summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* [Analyzer] Iterator Checker - Part 4: Mismatched iterator checker for ↵Adam Balogh2018-09-101-1/+116
| | | | | | | | | | function parameters New check added to the checker which checks whether iterator parameters of template functions typed by the same template parameter refer to the same container. Differential Revision: https://reviews.llvm.org/D32845 llvm-svn: 341790
* [analyzer] [NFC] Move methods for dumping the coverage in HTMLDiagnostics ↵George Karpenkov2018-09-071-5/+12
| | | | | | | | into the class Differential Revision: https://reviews.llvm.org/D51513 llvm-svn: 341724
* [analyzer] [NFC] Use StringRef when returning a large string literal in ↵George Karpenkov2018-09-071-5/+6
| | | | | | | | | | HTMLDiagnostics (NB: could be a clang-tidy / analyzer check) Differential Revision: https://reviews.llvm.org/D51512 llvm-svn: 341723
* [analyzer] Remove the "postponed" hack, deal with derived symbols using an ↵George Karpenkov2018-09-071-22/+40
| | | | | | | | | | | | | | | | | | | | extra map The "derived" symbols indicate children fields of a larger symbol. As parents do not have pointers to their children, the garbage collection algorithm the analyzer currently uses adds such symbols into a "postponed" category, and then keeps running through the worklist until the fixed point is reached. The current patch rectifies that by instead using a helper map which stores pointers from parents to children, so that no fixed point calculation is necessary. The current patch yields ~5% improvement in running time on sqlite. Differential Revision: https://reviews.llvm.org/D51397 llvm-svn: 341722
* Revert "Revert "Revert "Revert "[analyzer] Add coverage information to plist ↵George Karpenkov2018-09-071-8/+42
| | | | | | | | | | output, update tests"""" This reverts commit 2f5d71d9fa135be86bb299e7d773036e50bf1df6. Hopefully fixing tests on Windows. llvm-svn: 341719
* Revert "Revert "Revert "[analyzer] Add coverage information to plist output, ↵Simon Pilgrim2018-09-071-42/+8
| | | | | | | | update tests""" Reverts analyzer tests from rL341627 again as they still broke windows buildbots llvm-svn: 341648
* Revert "Revert "[analyzer] Add coverage information to plist output, update ↵George Karpenkov2018-09-071-8/+42
| | | | | | | | | | tests"" This reverts commit a39bcab414dd7ace7e490363ecdf01ecce7743fc. Reverting the revert, fixing tests. llvm-svn: 341627
* Revert "[analyzer] Add coverage information to plist output, update tests"George Karpenkov2018-09-071-42/+8
| | | | | | | | This reverts commit 03d183b6b94eda27ce66a4f9b87a00b0a148cf9e. Temporary revert until the tests are fixed. llvm-svn: 341626
* [analyzer] Add coverage information to plist output, update testsGeorge Karpenkov2018-09-071-8/+42
| | | | | | | | Split tests which were still using FileCheck to compare plists. Differential Revision: https://reviews.llvm.org/D51515 llvm-svn: 341621
* [analyzer] [NFC] Prefer passing around reference to std::unique_ptr&George Karpenkov2018-09-071-9/+9
| | | | | | | | When object is owned elsewhere Differential Revision: https://reviews.llvm.org/D51669 llvm-svn: 341620
* [analyzer] Executed lines: store file IDs, not hashes.George Karpenkov2018-09-072-4/+4
| | | | | | | | Raw FileIDs are needed for the PlistDiagnostics to produce stable filenames. Differential Revision: https://reviews.llvm.org/D51668 llvm-svn: 341619
* [analyzer] Do not add invalid source location to the coverage informationGeorge Karpenkov2018-09-071-0/+5
| | | | | | | | Invalid source locations may arise from generated code. Differential Revision: https://reviews.llvm.org/D51761 llvm-svn: 341618
* [analyzer] Push updating-the-executed-lines logic into the BugReporter.George Karpenkov2018-09-072-16/+17
| | | | | | | | So it can be reused across different consumers. Differential Revision: https://reviews.llvm.org/D51514 llvm-svn: 341617
* [analyzer] Skip printing trivial nodes in exploded graphGeorge Karpenkov2018-09-072-16/+41
| | | | | | | | | | | A node is considered to be trivial if it only has one successor, one predecessor, and a state equal to the predecessor. Can drastically (> 2x) reduce the size of the generated exploded graph. Differential Revision: https://reviews.llvm.org/D51665 llvm-svn: 341616
* [analyzer] [NFC] Move dumping program point into a separate functionGeorge Karpenkov2018-09-061-131/+132
| | | | | | Differential Revision: https://reviews.llvm.org/D51666 llvm-svn: 341603
* [analyzer] Dump stable identifiers for exploded nodesGeorge Karpenkov2018-09-062-3/+14
| | | | | | Differential Revision: https://reviews.llvm.org/D51667 llvm-svn: 341602
* [analyzer] Remove traces of ubigraph visualizationGeorge Karpenkov2018-09-062-128/+0
| | | | | | | | | | Ubigraph project has been dead since about 2008, and to the best of my knowledge, no one was using it. Previously, I wasn't able to launch the existing binary at all. Differential Revision: https://reviews.llvm.org/D51655 llvm-svn: 341601
* [analyzer] Dump a reproducible, deterministic ID of program state to ↵George Karpenkov2018-09-062-1/+9
| | | | | | | | exploded graph Differential Revision: https://reviews.llvm.org/D51395 llvm-svn: 341600
* [analyzer] InnerPointerChecker: Fix a segfault when checking symbolic strings.Artem Dergachev2018-08-301-0/+3
| | | | | | | | | | Return value of dyn_cast_or_null should be checked before use. Otherwise we may put a null pointer into the map as a key and eventually crash in checkDeadSymbols. Differential Revision: https://reviews.llvm.org/D51385 llvm-svn: 341092
* [analyzer] Improve tracing for uninitialized struct fieldsGeorge Karpenkov2018-08-291-0/+2
| | | | | | | | rdar://13729267 Differential Revision: https://reviews.llvm.org/D51323 llvm-svn: 340986
* [analyzer] Support modeling no-op BaseToDerived casts in ExprEngine.Artem Dergachev2018-08-293-11/+68
| | | | | | | | | | | | | | | Introduce a new MemRegion sub-class, CXXDerivedObjectRegion, which is the opposite of CXXBaseObjectRegion, to represent such casts. Such region is a bit weird because it is by design bigger than its super-region. But it's not harmful when it is put on top of a SymbolicRegion that has unknown extent anyway. Offset computation for CXXDerivedObjectRegion and proper modeling of casts still remains to be implemented. Differential Revision: https://reviews.llvm.org/D51191 llvm-svn: 340984
* [analyzer] CFRetainReleaseChecker: Don't check C++ methods with the same name.Artem Dergachev2018-08-291-61/+28
| | | | | | | | | | | Don't try to understand what's going on when there's a C++ method called eg. CFRetain(). Refactor the checker a bit, to use more modern APIs. Differential Revision: https://reviews.llvm.org/D50866 llvm-svn: 340982
* [CFG] [analyzer] Disable argument construction contexts for variadic functions.Artem Dergachev2018-08-291-9/+21
| | | | | | | | | | | The analyzer doesn't make use of them anyway and they seem to have pretty weird AST from time to time, so let's just skip them for now. Fixes a crash reported as pr37769. Differential Revision: https://reviews.llvm.org/D50855 llvm-svn: 340977
* [analyzer] Resolve the crash in ReturnUndefCheckerGeorge Karpenkov2018-08-292-0/+2
| | | | | | | | | | | By making sure the returned value from getKnownSVal is consistent with the value used inside expression engine. PR38427 Differential Revision: https://reviews.llvm.org/D51252 llvm-svn: 340965
* [analyzer] [NFC] Move class definition out of the functionGeorge Karpenkov2018-08-291-41/+40
| | | | | | Differential Revision: https://reviews.llvm.org/D51322 llvm-svn: 340964
* [analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by defaultGeorge Karpenkov2018-08-292-2/+9
| | | | | | Differential Revision: https://reviews.llvm.org/D51251 llvm-svn: 340963
* [analyzer] [NFC] Remove unused "state" argument from makeSymExprValNNGeorge Karpenkov2018-08-292-7/+6
| | | | | | Differential Revision: https://reviews.llvm.org/D51250 llvm-svn: 340962
* [analyzer] Better retain count rules for OSObjectsGeorge Karpenkov2018-08-292-37/+38
| | | | | | Differential Revision: https://reviews.llvm.org/D51184 llvm-svn: 340961
* [analyzer] [NFC] Follow the convention when naming classesGeorge Karpenkov2018-08-291-24/+24
| | | | | | | | Renames InvalidateRegionsWorker and RemoveDeadBindingsWorker Differential Revision: https://reviews.llvm.org/D51324 llvm-svn: 340960
* [Analyzer] Iterator Checker - Part 3: Invalidation check, first for (copy) ↵Adam Balogh2018-08-281-45/+138
| | | | | | | | | | | assignments We add check for invalidation of iterators. The only operation we handle here is the (copy) assignment. Differential Revision: https://reviews.llvm.org/D32747 llvm-svn: 340805
* fix comment typoNico Weber2018-08-271-1/+1
| | | | llvm-svn: 340743
* [analyzer] Moved all CSA code from the SMT API to a new header, `SMTConv.h`. ↵Mikhail R. Gadelha2018-08-232-18/+14
| | | | | | | | | | | | | | | | | | | | | NFC. Summary: With this patch, the SMT backend is almost completely detached from the CSA. Unfortunate consequence is that we missed the `ConditionTruthVal` from the CSA and had to use `Optional<bool>`. The Z3 solver implementation is still in the same file as the `Z3ConstraintManager`, in `lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp` though, but except for that, the SMT API can be moved to anywhere in the codebase. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Subscribers: xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D50772 llvm-svn: 340534
* [analyzer] Templatefy SMTConstraintManager so more generic code can be moved ↵Mikhail R. Gadelha2018-08-233-240/+1
| | | | | | | | | | | | | | | | | | | from solver specific implementations. NFC. Summary: By making SMTConstraintManager a template and passing the SMT constraint type and expr, we can further move code from the Z3ConstraintManager class to the generic SMT constraint Manager. Now, each SMT specific constraint manager only needs to implement the method `bool canReasonAbout(SVal X) const`. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Subscribers: mgorny, xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D50770 llvm-svn: 340533
* [analyzer] Delete SMTContext. NFC.Mikhail R. Gadelha2018-08-231-3/+2
| | | | | | | | | | | | | | Summary: There is no reason to have a base class for a context anymore as each SMT object carries a reference to the specific solver context. Reviewers: NoQ, george.karpenkov, hiraditya Reviewed By: hiraditya Subscribers: hiraditya, xazax.hun, szepet, a.sidorin, Szelethus Differential Revision: https://reviews.llvm.org/D50768 llvm-svn: 340532
* Change dyn_cast<CXXMethodDecl>(FD) to isa<CXXMethodDecl>(FD) [NFC]Mikael Holmen2018-08-231-1/+1
| | | | | | The result of the dyn_cast wasn't used to we can just check isa. llvm-svn: 340531
* Removed unused variable [NFC]Mikael Holmen2018-08-231-1/+1
| | | | | | | | | | The compiler warned: ../tools/clang/lib/StaticAnalyzer/Core/RetainSummaryManager.cpp:329:19: error: unused variable 'MD' [-Werror,-Wunused-variable] if (const auto *MD = dyn_cast<CXXMethodDecl>(FD)) { ^ 1 error generated. llvm-svn: 340524
* [analyzer] Preliminary version of retain count checking for OSObjectsGeorge Karpenkov2018-08-234-16/+126
| | | | | | | | Has quite a lot of false positives, disabled behind the flag. Differential Revision: https://reviews.llvm.org/D50880 llvm-svn: 340502
* Revert "[CStringSyntaxChecker] Check strlcat sizeof check"George Karpenkov2018-08-231-50/+4
| | | | | | | | This reverts commit 3073790e87378fea9a68fb052185fec9596ef135. The check is not correct, strlact(dest, "mystr", sizeof(dest)) is fine. llvm-svn: 340501
* Revert "[CStringSyntaxChecker] Reduces space around error message for strlcat."George Karpenkov2018-08-231-1/+1
| | | | | | This reverts commit 6b43b80320722da41ca6ef7a3b57cc300fb83094. llvm-svn: 340500
* [analyzer] Track non-zero values in ReturnVisitorGeorge Karpenkov2018-08-221-24/+27
| | | | | | | | | | | | | Tracking those can help to provide much better diagnostics in many cases. In general, most of the visitor machinery should be refactored to allow tracking the origin of arbitrary values. rdar://36039765 Differential Revision: https://reviews.llvm.org/D51131 llvm-svn: 340475
* [analyzer] Track the problematic subexpression in UndefResultCheckerGeorge Karpenkov2018-08-221-0/+4
| | | | | | | | This is tested in a subsequent commit, which allows tracking those values. Differential Revision: https://reviews.llvm.org/D51139 llvm-svn: 340474
* [analyzer] [NFC] Minor refactoring of BugReporterVisitorsGeorge Karpenkov2018-08-221-15/+13
| | | | | | Differential Revision: https://reviews.llvm.org/D51130 llvm-svn: 340473
* [analyzer] Improve `CallDescription` to handle c++ method.Henry Wong2018-08-222-49/+65
| | | | | | | | | | | | | | | | | Summary: `CallDecription` can only handle function for the time being. If we want to match c++ method, we can only use method name to match and can't improve the matching accuracy through the qualifiers. This patch add the support for `QualifiedName` matching to improve the matching accuracy. Reviewers: xazax.hun, NoQ, george.karpenkov, rnkovacs Reviewed By: xazax.hun, NoQ, rnkovacs Subscribers: Szelethus, szepet, rnkovacs, a.sidorin, mikhail.ramalho, cfe-commits, MTC Differential Revision: https://reviews.llvm.org/D48027 llvm-svn: 340407
* [analyzer] [NFC] Fix minor formatting issues in RetainCountCheckerGeorge Karpenkov2018-08-223-10/+8
| | | | | | Differential Revision: https://reviews.llvm.org/D51072 llvm-svn: 340378
* [analyzer] [NFC] Extract a method for creating RefVal from RetEffect in ↵George Karpenkov2018-08-221-34/+17
| | | | | | | | RetainCountChecker Differential Revision: https://reviews.llvm.org/D51071 llvm-svn: 340377
* [analyzer] Correctly marked a virtual function 'override'Kristof Umann2018-08-211-1/+1
| | | | llvm-svn: 340280
* [analyzer][UninitializedObjectChecker] Explicit namespace resolution for ↵Kristof Umann2018-08-212-7/+70
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | inherited data members For the following example: struct Base { int x; }; // In a different translation unit struct Derived : public Base { Derived() {} }; For a call to Derived::Derived(), we'll receive a note that this->x is uninitialized. Since x is not a direct field of Derived, it could be a little confusing. This patch aims to fix this, as well as the case when the derived object has a field that has the name as an inherited uninitialized data member: struct Base { int x; // note: uninitialized field 'this->Base::x' }; struct Derived : public Base { int x = 5; Derived() {} }; Differential Revision: https://reviews.llvm.org/D50905 llvm-svn: 340272
* [analyzer][UninitializedObjectChecker] Added documentation to the checker listKristof Umann2018-08-211-12/+0
| | | | | | Differential Revision: https://reviews.llvm.org/D50904 llvm-svn: 340266
* [analyzer][UninitializedObjectChecker] Refactoring p6.: Move dereferencing ↵Kristof Umann2018-08-212-56/+63
| | | | | | | | | | | | to a function Now that it has it's own file, it makes little sense for isPointerOrReferenceUninit to be this large, so I moved dereferencing to a separate function. Differential Revision: https://reviews.llvm.org/D50509 llvm-svn: 340265
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker - try #2George Karpenkov2018-08-2111-638/+57
| | | | | | | | | | Turns out it can't be removed from the analyzer since it relies on CallEvent. Moving to staticAnalyzer/core Differential Revision: https://reviews.llvm.org/D51023 llvm-svn: 340247
OpenPOWER on IntegriCloud