summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* Correct a user-visible static analyzer message typoAlp Toker2013-12-021-2/+2
| | | | llvm-svn: 196062
* Remove a whole lot of unused variablesAlp Toker2013-11-274-5/+1
| | | | | | | There are about 30 removed in this patch, generated by a new FixIt I haven't got round to submitting yet. llvm-svn: 195814
* Remove 'DistinctSpellings' support from Attr.td and change its only user toRichard Smith2013-11-271-9/+9
| | | | | | | | look at the attribute spelling instead. The 'ownership_*' attributes should probably be split into separate *Attr classes, but that's more than I wanted to do here. llvm-svn: 195805
* [analyzer] Fix an infinite recursion in region invalidation by adding block ↵Anna Zaks2013-11-203-7/+20
| | | | | | count to the BlockDataRegion. llvm-svn: 195174
* [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).Anton Yartsev2013-11-171-13/+41
| | | | | | | | | | | | | | New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } llvm-svn: 194953
* [analyzer] Silence warnings coming from allocators used by std::basic_string.Jordan Rose2013-11-151-2/+16
| | | | | | | | | | | | This is similar to r194004: because we can't reason about the data structure invariants of std::basic_string, the analyzer decides it's possible for an allocator to be used to deallocate the string's inline storage. Just ignore this by walking up the stack, skipping past methods in classes with "allocator" in the name, and seeing if we reach std::basic_string that way. PR17866 llvm-svn: 194764
* [analyzer] Include bug column numbers in HTML output (in a comment).Jordan Rose2013-11-151-0/+4
| | | | | | | | | | This has no effect on user-visible output, but can be used by post-processing tools that work with the generated HTML, rather than using CmpRuns.py's interface to work with plists. Patch by György Orbán! llvm-svn: 194763
* [analyzer] Treat MSVC's _wassert as noreturn.Jordan Rose2013-11-141-0/+3
| | | | | | | | This makes sure the analyzer actually honors assert() in an MSVC project. Patch by Anders Montonen! llvm-svn: 194716
* Move classes into anonymous namespaces.Benjamin Kramer2013-11-141-0/+4
| | | | llvm-svn: 194706
* Revert 'Tweak ContainerNonEmptyMap with "int" instead of "bool"'.Jordan Rose2013-11-081-3/+3
| | | | | | | | | I've added the missing ImutProfileInfo [sic] specialization for bool, so this patch on r194235 is no longer needed. This reverts r194244 / 2baea2887dfcf023c8e3560e5d4713c42eed7b6b. llvm-svn: 194265
* StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp: Tweak ↵NAKAMURA Takumi2013-11-081-3/+3
| | | | | | | | | ContainerNonEmptyMap with "int" instead of "bool", to appease building since r194235. In ADT/ImmutableSet, ImutProfileInfo<bool> cannot be matched to ImutProfileInteger. I didn't have idea it'd the right way if PROFILE_INTEGER_INFO(bool) could be added there. llvm-svn: 194244
* [analyzer] Add IdenticalExprChecker, to find copy-pasted code.Jordan Rose2013-11-083-0/+227
| | | | | | | | | | | | | This syntactic checker looks for expressions on both sides of comparison operators that are structurally the same. As a special case, the floating-point idiom "x != x" for "isnan(x)" is left alone. Currently this only checks comparison operators, but in the future we could extend this to include logical operators or chained if-conditionals. Checker by Per Viberg! llvm-svn: 194236
* [analyzer] Track whether an ObjC for-in loop had zero iterations.Jordan Rose2013-11-081-16/+85
| | | | | | | | | | | | | | | | | An Objective-C for-in loop will have zero iterations if the collection is empty. Previously, we could only detect this case if the program asked for the collection's -count /before/ the for-in loop. Now, the analyzer distinguishes for-in loops that had zero iterations from those with at least one, and can use this information to constrain the result of calling -count after the loop. In order to make this actually useful, teach the checker that methods on NSArray, NSDictionary, and the other immutable collection classes don't change the count. <rdar://problem/14992886> llvm-svn: 194235
* [analyzer] Specialize "loop executed 0 times" for for-in and for-range loops.Jordan Rose2013-11-081-2/+13
| | | | | | | | | | The path note that says "Loop body executed 0 times" has been changed to "Loop body skipped when range is empty" for C++11 for-range loops, and to "Loop body skipped when collection is empty" for Objective-C for-in loops. Part of <rdar://problem/14992886> llvm-svn: 194234
* [analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.Anna Zaks2013-11-041-1/+2
| | | | llvm-svn: 194005
* [analyzer] Suppress warnings coming out of std::basic_string.Anna Zaks2013-11-041-0/+12
| | | | | | The analyzer cannot reason about the internal invariances of the data structure (radar://15194597). llvm-svn: 194004
* [analyzer] Don't crash when a path goes through a 'delete' destructor call.Jordan Rose2013-10-311-1/+2
| | | | | | | | | This was just left unimplemnted from r191381; the fix is to report this call location as the location of the 'delete' expr. PR17746 llvm-svn: 193783
* StaticAnalyzer/Checkers/DynamicTypePropagation.cpp: Fix in comments. 80-col ↵NAKAMURA Takumi2013-10-281-2/+2
| | | | | | and an utf8 char. llvm-svn: 193513
* [analyzer] Don't emit an "Assuming x is <OP> y" if it's not a comparison op.Jordan Rose2013-10-261-1/+2
| | | | | | | | | We could certainly be more precise in many of our diagnostics, but before we were printing "Assuming x is && y", which is just ridiculous. <rdar://problem/15167979> llvm-svn: 193455
* [analyzer] Generate a LazyCompoundVal when loading from a union-typed region.Jordan Rose2013-10-231-1/+3
| | | | | | | | | | This ensures that variables accessible through a union are invalidated when the union value is passed to a function. We still don't fully handle union values, but this should at least quiet some false positives. PR16596 llvm-svn: 193265
* Forgot some references to misspelled enums.Benjamin Kramer2013-10-201-4/+4
| | | | llvm-svn: 193047
* Miscellaneous speling fixes.Benjamin Kramer2013-10-201-1/+1
| | | | llvm-svn: 193046
* [analyzer] Don't draw edges to C++11 in-class member initializers.Jordan Rose2013-10-161-2/+38
| | | | | | | | | | | Since these aren't lexically in the constructor, drawing arrows would be a horrible jump across the body of the class. We could still do better here by skipping over unimportant initializers, but this at least keeps everything within the body of the constructor. <rdar://problem/14960554> llvm-svn: 192818
* [analyzer] ArrayRef-ize BugReporter::EmitBasicReport.Jordan Rose2013-10-078-34/+23
| | | | | | No functionality change. llvm-svn: 192114
* [analyzer] RetainCountChecker: add support for CFAutorelease.Jordan Rose2013-10-071-8/+22
| | | | | | <rdar://problems/13710586&13710643> llvm-svn: 192113
* [analyzer] Replace bug category magic strings with shared constants, take 2.Jordan Rose2013-10-047-12/+14
| | | | | | | Re-commit r191910 (reverted in r191936) with layering violation fixed, by moving the bug categories to StaticAnalyzerCore instead of ...Checkers. llvm-svn: 191937
* Temporarily revert r191910 until the layering violation can be fixed.Richard Smith2013-10-033-6/+5
| | | | llvm-svn: 191936
* [analyzer] Replace bug category magic strings with shared constants.Jordan Rose2013-10-033-5/+6
| | | | | | | | | | One small functionality change is to bring the sizeof-pointer checker in line with the other checkers by making its category be "Logic error" instead of just "Logic". There should be no other functionality changes. Patch by Daniel Marjamäki! llvm-svn: 191910
* [analyzer] Add new debug helper clang_analyzer_warnIfReached.Jordan Rose2013-10-031-0/+13
| | | | | | | | | | | | | This will emit a warning if a call to clang_analyzer_warnIfReached is executed, printing REACHABLE. This is a more explicit way to declare expected reachability than using clang_analyzer_eval or triggering a bug (divide-by-zero or null dereference), and unlike the former will work the same in inlined functions and top-level functions. Like the other debug helpers, it is part of the debug.ExprInspection checker. Patch by Jared Grubb! llvm-svn: 191909
* [analyzer] Add missing return after function pointer null check.Jordan Rose2013-10-021-0/+1
| | | | | | | | | | | | | | | | | Also add some tests that there is actually a message and that the bug is actually a hard error. This actually behaved correctly before, because: - addTransition() doesn't actually add a transition if the new state is null; it assumes you want to propagate the predecessor forward and does nothing. - generateSink() is called in order to emit a bug report. - If at least one new node has been generated, the predecessor node is /not/ propagated forward. But now it's spelled out explicitly. Found by Richard Mazorodze, who's working on a patch that may require this. llvm-svn: 191805
* [analyzer] Make inlining decisions based on the callee being variadic.Jordan Rose2013-09-282-4/+17
| | | | | | | | | | | | ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> llvm-svn: 191599
* [analyzer] Allow pre/post-statement checkers for UnaryOperator.Jordan Rose2013-09-271-20/+30
| | | | | | Found by Arthur Yoo. llvm-svn: 191532
* [analyzer] Handle destructors for the argument to C++ 'delete'.Jordan Rose2013-09-254-3/+31
| | | | | | | | | | | | | | | | | Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! llvm-svn: 191381
* StaticAnalyzer/Core/RegionStore.cpp: Prune one last "\param IsConst", as ↵NAKAMURA Takumi2013-09-251-2/+0
| | | | | | fixup to r191342. [-Wdocumentation] llvm-svn: 191360
* [analyzer] This patch removes passing around of const-invalidation vs ↵Anton Yartsev2013-09-246-131/+133
| | | | | | | | | | regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. llvm-svn: 191342
* Fix array_pod_sort predicates after LLVM change.Benjamin Kramer2013-09-221-3/+3
| | | | llvm-svn: 191176
* array_pod_sort loses some type safety, better use the right types.Benjamin Kramer2013-09-221-2/+2
| | | | llvm-svn: 191174
* Rewrite a cold use of std::sort to array_pod_sort.Benjamin Kramer2013-09-221-12/+16
| | | | | | No functionality change. llvm-svn: 191173
* [analyzer] Use getParentIgnoreParenCasts instead of doing it by hand.Jordan Rose2013-09-201-3/+1
| | | | | | | | | | | | Apart from being more compact and already implemented, this also handles the case where the parent is null. (It does also ignore all casts, not just implicit ones, but this is more efficient to test and in the case we care about---a message in a PseudoObjectExpr---there should only be implicit casts anyway. This should fix our internal buildbot. llvm-svn: 191094
* [analyzer] Don't even try to convert floats to booleans for now.Jordan Rose2013-09-181-0/+4
| | | | | | | | | | | We now have symbols with floating-point type to make sure that (double)x == (double)x comes out true, but we still can't do much with these. For now, don't even bother trying to create a floating-point zero value; just give up on conversion to bool. PR14634, C++ edition. llvm-svn: 190953
* Add the intrinsic __builtin_convertvectorHal Finkel2013-09-181-0/+1
| | | | | | | | | | | | | | | | | | LLVM supports applying conversion instructions to vectors of the same number of elements (fptrunc, fptosi, etc.) but there had been no way for a Clang user to cause such instructions to be generated when using builtin vector types. C-style casting on vectors is already defined in terms of bitcasts, and so cannot be used for these conversions as well (without leading to a very confusing set of semantics). As a result, this adds a __builtin_convertvector intrinsic (patterned after the OpenCL __builtin_astype intrinsic). This is intended to aid the creation of vector intrinsic headers that create generic IR instead of target-dependent intrinsics (in other words, this is a generic _mm_cvtepi32_ps). As noted in the documentation, the action of __builtin_convertvector is defined in terms of the action of a C-style cast on each vector element. llvm-svn: 190915
* [analyzer] More reliably detect property accessors.Anna Zaks2013-09-171-0/+6
| | | | | | | | | This has a side effect of preventing a crash, which occurs because we get a property getter declaration, which is overriding but is declared inside @protocol. Will file a bug about this inconsistency internally. Getting a small test case is very challenging. llvm-svn: 190836
* [analyzer] Stop tracking the objects with attribute cleanup in the ↵Anna Zaks2013-09-171-0/+10
| | | | | | | | RetainCountChecker. This suppresses false positive leaks. We stop tracking a value if it is assigned to a variable declared with a cleanup attribute. llvm-svn: 190835
* New message for cases when ownership is taken:Anton Yartsev2013-09-161-10/+23
| | | | | | | | "+method_name: cannot take ownership of memory allocated by 'new'." instead of the old "Memory allocated by 'new' should be deallocated by 'delete', not +method_name" llvm-svn: 190800
* Clean up some Triple usage in clang.Cameron Esfahani2013-09-141-2/+1
| | | | llvm-svn: 190737
* Fix two incorrect comments.Jordan Rose2013-09-131-2/+2
| | | | | | Patch by Jared Grubb! llvm-svn: 190652
* [analyzer] Run post-stmt checks for DeclStmt.Jordan Rose2013-09-131-1/+4
| | | | | | | | | No tests because no in-tree checkers use this, but that shouldn't stop out-of-tree checkers. Found by Aemon Cannon! llvm-svn: 190650
* [analyzer] Handle zeroing constructors for fields of structs with empty bases.Jordan Rose2013-09-111-4/+13
| | | | | | | | | | | | | | | | | | | RegionStore tries to protect against accidentally initializing the same region twice, but it doesn't take subregions into account very well. If the outer region being initialized is a struct with an empty base class, the offset of the first field in the struct will be 0. When we initialize the base class, we may invalidate the contents of the struct by providing a default value of Unknown (or some new symbol). We then go to initialize the member with a zeroing constructor, only to find that the region at that offset in the struct already has a value. The best we can do here is to invalidate that value and continue; neither the old default value nor the new 0 is correct for the entire struct after the member constructor call. The correct solution for this is to track region extents in the store. <rdar://problem/14914316> llvm-svn: 190530
* Get rid of unused isPodLike definition.Eli Friedman2013-09-111-2/+0
| | | | llvm-svn: 190463
* Switched FormatAttr to using an IdentifierArgument instead of a ↵Aaron Ballman2013-09-031-1/+2
| | | | | | StringArgument since that is a more accurate modeling. llvm-svn: 189851
OpenPOWER on IntegriCloud