summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/NewDelete-checker-test.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Reimplement dependencies between checkersKristof Umann2019-01-261-8/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unfortunately, up until now, the fact that certain checkers depended on one another was known, but how these actually unfolded was hidden deep within the implementation. For example, many checkers (like RetainCount, Malloc or CString) modelled a certain functionality, and exposed certain reportable bug types to the user. For example, while MallocChecker models many many different types of memory handling, the actual "unix.MallocChecker" checker the user was exposed to was merely and option to this modeling part. Other than this being an ugly mess, this issue made resolving the checker naming issue almost impossible. (The checker naming issue being that if a checker registered more than one checker within its registry function, both checker object recieved the same name) Also, if the user explicitly disabled a checker that was a dependency of another that _was_ explicitly enabled, it implicitly, without "telling" the user, reenabled it. Clearly, changing this to a well structured, declarative form, where the handling of dependencies are done on a higher level is very much preferred. This patch, among the detailed things later, makes checkers declare their dependencies within the TableGen file Checkers.td, and exposes the same functionality to plugins and statically linked non-generated checkers through CheckerRegistry::addDependency. CheckerRegistry now resolves these dependencies, makes sure that checkers are added to CheckerManager in the correct order, and makes sure that if a dependency is disabled, so will be every checker that depends on it. In detail: * Add a new field to the Checker class in CheckerBase.td called Dependencies, which is a list of Checkers. * Move unix checkers before cplusplus, as there is no forward declaration in tblgen :/ * Add the following new checkers: - StackAddrEscapeBase - StackAddrEscapeBase - CStringModeling - DynamicMemoryModeling (base of the MallocChecker family) - IteratorModeling (base of the IteratorChecker family) - ValistBase - SecuritySyntaxChecker (base of bcmp, bcopy, etc...) - NSOrCFErrorDerefChecker (base of NSErrorChecker and CFErrorChecker) - IvarInvalidationModeling (base of IvarInvalidation checker family) - RetainCountBase (base of RetainCount and OSObjectRetainCount) * Clear up and registry functions in MallocChecker, happily remove old FIXMEs. * Add a new addDependency function to CheckerRegistry. * Neatly format RUN lines in files I looked at while debugging. Big thanks to Artem Degrachev for all the guidance through this project! Differential Revision: https://reviews.llvm.org/D54438 llvm-svn: 352287
* Revert rC349281 '[analyzer][MallocChecker][NFC] Document and reorganize some ↵Kristof Umann2018-12-171-1/+1
| | | | | | functions' llvm-svn: 349340
* [analyzer][MallocChecker] Improve warning messages on double-delete errorsKristof Umann2018-12-151-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D54834 llvm-svn: 349283
* [analyzer] NFC: Run many existing C++ tests with a custom operator new().Artem Dergachev2018-01-241-3/+15
| | | | | | | | | | | In order to provide more test coverage for inlined operator new(), add more run-lines to existing test cases, which would trigger our fake header to provide a body for operator new(). Most of the code should still behave reasonably. When behavior intentionally changes, #ifs are provided. Differential Revision: https://reviews.llvm.org/D42221 llvm-svn: 323376
* [analyzer] operator new: Fix memory space for the returned region.Artem Dergachev2018-01-171-0/+2
| | | | | | | | | | | | | | | Make sure that with c++-allocator-inlining=true we have the return value of conservatively evaluated operator new() in the correct memory space (heap). This is a regression/omission that worked well in c++-allocator-inlining=false. Heap regions are superior to regular symbolic regions because they have stricter aliasing constraints: heap regions do not alias each other or global variables. Differential Revision: https://reviews.llvm.org/D41266 rdar://problem/12180598 llvm-svn: 322780
* [analyzer] Clarify 'uninitialized function argument' messagesDaniel Marjamaki2017-03-081-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D30341 llvm-svn: 297283
* Reland 4: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-031-2/+2
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895
* Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-2/+2
| | | | | | | | multiple constraint managers" This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841
* Reland 3: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-2/+2
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837
* Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-2/+2
| | | | | | | | multiple constraint managers" This reverts commit f93343c099fff646a2314cc7f4925833708298b1. llvm-svn: 296836
* Reland 2: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-2/+2
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296835
* Revert "Reland: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-02-281-2/+2
| | | | | | | | multiple constraint managers" This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830. llvm-svn: 296422
* Reland: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-281-2/+2
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296414
* Revert "[analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-271-2/+2
| | | | | | | | constraint managers" This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787. llvm-svn: 296317
* [analyzer] NFC: Update test infrastructure to support multiple constraint ↵Dominic Chen2017-02-271-2/+2
| | | | | | | | | | | | | | managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296312
* [analyzer] Model base to derived casts more precisely.Gabor Horvath2016-08-081-0/+16
| | | | | | | | | | | | | | Dynamic casts are handled relatively well by the static analyzer. BaseToDerived casts however are treated conservatively. This can cause some false positives with the NewDeleteLeaks checker. This patch alters the behavior of BaseToDerived casts. In case a dynamic cast would succeed use the same semantics. Otherwise fall back to the conservative approach. Differential Revision: https://reviews.llvm.org/D23014 llvm-svn: 277989
* [analyzer] This implements potential undefbehavior.ZeroAllocDereference checker.Anton Yartsev2015-04-141-0/+24
| | | | | TODO: support realloc(). Currently it is not possible due to the present realloc() handling. Currently RegionState is not being attached to realloc() in case of a zero Size argument. llvm-svn: 234889
* [analyzer] Different handling of alloca().Anton Yartsev2015-02-191-5/+0
| | | | | | | | | | + separate bug report for "Free alloca()" error to be able to customize checkers responsible for this error. + Muted "Free alloca()" error for NewDelete checker that is not responsible for c-allocated memory, turned on for unix.MismatchedDeallocator checker. + RefState for alloca() - to be able to detect usage of zero-allocated memory by upcoming ZeroAllocDereference checker. + AF_Alloca family to handle alloca() consistently - keep proper family in RefState, handle 'alloca' by getCheckIfTracked() facility, etc. + extra tests. llvm-svn: 229850
* [analyzer] Move the NewDeleteLeaks checker from CplusplusAlpha to Cplusplus ↵Anton Yartsev2014-10-211-1/+1
| | | | | | package. llvm-svn: 220289
* [analyzer] Warn about double-delete in C++ at the second delete...Jordan Rose2014-01-081-3/+3
| | | | | | | | | | ...rather somewhere in the destructor when we try to access something and realize the object has already been deleted. This is necessary because the destructor is processed before the 'delete' itself. Patch by Karthik Bhat! llvm-svn: 198779
* [analyzer] Handle destructors for the argument to C++ 'delete'.Jordan Rose2013-09-251-0/+25
| | | | | | | | | | | | | | | | | Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! llvm-svn: 191381
* [analyzer] Warn when using 'delete' on an uninitialized variable.Jordan Rose2013-08-091-0/+32
| | | | | | Patch by Karthik Bhat, modified slightly by me. llvm-svn: 188043
* [analyzer] Don't inline ~shared_ptr.Jordan Rose2013-05-171-0/+95
| | | | | | | | | | | | | The analyzer can't see the reference count for shared_ptr, so it doesn't know whether a given destruction is going to delete the referenced object. This leads to spurious leak and use-after-free warnings. For now, just ban destructors named '~shared_ptr', which catches std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr. PR15987 llvm-svn: 182071
* [analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.Anton Yartsev2013-04-121-1/+1
| | | | llvm-svn: 179428
* [analyzer] +Testcase: several used-after-free args passed to a function.Anton Yartsev2013-04-101-0/+5
| | | | llvm-svn: 179232
* [analyzer] Switched to checkPreCall interface for detecting usage after free.Anton Yartsev2013-04-101-3/+42
| | | | | | Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer. llvm-svn: 179230
* [analyzer] Shorten the malloc checker’s leak messageAnna Zaks2013-04-061-6/+6
| | | | | | As per Ted’s suggestion! llvm-svn: 178938
* [analyzer] Re-enable cplusplus.NewDelete (but not NewDeleteLeaks).Jordan Rose2013-04-051-2/+2
| | | | | | | | As mentioned in the previous commit message, the use-after-free and double-free warnings for 'delete' are worth enabling even while the leak warnings still have false positives. llvm-svn: 178891
* [analyzer] Split new/delete checker into use-after-free and leaks parts.Jordan Rose2013-04-051-7/+26
| | | | | | | | | | | | This splits the leak-checking part of alpha.cplusplus.NewDelete into a separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the difficult false positives we've seen with the new/delete checker have been spurious leak warnings; the use-after-free warnings and mismatched deallocator warnings, while rare, have always been valid. <rdar://problem/6194569> llvm-svn: 178890
* [analyzer] Reduced the unwanted correlations between checkers living inside ↵Anton Yartsev2013-04-041-1/+1
| | | | | | | | | | | | | MallocChecker.cpp This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new. Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna). Additional changes: improved test coverage for checker correlations; refactoring: BadDealloc -> MismatchedDealloc llvm-svn: 178814
* [analyzer] Moving cplusplus.NewDelete to alpha.* for now.Anton Yartsev2013-04-021-1/+1
| | | | llvm-svn: 178529
* [analyzer] Enabled unix.Malloc checker.Anton Yartsev2013-03-301-56/+1
| | | | | | + Refactoring. llvm-svn: 178388
* [analyzer] Tests for intersections with other checkers from ↵Anton Yartsev2013-03-301-0/+200
MallocChecker.cpp factored out to NewDelete-intersections.mm llvm-svn: 178387
OpenPOWER on IntegriCloud