summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* Add CFG support for the condition variable that can appear in IfStmts in C++ ↵Ted Kremenek2009-12-231-0/+7
| | | | | | | | mode. Add transfer function support in GRExprEngine for IfStmts with initialized condition variables. llvm-svn: 91987
* Suppress dead store warnings involving objects initialized with ↵Ted Kremenek2009-12-231-0/+26
| | | | | | CXXExprTemporaries. llvm-svn: 91986
* Fix PR 5857. When casting from a symbolic region to an integer back to a ↵Ted Kremenek2009-12-231-1/+27
| | | | | | pointer value, we were not correctly layering the correct ElementRegion on the original SymbolicRegion. llvm-svn: 91981
* Also treat the type of the subexpression as a pointer in ↵Ted Kremenek2009-12-231-0/+11
| | | | | | GRExprEngine::VisitCast when the expression is handled as an lvalue. llvm-svn: 91969
* Add basic support for analyzing CastExprs as lvalues.Ted Kremenek2009-12-231-0/+11
| | | | llvm-svn: 91952
* Add transfer functions support for visiting an Objective-C message ↵Ted Kremenek2009-12-221-0/+31
| | | | | | expression as an lvalue when the return type is a C++ reference. llvm-svn: 91926
* Use the FunctionDecl's result type to know exactly if it returns a reference.Zhongxing Xu2009-12-191-2/+1
| | | | llvm-svn: 91751
* Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. ↵Ted Kremenek2009-12-181-1/+7
| | | | | | Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer. llvm-svn: 91710
* Add failing test case for C++ static analysis.Ted Kremenek2009-12-171-0/+9
| | | | llvm-svn: 91578
* Add abort() as a builtin. This has two effects: one, we warn for incorrect Eli Friedman2009-12-161-0/+1
| | | | | | | | declarations of abort(), and two, we mark it noreturn. Missing the latter shows up in one of the "embarassing" tests (from the thread on llvmdev "detailed comparison of generated code size for LLVM and other compilers"). llvm-svn: 91515
* Add (initial?) static analyzer support for handling C++ references.Ted Kremenek2009-12-161-6/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was a lot bigger than I originally anticipated; among other things it requires us storing more information in the CFG to record what block-level expressions need to be evaluated as lvalues. The big change is that CFGBlocks no longer contain Stmt*'s by CFGElements. Currently CFGElements just wrap Stmt*, but they also store a bit indicating whether the block-level expression should be evalauted as an lvalue. DeclStmts involving the initialization of a reference require us treating the initialization expression as an lvalue, even though that information isn't recorded in the AST. Conceptually this change isn't that complicated, but it required bubbling up the data through the CFGBuilder, to GRCoreEngine, and eventually to GRExprEngine. The addition of CFGElement is also useful for when we want to handle more control-flow constructs or other data we want to keep in the CFG that isn't represented well with just a block of statements. In GRExprEngine, this patch introduces logic for evaluating the lvalues of references, which currently retrieves the internal "pointer value" that the reference represents. EvalLoad does a two stage load to catch null dereferences involving an invalid reference (although this could possibly be caught earlier during the initialization of a reference). Symbols are currently symbolicated using the reference type, instead of a pointer type, and special handling is required creating ElementRegions that layer on SymbolicRegions (see the changes to RegionStoreManager). Along the way, the DeadStoresChecker also silences warnings involving dead stores to references. This was the original change I introduced (which I wrote test cases for) that I realized caused GRExprEngine to crash. llvm-svn: 91501
* Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.Daniel Dunbar2009-12-1579-183/+183
| | | | | | | | | - This is designed to make it obvious that %clang_cc1 is a "test variable" which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it can be useful to redefine what gets run as 'clang -cc1' (for example, to set a default target). llvm-svn: 91446
* Until we can make the dead stores checker smarter, dont' emit dead store ↵Ted Kremenek2009-12-151-0/+20
| | | | | | warnings for C++ objects (whose constructors/destructors have possible side-effects). llvm-svn: 91412
* Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on ↵Ted Kremenek2009-12-141-0/+18
| | | | | | captured block variables that are passed by reference llvm-svn: 91348
* Replace clang-cc with clang -cc1.Zhongxing Xu2009-12-1479-183/+183
| | | | llvm-svn: 91272
* Add initial support for realloc() in MallocChecker.Zhongxing Xu2009-12-121-0/+8
| | | | llvm-svn: 91216
* Enhance understanding of VarRegions referenced by a block whose declarations ↵Ted Kremenek2009-12-111-2/+37
| | | | | | are outside the current stack frame. Fixes <rdar://problem/7462324>. llvm-svn: 91107
* Fix null dereference in OSAtomicChecker and special case SymbolicRegions. ↵Ted Kremenek2009-12-092-4/+135
| | | | | | We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m. llvm-svn: 90993
* OSAtomic simulation: use the original region as the location to load from,Zhongxing Xu2009-12-091-2/+2
| | | | | | | | instead of the ElementRegion obtained from casts. Test cast: the leak cannot occur bacause the true branch cannot be taken. llvm-svn: 90964
* Add notes to a test case.Zhongxing Xu2009-12-091-0/+3
| | | | llvm-svn: 90947
* Fix a horrid bug in GRExprEngine::CheckerVisit() that was identifiedTed Kremenek2009-12-091-0/+20
| | | | | | | | | by the test case in PR 5627. Essentially we shouldn't clear the ExplodedNodeSet where we deposit newly constructed nodes if that set is the 'Dst' set passed in. It is not okay to clear that set because it may already contain nodes. llvm-svn: 90931
* Add test case for mktemp. Patch by Lei Zhang.Zhongxing Xu2009-12-061-0/+6
| | | | llvm-svn: 90706
* Add another blocks test case illustrating how parameters passed-by-reference ↵Ted Kremenek2009-12-031-0/+15
| | | | | | in block invocations are invalidated (just like function calls). llvm-svn: 90466
* Add value invalidation logic for block-captured variables. Conceptually ↵Ted Kremenek2009-12-031-0/+27
| | | | | | invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created. llvm-svn: 90431
* Add a heuristic to the dead stores checker to prune dead stores for ↵Ted Kremenek2009-12-031-0/+21
| | | | | | variables annotated with '__block'. This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call. llvm-svn: 90364
* Added dead-stores test cases that involve the use of blocks.Ted Kremenek2009-12-011-0/+36
| | | | llvm-svn: 90277
* Add new test case file that focuses on testing analyzer support for blocks.Ted Kremenek2009-12-011-0/+69
| | | | llvm-svn: 90274
* Normalize options to use '-FOO' instead of '--FOO'.Daniel Dunbar2009-11-2916-31/+31
| | | | llvm-svn: 90071
* Improve diagnostics in ReturnStackAddressChecker for returning a ↵Ted Kremenek2009-11-261-2/+15
| | | | | | stack-allocated block. Implements the rest of <rdar://problem/7387385>. llvm-svn: 89940
* Add test case that shows that dead stores checking now works in the presence ↵Ted Kremenek2009-11-261-5/+21
| | | | | | of blocks. llvm-svn: 89939
* Add a PostVisitBlockExpr() method to RetainReleaseChecker to query forTed Kremenek2009-11-261-2/+0
| | | | | | | | the set of variables "captured" by a block. Until the analysis gets more sophisticated, for now we stop the retain count tracking of any objects (transitively) referenced by these variables. llvm-svn: 89929
* Add really basic support for blocks in the retain/release checker. For now, ↵Ted Kremenek2009-11-251-2/+35
| | | | | | anytime we pass a tracked object to a block call we stop tracking it. llvm-svn: 89831
* Convert test case to FileCheck to test the behavior of the nil-receiver ↵Ted Kremenek2009-11-241-2/+16
| | | | | | checker when the code is targetted for either Tiger or Leopard. llvm-svn: 89810
* For the nil-receiver checker, take into account the behavioral changes that ↵Ted Kremenek2009-11-241-2/+2
| | | | | | got introduced in Mac OS X 10.5 and later, notably return values of double, float, etc., will not be garbage. Fixes <rdar://problem/6829160>. llvm-svn: 89809
* Cleanups and fixes to the nil-receiver checker, some of it fallout theTed Kremenek2009-11-242-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | initial transition of the nil-receiver checker to the Checker interface as done in r89745. Some important changes include: 1) We consolidate the BugType object used for nil receiver bug reports, and don't include the type of the returned value in the BugType (which would be wrong if a nil receiver bug was reported more than once) 2) Added a new (temporary) flag to CheckerContext: DoneEvauating. This is used by GRExprEngine when evaluating message expressions to not continue evaluating the message expression if this flag is set. This flag is currently set by the nil receiver checker. This is an intermediate solution to allow the nil-receiver checker to properly work as a plug-in outside of GRExprEngine. Basically, this flag indicates that the entire message expression has been evaluated, not just a precondition (which is what the nil-receiver checker does). This flag *should not* be repurposed for general use, but just to pull more things out of GRExprEngine that already in there as we devise a better interface in the Checker class. 3) Cleaned up the logic in the nil-receiver checker, making the control-flow a lot easier to read. llvm-svn: 89804
* Enhance null dereference diagnostics by indicating what variable (if any) ↵Ted Kremenek2009-11-242-6/+735
| | | | | | was dereferenced. Addresses <rdar://problem/7039161>. llvm-svn: 89726
* Tweak UndefBranchChecker to register the most nested "undefined" expression ↵Ted Kremenek2009-11-231-0/+6
| | | | | | with bugreporter::registerTrackNullOrUndefValue instead of the condition itself. llvm-svn: 89682
* Make 'SEL' pointer to a builtin type and not anFariborz Jahanian2009-11-231-2/+1
| | | | | | | objective-c pointer type. This was a serious mishap and luckily, Ted's test caught that (and patch fixes the test case). llvm-svn: 89680
* Cleanup title/description of "undefined branch" BugType and add some test ↵Ted Kremenek2009-11-231-0/+17
| | | | | | cases for this check. llvm-svn: 89679
* Change CheckDeadStores to use Expr::isNullPointerConstant, which will ↵Ted Kremenek2009-11-221-1/+19
| | | | | | | | correctly determine whether an expression is a null pointer constant. Patch by Kovarththanan Rajaratnam! llvm-svn: 89621
* This patch implements objective-c's 'SEL' type as a built-inFariborz Jahanian2009-11-211-1/+2
| | | | | | | | | | | | | | | | | | type and fixes a long-standing code gen. crash reported in at least two PRs and a radar. (radar 7405040 and pr5025). There are couple of remaining issues that I would like for Ted. and Doug to look at: Ted, please look at failure in Analysis/MissingDealloc.m. I have temporarily added an expected-warning to make the test pass. This tests has a declaration of 'SEL' type which may not co-exist with the new changes. Doug, please look at a FIXME in PCHWriter.cpp/PCHReader.cpp. I think the changes which I have ifdef'ed out are correct. They need be considered for in a few Indexer/PCH test cases. llvm-svn: 89561
* Add RegionStore test case that shows that floating point values are also ↵Ted Kremenek2009-11-211-0/+9
| | | | | | implicitly tracked for undefined values. (test case for <rdar://problem/6811085>). llvm-svn: 89538
* Add another test case to show the precision of RegionStore overTed Kremenek2009-11-211-0/+23
| | | | | | | | BasicStore. In this example, BasicStore would lose information about the pointer in path after '*path++', causing the analyzer to falsely flag a null dereference. This addresses <rdar://problem/7191542>. llvm-svn: 89533
* Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker ↵Ted Kremenek2009-11-212-2/+2
| | | | | | also handled undefined receivers in message expressions. llvm-svn: 89524
* More checker refactoring. Passing undefined values in a message expression ↵Ted Kremenek2009-11-211-0/+20
| | | | | | is now handled by UndefinedArgChecker. llvm-svn: 89519
* Add simple static analyzer checker to check for sending 'release', 'retain', ↵Ted Kremenek2009-11-201-0/+13
| | | | | | etc. directly to a class. Fixes <rdar://problem/7252064>. llvm-svn: 89449
* Unused ivar checker: ivars referenced by lexically nested functions should ↵Ted Kremenek2009-11-201-0/+16
| | | | | | not be flagged as unused. Fixes <rdar://problem/7254495>. llvm-svn: 89448
* Really fix test case.Ted Kremenek2009-11-201-0/+1
| | | | llvm-svn: 89430
* Fix test case.Ted Kremenek2009-11-201-2/+2
| | | | llvm-svn: 89429
* Fix null dereference in NSAutoreleasePoolChecker when analyzing messages ↵Ted Kremenek2009-11-201-0/+11
| | | | | | sent to blocks. llvm-svn: 89413
OpenPOWER on IntegriCloud