summaryrefslogtreecommitdiffstats
path: root/clang/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
...
* Model type attributes as regular Attrs.Richard Smith2018-08-201-2/+2
| | | | | | | | | | | | | | Specifically, AttributedType now tracks a regular attr::Kind rather than having its own parallel Kind enumeration, and AttributedTypeLoc now holds an Attr* instead of holding an ad-hoc collection of Attr fields. Differential Revision: https://reviews.llvm.org/D50526 This reinstates r339623, reverted in r339638, with a fix to not fail template instantiation if we instantiate a QualType with no associated type source information and we encounter an AttributedType. llvm-svn: 340215
* [NFC] Don't define static function in header (UninitializedObject.h)Andrei Elovikov2018-08-202-5/+3
| | | | | | | | | | | | | | | | Summary: See also http://lists.llvm.org/pipermail/cfe-users/2016-January/000854.html for the reasons why it's bad. Reviewers: Szelethus, erichkeane Reviewed By: Szelethus Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D50963 llvm-svn: 340174
* Revert "[analyzer] [NFC] Split up RetainSummaryManager from RetainCountChecker"Bruno Cardoso Lopes2018-08-1810-19/+1500
| | | | | | | | | | | | | | This reverts commit a786521fa66c72edd308baff0c08961b6d964fb1. Bots haven't caught up yet, but broke modules build with: ../tools/clang/include/clang/StaticAnalyzer/Checkers/MPIFunctionClassifier.h:18:10: fatal error: cyclic dependency in module 'Clang_StaticAnalyzer_Core': Clang_StaticAnalyzer_Core -> Clang_Analysis -> Clang_StaticAnalyzer_Checkers -> Clang_StaticAnalyzer_Core ^ llvm-svn: 340117
* [analyzer] [NFC] Split up RetainSummaryManager from RetainCountCheckerGeorge Karpenkov2018-08-1810-1500/+19
| | | | | | | | | | | | | ARCMigrator is using code from RetainCountChecker, which is a layering violation (and it also does it badly, by using a different header, and then relying on implementation being present in a header file). This change splits up RetainSummaryManager into a separate library in lib/Analysis, which can be used independently of a checker. Differential Revision: https://reviews.llvm.org/D50934 llvm-svn: 340114
* [analyzer] [NFC] Minor refactoring of ISL-specific code in RetainCountCheckerGeorge Karpenkov2018-08-172-14/+9
| | | | | | Differential Revision: https://reviews.llvm.org/D50879 llvm-svn: 340098
* [analyzer] Re-instate support for MakeCollectable is RetainCountCheckerGeorge Karpenkov2018-08-173-5/+24
| | | | | | Differential Revision: https://reviews.llvm.org/D50872 llvm-svn: 340097
* [analyzer] [NFC] Move ObjCRetainCount to include/AnalysisGeorge Karpenkov2018-08-172-2/+2
| | | | | | Differential Revision: https://reviews.llvm.org/D50869 llvm-svn: 340096
* [analyzer] [NFC] Move canEval function from RetainCountChecker to ↵George Karpenkov2018-08-173-72/+85
| | | | | | | | RetainCountSummaries Differential Revision: https://reviews.llvm.org/D50863 llvm-svn: 340094
* [analyzer] [NFC] Split up summary generation in RetainCountChecker in two ↵George Karpenkov2018-08-172-204/+195
| | | | | | | | methods Differential Revision: https://reviews.llvm.org/D50830 llvm-svn: 340093
* [analyzer] [NFC] Split up RetainCountCheckerGeorge Karpenkov2018-08-178-3894/+4036
| | | | | | | | At some point, staring at 4k+ LOC file becomes a bit hard. Differential Revision: https://reviews.llvm.org/D50821 llvm-svn: 340092
* [analyzer] Drop support for GC mode in RetainCountCheckerGeorge Karpenkov2018-08-171-324/+61
| | | | | | | | | | | | A lot of code in RetainCountChecker deals with GC mode. Given that GC mode is deprecated, Apple does not ship runtime for it, and modern compiler toolchain does not support it, it makes sense to remove the code dealing with it in order to aid understanding of RetainCountChecker. Differential Revision: https://reviews.llvm.org/D50747 llvm-svn: 340091
* [CStringSyntaxChecker] Reduces space around error message for strlcat.David Carlier2018-08-151-1/+1
| | | | llvm-svn: 339808
* Silence "unused variable" warning.Richard Smith2018-08-151-0/+1
| | | | llvm-svn: 339747
* [analyzer] Add support for constructors of arguments.Artem Dergachev2018-08-156-29/+221
| | | | | | | | | | | | | | | | | | | | | Once CFG-side support for argument construction contexts landed in r338436, the analyzer could make use of them to evaluate argument constructors properly. When evaluated as calls, constructors of arguments now use the variable region of the parameter as their target. The corresponding stack frame does not yet exist when the parameter is constructed, and this stack frame is created eagerly. Construction of functions whose body is unavailable and of virtual functions is not yet supported. Part of the reason is the analyzer doesn't consistently use canonical declarations o identify the function in these cases, and every re-declaration or potential override comes with its own set of parameter declarations. Also it is less important because if the function is not inlined, there's usually no benefit in inlining the argument constructor. Differential Revision: https://reviews.llvm.org/D49443 llvm-svn: 339745
* [analyzer] Made a buildbot happy.Kristof Umann2018-08-141-2/+4
| | | | llvm-svn: 339655
* [analyzer][UninitializedObjectChecker] Void pointers are casted back to ↵Kristof Umann2018-08-141-2/+40
| | | | | | | | their dynamic type in note message Differential Revision: https://reviews.llvm.org/D49228 llvm-svn: 339653
* [CStringSyntaxChecker] Check strlcat sizeof checkDavid Carlier2018-08-141-4/+50
| | | | | | | | | | | | | - Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. - Advising the proper usual pattern. Reviewers: NoQ, george.karpenkov Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 339641
* Revert r339623 "Model type attributes as regular Attrs."Reid Kleckner2018-08-141-2/+2
| | | | | | | | This breaks compiling atlwin.h in Chromium. I'm sure the code is invalid in some way, but we put a lot of work into accepting it, and I'm sure rejecting it was not an intended consequence of this refactoring. :) llvm-svn: 339638
* [analyzer] Fix UninitializedObjectChecker to not crash on uninitialized "id" ↵George Karpenkov2018-08-132-2/+2
| | | | | | | | fields Differential Revision: https://reviews.llvm.org/D50673 llvm-svn: 339631
* Fix Clang warnings and bad #include filenames in r339595 and r339599.Richard Smith2018-08-133-5/+7
| | | | llvm-svn: 339624
* Model type attributes as regular Attrs.Richard Smith2018-08-131-2/+2
| | | | | | | | | | Specifically, AttributedType now tracks a regular attr::Kind rather than having its own parallel Kind enumeration, and AttributedTypeLoc now holds an Attr* instead of holding an ad-hoc collection of Attr fields. Differential Revision: https://reviews.llvm.org/D50526 llvm-svn: 339623
* [analyzer][UninitializedObjectChecker] Refactoring p5.: Handle pedantic mode ↵Kristof Umann2018-08-132-14/+19
| | | | | | | | in the checker class only Differential Revision: https://reviews.llvm.org/D50508 llvm-svn: 339601
* [analyzer][UninitializedObjectChecker] Refactoring p4.: Wrap FieldRegions ↵Kristof Umann2018-08-133-113/+201
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and reduce weight on FieldChainInfo Before this patch, FieldChainInfo used a spaghetti: it took care of way too many cases, even though it was always meant as a lightweight wrapper around ImmutableList<const FieldRegion *>. This problem is solved by introducing a lightweight polymorphic wrapper around const FieldRegion *, FieldNode. It is an interface that abstracts away special cases like pointers/references, objects that need to be casted to another type for a proper note messages. Changes to FieldChainInfo: * Now wraps ImmutableList<const FieldNode &>. * Any pointer/reference related fields and methods were removed * Got a new add method. This replaces it's former constructors as a way to create a new FieldChainInfo objects with a new element. Changes to FindUninitializedField: * In order not to deal with dynamic memory management, when an uninitialized field is found, the note message for it is constructed and is stored instead of a FieldChainInfo object. (see doc around addFieldToUninits). Some of the test files are changed too, from now on uninitialized pointees of references always print "uninitialized pointee" instead of "uninitialized field" (which should've really been like this from the beginning). I also updated every comment according to these changes. Differential Revision: https://reviews.llvm.org/D50506 llvm-svn: 339599
* [analyzer][UninitializedObjectChecker] Refactoring p3.: printTail moved out ↵Kristof Umann2018-08-133-16/+17
| | | | | | | | | | from FieldChainInfo This is a standalone part of the effort to reduce FieldChainInfos inteerface. Differential Revision: https://reviews.llvm.org/D50505 llvm-svn: 339596
* [analyzer][UninitializedObjectChecker] Refactoring p2.: Moving pointer ↵Kristof Umann2018-08-134-297/+376
| | | | | | | | | | | | | | | | | | | | chasing to a separate file In this patch, the following classes and functions have been moved to a header file: FieldChainInfo FindUninitializedFields isPrimitiveType This also meant that they moved from anonymous namespace to clang::ento. Code related to pointer chasing now relies in its own file. There's absolutely no functional change in this patch -- its literally just copy pasting. Differential Revision: https://reviews.llvm.org/D50504 llvm-svn: 339595
* [analyzer][UninitializedObjectChecker] Refactoring p1.: ImmutableList ↵Kristof Umann2018-08-131-7/+8
| | | | | | | | | | | | | | | | factory is no longer static This patch is the first part of a series of patches to refactor UninitializedObjectChecker. The goal of this effort is to Separate pointer chasing from the rest of the checker, Increase readability and reliability, Don't impact performance (too bad). In this one, ImmutableList's factory is moved to FindUninitializedFields. Differential Revision: https://reviews.llvm.org/D50503 llvm-svn: 339591
* [analyzer] Fix keyboard navigation for .msgNote eventsGeorge Karpenkov2018-08-111-1/+2
| | | | | | | | Does not go to msgNote's. Differential Revision: https://reviews.llvm.org/D50595 llvm-svn: 339493
* [analyzer] InnerPointerChecker: improve warning messages and notes.Reka Kovacs2018-08-103-21/+56
| | | | | | Differential Revision: https://reviews.llvm.org/D49570 llvm-svn: 339489
* [analyzer] Record nullability implications on getting items from NSDictionaryGeorge Karpenkov2018-08-101-14/+173
| | | | | | | | | | | | | | | | | | | | If we get an item from a dictionary, we know that the item is non-null if and only if the key is non-null. This patch is a rather hacky way to record this implication, because some logic needs to be duplicated from the solver. And yet, it's pretty simple, performant, and works. Other possible approaches: - Record the implication, in future rely on Z3 to pick it up. - Generalize the current code and move it to the constraint manager. rdar://34990742 Differential Revision: https://reviews.llvm.org/D50124 llvm-svn: 339482
* [analyzer] Fix tracking expressions through negation operatorGeorge Karpenkov2018-08-101-0/+4
| | | | | | Differential Revision: https://reviews.llvm.org/D50537 llvm-svn: 339476
* Invalidate static locals when escaping lambdasGeorge Karpenkov2018-08-101-0/+27
| | | | | | | | | | Lambdas can affect static locals even without an explicit capture. rdar://39537031 Differential Revision: https://reviews.llvm.org/D50368 llvm-svn: 339459
* Port getLocEnd -> getEndLocStephen Kelly2018-08-093-5/+5
| | | | | | | | | | Reviewers: teemperor! Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D50351 llvm-svn: 339386
* Port getLocStart -> getBeginLocStephen Kelly2018-08-0918-50/+51
| | | | | | | | | | Reviewers: teemperor! Subscribers: jholewinski, whisperity, jfb, cfe-commits Differential Revision: https://reviews.llvm.org/D50350 llvm-svn: 339385
* Port getStartLoc -> getBeginLocStephen Kelly2018-08-091-1/+1
| | | | | | | | | | Reviewers: teemperor! Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D50349 llvm-svn: 339384
* [analyzer] Fix the bug in UninitializedObjectChecker caused by not handling ↵George Karpenkov2018-08-091-2/+3
| | | | | | | | block pointers Differential Revision: https://reviews.llvm.org/D50523 llvm-svn: 339369
* [analyzer][UninitializedObjectChecker] Pointer/reference objects are ↵Kristof Umann2018-08-081-34/+75
| | | | | | | | | | | | | | | | dereferenced according to dynamic type This patch fixed an issue where the dynamic type of pointer/reference object was known by the analyzer, but wasn't obtained in the checker, which resulted in false negatives. This should also increase reliability of the checker, as derefencing is always done now according to the dynamic type (even if that happens to be the same as the static type). Special thanks to Artem Degrachev for setting me on the right track. Differential Revision: https://reviews.llvm.org/D49199 llvm-svn: 339240
* [analyzer][UninitializedObjectChecker] Fixed a false negative by no longer ↵Kristof Umann2018-08-081-15/+33
| | | | | | | | | | | | | | | | | filtering out certain constructor calls As of now, all constructor calls are ignored that are being called by a constructor. The point of this was not to analyze the fields of an object, so an uninitialized field wouldn't be reported multiple times. This however introduced false negatives when the two constructors were in no relation to one another -- see the test file for a neat example for this with singletons. This patch aims so fix this issue. Differential Revision: https://reviews.llvm.org/D48436 llvm-svn: 339237
* [analyzer] Avoid querying this-pointers for static-methods.Matt Davis2018-08-071-2/+4
| | | | | | | | | | | | | | | | | | | Summary: The loop-widening code processes c++ methods looking for `this` pointers. In the case of static methods (which do not have `this` pointers), an assertion was triggering. This patch avoids trying to process `this` pointers for static methods, and thus avoids triggering the assertion . Reviewers: dcoughlin, george.karpenkov, NoQ Reviewed By: NoQ Subscribers: NoQ, xazax.hun, szepet, a.sidorin, mikhail.ramalho, cfe-commits Differential Revision: https://reviews.llvm.org/D50408 llvm-svn: 339201
* [analyzer][UninitializedObjectChecker] New flag to turn off dereferencingKristof Umann2018-08-071-8/+35
| | | | | | | | | | | Even for a checker being in alpha, some reports about pointees held so little value to the user that it's safer to disable pointer/reference chasing for now. It can be enabled with a new flag, in which case checker should function as it has always been. This can be set with `CheckPointeeInitialization`. Differential Revision: https://reviews.llvm.org/D49438 llvm-svn: 339135
* [analyzer] Add ASTContext to CheckerManagerGeorge Karpenkov2018-08-063-30/+29
| | | | | | | | | Some checkers require ASTContext. Having it in the constructor saves a lot of boilerplate of having to pass it around. Differential Revision: https://reviews.llvm.org/D50111 llvm-svn: 339079
* [analyzer] InnerPointerChecker: fix displayed checker name.Reka Kovacs2018-08-063-8/+28
| | | | | | | | | | | | | | | | For InnerPointerChecker to function properly, both the checker itself and parts of MallocChecker that handle relevant use-after-free problems need to be turned on. So far, the latter part has been developed within MallocChecker's NewDelete sub-checker, often causing warnings to appear under that name. This patch defines a new CheckKind within MallocChecker for the inner pointer checking functionality, so that the correct name is displayed in warnings and in the ExplodedGraph. Tested on clang-tidy. Differential Review: https://reviews.llvm.org/D50211 llvm-svn: 339067
* [analyzer] Do not crash in NoStoreFuncVisitor notes if an unexpected region ↵George Karpenkov2018-08-031-7/+14
| | | | | | | | is found. Just do not generate the note at all in that case. llvm-svn: 338935
* [analyzer] Add test for a crash fixed in r338775.Reka Kovacs2018-08-031-4/+1
| | | | | | | | Do not crash if a CXXRecordDecl cannot be obtained for an object. Special thanks for the reproduction to Alexander Kornienko. llvm-svn: 338918
* [analyzer] Detect pointers escaped after ReturnStmt execution in MallocChecker.Reka Kovacs2018-08-021-3/+25
| | | | | | | | | | Objects local to a function are destroyed right after the statement returning (part of) them is executed in the analyzer. This patch enables MallocChecker to warn in these cases. Differential Revision: https://reviews.llvm.org/D49361 llvm-svn: 338780
* [analyzer] Obtain a ReturnStmt from a CFGAutomaticObjDtor.Reka Kovacs2018-08-022-1/+24
| | | | | | | | | | | The CoreEngine only gives us a ReturnStmt if the last element in the CFGBlock is a CFGStmt, otherwise the ReturnStmt is nullptr. This patch adds support for the case when the last element is a CFGAutomaticObjDtor, by returning its TriggerStmt as a ReturnStmt. Differential Revision: https://reviews.llvm.org/D49811 llvm-svn: 338777
* [analyzer] Add a safety check to InnerPointerChecker.Reka Kovacs2018-08-021-2/+5
| | | | | | Do not crash if the CXXRecordDecl of an object is not available. llvm-svn: 338775
* [analyzer] Make RegionVector use const referenceFangrui Song2018-08-021-10/+7
| | | | llvm-svn: 338732
* [analyzer] Extend NoStoreFuncVisitor to follow fields.George Karpenkov2018-08-021-126/+212
| | | | | | | | rdar://39701823 Differential Revision: https://reviews.llvm.org/D49901 llvm-svn: 338667
* Add missing semicolon.Simon Pilgrim2018-08-011-1/+1
| | | | llvm-svn: 338510
* Replace 'FALL-THROUGH' comment with LLVM_FALLTHROUGH to silence warning. NFCI.Simon Pilgrim2018-08-011-1/+1
| | | | llvm-svn: 338508
OpenPOWER on IntegriCloud