| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
| |
I've added a new functionality, the checker is now able to
detect and report fields pointing to themselves. I figured
this would fit well into the checker as there's no reason
for a pointer to point to itself instead of being nullptr.
Differential Revision: https://reviews.llvm.org/D51305
llvm-svn: 344242
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52983
llvm-svn: 344017
|
| |
|
|
|
|
|
|
|
|
| |
enough to make the state unfeasible
rdar://43541814
Differential Revision: https://reviews.llvm.org/D52848
llvm-svn: 343735
|
| |
|
|
|
|
|
|
|
| |
Doesn't do much despite sounding quite bad, but fixes an exotic test case where
liveness of a nonloc::LocAsInteger array index is now evaluated correctly.
Differential Revision: https://reviews.llvm.org/D52667
llvm-svn: 343631
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
AnalyzerOptions as parameter
I intend to add a new flag macro-expnasions-as-events, and unfortunately
I'll only be able to convert the macro piece into an event one once I'm
about to emit it, due to the lack of an avaible Preprocessor object in
the BugReporter.
Differential Revision: https://reviews.llvm.org/D52787
llvm-svn: 343620
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
Several improvements in preparation for the new backends.
Refactoring:
- Removed duplicated methods `fromBoolean`, `fromAPSInt`, `fromInt` and `fromAPFloat`. The methods `mkBoolean`, `mkBitvector` and `mkFloat` are now used instead.
- The names of the functions that convert BVs to FPs were swapped (`mkSBVtoFP`, `mkUBVtoFP`, `mkFPtoSBV`, `mkFPtoUBV`).
- Added a couple of comments in function calls.
Crosscheck encoding:
- Changed how constraints are encoded in the refutation manager so it doesn't start with (false OR ...). This change introduces one duplicated line (see file `BugReporterVisitors.cpp`, the `SMTConv::getRangeExpr is called twice, so I can remove this change if the duplication is a problem.
Reviewers: george.karpenkov, NoQ
Reviewed By: george.karpenkov
Subscribers: xazax.hun, szepet, a.sidorin, Szelethus
Differential Revision: https://reviews.llvm.org/D52365
llvm-svn: 343581
|
| |
|
|
| |
llvm-svn: 343574
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52502
llvm-svn: 343573
|
| |
|
|
|
|
|
|
|
|
| |
parameter
This is patch is a preparation for the proposed inclusion of macro expansions in the plist output.
Differential Revision: https://reviews.llvm.org/D52735
llvm-svn: 343511
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52640
llvm-svn: 343353
|
| |
|
|
|
|
|
|
|
|
|
| |
Dumping graphs instead of opening them is often very useful,
e.g. for transfer or converting to SVG.
Basic sanity check for generated exploded graphs.
Differential Revision: https://reviews.llvm.org/D52637
llvm-svn: 343352
|
| |
|
|
| |
llvm-svn: 343276
|
| |
|
|
|
|
|
|
| |
exploded graph
Differential Revision: https://reviews.llvm.org/D52584
llvm-svn: 343239
|
| |
|
|
| |
llvm-svn: 343205
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52502
llvm-svn: 343204
|
| |
|
|
|
|
|
|
| |
So we can dump them outside of viewing the exploded grpah.
Differential Revision: https://reviews.llvm.org/D52583
llvm-svn: 343160
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52519
llvm-svn: 343159
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary: The convenience wrapper in STLExtras is available since rL342102.
Reviewers: rsmith, #clang, dblaikie
Reviewed By: rsmith, #clang
Subscribers: mgrang, arphaman, kadircet, cfe-commits
Differential Revision: https://reviews.llvm.org/D52576
llvm-svn: 343147
|
| |
|
|
| |
llvm-svn: 343085
|
| |
|
|
|
|
|
|
|
|
|
| |
Commit r340984 causes a crash when a pointer to a completely unrelated type
UnrelatedT (eg., opaque struct pattern) is being casted from base class BaseT to
derived class DerivedT, which results in an ill-formed region
Derived{SymRegion{$<UnrelatedT x>}, DerivedT}.
Differential Revision: https://reviews.llvm.org/D52189
llvm-svn: 343051
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tests introduced in r329780 was disabled in r342317 because these tests
were accidentally testing dump infrastructure, when all they cared about was
how symbols relate to each other. So when dump infrastructure changed,
tests became annoying to maintain.
Add a new feature to ExprInspection: clang_analyzer_denote() and
clang_analyzer_explain(). The former adds a notation to a symbol, the latter
expresses another symbol in terms of previously denoted symbols.
It's currently a bit wonky - doesn't print parentheses and only supports
denoting atomic symbols. But it's even more readable that way.
Differential Revision: https://reviews.llvm.org/D52133
llvm-svn: 343048
|
| |
|
|
|
|
|
|
|
|
| |
Combine the two constructor overrides into a single ArrayRef constructor
to allow easier brace initializations and simplify how the respective field
is used internally.
Differential Revision: https://reviews.llvm.org/D51390
llvm-svn: 343037
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a checker maintains a program state trait that isn't a simple list/set/map, but is a combination of multiple lists/sets/maps (eg., a multimap - which may be implemented as a map from something to set of something), ProgramStateManager only contains the factory for the trait itself. All auxiliary lists/sets/maps need a factory to be provided by the checker, which is annoying.
So far two checkers wanted a multimap, and both decided to trick the
ProgramStateManager into keeping the auxiliary factory within itself
by pretending that it's some sort of trait they're interested in,
but then never using this trait but only using the factory.
Make this trick legal. Define a convenient macro.
One thing that becomes apparent once all pieces are put together is that
these two checkers are in fact using the same factory, because the type that
identifies it, ImmutableMap<const MemRegion *, ImmutableSet<SymbolRef>>,
is the same. This situation is different from two checkers registering similar
primitive traits.
Differential Revision: https://reviews.llvm.org/D51388
llvm-svn: 343035
|
| |
|
|
|
|
|
|
|
|
| |
This patch is a band-aid. A proper solution would be too change
trackNullOrUndefValue to only try to dereference the pointer when it is
relevant to the problem.
Differential Revision: https://reviews.llvm.org/D52435
llvm-svn: 342920
|
| |
|
|
|
|
|
|
| |
ImmutableList
Differential Revision: https://reviews.llvm.org/D51886
llvm-svn: 342834
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer.
Advising the proper usual pattern.
Reviewers: george.karpenkov, NoQ, MaskRay
Reviewed By: MaskRay
Differential Revision: https://reviews.llvm.org/D49722
llvm-svn: 342832
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Modify the RetainCountChecker to perform state "adjustments" in
checkEndFunction, as performing work in PreStmt<ReturnStmt> does not
work with destructors.
The previous version made an implicit assumption that no code runs
after the return statement is executed.
rdar://43945028
Differential Revision: https://reviews.llvm.org/D52338
llvm-svn: 342770
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52337
llvm-svn: 342769
|
| |
|
|
|
|
|
|
|
|
| |
statement, if possible
If not possible, use the last line of the declaration, as before.
Differential Revision: https://reviews.llvm.org/D52326
llvm-svn: 342768
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52336
llvm-svn: 342767
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the non-sink report is generated at the exit node, it will be
suppressed by the current functionality in isInevitablySinking, as it
only checks the successors of the block, but not the block itself.
The bug shows up in RetainCountChecker checks.
Differential Revision: https://reviews.llvm.org/D52284
llvm-svn: 342766
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D52269
llvm-svn: 342765
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a number of issues:
- Global variables are not used for communication
- Trait should be defined on a graph, not on a node
- Defining the trait on a graph allows us to use a correct allocator,
no longer crashing while printing trimmed graphs
Differential Revision: https://reviews.llvm.org/D52183
llvm-svn: 342413
|
| |
|
|
|
|
|
|
| |
skip pointers whenever redundant, use unique prefixes.
Differential Revision: https://reviews.llvm.org/D52114
llvm-svn: 342316
|
| |
|
|
|
|
|
|
|
|
| |
Those are not created in the allocator.
Since they are created fairly rarely, a counter overhead should not
affect the memory consumption.
Differential Revision: https://reviews.llvm.org/D51827
llvm-svn: 342314
|
| |
|
|
|
|
|
|
| |
store
Differential Revision: https://reviews.llvm.org/D51826
llvm-svn: 342313
|
| |
|
|
|
|
|
|
|
|
| |
exploded graph
Prevents bad centering.
Differential Revision: https://reviews.llvm.org/D51825
llvm-svn: 342312
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D51823
llvm-svn: 342310
|
| |
|
|
|
|
|
|
|
|
| |
predecessors/successors
Still generate a node, but leave the redundant field empty.
Differential Revision: https://reviews.llvm.org/D51821
llvm-svn: 342308
|
| |
|
|
|
|
| |
To fix compiler warning about non-virtual dtor introduced in r342221.
llvm-svn: 342225
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D49437
llvm-svn: 342221
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
it's fields
Based on a suggestion from @george.karpenkov.
In some cases, structs are used as unions with a help of a tag/kind field.
This patch adds a new string flag (a pattern), that is matched against the
fields of a record, and should a match be found, the entire record is ignored.
For more info refer to http://lists.llvm.org/pipermail/cfe-dev/2018-August/058906.html
and to the responses to that, especially http://lists.llvm.org/pipermail/cfe-dev/2018-August/059215.html.
Differential Revision: https://reviews.llvm.org/D51680
llvm-svn: 342220
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Since I plan to add a number of new flags, it made sense to encapsulate
them in a new struct, in order not to pollute FindUninitializedFields's
constructor with new boolean options with super long names.
This revision practically reverts D50508, since FindUninitializedFields
now accesses the pedantic flag anyways.
Differential Revision: https://reviews.llvm.org/D51679
llvm-svn: 342219
|
| |
|
|
|
|
|
|
| |
record pointees
Differential Revision: https://reviews.llvm.org/D50892
llvm-svn: 342217
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the comments are incorrect, imprecise, or simply nonexistent.
Since I have a better grasp on how the analyzer works, it makes sense
to update most of them in a single swoop.
I tried not to flood the code with comments too much, this amount
feels just right to me.
Differential Revision: https://reviews.llvm.org/D51417
llvm-svn: 342215
|
| |
|
|
|
|
|
|
|
|
| |
iThis patch aims to fix derefencing, which has been debated for months now.
Instead of working with SVals, the function now relies on TypedValueRegion.
Differential Revision: https://reviews.llvm.org/D51057
llvm-svn: 342213
|
| |
|
|
|
|
|
|
|
|
| |
emplace and erase operations
This patch adds support for the following operations in the iterator checkers: assign, clear, insert, insert_after, emplace, emplace_after, erase and erase_after. This affects mismatched iterator checks ("this" and parameter must match) and invalidation checks (according to the standard).
Differential Revision: https://reviews.llvm.org/D32904
llvm-svn: 341794
|
| |
|
|
|
|
|
|
| |
This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_front, pop_back and pop_front. This affects iterator range checks (range is extended after push and emplace and reduced after pop operations) and invalidation checks (according to the standard).
Differential Revision: https://reviews.llvm.org/D32902
llvm-svn: 341793
|
| |
|
|
|
|
|
|
|
|
| |
constructors and comparisons
Extension of the mismatched iterator checker for constructors taking range of first..last (first and last must be iterators of the same container) and also for comparisons of iterators of different containers (one does not compare iterators of different containers, since the set of iterators is partially ordered, there are no relations between iterators of different containers, except that they are always non-equal).
Differential Revision: https://reviews.llvm.org/D32860
llvm-svn: 341792
|
| |
|
|
|
|
|
|
| |
If a container is moved by its move assignment operator, according to the standard all their iterators except the past-end iterators remain valid but refer to the new container. This patch introduces support for this case in the iterator checkers.
Differential Revision: https://reviews.llvm.org/D32859
llvm-svn: 341791
|
