summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/null-deref-ps.c
Commit message (Collapse)AuthorAgeFilesLines
* Tweak null dereference checker to give better diagnostics for null ↵Ted Kremenek2010-10-261-3/+3
| | | | | | dereferences resulting from array accesses. llvm-svn: 117334
* Clean up obtuse wording of checker diagnostic of using an uninitialized ↵Ted Kremenek2010-09-091-1/+1
| | | | | | | value in a function call. Fixes: <rdar://problem/8409480> “warning: Pass-by-value argument in function call is undefined” message can be improved llvm-svn: 113554
* Put the tautological-comparison-of-unsigned-against-zero warnings inJohn McCall2010-09-081-1/+1
| | | | | | | | | -Wtautological-compare instead of -Wsign-compare, which also implies turning them on by default. Restoration of r112877. llvm-svn: 113334
* sabre points out that the timing here is pretty pessimal; I'll retry theJohn McCall2010-09-021-1/+1
| | | | | | experiment in a few days. llvm-svn: 112882
* Experimentally move the tautological comparison warnings from -Wsign-compareJohn McCall2010-09-021-1/+1
| | | | | | | to -Wtautological-compare. This implies that they're now on by default. If this causes chaos, I'll figure something else out. llvm-svn: 112877
* Added checking of (x == x) and (x != x) to IdempotentOperationChecker and ↵Tom Care2010-08-271-1/+1
| | | | | | updated test cases flagged by it. llvm-svn: 112313
* Enabled relaxed LiveVariables analysis in the path-sensitive engine to ↵Tom Care2010-08-271-1/+20
| | | | | | | | | | | increase the coverage of bugs. Primarily affects IdempotentOperationChecker. - Migrated a temporarily separated test back to its original file (bug has been fixed, null-deref-ps-temp.c -> null-deref-ps.c) - Changed SymbolManager to use relaxed LiveVariables - Updated several test cases that the IdempotentOperationChecker class now flags - Added test case to test relaxed LiveVariables use by the IdempotentOperationChecker llvm-svn: 112312
* Added psuedo-constant analysis and integrated it into the false positive ↵Tom Care2010-08-181-1/+1
| | | | | | | | | | | | | reduction stage in IdempotentOperationChecker. - Renamed IdempotentOperationChecker::isConstant to isConstantOrPseudoConstant to better reflect the function - Changed IdempotentOperationChecker::PreVisitBinaryOperator to only run 'CanVary' once on undefined assumptions - Created new PsuedoConstantAnalysis class and added it to AnalysisContext - Changed IdempotentOperationChecker to exploit the new analysis - Updated tests with psuedo-constants - Added check to IdempotentOperationChecker to see if a Decl is const qualified llvm-svn: 111426
* Improved IdempotentOperationChecker false positives and false negatives.Tom Care2010-08-121-22/+2
| | | | | | | | | - Unfinished analysis may still report valid warnings if the path was completely analyzed - New 'CanVary' heuristic to recursively determine if a subexpression has a varying element - Updated test cases, including one known bug - Exposed GRCoreEngine through GRExprEngine llvm-svn: 110970
* Finesse 'idempotent operations' analyzer issues to include the opcode of the ↵Ted Kremenek2010-07-271-1/+1
| | | | | | binary operator for clearer error reporting. Also remove the 'Idempotent operation' prefix in messages; it's redundant since the bug type is the same. llvm-svn: 109527
* Improved false positive rate for the idempotent operations checker and moved ↵Tom Care2010-07-161-1/+1
| | | | | | | | | | it into the default path-sensitive analysis options. - Added checks for static local variables, self assigned parameters, and truncating/extending self assignments - Removed command line option (now default with --analyze) - Updated test cases to pass with idempotent operation warnings llvm-svn: 108550
* fix PR7280 by making the warning on code like this:Chris Lattner2010-07-111-4/+4
| | | | | | | | | | int test1() { return; } default to an error. llvm-svn: 108108
* If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash).Jordy Rose2010-06-211-0/+5
| | | | llvm-svn: 106456
* Improve diagnostics when we fail to convert from a source type to aDouglas Gregor2010-04-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | destination type for initialization, assignment, parameter-passing, etc. The main issue fixed here is that we used rather confusing wording for diagnostics such as t.c:2:9: warning: initializing 'char const [2]' discards qualifiers, expected 'char *' [-pedantic] char *name = __func__; ^ ~~~~~~~~ We're not initializing a 'char const [2]', we're initializing a 'char *' with an expression of type 'char const [2]'. Similar problems existed for other diagnostics in this area, so I've normalized them all with more precise descriptive text to say what we're initializing/converting/assigning/etc. from and to. The warning for the code above is now: t.c:2:9: warning: initializing 'char *' from an expression of type 'char const [2]' discards qualifiers [-pedantic] char *name = __func__; ^ ~~~~~~~~ Fixes <rdar://problem/7447179>. llvm-svn: 100832
* Tweak null dereference diagnostics to give clearer diagnostics whenTed Kremenek2010-03-231-2/+2
| | | | | | a null dereference results from a field access. llvm-svn: 99236
* Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.Ted Kremenek2010-02-051-4/+4
| | | | llvm-svn: 95348
* Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.Daniel Dunbar2009-12-151-4/+4
| | | | | | | | | - This is designed to make it obvious that %clang_cc1 is a "test variable" which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it can be useful to redefine what gets run as 'clang -cc1' (for example, to set a default target). llvm-svn: 91446
* Replace clang-cc with clang -cc1.Zhongxing Xu2009-12-141-4/+4
| | | | llvm-svn: 91272
* Enhance null dereference diagnostics by indicating what variable (if any) ↵Ted Kremenek2009-11-241-4/+4
| | | | | | was dereferenced. Addresses <rdar://problem/7039161>. llvm-svn: 89726
* Switch -f{builtin,math-errno,rtti} and -analyzer-purge-dead to -...no... ↵Daniel Dunbar2009-11-191-1/+1
| | | | | | variants instead of using llvm::cl::init(true) arguments. llvm-svn: 89315
* Add clang-cc option "--analyzer-experimental-internal-checks". ThisTed Kremenek2009-11-131-4/+4
| | | | | | | option enables new "internal" checks that will eventually be turned on by default but still require broader testing. llvm-svn: 88671
* Eliminate &&s in tests.Daniel Dunbar2009-11-081-3/+3
| | | | | | - 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious. llvm-svn: 86430
* Remove test case's dependency on platform headers.Ted Kremenek2009-09-281-6/+12
| | | | llvm-svn: 83030
* Add test case for PR 4759.Ted Kremenek2009-08-241-0/+9
| | | | llvm-svn: 79954
* Remove 'StoreManager::OldCastRegion()', TypedViewRegion (which onlyTed Kremenek2009-07-291-2/+0
| | | | | | | OldCastRegion used), and the associated command line option '-analyzer-store=old-basic-cast'. llvm-svn: 77509
* Prep for new warning.Mike Stump2009-07-221-1/+1
| | | | llvm-svn: 76813
* Migrate the path-sensitive checking of 'nonnull' arguments over to the newTed Kremenek2009-07-221-0/+9
| | | | | | | | | 'Checker' interface. An updated test case illustrates that after calling a function with the 'nonnull' attribute we now register the fact that the passed pointer must be non-null. This retention of information was not possible with the previously used GRSimpleAPICheck interface. llvm-svn: 76797
* Prep for new warning.Mike Stump2009-07-211-1/+2
| | | | llvm-svn: 76610
* Switch BasicStoreManager to use the new CastRegion implementation by default,Ted Kremenek2009-07-101-2/+2
| | | | | | | | and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with '-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation around for a little while for regression testing. llvm-svn: 75209
* Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line ↵Ted Kremenek2009-07-061-0/+2
| | | | | | using '-analyzer-store=basic-new-cast'. llvm-svn: 74865
* Introduce a new concept to the static analyzer: SValuator.Ted Kremenek2009-06-261-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | GRTransferFuncs had the conflated role of both constructing SVals (symbolic expressions) as well as handling checker-specific logic. Now SValuator has the role of constructing SVals from expressions and GRTransferFuncs just handles checker-specific logic. The motivation is by separating these two concepts we will be able to much more easily create richer constraint-generating logic without coupling it to the main checker transfer function logic. We now have one implementation of SValuator: SimpleSValuator. SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals (which is removed in this patch). This includes the logic for EvalBinOp, EvalCast, etc. Because SValuator has a narrower role than the old GRTransferFuncs, the interfaces are much simpler, and so is the implementation of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of SVal-related logic in GRSimpleVals and cleaned it up while moving it over to SimpleSValuator. As a consequence of removing GRSimpleVals, there is no longer a '-checker-simple' option. The '-checker-cfref' did everything that option did but also ran the retain/release checker. Of course a user may not always wish to run the retain/release checker, nor do we wish core analysis logic buried in the checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp to separate out these pieces into the core analysis engine. llvm-svn: 74229
* Fix false positive null dereference by unifying code paths in GRSimpleVals forTed Kremenek2009-05-041-3/+3
| | | | | | | '==' and '!=' (some code in the '!=' was not replicated in the '==' code, causing some constraints to get lost). llvm-svn: 70885
* Update test case.Ted Kremenek2009-05-041-0/+29
| | | | llvm-svn: 70883
* Add another null pointer check test case.Ted Kremenek2009-05-021-0/+14
| | | | llvm-svn: 70614
* Warn about invalid return statements by default.Steve Naroff2009-04-301-2/+2
| | | | | | | | This fixes <rdar://problem/6839489> 10A345: Clang does not warm about mismatched returns (void return from a bool function) Will implement -Wreturn-type, -Wno-return-type in another commit. llvm-svn: 70492
* Rename clang to clang-cc.Daniel Dunbar2009-03-241-4/+4
| | | | | | Tests and drivers updated, still need to shuffle dirs. llvm-svn: 67602
* GRExprEngine: Polish up handling of casting integer constants to pointers ↵Ted Kremenek2009-03-051-0/+7
| | | | | | and back. llvm-svn: 66127
* Static Analyzer driver/options (partial) cleanup:Ted Kremenek2009-02-171-3/+3
| | | | | | | | | | | | | | - Move all analyzer options logic to AnalysisConsumer.cpp. - Unified specification of stores/constraints/output to be: -analyzer-output=... -analyzer-store=... -analyzer-constraints=... instead of -analyzer-range-constraints, -analyzer-store-basic, etc. - Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new interface - Updated test cases to conform to new driver options llvm-svn: 64737
* Test passes with -analyzer-range-contraints.Ted Kremenek2009-02-161-0/+1
| | | | llvm-svn: 64663
* Put the region store specific test in a separate file.Zhongxing Xu2009-02-061-9/+0
| | | | llvm-svn: 63930
* Create ElementRegion when the base is SymbolicRegion. This is like what we doZhongxing Xu2009-02-061-0/+9
| | | | | | | | | for FieldRegion. This enables us to track more values. Simplify SymbolicRegion::getRValueType(). We assume the symbol always has pointer type. llvm-svn: 63928
* Enhance test case to test RegionStore with -checker-cfref.Ted Kremenek2009-01-221-1/+2
| | | | llvm-svn: 62801
* Add -analyze action to run static analyzer, instead of inferring fromDaniel Dunbar2009-01-201-2/+2
| | | | | | individual checker options. llvm-svn: 62634
* Fix analyzer crash found when scanning Wine sources where the analyzer used ↵Ted Kremenek2009-01-171-0/+23
| | | | | | old logic to determine the value of a switch 'case' label. llvm-svn: 62395
* static analyzer: Handle casts from arrays to integers. This fixes PR 3297.Ted Kremenek2009-01-131-0/+21
| | | | llvm-svn: 62130
* Add an option to make 'RemoveDeadBindings' a configurable behavior. This enablesZhongxing Xu2008-12-221-2/+2
| | | | | | us to measure the effect of this optimization. llvm-svn: 61319
* Lazy bingding for region-store manager.Zhongxing Xu2008-12-201-2/+2
| | | | | | | | | | | | | * Now Bind() methods take and return GRState* because binding could also alter GDM. * No variables are initialized except those declared with initial values. * failed C test cases are due to bugs in RemoveDeadBindings(), which removes constraints that is still alive. This will be fixed in later patch. * default value of array and struct regions will be implemented in later patch. llvm-svn: 61274
* Add 'expected-warning' to make test case pass.Ted Kremenek2008-12-041-2/+2
| | | | llvm-svn: 60548
* Add another static analyzer test case involving attribute(nonnull).Ted Kremenek2008-12-041-0/+5
| | | | llvm-svn: 60547
* Add another test case for attribute(nonnull) checking.Ted Kremenek2008-12-041-0/+9
| | | | llvm-svn: 60544
OpenPOWER on IntegriCloud