summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Link libStaticAnalyzerCheckers to libASTMatchers.Artem Dergachev2016-10-131-0/+1
| | | | | | | | | | | | | AST matchers are useful for the analyzer's checkers. More patches on particular checkers shall follow. This is the first time clang binary gets linked to ASTMatchers. The binary size increase for the clang executable would be +0.5% in release mode, +2% in debug mode. Differential Revision: https://reviews.llvm.org/D25429 llvm-svn: 284112
* [analyzer] DeallocChecker: Don't warn about directly-set IBOutlet ivars on macOSDevin Coughlin2016-10-121-0/+31
| | | | | | | | | | | | | | | | On macOS (but not iOS), if an ObjC property has no setter, the nib-loading code for an IBOutlet is documented as directly setting the backing ivar without retaining the value -- even if the property is 'retain'. This resulted in false positives from the DeallocChecker for code that did not release such ivars in -dealloc. To avoid these false positives, treat IBOutlet ivars that back a property without a setter as having an unknown release requirement in macOS. rdar://problem/28507353 llvm-svn: 284084
* [analyzer] Fix build error after r283660 - remove constexpr strings.Artem Dergachev2016-10-081-2/+8
| | | | llvm-svn: 283662
* [analyzer] Re-apply r283094 "Improve CloneChecker diagnostics"Artem Dergachev2016-10-081-50/+56
| | | | | | The parent commit (r283092) was reverted before and now finally landed. llvm-svn: 283661
* [analyzer] Re-apply r283093 "Add extra notes to ObjCDeallocChecker"Artem Dergachev2016-10-081-3/+29
| | | | | | The parent commit (r283092) was reverted before and now finally landed. llvm-svn: 283660
* [analyzer] Re-apply r283092, attempt no.4, chunk no.4 (last)Artem Dergachev2016-10-075-45/+131
| | | | | | | The problem that caused the msvc crash has been indentified and fixed in the previous commit. This patch contains the rest of r283092. llvm-svn: 283584
* Silence Warning. NFC.Nirav Dave2016-10-071-1/+1
| | | | llvm-svn: 283583
* [analyzer] Re-apply r283092, attempt no.4, a small chunk.Artem Dergachev2016-10-072-8/+27
| | | | | | | Define PathDiagnosticNotePiece. The next commit would be able to address the BugReport class code that is pointed to by the msvc crash message. llvm-svn: 283566
* [analyzer] Don't merge different return nodes in ExplodedGraphDaniel Marjamaki2016-10-072-7/+20
| | | | | | | | Returns when calling an inline function should not be merged in the ExplodedGraph unless they are same. Differential Revision: https://reviews.llvm.org/D25326 llvm-svn: 283554
* Revert "[analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-076-164/+52
| | | | | | Vector of smart pointers wasn't the thing that caused msvc crash. llvm-svn: 283537
* [analyzer] Try to re-apply r283092 "Extend bug reports with extra notes"Artem Dergachev2016-10-076-52/+164
| | | | | | | Replace SmallVector<IntrusiveRefCntPtr> with a vector of plain pointers. Would insignificantly increase memory usage. llvm-svn: 283536
* [analyzer] Add explanation why analyzer report is not generated (fix for ↵Anton Yartsev2016-10-061-6/+18
| | | | | | | | | PR12421). Currently if the path diagnostic consumer (e.g HTMLDiagnostics and PlistDiagnostics) do not support cross file diagnostics then the path diagnostic report is silently omitted in the case of cross file diagnostics. The patch adds a little verbosity to Clang in this case. The patch also adds help entry for the "--analyzer-output" driver option. llvm-svn: 283499
* [analyzer] Squash a compile error in r283301.Artem Dergachev2016-10-051-0/+5
| | | | | | The constexpr string literal trick isn't supported in MSVC2013. llvm-svn: 283303
* [analyzer] Improve "Assuming..." diagnostic pieces for logical operators.Artem Dergachev2016-10-051-0/+33
| | | | | | | | | | | | | | | | | | Logical short-circuit operators now act like other branch conditions. If the symbolic value of the left-hand side is not known to be true or false (based on the previous execution path), the "Assuming" event piece is added in order to explain that the analyzer is adding a new assumption. Additionally, when the assumption is made against the right-hand side of the logical operator (i.e. when the operator itself acts as a condition in another CFG terminator), the "Assuming..." piece is written out for the right-hand side of the operator rather than for the whole operator. This allows expression-specific diagnostic message text to be constructed. Differential Revision: https://reviews.llvm.org/D25092 llvm-svn: 283302
* [analyzer] Add "Assuming..." diagnostic pieces for unsupported conditions.Artem Dergachev2016-10-052-16/+42
| | | | | | | | | | | | | | | | | | | | In the analyzer's path-sensitive reports, when a report goes through a branch and the branch condition cannot be decided to be definitely true or false (based on the previous execution path), an event piece is added that tells the user that a new assumption is added upon the symbolic value of the branch condition. For example, "Assuming 'a' is equal to 3". The text of the assumption is hand-crafted in various manners depending on the AST expression. If the AST expression is too complex and the text of the assumption fails to be constructed, the event piece is omitted. This causes loss of information and misunderstanding of the report. Do not omit the event piece even if the expression is too complex; add a piece with a generic text instead. Differential Revision: https://reviews.llvm.org/D23300 llvm-svn: 283301
* [analyzer] Add PostStmt callback for ArraySubscriptExprAnna Zaks2016-10-042-9/+23
| | | | | | | | A patch by Jan Smets! Differential Revision: https://reviews.llvm.org/D25009 llvm-svn: 283253
* Revert "[analyzer] Improve CloneChecker diagnostics" as its depends on ↵Vitaly Buka2016-10-041-56/+50
| | | | | | | | reverted r283092 This reverts commit r283094. llvm-svn: 283182
* Revert "[analyzer] Add extra notes to ObjCDeallocChecker" as its depends on ↵Vitaly Buka2016-10-041-29/+3
| | | | | | | | reverted r283092 This reverts commit r283093. llvm-svn: 283181
* Revert "[analyzer] Extend bug reports with extra notes" to fix Windows bot.Vitaly Buka2016-10-046-157/+52
| | | | | | This reverts commit r283092. llvm-svn: 283180
* [analyzer] Improve CloneChecker diagnosticsArtem Dergachev2016-10-031-50/+56
| | | | | | | | | | | | | | | | | | Highlight code clones referenced by the warning message with the help of the extra notes feature recently introduced in r283092. Change warning text to more clang-ish. Remove suggestions from the copy-paste error checker diagnostics, because currently our suggestions are strictly 50% wrong (we do not know which of the two code clones contains the error), and for that reason we should not sound as if we're actually suggesting this. Hopefully a better solution would bring them back. Make sure the suspicious clone pair structure always mentions the correct variable for the second clone. Differential Revision: https://reviews.llvm.org/D24916 llvm-svn: 283094
* [analyzer] Add extra notes to ObjCDeallocCheckerArtem Dergachev2016-10-031-3/+29
| | | | | | | | | | The report is now highlighting instance variables and properties referenced by the warning message with the help of the extra notes feature recently introduced in r283092. Differential Revision: https://reviews.llvm.org/D24915 llvm-svn: 283093
* [analyzer] Extend bug reports with extra notesArtem Dergachev2016-10-036-52/+157
| | | | | | | | | | | | | | | | | | | | These diagnostics are separate from the path-sensitive engine's path notes, and can be added manually on top of path-sensitive or path-insensitive reports. The new note diagnostics would appear as note:-diagnostic on console and as blue bubbles in scan-build. In plist files they currently do not appear, because format needs to be discussed with plist file users. The analyzer option "-analyzer-config notes-as-events=true" would convert notes to normal path notes, and put them at the beginning of the path. This is a temporary hack to show the new notes in plist files. A few checkers would be updated in subsequent commits, including tests for this new feature. Differential Revision: https://reviews.llvm.org/D24278 llvm-svn: 283092
* [StaticAnalyzer] Fix false positives for vardecls that are technically ↵Daniel Marjamaki2016-09-281-2/+4
| | | | | | | | | | | | | | | unreachable but they are needed. Example: switch (x) { int a; // <- This is unreachable but needed case 1: a = ... Differential Revision: https://reviews.llvm.org/D24905 llvm-svn: 282574
* Adapt to LLVM EnableStatistics() change.Matthias Braun2016-09-271-1/+1
| | | | llvm-svn: 282533
* CC1: Add -save-stats optionMatthias Braun2016-09-261-1/+3
| | | | | | | | | This option behaves in a similar spirit as -save-temps and writes internal llvm statistics in json format to a file. Differential Revision: https://reviews.llvm.org/D24820 llvm-svn: 282426
* [analyzer] Improve CastToStruct checker so it can also detect widening casts ↵Daniel Marjamaki2016-09-261-22/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | of struct data Example: struct AB { int A; int B; }; struct ABC { int A; int B; int C; }; void f() { struct AB Data; struct ABC *P = (struct ABC *)&Data; } Differential Revision: https://reviews.llvm.org/D23508 llvm-svn: 282411
* [analyzer] Fix crash in RetainCountChecker::checkEndFunctionAlexander Shaposhnikov2016-09-232-3/+7
| | | | | | | | | | | | | | | | | The class BodyFarm creates bodies for OSAtomicCompareAndSwap*, objc_atomicCompareAndSwap*, dispatch_sync*, dispatch_once* and for them the flag isBodyAutosynthesized is set to true. This diff 1. makes AnalysisConsumer::HandleCode skip the autosynthesized code 2. replaces assert(LCtx->getParent()) in RetainCountChecker::checkEndFunction by assert(!LCtx->inTopFrame()) (minor cleanup) Test plan: make -j8 check-clang-analysis Differential revision: https://reviews.llvm.org/D24792 llvm-svn: 282293
* [analyzer] Add a checker that detects blocks in critical sectionsAnna Zaks2016-09-202-0/+110
| | | | | | | | | | | | | | | | | | | | | | | | | This checker should find the calls to blocking functions (for example: sleep, getc, fgets,read,recv etc.) inside a critical section. When sleep(x) is called while a mutex is held, other threads cannot lock the same mutex. This might take some time, leading to bad performance or even deadlock. Example: mutex_t m; void f() { sleep(1000); // Error: sleep() while m is locked! [f() is called from foobar() while m is locked] // do some work } void foobar() { lock(m); f(); unlock(m); } A patch by zdtorok (Zoltán Dániel Török)! Differential Revision: https://reviews.llvm.org/D21506 llvm-svn: 282011
* [analyzer] Calculate extent size for memory regions allocated by new expression.Gabor Horvath2016-09-192-12/+57
| | | | | | | | | | | ArrayBoundChecker did not detect out of bounds memory access errors in case an array was allocated by the new expression. This patch resolves this issue. Patch by Daniel Krupp! Differential Revision: https://reviews.llvm.org/D24307 llvm-svn: 281934
* [analyzer] Fix ExprEngine::VisitMemberExprAlexander Shaposhnikov2016-09-131-1/+1
| | | | | | | | | | | AST may contain intermediate ParenExpr nodes between MemberExpr and ArrayToPointerDecay. This diff adjusts the check in ExprEngine::VisitMemberExpr accordingly. Test plan: make -j8 check-clang-analysis Differential revision: https://reviews.llvm.org/D24484 llvm-svn: 281373
* ObjectiveC Generics: Start using ObjCTypeParamType.Manman Ren2016-09-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | For ObjC type parameter, we used to have TypedefType that is canonicalized to id or the bound type. We can't represent "T <protocol>" and thus will lose the type information in the following example: @interface MyMutableDictionary<KeyType, ObjectType> : NSObject - (void)setObject:(ObjectType)obj forKeyedSubscript:(KeyType <NSCopying>)key; @end MyMutableDictionary<NSString *, NSString *> *stringsByString; NSNumber *n1, *n2; stringsByString[n1] = n2; --> no warning on type mismatch of the key. To fix the problem, we introduce a new type ObjCTypeParamType that supports a list of protocol qualifiers. We create ObjCTypeParamType for ObjCTypeParamDecl when we create ObjCTypeParamDecl. We also substitute ObjCTypeParamType instead of TypedefType on an ObjCTypeParamDecl. rdar://24619481 rdar://25060179 Differential Revision: http://reviews.llvm.org/D23080 llvm-svn: 281358
* [analyzer] ExprEngine: remove second call to PreStmt<CastExpr>Aleksei Sidorin2016-09-013-9/+58
| | | | | | | | | This patch also introduces AnalysisOrderChecker which is intended for testing of callback call correctness. Differential Revision: https://reviews.llvm.org/D23804 llvm-svn: 280367
* [analyzer] Add more FileIDs to PlistDiagnostic map to avoid assertionAleksei Sidorin2016-09-011-25/+27
| | | | | | | | | | | | | Some FileIDs that may be used by PlistDiagnostics were not added while building a list of pieces. This caused assertion violation in GetFID() function. This patch adds some missing FileIDs to avoid the assertion. It also contains small refactoring of PlistDiagnostics::FlushDiagnosticsImpl(). Patch by Aleksei Sidorin, Ilya Palachev. Differential Revision: https://reviews.llvm.org/D22090 llvm-svn: 280360
* [analyzer][test commit] ExprEngine.cpp: Remove training whitespace; NFCAleksei Sidorin2016-09-011-2/+2
| | | | llvm-svn: 280352
* [analyzer] Use lazily created buffer in EmptyLocalizationContextCheckerDevin Coughlin2016-08-301-1/+8
| | | | | | | | | | | Fix a crash when relexing the underlying memory buffer to find incorrect arguments to NSLocalizedString(). With precompiled headers, the raw buffer may be NULL. Instead, use the source manager to get the buffer, which will lazily create the buffer for precompiled headers. rdar://problem/27429091 llvm-svn: 280174
* Reapply "[analyzer] Added valist related checkers."Gabor Horvath2016-08-222-0/+374
| | | | | | Differential Revision: https://reviews.llvm.org/D15227 llvm-svn: 279427
* [analyzer] Correctly add assumptions based on array bounds.Gabor Horvath2016-08-221-12/+67
| | | | | | | | Also simplify the constraints generated by the checker. Differential Revision: https://reviews.llvm.org/D23112 llvm-svn: 279425
* [analyzer] Use faster hashing (MD5) in CloneDetector.Artem Dergachev2016-08-201-9/+0
| | | | | | | | | | | | | | | This replaces the old approach of fingerprinting every AST node into a string, which avoided collisions and was simple to implement, but turned out to be extremely ineffective with respect to both performance and memory. The collisions are now dealt with in a separate pass, which no longer causes performance problems because collisions are rare. Patch by Raphael Isemann! Differential Revision: https://reviews.llvm.org/D22515 llvm-svn: 279378
* [analyzer] Weaken assertion in trackNullOrUndefValue()Devin Coughlin2016-08-191-1/+1
| | | | | | | | | | | | | | | | | We should ignore paren casts when making sure that the semantic expression in a PseudoObjectExpr for an ObjC getter is a message send. This has no other intended functionality change. Adding a test for this exposed an interesting issue in another test case that only manifests under ARC. trackNullOrUndefValue() is not properly suppressing for nil values that are the result of nil propagation from a nil receiver when the nil is returned from a function. I've added a FIXME for that missing suppression. rdar://problem/27290568 llvm-svn: 279181
* [analyzer] Teach CloneDetector to find clones that look like copy-paste errors.Artem Dergachev2016-08-181-2/+70
| | | | | | | | | | | | | | | | | | | The original clone checker tries to find copy-pasted code that is exactly identical to the original code, up to minor details. As an example, if the copy-pasted code has all references to variable 'a' replaced with references to variable 'b', it is still considered to be an exact clone. The new check finds copy-pasted code in which exactly one variable seems out of place compared to the original code, which likely indicates a copy-paste error (a variable was forgotten to be renamed in one place). Patch by Raphael Isemann! Differential Revision: https://reviews.llvm.org/D23314 llvm-svn: 279056
* Revert "[OpenMP] Sema and parsing for 'teams distribute simd’ pragma"Diana Picus2016-08-181-1/+0
| | | | | | | | | | | | | | | | | This reverts commit r279003 as it breaks some of our buildbots (e.g. clang-cmake-aarch64-quick, clang-x86_64-linux-selfhost-modules). The error is in OpenMP/teams_distribute_simd_ast_print.cpp: clang: /home/buildslave/buildslave/clang-cmake-aarch64-quick/llvm/include/llvm/ADT/DenseMap.h:527: bool llvm::DenseMapBase<DerivedT, KeyT, ValueT, KeyInfoT, BucketT>::LookupBucketFor(const LookupKeyT&, const BucketT*&) const [with LookupKeyT = clang::Stmt*; DerivedT = llvm::DenseMap<clang::Stmt*, long unsigned int>; KeyT = clang::Stmt*; ValueT = long unsigned int; KeyInfoT = llvm::DenseMapInfo<clang::Stmt*>; BucketT = llvm::detail::DenseMapPair<clang::Stmt*, long unsigned int>]: Assertion `!KeyInfoT::isEqual(Val, EmptyKey) && !KeyInfoT::isEqual(Val, TombstoneKey) && "Empty/Tombstone value shouldn't be inserted into map!"' failed. llvm-svn: 279045
* revert [analyzer] Added valist related checkers.Gabor Horvath2016-08-182-374/+0
| | | | llvm-svn: 279043
* [analyzer] Added valist related checkers.Gabor Horvath2016-08-182-0/+374
| | | | | | Differential Revision: https://reviews.llvm.org/D15227 llvm-svn: 279041
* [analyzer] Small cleanups when checkers retrieving statements from explodedGabor Horvath2016-08-186-50/+9
| | | | | | | | nodes. Differential Revision: https://reviews.llvm.org/D23550 llvm-svn: 279037
* [OpenMP] Sema and parsing for 'teams distribute simd’ pragmaKelvin Li2016-08-171-0/+1
| | | | | | | | | | This patch is to implement sema and parsing for 'teams distribute simd’ pragma. This patch is originated by Carlo Bertolli. Differential Revision: https://reviews.llvm.org/D23528 llvm-svn: 279003
* [analyzer] Add a checker for loss of sign or precision in integral casts.Artem Dergachev2016-08-172-0/+193
| | | | | | | | | | | | | | | This new checker tries to find execution paths on which implicit integral casts cause definite loss of information: a certainly-negative integer is converted to an unsigned integer, or an integer is definitely truncated to fit into a smaller type. Being implicit, such casts are likely to produce unexpected results. Patch by Daniel Marjamäki! Differential Revision: https://reviews.llvm.org/D13126 llvm-svn: 278941
* [analyzer] Add LocationContext information to SymbolMetadata.Artem Dergachev2016-08-173-4/+7
| | | | | | | | | | | | | | | | | | | | | Like SymbolConjured, SymbolMetadata also needs to be uniquely identified by the moment of its birth. Such moments are coded by the (Statement, LocationContext, Block count) triples. Each such triple represents the moment of analyzing a statement with a certain call backtrace, with corresponding CFG block having been entered a given amount of times during analysis of the current code body. The LocationContext information was accidentally omitted for SymbolMetadata, which leads to reincarnation of SymbolMetadata upon re-entering a code body with a different backtrace; the new symbol is incorrectly unified with the old symbol, which leads to unsound assumptions. Patch by Alexey Sidorin! Differential Revision: https://reviews.llvm.org/D21978 llvm-svn: 278937
* StaticAnalyzer: Report found fields order in PaddingCheckerSaleem Abdulrasool2016-08-151-22/+36
| | | | | | | | Report the found fields order in PaddingChecker. Patch by Alexander Shaposhnikov! llvm-svn: 278730
* Revert test commitAlexander Droste2016-08-121-1/+0
| | | | llvm-svn: 278534
* Test commit - first LLVM repo commitAlexander Droste2016-08-121-0/+1
| | | | llvm-svn: 278533
OpenPOWER on IntegriCloud