summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* Reinstate 347294 with a fix for the failures.Bill Wendling2018-11-207-16/+20
| | | | | | | EvaluateAsInt() is sometimes called in a constant context. When that's the case, we need to specify it as so. llvm-svn: 347364
* Revert 347294, it turned many bots on lab.llvm.org:8011/console red.Nico Weber2018-11-201-0/+3
| | | | llvm-svn: 347314
* Use is.constant intrinsic for __builtin_constant_pBill Wendling2018-11-201-3/+0
| | | | | | | | | | | | | | | | Summary: A __builtin_constant_p may end up with a constant after inlining. Use the is.constant intrinsic if it's a variable that's in a context where it may resolve to a constant, e.g., an argument to a function after inlining. Reviewers: rsmith, shafik Subscribers: jfb, kristina, cfe-commits, nickdesaulniers, jyknight Differential Revision: https://reviews.llvm.org/D54355 llvm-svn: 347294
* [analyzer][NFC] Move CheckerOptInfo to CheckerRegistry.cpp, and make it localKristof Umann2018-11-182-31/+55
| | | | | | | | | CheckerOptInfo feels very much out of place in CheckerRegistration.cpp, so I moved it to CheckerRegistry.h. Differential Revision: https://reviews.llvm.org/D54397 llvm-svn: 347157
* [analyzer][UninitializedObjectChecker] Uninit regions are only reported onceKristof Umann2018-11-183-18/+64
| | | | | | | | | | Especially with pointees, a lot of meaningless reports came from uninitialized regions that were already reported. This is fixed by storing all reported fields to the GDM. Differential Revision: https://reviews.llvm.org/D51531 llvm-svn: 347153
* [analyzer] ConversionChecker: handle floating pointKristof Umann2018-11-161-10/+45
| | | | | | | | | | | | | | | | | Extend the alpha.core.Conversion checker to handle implicit converions where a too large integer value is converted to a floating point type. Each floating point type has a range where it can exactly represent all integers; we emit a warning when the integer value is above this range. Although it is possible to exactly represent some integers which are outside of this range (those that are divisible by a large enough power of 2); we still report cast involving those, because their usage may lead to bugs. (For example, if 1<<24 is stored in a float variable x, then x==x+1 holds.) Patch by: Donát Nagy! Differential Revision: https://reviews.llvm.org/D52730 llvm-svn: 347006
* Convert a condition into an assertion per post-review feedback; NFC intended.Aaron Ballman2018-11-121-20/+19
| | | | llvm-svn: 346714
* [analyzer] Drastically simplify the tblgen files used for checkersKristof Umann2018-11-124-4/+4
| | | | | | | | | | | | Interestingly, only about the quarter of the emitter file is used, the DescFile entry hasn't ever been touched [1], and the entire concept of groups is a mystery, so I removed them. [1] http://lists.llvm.org/pipermail/cfe-dev/2018-October/059664.html Differential Revision: https://reviews.llvm.org/D53995 llvm-svn: 346680
* Fix compatibility with z3-4.8.1Jan Kratochvil2018-11-121-1/+1
| | | | | | | | | | | | | | | | | With z3-4.8.1: ../tools/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:49:40: error: 'Z3_get_error_msg_ex' was not declared in this scope ../tools/clang/lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp:49:40: note: suggested alternative: 'Z3_get_error_msg' Formerly used Z3_get_error_msg_ex() as one could find in z3-4.7.1 states: "Retained function name for backwards compatibility within v4.1" And it is implemented only as a forwarding call: return Z3_get_error_msg(c, err); Differential Revision: https://reviews.llvm.org/D54391 llvm-svn: 346635
* Compound literals, enums, et al require const exprBill Wendling2018-11-092-3/+5
| | | | | | | | | | | | | | | | | | Summary: Compound literals, enums, file-scoped arrays, etc. require their initializers and size specifiers to be constant. Wrap the initializer expressions in a ConstantExpr so that we can easily check for this later on. Reviewers: rsmith, shafik Reviewed By: rsmith Subscribers: cfe-commits, jyknight, nickdesaulniers Differential Revision: https://reviews.llvm.org/D53921 llvm-svn: 346455
* Don't use std::next() on an input iterator; NFC.Aaron Ballman2018-11-061-19/+21
| | | | | | Instead, advance the old-fashioned way, as std::next() cannot be used on an input iterator until C++17. llvm-svn: 346266
* [analyzer] Restrict AnalyzerOptions' interface so that non-checker objects ↵Kristof Umann2018-11-0512-140/+106
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | have to be registered One of the reasons why AnalyzerOptions is so chaotic is that options can be retrieved from the command line whenever and wherever. This allowed for some options to be forgotten for a looooooong time. Have you ever heard of "region-store-small-struct-limit"? In order to prevent this in the future, I'm proposing to restrict AnalyzerOptions' interface so that only checker options can be retrieved without special getters. I would like to make every option be accessible only through a getter, but checkers from plugins are a thing, so I'll have to figure something out for that. This also forces developers who'd like to add a new option to register it properly in the .def file. This is done by * making the third checker pointer parameter non-optional, and checked by an assert to be non-null. * I added new, but private non-checkers option initializers, meant only for internal use, * Renamed these methods accordingly (mind the consistent name for once with getBooleanOption!): - getOptionAsString -> getCheckerStringOption, - getOptionAsInteger -> getCheckerIntegerOption * The 3 functions meant for initializing data members (with the not very descriptive getBooleanOption, getOptionAsString and getOptionAsUInt names) were renamed to be overloads of the getAndInitOption function name. * All options were in some way retrieved via getCheckerOption. I removed it, and moved the logic to getStringOption and getCheckerStringOption. This did cause some code duplication, but that's the only way I could do it, now that checker and non-checker options are separated. Note that the non-checker version inserts the new option to the ConfigTable with the default value, but the checker version only attempts to find already existing entries. This is how it always worked, but this is clunky and I might end reworking that too, so we can eventually get a ConfigTable that contains the entire configuration of the analyzer. Differential Revision: https://reviews.llvm.org/D53483 llvm-svn: 346113
* Ensure the correct order of evaluation in part 2. of PlistMacroExpansionKristof Umann2018-11-051-1/+2
| | | | | | | | Windows buildbots break with the previous commit '[analyzer][PlistMacroExpansion] Part 2.: Retrieving the macro name and primitive expansion'. This patch attempts to solve this issue. llvm-svn: 346112
* Reland '[analyzer][PlistMacroExpansion] Part 2.: Retrieving the macro name ↵Kristof Umann2018-11-051-6/+194
| | | | | | and primitive expansion' llvm-svn: 346111
* Revert '[analyzer][PlistMacroExpansion] Part 2.: Retrieving the macro name ↵Kristof Umann2018-11-041-194/+6
| | | | | | and primitive expansion' llvm-svn: 346096
* [analyzer][PlistMacroExpansion] Part 2.: Retrieving the macro name and ↵Kristof Umann2018-11-041-6/+194
| | | | | | | | | | | primitive expansion This patch adds a couple new functions to acquire the macro's name, and also expands it, although it doesn't expand the arguments, as seen from the test files Differential Revision: https://reviews.llvm.org/D52794 llvm-svn: 346095
* Revert r345562: "PR23833, DR2140: an lvalue-to-rvalue conversion on a ↵Richard Smith2018-11-031-6/+1
| | | | | | | | | | | | glvalue of type" This exposes a (known) CodeGen bug: it can't cope with emitting lvalue expressions that denote non-odr-used but usable-in-constant-expression variables. See PR39528 for a testcase. Reverted for now until that issue can be fixed. llvm-svn: 346065
* Attempt to fix 'logical operation on address of string constant'Kristof Umann2018-11-021-2/+4
| | | | | | | Caused a lot of warnings for Windows: http://lab.llvm.org:8011/builders/llvm-clang-lld-x86_64-scei-ps4-windows10pro-fast/builds/21178/steps/build/logs/warnings%20%2867%29 llvm-svn: 346033
* [analyzer] Put llvm.Conventions back in alphaKristof Umann2018-11-021-2/+1
| | | | | | | | | | | | Interestingly, this many year old (when I last looked I remember 2010ish) checker was committed without any tests, so I thought I'd implement them, but I was shocked to see how I barely managed to get it working. The code is severely outdated, I'm not even sure it has ever been used, so I'd propose to move it back into alpha, and possibly even remove it. Differential Revision: https://reviews.llvm.org/D53856 llvm-svn: 345990
* [analyzer] New flag to print all -analyzer-config optionsKristof Umann2018-11-021-0/+72
| | | | | | | | A new -cc1 flag is avaible for the said purpose: -analyzer-config-help Differential Revision: https://reviews.llvm.org/D53296 llvm-svn: 345989
* [analyzer][NFC] Collect all -analyzer-config options in a .def fileKristof Umann2018-11-022-341/+94
| | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. In this patch, I'm moving all analyzer options to a def file, and move 2 enums to global namespace. Differential Revision: https://reviews.llvm.org/D53277 llvm-svn: 345986
* [analyzer][NFC] Fix some incorrect uses of -analyzer-config optionsKristof Umann2018-11-029-73/+30
| | | | | | | | | | | | | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. In this patch, I found some flags that should've been used as checker options, or have absolutely no mention of in AnalyzerOptions, or are nonexistent. - NonLocalizedStringChecker now uses its "AggressiveReport" flag as a checker option - lib/StaticAnalyzer/Frontend/ModelInjector.cpp now accesses the "model-path" option through a getter in AnalyzerOptions - -analyzer-config path-diagnostics-alternate=false is not a thing, I removed it, - lib/StaticAnalyzer/Checkers/AllocationDiagnostics.cpp and lib/StaticAnalyzer/Checkers/AllocationDiagnostics.h are weird, they actually only contain an option getter. I deleted them, and fixed RetainCountChecker to get it's "leak-diagnostics-reference-allocation" option as a checker option, - "region-store-small-struct-limit" has a proper getter now. Differential Revision: https://reviews.llvm.org/D53276 llvm-svn: 345985
* Fix -Wimplicit-fallthrough warning in LLVM_ENABLE_ASSERTIONS=Off buildsFangrui Song2018-11-021-1/+1
| | | | llvm-svn: 345950
* Fix clang -Wimplicit-fallthrough warnings across llvm, NFCReid Kleckner2018-11-016-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch should not introduce any behavior changes. It consists of mostly one of two changes: 1. Replacing fall through comments with the LLVM_FALLTHROUGH macro 2. Inserting 'break' before falling through into a case block consisting of only 'break'. We were already using this warning with GCC, but its warning behaves slightly differently. In this patch, the following differences are relevant: 1. GCC recognizes comments that say "fall through" as annotations, clang doesn't 2. GCC doesn't warn on "case N: foo(); default: break;", clang does 3. GCC doesn't warn when the case contains a switch, but falls through the outer case. I will enable the warning separately in a follow-up patch so that it can be cleanly reverted if necessary. Reviewers: alexfh, rsmith, lattner, rtrieu, EricWF, bollu Differential Revision: https://reviews.llvm.org/D53950 llvm-svn: 345882
* Output "rule" information in SARIF exports.Aaron Ballman2018-11-011-0/+38
| | | | | | SARIF allows you to export descriptions about rules that are present in the SARIF log. Expose the help text table generated into Checkers.inc as the rule's "full description" and export all of the rules present in the analysis output. This information is useful for analysis result viewers like CodeSonar. llvm-svn: 345874
* Update to the 10-10 SARIF spec.Aaron Ballman2018-11-011-8/+7
| | | | | | This removes the Step property (which can be calculated by consumers trivially), and updates the schema and version numbers accordingly. llvm-svn: 345823
* [analyzer] pr39348: MallocChecker: Realize that sized delete isn't custom ↵Artem Dergachev2018-11-011-31/+7
| | | | | | | | | | | | | | | | | | | | | | | | | delete. MallocChecker no longer thinks that operator delete() that accepts the size of the object to delete (available since C++14 or under -fsized-deallocation) is some weird user-defined operator. Instead, it handles it like normal delete. Additionally, it exposes a regression in NewDelete-intersections.mm's testStandardPlacementNewAfterDelete() test, where the diagnostic is delayed from before the call of placement new into the code of placement new in the header. This happens because the check for pass-into-function-after-free for placement arguments is located in checkNewAllocator(), which happens after the allocator is inlined, which is too late. Move this use-after-free check into checkPreCall instead, where it works automagically because the guard that prevents it from working is useless and can be removed as well. This commit causes regressions under -analyzer-config c++-allocator-inlining=false but this option is essentially unsupported because the respective feature has been enabled by default quite a while ago. Differential Revision: https://reviews.llvm.org/D53543 llvm-svn: 345802
* [analyzer] Re-add custom OSIterator rule for RetainCountCheckerGeorge Karpenkov2018-10-311-4/+9
| | | | | | | | Turns out the rule is quite ubiquitous. Revert of https://reviews.llvm.org/D53628 llvm-svn: 345747
* [analyzer] RetainCountChecker: for now, do not trust the summaries of ↵George Karpenkov2018-10-312-14/+7
| | | | | | | | | | | | | | | | inlined code Trusting summaries of inlined code would require a more thorough work, as the current approach was causing too many false positives, as the new example in test. The culprit lies in the fact that we currently escape all variables written into a field (but not passed off to unknown functions!), which can result in inconsistent behavior. rdar://45655344 Differential Revision: https://reviews.llvm.org/D53902 llvm-svn: 345746
* [analyzer] Enable retain count checking for OSObject by defaGeorge Karpenkov2018-10-311-1/+1
| | | | | | | | The FP rate seems to be good enough now. Differential Revision: https://reviews.llvm.org/D53849 llvm-svn: 345745
* [analyzer][PlistMacroExpansion] Part 1.: New expand-macros flagKristof Umann2018-10-313-15/+101
| | | | | | | | | | | | | This is the first part of the implementation of the inclusion of macro expansions into the plist output. It adds a new flag that adds a new "macro_expansions" entry to each report that has PathDiagnosticPieces that were expanded from a macro. While there's an entry for each macro expansion, both the name of the macro and what it expands to is missing, and will be implemented in followup patches. Differential Revision: https://reviews.llvm.org/D52742 llvm-svn: 345724
* Create ConstantExpr classBill Wendling2018-10-315-8/+13
| | | | | | | | | | | | | | | | A ConstantExpr class represents a full expression that's in a context where a constant expression is required. This class reflects the path the evaluator took to reach the expression rather than the syntactic context in which the expression occurs. In the future, the class will be expanded to cache the result of the evaluated expression so that it's not needlessly re-evaluated Reviewed By: rsmith Differential Revision: https://reviews.llvm.org/D53475 llvm-svn: 345692
* NFC: Remove the ObjC1/ObjC2 distinction from clang (and related projects)Erik Pilkington2018-10-301-1/+1
| | | | | | | | | | We haven't supported compiling ObjC1 for a long time (and never will again), so there isn't any reason to keep these separate. This patch replaces LangOpts::ObjC1 and LangOpts::ObjC2 with LangOpts::ObjC. Differential revision: https://reviews.llvm.org/D53547 llvm-svn: 345637
* Silencing a -Wunused-variable warning; NFC.Aaron Ballman2018-10-301-2/+0
| | | | llvm-svn: 345633
* Fixing some build bot failures from r345628; NFC intended.Aaron Ballman2018-10-301-1/+1
| | | | llvm-svn: 345630
* Add the ability to output static analysis results to SARIF.Aaron Ballman2018-10-302-2/+273
| | | | | | This allows users to specify SARIF (https://github.com/oasis-tcs/sarif-spec) as the output from the clang static analyzer so that the results can be read in by other tools, such as extensions to Visual Studio and VSCode, as well as static analyzers like CodeSonar. llvm-svn: 345628
* PR23833, DR2140: an lvalue-to-rvalue conversion on a glvalue of typeRichard Smith2018-10-301-1/+6
| | | | | | | | | nullptr_t does not access memory. We now reuse CK_NullToPointer to represent a conversion from a glvalue of type nullptr_t to a prvalue of nullptr_t where necessary. llvm-svn: 345562
* [analyzer] Allow padding checker to traverse simple class hierarchiesAlexander Shaposhnikov2018-10-301-8/+30
| | | | | | | | | | | | | | | The existing padding checker skips classes that have any base classes. This patch allows the checker to traverse very simple cases: classes that have no fields and have exactly one base class. This is important mostly in the case of array declarations. Patch by Max Bernstein! Test plan: make check-all Differential revision: https://reviews.llvm.org/D53206 llvm-svn: 345558
* [analyzer][NFC] Refactor PlistDiagnostics to use a class instead of passing ↵Kristof Umann2018-10-291-151/+180
| | | | | | | | | | | 9 parameters around This has been a long time coming. Note the usage of AnalyzerOptions: I'll need it for D52742, and added it in rC343620. The main motivation for this was that I'll need to add yet another parameter to every single function, and some functions would reach their 10th parameter with that change. llvm-svn: 345531
* [analyzer] Fix a bug in "collapsed" graph viewerGeorge Karpenkov2018-10-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | Nodes which have only one predecessor and only one successor can not always be hidden, even if all states are the same. An additional condition is needed: the predecessor may have only one successor. This can be seen on this example: ``` A / \ B C \ / D ``` Nodes B and C can not be hidden even if all nodes in the graph have the same state. Differential Revision: https://reviews.llvm.org/D53735 llvm-svn: 345341
* [analyzer] [RetainCountChecker] Do not invalidate references passed to ↵George Karpenkov2018-10-251-1/+5
| | | | | | | | constructors and operators Differential Revision: https://reviews.llvm.org/D53660 llvm-svn: 345340
* [analyzer] Remove custom rule for OSIterator in RetainCountCheckerGeorge Karpenkov2018-10-251-8/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D53628 llvm-svn: 345339
* [analyzer] Correct modelling of OSDynamicCast: eagerly state splitGeorge Karpenkov2018-10-252-22/+53
| | | | | | | | | | | | | | | | | | | | | Previously, OSDynamicCast was modeled as an identity. This is not correct: the output of OSDynamicCast may be zero even if the input was not zero (if the class is not of desired type), and thus the modeling led to false positives. Instead, we are doing eager state split: in one branch, the returned value is identical to the input parameter, and in the other branch, the returned value is zero. This patch required a substantial refactoring of canEval infrastructure, as now it can return different function summaries, and not just true/false. rdar://45497400 Differential Revision: https://reviews.llvm.org/D53624 llvm-svn: 345338
* [analyzer] Move canReasonAbout from Z3ConstraintManager to SMTConstraintManagerMikhail R. Gadelha2018-10-251-43/+2
| | | | | | | | | | | | | | | | | | | Summary: This patch moves the last method in `Z3ConstraintManager` to `SMTConstraintManager`: `canReasonAbout()`. The `canReasonAbout()` method checks if a given `SVal` can be encoded in SMT. I've added a new method to the SMT API to return true if a solver can encode floating-point arithmetics and it was enough to make `canReasonAbout()` solver independent. As an annoying side-effect, `Z3ConstraintManager` is pretty empty now and only (1) creates the Z3 solver object by calling `CreateZ3Solver()` and (2) instantiates `SMTConstraintManager`. Maybe we can get rid of this class altogether in the future: a `CreateSMTConstraintManager()` method that does (1) and (2) and returns the constraint manager object? Reviewers: george.karpenkov, NoQ Reviewed By: george.karpenkov Subscribers: mehdi_amini, xazax.hun, szepet, a.sidorin, dexonsmith, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53694 llvm-svn: 345284
* [analyzer] Fixed bitvector from model always being unsignedMikhail R. Gadelha2018-10-251-3/+5
| | | | | | | | | | | | | | | | | Summary: Getting an `APSInt` from the model always returned an unsigned integer because of the unused parameter. This was not breaking any test case because no code relies on the actual value of the integer returned here, but rather it is only used to check if a symbol has more than one solution in `getSymVal`. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53637 llvm-svn: 345283
* [analyzer] [NFC] Change scanReachableSymbols to use rangesGeorge Karpenkov2018-10-233-21/+7
| | | | | | | | Remove unused overload. Clean up some usages. Differential Revision: https://reviews.llvm.org/D53615 llvm-svn: 345101
* [analyzer] Do not stop tracking CXX methods touching OSObject.George Karpenkov2018-10-232-9/+25
| | | | | | | | Trust generalized annotations for OSObject. Differential Revision: https://reviews.llvm.org/D53550 llvm-svn: 345100
* [analyzer] Trust summaries for OSObject::retain and OSObject::releaseGeorge Karpenkov2018-10-232-26/+27
| | | | | | | | Refactor the way in which summaries are consumed for safeMetaCast Differential Revision: https://reviews.llvm.org/D53549 llvm-svn: 345099
* [analyzer] Rename trackNullOrUndefValue to trackExpressionValueGeorge Karpenkov2018-10-2316-68/+58
| | | | | | | | | | | | trackNullOrUndefValue is a long and confusing name, and it does not actually reflect what the function is doing. Give a function a new name, with a relatively clear semantics. Also remove some dead code. Differential Revision: https://reviews.llvm.org/D52758 llvm-svn: 345064
* [Fixed Point Arithmetic] Fixed Point to Boolean CastLeonard Chan2018-10-231-1/+2
| | | | | | | | | | This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split the casting logic up into smaller patches. This contains the code for casting from fixed point types to boolean types. Differential Revision: https://reviews.llvm.org/D53308 llvm-svn: 345063
OpenPOWER on IntegriCloud