df70700f5aa5744d7f70fb3e6610ff434f643a71 |
|
17-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C string default values for const char * arguments. Previously, SValBuilder knew how to evaluate StringLiterals, but couldn't handle an array-to-pointer decay for constant values. Additionally, RegionStore was being too strict about loading from an array, refusing to return a 'char' value from a 'const char' array. Both of these have been fixed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186520 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
7f1fd2f182717d5ce6cde60398128910c90f98be |
|
29-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation This gives slightly better precision, specifically, in cases where a non-typed region represents the array or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
3056439bb175db8c46b89fb4385de8b3a8e42d0d |
|
29-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-enable reasoning about CK_LValueBitCast It’s important for us to reason about the cast as it is used in std::addressof. The reason we did not handle the cast previously was a crash on a test case (see commit r157478). The crash was in processing array to pointer decay when the region type was not an array. Address the issue, by just returning an unknown in that case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
00ffb8079b14cade816d8f668675e853e613dee0 |
|
06-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove now-unused bindCompoundLiteral helper function. The one user has been changed to use getLValue on the compound literal expression and then use the normal bindLoc to assign a value. No need to special case this in the StoreManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e2b1246a24e8babf2f58c93713fba16b8edb8e2d |
|
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate constant evaluation logic in SValBuilder. Previously, this was scattered across Environment (literal expressions), ExprEngine (default arguments), and RegionStore (global constants). The former special-cased several kinds of simple constant expressions, while the latter two deferred to the AST's constant evaluator. Now, these are all unified as SValBuilder::getConstantVal(). To keep Environment fast, the special cases for simple constant expressions have been left in, but the main benefits are that (a) unusual constants like ObjCStringLiterals now work as default arguments and global constant initializers, and (b) we're not duplicating code between ExprEngine and RegionStore. This actually caught a bug in our test suite, which is awesome: we stop tracking allocated memory if it's passed as an argument along with some kind of callback, but not if the callback is 0. We were testing this in a case where the callback parameter had a default value, but that value was 0. After this change, the analyzer now (correctly) flags that as a leak! <rdar://problem/13773117> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e0262e25206bef1d7efb0cb2f37abd1e42ada4cb |
|
24-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Refactoring + explanatory comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180181 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
258277d5a922e06ef523f7805900689b680ddc7d |
|
18-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] "Force" LazyCompoundVals on bind when they are simple enough. The analyzer uses LazyCompoundVals to represent rvalues of aggregate types, most importantly structs and arrays. This allows us to efficiently copy around an entire struct, rather than doing a memberwise load every time a struct rvalue is encountered. This can also keep memory usage down by allowing several structs to "share" the same snapshotted bindings. However, /lookup/ through LazyCompoundVals can be expensive, especially since they can end up chaining back to the original value. While we try to reuse LazyCompoundVals whenever it's safe, and cache information about this transitivity, the fact is it's sometimes just not a good idea to perpetuate LazyCompoundVals -- the tradeoffs just aren't worth it. This commit changes RegionStore so that binding a LazyCompoundVal to struct will do a memberwise copy if the struct is simple enough. Today's definition of "simple enough" is "up to N scalar members" (see below), but that could easily be changed in the future. This is enough to bring the test case in PR15697 back down to a manageable analysis time (within 20% of its original time, in an unfair test where the new analyzer is not compiled with LTO). The actual value of "N" is controlled by a new -analyzer-config option, 'region-store-small-struct-limit'. It defaults to "2", meaning structs with zero, one, or two scalar members will be considered "simple enough" for this code path. It's worth noting that a more straightforward implementation would do this on load, not on bind, and make use of the structure we already have for this: CompoundVal. A long time ago, this was actually how RegionStore modeled aggregate-to-aggregate copies, but today it's only used for compound literals. Unfortunately, it seems that we've special-cased LazyCompoundVal in certain places (such as liveness checks) but failed to similarly special-case CompoundVal in all of them. Until we're confident that CompoundVal is handled properly everywhere, this solution is safer, since the entire optimization is just an implementation detail of RegionStore. <rdar://problem/13599304> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179767 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
b93fc8ebed158ed5516fd85d11e89fffaf80622b |
|
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be lazy about struct/array global invalidation too. Structs and arrays can take advantage of the single top-level global symbol optimization (described in the previous commit) just as well as scalars. No intended behavioral change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179555 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
262e0d41e49c6b823d62743535e2accb117a6ea9 |
|
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Re-enable using global regions as a symbolic base. Now that we're invalidating global regions properly, we want to continue taking advantage of a particular optimization: if all global regions are invalidated together, we can represent the bindings of each region with a "derived region value" symbol. Essentially, this lazily links each global region with a single symbol created at invalidation time, rather than binding each region with a new symbolic value. We used to do this, but haven't been for a while; the previous commit re-enabled this code path, and this handles the fallout. <rdar://problem/13464044> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e0208ff84598f48e0aafecf5b543afeff8574045 |
|
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Properly invalidate global regions on opaque function calls. This fixes a regression where a call to a function we can't reason about would not actually invalidate global regions that had explicit bindings. void test_that_now_works() { globalInt = 42; clang_analyzer_eval(globalInt == 42); // expected-warning{{TRUE}} invalidateGlobals(); clang_analyzer_eval(globalInt == 42); // expected-warning{{UNKNOWN}} } This has probably been around since the initial "cluster" refactoring of RegionStore, if not longer. <rdar://problem/13464044> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179553 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
a5796f87229b4aeebca71fa6ee1790ae7a5a0382 |
|
09-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
3d3fb9078f0112fa51d8d9862221f5544c5c80e7 |
|
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix typo. Thanks Jordan! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178683 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
658a28479dd775f6ff2c07fa5699a7ea01e04127 |
|
02-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
41988f331a74a72cf243a2a68ffb56418e9a174e |
|
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works for const pointers passed as a top level parameter into a function. We need to differentiate the const pointers escape from regular escape since the content pointed by const pointer will not change; if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers. This should suppress several false positives reported by the NewDelete checker on llvm codebase. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
df5f80f8a34e26a4fb77f48f858c7838426a0785 |
|
26-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] micro optimization as per Jordan’s feedback on r177905. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178062 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5db8fac5f304d9973f724d5aeb4108367d36f781 |
|
25-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Set concrete offset bindings to UnknownVal when processing symbolic offset binding, even if no bindings are present. This addresses an undefined value false positive from concreteOffsetBindingIsInvalidatedBySymbolicOffsetAssignment. Fixes PR14877; radar://12991168. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177905 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
683d25656f28937f78c815f70545139c432f1ff3 |
|
23-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Correct the stale comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177788 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
aa5573364b79bf4d85380aaec59cae2eeefcb322 |
|
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Appease buildbots: include template arguments in base class ref. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177583 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
f8e2c06cea1548c437761cb65cfbf97d50a057a7 |
|
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't invalidate globals when there's no call involved. This fixes some mistaken condition logic in RegionStore that caused global variables to be invalidated when /any/ region was invalidated, rather than only as part of opaque function calls. This was only being used by CStringChecker, and so users will now see that strcpy() and friends do not invalidate global variables. Also, add a test case we don't handle properly: explicitly-assigned global variables aren't being invalidated by opaque calls. This is being tracked by <rdar://problem/13464044>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177572 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66 |
|
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Invalidate regions indirectly accessible through const pointers. In this case, the value of 'x' may be changed after the call to indirectAccess: struct Wrapper { int *ptr; }; void indirectAccess(const Wrapper &w); void test() { int x = 42; Wrapper w = { x }; clang_analyzer_eval(x == 42); // TRUE indirectAccess(w); clang_analyzer_eval(x == 42); // UNKNOWN } This is important for modelling return-by-value objects in C++, to show that the contents of the struct are escaping in the return copy-constructor. <rdar://problem/13239826> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9f3495aeaa24da4eacf8f6c274adcef65e2f3617 |
|
19-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not believe lazy binding when symbolic region types do not match This fixes a crash when analyzing LLVM that was exposed by r177220 (modeling of trivial copy/move assignment operators). When we look up a lazy binding for “Builder”, we see the direct binding of Loc at offset 0. Previously, we believed the binding, which led to a crash. Now, we do not believe it as the types do not match. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177453 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
d764e20189dbb42b38ada383a0a159f6adc0d56c |
|
02-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Special-case bitfields when finding sub-region bindings. Previously we were assuming that we'd never ask for the sub-region bindings of a bitfield, since a bitfield cannot have subregions. However, unification of code paths has made that assumption invalid. While we could take advantage of this by just checking for the single possible binding, it's probably better to do the right thing, so that if/when we someday support unions we'll do the right thing there, too. This fixes a handful of false positives in analyzing LLVM. <rdar://problem/13325522> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176388 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e33d852452c7008ccd0677aae88f1055cf1a9af1 |
|
28-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RegionStore: collectSubRegionKeys -> collectSubRegionBindings By returning the (key, value) binding pairs, we save lookups afterwards. This also enables further work later on. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176230 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
deb8f5d533b7bcd962976ecdbc1464fe754b6de0 |
|
27-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If a struct has a partial lazy binding, its fields aren't Undef. This is essentially the same problem as r174031: a lazy binding for the first field of a struct may stomp on an existing default binding for the entire struct. Because of the way RegionStore is set up, we can't help but lose the top-level binding, but then we need to make sure that accessing one of the other fields doesn't come back as Undefined. In this case, RegionStore is now correctly detecting that the lazy binding we have isn't the right type, but then failing to follow through on the implications of that: we don't know anything about the other fields in the aggregate. This fix adds a test when searching for other kinds of default values to see if there's a lazy binding we rejected, and if so returns a symbolic value instead of Undefined. The long-term fix for this is probably a new Store model; see <rdar://problem/12701038>. Fixes <rdar://problem/13292559>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176144 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
fbdbed3bde8577815826b9d15790e5effb913f7b |
|
25-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle reference parameters with default values. r175026 added support for default values, but didn't take reference parameters into account, which expect the default argument to be an lvalue. Use createTemporaryRegionIfNeeded if we can evaluate the default expr as an rvalue but the expected result is an lvalue. Fixes the most recent report of PR12915. The original report predates default argument support, so that can't be it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176042 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
472b0613ff67e8598ef6a69bb478c721b21a9294 |
|
21-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tidy up a few uses of Optional in RegionStore. Some that I just added needed conversion to use 'None', others looked better using Optional<SVal>::create. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175714 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
66874fb18afbffb8b2ca05576851a64534be3352 |
|
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Use None rather than Optional<T>() where possible. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175705 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
11f0cae4bf4f62dcc706d33c1f795d460cd64816 |
|
21-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tighten up safety in the use of lazy bindings. - When deciding if we can reuse a lazy binding, make sure to check if there are additional bindings in the sub-region. - When reading from a lazy binding, don't accidentally strip off casts or base object regions. This slows down lazy binding reading a bit but is necessary for type sanity when treating one class as another. A bit of minor refactoring allowed these two checks to be unified in a nice early-return-using helper function. <rdar://problem/13239840> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175703 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
dc84cd5efdd3430efb22546b4ac656aa0540b210 |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0b9c328bb47b38ef6ff877a42e8a90a31ab0e2e1 |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Use op-> directly rather than via Optional<T>::getPointer. Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5251abea41b446c26e3239c8dd6c7edea6fc335d |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
206f49966f66ad7cbfe3d37c14fa7e6e7410f3be |
|
20-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Account for the "interesting values" hash table resizing. RegionStoreManager::getInterestingValues() returns a pointer to a std::vector that lives inside a DenseMap, which is constructed on demand. However, constructing one such value can lead to constructing another value, which will invalidate the reference created earlier. Fixed by delaying the new entry creation until the function returns. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175582 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
65f991ccbec43b4a860f70594c92528ee8fb7c6f |
|
19-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't accidentally strip off base object regions for lazy bindings. If a base object is at a 0 offset, RegionStoreManager may find a lazy binding for the entire object, then try to attach a FieldRegion or grandparent CXXBaseObjectRegion on top of that (skipping the intermediate region). We now preserve as many layers of base object regions necessary to make the types match. <rdar://problem/13239840> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175556 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
28743b006bd88cd7d0ea97b4f17646f8fc429b89 |
|
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cache the bindings accessible through a LazyCompoundVal. This means we don't have to recompute them all later for every removeDeadSymbols check. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175233 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
fcfcd80cd1de38fe272e1a8ae8faa3cfb6b2e37e |
|
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tweak LazyCompoundVal reuse check to ignore qualifiers. This is optimization only; no behavioral change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175231 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0a0f1309d0fbeb0e77edbbc4e0b15cc330c3a28c |
|
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use collectSubRegionKeys to make removeDeadBindings faster. Previously, whenever we had a LazyCompoundVal, we crawled through the entire store snapshot looking for bindings within the LCV's region. Now, we just ask for the subregion bindings of the lazy region and only visit those. This is an optimization (so no test case), but it may allow us to clean up more dead bindings than we were previously. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175230 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9d688e219caa37e60975ec8d5bebe74a176c9c2b |
|
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Refactor RegionStore's sub-region bindings traversal. This is going to be used in the next commit. While I'm here, tighten up assumptions about symbolic offset BindingKeys, and make offset calculation explicitly handle all MemRegion kinds. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175228 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
697a68590a75f5cd2326c8f686a6c666b51688b6 |
|
14-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Try constant-evaluation for all variables, not just globals. In C++, constants captured by lambdas (and blocks) are not actually stored in the closure object, since they can be expanded at compile time. In this case, they will have no binding when we go to look them up. Previously, RegionStore thought they were uninitialized stack variables; now, it checks to see if they are a constant we know how to evaluate, using the same logic as r175026. This particular code path is only for scalar variables. Constant arrays and structs are still unfortunately unhandled; we'll need a stronger solution for those. This may have a small performance impact, but only for truly-undefined local variables, captures in a non-inlined block, and non-constant globals. Even then, in the non-constant case we're only doing a quick type check. <rdar://problem/13105553> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175194 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
38f68ef19cb51d5876e9025b5fceb44b33ec9ed7 |
|
13-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use Clang's evaluation for global constants and default arguments. Previously, we were handling only simple integer constants for globals and the smattering of implicitly-valued expressions handled by Environment for default arguments. Now, we can use any integer constant expression that Clang can evaluate, in addition to everything we handled before. PR15094 / <rdar://problem/12830437> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175026 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
04870edbea6cf88412c8c9c1eba65f7fc1fa12d9 |
|
13-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use makeZeroVal in RegionStore's lazy evaluation of statics. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175025 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
978aeac1a90020b2a0ae6c7eb7fe65aa8226f74a |
|
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Reuse a LazyCompoundVal if its type matches the new region. This allows us to keep from chaining LazyCompoundVals in cases like this: CGRect r = CGRectMake(0, 0, 640, 480); CGRect r2 = r; CGRect r3 = r2; Previously we only made this optimization if the struct did not begin with an aggregate member, to make sure that we weren't picking up an LCV for the first field of the struct. But since LazyCompoundVals are typed, we can make that inference directly by comparing types. This is a pure optimization; the test changes are to guard against possible future regressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174211 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0e450cbd94e5936fdecf42b810069e7becd3938d |
|
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If a lazy binding is undefined, pretend that it's unknown instead. This is a hack to work around the fact that we don't track extents for our default bindings: CGPoint p; p.x = 0.0; p.y = 0.0; rectParam.origin = p; use(rectParam.size); // warning: uninitialized value in rectParam.size.width In this case, the default binding for 'p' gets copied into 'rectParam', because the 'origin' field is at offset 0 within CGRect. From then on, rectParam's old default binding (in this case a symbol) is lost. This patch silences the warning by pretending that lazy bindings are never made from uninitialized memory, but not only is that not true, the original default binding is still getting overwritten (see FIXME test cases). The long-term solution is tracked in <rdar://problem/12701038> PR14765 and <rdar://problem/12875012> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174031 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5255f27362ffbfedea889870bf8d5812dae97553 |
|
31-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug in region store that lead to undefined value false positives. The includeSuffix was only set on the first iteration through the function, resulting in invalid regions being produced by getLazyBinding (ex: zoomRegion.y). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174016 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f |
|
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'llvm::' qualifier from names like StringRef and others that are brought into 'clang' namespace by clang/Basic/LLVM.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
beac9e3772e255f89dad0abe34811953121912b2 |
|
09-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Do not model loads from complex types, since we don't accurately model the imaginary and real parts yet. Fixes false positive reported in <rdar://problem/12964481>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171987 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
bf53dfac8195835028bd6347433f7dbebcc29fc1 |
|
20-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add the pointer escaped callback. Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape. Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
b0abacf2f1f77214e4c77d6ec8a02b097bb98f7a |
|
14-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Refactor dump methods to make RegionBindingsRef printable in the debugger. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170170 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
18f860ee6cc43c8fc80834073b097eb5c02b22cf |
|
07-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Reduce conversions between Store <-> ImmutableMapRef in RegionStore. This reduces canonicalization of ImmutableMaps. This reduces analysis time of one heavy Objective-C file by another 1%. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169630 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0c312a90c5b9d27e1425bf8d0448e133a97806ce |
|
07-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Add helper method to convert from a RegionStoreRefBindings to a Store. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169622 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
23dca7d88f3e9a7925bfb2c5449499900c906633 |
|
07-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Further reduce analysis time by 0.2% on a heavy Objective-C example by avoiding over-eager canonicalization of clusters. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169586 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
75191fdbc3d3eec5f3447b285acf6cfcc2054b25 |
|
07-Dec-2012 |
David Blaikie <dblaikie@gmail.com> |
Unbreak the GCC (4.4 & other bot) builds from r169571. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169581 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
29f5ccd7ef9bc066cb5894834945eaad2c4c7e53 |
|
07-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Change RegionStore to always use ImmutableMapRef for processing cluster bindings. This reduces analysis time by 1.2% on one test case (Objective-C), but also cleans up some of the code conceptually as well. We can possible just make RegionBindingsRef -> RegionBindings, but I wanted to stage things. After this, we should revisit Jordan's optimization of not canonicalizing the immutable AVL trees for the cluster bindings as well. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169571 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
14491490a5276ff4da9b28100fb8e7d442944288 |
|
06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "[analyzer] Aggressively cut back on the canonicalization in RegionStore." Jordan and I discussed this, and we are going to do this another way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169538 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
426cc12317468d42ba4e603731ebe5971af098a6 |
|
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Aggressively cut back on the canonicalization in RegionStore. Whenever we touch a single bindings cluster multiple times, we can delay canonicalizing it until the final access. This has some interesting implications, in particular that we shouldn't remove an /empty/ cluster from the top-level map until canonicalization. This is good for a 2% speedup or so on the test case in <rdar://problem/12810842> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169523 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e3ce2c10c3f6ae7b26700d758de909deab190d42 |
|
06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator. This is a nice conceptual cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
2fa67efeaf66a9332c30a026dc1c21bef6c33a6c |
|
01-Dec-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code. Required to pull some functions out of line, but this shouldn't have a perf impact. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169092 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
3881866dc782c5e13b21031bd363e93fbf367167 |
|
28-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove workaround in RegionStore in r168741 since it is handled more generally by r168757. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168774 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
bd8a11e224c3ec6cbc4bb9b1fc70a8aa3a633e43 |
|
28-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Provide stop-gap solution to crash reported in PR 14436. This was also covered by <rdar://problem/12753384>. The static analyzer evaluates a CXXConstructExpr within an initializer expression and RegionStore doesn't know how to handle the resulting CXXTempObjectRegion that gets created. We need a better solution than just dropping the value, but we need to better understand how to implement the right semantics here. Thanks to Jordan for his help diagnosing the behavior here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168741 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
4e674f77150b52d8e6ae82faf64fbdac79d675d3 |
|
10-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When invalidating symbolic offset regions, take fields into account. Previously, RegionStore was being VERY conservative in saying that because p[i].x and p[i].y have a concrete base region of 'p', they might overlap. Now, we check the chain of fields back up to the base object and check if they match. This only kicks in when dealing with symbolic offset regions because RegionStore's "base+offset" representation of concrete offset regions loses all information about fields. In cases where all offsets are concrete (s.x and s.y), RegionStore will already do the right thing, but mixing concrete and symbolic offsets can cause bindings to be invalidated that are known to not overlap (e.g. p[0].x and p[i].y). This additional refinement is tracked by <rdar://problem/12676180>. <rdar://problem/12530149> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167654 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb |
|
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead on end of path. This will simplify checkers that need to register for leaks. Currently, they have to register for both: check dead and check end of path. I've modified the SymbolReaper to consider everything on the stack dead if the input StackLocationContext is 0. (This is a bit disruptive, so I'd like to flash out all the issues asap.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
aa66b08d2d8bbf05bae8c68f58724f754ab57b35 |
|
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Push evalDynamicCast and evalDerivedToBase up to Store. These functions are store-agnostic, and would benefit from information in DynamicTypeInfo but gain nothing from the store type. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165078 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
041ce8e00afd1185549a25d5c2b97d219ae032d9 |
|
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Teach getCXXRecordDeclForPointerType about references. Then, rename it getPointeeCXXRecordDecl and give it a nice doc comment, and actually use it. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165077 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
732cdf383f9030ff2b9fb28dfbdae2285ded80c6 |
|
26-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove unnecessary ASTContext& parameter from SymExpr::getType(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
f6d05bbedd482e634507a099e3416fa05cbc0e78 |
|
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Symbolic regions are live if any subregions are live. RegionStoreManager was only treating a SymbolicRegion's symbel as live if there was a binding referring to the region itself. No test case because constraints are currently not being cleaned out of the constraint manager at all (even if the symbol is legitimately dead). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163443 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
31ba6135375433b617a8587ea6cc836a014ebd86 |
|
06-Sep-2012 |
Roman Divacky <rdivacky@freebsd.org> |
Dont cast away const needlessly. Found by gcc48 -Wcast-qual. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163325 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
4e45dba1c0234eec7b7c348dbbf568c5ac9fc471 |
|
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Clean up a couple uses of getPointeeType(). No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163219 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
fd11957f02da689480618d5fc642ef14164e9cdc |
|
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Treat all struct values as regions (even rvalues)." This turned out to have many implications, but what eventually seemed to make it unworkable was the fact that we can get struct values (as LazyCompoundVals) from other places besides return-by-value function calls; that is, we weren't actually able to "treat all struct values as regions" consistently across the entire analyzer core. Hopefully we'll be able to come up with an alternate solution soon. This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163218 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
02df4f0aef142f00d4637cd851e54da2a123ca8e |
|
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat all struct values as regions (even rvalues). This allows us to correctly symbolicate the fields of structs returned by value, as well as get the proper 'this' value for when methods are called on structs returned by value. This does require a moderately ugly hack in the StoreManager: if we assign a "struct value" to a struct region, that now appears as a Loc value being bound to a region of struct type. We handle this by simply "dereferencing" the struct value region, which should create a LazyCompoundVal. This should fix recent crashes analyzing LLVM and on our internal buildbot. <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163066 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
ad0fe03b897f9486191e75c8d90c3ffa9b4fd6a5 |
|
23-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix an assortment of doxygen comment issues found by -Wdocumentation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162412 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
56a46b51df691f857f7120aaf2d4deeff0b014de |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to 'killBinding()'. The name is more specific, and one just forwarded to the other. Add some doxygen comments along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995 |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'getConjuredSymbol*' to 'conjureSymbol*'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
32a549a64922af0903bdb777613ae7ae4490b70f |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and all forwarding methods. This functionality is already covered by bindLoc(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5be88dc79d2768d67371103b6535fb8c4a6f27a1 |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and add doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
ab9c04fda542d096c667d6a3746d94c884f80e7b |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Consilidate SmallPtrSet count() followed by insert() into a single insert(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162330 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0a5629812019ce8bef86ade5425ac261bb544fd8 |
|
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle dynamic_casts that turn out to be upcasts. This can occur with multiple inheritance, which jumps from one parent to the other, and with virtual inheritance, since virtual base regions always wrap the actual object and can't be nested within other base regions. This also exposed some incorrect logic for multiple inheritance: even if B is known not to derive from C, D might still derive from both of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
b11a3ada9a22e146c6edd33bcc6301e221fedd7a |
|
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts. ...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class. This allows us to enforce the invariant that a CXXBaseObjectRegion can always provide an offset for its base region if its base region has a known class type, by only allowing virtual bases and direct non-virtual bases to form CXXBaseObjectRegions. This does mean some slight problems for our modeling of dynamic_cast, which needs to be resolved by finding a path from the current region to the class we're trying to cast to. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
d1a4f68a4301d1ee3098cc9db0cd507b96dd1bee |
|
10-Aug-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Fix a couple of pedantic gcc warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161656 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5ad76c073e1822d11901a8552c6aa9372038b5f0 |
|
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Merge RegionStore's KillStruct and CopyLazyBindings: BindAggregate. Both methods need to clear out existing bindings and provide a new default binding. Originally KillStruct always provided UnknownVal as the default, but it's allowed symbolic values for quite some time (for handling returned structs in C). No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161637 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
1e934431adba0f459668a59c6059b9596fd627b4 |
|
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cluster bindings in RegionStore by base region. This should speed up activities that need to access bindings by cluster, such as invalidation and dead-bindings cleaning. In some cases all we save is the cost of building the region cluster map, but other times we can actually avoid traversing the rest of the store. In casual testing, this produced a speedup of nearly 10% analyzing SQLite, with /less/ memory used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161636 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
824e07ac8f5c9efdddb4254de0203b9675b1ef0b |
|
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cache the "concrete offset base" for regions with symbolic offsets. This makes it faster to access and invalidate bindings with symbolic offsets by only computing this information once. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161635 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e0d24eb1060a213ec9820dc02c45f26b2d5b348b |
|
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets. RegionStore currently uses a (Region, Offset) pair to describe the locations of memory bindings. However, this representation breaks down when we have regions like 'array[index]', where 'index' is unknown. We used to store this as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC). Furthermore, ProgramState::scanReachableSymbols depended on the existence of a sub-region map, but RegionStore's implementation doesn't provide for such a thing. Moving the store-traversing logic of scanReachableSymbols into the StoreManager allows us to eliminate the notion of SubRegionMap altogether. This fixes some particularly awkward broken test cases, now in array-struct-region.c. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
21625c69e88d232e71a3bd4ba9d4bbb484183bf1 |
|
18-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in RegionStoreManager::evalDerivedToBase() due to not handling references (in uses of dynamic_cast<>). Fixes <rdar://problem/11817693>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160427 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
752bee2493ec2931bd18899753552e3a47dc85fe |
|
06-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be careful about LazyCompoundVals, which may be for the first field. We use LazyCompoundVals to avoid copying the contents of structs and arrays around in the store, and when we need to pass a struct around that already has a LazyCompoundVal we just use the original one. However, it's possible that the first field of a struct may have a LazyCompoundVal of its own, and we currently can't distinguish a LazyCompoundVal for the first element of a struct from a LazyCompoundVal for the entire struct. In this case we should just drop the optimization and make a new LazyCompoundVal that encompasses the old one. PR13264 / <rdar://problem/11802440> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159866 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
740d490593e0de8732a697c9f77b90ddd463863b |
|
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2 |
|
23-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9955e708ffadb479b82b26d93dfcf0f5a2a6e372 |
|
16-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Return an UnknownVal when we try to get the binding for a VLA. This happens in C++ mode right at the declaration of a struct VLA; MallocChecker sees a bind and tries to get see if it's an escaping bind. It's likely that our handling of this is still incomplete, but it fixes a crash on valid without disturbing anything else for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158587 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5b8c69494881b7d35bc6244b4a19be0cc2eab368 |
|
12-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Treat LValueBitCasts like regular pointer bit casts." This does not actually give us the right behavior for reinterpret_cast of references. Reverting so I can think about it some more. This reverts commit 50a75a6e26a49011150067adac556ef978639fe6. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158341 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
570d03c6831a8e19447dc863aa94ffff020077eb |
|
12-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat LValueBitCasts like regular pointer bit casts. These casts only appear in very well-defined circumstances, in which the target of a reinterpret_cast or a function formal parameter is an lvalue reference. According to the C++ standard, the following are equivalent: reinterpret_cast<T&>( x) *reinterpret_cast<T*>(&x) [expr.reinterpret.cast]p11 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158338 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
581deb3da481053c4993c7600f97acf7768caac5 |
|
06-Jun-2012 |
David Blaikie <dblaikie@gmail.com> |
Revert Decl's iterators back to pointer value_type rather than reference value_type In addition, I've made the pointer and reference typedef 'void' rather than T* just so they can't get misused. I would've omitted them entirely but std::distance likes them to be there even if it doesn't use them. This rolls back r155808 and r155869. Review by Doug Gregor incorporating feedback from Chandler Carruth. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158104 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
7fa9b4f258636d89342eda28f21a986c8ac353b1 |
|
01-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
51d18cab1f55df33d85137868b59fec0c4a8776a |
|
11-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Include line that was meant to be in my last commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156582 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
8667052a53a47a6290dc9ae98e5c3d9277df5f4a |
|
11-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix insidious RegionStore bug where we (a) didn't handle vector types and (b) had a horrible bug in GetLazyBindings where we falsely appended a field suffix when traversing 3 or more layers of lazy bindings. I don't have a reduced test case yet; but I have added the original source to an internal regression test suite. I'll see about coming up with a reduced test case. Fixes <rdar://problem/11405978> (for real). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156580 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
50b5a5c32e07301e4edcc01aca1f8a49a128c66c |
|
09-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simplify r156446, as per Ted's review. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156482 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
a8f2362307b436023095e66efd678ae591c02184 |
|
09-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] We currently do not fully support CompoundLiterals in RegionStore, so be explicit about it and generate UnknownVal(). This is a hack to ensure we never produce undefined values for a value coming from a compound value. (The undefined values can lead to false positives.) radar://10127782 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156446 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
4213e389d6f8fa96ab30eec0d932e4e3eee32997 |
|
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Having RegionStore lower field bindings to raw offsets, just like ElementRegions. This is a bit disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values as structs. Fixes <rdar://problem/11405978>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156428 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
7dbbc2178fb487f3a8bff03a2c9e87f727bf2b98 |
|
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
When creating lazy bindings in RegionStore, propagate existing lazy bindings instead of creating new ones. This is a functionality optimization. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156427 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
6341931b144cbf369ab816e871322c99ee62bea7 |
|
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Include address of Store in graphviz output of ExplodedGraph. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156426 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
85d87df66a50a15a1957f7213802000b451a8ec9 |
|
04-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Explicitly model capturing variables for blocks in the static analyzer. Fixes <rdar://problem/11125868>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
262bc18e32500558af7cb0afa205b34bd37bafed |
|
30-Apr-2012 |
David Blaikie <dblaikie@gmail.com> |
Remove the ref/value inconsistency in filter_decl_iterator. filter_decl_iterator had a weird mismatch where both op* and op-> returned T* making it difficult to generalize this filtering behavior into a reusable library of any kind. This change errs on the side of value, making op-> return T* and op* return T&. (reviewed by Richard Smith) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
8f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdc |
|
26-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] check lazy bindings in RegionStore first before looking for default values. Fixes <rdar://problem/11269741>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155615 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
a2c8d2edfff1573450c6feba876830dd746ffaad |
|
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] dynamic_cast: Better model cast from a reference. Generate a sink when the dynamic_cast from a reference fails to represent a thrown exception. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154438 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e19f86edab8fb3c2c1e99e0e9815b6058504df9b |
|
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for C++ dynamic_cast. Simulate the C++ dynamic_cast in the analyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
31b57628576a2355428fd4b57f828a3aa8423000 |
|
03-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix another false positive in RegionStore involving doing loads from symbolic offsets. We still don't properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings either. Fixes <rdar://problem/11127008>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
3133f79cf451e6302dd05262b4bb53a3e4fd6300 |
|
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
6f42b62b6194f53bcbc349f5d17388e1936535d7 |
|
05-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
Basic: import OwningPtr<> into clang namespace git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
8bef8238181a30e52dea380789a7e2d760eac532 |
|
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
52e4c60e31fee851e2988f7909aebf488e57fc12 |
|
16-Jan-2012 |
David Blaikie <dblaikie@gmail.com> |
Refactor variables unused under non-assert builds. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148229 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
ce8ef16b1c58a304b7b59fad9836ad32d6ed020c |
|
13-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] RegionStoreManager::getBinding() should not crash when looking up value at a CodeTextRegion even when the type is not provided. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148079 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
0849ade4bb3e90c2fc0ce01ccd330f76f91da732 |
|
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e |
|
12-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename Store::Retrieve() -> getBinding(). + all the other Retrieve..() methods + a comment for ElementRegion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5eca482fe895ea57bc82410222e6426c09e63284 |
|
06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 |
|
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it for finding dependent symbols for taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
aace9ef279be3dadd53b481aee568bd7701178b4 |
|
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through NonLoc to NonLoc casts. - Created a new SymExpr type - SymbolCast. - SymbolCast is created when we don't know how to simplify a NonLoc to NonLoc casts. - A bit of code refactoring: introduced dispatchCast to have better code reuse, remove a goto. - Updated the test case to showcase the new taint flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
214323b78b01ef9c1ad226f0eb5bd1187f3efa70 |
|
29-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
Relax RegionStore to allow loads from CodeTextRegions. Apparently you can actually write code that does this. This seems worthy of a checker, but the StoreManager should handle the memory abstraction without crashing. Fixes PR 11450. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145424 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
e42a0ab77ca4ad5201591aac5679ef47a08af4b6 |
|
16-Nov-2011 |
Jim Goodnow II <jim@thegoodnows.net> |
Fixed crash with initializer lists and unnamed bitfields in the RegionStore Manager. Added test to ensure proper binding of initialized values. This patch fixes PR11249. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
729aa06b9d190ce01eccb7108415e698fc52f6f4 |
|
14-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer;Regionstore] handle loads from StringLiteral elements for StringLiterals representing wide strings. Fixes PR 11294. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144563 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5e1cdac63c3d9c9b32fa41fa0b2d242a58a20d49 |
|
07-Oct-2011 |
John McCall <rjmccall@apple.com> |
Rename TagDecl::isDefinition -> isCompleteDefinition for better self-documenting code, since the semantics are subtly different from getDefinition(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141355 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
eb2d1f1c88836bd5382e5d7aa8f6b85148a88b27 |
|
23-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Removing a bunch of dead returns/breaks after llvm_unreachables. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140407 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
b219cfc4d75f0a03630b7c4509ef791b7e97b2c8 |
|
23-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Switch assert(0/false) llvm_unreachable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140367 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
537716ad8dd10f984b6cfe6985afade1185c5e3c |
|
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation. Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well. Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
18c66fdc3c4008d335885695fe36fb5353c5f672 |
|
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9c378f705405d37f49795d5e915989de774fe11f |
|
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9697934650354bed2e509d8e7e44f21a1fb00f76 |
|
12-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
bea2753da897ede723e70bcd17023d050b0603d0 |
|
06-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when determining if symbols derived from regions are still live. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137005 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
fa7a95c62aa573a30d87c215b320b0086ed08bdc |
|
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136416 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
31d922fdbf52ea14856f395cb1079173b33cefcd |
|
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add safety checking in RegionStoreManager for string literal underruns. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136415 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
5f9e272e632e951b1efe824cd16acb4d96077930 |
|
23-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports them into the clang namespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
eda368791b21aafaf87012c8552dc5181c0ff7a1 |
|
27-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133937 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
c46d6410947b18ac4c52cff4d0f8021b10a57c1e |
|
20-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore not to symbolic array values whose indices it cannot reason about. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131702 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
35bdbf40624beba3fc00cb72ab444659939c1a6b |
|
02-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
bf1a66764a12f6cceb6ba8b349d4b74996e3786b |
|
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager::invalidateRegions: treat classes the same as structs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129333 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
45fa623886dfb6a23b3cfd6d8764e05884382180 |
|
03-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128783 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
613744181322b9680a4b3d59cce87d7e5e572c99 |
|
17-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without invalidating the entire binding. Fixes PR 9455. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127796 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
cf333339615da345c2ed6e873d94a501810d9f3f |
|
09-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127288 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
77a4d5687c2cb3199c689892c9d040a94ff270af |
|
19-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add 'StoreRef' smart pointer to allow more fine-grain memory lifetime control of Store objects. This yields a minor memory reduction (for larger functions) on Sqlite at the cost of slightly higher memory usage on some functions because of the increased size of GRState (which can be optimized). I expect the real memory savings from this enhancement will come when we aggressively canabilize more of the ExplodedGraph. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126012 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
7dfc9420babe83e236a47e752f8723bd06070d9d |
|
16-Feb-2011 |
Zhanyong Wan <wan@google.com> |
Makes most methods in SVals.h conform to the naming guide. Reviewed by kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
98caa2ccf04c02d14c99b3a918e0c6da57efddf4 |
|
11-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove RegionStoreManager::evalBinOp(), which is now handled by the SValBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125396 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
2534528c22260211a073e192c38d0db84c70c327 |
|
11-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename 'InvalidateRegions()' to 'invalidateRegions()'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
9b663716449b618ba0390b1dbebc54fa8e971124 |
|
10-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3 |
|
08-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core. Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration. Yet another library to avoid cyclic dependencies between Core and Checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
|