summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
* Allow 'Environment::getSVal()' to allow an optional way for checkers to do a ↵Ted Kremenek2011-04-272-2/+17
| | | | | | | | direct lookup to values bound to expressions, without resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression. llvm-svn: 130292
* Implements the strncmp() checker just like the strcmp() checker, but with ↵Lenny Maiorani2011-04-251-2/+32
| | | | | | bounds. Requires LLVM svn r129582. llvm-svn: 130161
* t/clang/expr-traitsJohn Wiegley2011-04-251-0/+1
| | | | | | | | | Patch authored by David Abrahams. These two expression traits (__is_lvalue_expr, __is_rvalue_expr) are used for parsing code that employs certain features of the Embarcadero C++ compiler. llvm-svn: 130122
* Remove unused STL header includes.Jay Foad2011-04-232-3/+0
| | | | llvm-svn: 130068
* Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.Ted Kremenek2011-04-222-1/+4
| | | | llvm-svn: 130003
* Make the VariadicMethodTypeChecker accept block pointers as Objective-C ↵Anders Carlsson2011-04-191-0/+4
| | | | | | pointers. Fixes PR9746. llvm-svn: 129741
* Support for C++11 (non-template) alias declarations.Richard Smith2011-04-152-2/+2
| | | | llvm-svn: 129567
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-157-7/+7
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
* C1X: implement generic selectionsPeter Collingbourne2011-04-153-1/+8
| | | | | | | As an extension, generic selection support has been added for all supported languages. The syntax is the same as for C1X. llvm-svn: 129554
* Add support for C++0x's range-based for loops, as specified by the C++11 ↵Richard Smith2011-04-141-0/+1
| | | | | | draft standard (N3291). llvm-svn: 129541
* Teach VariadicMethodTypeChecker to not crash when processing methods ↵Ted Kremenek2011-04-121-1/+2
| | | | | | declared in protocols. llvm-svn: 129395
* Fix another IdempotentOperationsChecker corner case when determining if an ↵Ted Kremenek2011-04-121-1/+1
| | | | | | | | active block on the worklist impacts the results of the check. llvm-svn: 129394
* ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the ↵Ted Kremenek2011-04-121-19/+42
| | | | | | 0-index of a symbolic region. In many cases that isn't really the base offset. llvm-svn: 129366
* This patch adds modeling of strcmp() to the CString checker. Validates ↵Lenny Maiorani2011-04-121-0/+83
| | | | | | inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. llvm-svn: 129364
* static analyzer: invalidate by-ref arguments passed to constructors in a ↵Ted Kremenek2011-04-121-3/+31
| | | | | | 'new' expression. llvm-svn: 129349
* Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like ↵Ted Kremenek2011-04-121-1/+2
| | | | | | '++' pointer arithmetic. llvm-svn: 129348
* RegionStoreManager::invalidateRegions: treat classes the same as structs.Ted Kremenek2011-04-121-3/+3
| | | | llvm-svn: 129333
* After some discussion with Doug, we decided that it made a lot more senseJohn McCall2011-04-121-2/+0
| | | | | | | | | for __unknown_anytype resolution to destructively modify the AST. So that's what it does now, which significantly simplifies some of the implementation. Normal member calls work pretty cleanly now, and I added support for propagating unknown-ness through &. llvm-svn: 129331
* C++ static analysis: also invalidate fields of objects that are the callees ↵Ted Kremenek2011-04-112-1/+16
| | | | | | in C++ method calls. llvm-svn: 129308
* More __unknown_anytype work.John McCall2011-04-111-0/+1
| | | | llvm-svn: 129269
* Remove CK_DynamicToNull.Anders Carlsson2011-04-111-1/+0
| | | | llvm-svn: 129265
* As a first step towards fixing PR9641, add a CK_DynamicToNull cast kind whichAnders Carlsson2011-04-101-0/+1
| | | | | | | | | | | | | | | | | | represents a dynamic cast where we know that the result is always null. For example: struct A { virtual ~A(); }; struct B final : A { }; struct C { }; bool f(B* b) { return dynamic_cast<C*>(b); } llvm-svn: 129256
* strcat() and strncat() model additions to CStringChecker.Lenny Maiorani2011-04-091-9/+64
| | | | | | Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value. llvm-svn: 129215
* Start overhauling static analyzer support for C++ constructors. The ↵Ted Kremenek2011-04-082-36/+110
| | | | | | | | | inlining support isn't complete, and needs to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly like other function calls, making the analysis of C++ code just a little more useful. llvm-svn: 129166
* Basic, untested implementation for an "unknown any" type requested by LLDB.John McCall2011-04-071-1/+2
| | | | | | | | | | | | The idea is that you can create a VarDecl with an unknown type, or a FunctionDecl with an unknown return type, and it will still be valid to access that object as long as you explicitly cast it at every use. I'm still going back and forth about how I want to test this effectively, but I wanted to go ahead and provide a skeletal implementation for the LLDB folks' benefit and because it also improves some diagnostic goodness for placeholder expressions. llvm-svn: 129065
* When updating the retain summary based on {cf,ns}_consumed attributes,John McCall2011-04-061-1/+1
| | | | | | | be sure to consume the argument index that actually had the attribute rather than always the first. rdar://problem/9234108 llvm-svn: 128998
* Add security syntax checker for strcat() which causes the Static Analyzer to ↵Lenny Maiorani2011-04-051-57/+91
| | | | | | | | generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. Also, brings the security syntax checker more inline with coding standards. llvm-svn: 128916
* Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with ↵Ted Kremenek2011-04-041-51/+4
| | | | | | | | | | | | | | numerous CFG and UninitializedValues analysis changes: 1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt. 2) Update ExprEngine (the static analyzer) to understand (1), so not to regress. 3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method. 4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases. The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer contained control-flow. llvm-svn: 128858
* Refactoring the security checker a little bit so that each CallExpr check ↵Lenny Maiorani2011-04-031-60/+44
| | | | | | doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later. llvm-svn: 128785
* static analyzer: Add a new ProgramPoint PostCondition to represent the post ↵Ted Kremenek2011-04-031-0/+19
| | | | | | | | position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge. Patch by Lei Zhang! llvm-svn: 128784
* Fix RegionStore bug when doing a field load whose parent is also a field ↵Ted Kremenek2011-04-031-11/+17
| | | | | | assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522. llvm-svn: 128783
* Remove a redundant method. We have a const version.Zhongxing Xu2011-04-021-0/+1
| | | | llvm-svn: 128762
* Teach IdempotentOperationsChecker about paths aborted because ExprEngine ↵Ted Kremenek2011-04-023-9/+19
| | | | | | didn't know how to handle a specific Expr type. llvm-svn: 128761
* static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that ↵Ted Kremenek2011-04-023-3/+3
| | | | | | a given CFGBlock was analyzed too many times. llvm-svn: 128760
* Add security syntax checker for strcpy() which causes the Static Analyzer to ↵Lenny Maiorani2011-03-311-0/+54
| | | | | | generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. llvm-svn: 128679
* Adding Static Analyzer checker for mempcpy().Lenny Maiorani2011-03-311-9/+73
| | | | | | Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied. llvm-svn: 128677
* Fix spelling in a comment. (test commit)Lenny Maiorani2011-03-311-1/+1
| | | | llvm-svn: 128670
* Static analyzer: fix bug in handling of dynamic_cast<>. The sink node ↵Ted Kremenek2011-03-311-97/+86
| | | | | | | | wouldn't always be the final node, thus causing the state to continue propagating. Instead, recover some path-sensitivity by conjuring a symbol. llvm-svn: 128612
* Teach static analyzer about the basics of handling new[]. We still don't ↵Ted Kremenek2011-03-311-9/+12
| | | | | | simulate constructors, but at least the analyzer doesn't think the return value is uninitialized. llvm-svn: 128611
* Begin reworking static analyzer support for C++ method calls. The current ↵Ted Kremenek2011-03-305-162/+161
| | | | | | | | | | | logic was divorced from how we process ordinary function calls, had a tremendous about of redundancy, and relied strictly on inlining behavior (which was incomplete) to provide semantics instead of falling back to the conservative analysis we use for C functions. This is a significant step into making C++ analyzer support more useful. llvm-svn: 128557
* [analyzer] Allow all checkers of a group to be enabled.Argyrios Kyrtzidis2011-03-291-2/+3
| | | | llvm-svn: 128512
* [analyzer] For -analyzer-checker-help show all the info about groups, ↵Argyrios Kyrtzidis2011-03-293-8/+110
| | | | | | packages, and which packages/checkers are hidden. llvm-svn: 128511
* [analyzer] Checker Packages can now belong to a group. This requires llvm ↵Argyrios Kyrtzidis2011-03-291-30/+18
| | | | | | commit r128474. llvm-svn: 128475
* Don't add a symbolic region for 'this' if the member function is static.Anders Carlsson2011-03-261-6/+9
| | | | llvm-svn: 128340
* Tweak grammar in checker description.Ted Kremenek2011-03-261-1/+1
| | | | llvm-svn: 128310
* Rework checker "packages" and groups to be more hierarchical.Ted Kremenek2011-03-241-191/+263
| | | | llvm-svn: 128187
* Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.Ted Kremenek2011-03-191-3/+3
| | | | | | | | | This rename serves two purposes: - It reflects the actual functionality of this analysis. - We will have more than one reachability analysis. llvm-svn: 127930
* Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.Ted Kremenek2011-03-171-0/+4
| | | | llvm-svn: 127798
* Teach VariadicMethodTypeChecker that CF references are valid arguments to ↵Ted Kremenek2011-03-171-0/+5
| | | | | | variadic Objective-C methods. llvm-svn: 127797
* Tweak RegionStore's handling of lazy compound values to use the 'Default' ↵Ted Kremenek2011-03-171-16/+30
| | | | | | | | versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without invalidating the entire binding. Fixes PR 9455. llvm-svn: 127796
OpenPOWER on IntegriCloud