summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer][NFC] Collect all -analyzer-config options in a .def fileKristof Umann2018-11-022-341/+94
| | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. In this patch, I'm moving all analyzer options to a def file, and move 2 enums to global namespace. Differential Revision: https://reviews.llvm.org/D53277 llvm-svn: 345986
* [analyzer][NFC] Fix some incorrect uses of -analyzer-config optionsKristof Umann2018-11-029-73/+30
| | | | | | | | | | | | | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. In this patch, I found some flags that should've been used as checker options, or have absolutely no mention of in AnalyzerOptions, or are nonexistent. - NonLocalizedStringChecker now uses its "AggressiveReport" flag as a checker option - lib/StaticAnalyzer/Frontend/ModelInjector.cpp now accesses the "model-path" option through a getter in AnalyzerOptions - -analyzer-config path-diagnostics-alternate=false is not a thing, I removed it, - lib/StaticAnalyzer/Checkers/AllocationDiagnostics.cpp and lib/StaticAnalyzer/Checkers/AllocationDiagnostics.h are weird, they actually only contain an option getter. I deleted them, and fixed RetainCountChecker to get it's "leak-diagnostics-reference-allocation" option as a checker option, - "region-store-small-struct-limit" has a proper getter now. Differential Revision: https://reviews.llvm.org/D53276 llvm-svn: 345985
* Fix -Wimplicit-fallthrough warning in LLVM_ENABLE_ASSERTIONS=Off buildsFangrui Song2018-11-021-1/+1
| | | | llvm-svn: 345950
* Fix clang -Wimplicit-fallthrough warnings across llvm, NFCReid Kleckner2018-11-016-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch should not introduce any behavior changes. It consists of mostly one of two changes: 1. Replacing fall through comments with the LLVM_FALLTHROUGH macro 2. Inserting 'break' before falling through into a case block consisting of only 'break'. We were already using this warning with GCC, but its warning behaves slightly differently. In this patch, the following differences are relevant: 1. GCC recognizes comments that say "fall through" as annotations, clang doesn't 2. GCC doesn't warn on "case N: foo(); default: break;", clang does 3. GCC doesn't warn when the case contains a switch, but falls through the outer case. I will enable the warning separately in a follow-up patch so that it can be cleanly reverted if necessary. Reviewers: alexfh, rsmith, lattner, rtrieu, EricWF, bollu Differential Revision: https://reviews.llvm.org/D53950 llvm-svn: 345882
* Output "rule" information in SARIF exports.Aaron Ballman2018-11-011-0/+38
| | | | | | SARIF allows you to export descriptions about rules that are present in the SARIF log. Expose the help text table generated into Checkers.inc as the rule's "full description" and export all of the rules present in the analysis output. This information is useful for analysis result viewers like CodeSonar. llvm-svn: 345874
* Update to the 10-10 SARIF spec.Aaron Ballman2018-11-011-8/+7
| | | | | | This removes the Step property (which can be calculated by consumers trivially), and updates the schema and version numbers accordingly. llvm-svn: 345823
* [analyzer] pr39348: MallocChecker: Realize that sized delete isn't custom ↵Artem Dergachev2018-11-011-31/+7
| | | | | | | | | | | | | | | | | | | | | | | | | delete. MallocChecker no longer thinks that operator delete() that accepts the size of the object to delete (available since C++14 or under -fsized-deallocation) is some weird user-defined operator. Instead, it handles it like normal delete. Additionally, it exposes a regression in NewDelete-intersections.mm's testStandardPlacementNewAfterDelete() test, where the diagnostic is delayed from before the call of placement new into the code of placement new in the header. This happens because the check for pass-into-function-after-free for placement arguments is located in checkNewAllocator(), which happens after the allocator is inlined, which is too late. Move this use-after-free check into checkPreCall instead, where it works automagically because the guard that prevents it from working is useless and can be removed as well. This commit causes regressions under -analyzer-config c++-allocator-inlining=false but this option is essentially unsupported because the respective feature has been enabled by default quite a while ago. Differential Revision: https://reviews.llvm.org/D53543 llvm-svn: 345802
* [analyzer] Re-add custom OSIterator rule for RetainCountCheckerGeorge Karpenkov2018-10-311-4/+9
| | | | | | | | Turns out the rule is quite ubiquitous. Revert of https://reviews.llvm.org/D53628 llvm-svn: 345747
* [analyzer] RetainCountChecker: for now, do not trust the summaries of ↵George Karpenkov2018-10-312-14/+7
| | | | | | | | | | | | | | | | inlined code Trusting summaries of inlined code would require a more thorough work, as the current approach was causing too many false positives, as the new example in test. The culprit lies in the fact that we currently escape all variables written into a field (but not passed off to unknown functions!), which can result in inconsistent behavior. rdar://45655344 Differential Revision: https://reviews.llvm.org/D53902 llvm-svn: 345746
* [analyzer] Enable retain count checking for OSObject by defaGeorge Karpenkov2018-10-311-1/+1
| | | | | | | | The FP rate seems to be good enough now. Differential Revision: https://reviews.llvm.org/D53849 llvm-svn: 345745
* [analyzer][PlistMacroExpansion] Part 1.: New expand-macros flagKristof Umann2018-10-313-15/+101
| | | | | | | | | | | | | This is the first part of the implementation of the inclusion of macro expansions into the plist output. It adds a new flag that adds a new "macro_expansions" entry to each report that has PathDiagnosticPieces that were expanded from a macro. While there's an entry for each macro expansion, both the name of the macro and what it expands to is missing, and will be implemented in followup patches. Differential Revision: https://reviews.llvm.org/D52742 llvm-svn: 345724
* Create ConstantExpr classBill Wendling2018-10-315-8/+13
| | | | | | | | | | | | | | | | A ConstantExpr class represents a full expression that's in a context where a constant expression is required. This class reflects the path the evaluator took to reach the expression rather than the syntactic context in which the expression occurs. In the future, the class will be expanded to cache the result of the evaluated expression so that it's not needlessly re-evaluated Reviewed By: rsmith Differential Revision: https://reviews.llvm.org/D53475 llvm-svn: 345692
* NFC: Remove the ObjC1/ObjC2 distinction from clang (and related projects)Erik Pilkington2018-10-301-1/+1
| | | | | | | | | | We haven't supported compiling ObjC1 for a long time (and never will again), so there isn't any reason to keep these separate. This patch replaces LangOpts::ObjC1 and LangOpts::ObjC2 with LangOpts::ObjC. Differential revision: https://reviews.llvm.org/D53547 llvm-svn: 345637
* Silencing a -Wunused-variable warning; NFC.Aaron Ballman2018-10-301-2/+0
| | | | llvm-svn: 345633
* Fixing some build bot failures from r345628; NFC intended.Aaron Ballman2018-10-301-1/+1
| | | | llvm-svn: 345630
* Add the ability to output static analysis results to SARIF.Aaron Ballman2018-10-302-2/+273
| | | | | | This allows users to specify SARIF (https://github.com/oasis-tcs/sarif-spec) as the output from the clang static analyzer so that the results can be read in by other tools, such as extensions to Visual Studio and VSCode, as well as static analyzers like CodeSonar. llvm-svn: 345628
* PR23833, DR2140: an lvalue-to-rvalue conversion on a glvalue of typeRichard Smith2018-10-301-1/+6
| | | | | | | | | nullptr_t does not access memory. We now reuse CK_NullToPointer to represent a conversion from a glvalue of type nullptr_t to a prvalue of nullptr_t where necessary. llvm-svn: 345562
* [analyzer] Allow padding checker to traverse simple class hierarchiesAlexander Shaposhnikov2018-10-301-8/+30
| | | | | | | | | | | | | | | The existing padding checker skips classes that have any base classes. This patch allows the checker to traverse very simple cases: classes that have no fields and have exactly one base class. This is important mostly in the case of array declarations. Patch by Max Bernstein! Test plan: make check-all Differential revision: https://reviews.llvm.org/D53206 llvm-svn: 345558
* [analyzer][NFC] Refactor PlistDiagnostics to use a class instead of passing ↵Kristof Umann2018-10-291-151/+180
| | | | | | | | | | | 9 parameters around This has been a long time coming. Note the usage of AnalyzerOptions: I'll need it for D52742, and added it in rC343620. The main motivation for this was that I'll need to add yet another parameter to every single function, and some functions would reach their 10th parameter with that change. llvm-svn: 345531
* [analyzer] Fix a bug in "collapsed" graph viewerGeorge Karpenkov2018-10-251-1/+2
| | | | | | | | | | | | | | | | | | | | | | Nodes which have only one predecessor and only one successor can not always be hidden, even if all states are the same. An additional condition is needed: the predecessor may have only one successor. This can be seen on this example: ``` A / \ B C \ / D ``` Nodes B and C can not be hidden even if all nodes in the graph have the same state. Differential Revision: https://reviews.llvm.org/D53735 llvm-svn: 345341
* [analyzer] [RetainCountChecker] Do not invalidate references passed to ↵George Karpenkov2018-10-251-1/+5
| | | | | | | | constructors and operators Differential Revision: https://reviews.llvm.org/D53660 llvm-svn: 345340
* [analyzer] Remove custom rule for OSIterator in RetainCountCheckerGeorge Karpenkov2018-10-251-8/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D53628 llvm-svn: 345339
* [analyzer] Correct modelling of OSDynamicCast: eagerly state splitGeorge Karpenkov2018-10-252-22/+53
| | | | | | | | | | | | | | | | | | | | | Previously, OSDynamicCast was modeled as an identity. This is not correct: the output of OSDynamicCast may be zero even if the input was not zero (if the class is not of desired type), and thus the modeling led to false positives. Instead, we are doing eager state split: in one branch, the returned value is identical to the input parameter, and in the other branch, the returned value is zero. This patch required a substantial refactoring of canEval infrastructure, as now it can return different function summaries, and not just true/false. rdar://45497400 Differential Revision: https://reviews.llvm.org/D53624 llvm-svn: 345338
* [analyzer] Move canReasonAbout from Z3ConstraintManager to SMTConstraintManagerMikhail R. Gadelha2018-10-251-43/+2
| | | | | | | | | | | | | | | | | | | Summary: This patch moves the last method in `Z3ConstraintManager` to `SMTConstraintManager`: `canReasonAbout()`. The `canReasonAbout()` method checks if a given `SVal` can be encoded in SMT. I've added a new method to the SMT API to return true if a solver can encode floating-point arithmetics and it was enough to make `canReasonAbout()` solver independent. As an annoying side-effect, `Z3ConstraintManager` is pretty empty now and only (1) creates the Z3 solver object by calling `CreateZ3Solver()` and (2) instantiates `SMTConstraintManager`. Maybe we can get rid of this class altogether in the future: a `CreateSMTConstraintManager()` method that does (1) and (2) and returns the constraint manager object? Reviewers: george.karpenkov, NoQ Reviewed By: george.karpenkov Subscribers: mehdi_amini, xazax.hun, szepet, a.sidorin, dexonsmith, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53694 llvm-svn: 345284
* [analyzer] Fixed bitvector from model always being unsignedMikhail R. Gadelha2018-10-251-3/+5
| | | | | | | | | | | | | | | | | Summary: Getting an `APSInt` from the model always returned an unsigned integer because of the unused parameter. This was not breaking any test case because no code relies on the actual value of the integer returned here, but rather it is only used to check if a symbol has more than one solution in `getSymVal`. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, Szelethus, donat.nagy, dkrupp Differential Revision: https://reviews.llvm.org/D53637 llvm-svn: 345283
* [analyzer] [NFC] Change scanReachableSymbols to use rangesGeorge Karpenkov2018-10-233-21/+7
| | | | | | | | Remove unused overload. Clean up some usages. Differential Revision: https://reviews.llvm.org/D53615 llvm-svn: 345101
* [analyzer] Do not stop tracking CXX methods touching OSObject.George Karpenkov2018-10-232-9/+25
| | | | | | | | Trust generalized annotations for OSObject. Differential Revision: https://reviews.llvm.org/D53550 llvm-svn: 345100
* [analyzer] Trust summaries for OSObject::retain and OSObject::releaseGeorge Karpenkov2018-10-232-26/+27
| | | | | | | | Refactor the way in which summaries are consumed for safeMetaCast Differential Revision: https://reviews.llvm.org/D53549 llvm-svn: 345099
* [analyzer] Rename trackNullOrUndefValue to trackExpressionValueGeorge Karpenkov2018-10-2316-68/+58
| | | | | | | | | | | | trackNullOrUndefValue is a long and confusing name, and it does not actually reflect what the function is doing. Give a function a new name, with a relatively clear semantics. Also remove some dead code. Differential Revision: https://reviews.llvm.org/D52758 llvm-svn: 345064
* [Fixed Point Arithmetic] Fixed Point to Boolean CastLeonard Chan2018-10-231-1/+2
| | | | | | | | | | This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split the casting logic up into smaller patches. This contains the code for casting from fixed point types to boolean types. Differential Revision: https://reviews.llvm.org/D53308 llvm-svn: 345063
* [OpenCL][NFC] Unify ZeroToOCL* cast typesAndrew Savonichev2018-10-231-2/+1
| | | | | | | | | | | | Reviewers: Anastasia, yaxunl Reviewed By: Anastasia Subscribers: asavonic, cfe-commits Differential Revision: https://reviews.llvm.org/D52654 llvm-svn: 345038
* [analyzer] Fix dumping for SymbolConjured conjured at no particular statement.Artem Dergachev2018-10-221-4/+7
| | | | llvm-svn: 344944
* Fix MSVC "not all control paths return a value" warning. NFCI.Simon Pilgrim2018-10-221-0/+1
| | | | llvm-svn: 344892
* [analyzer][UninitializedObjectChecker] No longer using nonloc::LazyCompoundValKristof Umann2018-10-211-25/+26
| | | | | | | | As rightly pointed out by @NoQ, nonloc::LazyCompoundVals were only used to acquire a constructed object's region, which isn't what LazyCompoundVal was made for. Differential Revision: https://reviews.llvm.org/D51300 llvm-svn: 344879
* [analyzer][NFC] Fix inconsistencies in AnalyzerOptionsKristof Umann2018-10-212-51/+48
| | | | | | | | | | | | | I'm in the process of refactoring AnalyzerOptions. The main motivation behind here is to emit warnings if an invalid -analyzer-config option is given from the command line, and be able to list them all. This first NFC patch contains small modifications to make AnalyzerOptions.cpp a little more consistent. Differential Revision: https://reviews.llvm.org/D53274 llvm-svn: 344870
* [NFC][Test commit] Fix typos in a commentAleksei Sidorin2018-10-201-2/+2
| | | | llvm-svn: 344847
* [analyzer] Be more plugin-friendly by moving static locals into .cpp files.Artem Dergachev2018-10-206-0/+41
| | | | | | | | | | | | | | | | | | The GDMIndex functions return a pointer that's used as a key for looking up data, but addresses of local statics defined in header files aren't the same across shared library boundaries and the result is that analyzer plugins can't access this data. Event types are uniqued by using the addresses of a local static defined in a header files, but it isn't the same across shared library boundaries and plugins can't currently handle ImplicitNullDerefEvents. Patches by Joe Ranieri! Differential Revision: https://reviews.llvm.org/D52905 Differential Revision: https://reviews.llvm.org/D52906 llvm-svn: 344823
* [analyzer] Teach CallEvent about C++17 aligned operator new().Artem Dergachev2018-10-151-0/+4
| | | | | | | | | | | | | | | | | | | | In C++17, when class C has large alignment value, a special case of overload resolution rule kicks in for expression new C that causes the aligned version of operator new() to be called. The aligned new has two arguments: size and alignment. However, the new-expression has only one "argument": the construct-expression for C(). This causes a false positive in core.CallAndMessage's check for matching number of arguments and number of parameters. Update CXXAllocatorCall, which is a CallEvent sub-class for operator new calls within new-expressions, so that the number of arguments always matched the number of parameters. rdar://problem/44738501 Differential Revision: https://reviews.llvm.org/D52957 llvm-svn: 344539
* [analyzer] NFC: RetainCountChecker: Don't dump() symbols into program point ↵Artem Dergachev2018-10-151-15/+2
| | | | | | | | | | | | | | | | tags. We don't need a separate node for every symbol, because whenever the first symbol leaks, a bug is emitted, the analysis is sinked, and the checker callback immediately returns due to State variable turning into null, so we never get to see the second leaking symbol. Additionally, we are no longer able to break normal analysis while experimenting with debug dumps. Differential Revision: https://reviews.llvm.org/D52804 llvm-svn: 344538
* [Fixed Point Arithmetic] FixedPointCastLeonard Chan2018-10-151-1/+2
| | | | | | | | | | | | | This patch is a part of https://reviews.llvm.org/D48456 in an attempt to split them up. This contains the code for casting between fixed point types and other fixed point types. The method for converting between fixed point types is based off the convert() method in APFixedPoint. Differential Revision: https://reviews.llvm.org/D50616 llvm-svn: 344530
* Move some helpers from the global namespace into anonymous ones.Benjamin Kramer2018-10-133-1/+7
| | | | llvm-svn: 344468
* [analyzer] Improved cmake configuration for Z3Enrico Steffinlongo2018-10-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | Summary: Enhanced support for Z3 in the cmake configuration of clang; now it is possible to specify any arbitrary Z3 install prefix (CLANG_ANALYZER_Z3_PREFIX) to cmake with lib (or bin) and include folders. Before the patch only in cmake default locations were searched (https://cmake.org/cmake/help/v3.4/command/find_path.html). Specifying any CLANG_ANALYZER_Z3_PREFIX will force also CLANG_ANALYZER_BUILD_Z3 to ON. Removed also Z3 4.5 version requirement since it was not checked, and now Clang works with Z3 4.7 Reviewers: NoQ, george.karpenkov, mikhail.ramalho Reviewed By: george.karpenkov Subscribers: rnkovacs, NoQ, esteffin, george.karpenkov, delcypher, ddcc, mgorny, xazax.hun, szepet, a.sidorin, Szelethus Tags: #clang Differential Revision: https://reviews.llvm.org/D50818 llvm-svn: 344464
* [analyzer] Small SMT API improvementEnrico Steffinlongo2018-10-131-1/+1
| | | | | | | | | | | | | | Summary: Removed const qualifier from reset method of SMTSolver and Z3Solver objects. Reviewers: mikhail.ramalho, george.karpenkov, NoQ, ddcc Reviewed By: NoQ Subscribers: xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D52031 llvm-svn: 344463
* Remove top-level using declaration from header files, as these aliases leak.Sam McCall2018-10-121-2/+0
| | | | | | | | | | Reviewers: ilya-biryukov Subscribers: arphaman, cfe-commits Differential Revision: https://reviews.llvm.org/D53135 llvm-svn: 344337
* [analyzer] Fix a bug in unexplored_first_location_queue iteration order.George Karpenkov2018-10-121-2/+2
| | | | | | Pointed out by Artem in post-commit review for https://reviews.llvm.org/D53058 llvm-svn: 344322
* [analyzer] Experiment with an iteration order only based on location, and ↵George Karpenkov2018-10-113-2/+67
| | | | | | | | not using the stack frame Differential Revision: https://reviews.llvm.org/D53058 llvm-svn: 344313
* [analyzer] Avoid unneeded invalidation in RetainCountCheckerGeorge Karpenkov2018-10-111-19/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D53168 llvm-svn: 344312
* [analyzer] Retain count checker for OSObject: recognize OSDynamicCastGeorge Karpenkov2018-10-111-1/+12
| | | | | | | | | | | For now, tresting the cast as a no-op, and disregarding the case where the output becomes null due to the type mismatch. rdar://45174557 Differential Revision: https://reviews.llvm.org/D53156 llvm-svn: 344311
* Revert "[Lex] TokenConcatenation now takes const Preprocessor"Eric Liu2018-10-111-3/+3
| | | | | | This reverts commit r344262. This was an unintentional commit. llvm-svn: 344267
* [Lex] TokenConcatenation now takes const PreprocessorEric Liu2018-10-111-3/+3
| | | | | | Differential Revision: https://reviews.llvm.org/D52502 llvm-svn: 344262
OpenPOWER on IntegriCloud