summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/reference.cpp
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Move analyzer-eagerly-assume to AnalyzerOptions, enable by defaultGeorge Karpenkov2018-08-291-1/+1
| | | | | | Differential Revision: https://reviews.llvm.org/D51251 llvm-svn: 340963
* Implement C++ [basic.link]p8.Richard Smith2017-09-201-5/+6
| | | | | | | | | | | | | | If a function or variable has a type with no linkage (and is not extern "C"), any use of it requires a definition within the same translation unit; the idea is that it is not possible to define the entity elsewhere, so any such use is necessarily an error. There is an exception, though: some types formally have no linkage but nonetheless can be referenced from other translation units (for example, this happens to anonymous structures defined within inline functions). For entities with those types, we suppress the diagnostic except under -pedantic. llvm-svn: 313729
* Reland 4: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-031-1/+15
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895
* Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-15/+1
| | | | | | | | multiple constraint managers" This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841
* Reland 3: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-1/+15
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837
* Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-15/+1
| | | | | | | | multiple constraint managers" This reverts commit f93343c099fff646a2314cc7f4925833708298b1. llvm-svn: 296836
* Reland 2: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-1/+15
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296835
* Revert "Reland: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-02-281-15/+1
| | | | | | | | multiple constraint managers" This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830. llvm-svn: 296422
* Reland: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-281-1/+15
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296414
* Revert "[analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-271-15/+1
| | | | | | | | constraint managers" This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787. llvm-svn: 296317
* [analyzer] NFC: Update test infrastructure to support multiple constraint ↵Dominic Chen2017-02-271-1/+15
| | | | | | | | | | | | | | managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296312
* [analyzer] Drop explicit mention of range constraint solverDominic Chen2016-12-011-1/+1
| | | | | | | | | | | | Summary: The basic constraint solver was dropped in rL162384, leaving the range constraint solver as the default and only constraint solver. Explicitly specifying it is unnecessary, and makes it difficult to test with other solver backends. Reviewers: zaks.anna, dcoughlin Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D26694 llvm-svn: 288372
* Add -Wtautological-undefined-compare and -Wundefined-bool-conversion warningsRichard Trieu2014-06-061-1/+1
| | | | | | to detect underfined behavior involving pointers. llvm-svn: 210372
* [analyzer] Use the expression’s type instead of region’s type in ↵Anna Zaks2013-05-281-0/+7
| | | | | | | | | ArrayToPointer decay evaluation This gives slightly better precision, specifically, in cases where a non-typed region represents the array or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast. llvm-svn: 182810
* [analyzer] Tweak getDerefExpr more to track DeclRefExprs to references.Anna Zaks2013-04-181-1/+1
| | | | | | | | | | | In the committed example, we now see a note that tells us when the pointer was assumed to be null. This is the only case in which getDerefExpr returned null (failed to get the dereferenced expr) throughout our regression tests. (There were multiple occurrences of this one.) llvm-svn: 179736
* Force a load when creating a reference to a temporary copied from a bitfield.Jordan Rose2013-04-111-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For this source: const int &ref = someStruct.bitfield; We used to generate this AST: DeclStmt [...] `-VarDecl [...] ref 'const int &' `-MaterializeTemporaryExpr [...] 'const int' lvalue `-ImplicitCastExpr [...] 'const int' lvalue <NoOp> `-MemberExpr [...] 'int' lvalue bitfield .bitfield [...] `-DeclRefExpr [...] 'struct X' lvalue ParmVar [...] 'someStruct' 'struct X' Notice the lvalue inside the MaterializeTemporaryExpr, which is very confusing (and caused an assertion to fire in the analyzer - PR15694). We now generate this: DeclStmt [...] `-VarDecl [...] ref 'const int &' `-MaterializeTemporaryExpr [...] 'const int' lvalue `-ImplicitCastExpr [...] 'int' <LValueToRValue> `-MemberExpr [...] 'int' lvalue bitfield .bitfield [...] `-DeclRefExpr [...] 'struct X' lvalue ParmVar [...] 'someStruct' 'struct X' Which makes a lot more sense. This allows us to remove code in both CodeGen and AST that hacked around this special case. The commit also makes Clang accept this (legal) C++11 code: int &&ref = std::move(someStruct).bitfield PR15694 / <rdar://problem/13600396> llvm-svn: 179250
* [analyzer] Warn on passing a reference to null pointer as an argument in a callAnna Zaks2013-03-071-4/+66
| | | | | | | | | | | | Warn about null pointer dereference earlier when a reference to a null pointer is passed in a call. The idea is that even though the standard might allow this, reporting the issue earlier is better for diagnostics (the error is reported closer to the place where the pointer was set to NULL). This also simplifies analyzer’s diagnostic logic, which has to track “where the null came from”. As a consequence, some of our null pointer warning suppression mechanisms started triggering more often. TODO: Change the name of the file and class to reflect the new check. llvm-svn: 176612
* [analyzer] Check for returning null references in ReturnUndefChecker.Jordan Rose2013-03-071-5/+14
| | | | | | | | | | | | | | | | | Officially in the C++ standard, a null reference cannot exist. However, it's still very easy to create one: int &getNullRef() { int *p = 0; return *p; } We already check that binds to reference regions don't create null references. This patch checks that we don't create null references by returning, either. <rdar://problem/13364378> llvm-svn: 176601
* [analyzer] Create a temporary region when accessing a struct rvalue.Jordan Rose2012-10-171-3/+1
| | | | | | | | | | | | | | | | | | | | | | In C++, rvalues that need to have their address taken (for example, to be passed to a function by const reference) will be wrapped in a MaterializeTemporaryExpr, which lets CodeGen know to create a temporary region to store this value. However, MaterializeTemporaryExprs are /not/ created when a method is called on an rvalue struct, even though the 'this' pointer needs a valid value. CodeGen works around this by creating a temporary region anyway; now, so does the analyzer. The analyzer also does this when accessing a field of a struct rvalue. This is a little unfortunate, since the rest of the struct will soon be thrown away, but it does make things consistent with the rest of the analyzer. This allows us to bring back the assumption that all known 'this' values are Locs. This is a revised version of r164828-9, reverted in r164876-7. <rdar://problem/12137950> llvm-svn: 166120
* Revert "[analyzer] Create a temporary region for rvalue structs when ↵Jordan Rose2012-09-291-1/+3
| | | | | | | | accessing fields" This reverts commit 6f61df3e7256413dcb99afb9673f4206e3c4992c. llvm-svn: 164877
* [analyzer] Create a temporary region for rvalue structs when accessing fieldsJordan Rose2012-09-281-3/+1
| | | | | | | | | | | | | | | | | Struct rvalues are represented in the analyzer by CompoundVals, LazyCompoundVals, or plain ConjuredSymbols -- none of which have associated regions. If the entire structure is going to persist, this is not a problem -- either the rvalue will be assigned to an existing region, or a MaterializeTemporaryExpr will be present to create a temporary region. However, if we just need a field from the struct, we need to create the temporary region ourselves. This is inspired by the way CodeGen handles calls to temporaries; support for that in the analyzer is coming next. Part of <rdar://problem/12137950> llvm-svn: 164828
* [analyzer] Be more forgiving about calling methods on struct rvalues.Jordan Rose2012-09-051-9/+7
| | | | | | | | | | | | | | | | | | | | The problem is that the value of 'this' in a C++ member function call should always be a region (or NULL). However, if the object is an rvalue, it has no associated region (only a conjured symbol or LazyCompoundVal). For now, we handle this in two ways: 1) Actually respect MaterializeTemporaryExpr. Before, it was relying on CXXConstructExpr to create temporary regions for all struct values. Now it just does the right thing: if the value is not in a temporary region, create one. 2) Have CallEvent recognize the case where its 'this' pointer is a non-region, and just return UnknownVal to keep from confusing clients. The long-term problem is being tracked internally in <rdar://problem/12137950>, but this makes many test cases pass. llvm-svn: 163220
* Revert "[analyzer] Treat all struct values as regions (even rvalues)."Jordan Rose2012-09-051-5/+9
| | | | | | | | | | | | | | This turned out to have many implications, but what eventually seemed to make it unworkable was the fact that we can get struct values (as LazyCompoundVals) from other places besides return-by-value function calls; that is, we weren't actually able to "treat all struct values as regions" consistently across the entire analyzer core. Hopefully we'll be able to come up with an alternate solution soon. This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e. llvm-svn: 163218
* [analyzer] Treat all struct values as regions (even rvalues).Jordan Rose2012-09-011-9/+5
| | | | | | | | | | | | | | | | | This allows us to correctly symbolicate the fields of structs returned by value, as well as get the proper 'this' value for when methods are called on structs returned by value. This does require a moderately ugly hack in the StoreManager: if we assign a "struct value" to a struct region, that now appears as a Loc value being bound to a region of struct type. We handle this by simply "dereferencing" the struct value region, which should create a LazyCompoundVal. This should fix recent crashes analyzing LLVM and on our internal buildbot. <rdar://problem/12137950> llvm-svn: 163066
* [analyzer] Always derive a CallEvent's return type from its origin expr.Jordan Rose2012-09-011-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, we preferred to get a result type by looking at the callee's declared result type. This allowed us to handlereferences, which are represented in the AST as lvalues of their pointee type. (That is, a call to a function returning 'int &' has type 'int' and value kind 'lvalue'.) However, this results in us preferring the original type of a function over a casted type. This is a problem when a function pointer is casted to another type, because the conjured result value will have the wrong type. AdjustedReturnValueChecker is supposed to handle this, but still doesn't handle the case where there is no "original function" at all, i.e. where the callee is unknown. Now, we instead look at the call expression's value kind (lvalue, xvalue, or prvalue), and adjust the expr's type accordingly. This will have no effect when the function is inlined, and will conjure the value that will actually be used when it is not. This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately, the cases where it would still be useful are where we need to cast the result of an inlined function or a checker-evaluated function, and in these cases we don't know what we're casting /from/ by the time we can do post- call checks. In light of that, remove AdjustedReturnValueChecker, which was already not checking quite a few calls. llvm-svn: 163065
* Fix analyzer tests.Ted Kremenek2012-08-241-1/+1
| | | | llvm-svn: 162588
* Despite me asking Jordan to do r162313, revert it. We can provideTed Kremenek2012-08-221-3/+0
| | | | | | another way to whitelist these special cases. This is an intermediate patch. llvm-svn: 162386
* Remove BasicConstraintManager. It hasn't been in active service for a while.Ted Kremenek2012-08-221-1/+0
| | | | | | | | As part of this change, I discovered that a few of our tests were not testing the RangeConstraintManager. Luckily all of those passed when I moved them over to use that constraint manager. llvm-svn: 162384
* [analyzer] Push "references are non-null" knowledge up to the common parent.Jordan Rose2012-08-211-0/+3
| | | | | | | | | | This reduces duplication across the Basic and Range constraint managers, and keeps their internals free of dealing with the semantics of C++. It's still a little unfortunate that the constraint manager is dealing with this at all, but this is pretty much the only place to put it so that it will apply to all symbolic values, even when embedded in larger expressions. llvm-svn: 162313
* [analyzer] Assume that reference symbols are non-null.Jordan Rose2012-08-211-0/+17
| | | | | | | | By doing this in the constraint managers, we can ensure that ANY reference whose value we don't know gets the effect, even if it's not a top-level parameter. llvm-svn: 162246
* [analyzer] Don't assume values bound to references are automatically non-null.Jordan Rose2012-08-041-1/+14
| | | | | | | | | | | While there is no such thing as a "null reference" in the C++ standard, many implementations of references (including Clang's) do not actually check that the location bound to them is non-null. Thus unlike a regular null dereference, this will not cause a problem at runtime until the reference is actually used. In order to catch these cases, we need to not prune out paths on which the input pointer is null. llvm-svn: 161288
* [analyzer] Add a simple check for initializing reference variables with null.Jordan Rose2012-08-021-0/+26
| | | | | | | | | There's still more work to be done here; this doesn't catch reference parameters or return values. But it's a step in the right direction. Part of <rdar://problem/11212286>. llvm-svn: 161214
* [analyzer] Getting an lvalue for a reference field still requires a load.Jordan Rose2012-07-311-1/+36
| | | | | | | | | This was causing a crash in our array-to-pointer logic, since the region was clearly not an array. PR13440 / <rdar://problem/11977113> llvm-svn: 161051
* [analyzer] Fix RUN lines for old XFAIL tests, one of which actually works.Jordy Rose2012-05-161-2/+1
| | | | llvm-svn: 156921
* Switch PerformImplicitConversion over to use DefaultLvalueConversion for ↵Eli Friedman2012-01-241-1/+1
| | | | | | lvalue-to-rvalue conversion. llvm-svn: 148874
* [analyzer] rename all experimental checker packages to have 'experimental' ↵Ted Kremenek2011-08-031-1/+1
| | | | | | be the common root package. llvm-svn: 136835
* [analyzer] fix handling of MaterializeTemporaryExpr by binding the result ↵Ted Kremenek2011-07-281-0/+1
| | | | | | | | value to the proper expression. llvm-svn: 136412
* [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best ↵Argyrios Kyrtzidis2011-02-281-1/+1
| | | | | | misnomer award. llvm-svn: 126676
* [analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't ↵Argyrios Kyrtzidis2011-02-241-1/+1
| | | | | | have any checkers associated with it anymore. llvm-svn: 126440
* If the initializer is an rvalue and the variable is a const reference,Zhongxing Xu2010-12-191-1/+1
| | | | | | create a temporary object for it. llvm-svn: 122161
* Start migration of static analyzer to using theTed Kremenek2010-12-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implicit lvalue-to-rvalue casts that John McCall recently introduced. This causes a whole bunch of logic in the analyzer for handling lvalues to vanish. It does, however, raise a few issues in the analyzer w.r.t to modeling various constructs (e.g., field accesses to compound literals). The .c/.m analysis test cases that fail are due to a missing lvalue-to-rvalue cast that will get introduced into the AST. The .cpp failures were more than I could investigate in one go, and the patch was already getting huge. I have XFAILED some of these tests, and they should obviously be further investigated. Some highlights of this patch include: - CFG no longer requires an lvalue bit for CFGElements - StackFrameContext doesn't need an 'asLValue' flag - The "VisitLValue" path from GRExprEngine has been eliminated. Besides the test case failures (XFAILed), there are surely other bugs that are fallout from this change. llvm-svn: 121960
* Assignments to reference variables shouldn't kill the variable.Jordy Rose2010-06-041-0/+30
| | | | llvm-svn: 105452
* CFG: add all LHS of assingments as lvalue. This improves support for C++ ↵Zhongxing Xu2010-06-031-0/+15
| | | | | | reference. Patch by Jordy. llvm-svn: 105383
* Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.Ted Kremenek2010-02-051-1/+1
| | | | llvm-svn: 95348
* Enhance test case.Zhongxing Xu2010-01-101-0/+5
| | | | llvm-svn: 93101
* When binding an rvalue to a reference, create a temporary object. Use Zhongxing Xu2010-01-091-0/+6
CXXObjectRegion to represent it. In Environment, lookup a literal expression before make up a value for it. llvm-svn: 93047
OpenPOWER on IntegriCloud