summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Malloc checker: make a bit safer.Anna Zaks2012-02-151-2/+6
| | | | llvm-svn: 150556
* Split reinterpret_casts of member pointers out from CK_BitCast; thisJohn McCall2012-02-151-0/+1
| | | | | | | | | | | | | | | | | | | | | is general goodness because representations of member pointers are not always equivalent across member pointer types on all ABIs (even though this isn't really standard-endorsed). Take advantage of the new information to teach IR-generation how to do these reinterprets in constant initializers. Make sure this works when intermingled with hierarchy conversions (although this is not part of our motivating use case). Doing this in the constant-evaluator would probably have been better, but that would require a *lot* of extra structure in the representation of constant member pointers: you'd really have to track an arbitrary chain of hierarchy conversions and reinterpretations in order to get this right. Ultimately, this seems less complex. I also wasn't quite sure how to extend the constant evaluator to handle foldings that we don't actually want to treat as extended constant expressions. llvm-svn: 150551
* [analyzer] Malloc Checker: add support for reallocf, which always freesAnna Zaks2012-02-151-22/+44
| | | | | | the passed in pointer on failure. llvm-svn: 150533
* [analyzer] Malloc Checker: add support for valloc + minor codeAnna Zaks2012-02-151-12/+19
| | | | | | hardening. llvm-svn: 150532
* [analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks2012-02-147-64/+131
| | | | | | | | | | | | (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. llvm-svn: 150513
* Remove recusive expression visitation in ↵Ted Kremenek2012-02-141-75/+70
| | | | | | ExprEngine::VisitIncrementDecrementOperator(). llvm-svn: 150511
* Remove recursive visitation in ExprEngine for UO_Not, UO_Minus, UO_LNot.Ted Kremenek2012-02-141-50/+39
| | | | llvm-svn: 150509
* Remove recursive visitation in ExprEngine for UO_Deref, UO_AddrOf, and ↵Ted Kremenek2012-02-141-12/+7
| | | | | | UO_Extension. llvm-svn: 150506
* Remove ExprEngine recursive visitation of unary UO_Imag operation.Ted Kremenek2012-02-141-18/+10
| | | | llvm-svn: 150505
* Further remove some recursive visitiation in ExprEngine that is no longer ↵Ted Kremenek2012-02-141-16/+10
| | | | | | needed because the CFG is fully linearized. llvm-svn: 150504
* [analyzer] Malloc Checker: realloc: add dependency between the symbolsAnna Zaks2012-02-141-9/+6
| | | | | | | | | | | | | in realloc map. If there is no dependency, the reallocated ptr will get garbage collected before we know that realloc failed, which would lead us to missing a memory leak warning. Also added new test cases, which we can handle now. Plus minor cleanups. llvm-svn: 150446
* [analyzer] Malloc Checker: realloc: correct the way we are handing theAnna Zaks2012-02-131-8/+9
| | | | | | case when size is 0. llvm-svn: 150412
* [analyzer] Malloc checker: rework realloc handling:Anna Zaks2012-02-131-34/+80
| | | | | | | | | | | | | | | | | | | 1) Support the case when realloc fails to reduce False Positives. (We essentially need to restore the state of the pointer being reallocated.) 2) Realloc behaves differently under special conditions (from pointer is null, size is 0). When detecting these cases, we should consider under-constrained states (size might or might not be 0). The old version handled this in a very hacky way. The code did not differentiate between definite and possible (no consideration for under-constrained states). Further, after processing each special case, the realloc processing function did not return but chained to the next special case processing. So you could end up in an execution in which you first see the states in which size is 0 and realloc ~ free(), followed by the states corresponding to size is not 0 followed by the evaluation of the regular realloc behavior. llvm-svn: 150402
* [analyzer] Malloc Checker: reduce false negatives rate by assuming thatAnna Zaks2012-02-111-6/+28
| | | | | | | a pointer cannot escape through calls to system functions. Also, stop after reporting the first use-after-free. llvm-svn: 150315
* [analyzer] Malloc Checker: Report a leak when we are returning freedAnna Zaks2012-02-111-0/+6
| | | | | | | | | memory. (As per one test case, the existing checker thought that this could cause a lot of false positives - not sure if that's valid, to be verified.) llvm-svn: 150313
* [analyzer] Malloc checker: Leak bugs should be suppressed by sinks.Anna Zaks2012-02-111-18/+28
| | | | | | | Resolves a common false positive, where we were reporting a leak inside asserts llvm-svn: 150312
* [analyzer] MallocChecker: refactor/improve the symbol escape logic.Anna Zaks2012-02-111-71/+103
| | | | | | We use the same logic here as the RetainRelease checker. llvm-svn: 150311
* [analyzer] New checker for assignment of non-0/1 values to Boolean variables.Ryan Govostes2012-02-113-0/+162
| | | | llvm-svn: 150306
* [analyzer] MallocChecker Cleanup - harden against crashes, fix an errorAnna Zaks2012-02-101-12/+23
| | | | | | (use of return instead of continue), wording. llvm-svn: 150215
* [analyzer] Proactively avoid inlining vararg functions and blocks until we ↵Ted Kremenek2012-02-091-1/+25
| | | | | | properly support them. llvm-svn: 150207
* Remove unused fun.Benjamin Kramer2012-02-091-1/+0
| | | | llvm-svn: 150172
* [analyzer] MallocChecker: address a diagnostic "fixme".Anna Zaks2012-02-091-11/+11
| | | | llvm-svn: 150158
* [analyzer] Add custom path diagnostic to the Malloc Checker.Anna Zaks2012-02-091-1/+77
| | | | | | | Very simple so far - we just highlight every allocation and release site. llvm-svn: 150156
* [analyzer] MallocChecker cleanup, more tests.Anna Zaks2012-02-091-1/+0
| | | | llvm-svn: 150155
* [analyzer] MallocChecker: implement pessimistic version of the checker,Anna Zaks2012-02-081-29/+62
| | | | | | | | | | | | which allows values to escape through unknown calls. Assumes all calls but the malloc family are unknown. Also, catch a use-after-free when a pointer is passed to a function after a call to free (previously, you had to explicitly dereference the pointer value). llvm-svn: 150112
* [analyzer] Split the MallocChecker into two versions - pessimistic andAnna Zaks2012-02-082-4/+22
| | | | | | | | | | | | optimistic. TODO: actually implement the pessimistic version of the checker. Ex: it needs to assume that any function that takes a pointer might free it. The optimistic version relies on annotations to tell us which functions can free the pointer. llvm-svn: 150111
* Remove explicit delete of PathDiagnosticMacroPiece, as it is now reference ↵Ted Kremenek2012-02-081-5/+2
| | | | | | counted. llvm-svn: 150110
* [analyzer] MallocChecker: convert from using evalCall toAnna Zaks2012-02-081-36/+33
| | | | | | | | | post visit of CallExpr. In general, we should avoid using evalCall as it leads to interference with other checkers. llvm-svn: 150086
* Change PathDiagnosticPieces to be reference counted (simplifying their ↵Ted Kremenek2012-02-085-101/+83
| | | | | | management), and introduce 'PathPieces' as a common container for PathDiagnosticPieces. llvm-svn: 150054
* Refactor pieces of PathDiagnostic into its own data structure. No ↵Ted Kremenek2012-02-081-2/+4
| | | | | | functionality change. llvm-svn: 150053
* Revert my patches which removed Diagnostic.h includes by moving some ↵Benjamin Kramer2012-02-0710-10/+0
| | | | | | | | | | | | | | | | | | operator overloads out of line. This seems to negatively affect compile time onsome ObjC tests (which use a lot of partial diagnostics I assume). I have to come up with a way to keep them inline without including Diagnostic.h everywhere. Now adding a new diagnostic requires a full rebuild of e.g. the static analyzer which doesn't even use those diagnostics. This reverts commit 6496bd10dc3a6d5e3266348f08b6e35f8184bc99. This reverts commit 7af19b817ba964ac560b50c1ed6183235f699789. This reverts commit fdd15602a42bbe26185978ef1e17019f6d969aa7. This reverts commit 00bd44d5677783527d7517c1ffe45e4d75a0f56f. This reverts commit ef9b60ffed980864a8db26ad30344be429e58ff5. llvm-svn: 150006
* Print NamedDecls directly to a raw_ostream where possible.Benjamin Kramer2012-02-073-6/+6
| | | | llvm-svn: 149982
* Switch the ObjC*Decl raw_stream overloads to take a reference, for ↵Benjamin Kramer2012-02-071-2/+2
| | | | | | consistency with NamedDecls. llvm-svn: 149981
* Introduce basic ASTs for lambda expressions. This covers:Douglas Gregor2012-02-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | - Capturing variables by-reference and by-copy within a lambda - The representation of lambda captures - The creation of the non-static data members in the lambda class that store the captured variables - The initialization of the non-static data members from the captured variables - Pretty-printing lambda expressions There are a number of FIXMEs, both explicit and implied, including: - Creating a field for a capture of 'this' - Improved diagnostics for initialization failures when capturing variables by copy - Dealing with temporaries created during said initialization - Template instantiation - AST (de-)serialization - Binding and returning the lambda expression; turning it into a proper temporary - Lots and lots of semantic constraints - Parameter pack captures llvm-svn: 149977
* Create PathDiagnosticCallEnter and PathDiagnosticCallExit, to remark calls ↵Ted Kremenek2012-02-074-10/+14
| | | | | | | | in PathDiagnostics from other events. This will have potential uses later. llvm-svn: 149960
* Tweak BugReporter extensive diagnostics to not add edges between function calls.Ted Kremenek2012-02-071-1/+28
| | | | llvm-svn: 149959
* Quote name of function in path diagnostics.Ted Kremenek2012-02-071-1/+1
| | | | llvm-svn: 149958
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-072-12/+77
| | | | | | separately. llvm-svn: 149947
* Add basic BugReporter support for CallEnter/CallExit. WIP.Ted Kremenek2012-02-073-0/+63
| | | | llvm-svn: 149939
* Basic: import SmallString<> into clang namespaceDylan Noblesmith2012-02-0525-49/+49
| | | | | | | (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) llvm-svn: 149799
* Basic: import OwningPtr<> into clang namespaceDylan Noblesmith2012-02-0542-81/+81
| | | | llvm-svn: 149798
* Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer2012-02-0423-2/+23
| | | | | | | | include. Fix all the transitive include users. llvm-svn: 149783
* Remove Diagnostic.h include from Preprocessor.h.Benjamin Kramer2012-02-042-0/+2
| | | | | | | - Move the offending methods out of line and fix transitive includers. - This required changing an enum in the PPCallback API into an unsigned. llvm-svn: 149782
* Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer2012-02-0413-0/+13
| | | | | | | | | of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. llvm-svn: 149781
* [analyzer] Make sure Containers OutOfBounds checker does not crash on ↵Anna Zaks2012-02-041-20/+14
| | | | | | undefined arguments, when CF functions are called with wrong number of arguments. llvm-svn: 149771
* [analyzer] Turn on by default two checkers:Anna Zaks2012-02-041-11/+12
| | | | | | | - osx.coreFoundation.containers.IndexOutOfBounds - osx.cocoa.SelfInit llvm-svn: 149747
* [analyzer] Minor cleanups to the ObjCSelfInitChecker.Anna Zaks2012-02-043-17/+7
| | | | | | (Also renames in other ObjC checkers to create one category of checks.) llvm-svn: 149745
* [analyzer] Fix a false positive in the CFArrayCreate check that surfacesAnna Zaks2012-02-021-1/+10
| | | | | | | | | | the the code like this (due to x and &x being the same value but different size): void* x[] = { ptr1, ptr2, ptr3 }; CFArrayCreate(NULL, (const void **) &x, count, NULL); llvm-svn: 149579
* [analyzer] Fix a crash in CheckerContext::isCLibraryFunction for C++Anna Zaks2012-02-011-1/+7
| | | | | | | | declarations with special names. A patch by Dmitri Gribenko. llvm-svn: 149525
* Fix an assertion failure in isMacOSXVersionLT for IOS targets.Bob Wilson2012-01-311-4/+3
| | | | | | | Check if the triple OS is IOS instead of checking for arm/thumb architectures and check that before calling isMacOSXVersionLT. llvm-svn: 149454
OpenPOWER on IntegriCloud