| 7f9b1d963d4b7e2faff7305733e3453130b402fe |
|
21-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have ScanReachableSymbols reported reachable regions. Fixes a false positive with nested array literals. <rdar://problem/10686586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151012 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 3133f79cf451e6302dd05262b4bb53a3e4fd6300 |
|
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 66c40400e7d6272b0cd675ada18dd62c1f0362c7 |
|
14-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)
This moves the logic which checked if a symbol escapes through a
parameter to invalidateRegionCallback (instead of post CallExpr visit.)
To accommodate the change, added a CallOrObjCMessage parameter to
checkRegionChanges callback.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| a5888f61be9f8d76e9b48a453dbced50523bd2e0 |
|
31-Jan-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Reapply r149311 which I reverted by mistake.
Original log:
Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.
# Please enter the commit message for your changes. Lines starting
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149339 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| b9b0f6fb6e113b5e6be3ed9754c4bf01186a17bf |
|
31-Jan-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Revert r149311 which failed to compile.
Original log:
Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149336 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 72e93068c9f2a2f05f5932cdd917c0d2961f11d9 |
|
31-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149311 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| af5f550de34525b27f0ff31dafce792caf8158b6 |
|
30-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 8bef8238181a30e52dea380789a7e2d760eac532 |
|
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.
At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| be97b7edb112520d764c24e8b9a159cdc692bcb6 |
|
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Skip casts when determining taint dependencies + pretty
printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 0849ade4bb3e90c2fc0ce01ccd330f76f91da732 |
|
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 9f03b62036a7abc0a227b17f4a49b9eefced9450 |
|
07-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add basic format string vulnerability checking.
We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 5eca482fe895ea57bc82410222e6426c09e63284 |
|
06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.
This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| eb31a76d1cdaaf8874c549dc6bd964ff270d3822 |
|
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.
Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.
Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:
* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars
* invalidated by functions defined in system headers:
B: errno
* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 99ba9e3bd70671f3441fb974895f226a83ce0e66 |
|
20-Dec-2011 |
David Blaikie <dblaikie@gmail.com> |
Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 777d706547ebc751d998134774d9d5388fff8e02 |
|
17-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor: Simplify & assert.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146792 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| d3d8548e75f3fb6db53ed0927c1df30d78f4ce1d |
|
16-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Better stdin support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146748 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 28fd98d66dab4569316de2b5881d91b534a42461 |
|
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor refactor to addTaint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146535 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| e55a22b917327651178ddea36b3615f579681eea |
|
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark getenv output as tainted.
Also, allow adding taint to a region (not only a symbolic value).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 24d052cdb75d3c1afa5bef32eacaa224e9d0b85d |
|
11-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Introduce IntSymExpr, where the integer is on the lhs.
Fix a bug in SimpleSValBuilder, where we should swap lhs and rhs when calling generateUnknownVal(), - the function which creates symbolic expressions when data is tainted. The issue is not visible when we only create the expressions for taint since all expressions are commutative from taint perspective.
Refactor SymExpr::symbol_iterator::expand() to use a switch instead of a chain of ifs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146336 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 5fc7def35ee858791e591d005b4ae343632ca931 |
|
08-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] If memory region is tainted mark data as tainted.
+ random comments
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146199 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| b39c5b4ddc9dcc7d9845c6c637e03e83302f8538 |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Cleanup: use the variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146056 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through MemRegions.
SVal can be not only a symbol, but a MemRegion. Add support for such
cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| a91efb14cbf6af999dee02d9b611a57c7b52e209 |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add comments related to symbol_iterator
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145987 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 1d1d515b2bafb59d624883d8fdda97d4b7dba0cb |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it
for finding dependent symbols for taint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| aace9ef279be3dadd53b481aee568bd7701178b4 |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through NonLoc to NonLoc casts.
- Created a new SymExpr type - SymbolCast.
- SymbolCast is created when we don't know how to simplify a NonLoc to
NonLoc casts.
- A bit of code refactoring: introduced dispatchCast to have better
code reuse, remove a goto.
- Updated the test case to showcase the new taint flow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 76462f00854171d2aa3ebc34f9aac1c60021b0ea |
|
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove all uses of ConstraintManager::canResonAbout() from
ExprEngine.
Teach SimpleConstraintManager::assumeSymRel() to propagate constraints
to symbolic expressions.
+ One extra warning (real bug) is now generated due to enhanced
assumeSymRel().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| d0167853f46cc78787b06255a44f9dcedd04a8ec |
|
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add ability to do a simple ProgramState dump() without
requiring CFG.
Adding more ugly code; the evnvironment printing should be moved to
envirnment at some point.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145828 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| ee081c4051cde4bd44475b5e29d695008c15a9cc |
|
17-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor tweaks to the ProgramState::isTainted().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144928 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| ceac1d6e0521161adf7ac9834b1a7ad79d73fea4 |
|
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Adding basic building blocks for taint propagation.
TaintTag.h will contain definitions of different taint kinds and their properties.
TaintManager will be responsible for implementing taint specific operations, storing taint.
ProgramState will provide API to add/remove taint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 5f625712f622f6e57de17b6f7eec242956b993ee |
|
22-Sep-2011 |
Anna Zaks <ganna@apple.com> |
ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts).
Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| d1e5a89226da79f7e6f43d40facc46abda9e5245 |
|
02-Sep-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove TransferFuncs.h, then deal with the fallout.
And with that, TransferFuncs is gone!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139003 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| dbd658e139b3e0bf084f75feaea8d844af9e319f |
|
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState.
Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging.
This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138728 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 537716ad8dd10f984b6cfe6985afade1185c5e3c |
|
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.
Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.
Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|
| 2fde35d89320a92cb5ec5ec7b0603697aa17b089 |
|
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Add ProgramState.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
|