summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/string.c
Commit message (Collapse)AuthorAgeFilesLines
* Reland 4: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-031-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895
* Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | multiple constraint managers" This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841
* Reland 3: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837
* Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | multiple constraint managers" This reverts commit f93343c099fff646a2314cc7f4925833708298b1. llvm-svn: 296836
* Reland 2: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296835
* Revert "Reland: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-02-281-4/+4
| | | | | | | | multiple constraint managers" This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830. llvm-svn: 296422
* Reland: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-281-4/+4
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296414
* Revert "[analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-271-4/+4
| | | | | | | | constraint managers" This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787. llvm-svn: 296317
* [analyzer] NFC: Update test infrastructure to support multiple constraint ↵Dominic Chen2017-02-271-4/+4
| | | | | | | | | | | | | | managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296312
* [analyzer] Add LocationContext information to SymbolMetadata.Artem Dergachev2016-08-171-0/+17
| | | | | | | | | | | | | | | | | | | | | Like SymbolConjured, SymbolMetadata also needs to be uniquely identified by the moment of its birth. Such moments are coded by the (Statement, LocationContext, Block count) triples. Each such triple represents the moment of analyzing a statement with a certain call backtrace, with corresponding CFG block having been entered a given amount of times during analysis of the current code body. The LocationContext information was accidentally omitted for SymbolMetadata, which leads to reincarnation of SymbolMetadata upon re-entering a code body with a different backtrace; the new symbol is incorrectly unified with the old symbol, which leads to unsound assumptions. Patch by Alexey Sidorin! Differential Revision: https://reviews.llvm.org/D21978 llvm-svn: 278937
* [analyzer] Fix for PR23790 : constrain return value of strcmp() rather than ↵Anton Yartsev2016-05-191-28/+76
| | | | | | | | | | returning a concrete value. The function strcmp() can return any value, not just {-1,0,1} : "The strcmp(const char *s1, const char *s2) function returns an integer greater than, equal to, or less than zero, accordingly as the string pointed to by s1 is greater than, equal to, or less than the string pointed to by s2." [C11 7.24.4.2p3] https://llvm.org/bugs/show_bug.cgi?id=23790 http://reviews.llvm.org/D16317 llvm-svn: 270154
* [analyzer] Avoid crash when attempting to evaluate binary operation on ↵Devin Coughlin2016-02-081-0/+14
| | | | | | | | | | | LazyCompoundVal. Instead, return UnknownValue if either operand is a nonloc::LazyCompoundVal. This is a spot fix for PR 24951. rdar://problem/23682244 llvm-svn: 260066
* [analyzer] Assume that strings are no longer than SIZE_MAX/4.Jordan Rose2013-08-191-2/+4
| | | | | | | | | This keeps the analyzer from making silly assumptions, like thinking strlen(foo)+1 could wrap around to 0. This fixes PR16558. Patch by Karthik Bhat! llvm-svn: 188680
* [analyzer] Model strsep(), particularly that it returns its input.Jordan Rose2013-04-221-0/+51
| | | | | | | This handles the false positive leak warning in PR15374, and also serves as a basic model for the strsep() function. llvm-svn: 180069
* [analyzer] Don't invalidate globals when there's no call involved.Jordan Rose2013-03-201-0/+4
| | | | | | | | | | | | | | This fixes some mistaken condition logic in RegionStore that caused global variables to be invalidated when /any/ region was invalidated, rather than only as part of opaque function calls. This was only being used by CStringChecker, and so users will now see that strcpy() and friends do not invalidate global variables. Also, add a test case we don't handle properly: explicitly-assigned global variables aren't being invalidated by opaque calls. This is being tracked by <rdar://problem/13464044>. llvm-svn: 177572
* [analyzer] Use isLiveRegion to determine when SymbolRegionValue is dead.Anna Zaks2013-03-151-17/+27
| | | | | | | | | | Fixes a FIXME, improves dead symbol collection, suppresses a false positive, which resulted from reusing the same symbol twice for simulation of 2 calls to the same function. Fixing this lead to 2 possible false negatives in CString checker. Since the checker is still alpha and the solution will not require revert of this commit, move the tests to a FIXME section. llvm-svn: 177206
* Fix analyzer tests.Ted Kremenek2012-08-241-4/+4
| | | | llvm-svn: 162588
* [analyzer] Fix test for PR12206, which was failing on i386.Jordy Rose2012-05-161-31/+0
| | | | llvm-svn: 156941
* [analyzer] Revert a regression committed in r156920.Anna Zaks2012-05-161-5/+4
| | | | | | This breaks the build with -triple i386-apple-darwin9. llvm-svn: 156932
* [analyzer] Convert many existing tests to use clang_analyzer_eval.Jordy Rose2012-05-161-244/+139
| | | | llvm-svn: 156920
* [analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.Jordy Rose2012-05-141-0/+22
| | | | | | | | | | We check the address of the last element accessed, but with 0 calculating that address results in element -1. This patch bails out early (and avoids a bunch of other work at that). Fixes PR12807. llvm-svn: 156769
* [analyzer] Equality ops are like relational ops in that the arguments ↵Jordy Rose2012-05-031-0/+32
| | | | | | | | shouldn't be converted to the result type. Fixes PR12206 and dupe PR12510. This was probably the original intent of r133041 (also me, a year ago). llvm-svn: 156062
* [analyzer] Turn on by default the Malloc Checker and a couple of CStringAnna Zaks2012-02-201-4/+4
| | | | | | | | | | | | checks: - unix.Malloc - Checks for memory leaks, double free, use-after-free. - unix.cstring.NullArg - Checks for null pointers passed as arguments to CString functions + evaluates CString functions. - unix.cstring.BadSizeArg - Checks for common anti-patterns in strncat size argument. llvm-svn: 150988
* [analyzer] Allow each CString check to be enabled/disabledAnna Zaks2012-02-071-4/+4
| | | | | | separately. llvm-svn: 149947
* [analyzer] Add checks for common anti-patterns in strncat.Anna Zaks2012-01-311-4/+4
| | | | | | | (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407
* [analyzer] RegionStoreManager::getBinding() should not crash whenAnna Zaks2012-01-131-0/+4
| | | | | | looking up value at a CodeTextRegion even when the type is not provided. llvm-svn: 148079
* [analyzer] Do not invalidate arguments when the parameter'sAnna Zaks2011-12-201-0/+12
| | | | | | | | | | | | | type is a pointer to const. (radar://10595327) The regions corresponding to the pointer and reference arguments to a function get invalidated by the calls since a function call can possibly modify the pointed to data. With this change, we are not going to invalidate the data if the argument is a pointer to const. This change makes the analyzer more optimistic in reporting errors. (Support for C, C++ and Obj C) llvm-svn: 147002
* [analyzer] CStringChecker should not rely on the analyzer generating ↵Anna Zaks2011-12-111-1/+9
| | | | | | | | | | | | | | UndefOrUnknown value when it cannot reason about the expression. We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.) This patch also contains 2 small bug fixes: - swap the order of operators inside SValBuilder::makeGenericVal. - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol. llvm-svn: 146343
* [analyzer] rename all experimental checker packages to have 'experimental' ↵Ted Kremenek2011-08-031-4/+4
| | | | | | be the common root package. llvm-svn: 136835
* [analyzer] strnlen isn't a builtin, don't test for itJordy Rose2011-06-281-8/+7
| | | | llvm-svn: 133994
* [analyzer] Finish size argument checking for strncat (and strncpy).Jordy Rose2011-06-201-4/+61
| | | | llvm-svn: 133472
* [analyzer] Re-enable checking for strncpy, along with a new validation of ↵Jordy Rose2011-06-201-0/+99
| | | | | | the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...) llvm-svn: 133408
* [analyzer] Eliminate "byte string function" from CStringChecker's ↵Jordy Rose2011-06-201-32/+32
| | | | | | diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking. llvm-svn: 133406
* [analyzer] Clean up modeling of strcmp, including cases where a string ↵Jordy Rose2011-06-161-4/+29
| | | | | | literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function. llvm-svn: 133154
* [analyzer] Revise CStringChecker's modelling of strcpy() and strcat():Jordy Rose2011-06-151-6/+31
| | | | | | | | | | | | | | | - (bounded copies) Be more conservative about how much is being copied. - (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it. - (stpcpy) Fix the conjured return value at the end to actually be returned. This requires these supporting changes: - C string metadata symbols are still live even when buried in a SymExpr. - "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.) - The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager. This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list! llvm-svn: 133046
* [analyzer] CStringChecker checks functions in the C standard library, not ↵Jordy Rose2011-06-141-4/+4
| | | | | | C++. Its external name is now unix.experimental.CString. llvm-svn: 132958
* [analyzer] Fix modeling of strnlen to be more conservative. Move tests we ↵Jordy Rose2011-06-141-54/+37
| | | | | | can't properly model (yet?) to string-fail.c. llvm-svn: 132955
* Removing strncpy() checking in CString checker for now. Some significant ↵Lenny Maiorani2011-05-031-68/+0
| | | | | | changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. llvm-svn: 130758
* Implements strncasecmp() checker and simplifies some of the logic around ↵Lenny Maiorani2011-05-021-0/+106
| | | | | | creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). llvm-svn: 130708
* Implements strcasecmp() checker in Static Analyzer.Lenny Maiorani2011-04-281-0/+84
| | | | llvm-svn: 130398
* Emit a -Wnull-dereference warning for "*null" not just "*null = something". ↵Argyrios Kyrtzidis2011-04-261-4/+4
| | | | | | Addresses rdar://9269271. llvm-svn: 130207
* Implements the strncmp() checker just like the strcmp() checker, but with ↵Lenny Maiorani2011-04-251-0/+106
| | | | | | bounds. Requires LLVM svn r129582. llvm-svn: 130161
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-151-1/+1
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
* This patch adds modeling of strcmp() to the CString checker. Validates ↵Lenny Maiorani2011-04-121-0/+86
| | | | | | inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. llvm-svn: 129364
* strcat() and strncat() model additions to CStringChecker.Lenny Maiorani2011-04-091-0/+158
| | | | | | Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value. llvm-svn: 129215
* Rework checker "packages" and groups to be more hierarchical.Ted Kremenek2011-03-241-4/+4
| | | | llvm-svn: 128187
* Fix tests to account for new warning "expected ';' at end of declaration ↵Carl Norum2011-03-071-2/+2
| | | | | | list". Sorry, folks! llvm-svn: 127188
* [analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best ↵Argyrios Kyrtzidis2011-02-281-4/+4
| | | | | | misnomer award. llvm-svn: 126676
* [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.Argyrios Kyrtzidis2011-02-281-4/+4
| | | | | | | | They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that DereferenceChecker can dispatch. ImplicitNullDerefEvent is when we dereferenced a location that may be null. llvm-svn: 126659
* Allow passing a list of comma separated checker names to -analyzer-checker, e.g:Argyrios Kyrtzidis2011-02-241-4/+4
| | | | | | -analyzer-checker=cocoa,unix llvm-svn: 126372
OpenPOWER on IntegriCloud