summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
* Fix another misuse of getCustomDiagID()Alp Toker2013-12-231-25/+13
| | | | | | There's no need to escape strings and generate new DiagIDs for each message. llvm-svn: 197915
* [analyzer] Use DataRecursiveASTVisitor for the AnalysisConsumer.Argyrios Kyrtzidis2013-12-201-2/+2
| | | | llvm-svn: 197767
* [analyzer] Always use 'bool' as the SValBuilder condition type in C++.Jordan Rose2013-12-192-2/+2
| | | | | | | | | We have assertions for this, but a few edge cases had snuck through where we were still unconditionally using 'int'. <rdar://problem/15703011> llvm-svn: 197733
* Replacing calls to getAttr with calls to hasAttr for clarity. No functional ↵Aaron Ballman2013-12-198-24/+24
| | | | | | change intended -- this only replaces Boolean uses of getAttr. llvm-svn: 197648
* Eliminate BinaryTypeTraitExprAlp Toker2013-12-132-2/+0
| | | | | | | | | | | | | | | | | There's nothing special about type traits accepting two arguments. This commit eliminates BinaryTypeTraitExpr and switches all related handling over to TypeTraitExpr. Also fixes a CodeGen failure with variadic type traits appearing in a non-constant expression. The BTT/TT prefix and evaluation code is retained as-is for now but will soon be further cleaned up. This is part of the ongoing work to unify type traits. llvm-svn: 197273
* [analyzer] Add checker callbacks for MemberExpr and UnaryExprOrTypeTraitExpr.Jordan Rose2013-12-112-79/+98
| | | | | | Found by Arthur Yoo! llvm-svn: 197059
* Add front-end infrastructure now address space casts are in LLVM IR.David Tweed2013-12-111-0/+1
| | | | | | | | | | With the introduction of explicit address space casts into LLVM, there's a need to provide a new cast kind the front-end can create for C/OpenCL/CUDA and code to produce address space casts from those kinds when appropriate. Patch by Michele Scandale! llvm-svn: 197036
* [analyzer] Misc. tidying in IdenticalExprChecker.Jordan Rose2013-12-101-18/+16
| | | | | | Some things I missed when this first went in. llvm-svn: 196938
* [analyzer] Extend IdenticalExprChecker to check ternary operator results.Jordan Rose2013-12-102-7/+47
| | | | | | | | | | Warn if both result expressions of a ternary operator (? :) are the same. Because only one of them will be executed, this warning will fire even if the expressions have side effects. Patch by Anders Rönnholm and Per Viberg! llvm-svn: 196937
* [CMake] clang/lib: Prune redundant dependencies.NAKAMURA Takumi2013-12-102-4/+0
| | | | llvm-svn: 196864
* [CMake] clang/lib: Satisfy dependencies to add *actually used* libraries on ↵NAKAMURA Takumi2013-12-093-5/+17
| | | | | | | | target_link_libraries() and LLVM_LINK_COMPONENTS. I will prune redundant dependencies later. llvm-svn: 196800
* Revert "[analyzer] Refactor conditional expression evaluating code"Anna Zaks2013-12-062-74/+64
| | | | | | | | | | This reverts commit r189090. The original patch introduced regressions (see the added live-variables.* tests). The patch depends on the correctness of live variable analyses, which are not computed correctly. I've opened PR18159 to track the proper resolution to this problem. The patch was a stepping block to r189746. This is why part of the patch reverts temporary destructor tests that started crashing. The temporary destructors feature is disabled by default. llvm-svn: 196593
* Fix a tranche of comment, test and doc typosAlp Toker2013-12-053-3/+3
| | | | llvm-svn: 196510
* Correct hyphenations in comments and assert messagesAlp Toker2013-12-052-4/+4
| | | | | | | This patch tries to avoid unrelated changes other than fixing a few hyphen-related ambiguities in nearby lines. llvm-svn: 196466
* Correct a user-visible static analyzer message typoAlp Toker2013-12-021-2/+2
| | | | llvm-svn: 196062
* Remove a whole lot of unused variablesAlp Toker2013-11-274-5/+1
| | | | | | | There are about 30 removed in this patch, generated by a new FixIt I haven't got round to submitting yet. llvm-svn: 195814
* Remove 'DistinctSpellings' support from Attr.td and change its only user toRichard Smith2013-11-271-9/+9
| | | | | | | | look at the attribute spelling instead. The 'ownership_*' attributes should probably be split into separate *Attr classes, but that's more than I wanted to do here. llvm-svn: 195805
* [analyzer] Fix an infinite recursion in region invalidation by adding block ↵Anna Zaks2013-11-203-7/+20
| | | | | | count to the BlockDataRegion. llvm-svn: 195174
* [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).Anton Yartsev2013-11-171-13/+41
| | | | | | | | | | | | | | New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } llvm-svn: 194953
* [analyzer] Silence warnings coming from allocators used by std::basic_string.Jordan Rose2013-11-151-2/+16
| | | | | | | | | | | | This is similar to r194004: because we can't reason about the data structure invariants of std::basic_string, the analyzer decides it's possible for an allocator to be used to deallocate the string's inline storage. Just ignore this by walking up the stack, skipping past methods in classes with "allocator" in the name, and seeing if we reach std::basic_string that way. PR17866 llvm-svn: 194764
* [analyzer] Include bug column numbers in HTML output (in a comment).Jordan Rose2013-11-151-0/+4
| | | | | | | | | | This has no effect on user-visible output, but can be used by post-processing tools that work with the generated HTML, rather than using CmpRuns.py's interface to work with plists. Patch by György Orbán! llvm-svn: 194763
* [analyzer] Treat MSVC's _wassert as noreturn.Jordan Rose2013-11-141-0/+3
| | | | | | | | This makes sure the analyzer actually honors assert() in an MSVC project. Patch by Anders Montonen! llvm-svn: 194716
* Move classes into anonymous namespaces.Benjamin Kramer2013-11-141-0/+4
| | | | llvm-svn: 194706
* Revert 'Tweak ContainerNonEmptyMap with "int" instead of "bool"'.Jordan Rose2013-11-081-3/+3
| | | | | | | | | I've added the missing ImutProfileInfo [sic] specialization for bool, so this patch on r194235 is no longer needed. This reverts r194244 / 2baea2887dfcf023c8e3560e5d4713c42eed7b6b. llvm-svn: 194265
* StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp: Tweak ↵NAKAMURA Takumi2013-11-081-3/+3
| | | | | | | | | ContainerNonEmptyMap with "int" instead of "bool", to appease building since r194235. In ADT/ImmutableSet, ImutProfileInfo<bool> cannot be matched to ImutProfileInteger. I didn't have idea it'd the right way if PROFILE_INTEGER_INFO(bool) could be added there. llvm-svn: 194244
* [analyzer] Add IdenticalExprChecker, to find copy-pasted code.Jordan Rose2013-11-083-0/+227
| | | | | | | | | | | | | This syntactic checker looks for expressions on both sides of comparison operators that are structurally the same. As a special case, the floating-point idiom "x != x" for "isnan(x)" is left alone. Currently this only checks comparison operators, but in the future we could extend this to include logical operators or chained if-conditionals. Checker by Per Viberg! llvm-svn: 194236
* [analyzer] Track whether an ObjC for-in loop had zero iterations.Jordan Rose2013-11-081-16/+85
| | | | | | | | | | | | | | | | | An Objective-C for-in loop will have zero iterations if the collection is empty. Previously, we could only detect this case if the program asked for the collection's -count /before/ the for-in loop. Now, the analyzer distinguishes for-in loops that had zero iterations from those with at least one, and can use this information to constrain the result of calling -count after the loop. In order to make this actually useful, teach the checker that methods on NSArray, NSDictionary, and the other immutable collection classes don't change the count. <rdar://problem/14992886> llvm-svn: 194235
* [analyzer] Specialize "loop executed 0 times" for for-in and for-range loops.Jordan Rose2013-11-081-2/+13
| | | | | | | | | | The path note that says "Loop body executed 0 times" has been changed to "Loop body skipped when range is empty" for C++11 for-range loops, and to "Loop body skipped when collection is empty" for Objective-C for-in loops. Part of <rdar://problem/14992886> llvm-svn: 194234
* [analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.Anna Zaks2013-11-041-1/+2
| | | | llvm-svn: 194005
* [analyzer] Suppress warnings coming out of std::basic_string.Anna Zaks2013-11-041-0/+12
| | | | | | The analyzer cannot reason about the internal invariances of the data structure (radar://15194597). llvm-svn: 194004
* [analyzer] Don't crash when a path goes through a 'delete' destructor call.Jordan Rose2013-10-311-1/+2
| | | | | | | | | This was just left unimplemnted from r191381; the fix is to report this call location as the location of the 'delete' expr. PR17746 llvm-svn: 193783
* StaticAnalyzer/Checkers/DynamicTypePropagation.cpp: Fix in comments. 80-col ↵NAKAMURA Takumi2013-10-281-2/+2
| | | | | | and an utf8 char. llvm-svn: 193513
* [analyzer] Don't emit an "Assuming x is <OP> y" if it's not a comparison op.Jordan Rose2013-10-261-1/+2
| | | | | | | | | We could certainly be more precise in many of our diagnostics, but before we were printing "Assuming x is && y", which is just ridiculous. <rdar://problem/15167979> llvm-svn: 193455
* [analyzer] Generate a LazyCompoundVal when loading from a union-typed region.Jordan Rose2013-10-231-1/+3
| | | | | | | | | | This ensures that variables accessible through a union are invalidated when the union value is passed to a function. We still don't fully handle union values, but this should at least quiet some false positives. PR16596 llvm-svn: 193265
* Forgot some references to misspelled enums.Benjamin Kramer2013-10-201-4/+4
| | | | llvm-svn: 193047
* Miscellaneous speling fixes.Benjamin Kramer2013-10-201-1/+1
| | | | llvm-svn: 193046
* [analyzer] Don't draw edges to C++11 in-class member initializers.Jordan Rose2013-10-161-2/+38
| | | | | | | | | | | Since these aren't lexically in the constructor, drawing arrows would be a horrible jump across the body of the class. We could still do better here by skipping over unimportant initializers, but this at least keeps everything within the body of the constructor. <rdar://problem/14960554> llvm-svn: 192818
* [analyzer] ArrayRef-ize BugReporter::EmitBasicReport.Jordan Rose2013-10-078-34/+23
| | | | | | No functionality change. llvm-svn: 192114
* [analyzer] RetainCountChecker: add support for CFAutorelease.Jordan Rose2013-10-071-8/+22
| | | | | | <rdar://problems/13710586&13710643> llvm-svn: 192113
* [analyzer] Replace bug category magic strings with shared constants, take 2.Jordan Rose2013-10-047-12/+14
| | | | | | | Re-commit r191910 (reverted in r191936) with layering violation fixed, by moving the bug categories to StaticAnalyzerCore instead of ...Checkers. llvm-svn: 191937
* Temporarily revert r191910 until the layering violation can be fixed.Richard Smith2013-10-033-6/+5
| | | | llvm-svn: 191936
* [analyzer] Replace bug category magic strings with shared constants.Jordan Rose2013-10-033-5/+6
| | | | | | | | | | One small functionality change is to bring the sizeof-pointer checker in line with the other checkers by making its category be "Logic error" instead of just "Logic". There should be no other functionality changes. Patch by Daniel Marjamäki! llvm-svn: 191910
* [analyzer] Add new debug helper clang_analyzer_warnIfReached.Jordan Rose2013-10-031-0/+13
| | | | | | | | | | | | | This will emit a warning if a call to clang_analyzer_warnIfReached is executed, printing REACHABLE. This is a more explicit way to declare expected reachability than using clang_analyzer_eval or triggering a bug (divide-by-zero or null dereference), and unlike the former will work the same in inlined functions and top-level functions. Like the other debug helpers, it is part of the debug.ExprInspection checker. Patch by Jared Grubb! llvm-svn: 191909
* [analyzer] Add missing return after function pointer null check.Jordan Rose2013-10-021-0/+1
| | | | | | | | | | | | | | | | | Also add some tests that there is actually a message and that the bug is actually a hard error. This actually behaved correctly before, because: - addTransition() doesn't actually add a transition if the new state is null; it assumes you want to propagate the predecessor forward and does nothing. - generateSink() is called in order to emit a bug report. - If at least one new node has been generated, the predecessor node is /not/ propagated forward. But now it's spelled out explicitly. Found by Richard Mazorodze, who's working on a patch that may require this. llvm-svn: 191805
* [analyzer] Make inlining decisions based on the callee being variadic.Jordan Rose2013-09-282-4/+17
| | | | | | | | | | | | ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> llvm-svn: 191599
* [analyzer] Allow pre/post-statement checkers for UnaryOperator.Jordan Rose2013-09-271-20/+30
| | | | | | Found by Arthur Yoo. llvm-svn: 191532
* [analyzer] Handle destructors for the argument to C++ 'delete'.Jordan Rose2013-09-254-3/+31
| | | | | | | | | | | | | | | | | Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! llvm-svn: 191381
* StaticAnalyzer/Core/RegionStore.cpp: Prune one last "\param IsConst", as ↵NAKAMURA Takumi2013-09-251-2/+0
| | | | | | fixup to r191342. [-Wdocumentation] llvm-svn: 191360
* [analyzer] This patch removes passing around of const-invalidation vs ↵Anton Yartsev2013-09-246-131/+133
| | | | | | | | | | regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. llvm-svn: 191342
* Fix array_pod_sort predicates after LLVM change.Benjamin Kramer2013-09-221-3/+3
| | | | llvm-svn: 191176
OpenPOWER on IntegriCloud