summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] MallocSizeofChecker false positive: when sizeof is argumentAnna Zaks2012-06-081-5/+0
| | | | | | | | | | | | | | to addition. We should not to warn in case the malloc size argument is an addition containing 'sizeof' operator - it is common to use the pattern to pack values of different sizes into a buffer. Ex: uint8_t *buffer = (uint8_t*)malloc(dataSize + sizeof(length)); llvm-svn: 158219
* [analyzer] Add experimental "issue hash" to the plist diagnostic.Anna Zaks2012-06-081-0/+11
| | | | | | | | | | | | | | CmpRuns.py can be used to compare issues from different analyzer runs. Since it uses the issue line number to unique 2 issues, adding a new line to the beginning of a file makes all issues in the file reported as new. The hash will be an opaque value which could be used (along with the function name) by CmpRuns to identify the same issues. This way, we only fail to identify the same issue from two runs if the function it appears in changes (not perfect, but much better than nothing). llvm-svn: 158180
* [analyzer] Fixit for r158136.Anna Zaks2012-06-071-1/+1
| | | | | | | | | I falsely assumed that the memory spaces are equal when we reach this point, they might not be when memory space of one or more is stack or Unknown. We don't want a region from Heap space alias something with another memory space. llvm-svn: 158165
* [analyzer] Anti-aliasing: different heap allocations do not aliasAnna Zaks2012-06-074-25/+52
| | | | | | | | | | | | Add a concept of symbolic memory region belonging to heap memory space. When comparing symbolic regions allocated on the heap, assume that they do not alias. Use symbolic heap region to suppress a common false positive pattern in the malloc checker, in code that relies on malloc not returning the memory aliased to other malloc allocations, stack. llvm-svn: 158136
* [analyzer] Provide debug descriptions for all memory space regions.Jordan Rose2012-06-061-4/+16
| | | | | | Patch by Guillem Marpons! llvm-svn: 158106
* Revert Decl's iterators back to pointer value_type rather than reference ↵David Blaikie2012-06-067-12/+12
| | | | | | | | | | | | | | value_type In addition, I've made the pointer and reference typedef 'void' rather than T* just so they can't get misused. I would've omitted them entirely but std::distance likes them to be there even if it doesn't use them. This rolls back r155808 and r155869. Review by Doug Gregor incorporating feedback from Chandler Carruth. llvm-svn: 158104
* Remove unused private member variables found by clang's new ↵Benjamin Kramer2012-06-064-40/+20
| | | | | | -Wunused-private-field. llvm-svn: 158086
* Disable path pruning for UndefResultChecker. It turns out we usually want ↵Ted Kremenek2012-06-061-0/+2
| | | | | | | | to see more of the path to discover how a value was used uninitialized. llvm-svn: 158048
* PlistDiagnostics: force the ranges for control-flow edges to be single ↵Ted Kremenek2012-06-051-2/+10
| | | | | | | | locations, forcing adjacent edges to have compatible ranges. This simplifies the layout logic for some clients. llvm-svn: 158028
* [analyzer] Fix a diagnostics bug which lead to a crash on the buildbot.Anna Zaks2012-06-041-0/+5
| | | | | | | This bug was triggered by r157851. It only happens in the case where we don't perform optimal diagnostic pruning. llvm-svn: 157950
* Fix typos found by http://github.com/lyda/misspell-checkBenjamin Kramer2012-06-022-3/+3
| | | | llvm-svn: 157886
* [analyzer] Rely on canBeInlined utility instead of checking CallExprAnna Zaks2012-06-022-2/+3
| | | | | | | | explicitly. This will make it easier to add inlining support to more expressions. llvm-svn: 157870
* [analyzer] Fix a spurious undef value warning.Anna Zaks2012-06-011-1/+9
| | | | | | | | | | | | When we timeout or exceed a max number of blocks within an inlined function, we retry with no inlining starting from a node right before the CallEnter node. We assume the state of that node is the state of the program before we start evaluating the call. However, the node pruning removes this node as unimportant. Teach the node pruning to keep the predecessors of the call enter nodes. llvm-svn: 157860
* [analyzer] Fix lack of coverage after empty inlined function.Anna Zaks2012-06-011-0/+2
| | | | | | | We should not stop exploring the path after we return from an empty function. llvm-svn: 157859
* Disable diagnosic path pruning for ReturnUndefChecker.Ted Kremenek2012-06-011-0/+1
| | | | llvm-svn: 157851
* static analyzer: add inlining support for directly called blocks.Ted Kremenek2012-06-014-55/+153
| | | | llvm-svn: 157833
* [analyzer] Fix BugType memory leak in IdempotentOperationChecker.Tom Care2012-05-311-1/+4
| | | | llvm-svn: 157772
* [analyzer] Cleanup for r157721.Anna Zaks2012-05-311-11/+9
| | | | | | | | | | We should lock the number of elements after the initial parsing is complete. Recursive AST visitors in AnalyzesConsumer and CallGarph can trigger lazy pch deserialization resulting in more calls to HandleTopLevelDecl and appending to the LocalTUDecls list. We should ignore those. llvm-svn: 157762
* Allow some BugReports to opt-out of PathDiagnostic callstack pruning until ↵Ted Kremenek2012-05-315-3/+9
| | | | | | | | | we have significantly improved the pruning heuristics. The current heuristics are pretty good, but they make diagnostics for uninitialized variables warnings particularly useless in some cases. llvm-svn: 157734
* [analyzer]Fix another occurrence of iterator invalidation (LocalTUDecls)Anna Zaks2012-05-301-3/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | Follow up in r155693, r155680. Prevents a hard to reproduce crash with the following stack trace: 3 libsystem_c.dylib 0x00007ff55a835050 _sigtramp + 18446744029881443184 4 clang 0x0000000106218e97 (anonymous namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&) + 519 5 clang 0x0000000105cf3002 clang::ParseAST(clang::Sema&, bool, bool) + 690 6 clang 0x00000001059a41d8 clang::ASTFrontendAction::ExecuteAction() + 312 7 clang 0x00000001059a3df7 clang::FrontendAction::Execute() + 231 8 clang 0x00000001059b0ecc clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 860 9 clang 0x000000010595e451 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 961 10 clang 0x0000000105947f29 cc1_main(char const**, char const**, char const*, void*) + 969 11 clang 0x0000000105958259 main + 473 12 clang 0x0000000105947b34 start + 52 llvm-svn: 157721
* Replace some custom hash combines with the standard stuff from DenseMapInfo.Benjamin Kramer2012-05-271-8/+5
| | | | llvm-svn: 157531
* [analyzer] Don't crash on LValBitCastAnna Zaks2012-05-251-2/+2
| | | | llvm-svn: 157478
* [analyzer] Minor cleanup to checkers' help text.Anna Zaks2012-05-241-4/+4
| | | | llvm-svn: 157402
* [analyzer] Treat cast of array to reference in the same way as array toAnna Zaks2012-05-241-1/+1
| | | | | | | | pointer. Fixes one of the crashes reported in PR12874. llvm-svn: 157401
* [analyzer] Bind UnknownVal to InitListExpr for unsupported typesAnna Zaks2012-05-211-2/+4
| | | | | | (ex: float). llvm-svn: 157211
* Analyzer: Fix PR12905, a crash when encountering a call to a function named "C".Benjamin Kramer2012-05-211-10/+9
| | | | | | While there clean up indentation. llvm-svn: 157204
* [analyzer] For locations, use isGLValue() instead of isLValue().Anna Zaks2012-05-194-15/+15
| | | | llvm-svn: 157088
* [analyzer] Fix a c++11 crash: xvalues can be locations (VisitMemberExpr)Anna Zaks2012-05-181-1/+1
| | | | llvm-svn: 157082
* [analyzer] Malloc checker: remove unnecessary comparisons.Anna Zaks2012-05-181-16/+10
| | | | llvm-svn: 157081
* [analyzer]Malloc: refactor and report use after free by memoryAnna Zaks2012-05-181-10/+57
| | | | | | allocating functions. llvm-svn: 157037
* [analyzer] Introduce clang_analyzer_eval for regression test constraint checks.Jordy Rose2012-05-163-0/+90
| | | | | | | | | | The new debug.ExprInspection checker looks for calls to clang_analyzer_eval, and emits a warning of TRUE, FALSE, or UNKNOWN (or UNDEFINED) based on the constrained value of its (boolean) argument. It does not modify the analysis state though the conditions tested can result in branches (e.g. through the use of short-circuit operators). llvm-svn: 156919
* [analyzer] Fix a regression in ObjCUnusedIVars checker.Anna Zaks2012-05-151-0/+9
| | | | | | | We can no longer rely on children iterator to visit all the AST tree children of an expression (OpaqueValueExpr has no children). llvm-svn: 156870
* [analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.Jordy Rose2012-05-141-0/+18
| | | | | | | | | | We check the address of the last element accessed, but with 0 calculating that address results in element -1. This patch bails out early (and avoids a bunch of other work at that). Fixes PR12807. llvm-svn: 156769
* [analyzer] RetainCountChecker: track ObjC boxed expression objects.Jordy Rose2012-05-122-6/+52
| | | | llvm-svn: 156699
* [analyzer] Do not walk the types for call graph construction.Anna Zaks2012-05-111-0/+1
| | | | llvm-svn: 156661
* The Lexer constructor expects a source location at the start of theArgyrios Kyrtzidis2012-05-111-3/+4
| | | | | | | | file buffer, not at the start of lexing. Fixes assertion hit in format diagnostics. rdar://11418366 llvm-svn: 156647
* Include line that was meant to be in my last commit.Ted Kremenek2012-05-101-1/+2
| | | | llvm-svn: 156582
* Fix insidious RegionStore bug where we (a) didn't handle vector types and ↵Ted Kremenek2012-05-101-10/+68
| | | | | | | | | | | | (b) had a horrible bug in GetLazyBindings where we falsely appended a field suffix when traversing 3 or more layers of lazy bindings. I don't have a reduced test case yet; but I have added the original source to an internal regression test suite. I'll see about coming up with a reduced test case. Fixes <rdar://problem/11405978> (for real). llvm-svn: 156580
* [analyzer] Exit early if constraint solver is given a non-integer symbolAnna Zaks2012-05-101-0/+5
| | | | | | | | | | | to reason about. As part of taint propagation, we now allow creation of non-integer symbolic expressions like a cast from int to float. Addresses PR12511 (radar://11215362). llvm-svn: 156578
* [analyzer] Do not highlight the range of the statement in case of leak.Anna Zaks2012-05-101-8/+24
| | | | | | | | | | We report a leak at a point a leaked variable is no longer accessible. The statement that happens to be at that point is not relevant to the leak diagnostic and, thus, should not be highlighted. radar://11178519 llvm-svn: 156530
* [analyzer] Simplify r156446, as per Ted's review.Anna Zaks2012-05-091-7/+2
| | | | llvm-svn: 156482
* [analyzer] Allow pointers to escape through selector callbacks.Anna Zaks2012-05-091-1/+3
| | | | llvm-svn: 156481
* [analyzer] We currently do not fully support CompoundLiterals inAnna Zaks2012-05-081-1/+10
| | | | | | | | | | | | RegionStore, so be explicit about it and generate UnknownVal(). This is a hack to ensure we never produce undefined values for a value coming from a compound value. (The undefined values can lead to false positives.) radar://10127782 llvm-svn: 156446
* Having RegionStore lower field bindings to raw offsets, just like ↵Ted Kremenek2012-05-081-9/+4
| | | | | | | | | ElementRegions. This is a bit disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values as structs. Fixes <rdar://problem/11405978>. llvm-svn: 156428
* When creating lazy bindings in RegionStore, propagate existing lazy bindings ↵Ted Kremenek2012-05-081-1/+19
| | | | | | | | instead of creating new ones. This is a functionality optimization. llvm-svn: 156427
* Include address of Store in graphviz output of ExplodedGraph.Ted Kremenek2012-05-081-1/+3
| | | | llvm-svn: 156426
* [analyzer] SelfInit: Stop tracking self if it's assigned a value weAnna Zaks2012-05-081-1/+25
| | | | | | | | | | | | | | don't reason about. Self is just like a local variable in init methods, so it can be assigned anything like result of static functions, other methods ... So to suppress false positives that result in such cases, stop tracking the checker-specific state after self is being assigned to (unless the value is't being assigned to is either self or conforms to our rules). This change does not invalidate any existing regression tests. llvm-svn: 156420
* Teach the analyzer about CXXScaleValueInitExpr.Ted Kremenek2012-05-082-10/+7
| | | | llvm-svn: 156369
* [analyzer] BasicConstraintManager: drop NE-constraints once we have a value.Jordy Rose2012-05-081-1/+3
| | | | | | | This could conceivably cut down on state proliferation, although we don't use BasicConstraintManager by default anymore. No functionality change. llvm-svn: 156362
* [analyzer] Rework both constraint managers to handle mixed-type comparisons.Jordy Rose2012-05-086-217/+438
| | | | | | | | | | | | | | | | | | This involves keeping track of three separate types: the symbol type, the adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL", if the type of $x is 'signed char', the adjustment type is 'int' and the comparison type is 'unsigned long long'. Most of the time these three types will be the same, but we should still do the right thing when the comparison value is out of range, and wraparound should be calculated in the adjustment type. This also re-disables an out-of-bounds test; we were extracting the symbol from non-additive SymIntExprs, but then throwing away the integer. Sorry for the large patch; both the basic and range constraint managers needed to be updated together, since they share code in SimpleConstraintManager. llvm-svn: 156361
OpenPOWER on IntegriCloud