recursive symbol reachability check to use symbol_iteratorDominic Chen2016-11-181-24/+9
| | | | | | | | | | Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26773 llvm-svn: 287380
* [analyzer] Remove unused check::RegionChanges::wantsRegionChangeUpdate callbackAnna Zaks2016-11-162-19/+4
| | | | | | | | | | | Remove the check::RegionChanges::wantsRegionChangeUpdate callback as it is no longer used (since checkPointerEscape has been added). A patch by Krzysztof Wiśniewski! Differential Revision: https://reviews.llvm.org/D26759 llvm-svn: 287175
* [analyzer] Rename assumeWithinInclusiveRange*()Dominic Chen2016-11-153-4/+4
| | | | | | | | | | | | Summary: The name is slightly confusing, since the constraint is not necessarily within the range unless `Assumption` is true. Split out renaming for ConstraintManager.h from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26644 llvm-svn: 286927
* [analyzer] Minor optimization: avoid setting state if unchangedDominic Chen2016-11-151-4/+6
| | | | | | | | | | | | Summary: Split out optimization from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26642 llvm-svn: 286925
* Add a method to get the list of registered static analyzer checkers.Alexander Kornienko2016-11-081-0/+19
| | | | | | | | | | | | | | Summary: This provides a better interface for clang-tidy and encapsulates the knowledge about experimental checkers instead of leaving this to the clients. Reviewers: zaks.anna Subscribers: a.sidorin, NoQ, dcoughlin, cfe-commits Differential Revision: https://reviews.llvm.org/D26310 llvm-svn: 286218
* [analyzer] Allow undefined values in performTrivialCopy.Artem Dergachev2016-10-311-1/+1
| | | | | | | | | | | Reading from a garbage pointer should be modeled as garbage, and performTrivialCopy should be able to deal with any SVal input. Patch by Ilya Palachev! Differential Revision: https://reviews.llvm.org/D25727 llvm-svn: 285640
* [analyzer] MacOSXAPIChecker: Disallow dispatch_once_t in ivars and heap.Artem Dergachev2016-10-311-0/+6
| | | | | | | | | | Unlike global/static variables, calloc etc. functions that allocate ObjC objects behave differently in terms of memory barriers, and hacks that make dispatch_once as fast as it possibly could be start failing. Differential Revision: https://reviews.llvm.org/D25909 llvm-svn: 285605
* Re-apply patch r279045.Kelvin Li2016-10-251-0/+1
| | | | llvm-svn: 285066
* [analyzer] Re-apply r283092, attempt no.4, chunk no.4 (last)Artem Dergachev2016-10-074-39/+113
| | | | | | | The problem that caused the msvc crash has been indentified and fixed in the previous commit. This patch contains the rest of r283092. llvm-svn: 283584
* Silence Warning. NFC.Nirav Dave2016-10-071-1/+1
| | | | llvm-svn: 283583
* [analyzer] Re-apply r283092, attempt no.4, a small chunk.Artem Dergachev2016-10-072-8/+27
| | | | | | | Define PathDiagnosticNotePiece. The next commit would be able to address the BugReport class code that is pointed to by the msvc crash message. llvm-svn: 283566
* [analyzer] Don't merge different return nodes in ExplodedGraphDaniel Marjamaki2016-10-072-7/+20
| | | | | | | | Returns when calling an inline function should not be merged in the ExplodedGraph unless they are same. Differential Revision: https://reviews.llvm.org/D25326 llvm-svn: 283554
* Revert "[analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-075-146/+46
| | | | | | Vector of smart pointers wasn't the thing that caused msvc crash. llvm-svn: 283537
* [analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-075-46/+146
| | | | | | | Replace SmallVector<IntrusiveRefCntPtr> with a vector of plain pointers. Would insignificantly increase memory usage. llvm-svn: 283536
* [analyzer] Add explanation why analyzer report is not generated (fix for ↵Anton Yartsev2016-10-061-6/+18
| | | | | | | | | PR12421). Currently if the path diagnostic consumer (e.g HTMLDiagnostics and PlistDiagnostics) do not support cross file diagnostics then the path diagnostic report is silently omitted in the case of cross file diagnostics. The patch adds a little verbosity to Clang in this case. The patch also adds help entry for the "--analyzer-output" driver option. llvm-svn: 283499
* [analyzer] Squash a compile error in r283301.Artem Dergachev2016-10-051-0/+5
| | | | | | The constexpr string literal trick isn't supported in MSVC2013. llvm-svn: 283303
* [analyzer] Improve "Assuming..." diagnostic pieces for logical operators.Artem Dergachev2016-10-051-0/+33
| | | | | | | | | | | | | | | | | | Logical short-circuit operators now act like other branch conditions. If the symbolic value of the left-hand side is not known to be true or false (based on the previous execution path), the "Assuming" event piece is added in order to explain that the analyzer is adding a new assumption. Additionally, when the assumption is made against the right-hand side of the logical operator (i.e. when the operator itself acts as a condition in another CFG terminator), the "Assuming..." piece is written out for the right-hand side of the operator rather than for the whole operator. This allows expression-specific diagnostic message text to be constructed. Differential Revision: https://reviews.llvm.org/D25092 llvm-svn: 283302
* [analyzer] Add "Assuming..." diagnostic pieces for unsupported conditions.Artem Dergachev2016-10-052-16/+42
| | | | | | | | | | | | | | | | | | | | In the analyzer's path-sensitive reports, when a report goes through a branch and the branch condition cannot be decided to be definitely true or false (based on the previous execution path), an event piece is added that tells the user that a new assumption is added upon the symbolic value of the branch condition. For example, "Assuming 'a' is equal to 3". The text of the assumption is hand-crafted in various manners depending on the AST expression. If the AST expression is too complex and the text of the assumption fails to be constructed, the event piece is omitted. This causes loss of information and misunderstanding of the report. Do not omit the event piece even if the expression is too complex; add a piece with a generic text instead. Differential Revision: https://reviews.llvm.org/D23300 llvm-svn: 283301
* [analyzer] Add PostStmt callback for ArraySubscriptExprAnna Zaks2016-10-041-8/+10
| | | | | | | | A patch by Jan Smets! Differential Revision: https://reviews.llvm.org/D25009 llvm-svn: 283253
* Revert "[analyzer] Extend bug reports with extra notes" to fix Windows bot.Vitaly Buka2016-10-045-139/+46
| | | | | | This reverts commit r283092. llvm-svn: 283180
* [analyzer] Extend bug reports with extra notesArtem Dergachev2016-10-035-46/+139
| | | | | | | | | | | | | | | | | | | | These diagnostics are separate from the path-sensitive engine's path notes, and can be added manually on top of path-sensitive or path-insensitive reports. The new note diagnostics would appear as note:-diagnostic on console and as blue bubbles in scan-build. In plist files they currently do not appear, because format needs to be discussed with plist file users. The analyzer option "-analyzer-config notes-as-events=true" would convert notes to normal path notes, and put them at the beginning of the path. This is a temporary hack to show the new notes in plist files. A few checkers would be updated in subsequent commits, including tests for this new feature. Differential Revision: https://reviews.llvm.org/D24278 llvm-svn: 283092
* [analyzer] Fix ExprEngine::VisitMemberExprAlexander Shaposhnikov2016-09-131-1/+1
| | | | | | | | | | | AST may contain intermediate ParenExpr nodes between MemberExpr and ArrayToPointerDecay. This diff adjusts the check in ExprEngine::VisitMemberExpr accordingly. Test plan: make -j8 check-clang-analysis Differential revision: https://reviews.llvm.org/D24484 llvm-svn: 281373
* [analyzer] ExprEngine: remove second call to PreStmt<CastExpr>Aleksei Sidorin2016-09-011-9/+1
| | | | | | | | | This patch also introduces AnalysisOrderChecker which is intended for testing of callback call correctness. Differential Revision: https://reviews.llvm.org/D23804 llvm-svn: 280367
* [analyzer] Add more FileIDs to PlistDiagnostic map to avoid assertionAleksei Sidorin2016-09-011-25/+27
| | | | | | | | | | | | | Some FileIDs that may be used by PlistDiagnostics were not added while building a list of pieces. This caused assertion violation in GetFID() function. This patch adds some missing FileIDs to avoid the assertion. It also contains small refactoring of PlistDiagnostics::FlushDiagnosticsImpl(). Patch by Aleksei Sidorin, Ilya Palachev. Differential Revision: https://reviews.llvm.org/D22090 llvm-svn: 280360
* [analyzer][test commit] ExprEngine.cpp: Remove training whitespace; NFCAleksei Sidorin2016-09-011-2/+2
| | | | llvm-svn: 280352
* [analyzer] Weaken assertion in trackNullOrUndefValue()Devin Coughlin2016-08-191-1/+1
| | | | | | | | | | | | | | | | | We should ignore paren casts when making sure that the semantic expression in a PseudoObjectExpr for an ObjC getter is a message send. This has no other intended functionality change. Adding a test for this exposed an interesting issue in another test case that only manifests under ARC. trackNullOrUndefValue() is not properly suppressing for nil values that are the result of nil propagation from a nil receiver when the nil is returned from a function. I've added a FIXME for that missing suppression. rdar://problem/27290568 llvm-svn: 279181
* Revert "[OpenMP] Sema and parsing for 'teams distribute simd’ pragma"Diana Picus2016-08-181-1/+0
| | | | | | | | | | | | | | | | | This reverts commit r279003 as it breaks some of our buildbots (e.g. clang-cmake-aarch64-quick, clang-x86_64-linux-selfhost-modules). The error is in OpenMP/teams_distribute_simd_ast_print.cpp: clang: /home/buildslave/buildslave/clang-cmake-aarch64-quick/llvm/include/llvm/ADT/DenseMap.h:527: bool llvm::DenseMapBase<DerivedT, KeyT, ValueT, KeyInfoT, BucketT>::LookupBucketFor(const LookupKeyT&, const BucketT*&) const [with LookupKeyT = clang::Stmt*; DerivedT = llvm::DenseMap<clang::Stmt*, long unsigned int>; KeyT = clang::Stmt*; ValueT = long unsigned int; KeyInfoT = llvm::DenseMapInfo<clang::Stmt*>; BucketT = llvm::detail::DenseMapPair<clang::Stmt*, long unsigned int>]: Assertion `!KeyInfoT::isEqual(Val, EmptyKey) && !KeyInfoT::isEqual(Val, TombstoneKey) && "Empty/Tombstone value shouldn't be inserted into map!"' failed. llvm-svn: 279045
* [OpenMP] Sema and parsing for 'teams distribute simd’ pragmaKelvin Li2016-08-171-0/+1
| | | | | | | | | | This patch is to implement sema and parsing for 'teams distribute simd’ pragma. This patch is originated by Carlo Bertolli. Differential Revision: https://reviews.llvm.org/D23528 llvm-svn: 279003
* [analyzer] Add LocationContext information to SymbolMetadata.Artem Dergachev2016-08-172-4/+6
| | | | | | | | | | | | | | | | | | | | | Like SymbolConjured, SymbolMetadata also needs to be uniquely identified by the moment of its birth. Such moments are coded by the (Statement, LocationContext, Block count) triples. Each such triple represents the moment of analyzing a statement with a certain call backtrace, with corresponding CFG block having been entered a given amount of times during analysis of the current code body. The LocationContext information was accidentally omitted for SymbolMetadata, which leads to reincarnation of SymbolMetadata upon re-entering a code body with a different backtrace; the new symbol is incorrectly unified with the old symbol, which leads to unsound assumptions. Patch by Alexey Sidorin! Differential Revision: https://reviews.llvm.org/D21978 llvm-svn: 278937
* [analyzer] Command line option to show enabled checker list.Gabor Horvath2016-08-081-0/+19
| | | | | | | | | | | | This patch adds a command line option to list the checkers that were enabled by analyzer-checker and not disabled by -analyzer-disable-checker. It can be very useful to debug long command lines when it is not immediately apparent which checkers are turned on and which checkers are turned off. Differential Revision: https://reviews.llvm.org/D23060 llvm-svn: 278006
* [analyzer] Model base to derived casts more precisely.Gabor Horvath2016-08-083-4/+25
| | | | | | | | | | | | | | Dynamic casts are handled relatively well by the static analyzer. BaseToDerived casts however are treated conservatively. This can cause some false positives with the NewDeleteLeaks checker. This patch alters the behavior of BaseToDerived casts. In case a dynamic cast would succeed use the same semantics. Otherwise fall back to the conservative approach. Differential Revision: https://reviews.llvm.org/D23014 llvm-svn: 277989
OpenPOWER on IntegriCloud