summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/bstring.c
Commit message (Collapse)AuthorAgeFilesLines
* Improve support of GNU mempcpyserge-sans-paille2020-01-091-0/+6
| | | | | | | - Lower to the memcpy intrinsic - Raise warnings when size/bounds are known Differential Revision: https://reviews.llvm.org/D71374
* [analyzer] CStringChecker: Fix overly eager assumption that memcmp args overlap.Artem Dergachev2019-12-111-0/+6
| | | | | | | | | | | | | | | | | While analyzing code `memcmp(a, NULL, n);', where `a' has an unconstrained symbolic value, the analyzer was emitting a warning about the *first* argument being a null pointer, even though we'd rather have it warn about the *second* argument. This happens because CStringChecker first checks whether the two argument buffers are in fact the same buffer, in order to take the fast path. This boils down to assuming `a == NULL' to true. Then the subsequent check for null pointer argument "discovers" that `a' is null. Don't take the fast path unless we are *sure* that the buffers are the same. Otherwise proceed as normal. Differential Revision: https://reviews.llvm.org/D71322
* [analyzer] CStringChecker: Improve warning messages.Artem Dergachev2019-12-111-6/+6
| | | | Differential Revision: https://reviews.llvm.org/D71321
* [analyzer][NFC] Prettify some RUN: lines in test files.Kristof Umann2019-05-231-4/+27
| | | | | | This is a test commit in disguise. llvm-svn: 361505
* [Sema] Add some compile time _FORTIFY_SOURCE diagnosticsErik Pilkington2019-03-181-2/+11
| | | | | | | | | | | | | | | | | | | | | | | These diagnose overflowing calls to subset of fortifiable functions. Some functions, like sprintf or strcpy aren't supported right not, but we should probably support these in the future. We previously supported this kind of functionality with -Wbuiltin-memcpy-chk-size, but that diagnostic doesn't work with _FORTIFY implementations that use wrapper functions. Also unlike that diagnostic, we emit these warnings regardless of whether _FORTIFY_SOURCE is actually enabled, which is nice for programs that don't enable the runtime checks. Why not just use diagnose_if, like Bionic does? We can get better diagnostics in the compiler (i.e. mention the sizes), and we have the potential to diagnose sprintf and strcpy which is impossible with diagnose_if (at least, in languages that don't support C++14 constexpr). This approach also saves standard libraries from having to add diagnose_if. rdar://48006655 Differential revision: https://reviews.llvm.org/D58797 llvm-svn: 356397
* [Builtins] Treat `bcmp` as a builtin.Clement Courbet2019-02-141-2/+1
| | | | | | | | | | | | | | | | | Summary: This makes it consistent with `memcmp` and `__builtin_bcmp`. Also see the discussion in https://reviews.llvm.org/D56593. Reviewers: jyknight Subscribers: kristina, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D58120 llvm-svn: 354023
* [analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by defaultGeorge Karpenkov2018-08-291-4/+4
| | | | | | Differential Revision: https://reviews.llvm.org/D51251 llvm-svn: 340963
* [analyzer] Hopefully fix the ARM buildbot.George Karpenkov2018-03-311-0/+9
| | | | llvm-svn: 328913
* Reland 4: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-031-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895
* Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | multiple constraint managers" This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841
* Reland 3: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837
* Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | multiple constraint managers" This reverts commit f93343c099fff646a2314cc7f4925833708298b1. llvm-svn: 296836
* Reland 2: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296835
* Revert "Reland: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-02-281-4/+4
| | | | | | | | multiple constraint managers" This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830. llvm-svn: 296422
* Reland: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-281-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296414
* Revert "[analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-271-4/+4
| | | | | | | | constraint managers" This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787. llvm-svn: 296317
* [analyzer] NFC: Update test infrastructure to support multiple constraint ↵Dominic Chen2017-02-271-4/+4
| | | | | | | | | | | | | | managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296312
* [analyzer] Make CStringChecker correctly calculate return value of mempcpyAnna Zaks2014-10-031-0/+39
| | | | | | | | | | The return value of mempcpy is only correct when the destination type is one byte in size. This patch casts the argument to a char* so the calculation is also correct for structs, ints etc. A patch by Daniel Fahlgren! llvm-svn: 219024
* Fix analyzer tests.Ted Kremenek2012-08-241-4/+4
| | | | llvm-svn: 162588
* [analyzer] Convert many existing tests to use clang_analyzer_eval.Jordy Rose2012-05-161-41/+38
| | | | llvm-svn: 156920
* [analyzer] CString Checker: Do not split the path unless the userAnna Zaks2012-05-031-0/+10
| | | | | | | | | | specifically checks for equality to null. Enforcing this general practice, which keeps the analyzer less noisy, in the CString Checker. This change suppresses "Assigned value is garbage or undefined" warning in the added test case. llvm-svn: 156085
* [analyzer] Turn on by default the Malloc Checker and a couple of CStringAnna Zaks2012-02-201-4/+4
| | | | | | | | | | | | checks: - unix.Malloc - Checks for memory leaks, double free, use-after-free. - unix.cstring.NullArg - Checks for null pointers passed as arguments to CString functions + evaluates CString functions. - unix.cstring.BadSizeArg - Checks for common anti-patterns in strncat size argument. llvm-svn: 150988
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-071-4/+4
| | | | | | separately. llvm-svn: 149947
* [analyzer] Add checks for common anti-patterns in strncat.Anna Zaks2012-01-311-4/+4
| | | | | | | (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407
* [analyzer] rename all experimental checker packages to have 'experimental' ↵Ted Kremenek2011-08-031-4/+4
| | | | | | be the common root package. llvm-svn: 136835
* [analyzer] Eliminate "byte string function" from CStringChecker's ↵Jordy Rose2011-06-201-14/+14
| | | | | | diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking. llvm-svn: 133406
* [analyzer] CStringChecker checks functions in the C standard library, not ↵Jordy Rose2011-06-141-4/+4
| | | | | | C++. Its external name is now unix.experimental.CString. llvm-svn: 132958
* [analyzer] Don't crash when copying an unknown number of bytes with ↵Jordy Rose2011-06-041-0/+6
| | | | | | memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside. llvm-svn: 132617
* [analyzer] Fix handling of "copy zero bytes" for memcpy and friends.Jordy Rose2011-06-041-0/+18
| | | | llvm-svn: 132607
* [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)Jordy Rose2011-06-031-0/+13
| | | | llvm-svn: 132605
* Emit a -Wnull-dereference warning for "*null" not just "*null = something". ↵Argyrios Kyrtzidis2011-04-261-4/+4
| | | | | | Addresses rdar://9269271. llvm-svn: 130207
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-151-1/+1
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
* Adding Static Analyzer checker for mempcpy().Lenny Maiorani2011-03-311-0/+101
| | | | | | Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied. llvm-svn: 128677
* Rework checker "packages" and groups to be more hierarchical.Ted Kremenek2011-03-241-4/+4
| | | | llvm-svn: 128187
* [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best ↵Argyrios Kyrtzidis2011-02-281-4/+4
| | | | | | misnomer award. llvm-svn: 126676
* [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.Argyrios Kyrtzidis2011-02-281-4/+4
| | | | | | | | They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that DereferenceChecker can dispatch. ImplicitNullDerefEvent is when we dereferenced a location that may be null. llvm-svn: 126659
* [analyzer] Remove '-analyzer-experimental-checks' flag.Argyrios Kyrtzidis2011-02-281-4/+4
| | | | llvm-svn: 126607
* [analyzer] Use the new registration mechanism on some of the experimental ↵Argyrios Kyrtzidis2011-02-151-4/+4
| | | | | | | | | | | | | | | checks. These are: CStringChecker ChrootChecker MallocChecker PthreadLockChecker StreamChecker UnreachableCodeChecker MallocChecker creates implicit dependencies between checkers and needs to be handled differently. llvm-svn: 125598
* Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes:Jordy Rose2010-08-161-9/+18
| | | | | | | | - Fix memcpy() and friends to actually invalidate the destination buffer. - Emit a different message for out-of-bounds buffer accesses if the buffer is being written to. - When conjuring symbols, let ValueManager figure out the type. llvm-svn: 111120
* When checking if a buffer access is valid, first make sure the buffer has a ↵Jordy Rose2010-08-051-0/+6
| | | | | | valid Loc. Fixes PR7830. llvm-svn: 110390
* Added some false positive checking to UnreachableCodeCheckerTom Care2010-07-271-6/+6
| | | | | | | | | - Allowed reporting of dead macros - Added path walking function to search for false positives in conditional statements - Updated some affected tests - Added some false positive test cases llvm-svn: 109561
* Added an path-sensitive unreachable code checker to the experimental ↵Tom Care2010-07-231-6/+6
| | | | | | | | | | analyzer checks. - Created a new class to do post-analysis - Updated several test cases with unreachable code to expect a warning - Added some general tests llvm-svn: 109286
* Cleanup in CStringChecker. Now properly bifurcates the state for ↵Jordy Rose2010-07-081-0/+8
| | | | | | zero/nonzero sizes. llvm-svn: 107935
* Add memcmp() and bcmp() to CStringChecker. These check for valid access to ↵Jordy Rose2010-07-071-2/+68
| | | | | | the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero. llvm-svn: 107761
* Cleanup on CStringChecker and its associated tests. Also check for null ↵Jordy Rose2010-07-071-13/+29
| | | | | | arguments...which are allowed if the access length is 0! llvm-svn: 107759
* Add a new path-sensitive checker for functions in <string.h>, for both ↵Jordy Rose2010-07-061-0/+187
null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon. llvm-svn: 107722
OpenPOWER on IntegriCloud