summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* Fix testcase for case.Eric Christopher2014-05-201-1/+1
| | | | llvm-svn: 209218
* Clean up language and grammar.Eric Christopher2014-05-201-1/+1
| | | | | | | Based on a patch by jfcaron3@gmail.com! PR19806 llvm-svn: 209215
* [analyzer] Functions marked __attribute__((const)) don't modify any memory.Jordan Rose2014-05-071-0/+29
| | | | | | | | | This applies to __attribute__((pure)) as well, but 'const' is more interesting because many of our builtins are marked 'const'. PR19661 llvm-svn: 208154
* Fix handling of condition variables in the face of temp dtors.Manuel Klimek2014-05-051-5/+5
| | | | | | | | The assignment needs to be before the destruction of the temporary. This patch calls out to addStmt, which invokes VisitDeclStmt, which has all the correct logic for handling temporaries. llvm-svn: 207985
* Fix crash when resolving branch conditions for temporary destructor ↵Manuel Klimek2014-05-051-13/+18
| | | | | | | | | | | | | | | | | | | | condition blocks. Document and simplify ResolveCondition. 1. Introduce a temporary special case for temporary desctructors when resolving the branch condition - in an upcoming patch, alexmc will change temporary destructor conditions to not run through this logic, in which case we can remove this (marked as FIXME); this currently fixes a crash. 2. Simplify ResolveCondition; while documenting the function, I noticed that it always returns the last statement - either that statement is the condition itself (in which case the condition was returned anyway), or the rightmost leaf is returned; for correctness, the rightmost leaf must be evaluated anyway (which the CFG does in the last statement), thus we can just return the last statement in that case, too. Added an assert to verify the invariant. llvm-svn: 207957
* [analyzer] Improve test from r207486.Jordan Rose2014-04-291-5/+8
| | | | | | | | | | | | The constructor that comes right before a variable declaration in the CFG might not be the initialization of that variable. Previously, we just checked that the variable's initializer expression was different from the construction expression, but forgot to see whether the variable had an initializer expression at all. Thanks for the prompting, David. llvm-svn: 207562
* [analyzer] Don't assert when combining using .* on a temporary.Jordan Rose2014-04-291-1/+19
| | | | | | | | | | | | | While we don't model pointer-to-member operators yet (neither .* nor ->*), CallAndMessageChecker still checks to make sure the 'this' object is not null or undefined first. However, it also expects that the object should always have a valid MemRegion, something that's generally important elsewhere in the analyzer as well. Ensure this is true ahead of time, just like we do for member access. PR19531 llvm-svn: 207561
* [analyzer] Don't crash when a construction is followed by an uninitialized ↵Jordan Rose2014-04-291-0/+27
| | | | | | | | | | variable. This could happen due to unfortunate CFG coincidences. PR19579 llvm-svn: 207486
* [analyzer] When checking Foundation method calls, match the selectors exactly.Jordan Rose2014-04-091-0/+8
| | | | | | | | | | This also includes some infrastructure to make it easier to build multi-argument selectors, rather than trying to use string matching on each piece. There's a bit more setup code, but less cost at runtime. PR18908 llvm-svn: 205827
* [analyzer] Re-enable test I accidentally committed commented-out.Jordan Rose2014-04-071-5/+5
| | | | | | Thanks, Alex! llvm-svn: 205720
* [analyzer] Look through temporary destructors when finding a region to ↵Jordan Rose2014-04-051-5/+10
| | | | | | | | | | | | construct. Fixes a false positive when temporary destructors are enabled where a temporary is destroyed after a variable is constructed but before the VarDecl itself is processed, which occurs when the variable is in the condition of an if or while. Patch by Alex McCarthy, with an extra test from me. llvm-svn: 205661
* Render anonymous entities as '(anonymous <thing>)' (and lambdas as '(lambda ↵David Blaikie2014-04-021-1/+1
| | | | | | | | | | | | at ... )') For namespaces, this is consistent with mangling and GCC's debug info behavior. For structs, GCC uses <anonymous struct> but we prefer consistency between all anonymous entities but don't want to confuse them with template arguments, etc, so we'll just go with parens in all cases. llvm-svn: 205398
* [analyzer] Remove incorrect workaround for unimplemented temporary destructors.Jordan Rose2014-04-011-2/+2
| | | | | | | | | | If we're trying to get the zero element region of something that's not a region, we should be returning UnknownVal, which is what ProgramState::getLValue will do for us. Patch by Alex McCarthy! llvm-svn: 205327
* [analyzer] Fix a CFG printing bug.Jordan Rose2014-04-014-8/+504
| | | | | | | | | Also, add several destructor-related tests. Most of them don't work yet, but it's good to have them recorded. Patch by Alex McCarthy! llvm-svn: 205326
* [analyzer] Lock checker: Allow pthread_mutex_init to reinitialize a ↵Jordan Rose2014-04-011-0/+67
| | | | | | | | destroyed lock. Patch by Daniel Fahlgren! llvm-svn: 205276
* [analyzer] Lock checker: make sure locks aren't used after being destroyed.Jordan Rose2014-04-011-0/+100
| | | | | | Patch by Daniel Fahlgren! llvm-svn: 205275
* [analyzer] Add double-unlock detection to PthreadLockChecker.Jordan Rose2014-04-011-0/+96
| | | | | | | | | We've decided to punt on supporting recursive locks for now; the common case is non-recursive. Patch by Daniel Fahlgren! llvm-svn: 205274
* [analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.Jordan Rose2014-03-262-0/+116
| | | | | | | | | | | | | | | | | | | | | Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD, NetBSD, and OpenBSD in a similar fashion to O_CREAT for open(2). These systems have a three-argument malloc() in the kernel where the third argument contains flags; the M_ZERO flag will zero-initialize the allocated buffer. This should reduce the number of false positives when running static analysis on BSD kernels. Additionally, add kmalloc() (Linux kernel malloc()) and treat __GFP_ZERO like M_ZERO on Linux. Future work involves a better method of checking for named flags without hardcoding values. Patch by Conrad Meyer, with minor modifications by me. llvm-svn: 204832
* [analyzer] Don't track retain counts of objects directly accessed through ivars.Jordan Rose2014-03-251-4/+49
| | | | | | | | | | | | | | | | | | | | | A refinement of r198953 to handle cases where an object is accessed both through a property getter and through direct ivar access. An object accessed through a property should always be treated as +0, i.e. not owned by the caller. However, an object accessed through an ivar may be at +0 or at +1, depending on whether the ivar is a strong reference. Outside of ARC, we don't have that information, so we just don't track objects accessed through ivars. With this change, accessing an ivar directly will deliberately override the +0 provided by a getter, but only if the +0 hasn't participated in other retain counting yet. That isn't perfect, but it's already unusual for people to be mixing property access with direct ivar access. (The primary use case for this is in setters, init methods, and -dealloc.) Thanks to Ted for spotting a few mistakes in private review. <rdar://problem/16333368> llvm-svn: 204730
* [analyzer] Warn when passing pointers to const but uninitialized memory.Jordan Rose2014-03-132-0/+344
| | | | | | | | | | | | | | | | | Passing a pointer to an uninitialized memory buffer is normally okay, but if the function is declared to take a pointer-to-const then it's very unlikely it will be modifying the buffer. In this case the analyzer should warn that there will likely be a read of uninitialized memory. This doesn't check all elements of an array, only the first one. It also doesn't yet check Objective-C methods, only C functions and C++ methods. This is controlled by a new check: alpha.core.CallAndMessageUnInitRefArg. Patch by Per Viberg! llvm-svn: 203822
* Objective-C. Diagose use of undefined protocolsFariborz Jahanian2014-03-111-1/+1
| | | | | | | when a class adopts a protocol that inherits from undefined protocols. // rdar://16111182 llvm-svn: 203586
* [analyzer] Check all conditions in a chained if against each other.Jordan Rose2014-03-111-0/+105
| | | | | | | | | | | | Like the binary operator check of r201702, this actually checks the condition of every if in a chain against every other condition, an O(N^2) operation. In most cases N should be small enough to make this practical, and checking all cases like this makes it much more likely to catch a copy-paste error within the same series of branches. Part of IdenticalExprChecker; patch by Daniel Fahlgren! llvm-svn: 203585
* Fix CFG bug where the 'isTemporaryDtorsBranch' bit was silently lost for ↵Ted Kremenek2014-03-081-10/+10
| | | | | | terminators. llvm-svn: 203335
* Normalize line endingsDavid Majnemer2014-03-021-16/+16
| | | | | | | Some files had CRLF line terminators, some only had a mixture of CRLF and LF. Switch to LF. llvm-svn: 202659
* [analyzer] Fix for PR18394.Anton Yartsev2014-02-281-0/+16
| | | | | | Additional conditions that prevent useful nodes before call from being reclaimed. llvm-svn: 202553
* [CFG] record the original (now unreachable) block of 'case:' and 'default:' ↵Ted Kremenek2014-02-271-3/+4
| | | | | | cases. llvm-svn: 202435
* PR16074, implement warnings to catch pointer to boolean true and pointer toRichard Trieu2014-02-264-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | null comparison when the pointer is known to be non-null. This catches the array to pointer decay, function to pointer decay and address of variables. This does not catch address of function since this has been previously used to silence a warning. Pointer to bool conversion is under -Wbool-conversion. Pointer to null comparison is under -Wtautological-pointer-compare, a sub-group of -Wtautological-compare. void foo() { int arr[5]; int x; // warn on these conditionals if (foo); if (arr); if (&x); if (foo == null); if (arr == null); if (&x == null); if (&foo); // no warning } llvm-svn: 202216
* [analyzer] NonNullParamChecker: don't freak out about nested transparent_unions.Jordan Rose2014-02-261-1/+46
| | | | | | | | | For now, just ignore them. Later, we could try looking through LazyCompoundVals, but we at least shouldn't crash. <rdar://problem/16153464> llvm-svn: 202212
* Reapply "Pretty Printer: Fix printing of conversion operator decls and calls."Benjamin Kramer2014-02-252-55/+53
| | | | | | There were many additional tests that had the bad behavior baked in. llvm-svn: 202174
* Correctly set brace range for CXXConstructExprs formed by list initialization.Peter Collingbourne2014-02-221-3/+3
| | | | | | Differential Revision: http://llvm-reviews.chandlerc.com/D2711 llvm-svn: 201926
* [analyzer] Fix a bug in IdenticalExprChecker concerning while loops.Jordan Rose2014-02-211-0/+11
| | | | | | | | | Somehow both Daniel and I missed the fact that while loops are only identical if they have identical bodies. Patch by Daniel Fahlgren! llvm-svn: 201829
* [analyzer] Extend IdenticalExprChecker to check logical and bitwise expressions.Jordan Rose2014-02-191-0/+86
| | | | | | | | | | | IdenticalExprChecker now warns if any expressions in a logical or bitwise chain (&&, ||, &, |, or ^) are the same. Unlike the previous patch, this actually checks all subexpressions against each other (an O(N^2) operation, but N is likely to be small). Patch by Daniel Fahlgren! llvm-svn: 201702
* [analyzer] Extend IdenticalExprChecker to check the two branches of an if.Jordan Rose2014-02-192-0/+152
| | | | | | | | | | | | | | | This extends the checks for identical expressions to handle identical statements, and compares the consequent and alternative ("then" and "else") branches of an if-statement to see if they are identical, treating a single statement surrounded by braces as equivalent to one without braces. This does /not/ check subsequent branches in an if/else chain, let alone branches that are not consecutive. This may improve in a future patch, but it would certainly take more work. Patch by Daniel Fahlgren! llvm-svn: 201701
* [analyzer] Move checker alpha.osx.cocoa.MissingSuperCall out of alpha category.Ted Kremenek2014-02-191-1/+1
| | | | llvm-svn: 201640
* [analyzer] Teach CastSizeChecker about flexible array members.Jordan Rose2014-02-182-2/+218
| | | | | | | | | ...as well as fake flexible array members: structs that end in arrays with length 0 or 1. Patch by Daniel Fahlgren! llvm-svn: 201583
* Remove useless XPASSNico Rieck2014-02-161-1/+0
| | | | llvm-svn: 201478
* [analyzer] Inline C++ operator new when c++-inline-allocators is turned on.Jordan Rose2014-02-111-1/+2
| | | | | | | | | This will let us stage in the modeling of operator new. The -analyzer-config opton 'c++-inline-allocators' is currently off by default. Patch by Karthik Bhat! llvm-svn: 201122
* [analyzer] Objective-C object literals are always non-nil.Jordan Rose2014-02-082-3/+24
| | | | | | <rdar://problem/15999214> llvm-svn: 201007
* [analyzer] Just silence all warnings coming out of std::basic_string.Jordan Rose2014-02-072-3/+31
| | | | | | | | | This means always walking the whole call stack for the end path node, but we'll assume that's always fairly tractable. <rdar://problem/15952973> llvm-svn: 200980
* Add implicit declarations of allocation functions when looking them up forRichard Smith2014-02-041-6/+10
| | | | | | | | redeclaration, not just when looking them up for a use -- we need the implicit declaration to appropriately check various properties of them (notably, whether they're deleted). llvm-svn: 200729
* A new conversion warning for when an Objective-C object literal is implicitlyRichard Trieu2014-01-281-1/+1
| | | | | | | | | cast into a boolean true value. This warning will catch code like: if (@0) {} if (@"foo") {} llvm-svn: 200356
* Fix to PR8880 (clang dies processing a for loop)Serge Pavlov2014-01-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | Due to statement expressions supported as GCC extension, it is possible to put 'break' or 'continue' into a loop/switch statement but outside its body, for example: for ( ; ({ if (first) { first = 0; continue; } 0; }); ) This code is rejected by GCC if compiled in C mode but is accepted in C++ code. GCC bug 44715 tracks this discrepancy. Clang used code generation that differs from GCC in both modes: only statement of the third expression of 'for' behaves as if it was inside loop body. This change makes code generation more close to GCC, considering 'break' or 'continue' statement in condition and increment expressions of a loop as it was inside the loop body. It also adds error for the cases when 'break'/'continue' appear outside loop due to this syntax. If code generation differ from GCC, warning is issued. Differential Revision: http://llvm-reviews.chandlerc.com/D2518 llvm-svn: 199897
* [analyzer] Tighten up sanity checks on Objective-C property getter synthesis.Jordan Rose2014-01-232-6/+59
| | | | | | | | | | | If there are non-trivially-copyable types /other/ than C++ records, we won't have a synthesized copy expression, but we can't just use a simple load/return. Also, add comments and shore up tests, making sure to test in both ARC and non-ARC. llvm-svn: 199869
* [analyzer] Teach NonNullParamChecker about 'nonnull' attributes on parameters.Ted Kremenek2014-01-171-0/+9
| | | | llvm-svn: 199473
* [analyzer] Shitfing a constant value by its bit width is undefined.Jordan Rose2014-01-161-1/+19
| | | | | | | | | Citation: C++11 [expr.shift]p1 (and the equivalent text in C11). This fixes PR18073, but the right thing to do (as noted in the FIXME) is to have a real checker for too-large shifts. llvm-svn: 199405
* [analyzer] Print function name when dumping its CFG.Jordan Rose2014-01-151-14/+13
| | | | | | | | This allows us to use CHECK-LABEL to ensure that we're checking the right CFG. Debugging change only. llvm-svn: 199320
* Switch this test from needlessly running the clang driver to directlyChandler Carruth2014-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | test the CC1 layer. This actually uncovered that the test semes to no longer be passing for the reasons intended. =[ The name of the test would lead me to believe that it should be testing the semantics of noreturn in the static analyzer.... but there are in fact no -verify assertions about noreturn that i can find. And the noreturn checker is no longer in 'alpha.core'. It is in 'core.builtins'. The test *does* have one assertion for a null dereference warning. This *also* isn't in 'alpha.core', but the driver inserts a pile of other checker packages, including 'core' which has this warning. So I have switch the RUN line to actually do the minimal thing that this test currently exercises, but someone who works on the static analyzer should probably look at this and either nuke it or move it to actually check the noreturn behavior. llvm-svn: 199307
* Teach DeadStoresChecker about attribute objc_precise_lifetime.Ted Kremenek2014-01-151-0/+8
| | | | llvm-svn: 199277
* CFG: use Visit instead of VisitStmt to look through parens.Jordan Rose2014-01-141-0/+29
| | | | | | PR18472 llvm-svn: 199227
* [analyzer] Use synthesized ASTs for property getters when available.Jordan Rose2014-01-141-6/+6
| | | | | | | This allows the analyzer to handle properties with C++ class type, finishing up the FIXME from r198953. llvm-svn: 199226
OpenPOWER on IntegriCloud