| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a defensive check against an invalid destructor in the CFG.
Unions with fields with destructors have their own destructor implicitly
deleted. Due to a bug in the CFG we're still trying to evaluate them
at the end of the object's lifetime and crash because we are unable
to find the destructor's declaration.
rdar://problem/47362608
Differential Revision: https://reviews.llvm.org/D56899
llvm-svn: 351610
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a property is defined with a custom getter, we should not behave as if
the getter simply returns an instance variable. We don't support setters,
so they aren't affected.
On top of being the right thing to do, this also fixes a crash on
the newly added test - in which a property and its getter are defined
in two separate categories.
rdar://problem/47051544
Differential Revision: https://reviews.llvm.org/D56823
llvm-svn: 351609
|
| |
|
|
|
|
|
|
| |
This reverts commit 2cedaaef383d8d6142046074ffebc2bb5a914778.
Revert with a fix.
llvm-svn: 351575
|
| |
|
|
|
|
|
| |
Revert r351508-351514, this block of changes introduced a consistent
MSan failure on the sanitizer bots.
llvm-svn: 351528
|
| |
|
|
|
|
|
|
| |
Insert a note when the object becomes not (exclusively) owned.
Differential Revision: https://reviews.llvm.org/D56891
llvm-svn: 351514
|
| |
|
|
|
|
|
|
| |
is used
Differential Revision: https://reviews.llvm.org/D56820
llvm-svn: 351509
|
| |
|
|
|
|
|
|
| |
rdar://47323216
Differential Revision: https://reviews.llvm.org/D56817
llvm-svn: 351508
|
| |
|
|
|
|
|
|
|
|
|
| |
This is especially crucial for reports related to use-after-move of
standard library objects.
rdar://problem/47338505
Differential Revision: https://reviews.llvm.org/D56824
llvm-svn: 351500
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
all dead.
SymbolReaper now realizes that our liveness analysis isn't sharp enough
to discriminate between liveness of, say, variables and their fields.
Surprisingly, this didn't quite work before: having a variable live only
through Environment (eg., calling a C++ method on a local variable
as the last action ever performed on that variable) would not keep the
region value symbol of a field of that variable alive.
It would have been broken in the opposite direction as well, but both
Environment and RegionStore use the scanReachableSymbols mechanism for finding
live symbols regions within their values, and due to that they accidentally
end up marking the whole chain of super-regions as live when at least one
sub-region is known to be live.
It is now a direct responsibility of SymbolReaper to maintain this invariant,
and a unit test was added in order to make sure it stays that way.
Differential Revision: https://reviews.llvm.org/D56632
rdar://problem/46914108
llvm-svn: 351499
|
| |
|
|
|
|
|
|
|
| |
This is not NFC strictly speaking, since it unifies CleanupAttr handling,
so that out parameters now also understand it.
Differential Revision: https://reviews.llvm.org/D56759
llvm-svn: 351394
|
| |
|
|
|
|
|
|
|
| |
compiler identification lines in test-cases.
(Doing so only because it's then easier to search for references which
are actually important and need fixing.)
llvm-svn: 351200
|
| |
|
|
|
|
|
|
| |
Patch by Pierre van Houtryve.
Differential Revision: https://reviews.llvm.org/D55226
llvm-svn: 351097
|
| |
|
|
|
|
|
|
|
| |
rdar://46357478
rdar://47121327
Differential Revision: https://reviews.llvm.org/D56240
llvm-svn: 350982
|
| |
|
|
| |
llvm-svn: 350946
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to be able to emit the diagnostic at PreImplicitCall,
and the patch implements this functionality.
However, for now the need for emitting such diagnostics is not all that great:
it is only necessary to not crash when emitting a false positive due to an
unrelated issue of having dead symbol collection not working properly.
Coming up with a non-false-positive test seems impossible with the current
set of checkers, though it is likely to be needed for good things as well
in the future.
Differential Revision: https://reviews.llvm.org/D56042
rdar://problem/46911462
llvm-svn: 350907
|
| |
|
|
|
|
|
|
|
|
| |
..now that it includes OSObjects
rdar://46509986
Differential Revision: https://reviews.llvm.org/D56404
llvm-svn: 350869
|
| |
|
|
|
|
|
|
| |
for readability
Differential Revision: https://reviews.llvm.org/D56344
llvm-svn: 350867
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current argument order has "expected" and "actual" the wrong way around,
so that the diff shows the change from expected to actual, not from actual to expected.
Namely, if the expected diagnostics contains the string "foo", but the analyzer emits "bar",
we really want to see:
```
- foo
+ bar
```
not
```
- bar
+ foo
```
since adapting to most changes would require applying that diff to the expected output.
Differential Revision: https://reviews.llvm.org/D56340
llvm-svn: 350866
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
external functions
Summary: This is just changing naming and documentation to be general about external definitions that can be imported for cross translation unit analysis. There is at least a plan to add VarDecls: D46421
Reviewers: NoQ, xazax.hun, martong, a.sidorin, george.karpenkov, serge-sans-paille
Reviewed By: xazax.hun, martong
Subscribers: mgorny, whisperity, baloghadamsoftware, szepet, rnkovacs, mikhail.ramalho, Szelethus, donat.nagy, dkrupp, cfe-commits
Differential Revision: https://reviews.llvm.org/D56441
llvm-svn: 350852
|
| |
|
|
|
|
| |
JSON is case sensitive and the SARIF spec uses the corrected spelling.
llvm-svn: 350817
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is a different approach to landing the reverted r349701.
It is expected to have the same object (memory region) treated as if it has
different types in different program points. The correct behavior for
RegionStore when an object is stored as an object of type T1 but loaded as
an object of type T2 is to store the object as if it has type T1 but cast it
to T2 during load.
Note that the cast here is some sort of a "reinterpret_cast" (even in C). For
instance, if you store an integer and load a float, you won't get your integer
represented as a float; instead, you will get garbage.
Admit that we cannot perform the cast and return an unknown value.
Differential Revision: https://reviews.llvm.org/D55875
rdar://problem/45062567
llvm-svn: 349984
|
| |
|
|
| |
llvm-svn: 349943
|
| |
|
|
|
|
|
|
|
|
| |
RetainCountChecker on type mismatch even for inlined functions"
This reverts commit b44b33f6e020a2c369da2b0c1d53cd52975f2526.
Revert the revert with the fix.
llvm-svn: 349939
|
| |
|
|
|
|
|
|
| |
checker
It should be in the past tense.
llvm-svn: 349938
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
RetainCountChecker on type mismatch even for inlined functions
The fix done in D55465 did not previously apply when the function was inlined.
rdar://46889541
Differential Revision: https://reviews.llvm.org/D55976
........
Fixes broken buildbot: http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win/builds/14764
llvm-svn: 349894
|
| |
|
|
|
|
|
|
|
|
|
|
| |
inlined functions
The fix done in D55465 did not previously apply when the function was inlined.
rdar://46889541
Differential Revision: https://reviews.llvm.org/D55976
llvm-svn: 349876
|
| |
|
|
|
|
|
|
|
|
|
|
| |
mismatched summary in inlined functions
Previously, we were not printing a note at all if at least one of the parameters was not annotated.
rdar://46888422
Differential Revision: https://reviews.llvm.org/D55972
llvm-svn: 349875
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an -analyzer-config is passed through -Xanalyzer, it is not found while
looking for -Xclang.
Additionally, don't emit -analyzer-config-compatibility-mode for *every*
-analyzer-config flag we encounter; one is enough.
https://reviews.llvm.org/D55823
rdar://problem/46504165
llvm-svn: 349866
|
| |
|
|
|
|
|
|
|
|
| |
r348038.""
This reverts commit 144927939587b790c0536f4ff08245043fc8d733.
Fixes the bug in the original commit.
llvm-svn: 349863
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If it ends with "Retain" like CFRetain and returns a CFTypeRef like CFRetain,
then it is not necessarily a CFRetain. But it is indeed true that these two
return something retained.
Differential Revision: https://reviews.llvm.org/D55907
rdar://problem/39390714
llvm-svn: 349862
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commits r349824, r349828, r349835.
More buildbot failures were noticed.
Differential Revision: https://reviews.llvm.org/D55823
rdar://problem/46504165
llvm-svn: 349843
|
| |
|
|
|
|
|
|
|
|
|
| |
The -c flag causes a .o file to appear every time we run a test.
Remove it.
Differential Revision: https://reviews.llvm.org/D55823
rdar://problem/46504165
llvm-svn: 349835
|
| |
|
|
|
|
|
|
|
|
| |
Buildbots can't find the linker, which we don't really need in our tests.
Differential Revision: https://reviews.llvm.org/D55823
rdar://problem/46504165
llvm-svn: 349828
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since r348038 we emit an error every time an -analyzer-config option is not
found. The driver, however, suppresses this error with another flag,
-analyzer-config-compatibility-mode, so backwards compatibility is maintained,
while analyzer developers still enjoy the new typo-free experience.
The backwards compatibility turns out to be still broken when the -analyze
action is not specified; it is still possible to specify -analyzer-config
in that case. This should be fixed now.
Patch by Kristóf Umann!
Differential Revision: https://reviews.llvm.org/D55823
rdar://problem/46504165
llvm-svn: 349824
|
| |
|
|
|
|
|
|
| |
SARIF exports.
This adds anchors to all of the documented checks so that you can directly link to a check by a stable name. This is useful because the SARIF file format has a field for specifying a URI to documentation for a rule and some viewers, like CodeSonar, make use of this information. These links are then exposed through the SARIF exporter.
llvm-svn: 349812
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit r349701.
The patch was incorrect. The whole point of CastRetrievedVal()
is to handle the case in which the type from which the cast is made
(i.e., the "type" of value `V`) has nothing to do with the type of
the region it was loaded from (i.e., `R->getValueType()`).
Differential Revision: https://reviews.llvm.org/D55875
rdar://problem/45062567
llvm-svn: 349798
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is expected to have the same object (memory region) treated as if it has
different types in different program points. The correct behavior for
RegionStore when an object is stored as an object of type T1 but loaded as
an object of type T2 is to store the object as if it has type T1 but cast it
to T2 during load.
Note that the cast here is some sort of a "reinterpret_cast" (even in C). For
instance, if you store a float and load an integer, you won't have your float
rounded to an integer; instead, you will have garbage.
Admit that we cannot perform the cast as long as types we're dealing with are
non-trivial (neither integers, nor pointers).
Of course, if the cast is not necessary (eg, T1 == T2), we can still load the
value just fine.
Differential Revision: https://reviews.llvm.org/D55875
rdar://problem/45062567
llvm-svn: 349701
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Static Analyzer processes the program function-by-function, sometimes diving
into other functions ("inlining" them). When an object is returned from an
inlined function, Return Value Optimization is modeled, and the returned object
is constructed at its return location directly.
When an object is returned from the function from which the analysis has started
(the top stack frame of the analysis), the return location is unknown. Model it
with a SymbolicRegion based on a conjured symbol that is specifically tagged for
that purpose, because this is generally the correct way to symbolicate
unknown locations in Static Analyzer.
Fixes leak false positives when an object is returned from top frame in C++17:
objects that are put into a SymbolicRegion-based memory region automatically
"escape" and no longer get reported as leaks. This only applies to C++17 return
values with destructors, because it produces a redundant CXXBindTemporaryExpr
in the call site, which confuses our liveness analysis. The actual fix
for liveness analysis is still pending, but it is no longer causing problems.
Additionally, re-enable temporary destructor tests in C++17.
Differential Revision: https://reviews.llvm.org/D55804
rdar://problem/46217550
llvm-svn: 349696
|
| |
|
|
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D55873
rdar://problem/45366551
llvm-svn: 349683
|
| |
|
|
|
|
| |
functions'
llvm-svn: 349340
|
| |
|
|
|
|
|
|
|
|
| |
This checker warns you when you re-use an object after moving it.
Mostly developed by Peter Szecsi!
Differential Revision: https://reviews.llvm.org/D38675
llvm-svn: 349328
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-using a moved-from local variable is most likely a bug because there's
rarely a good motivation for not introducing a separate variable instead.
We plan to keep emitting such warnings by default.
Introduce a flag that allows disabling warnings on local variables that are
not of a known move-unsafe type. If it doesn't work out as we expected,
we'll just flip the flag.
We still warn on move-unsafe objects and unsafe operations on known move-safe
objects.
Differential Revision: https://reviews.llvm.org/D55730
llvm-svn: 349327
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This re-applies commit r349226 that was reverted in r349233 due to failures
on clang-x64-windows-msvc.
Specify enum type as unsigned for use in bit field. Otherwise overflows
may cause UB.
Differential Revision: https://reviews.llvm.org/D55388
llvm-svn: 349326
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
StaticAnalyzer uses the CFG-based RelaxedLiveVariables analysis in order to,
in particular, figure out values of which expressions are still needed.
When the expression becomes "dead", it is garbage-collected during
the dead binding scan.
Expressions that constitute branches/bodies of control flow statements,
eg. `E1' in `if (C1) E1;' but not `E2' in `if (C2) { E2; }', were kept alive
for too long. This caused false positives in MoveChecker because it relies
on cleaning up loop-local variables when they go out of scope, but some of those
live-for-too-long expressions were keeping a reference to those variables.
Fix liveness analysis to correctly mark these expressions as dead.
Add a debug checker, debug.DumpLiveStmts, in order to test expressions liveness.
Differential Revision: https://reviews.llvm.org/D55566
llvm-svn: 349320
|
| |
|
|
|
|
| |
Differential Revision: https://reviews.llvm.org/D54834
llvm-svn: 349283
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch merely reorganizes some things, and features no functional change.
In detail:
* Provided documentation, or moved existing documentation in more obvious
places.
* Added dividers. (the //===----------===// thing).
* Moved getAllocationFamily, printAllocDeallocName, printExpectedAllocName and
printExpectedDeallocName in the global namespace on top of the file where
AllocationFamily is declared, as they are very strongly related.
* Moved isReleased and MallocUpdateRefState near RefState's definition for the
same reason.
* Realloc modeling was very poor in terms of variable and structure naming, as
well as documentation, so I renamed some of them and added much needed docs.
* Moved function IdentifierInfos to a separate struct, and moved isMemFunction,
isCMemFunction adn isStandardNewDelete inside it. This makes the patch affect
quite a lot of lines, should I extract it to a separate one?
* Moved MallocBugVisitor out of MallocChecker.
* Preferred switches to long else-if branches in some places.
* Neatly organized some RUN: lines.
Differential Revision: https://reviews.llvm.org/D54823
llvm-svn: 349281
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Renaming collectCheckers to getEnabledCheckers
Changing the functionality to acquire all enabled checkers, rather then collect
checkers for a specific CheckerOptInfo (for example, collecting all checkers for
{ "core", true }, which meant enabling all checkers from the core package, which
was an unnecessary complication).
Removing CheckerOptInfo, instead of storing whether the option was claimed via a
field, we handle errors immediately, as getEnabledCheckers can now access a
DiagnosticsEngine. Realize that the remaining information it stored is directly
accessible through AnalyzerOptions.CheckerControlList.
Fix a test with -analyzer-disable-checker -verify accidentally left in.
llvm-svn: 349274
|
| |
|
|
|
|
|
|
| |
This reverts commit r349226.
Fails on an MSVC buildbot.
llvm-svn: 349233
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Right now they report to have one parameter with null decl,
because initializing an ArrayRef of pointers with a nullptr
yields an ArrayRef to an array of one null pointer.
Fixes a crash in the OSObject section of RetainCountChecker.
Differential Revision: https://reviews.llvm.org/D55671
llvm-svn: 349229
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The checker wasn't prepared to see the dealloc message sent to the class itself
rather than to an instance, as if it was +dealloc.
Additionally, it wasn't prepared for pure-unknown or undefined self values.
The new guard covers that as well, but it is annoying to test because
both kinds of values shouldn't really appear and we generally want to
get rid of all of them (by modeling unknown values with symbols and
by warning on use of undefined values before they are used).
The CHECK: directive for FileCheck at the end of the test looks useless,
so i removed it.
Differential Revision: https://reviews.llvm.org/D55680
llvm-svn: 349228
|
