summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* DR1213: element access on an array xvalue or prvalue produces an xvalue. In theRichard Smith2016-12-051-9/+1
| | | | | | | | | | | | | | latter case, a temporary array object is materialized, and can be lifetime-extended by binding a reference to the member access. Likewise, in an array-to-pointer decay, an rvalue array is materialized before being converted into a pointer. This caused IR generation to stop treating file-scope array compound literals as having static storage duration in some cases in C++; that has been rectified by modeling such a compound literal as an lvalue. This also improves clang's compatibility with GCC for those cases. llvm-svn: 288654
* [OpenMP] Sema and parsing for 'teams distribute parallel for simd' pragmaKelvin Li2016-11-301-0/+1
| | | | | | | | This patch is to implement sema and parsing for 'teams distribute parallel for simd' pragma. Differential Revision: https://reviews.llvm.org/D27084 llvm-svn: 288294
* [analyzer] Construct temporary objects of correct types, destroy them properly.Artem Dergachev2016-11-301-30/+49
| | | | | | | | | | | | | | | | | | | | | | | When constructing a temporary object region, which represents the result of MaterializeTemporaryExpr, track down the sub-expression for which the temporary is necessary with a trick similar to the approach used in CodeGen, namely by using Expr::skipRValueSubobjectAdjustments(). Then, create the temporary object region with type of that sub-expression. That type would propagate further in a path-sensitive manner. During destruction of lifetime-extened temporaries, consult the type of the temporary object region, rather than the type of the lifetime-extending variable, in order to call the correct destructor (fixes pr17001) and, at least, not to crash by trying to call a destructor of a plain type (fixes pr19539). rdar://problem/29131302 rdar://problem/29131576 Differential Revision: https://reviews.llvm.org/D26839 llvm-svn: 288263
* [analyzer] Minor fixes and improvements to debug.ExprInspectionArtem Dergachev2016-11-301-14/+91
| | | | | | | | | | | | | | | | | | - Fix the bug with transition handling in ExprInspectionChecker's checkDeadSymbols implementation. - Test this bug by adding a new function clang_analyzer_numTimesReached() to catch number of passes through the code, which should be handy for testing against unintended state splits. - Add two more functions should help debugging issues quickly without running the debugger or dumping exploded graphs - clang_analyzer_dump() which dump()s an SVal argument to a warning message, and clang_analyzer_printState(), which dump()s the current program state to stderr. Differential Revision: https://reviews.llvm.org/D26835 llvm-svn: 288257
* [analyzer] Fix a crash on accessing a field within a literal-initialized union.Artem Dergachev2016-11-221-1/+2
| | | | | | | | | | | Because in case of unions we currently default-bind compound values in the store, this quick fix avoids the crash for this case. Patch by Ilya Palachev and independently by Alexander Shaposhnikov! Differential Revision: https://reviews.llvm.org/D26442 llvm-svn: 287618
* [analyzer] Refactor recursive symbol reachability check to use symbol_iteratorDominic Chen2016-11-181-24/+9
| | | | | | | | | | Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26773 llvm-svn: 287380
* Adapt to llvm NamedRegionTimer changesMatthias Braun2016-11-181-1/+1
| | | | | | We have to specify a name and description for the timers and groups now. llvm-svn: 287371
* [analyzer] Remove unused check::RegionChanges::wantsRegionChangeUpdate callbackAnna Zaks2016-11-164-29/+4
| | | | | | | | | | | Remove the check::RegionChanges::wantsRegionChangeUpdate callback as it is no longer used (since checkPointerEscape has been added). A patch by Krzysztof Wiśniewski! Differential Revision: https://reviews.llvm.org/D26759 llvm-svn: 287175
* [analyzer] NumberObjectConversion: Workaround for a linker error with modules.Artem Dergachev2016-11-151-19/+19
| | | | | | | | | | A combination of C++ modules, variadic functions with more than one argument, and const globals in headers (all three being necessary) causes some releases of clang to misplace the matcher objects, which causes the linker to fail. No functional change - the extra allOf() matcher is no-op here. llvm-svn: 287045
* [analyzer] Add check for when block is called with too few arguments.Devin Coughlin2016-11-151-8/+13
| | | | | | | | | The CallAndMessageChecker has an existing check for when a function pointer is called with too few arguments. Extend this logic to handle the block case, as well. While we're at it, do a drive-by grammar correction ("less" --> "fewer") on the diagnostic text. llvm-svn: 287001
* [analyzer] Rename assumeWithinInclusiveRange*()Dominic Chen2016-11-154-8/+8
| | | | | | | | | | | | Summary: The name is slightly confusing, since the constraint is not necessarily within the range unless `Assumption` is true. Split out renaming for ConstraintManager.h from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26644 llvm-svn: 286927
* [analyzer] Minor optimization: avoid setting state if unchangedDominic Chen2016-11-151-4/+6
| | | | | | | | | | | | Summary: Split out optimization from D26061 Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26642 llvm-svn: 286925
* [analyzer] Fix crash in NullabilityChecker calling block with too few argumentsDevin Coughlin2016-11-141-3/+4
| | | | | | | | | Fix a crash when checking parameter nullability on a block invocation with fewer arguments than the block declaration requires. rdar://problem/29237566 llvm-svn: 286901
* [analyzer] Update 'Automated' to 'Automatic' from r286694.Devin Coughlin2016-11-121-1/+1
| | | | | | ARC is 'Automatic Reference Counting' and not 'Automated Reference Counting'. llvm-svn: 286700
* [analyzer] Improve misleading RetainCountChcker diagnostic under ARCDevin Coughlin2016-11-121-4/+9
| | | | | | | | | | | | | | | | | | | | Under automated reference counting the analyzer treats a methods -- even those starting with 'copy' and friends -- as returning an unowned value. This is because ownership of CoreFoundation objects must be transferred to ARC with __bridge_transfer or CFBridgingRelease() before being returned as ARC-managed bridged objects. Unfortunately this could lead to a poor diagnostic inside copy methods under ARC where the analyzer would complain about a leak of a returned CF value inside a method "whose name does not start with 'copy'" -- even though the name did start with 'copy'. This commit improves the diagnostic under ARC to say inside a method "returned from a method managed by Automated Reference Counting". rdar://problem/28849667 llvm-svn: 286694
* [analyzer] Teach RetainCountChecker about VTCompressionSessionEncodeFrame()Devin Coughlin2016-11-111-0/+8
| | | | | | | | | | | | | | | The context argument passed to VideoToolbox's VTCompressionSessionEncodeFrame() function is ultimately passed to a callback supplied when creating the compression session and so may be freed by that callback. To suppress false positives in this case, teach the retain count checker to stop tracking that argument. This isn't suppressed by the usual callback context mechanism because the call to VTCompressionSessionEncodeFrame() doesn't include the callback itself. rdar://problem/27685213 llvm-svn: 286633
* Add a method to get the list of registered static analyzer checkers.Alexander Kornienko2016-11-081-0/+19
| | | | | | | | | | | | | | Summary: This provides a better interface for clang-tidy and encapsulates the knowledge about experimental checkers instead of leaving this to the clients. Reviewers: zaks.anna Subscribers: a.sidorin, NoQ, dcoughlin, cfe-commits Differential Revision: https://reviews.llvm.org/D26310 llvm-svn: 286218
* [analyzer] StdLibraryFunctions: provide platform-specific function summaries.Artem Dergachev2016-11-021-57/+168
| | | | | | | | | | Because standard functions can be defined differently on different platforms, this commit introduces a method for constructing summaries with multiple variants, whichever matches better. It is also useful for supporting overloads. Differential Revision: https://reviews.llvm.org/D25940 llvm-svn: 285852
* Fix Clang-tidy readability-redundant-string-cstr warningsMalcolm Parsons2016-11-021-1/+1
| | | | | | | | | | Reviewers: aaron.ballman, mehdi_amini, dblaikie Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26206 llvm-svn: 285799
* [analyzer] Fix capitalization in ObjCSuperDealloc checker diagnostic.Devin Coughlin2016-11-011-1/+1
| | | | | | | | | Change "use of 'self'..." to "Use of 'self'...". The convention is to start diagnostics with a capital letter. rdar://problem/28322494 llvm-svn: 285759
* [analyzer] Allow undefined values in performTrivialCopy.Artem Dergachev2016-10-311-1/+1
| | | | | | | | | | | Reading from a garbage pointer should be modeled as garbage, and performTrivialCopy should be able to deal with any SVal input. Patch by Ilya Palachev! Differential Revision: https://reviews.llvm.org/D25727 llvm-svn: 285640
* [analyzer] MacOSXAPIChecker: Improve warnings for __block vars in dispatch_once.Artem Dergachev2016-10-311-2/+10
| | | | | | | | | | The checker already warns for __block-storage variables being used as a dispatch_once() predicate, however it refers to them as local which is not quite accurate, so we fix that. Differential Revision: https://reviews.llvm.org/D26159 llvm-svn: 285637
* [analyzer] MacOSXAPIChecker: Disallow dispatch_once_t in ivars and heap.Artem Dergachev2016-10-312-15/+54
| | | | | | | | | | Unlike global/static variables, calloc etc. functions that allocate ObjC objects behave differently in terms of memory barriers, and hacks that make dispatch_once as fast as it possibly could be start failing. Differential Revision: https://reviews.llvm.org/D25909 llvm-svn: 285605
* Add support for __builtin_alloca_with_alignDavid Majnemer2016-10-312-0/+9
| | | | | | | | | | __builtin_alloca always uses __BIGGEST_ALIGNMENT__ for the alignment of the allocation. __builtin_alloca_with_align allows the programmer to specify the alignment of the allocation. This fixes PR30658. llvm-svn: 285544
* [analyzer] NumberObjectConversion: support more types, misc updates.Artem Dergachev2016-10-311-94/+175
| | | | | | | | | | | | | | | Support CFNumberRef and OSNumber objects, which may also be accidentally converted to plain integers or booleans. Enable explicit boolean casts by default in non-pedantic mode. Improve handling for warnings inside macros. Improve error messages. Differential Revision: https://reviews.llvm.org/D25731 llvm-svn: 285533
* [analyzer] Report CFNumberGetValue API misuseAnna Zaks2016-10-261-35/+42
| | | | | | | | | | | | This patch contains 2 improvements to the CFNumber checker: - Checking of CFNumberGetValue misuse. - Treating all CFNumber API misuse errors as non-fatal. (Previously we treated errors that could cause uninitialized memory as syncs and the truncation errors as non-fatal.) This implements a subset of functionality from https://reviews.llvm.org/D17954. Differential Revision: https://reviews.llvm.org/D25876 llvm-svn: 285253
* Fix MSVC unused variable warning.Simon Pilgrim2016-10-251-1/+2
| | | | | | LLVM_ATTRIBUTE_UNUSED doesn't work for non-gcc style compilers. llvm-svn: 285067
* Re-apply patch r279045.Kelvin Li2016-10-251-0/+1
| | | | llvm-svn: 285066
* [analyzer] Use unsigned integers to rely on well-defined overflow semantics.Artem Dergachev2016-10-241-5/+5
| | | | | | Found by the UBSan buildbot. llvm-svn: 285000
* [analyzer] Add StdLibraryFunctions checker.Artem Dergachev2016-10-242-0/+944
| | | | | | | | | | | | | | | This checker does not emit reports, however it influences the analysis by providing complete summaries for, or otherwise improving modeling of, various standard library functions. This should reduce the number of infeasible paths explored during analysis. The custom function summary format used in this checker is superior to body farms by causing less unnecessary state splits, which would result in better analysis performance. Differential Revision: https://reviews.llvm.org/D20811 llvm-svn: 284960
* alpha.core.UnreachableCode - don't warn about unreachable code inside macroDaniel Marjamaki2016-10-181-0/+8
| | | | | | | | In macros, 'do {...} while (0)' is often used. Don't warn about the condition 0 when it is unreachable. Differential Revision: https://reviews.llvm.org/D25606 llvm-svn: 284477
* [analyzer] Add NumberObjectConversion checker.Artem Dergachev2016-10-182-0/+268
| | | | | | | | | | | | | | | | | When dealing with objects that represent numbers, such as Objective-C NSNumber, the language provides little protection from accidentally interpreting the value of a pointer to such object as the value of the number represented by the object. Results of such mis-interpretation may be unexpected. The checker attempts to fill this gap in cases when the code is obviously incorrect. With "Pedantic" option enabled, this checker enforces a coding style to completely prevent errors of this kind (off by default). Differential Revision: https://reviews.llvm.org/D22968 llvm-svn: 284473
* Revert "Revert "[analyzer] Make MallocChecker more robust against custom ↵Devin Coughlin2016-10-161-0/+4
| | | | | | | | | redeclarations"" This reverts commit r284340 to reapply r284335. The bot breakage was due to an unrelated change in the polybench test suite. llvm-svn: 284351
* Revert "[analyzer] Make MallocChecker more robust against custom redeclarations"Devin Coughlin2016-10-161-4/+0
| | | | | | | | | | This reverts commit r284335. It appears to be causing test-suite compile-time and execution-time performance measurements to take longer than expected on several bots. This is surprising, because r284335 is a static-analyzer-only change. llvm-svn: 284340
* [analyzer] Make MallocChecker more robust against custom redeclarationsDevin Coughlin2016-10-161-0/+4
| | | | | | | | | | | | | Add additional checking to MallocChecker to avoid crashing when memory routines have unexpected numbers of arguments. You wouldn't expect to see much of this in normal code (-Wincompatible-library-redeclaration warns on this), but, for example, CMake tests can generate these. This is PR30616. rdar://problem/28631974 llvm-svn: 284335
* Revert "[analyzer] Re-apply r283093 "Add extra notes to ObjCDeallocChecker""Devin Coughlin2016-10-161-35/+3
| | | | | | | | | | | | Revert: r283662: [analyzer] Re-apply r283093 "Add extra notes to ObjCDeallocChecker" r283660: [analyzer] Fix build error after r283660 - remove constexpr strings. It was causing an internal build bot to fail. It looks like in some cases adding an extra note can cause scan-build plist output to drop a diagnostic altogether. llvm-svn: 284317
* [analyzer] Link libStaticAnalyzerCheckers to libASTMatchers.Artem Dergachev2016-10-131-0/+1
| | | | | | | | | | | | | AST matchers are useful for the analyzer's checkers. More patches on particular checkers shall follow. This is the first time clang binary gets linked to ASTMatchers. The binary size increase for the clang executable would be +0.5% in release mode, +2% in debug mode. Differential Revision: https://reviews.llvm.org/D25429 llvm-svn: 284112
* [analyzer] DeallocChecker: Don't warn about directly-set IBOutlet ivars on macOSDevin Coughlin2016-10-121-0/+31
| | | | | | | | | | | | | | | | On macOS (but not iOS), if an ObjC property has no setter, the nib-loading code for an IBOutlet is documented as directly setting the backing ivar without retaining the value -- even if the property is 'retain'. This resulted in false positives from the DeallocChecker for code that did not release such ivars in -dealloc. To avoid these false positives, treat IBOutlet ivars that back a property without a setter as having an unknown release requirement in macOS. rdar://problem/28507353 llvm-svn: 284084
* [analyzer] Fix build error after r283660 - remove constexpr strings.Artem Dergachev2016-10-081-2/+8
| | | | llvm-svn: 283662
* [analyzer] Re-apply r283094 "Improve CloneChecker diagnostics"Artem Dergachev2016-10-081-50/+56
| | | | | | The parent commit (r283092) was reverted before and now finally landed. llvm-svn: 283661
* [analyzer] Re-apply r283093 "Add extra notes to ObjCDeallocChecker"Artem Dergachev2016-10-081-3/+29
| | | | | | The parent commit (r283092) was reverted before and now finally landed. llvm-svn: 283660
* [analyzer] Re-apply r283092, attempt no.4, chunk no.4 (last)Artem Dergachev2016-10-075-45/+131
| | | | | | | The problem that caused the msvc crash has been indentified and fixed in the previous commit. This patch contains the rest of r283092. llvm-svn: 283584
* Silence Warning. NFC.Nirav Dave2016-10-071-1/+1
| | | | llvm-svn: 283583
* [analyzer] Re-apply r283092, attempt no.4, a small chunk.Artem Dergachev2016-10-072-8/+27
| | | | | | | Define PathDiagnosticNotePiece. The next commit would be able to address the BugReport class code that is pointed to by the msvc crash message. llvm-svn: 283566
* [analyzer] Don't merge different return nodes in ExplodedGraphDaniel Marjamaki2016-10-072-7/+20
| | | | | | | | Returns when calling an inline function should not be merged in the ExplodedGraph unless they are same. Differential Revision: https://reviews.llvm.org/D25326 llvm-svn: 283554
* Revert "[analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-076-164/+52
| | | | | | Vector of smart pointers wasn't the thing that caused msvc crash. llvm-svn: 283537
* [analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-076-52/+164
| | | | | | | Replace SmallVector<IntrusiveRefCntPtr> with a vector of plain pointers. Would insignificantly increase memory usage. llvm-svn: 283536
* [analyzer] Add explanation why analyzer report is not generated (fix for ↵Anton Yartsev2016-10-061-6/+18
| | | | | | | | | PR12421). Currently if the path diagnostic consumer (e.g HTMLDiagnostics and PlistDiagnostics) do not support cross file diagnostics then the path diagnostic report is silently omitted in the case of cross file diagnostics. The patch adds a little verbosity to Clang in this case. The patch also adds help entry for the "--analyzer-output" driver option. llvm-svn: 283499
* [analyzer] Squash a compile error in r283301.Artem Dergachev2016-10-051-0/+5
| | | | | | The constexpr string literal trick isn't supported in MSVC2013. llvm-svn: 283303
* [analyzer] Improve "Assuming..." diagnostic pieces for logical operators.Artem Dergachev2016-10-051-0/+33
| | | | | | | | | | | | | | | | | | Logical short-circuit operators now act like other branch conditions. If the symbolic value of the left-hand side is not known to be true or false (based on the previous execution path), the "Assuming" event piece is added in order to explain that the analyzer is adding a new assumption. Additionally, when the assumption is made against the right-hand side of the logical operator (i.e. when the operator itself acts as a condition in another CFG terminator), the "Assuming..." piece is written out for the right-hand side of the operator rather than for the whole operator. This allows expression-specific diagnostic message text to be constructed. Differential Revision: https://reviews.llvm.org/D25092 llvm-svn: 283302
OpenPOWER on IntegriCloud