summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer/Core
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Fix a couple of bugs in HTML report generation.Artem Dergachev2020-02-101-1/+10
| | | | | | | | It should now produce valid HTML again. Differential Revision: https://reviews.llvm.org/D73993 (cherry picked from commit 482e236e569e8324f70778af1eb756923cd490dc)
* [Concepts] Requires ExpressionsSaar Raz2020-01-241-0/+1
| | | | | | | | | | Implement support for C++2a requires-expressions. Re-commit after compilation failure on some platforms due to alignment issues with PointerIntPair. Differential Revision: https://reviews.llvm.org/D50360 (cherry picked from commit a0f50d731639350c7a79f140f026c27a18215531)
* [analyzer] Fix SARIF column locationsJoe Ranieri2020-01-141-21/+59
| | | | Differential revision: https://reviews.llvm.org/D70689
* [Analyzer] Use a reference in a range-based forMark de Wever2019-12-211-1/+1
| | | | | | | | This avoids unneeded copies when using a range-based for loops. This avoids new warnings due to D68912 adds -Wrange-loop-analysis to -Wall. Differential Revision: https://reviews.llvm.org/D70869
* [analysis] Re-discard type sugar when casting values retrieved from the Store.Artem Dergachev2019-12-181-3/+3
| | | | Canonicalization was accidentally omitted in 6d3f43ec.
* [CFG] Add an option to expand CXXDefaultInitExpr into aggregate initializationGabor Horvath2019-12-171-0/+2
| | | | | | | | | | This is useful for clients that are relying on linearized CFGs for evaluating subexpressions and want the default initializer to be evaluated properly. The upcoming lifetime analysis is using this but it might also be useful for the static analyzer at some point. Differential Revision: https://reviews.llvm.org/D71642
* [analysis] Discard type qualifiers when casting values retrieved from the Store.Artem Dergachev2019-12-171-4/+10
| | | | | | | | | This canonicalizes the representation of unknown pointer symbols, which reduces the overall confusion in pointer cast representation. Patch by Vince Bridgers! Differential Revision: https://reviews.llvm.org/D70836
* [analyzer] Do not cache out on some shared implicit AST nodesGabor Horvath2019-12-112-1/+6
| | | | | | | | | | | Some AST nodes which stands for implicit initialization is shared. The analyzer will do the same evaluation on the same nodes resulting in the same state. The analyzer will "cache out", i.e. it thinks that it visited an already existing node in the exploded graph. This is not true in this case and we lose coverage. Since these nodes do not really require any processing from the analyzer we just omit them from the CFG. Differential Revision: https://reviews.llvm.org/D71371
* [analyzer] Escape symbols conjured into specific regions during a ↵Gabor Horvath2019-12-113-39/+99
| | | | | | | | | | conservative EvalCall This patch introduced additional PointerEscape callbacks after conservative calls for output parameters. This should not really affect the current checkers but the upcoming FuchsiaHandleChecker relies on this heavily. Differential Revision: https://reviews.llvm.org/D71224
* Revert "[analyzer] Keep track of escaped locals"Gabor Horvath2019-12-102-25/+3
| | | | | | | | | | | | | | | It was a step in the right direction but it is not clear how can this fit into the checker API at this point. The pre-escape happens in the analyzer core and the checker has no control over it. If the checker is not interestd in a pre-escape it would need to do additional work on each escape to check if the escaped symbol is originated from an "uninteresting" pre-escaped memory region. In order to keep the checker API simple we abandoned this solution for now. We will reland this once we have a better answer for what to do on the checker side. This reverts commit f3a28202ef58551db15818f8f51afd21e0f3e231.
* [analyzer] Keep track of escaped localsGabor Horvath2019-12-102-3/+25
| | | | | | | | We want to escape all symbols that are stored into escaped regions. The problem is, we did not know which local regions were escaped. Until now. This should fix some false positives like the one in the tests. Differential Revision: https://reviews.llvm.org/D71152
* Remove Expr.h include from ASTContext.h, NFCReid Kleckner2019-12-061-3/+4
| | | | | | | ASTContext.h is popular, prune its includes. Expr.h brings in Attr.h, which is also expensive. Move BlockVarCopyInit to Expr.h to accomplish this.
* [analyzer] Fix false positive on introspection of a block's internal layout.Artem Dergachev2019-12-061-1/+2
| | | | | | When implementation of the block runtime is available, we should not warn that block layout fields are uninitialized simply because they're on the stack.
* [OpenMP50] Add parallel master constructcchen2019-12-051-0/+1
| | | | | | | | | | | | Reviewers: ABataev, jdoerfert Reviewed By: ABataev Subscribers: rnk, jholewinski, guansong, arphaman, jfb, cfe-commits, sandoval, dreachem Tags: #clang Differential Revision: https://reviews.llvm.org/D70726
* Revert "[OpenMP50] Add parallel master construct, by Chi Chun Chen."Reid Kleckner2019-12-041-1/+0
| | | | | | This reverts commit 713dab21e27c987b9114547ce7136bac2e775de9. Tests do not pass on Windows.
* [OpenMP50] Add parallel master construct, by Chi Chun Chen.cchen2019-12-041-0/+1
| | | | | | | | | | | | Reviewers: ABataev, jdoerfert Reviewed By: ABataev Subscribers: jholewinski, guansong, arphaman, jfb, cfe-commits, sandoval, dreachem Tags: #clang Differential Revision: https://reviews.llvm.org/D70726
* [analyzer] Fix Objective-C accessor body farms after 2073dd2d.Artem Dergachev2019-11-211-0/+2
| | | | | | | | | | Fix a canonicalization problem for the newly added property accessor stubs that was causing a wrong decl to be used for 'self' in the accessor's body farm. Fix a crash when constructing a body farm for accessors of a property that is declared and @synthesize'd in different (but related) interfaces. Differential Revision: https://reviews.llvm.org/D70158
* [analyzer] NFC: Don't clean up range constraints twice.Artem Dergachev2019-11-212-7/+6
| | | | | | Slightly improves static analysis speed. Differential Revision: https://reviews.llvm.org/D70150
* [NFC] Refactor representation of materialized temporariesTyker2019-11-192-2/+2
| | | | | | | | | | | | | | | Summary: this patch refactor representation of materialized temporaries to prevent an issue raised by rsmith in https://reviews.llvm.org/D63640#inline-612718 Reviewers: rsmith, martong, shafik Reviewed By: rsmith Subscribers: thakis, sammccall, ilya-biryukov, rnkovacs, arphaman, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D69360
* Revert "[NFC] Refactor representation of materialized temporaries"Nico Weber2019-11-172-2/+2
| | | | | | This reverts commit 08ea1ee2db5f9d6460fef1d79d0d1d1a5eb78982. It broke ./ClangdTests/FindExplicitReferencesTest.All on the bots, see comments on https://reviews.llvm.org/D69360
* [NFC] Refactor representation of materialized temporariesTyker2019-11-162-2/+2
| | | | | | | | | | | | | | | Summary: this patch refactor representation of materialized temporaries to prevent an issue raised by rsmith in https://reviews.llvm.org/D63640#inline-612718 Reviewers: rsmith, martong, shafik Reviewed By: rsmith Subscribers: rnkovacs, arphaman, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D69360
* [Analyzer] Use a reference in a range-based forMark de Wever2019-11-121-11/+11
| | | | | | | | | Let the checkers use a reference instead of a copy in a range-based for loop. This avoids new warnings due to D68912 adds -Wrange-loop-analysis to -Wall. Differential Revision: https://reviews.llvm.org/D70047
* [analyzer] Fix skipping the call during inlined defensive check suppression.Artem Dergachev2019-11-081-11/+12
| | | | | | | | | | | | | | | | | | | | | When bugreporter::trackExpressionValue() is invoked on a DeclRefExpr, it tries to do most of its computations over the node in which this DeclRefExpr is computed, rather than on the error node (or whatever node is stuffed into it). One reason why we can't simply use the error node is that the binding to that variable might have already disappeared from the state by the time the bug is found. In case of the inlined defensive checks visitor, the DeclRefExpr node is in fact sometimes too *early*: the call in which the inlined defensive check has happened might have not been entered yet. Change the visitor to be fine with tracking dead symbols (which it is totally capable of - the collapse point for the symbol is still well-defined), and fire it up directly on the error node. Keep using "LVState" to find out which value should we be tracking, so that there weren't any problems with accidentally loading an ill-formed value from a dead variable. Differential Revision: https://reviews.llvm.org/D67932
* Redeclare Objective-C property accessors inside the ObjCImplDecl in which ↵Adrian Prantl2019-11-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | they are synthesized. This patch is motivated by (and factored out from) https://reviews.llvm.org/D66121 which is a debug info bugfix. Starting with DWARF 5 all Objective-C methods are nested inside their containing type, and that patch implements this for synthesized Objective-C properties. 1. SemaObjCProperty populates a list of synthesized accessors that may need to inserted into an ObjCImplDecl. 2. SemaDeclObjC::ActOnEnd inserts forward-declarations for all accessors for which no override was provided into their ObjCImplDecl. This patch does *not* synthesize AST function *bodies*. Moving that code from the static analyzer into Sema may be a good idea though. 3. Places that expect all methods to have bodies have been updated. I did not update the static analyzer's inliner for synthesized properties to point back to the property declaration (see test/Analysis/Inputs/expected-plists/nullability-notes.m.plist), which I believed to be more bug than a feature. Differential Revision: https://reviews.llvm.org/D68108 rdar://problem/53782400
* [OPENMP50]Add support for parallel master taskloop simd directive.Alexey Bataev2019-10-301-0/+1
| | | | Added full support for parallel master taskloop simd directive.
* [analyzer] Fix off-by-one in operator call parameter binding.Artem Dergachev2019-10-231-1/+1
| | | | | | | | | | | | | | Member operator declarations and member operator expressions have different numbering of parameters and arguments respectively: one of them includes "this", the other does not. Account for this inconsistency when figuring out whether the parameter needs to be manually rebound from the Environment to the Store when entering a stack frame of an operator call, as opposed to being constructed with a constructor and as such already having the necessary Store bindings. Differential Revision: https://reviews.llvm.org/D69155
* [analyzer] PR43551: Do not dereferce void* in UndefOrNullArgVisitor.Artem Dergachev2019-10-191-3/+5
| | | | | | | | Patch by Kristóf Umann! Differential Revision: https://reviews.llvm.org/D68591 llvm-svn: 375329
* [analyzer] Fix a crash on tracking Objective-C 'self' as a control dependency.Artem Dergachev2019-10-191-7/+12
| | | | | | | 'self' was previously never tracked, but now it can be tracked because it may be part of a condition. llvm-svn: 375328
* [c++20] Add CXXRewrittenBinaryOperator to represent a comparisonRichard Smith2019-10-191-0/+1
| | | | | | | | operator that is rewritten as a call to multiple other operators. No functionality change yet: nothing creates these expressions. llvm-svn: 375305
* [analyzer] Fix FieldRegion dumps.Artem Dergachev2019-10-181-1/+1
| | | | | | | | | The '->' thing has always been confusing; the actual operation '->' translates to a pointer dereference together with adding a FieldRegion, but FieldRegion on its own doesn't imply an additional pointer dereference. llvm-svn: 375281
* [analyzer] Drop the logic for collapsing the state if it's same as in preds.Artem Dergachev2019-10-181-10/+1
| | | | | | | | | | One of the first attempts to reduce the size of the exploded graph dumps was to skip the state dump as long as the state is the same as in all of the predecessor nodes. With all the new facilities in place (node joining, diff dumps), this feature doesn't do much, and when it does, it's more harmful than useful. Let's remove it. llvm-svn: 375280
* [analyzer] Fix hidden node traversal in exploded graph dumps.Artem Dergachev2019-10-181-11/+5
| | | | | | | | | The joined nodes now actually have the same state. That was intended from the start but the original implementation turned out to be buggy. Differential Revision: https://reviews.llvm.org/D69150 llvm-svn: 375278
* [OPENMP50]Add support for master taskloop simd.Alexey Bataev2019-10-181-0/+1
| | | | | | Added trsing/semantics/codegen for combined construct master taskloop simd. llvm-svn: 375255
* [analyzer] Assign truly stable identifiers to exploded nodes.Artem Dergachev2019-10-173-21/+14
| | | | | | | | | | | ExplodedGraph nodes will now have a numeric identifier stored in them which will keep track of the order in which the nodes were created and it will be fully deterministic both accross runs and across machines. This is extremely useful for debugging as it allows reliably setting conditional breakpoints by node IDs. llvm-svn: 375186
* [Concepts] Concept Specialization ExpressionsSaar Raz2019-10-151-0/+1
| | | | | | | | | | Part of C++20 Concepts implementation effort. Added Concept Specialization Expressions that are created when a concept is refe$ D41217 on Phabricator. (recommit after fixing failing Parser test on windows) llvm-svn: 374903
* Revert 374882 "[Concepts] Concept Specialization Expressions"Nico Weber2019-10-151-1/+0
| | | | | | | | | | This reverts commit ec87b003823d63f3342cf648f55a134c1522e612. The test fails on Windows, see e.g. http://lab.llvm.org:8011/builders/clang-x64-windows-msvc/builds/11533/steps/stage%201%20check/logs/stdio Also revert follow-up r374893. llvm-svn: 374899
* [Concepts] Concept Specialization ExpressionsSaar Raz2019-10-151-0/+1
| | | | | | Part of C++20 Concepts implementation effort. Added Concept Specialization Expressions that are created when a concept is referenced with arguments, and tests thereof. llvm-svn: 374882
* [OPENMP50]Add support for 'parallel master taskloop' construct.Alexey Bataev2019-10-141-0/+1
| | | | | | | | | Added parsing/sema/codegen support for 'parallel master taskloop' constructs. Some of the clauses, like 'grainsize', 'num_tasks', 'final' and 'priority' are not supported in full, only constant expressions can be used currently in these clauses. llvm-svn: 374791
* [OPENMP50]Support for 'master taskloop' directive.Alexey Bataev2019-10-101-0/+1
| | | | | | Added full support for master taskloop directive. llvm-svn: 374437
* Revert "[analyzer] A speculative attempt to avoid gcc-7 crashes..."Artem Dergachev2019-09-261-5/+2
| | | | | | This reverts commit r372940 which was an overreaction to a flaky buildbot. llvm-svn: 373005
* [analyzer] A speculative attempt to avoid gcc-7 crashes caused by r372942.Artem Dergachev2019-09-261-2/+5
| | | | llvm-svn: 372945
* [analyzer] Avoid small vectors of non-default-constructibles.Artem Dergachev2019-09-261-1/+1
| | | | | | Unconfuses certain compilers. llvm-svn: 372942
* [analyzer] PR43102: Fix an assertion and an out-of-bounds error for ↵Kristof Umann2019-09-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | diagnostic location construction Summary: https://bugs.llvm.org/show_bug.cgi?id=43102 In today's edition of "Is this any better now that it isn't crashing?", I'd like to show you a very interesting test case with loop widening. Looking at the included test case, it's immediately obvious that this is not only a false positive, but also a very bad bug report in general. We can see how the analyzer mistakenly invalidated `b`, instead of its pointee, resulting in it reporting a null pointer dereference error. Not only that, the point at which this change of value is noted at is at the loop, rather then at the method call. It turns out that `FindLastStoreVisitor` works correctly, rather the supplied explodedgraph is faulty, because `BlockEdge` really is the `ProgramPoint` where this happens. {F9855739} So it's fair to say that this needs improving on multiple fronts. In any case, at least the crash is gone. Full ExplodedGraph: {F9855743} Reviewers: NoQ, xazax.hun, baloghadamsoftware, Charusso, dcoughlin, rnkovacs, TWeaver Subscribers: JesperAntonsson, uabelho, Ka-Ka, bjope, whisperity, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D66716 llvm-svn: 372269
* [analyzer][NFC] Fix inconsistent references to checkers as "checks"Kristof Umann2019-09-127-20/+22
| | | | | | | | | | | | | | Traditionally, clang-tidy uses the term check, and the analyzer uses checker, but in the very early years, this wasn't the case, and code originating from the early 2010's still incorrectly refer to checkers as checks. This patch attempts to hunt down most of these, aiming to refer to checkers as checkers, but preserve references to callback functions (like checkPreCall) as checks. Differential Revision: https://reviews.llvm.org/D67140 llvm-svn: 371760
* [analyzer] NFC: Move PathDiagnostic classes to libAnalysis.Artem Dergachev2019-09-118-1222/+6
| | | | | | | | | | | | At this point the PathDiagnostic, PathDiagnosticLocation, PathDiagnosticPiece structures no longer rely on anything specific to Static Analyzer, so we can move them out of it for everybody to use. PathDiagnosticConsumers are still to be handed off. Differential Revision: https://reviews.llvm.org/D67419 llvm-svn: 371661
* [analyzer] NFC: Move resetDiagnosticLocationToMainFile() to BugReporter.Artem Dergachev2019-09-112-65/+66
| | | | | | | | | | This method of PathDiagnostic is a part of Static Analyzer's particular path diagnostic construction scheme. As such, it doesn't belong to the PathDiagnostic class, but to the Analyzer. Differential Revision: https://reviews.llvm.org/D67418 llvm-svn: 371660
* [analyzer] NFC: Move getStmt() and createEndOfPath() out of PathDiagnostic.Artem Dergachev2019-09-115-154/+151
| | | | | | | | | | These static functions deal with ExplodedNodes which is something we don't want the PathDiagnostic interface to know anything about, as it's planned to be moved out of libStaticAnalyzerCore. Differential Revision: https://reviews.llvm.org/D67382 llvm-svn: 371659
* [analyzer] NFC: Re-implement stack hints as a side map in BugReport.Artem Dergachev2019-09-112-83/+81
| | | | | | | | | | That's one of the few random entities in the PathDiagnostic interface that are specific to the Static Analyzer. By moving them out we could let everybody use path diagnostics without linking against Static Analyzer. Differential Revision: https://reviews.llvm.org/D67381 llvm-svn: 371658
* [analyzer] NFC: Simplify bug report equivalence classes to not be ilists.Artem Dergachev2019-09-092-12/+11
| | | | | | | | Use a vector of unique pointers instead. Differential Revision: https://reviews.llvm.org/D67024 llvm-svn: 371451
* [analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports.Artem Dergachev2019-09-094-184/+233
| | | | | | | | | | | | | Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 llvm-svn: 371450
OpenPOWER on IntegriCloud