| ef8225444452a1486bd721f3285301fe84643b00 |
21-Jul-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for rebase to r212749.
This also fixes a small issue with arm_neon.h not being generated always.
Includes a cherry-pick of:
r213450 - fixes mac-specific header issue
r213126 - removes a default -Bsymbolic on Android
Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d
nalyses/ThreadSafetyCommon.h
nalyses/ThreadSafetyOps.def
nalyses/ThreadSafetyTIL.h
nalyses/ThreadSafetyTraverse.h
nalyses/ThreadSafetyUtil.h
FG.h
|
| 6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 |
29-May-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for 3.5 rebase (r209713).
Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
nalyses/Consumed.h
nalyses/Dominators.h
nalyses/FormatString.h
nalyses/LiveVariables.h
nalyses/PostOrderCFGView.h
nalyses/ThreadSafety.h
nalyses/ThreadSafetyCommon.h
nalyses/ThreadSafetyLogical.h
nalyses/ThreadSafetyOps.def
nalyses/ThreadSafetyTIL.h
nalyses/ThreadSafetyTraverse.h
nalyses/ThreadSafetyUtil.h
nalysisContext.h
FG.h
lowSensitive/DataflowSolver.h
rogramPoint.h
upport/BumpVector.h
|
| 651f13cea278ec967336033dd032faef0e9fc2ec |
24-Apr-2014 |
Stephen Hines <srhines@google.com> |
Updated to Clang 3.5a.
Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
nalyses/Consumed.h
nalyses/Dominators.h
nalyses/FormatString.h
nalyses/ReachableCode.h
nalyses/ThreadSafety.h
nalysisContext.h
FG.h
lowSensitive/DataflowSolver.h
rogramPoint.h
upport/BumpVector.h
|
| 4c3e0bc7850df76824138ecfcc434388e7f69559 |
16-Nov-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: track state of temporary objects.
Earlier versions discarded the state too soon, and did not track state changes,
e.g. when passing a temporary to a move constructor. Patch by
chris.wailes@gmail.com; review and minor fixes by delesley.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194900 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 3347b497157d36cf280d1d9f52956faa6e702f34 |
12-Nov-2013 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Rather than duplicating extension diagnostics to allow them to cause a
substitution failure, allow a flag to be set on the Diagnostic object,
to mark it as 'causes substitution failure'.
Refactor Diagnostic.td and the tablegen to use an enum for SFINAE behavior
rather than a bunch of flags.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194444 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 9568d1c45feef22713afa551d06d60a05dc07133 |
21-Oct-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Cleanup redundant include.
Patch by Daniel Marjamäki.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193093 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| d4f0e1991f42c69111213699fb2d09dedee1cd36 |
18-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: Add param_typestate attribute, which specifies that
function parameters must be in a particular state. Patch by
chris.wailes@gmail.com. Reviewed by delesley@google.com.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192934 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| cd0f6d7600a691ad81dab308e9905fb0cce1df4d |
18-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed Analysis: Allow parameters that are passed by non-const reference
to be treated as return values, and marked with the "returned_typestate"
attribute. Patch by chris.wailes@gmail.com; reviewed by delesley@google.com.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192932 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 1bf6343612e394051fffc587e6899de6901065e0 |
12-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: switch from tests_consumed/unconsumed to a general
tests_typestate attribute. Patch by chris.wailes@gmail.com.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192513 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 53fe3f55887cddc777d0aff09143483c6b29baa0 |
09-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Fix warnings introduced in r192314.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192315 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 7385840b600d0e4a96d75042f612f6430e4a0390 |
09-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: improve loop handling. The prior version of the analysis
marked all variables as "unknown" at the start of a loop. The new version
keeps the initial state of variables unchanged, but issues a warning if the
state at the end of the loop is different from the state at the beginning.
This patch will eventually be replaced with a more precise analysis.
Initial patch by chris.wailes@gmail.com. Reviewed and edited by
delesley@google.com.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192314 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 66540857c08de7f1be9bea48381548d3942cf9d1 |
04-Oct-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed Analysis: Change callable_when so that it can take a list of states
that a function can be called in. This reduced the total number of annotations
needed and makes writing more complicated behaviour less burdensome.
Patch by chriswails@gmail.com.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191983 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 81557223ba8d7ef8b0468a6e1dc8fc79f2de46f2 |
25-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle destructors for the argument to C++ 'delete'.
Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.
This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.
Patch by Karthik Bhat!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191381 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 8a1fdfc69cc6c2ccbfd57fc8ff643c589da9df9b |
12-Sep-2013 |
Richard Smith <richard-llvm@metafoo.co.uk> |
PR16054: Slight strengthening for -Wsometimes-uninitialized: if we use a
variable uninitialized every time we reach its (reachable) declaration, or
every time we call the surrounding function, promote the warning from
-Wmaybe-uninitialized to -Wsometimes-uninitialized.
This is still slightly weaker than desired: we should, in general, warn
if a use is uninitialized the first time it is evaluated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190623 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| a33ab6074a2cc60fe895d6669f9ee776c5fea335 |
06-Sep-2013 |
David Blaikie <dblaikie@gmail.com> |
Consumed Analysis: The 'consumable' attribute now takes a identifier specifying the default assumed state for objects of this class
This information is used for return states and pass-by-value parameter
states.
Patch by Chris Wailes.
Review by DeLesley Hutchins and Aaron Ballman.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190116 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 0e8534efc3c536795ede0128aed86a6b8ad53ab7 |
03-Sep-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: add return_typestate attribute.
Patch by chris.wailes@gmail.com
Functions can now declare what state the consumable type the are returning will
be in. This is then used on the caller side and checked on the callee side.
Constructors now use this attribute instead of the 'consumes' attribute.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189843 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 36d558d85653315edb389677e995ec9ccdbfbf3d |
03-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
Add an implicit dtor CFG node just before C++ 'delete' expressions.
This paves the way for adding support for modeling the destructor of a
region before it is deleted. The statement "delete <expr>" now generates
this series of CFG elements:
1. <expr>
2. [B1.1]->~Foo() (Implicit destructor)
3. delete [B1.1]
Patch by Karthik Bhat!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189828 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| c55bee6e278d888d7a5d29fc17df6a9ae1e8b7d3 |
31-Aug-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: add 'consumable' class attribute.
Patch by chris.wailes@gmail.com
Adds the 'consumable' attribute that can be attached to classes. This replaces
the previous method of scanning a class's methods to see if any of them have
consumed analysis attributes attached to them. If consumed analysis attributes
are attached to methods of a class that isn't marked 'consumable' a warning
is generated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189702 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| b7dc1f5f30e1e46e44389b036d48f9614cfd5fe3 |
29-Aug-2013 |
DeLesley Hutchins <delesley@google.com> |
Consumed analysis: improve handling of conditionals.
Patch by chris.wailes@gmail.com.
* The TestedVarsVisitor was folded into the ConsumedStmtVisitor.
* The VarTestResult class was updated to allow these changes.
* The PropagationInfo class was updated for the same reasons.
* Correctly handle short-circuiting of Boolean operations.
* Blocks are now marked as unreachable when we can statically prove we will
never branch to them.
* Unreachable blocks are skipped by the analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189594 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 344472ebeded2fca2ed5013b9e87f81d09bfa908 |
23-Aug-2013 |
Robert Wilhelm <robert.wilhelm@gmx.net> |
Use pop_back_val() instead of both back() and pop_back().
No functionality change intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189112 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| 5fdd207ec8f4c1f58bd74f8a84ce1935487563ce |
22-Aug-2013 |
DeLesley Hutchins <delesley@google.com> |
Update to consumed analysis.
Patch by chris.wailes@gmail.com. The following functionality was added:
* The same functionality is now supported for both CXXOperatorCallExprs and CXXMemberCallExprs.
* Factored out some code in StmtVisitor.
* Removed variables from the state map when their destructors are encountered.
* Started adding documentation for the consumed analysis attributes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189059 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 47ad6ce1afad6b70927347dfa15e0f1dc76bf5bb |
21-Aug-2013 |
David Majnemer <david.majnemer@gmail.com> |
Analysis: Add support for MS specific printf format specifiers
Summary: Adds support for %I, %I32 and %I64.
Reviewers: hans, jordan_rose, rnk, majnemer
Reviewed By: majnemer
CC: cfe-commits, cdavis5x
Differential Revision: http://llvm-reviews.chandlerc.com/D1456
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188937 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 039970aae2b7e59ac4de5f147dfbc3c91b275b9e |
13-Aug-2013 |
NAKAMURA Takumi <geek4civic@gmail.com> |
AnalysisBasedWarnings.cpp:: Prune "\param VariableName", possibly copypasto, in comments. [-Wdocumentation]
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188248 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| 2d84f6b563e39c1e90e4d3d7e6846d46bc58ff5d |
13-Aug-2013 |
Reid Kleckner <reid@kleckner.net> |
Remove Sema includes from Analysis code to fix layering
This moves a header-only class from Sema to Analysis and puts the option
check in Sema.
Patch by Chris Wailes!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188230 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| df7bef07eebd5c7913e8be09c62a6a470f255fd2 |
12-Aug-2013 |
DeLesley Hutchins <delesley@google.com> |
Patch by Chris Wailes <chris.wailes@gmail.com>.
Reviewed by delesley, dblaikie.
Add the annotations and code needed to support a basic 'consumed' analysis.
Summary:
This new analysis is based on academic literature on linear types. It tracks
the state of a value, either as unconsumed, consumed, or unknown. Methods are
then annotated as CallableWhenUnconsumed, and when an annotated method is
called while the value is in the 'consumed' state a warning is issued. A value
may be tested in the conditional statement of an if-statement; when this occurs
we know the state of the value in the different branches, and this information
is added to our analysis. The code is still highly experimental, and the names
of annotations or the algorithm may be subject to change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188206 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Consumed.h
|
| ac7cc2d37e82181e73fcc265c1d0a619d18b7605 |
19-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Include analysis stack in crash traces.
Sample output:
0. Program arguments: ...
1. <eof> parser at end of file
2. While analyzing stack:
#0 void inlined()
#1 void test()
3. crash-trace.c:6:3: Error evaluating statement
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186639 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 09d19efaa147762f84aed55efa7930bb3616a4e5 |
04-Jul-2013 |
Craig Topper <craig.topper@gmail.com> |
Use SmallVectorImpl instead of SmallVector for iterators and references to avoid specifying the vector size unnecessarily.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185610 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| eb7c6f3c49b4b3c2b01aeeed54bf5915fbf9b021 |
26-Jun-2013 |
Aaron Ballman <aaron@aaronballman.com> |
Updating the same comment in a different file, again for links. No functional change intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185014 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 49a246f4fad959888bb0164c624c3c2b03078e91 |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183449 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| bb518991ce4298d8662235fc8cb13813f011c18d |
18-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer; alternate edges] improve support for edges with PseudoObjectExprs."
Ted and I spent a long time discussing this today and found out that neither
the existing code nor the new code was doing what either of us thought it
was, which is never good. The good news is we found a much simpler way to
fix the motivating test case (an ObjCSubscriptExpr).
This reverts r182083, but pieces of it will come back in subsequent commits.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182185 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| e9aae62e8bca3abfc1dc36f67845444291171e13 |
17-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer; alternate edges] improve support for edges with PseudoObjectExprs.
This optimizes some spurious edges resulting from PseudoObjectExprs.
This required far more changes than I anticipated. The current
ParentMap does not record any hierarchy information between
a PseudoObjectExpr and its *semantic* expressions that may be
wrapped in OpaqueValueExprs, which are the expressions actually
laid out in the CFG. This means the arrow pruning logic could
not map from an expression to its containing PseudoObjectExprs.
To solve this, this patch adds a variant of ParentMap that
returns the "semantic" parentage of expressions (essentially
as they are viewed by the CFG). This alternate ParentMap is then
used by the arrow reducing logic to identify edges into pseudo
object expressions, and then eliminate them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182083 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| d049b40ef411eee12a735233dbe04fdc42c67e1a |
16-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
Remove unused, awkward CFGStmtVisitor and subclasses.
This class is a StmtVisitor that distinguishes between block-level and
non-block-level statements in a CFG. However, it does so using a hard-coded
idea of which statements might be block-level, which probably isn't accurate
anymore. The only implementer of the CFGStmtVisitor hierarchy was the
analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG
anyway (every non-trivial statement is a block-level statement).
This also allows us to remove the block-expr map ("BlkExprMap"), which
mapped statements to positions in the CFG. Apart from having a helper type
that really should have just been Optional<unsigned>, it was only being
used to ask /if/ a particular expression was block-level, for traversal
purposes in CFGStmtVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181945 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
upport/BlkExprDeclBitVector.h
isitors/CFGRecStmtDeclVisitor.h
isitors/CFGRecStmtVisitor.h
isitors/CFGStmtVisitor.h
|
| 7247c88d1e41514a41085f83ebf03dd5220e054a |
15-May-2013 |
David Blaikie <dblaikie@gmail.com> |
Use only explicit bool conversion operator
The most common (non-buggy) case are where such objects are used as
return expressions in bool-returning functions or as boolean function
arguments. In those cases I've used (& added if necessary) a named
function to provide the equivalent (or sometimes negative, depending on
convenient wording) test.
DiagnosticBuilder kept its implicit conversion operator owing to the
prevalent use of it in return statements.
One bug was found in ExprConstant.cpp involving a comparison of two
PointerUnions (PointerUnion did not previously have an operator==, so
instead both operands were converted to bool & then compared). A test
is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix
(adding operator== to PointerUnion in LLVM).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181869 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
FG.h
|
| 610f79cbab4d752349b5c81a94682a6a82b102e7 |
05-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Show path diagnostic for C++ initializers
Also had to modify the PostInitializer ProgramLocation to contain the field region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178826 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 75f8bd01319000b3e1438847505302670514759d |
30-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add debug helper LocationContext::dumpStack().
Sample output:
#0 void construct(pointer __p, llvm::ImutAVLTree<llvm::ImutContainerInfo<clang::ento::BugType *> > *const &__val)
#1 void push_back(const value_type &__x)
#2 void destroy()
#3 void release()
#4 void ~ImmutableSet()
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178400 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 02a88c3edf1aeb9580e0b6e444b30c52846a673c |
29-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add configuration plumbing to enable static initializer branching in the CFG for the analyzer.
This setting still isn't enabled yet in the analyzer. This is
just prep work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178317 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| fbd4b5dc7febd1d8b4fa64ab00a29d72b44bec7b |
28-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add CFG logic to create a conditional branch for modeling static initializers.
This is an optional variant of the CFG. This allows analyses to model whether
or not a static initializer has run, e.g.:
static Foo x = bar();
For basic dataflow analysis in Sema we will just assume that the initializer
always runs. For the static analyzer we can use this branch to accurately
track whether or not initializers are on.
This patch just adds the (opt-in) functionality to the CFG. The
static analyzer still needs to be modified to adopt this feature.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178263 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 94cf910ac2d1719c1dfc163bbec3953f12efdf6f |
28-Mar-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
These are all simple pointer wrappers. Pass them by value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178247 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| e81fdb1fdde48d3fa18df56c5797f6b0bc5dfc4a |
27-Mar-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Cleanup clang's specializations of simplify_type.
Now that the basic implementation in llvm has been fixed, simplify the
specializations in clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178173 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 1aa4f5019164592643bf46b7d61f15b6ef509c8e |
22-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix ExprEngine::ViewGraph to handle C++ initializers.
Debugging aid only, no functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177762 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| b07805485c603be3d8011f72611465324c9e664b |
23-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Remove the CFGElement "Invalid" state.
Use Optional<CFG*> where invalid states were needed previously. In the one case
where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy
CFGAutomaticObjDtor.
Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek
and Doug Gregor.
Post commit code review feedback on r175796 by Ted Kremenek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175938 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
rogramPoint.h
|
| 3c16431cb973079d178338833dafd6b483bf8c8d |
22-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Fix copy/paste to refer to the relevant type (ProgramPoint instead of TypeLoc).
Post commit review feedback on r175812 from Jordan Rose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175825 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 7a95de68c093991047ed8d339479ccad51b88663 |
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace ProgramPoint llvm::cast support to be well-defined.
See r175462 for another example/more details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| fdf6a279c9a75c778eba382d9a156697092982a1 |
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace CFGElement llvm::cast support to be well-defined.
See r175462 for another example/more details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175796 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| dc84cd5efdd3430efb22546b4ac656aa0540b210 |
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 959dc8475fc20ce8c3fd55021cb9f02a531cddc5 |
16-Feb-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Use trailing documentation comments properly
Patch by Alexander Zinenko.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175376 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 12e0c13819f09162aa8ff1036351be4f97839cae |
16-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
libAnalysis: Add a case for TypeAliasDecl in CFGRecStmtDeclVisitor.
Neither of the current clients of CFGRecStmtDeclVisitor are doing
anything with typedefs, so I assume type aliases (C++11 "using")
can be safely ignored. This was causing assertion failures in
the analyzer.
<rdar://problem/13228440>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175335 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 087f40702fd00898fbb66d765d1143fd944c0485 |
05-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix typo, better doxygen as per Jordan's feedback.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174434 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 453cb859a3c8dcafe79ae840dfc35ff8eae1b4b3 |
02-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Always inline functions with bodies generated by BodyFarm.
Inlining these functions is essential for correctness. We often have
cases where we do not inline calls. For example, the shallow mode and
when reanalyzing previously inlined ObjC methods as top level.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174245 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| cfa88f893915ceb8ae4ce2f17c46c24a4d67502f |
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
nalyses/UninitializedValues.h
allGraph.h
rogramPoint.h
|
| 9946fc735d7285f2195f89635370f534afd9877e |
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Add missing includes and forward declarations so that headers don't depend on
other headers included before them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172320 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| 3b844ba7d5be205a9b4f5f0b0d1b7978977f4b8c |
02-Jan-2013 |
Chandler Carruth <chandlerc@gmail.com> |
Rewrite #includes for llvm/Foo.h to llvm/IR/Foo.h as appropriate to
reflect the migration in r171366.
Re-sort the #include lines to reflect the new paths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171369 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
|
| bd80231672a7418aa1a99d3dbbe1774205c88f74 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-apply r170826 and make the dumping of the GallGraph
deterministic.
Commit message for r170826:
[analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170906 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 6d42f4d8b8a176336a8c49ec3cf5f7fb6545ccfd |
21-Dec-2012 |
Rafael Espindola <rafael.espindola@gmail.com> |
Revert r170826. The output of
./bin/clang -cc1 -internal-isystem /home/espindola/llvm/build/lib/clang/3.3/include/ -analyze -analyzer-checker=debug.DumpCallGraph /home/espindola/llvm/clang/test/Analysis/debug-CallGraph.c -fblocks
changes in each run.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170829 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| e34e1939ad67576293b2b205b2169488cc6b3b14 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170826 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 4f858dfd42c89b67200dac0afc228a0baa323691 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add blocks and ObjC messages to the call graph.
This paves the road for constructing a better function dependency graph.
If we analyze a function before the functions it calls and inlines,
there is more opportunity for optimization.
Note, we add call edges to the called methods that correspond to
function definitions (declarations with bodies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170825 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| fb4afc2fc659faff43a6df4c1d0e07df9c90479d |
05-Dec-2012 |
DeLesley Hutchins <delesley@google.com> |
Thread safety analysis: Add a new "beta" warning flag: -Wthread-safety-beta.
As the analysis improves, it will continue to add new warnings that are
potentially disruptive to existing users. From now on, such warnings will
first be introduced under the "beta" flag. Such warnings are not turned on by
default; their purpose is to allow users to test their code against future
planned changes, before those changes are actually made. After a suitable
migration period, beta warnings will be folded into the standard
-Wthread-safety.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169338 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 30a2e16f6c27f888dd11eba6bbbae1e980078fcb |
04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort #include lines for all files under include/...
This is a simpler sort, entirely automatic with the help of
llvm/utils/sort_includes.py -- no manual edits here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169238 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
nalyses/LiveVariables.h
nalysisContext.h
FG.h
lowSensitive/DataflowSolver.h
rogramPoint.h
upport/BlkExprDeclBitVector.h
upport/BumpVector.h
isitors/CFGRecStmtDeclVisitor.h
|
| 683b70c70dc47532af1215e4b1566de9d47a3be5 |
30-Nov-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Update to reflect the change of macro name in r168993.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168994 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| dcd42fbb418cf662c136cb035e235a44b58ad91e |
30-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
Use the new LLVM_LVALUE_FUNCTION to ban two getAs() calls on rvalues.
If 'x' is a temporary, x.getAs<Foo>() may not be safe if the result is
supposed to persist (if its address is stored somewhere). Since getAs()
can return a null value, the result is almost always stored into a
variable, which of course is not safe when the original value dies.
This has caused several bugs with GCC's "Temporaries May Vanish Sooner Than
You Expect" optimization; in C++11 builds, at least, we'll be able to catch
these problems now.
I would suggest applying these to other getAs() and get*As() methods
(castAs is "better" because sometimes the result is used directly, which
means the temporary will still be live), but these two have both caused
trouble in the analyzer in the past.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168967 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fec |
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] add LocationContext::inTopFrame() helper.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167351 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| b43d87b0646aa04951056c7e0d1ab9a58eb09f66 |
12-Oct-2012 |
Sean Silva <silvas@purdue.edu> |
Remove pointless classof()'s.
Updates to llvm/Support/Casting.h have rendered these classof()'s
irrelevant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165770 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
rogramPoint.h
|
| f3477c13eeaf11b32a41f181398fb5deffd0dd73 |
27-Sep-2012 |
Sylvestre Ledru <sylvestre@debian.org> |
Revert 'Fix a typo 'iff' => 'if''. iff is an abreviation of if and only if. See: http://en.wikipedia.org/wiki/If_and_only_if Commit 164766
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164769 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 94ff8e1f57c6382d91d0de981a4f311509d83e37 |
27-Sep-2012 |
Sylvestre Ledru <sylvestre@debian.org> |
Fix a typo 'iff' => 'if'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164766 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| ddc0c4814788dda4ef224cd4d22d07154a6ede49 |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Simplify getRuntimeDefinition() back to taking no arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| a43df9539644bf1c258e12710cd69d79b0b078cd |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement faux-body-synthesis of well-known functions in the static analyzer when
their implementations are unavailable. Start by simulating dispatch_sync().
This change is largely a bunch of plumbing around something very simple. We
use AnalysisDeclContext to conjure up a fake function body (using the
current ASTContext) when one does not exist. This is controlled
under the analyzer-config option "faux-bodies", which is off by default.
The plumbing in this patch is largely to pass the necessary machinery
around. CallEvent needs the AnalysisDeclContextManager to get
the function definition, as one may get conjured up lazily.
BugReporter and PathDiagnosticLocation needed to be relaxed to handle
invalid locations, as the conjured body has no real source locations.
We do some primitive recovery in diagnostic generation to generate
some reasonable locations (for arrows and events), but it can be
improved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 445895a97ae3f1d7bad3480839d31ed3ebcc9c83 |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Constify method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164338 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| cca300a91966df70c9c320e477a3c26ba622673d |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Ensure that the Decl* wrapped by an AnalysisDeclContext cannot be changed after
construction.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164337 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 20255039eb5844cd4301eda798032a638f765b2b |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove unused fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164336 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 670941c28c0683ecc251dafdf093a71629625dc9 |
13-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Format strings: offer a fixit for Darwin's %D/%U/%O to ISO %d/%u/%o.
<rdar://problem/12061922>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163772 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 275b6f52c7bcafc1f3cf291813b5c60ee776965a |
13-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Format strings: %D, %U, and %O are valid on Darwin (same as %d, %u, %o).
These will warn under -Wformat-non-iso, and will still be rejected
outright on other platforms.
<rdar://problem/12061922>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163771 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 4ef19205b6912316296db74a9073ad6fa60e4cca |
13-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Refactor logic in ExprEngine for detecting 'noreturn' methods
in NSException to a helper object in libAnalysis that can also
be used by Sema. Not sure if the predicate name 'isImplicitNoReturn'
is the best one, but we can massage that later.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163759 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/ObjCNoReturn.h
|
| 3f0ec5209726641782468bd4c7597e79dda78b15 |
10-Sep-2012 |
DeLesley Hutchins <delesley@google.com> |
Thread-safety analysis: differentiate between two forms of analysis; a precise
analysis that may give false positives because it is confused by aliasing, and
a less precise analysis that has fewer false positives, but may have false
negatives. The more precise warnings are enabled by -Wthread-safety-precise.
An additional note clarify the warnings in the precise case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163537 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 8be066e6733364cd34f25c4f7b7344f72aa23369 |
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Format strings: suggest %lld instead of %qd and %Ld with -Wformat-non-iso.
As a corollary to the previous commit, even when an extension is
available, we can still offer a fixit to the standard modifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163453 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| bbb6bb4952b77e57b842b4d3096848123ae690e7 |
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Format strings: %Ld isn't available on Darwin or Windows.
This seems to be a GNU libc extension; we offer a fixit to %lld on
these platforms.
<rdar://problem/11518237>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163452 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 1edeed3b0fe01fb07a769bd1acc2ce2dc9ec431d |
07-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Assert that StmtPoint should be created with a non-null Stmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163358 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 5a1ffe98b04120846a15f7105905b5f363b08635 |
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always include destructors in the analysis CFG.
While destructors will continue to not be inlined (unless the analyzer
config option 'c++-inlining' is set to 'destructors'), leaving them out
of the CFG is an incomplete model of the behavior of an object, and
can cause false positive warnings (like PR13751, now working).
Destructors for temporaries are still not on by default, since
(a) we haven't actually checked this code to be sure it's fully correct
(in particular, we probably need to be very careful with regard to
lifetime-extension when a temporary is bound to a reference,
C++11 [class.temporary]p5), and
(b) ExprEngine doesn't actually do anything when it sees a temporary
destructor in the CFG -- not even invalidate the object region.
To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer
config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which
controlled all implicit destructors, has been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| 80de487e03dd0f44e4572e2122ebc1aa6a3961f5 |
29-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improved diagnostic pruning for calls initializing values.
This heuristic addresses the case when a pointer (or ref) is passed
to a function, which initializes the variable (or sets it to something
other than '0'). On the branch where the inlined function does not
set the value, we report use of undefined value (or NULL pointer
dereference). The access happens in the caller and the path
through the callee would get pruned away with regular path pruning. To
solve this issue, we previously disabled diagnostic pruning completely
on undefined and null pointer dereference checks, which entailed very
verbose diagnostics in most cases. Furthermore, not all of the
undef value checks had the diagnostic pruning disabled.
This patch implements the following heuristic: if we pass a pointer (or
ref) to the region (on which the error is reported) into a function and
it's value is either undef or 'NULL' (and is a pointer), do not prune
the function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 58e1e54476d610d6c33ef483f216ed8a1282d35c |
07-Aug-2012 |
Hans Wennborg <hans@hanshq.net> |
Remove ScanfArgType and bake that logic into ArgType.
This is useful for example for %n in printf, which expects
a pointer to int with the same logic for checking as %d
would have in scanf.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161407 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| f3749f4168c5cee59627a681ca4ca6e4116d0761 |
07-Aug-2012 |
Hans Wennborg <hans@hanshq.net> |
Rename analyze_format_string::ArgTypeResult to ArgType
Also remove redundant constructors and unused member functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161403 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 4684778993c667246039b4664acbce59dc99440c |
27-Jul-2012 |
Hans Wennborg <hans@hanshq.net> |
Make -Wformat walk the typedef chain when looking for size_t, etc.
Clang's -Wformat fix-its currently suggest using "%zu" for values of
type size_t (in C99 or C++11 mode). However, for a type such as
std::vector<T>::size_type, it does not notice that type is actually
typedeffed to size_t, and instead suggests a format for the underlying
type, such as "%lu" or "%u".
This commit makes the format string fix mechanism walk the typedef chain
so that it notices if the type is size_t, even if that isn't "at the
top".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160886 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 852aa0d2c5d2d1faf2d77b5aa3c0848068a342c5 |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPoints
These ProgramPoints are used in inlining calls,
and not all calls have associated statements anymore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 28038f33aa2db4833881fea757a1f0daf85ac02b |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.
These are currently unused, but are intended to be used in lieu of PreStmt
and PostStmt when the call is implicit (e.g. an automatic object destructor).
This also modifies the Data1 field of ProgramPoints to allow storing any
pointer-sized value, as opposed to only aligned pointers. This is necessary
to store SourceLocations.
There is currently no BugReporter support for these; they should be skipped
over in any diagnostic output.
This commit also tags checkers that currently rely on function calls only
occurring at StmtPoints.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 879a4334e4c4cab0c22ba91492ffc2838bbc21fc |
03-Jul-2012 |
DeLesley Hutchins <delesley@google.com> |
Thread safety analysis: fixed incorrect error message at the end of a locks_required function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159607 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 24388333364be0ce9d04a07fa9895baeeff78bda |
21-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not step into statements while collecting function decls.
CallGraph's recursive visitor only needs to collect declarations; their
bodies will be processed later on. RecursiveASTVisitor will recurse on
the bodies if the definition is provided along with declaration.
Optimize, by not recursing on any of the statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158934 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| e2c9238d7b53fdfd99e724ce50de9197a23727fa |
20-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not walk the types for call graph construction.
Similar to r156661. This should be beneficial performance wise and
hopefully, resolve a RecursiveASTVisitor crash that we are seeing in the
wild, but are incapable of reproducing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158851 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| edd6d40770c9010883307b195acea6e9d732263a |
15-Jun-2012 |
James Dennett <jdennett@google.com> |
Documentation cleanup: fix \params to match the code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158506 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 681ab8998793899076bae9cd6383a5d78b8ee1ac |
09-Jun-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Replace constant-sized BitVector with std::bitset.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158270 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 41c2bcff88a23a046ee8d71451bc03717a4248f6 |
07-Jun-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Fix many doxygen formatting errors.
This patch affects docs only, and includes formatting changes only
(though those include some fixes for broken Doxygen markup that caused
some content to be missing from generated pages). It avoids generating
many spurious pages such as
http://clang.llvm.org/doxygen/classRepresents.html, but likely not all
yet.
Patch by James Dennett.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158155 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
rogramPoint.h
|
| 7fa9b4f258636d89342eda28f21a986c8ac353b1 |
01-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: add inlining support for directly called blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 2815e1a075c74143a0b60a632090ece1dffa5c7c |
25-May-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Split a chunk of -Wconditional-uninitialized warnings out into a separate flag,
-Wsometimes-uninitialized. This detects cases where an explicitly-written branch
inevitably leads to an uninitialized variable use (so either the branch is dead
code or there is an uninitialized use bug).
This chunk of warnings tentatively lives within -Wuninitialized, in order to
give it more visibility to existing Clang users.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157458 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| 671e3bc1a16562902c0e6efc157b519977c299a8 |
19-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] c++11: do not crash on namespace alias
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157089 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 51a31ca9a9903ecba1b25bc0989f62e1e2bebb4c |
07-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r155244: PurgeDeadSymbols should subclass StmtPoint
To solve the inconsistency pointed out in Erik's review, refactor class
hierarchy of ProgramPoints so that PreStmtPurgeDeadSymbols and
PostStmtPurgeDeadSymbols both subclass from StmtPoint instead of
PostStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156315 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| d39d23e610c2a7815515d60c5a538d65d05e8bdc |
03-May-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Fix a couple of cases of (innocuous) unmarked fallthrough. At least one of these
was unintentional. Found by -Wimplicit-fallthrough, patch by Alexander Kornienko!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156082 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 298038352b34c5503db418201f3ddea6e56fd0e1 |
30-Apr-2012 |
David Blaikie <dblaikie@gmail.com> |
Correct CFGBlock's front() and back() to return by const ref rather than value.
This ought to fix PR11926, a crash when when running Clang built with GCC 4.7
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155805 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| d200187bd27f9ad68699693a6e57f9ee3ff260fa |
28-Apr-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove references to idx::TranslationUnit. Index is dead, cross-TU inlining never panned out.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155751 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 0b3ade86a1c60cf0c7b56aa238aff458eb7f5974 |
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead bindings right before leaving a function.
This is needed to ensure that we always report issues in the correct
function. For example, leaks are identified when we call remove dead
bindings. In order to make sure we report a callee's leak in the callee,
we have to run the operation in the callee's context.
This change required quite a bit of infrastructure work since:
- We used to only run remove dead bindings before a given statement;
here we need to run it after the last statement in the function. For
this, we added additional Program Point and special mode in the
SymbolReaper to remove all symbols in context lower than the current
one.
- The call exit operation turned into a sequence of nodes, which are
now guarded by CallExitBegin and CallExitEnd nodes for clarity and
convenience.
(Sorry for the long diff.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 6403683411dac55afbe3435ceb19033e27cd9f96 |
18-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix bad typo reported by I-Jui Sung.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154986 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 6a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3 |
13-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] PCH deserialization optimization.
We should not deserialize unused declarations from the PCH file. Achieve
this by storing the top level declarations during parsing
(HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call
graph only for those.
Tested the patch on a sample ObjC file that uses PCH. With the patch,
the analyzes is 17.5% faster and clang consumes 40% less memory.
Got about 10% overall build/analyzes time decrease on a large Objective
C project.
A bit of CallGraph refactoring/cleanup as well..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| c8443e592dbab65cd06ddea9fad6c6f049a08942 |
03-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework ProgramPoint to bit-mangle the 'Kind' into both Data pointers and the LocationContext. After switching to PointerIntPair, it didn't look like a safe assumption to use the lower 3 bits of the LocationContext* field. Thanks to Jordy Rose and Benjamin Kramer for their feedback.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153933 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| f30c0a97d9addc72a4928b8bb2039b2b464e1f94 |
02-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Reduce static analyzer memory usage by about 4% by packing the ProgramPoing 'Kind' field into the spare bits of other fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153898 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 5903a373db3d27794c90b25687e0dd6adb0e497d |
27-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to re-analyze a dead-end path without inlining.
The analyzer gives up path exploration under certain conditions. For
example, when the same basic block has been visited more than 4 times.
With inlining turned on, this could lead to decrease in code coverage.
Specifically, if we give up inside the inlined function, the rest of
parent's basic blocks will not get analyzed.
This commit introduces an option to enable re-run along the failed path,
in which we do not inline the last inlined call site. This is done by
enqueueing the node before the processing of the inlined call site
with a special policy encoded in the state. The policy tells us not to
inline the call site along the path.
This lead to ~10% increase in the number of paths analyzed. Even though
we expected a much greater coverage improvement.
The option is turned off by default for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 5aac0b6ae95f137b1783f3e6227241fb457b8f8b |
22-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix static analyzer crash on code taking the address of a field. Fixes PR 11146.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153283 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19 |
21-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: Utter the name of the leaked variable.
Specifically, we use the last store of the leaked symbol in the leak diagnostic.
(No support for struct fields since the malloc checker doesn't track those
yet.)
+ Infrastructure to track the regions used in store evaluations.
This approach is more precise than iterating the store to
obtain the region bound to the symbol, which is used in RetainCount
checker. The region corresponds to what is uttered in the code in the
last store and we do not rely on the store implementation to support
this functionality.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 44b8e4652d8e20c1e6611b35803e47b4a013b6c2 |
17-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
Kill cocoa::deriveNamingConvention and cocoa::followsFundamentalRule. They are now just simple wrappers around method families, and method decls can cache method family lookups. Also, no one is using them right now.
The one difference between ObjCMethodDecl::getMethodFamily and Selector::getMethodFamily is that the former will do some additional sanity checking, and since CoreFoundation types don't look like Objective-C objects, an otherwise interesting method will get a method family of OMF_None. Future clients that use method families should consider how they want to handle CF types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153000 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| a2e589e60d147f4f04cee5682b8389b55c410244 |
13-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor CallGraph to use Recursive AST visitor when
collecting function Decls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152651 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| a5d531f67de0cfeb56b843da15146f3b4cd75bd9 |
09-Mar-2012 |
Anna Zaks <ganna@apple.com> |
CallGraph: Add getNode() method, constify.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152439 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| f85626453123f9691bcef13cff963f556e209c27 |
09-Mar-2012 |
Hans Wennborg <hans@hanshq.net> |
-Wformat-non-iso: warn about positional arguments (pr12017)
This renames the -Wformat-non-standard flag to -Wformat-non-iso,
rewords the current warnings a bit (pointing out that a format string
is not supported by ISO C rather than being "non standard"),
and adds a warning about positional arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152403 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 196b8cfe9cfcc452eb2f83aa4ad330c2324f8c7d |
08-Mar-2012 |
Anna Zaks <ganna@apple.com> |
Add a basic CallGraph to Analysis.
The final graph contains a single root node, which is a parent of all externally available functions(and 'main'). As well as a list of Parentless/Unreachable functions, which are either truly unreachable or are unreachable due to our analyses imprecision.
The analyzer checkers debug.DumpCallGraph or debug.ViewGraph can be used to look at the produced graph.
Currently, the graph is not very precise, for example, it entirely skips edges resulted from ObjC method calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152272 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| d45d361f2ce5c37824052357e2218e8a5509eba5 |
27-Feb-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h"
to make it more widely available.
Depends on llvm commit r151564
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151566 91177308-0d34-0410-b5e6-96231b3b80d8
upport/SaveAndRestore.h
|
| 76517426dc8bf7734c07eefc35171a6bfdba1a2b |
22-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Warn about non-standard format strings (pr12017)
This adds the -Wformat-non-standard flag (off by default,
enabled by -pedantic), which warns about non-standard
things in format strings (such as the 'q' length modifier,
the 'S' conversion specifier, etc.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151154 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| a76879eb4c75dbd9ec671558f0b8b79a28d4d747 |
16-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Tweak the comment on the 'q' length modifier again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150716 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 3c15c439f4f86189915f7f985db4d172b3d843db |
16-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Update comment as per Joerg's comment on r150697.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150711 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 32addd519c6699000ff79c387a1c87f0ab7c3698 |
16-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Format string analysis: give 'q' its own enumerator.
This is in preparation for being able to warn about 'q' and other
non-standard format string features.
It also allows us to print its name correctly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150697 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| be6126a2a784e1446460b8d15c2b26f880c871fc |
15-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Make -Wformat fix-its preserve original conversion specifiers.
This commit makes PrintfSpecifier::fixType() and ScanfSpecifier::fixType()
only fix a conversion specification enough that Clang wouldn't warn about it,
as opposed to always changing it to use the "canonical" conversion specifier.
(PR11975)
This preserves the user's choice of conversion specifier in cases like:
printf("%a", (long double)1);
where we previously suggested "%Lf", we now suggest "%La"
printf("%x", (long)1);
where we previously suggested "%ld", we now suggest "%lx".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150578 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 4ee01ef7bd170b6f3f3f71882b407cd6408c5b1e |
13-Feb-2012 |
Hans Wennborg <hans@hanshq.net> |
Fix typo in PrintfConversionSpecifier::isDoubleArg()
This makes the printf diagnostics issue warnigns for %a, %A, %e, etc.
when used with the wrong argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150370 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| f94d392847fb183b3012dbcb2e372b586c80b9fb |
09-Feb-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Kill the brief and full explanation fields from StaticDiagInfoRec. They were unused and wasted space for nothing.
- per PR11952.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150199 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 6f42b62b6194f53bcbc349f5d17388e1936535d7 |
05-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
Basic: import OwningPtr<> into clang namespace
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 2e5156274b8051217565b557bfa14c80f7990e9c |
03-Feb-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Thread safety analysis:
* When we detect that a CFG block has inconsistent lock sets, point the
diagnostic at the location where we found the inconsistency, and point a note
at somewhere the inconsistently-locked mutex was locked.
* Fix the wording of the normal (non-loop, non-end-of-function) case of this
diagnostic to not suggest that the mutex is going out of scope.
* Fix the diagnostic emission code to keep a warning and its note together when
sorting the diagnostics into source location order.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149669 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 339b9072e26a2a0fe796dc69c4d28d964d0ec86d |
31-Jan-2012 |
Nico Weber <nicolasweber@gmx.de> |
Let %S, %ls, %C match 16bit types in NSStrings.
As discussed at http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20120130/052200.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149325 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 37969b7e14d6a4dfd934ef6d3738cc90b832ec1d |
12-Jan-2012 |
Hans Wennborg <hans@hanshq.net> |
scanf: parse the 'm' length modifier, and check that the right arguments
are used with that and the 'a' length modifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148029 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 375bb1413c041055262c8a416f20d10474a5eda9 |
27-Dec-2011 |
Douglas Gregor <dgregor@apple.com> |
Eliminate ObjCClassDecl, which is redundant now that ObjCInterfaceDecl
covers both declarations (@class) and definitions (@interface) of an
Objective-C class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147299 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 682060c5d95f6e4f79536013781ab0870cdd3850 |
23-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Colorize and condense CFG pretty-printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147203 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| 15ce164836472bfba88b30e53aa3f6ac0fb8a95d |
22-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Enhance AnalysisDeclContext::getReferencedBlockVars() to understand PseudoObjExprs. It turns out
that the information collected by this method is a super set of the captured variables in BlockDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147122 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 99ba9e3bd70671f3441fb974895f226a83ce0e66 |
20-Dec-2011 |
David Blaikie <dblaikie@gmail.com> |
Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
nalyses/LiveVariables.h
nalyses/PostOrderCFGView.h
nalyses/ReachableCode.h
|
| d02deebce5f1b283101e035a7f5d5bab0d2068ec |
15-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Support the 'a' length modifier in scanf format strings as a C90
extension.
This fixes gcc.dg/format/c90-scanf-3.c and ext-4.c (test for excess
errors).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146649 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 6fcd932dfd6835f70cc00d6f7c6789793f6d7b66 |
10-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Check that arguments to a scanf call match the format specifier,
and offer fixits when there is a mismatch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146326 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| f4f0c6095d1f481b94c6821c65e3bf1c9df42af7 |
09-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Make printf warnings refer to wint_t and wchar_t by name
in addition to underlying type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146254 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| a792aff1c7de253b89c473fdb7eef4a5bba83aec |
07-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Make printf warnings refer to intmax_t et al. by name
in addition to underlying type.
For example, the warning for printf("%zu", 42.0);
changes from "conversion specifies type 'unsigned long'" to "conversion
specifies type 'size_t' (aka 'unsigned long')"
(This is a second attempt after r145697, which got reverted.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146032 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 02f34c5003b2c5067675f89ffce0a84c28faf722 |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rely on LLVM Dominators in Clang dominator computation.
(Previously, Clang used it's implementation of dominators.)
The patch is contributed by Guoping Long!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145858 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
FG.h
|
| 687b5df89d4ba91219df578d02087c68c09a0332 |
03-Dec-2011 |
Nick Lewycky <nicholas@mxc.ca> |
Revert r145697 and dependent patch r145702. It added a dependency from
lib/Analysis to lib/Sema which is cyclical.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145724 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 5fdc1b993dcb01e8a994fdacfc4eb089832c82e3 |
02-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Make conversion specifier warning refer to typedef if possible.
For example, the warning for printf("%zu", 42.0);
changes from "conversion specifies type 'unsigned long'" to "conversion
specifies type 'size_t' (aka 'unsigned long')"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145697 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| ba243b59a1074e0962f6abfa3bb9aa984eac1245 |
09-Nov-2011 |
David Blaikie <dblaikie@gmail.com> |
Fixing 80 col violations (& removing any trailing whitespace on files I was touching anyway)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144171 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
nalyses/FormatString.h
nalyses/PostOrderCFGView.h
nalyses/ThreadSafety.h
nalyses/UninitializedValues.h
nalysisContext.h
FG.h
|
| 790c372f38bcc85927feae107d1e0bacae5dfbc1 |
09-Nov-2011 |
Devang Patel <dpatel@apple.com> |
Remove extra ';'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144155 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
|
| 6ca4a9ae99d65948e578d3e7d1f58ab6a947d2d7 |
25-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak printf format string parsing to accept 'hh' conversion specifier to accept any char, not just signed char. Fixes <rdar://problem/10303638>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142908 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 42edac0092749eff3ba881d1b9a425b4f1c9c049 |
25-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove extra copy of contents of header file resulting in a patch being applied twice. Aren't include guards great?
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142905 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
|
| 58f6f1e37ab32fdd0c8bab6771d8e09bc139e9ed |
25-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Add source-level dominators analysis. Patch by Guoping Long!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142885 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/Dominators.h
|
| 1d26f48dc2eea1c07431ca1519d7034a21b9bcff |
24-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalyses/PostOrderCFGView.h
nalyses/ReachableCode.h
nalyses/ThreadSafety.h
nalyses/UninitializedValues.h
nalysisContext.h
rogramPoint.h
|
| b1b5daf30d2597e066936772bd206500232d7d65 |
23-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove LocationContext creation methods from AnalysisManager, and change clients to use AnalysisContext instead.
WIP to remove/reduce ExprEngine's usage of AnalysisManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142739 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 439ed1656664b29841f70b6c0b91460534ff4d93 |
22-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Refactor ThreadSafety to use PostOrderCFGView instead of its own copy (of TopologicallySortedCFG).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142714 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PostOrderCFGView.h
|
| edb186399e19d84c93f25440435ab9a695138e79 |
22-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Pull TopologicallySortedCFG out of LiveVariables into its own analysis: PostOrderCFGView.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142713 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PostOrderCFGView.h
|
| a7da2155167676a6a5d9fca4de947a9cab2a4908 |
18-Oct-2011 |
Hans Wennborg <hans@hanshq.net> |
Suggest %zu for size_t args to printf.
For PR11152. Make PrintSpecifier::fixType() suggest "%zu" for size_t, etc.
rather than looking at the underlying type and suggesting "%llu" or other
platform-specific length modifiers. Applies to C99 and C++11.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142342 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 9f80a97408ee0da939654d851ff42ad07d47e9c7 |
17-Oct-2011 |
DeLesley Hutchins <delesley@google.com> |
Substitute for arguments in method calls -- refactoring
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142260 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 9e7617220135a6f6226cf09cb242cc1b905aedb4 |
13-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak -Wuninitialized's handling of 'int x = x' to report that as the root cause of an uninitialized variable IFF there are other uses of that uninitialized variable. Fixes <rdar://problem/9259237>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141881 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| a5937bbfd19e61d651a58b0f0ffeef68457902a5 |
08-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove AnalysisContext::getLiveVariables(), and introduce a templatized mechanism to lazily create analyses that are attached to AnalysisContext objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141425 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalysisContext.h
|
| 63d3201619fdac284adfd3b9328562fa20a01c40 |
07-Oct-2011 |
Anna Zaks <ganna@apple.com> |
ProgramPoint cleanup after the previous commit r141408 (remove the copy constructor, mark withTag const).
Move getProgramPoint() utility from CoreEngine.cpp into ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141414 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| af42712cd8f548f15c700d49a7038ddb846aafa8 |
07-Oct-2011 |
Anna Zaks <ganna@apple.com> |
Add a copy constructor to ProgramPoint and pull withTag() method from a child. (withTag essentialy creates a copy with a given tag.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141408 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 7df2ff45f101c87398329d0ea23c1377328dca40 |
01-Oct-2011 |
John McCall <rjmccall@apple.com> |
Tweak the interface for analyzing the CF conventions for a name
to take a FunctionDecl* instead of an llvm::StringRef. Eventually
we might push more logic in there, like using slightly different
conventions for C++ methods.
Also, fix a bug where 'copy' and 'create' were being caught in
non-camel-cased strings. We want copyFoo and CopyFoo and XCopy
but not Xcopy or xcopy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140911 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| e4c6675cccbaac991843def43072687bca50d989 |
30-Sep-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when analyzing C++ code involving constant enums and switch statements (<rdar://problem/10202899>).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140844 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 2f041d0b12aa87f3345e5fb2e38fefba30c5bff3 |
29-Sep-2011 |
Ted Kremenek <kremenek@apple.com> |
Like IBOutletCollection, it only makes sense to apply the IBOutlet annotation to Objective-C object types. Fixes <rdar://problem/10142685>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140778 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 4213df3b5da21ce25a4541ca5c447eeb28b515a3 |
29-Sep-2011 |
Daniel Dunbar <daniel@zuster.org> |
Basic/Diagnostics: Split out the default warning "no-Werror" and
"show-in-system-header" bits, which is part of teasing them apart from the
diagnostic mapping kind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140742 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| b219cfc4d75f0a03630b7c4509ef791b7e97b2c8 |
23-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Switch assert(0/false) llvm_unreachable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140367 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
isitors/CFGRecStmtVisitor.h
|
| a2d7e6511a8767dc67381c210601b895a8ebae39 |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Constify a method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140091 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 4e4bc75d3570835e13183c66ac08974cdc016007 |
15-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread safety: refactoring various out of scope warnings to use the same inteface. This eliminates a lot of unnecessary duplicated code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139801 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| b50dd472cd6c8b13213626f13a928dbe41581f09 |
14-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread safety: small fixes in comments
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139733 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 19903465e960329c0d5d93327f4046d036b0bc75 |
14-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread safety: adding additional documentation to the main thread safety interface, and making the destructor for the thread safety handler pure virtual
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139722 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 83754162f698a5dafad93fb89be0953651a604d0 |
13-Sep-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Add a bit to the CFGBlock to track when it contains a no-return
CFGElement. This will allow greatly simplifying the logic in
-Wreturn-type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139593 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| c8cfc74bdcc999828bc232294d937fb191940d5b |
13-Sep-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Enhance the CFG construction to detect no-return destructors for
temporary objects and local variables. When detected, these split the
block, marking the new one as having only the exit block as a successor.
This prevents a large number of false positives in warnings sensitive to
no-return constructs such as -Wreturn-type, and fixes the remainder of
PR10063 along with several variations of this bug that had not been
reported. The test cases are extended across the board to cover these
patterns.
This also checks in a stress test for these types of CFGs. The stress
test declares some 32k variables, a mixture of no-return and normal
destructors. Previously, this resulted in roughly 2500 CFG blocks, but
didn't model any of the no-return destructors. With this patch, it
results in over 33k blocks, many of them now unreachable.
The nice thing about how the analyzer is set up? This causes *no*
regression in performance of building the CFG. It actually in some cases
makes it faster, as best I can benchmark. The analysis for -Wreturn-type
(and any other that cares about no-return code paths) is technically
slower now as it has to look at many more candidate blocks, but it
computes the correct answer. I have more test cases to follow, I think
they all work now. Also I have further work that should dramatically
simplify analyses in the presence of no-return.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139586 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| d5b16055782034ca90153880c36bd88b59c63aa0 |
10-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread safety: removing unnecessary import and reordering import list
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139426 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 99107ebc0a5aea953b736e12757e0919d5249d43 |
09-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread safety: This patch deals with previously unhandled cases when building lock expressions. We now resolve this expressions, avoid crashing when encountering cast expressions, and have a diagnostic for unresolved lock expressions
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139370 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 402aa0698fec81e574818a0a6c2000fac0b2c4c6 |
09-Sep-2011 |
Caitlin Sadowski <supertri@google.com> |
Thread Safety: Moving the analysis to a new file
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139369 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ThreadSafety.h
|
| 0f3b4ca1764cd6d457f511d340fba504f41763c3 |
24-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Start reworking -Wunreachable-code. The original analysis had serious flaws with how it
handled SCC's of dead code, or simply having false negatives by overly suppressing warnings.
WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138410 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ReachableCode.h
|
| f0e71aede7ccf3e311feac6a414c431f7a0fc3c8 |
24-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
CFG: record set of C++ 'try' dispatch blocks, which could be of interest to various analyses (e.g., reachability).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138409 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| f1d10d939739f1a4544926d807e4f0f9fb64be61 |
24-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Constify the result of CFGStmt::getStmt().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138408 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 86b39f20d5091ca3fdcbeb4a22766aaffdf6ac35 |
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove PostStmtCustom ProgramPoint. It can be represented using tagged PostStmts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137697 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 9c378f705405d37f49795d5e915989de774fe11f |
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalysisContext.h
FG.h
lowSensitive/DataflowSolver.h
lowSensitive/DataflowValues.h
rogramPoint.h
upport/BlkExprDeclBitVector.h
isitors/CFGRecStmtDeclVisitor.h
isitors/CFGRecStmtVisitor.h
isitors/CFGStmtVisitor.h
|
| 1ab69c513239596946286373e081b89fa3358612 |
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Document purpose of ProgramPointTag::getTagKind().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137530 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| ca804539d908d3a0e8c72a0df5f1f571d29490bb |
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.
Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 882998923889a2fcce9b49696506c499e22cf38f |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
FG.h
|
| bc5cb8a5fe2b88f917d47ceb58b53696a121e57e |
21-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135666 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| db999aad8a1b9dc265b2e627be334be6580a86a3 |
20-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
remove some now-redundant forward declarations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135578 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 8cc488fefb2fb04bc8d5398da29f0182f97934cf |
20-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
add raw_ostream and Twine to LLVM.h, eliminating a ton of llvm:: qualifications.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135577 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
FG.h
|
| 686775deca8b8685eb90801495880e3abdd844c2 |
20-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
now that we have a centralized place to do so, add some using declarations for
some common llvm types: stringref and smallvector. This cleans up the codebase
quite a bit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135576 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
omainSpecific/CocoaConventions.h
lowSensitive/DataflowSolver.h
|
| 74fb1a493cf5d2dd0fb51a4eadf74e85e10a3457 |
19-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Add hooks into the CFG builder to force that specific expressions are always CFGElements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135479 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| 0556048ae8ff743d0abb9fa88a0d0ee8e9123742 |
16-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Place checking for Core Foundation "Create" rule into a proper API. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135349 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 5d98994c7749312a43ce6adf45537979a98e7afd |
06-Jul-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Build up statistics about the work done for analysis based warnings.
Special detail is added for uninitialized variable analysis as this has
serious performance problems than need to be tracked.
Computing some of this data is expensive, for example walking the CFG to
determine its size. To avoid doing that unless the stats data is going
to be used, we thread a bit into the Sema object to track whether
detailed stats should be collected or not. This bit is used to avoid
computations whereever the computations are likely to be more expensive
than checking the state of the flag. Thus, counters are in some cases
unconditionally updated, but the more expensive (and less frequent)
aggregation steps are skipped.
With this patch, we're able to see that for 'gcc.c':
*** Analysis Based Warnings Stats:
232 functions analyzed (0 w/o CFGs).
7151 CFG blocks built.
30 average CFG blocks per function.
1167 max CFG blocks per function.
163 functions analyzed for uninitialiazed variables
640 variables analyzed.
3 average variables per function.
94 max variables per function.
96409 block visits.
591 average block visits per function.
61546 max block visits per function.
And for the reduced testcase in PR10183:
*** Analysis Based Warnings Stats:
98 functions analyzed (0 w/o CFGs).
8526 CFG blocks built.
87 average CFG blocks per function.
7277 max CFG blocks per function.
68 functions analyzed for uninitialiazed variables
1359 variables analyzed.
19 average variables per function.
1196 max variables per function.
2540494 block visits.
37360 average block visits per function.
2536495 max block visits per function.
That last number is the somewhat scary one that indicates the problem in
PR10183.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134494 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
nalysisContext.h
|
| 786dcd9dca76e3780fdb9642c0db33ed13db1187 |
06-Jul-2011 |
Douglas Gregor <dgregor@apple.com> |
Teach the static analyzer's interpretation of Cocoa conventions to
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134493 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 6970155edde8c79cf22824322470485434b8eb83 |
17-Jun-2011 |
Francois Pichet <pichet2000@gmail.com> |
Finish 2 sentences.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133214 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 3cda937d4c015ff6070f1117024621a452cfaddd |
28-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Add comment to CFGBlock suggested by Jiri Slaby.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130387 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 26517e4ffe7c2c366496feb02370ba24ab5ae8f5 |
28-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove unused method CFGBlock::hasBinaryBranchTerminator().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130336 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 7d2b8c1fcc2b707be78b09930a7767477822462f |
16-Apr-2011 |
Douglas Gregor <dgregor@apple.com> |
Initial work to improve documentation for Clang's diagnostics, from Matthieu Monrocq
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129614 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| ad762fcdc16b9e4705b12b09d92b8c026212b906 |
15-Apr-2011 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Add support for C++0x's range-based for loops, as specified by the C++11 draft standard (N3291).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129541 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| 8083414ee7cc8f5c807ed6a4e120fb4e0ab50ff8 |
03-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
Patch by Lei Zhang!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128784 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| af13d5b25b360e698cc1cf1055ad7d14e008e505 |
19-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.
This rename serves two purposes:
- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127930 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/CFGReachabilityAnalysis.h
nalysisContext.h
|
| f7bafc77ba12bb1beb665243a0334cd81e024728 |
15-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Split warnings from -Wuninitialized-experimental into "must-be-initialized" and "may-be-initialized" warnings, each controlled by different flags.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127666 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| 6f34213f8d6ae8c77685b53664527e39bfaaca3b |
15-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename UninitializedValuesV2 to UninitializedValues.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127657 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
nalyses/UninitializedValuesV2.h
|
| f3f5379f6da7f8f141a53e2945871a5aa5431e02 |
15-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove old UninitializedValues analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127656 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| 0d28d360b5559abda755e50b855ba5e59727d9cd |
10-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
When doing reachability analysis for warnings issued under DiagRuntimeBehavior, don't construct a ParentMap or CFGStmtMap.
Instead, create a small set of Stmt* -> CFGBlock* mappings during CFG construction for only the statements we care about
relating to the diagnostics we want to check for reachability.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127396 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| b8ad5ee345fa1fdd1fa9253f2d01f69becc88a04 |
10-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Rework interaction between AnalysisContext and CFG::BuildOptions to keep a BuildOptions object around instead of keeping a copy of the flags.
Moreover, change AnalysisContext to use an OwningPtr for created analysis objects instead
of directly managing them.
Finally, add a 'forcedBlkExprs' entry to CFG::BuildOptions that will be used by the
CFGBuilder to force specific expressions to be block-level expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127385 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| c5aff4497e5bfd7523e00b87560c1a5aa65136cc |
03-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach CFGImplicitDtor::getDestructorDecl() about arrays of objects with destructors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126910 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| c9f8f5a726bbb562e4b2d4b19d66e6202dcb2657 |
02-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Introduce CFGImplicitDtor::isNoReturn() to query whether a destructor actually returns. Use this for -Wreturn-type to prune false positives reported in PR 6884.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126875 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 85f3d76c0ecfdefcf83ea44a57b7a16119c8a045 |
02-Mar-2011 |
John McCall <rjmccall@apple.com> |
Move some of the logic about classifying Objective-C methods into
conventional categories into Basic and AST. Update the self-init checker
to use this logic; CFRefCountChecker is complicated enough that I didn't
want to touch it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126817 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 3c0349e87cdbd7316d06d2411d86ee1086e717a5 |
01-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126738 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
lowSensitive/DataflowSolver.h
|
| 42461eecee98fff3671b3c14ce10f1a9e18cc95c |
23-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Migrate CFGReachabilityAnalysis out of the IdempotentOperationsChecker and into its own analysis file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126289 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/CFGReachabilityAnalysis.h
nalysisContext.h
|
| 283a358aecb75e30fcd486f2206f6c03c5e7f11d |
23-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Have IdempotentOperationsChecker pull its CFGStmtMap from AnalysisContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126288 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| eaca05b81b30251d3f32af9a6a6567d8e01f7cb2 |
18-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Handle UsingDecl in CFGRecStmtDeclVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125814 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 56ca35d396d8692c384c785f9aeebcf22563fe1e |
17-Feb-2011 |
John McCall <rjmccall@apple.com> |
Change the representation of GNU ?: expressions to use a different expression
class and to bind the shared value using OpaqueValueExpr. This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait; or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.
Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.
This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here. In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.
I've tried to update the analyzer to deal with this in at least some
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125744 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| b8b07b171041561eb28024d5b4d07227c971c0f9 |
14-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Handle 'UsingDirective' in CFGRecStmtDeclVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125491 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 7502c1d3ce8bb97bcc4f7bebef507040bd93b26f |
13-Feb-2011 |
John McCall <rjmccall@apple.com> |
Give some convenient idiomatic accessors to Stmt::child_range and
Stmt::const_child_range, then make a bunch of places use them instead
of the individual iterator accessors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125450 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| 848ec83483ca4ba52ed72c7e29ebc330f8c87252 |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125415 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
lowSensitive/DataflowSolver.h
|
| 58465900ca10e53b8700a64e9265870de34e1aca |
09-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Make ProgramPoint::getTag() public.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125153 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 418df343bb50802586d20aae3b83e2eb44c6c828 |
27-Jan-2011 |
Douglas Gregor <dgregor@apple.com> |
Separate the access-control diagnostics from other diagnostics that do not have SFINAE behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124441 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| a8c17a5babab35f2db26bf218e7571d1af4afedf |
25-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach -Wuninitialized-experimental to also warn
about uninitialized variables captured by blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124213 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValuesV2.h
|
| 04eeba43040969c05cfcb563195ef5b199297b62 |
16-Jan-2011 |
Anders Carlsson <andersca@mac.com> |
Add AnalysisContext::dumpCFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123602 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 610068c8cd2321f90e147b12cf794e1f840b6405 |
15-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Add initial prototype for implementation of
-Wuninitialized based on CFG dataflow analysis. WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123512 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValuesV2.h
|
| 200fbc877d50da9e53b9aa272b70ca3538ce3a66 |
15-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Add const version if CFG::isBlkExpr().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123511 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 4bac726dadb09ee38bab8147f1e706380368b362 |
13-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove CheckerContext's dependence on setting
the node builder's "tag" ivar (which we would
like to remove).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123361 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 5078d46af381b27be1c7e3c3e0c517e4cf7cc064 |
11-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Add 'bool ignorePrefix' parameter to cocoa::deriveNamingConvention to control whether
the prefix should be ignored.
E.g. if ignorePrefix is true, "_init" and "init" selectors will both be result in InitRule, but if
ignorePrefix is false, only "init" will return InitRule.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123262 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| b6a2b08a6b3fbce1a6a4b69d4185165de970696c |
11-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove ProgramPoint parameter from GenericNodeBuilder::generateNode().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123240 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 26c9cb55cb96643c0759c08d037c16c309864087 |
10-Jan-2011 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123168 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| cbb67480094b3bcb5b715acd827cbad55e2a204c |
08-Jan-2011 |
Sean Hunt <scshunt@csclub.uwaterloo.ca> |
Renamed CXXBaseOrMemberInitializer to CXXCtorInitializer. This is both shorter,
more accurate, and makes it make sense for it to hold a delegating constructor
call.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123084 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
rogramPoint.h
|
| 65197b4b0c55bb74af0450230d61ee9461223721 |
08-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Add semantic checking that the "thousands grouping"
prefix in a printf format string is matched
with the appropriate conversion specifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123055 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| bd18d4584aae0ed6f7111ef5713784cf29fe663f |
08-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Add printf format string parsing support for '
prefix to format conversions (POSIX extension).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123054 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 9ef6537a894c33003359b1f9b9676e9178e028b7 |
23-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename static analyzer namespace 'GR' to 'ento'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122492 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 5a4f98ff943e6a501b0fe47ade007c9bbf96cb88 |
22-Dec-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Refactoring: Move stuff into namespace 'GR'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122423 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 403ba3522d1b1c97ae5fad81c1a2c4b3a754e1c1 |
19-Dec-2010 |
Nick Lewycky <nicholas@mxc.ca> |
Add missing standard includes. Patch by Joerg Sonnenberger!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122194 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
upport/BumpVector.h
|
| bb8fef382ad89b4bc202a1dbd4cd52ced7734479 |
17-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Move CocoaConventions.[h,cpp] from libChecker
to libAnalysis. Similar to Format (format string checking),
CocoaConventions has the
potential to serve clients other than the
static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122040 91177308-0d34-0410-b5e6-96231b3b80d8
omainSpecific/CocoaConventions.h
|
| 892697dd2287caf7c29aaaa82909b0e90b8b63fe |
16-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Start migration of static analyzer to using the
implicit lvalue-to-rvalue casts that John McCall
recently introduced. This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish. It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).
The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST. The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.
Some highlights of this patch include:
- CFG no longer requires an lvalue bit for
CFGElements
- StackFrameContext doesn't need an 'asLValue'
flag
- The "VisitLValue" path from GRExprEngine has
been eliminated.
Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@121960 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| 03013fa9a0bf1ef4b907f5fec006c8f4000fdd21 |
29-Nov-2010 |
Michael J. Spencer <bigcheesegs@gmail.com> |
Merge System into Support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120297 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| d706434b0231c76fd9acf30060646a7aa8f69aef |
24-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Let StackFrameContext represent if the call expr is evaluated as lvalue.
This is required for supporting const reference to temporary objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120093 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 19b78d9e3dbbc27bbcbdd8c3017a00fe88849ecd |
24-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use StackFrameContext directly in CallEnter program point. Then we don't need
to remake the stackframe everytime in GRExprEngine::ProcessCallEnter().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120087 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 9dc84c9455df2a77195147d0210c915dc1775a88 |
16-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Handle member initializer in C++ ctor.
- Add a new Kind of ProgramPoint: PostInitializer.
- Still use GRStmtNodeBuilder. But special handling PostInitializer in
GRStmtNodeBuilder::GenerateAutoTransition().
- Someday we should clean up the interface of GRStmtNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119335 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 9c6cd67ea416bace666d614c84d5531124287653 |
15-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add skeleton for handling other kinds of CFGElements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119135 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 8599e7677e067fd01d3b2ee4c0875747d367fd8e |
03-Nov-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating destructors for temporary objects. Two cases I know of, that are not handled properly:
1. For statement: const C& c = C(0) ?: C(1) destructors generated for condition will not differ from those generated for case without prolonged lifetime of temporary,
2. There will be no destructor for constant reference member bound to temporary at the exit from constructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118158 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 4ba72a0b28135209c435630682febe1f854ccfa6 |
29-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added CFGTerminator class, that holds information about CFGBlock terminator statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117642 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| f50595df931bde89e3acd3ec18e4c7e41aa80852 |
23-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix a horrible bug in all dataflow analyses that use CFGRecStmtVisitor (including live variables analysis).
We shouldn't recurse into CompoundStmts since they are already inlined in the CFG. This could result in
bogus dead stores warnings (among other things).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117162 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtVisitor.h
|
| 7c625d8ffc20b92fff9e1690cd2484fcb6498183 |
05-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added support for base and member destructors in destructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115592 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 82bc3fd823d85ee3ef9a641c0975b6ad25f55047 |
04-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added support for C++ initializers in CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115493 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 53de134e7b4686eed40bc031438d8a4560a2cda4 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added methods for inserting CFGAutomaticObjDtors to CFGBlocks,
Fixed some misspells in comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115236 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 9121ba232903ebe61e7bbe14ca294cf0f07dfa96 |
30-Sep-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added two new command line arguments:
-cfg-add-implicit-dtors - sets CFG::BuildOptions::AddImplicitDtors for AnalysisCosumer to true,
-cfg-add-initializers - sets CFG::BuildOptions::AddInitializers for AnalysisCosumer to true.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115142 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 1cff132e48e0ccc253c34e5a2fb12718bd4e7d2e |
21-Sep-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added:
- definitions of interfaces for CFGInitializer and CFGAutomaticObjDtor,
- support for above classes to print_elem function (renamed print_stmt),
- support for VarDecls in StmtPrinterHelper.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114403 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 90392b21e3a0571af6db6ba58951723b8b570cb0 |
16-Sep-2010 |
John McCall <rjmccall@apple.com> |
Fix the clang build after Zhongxing Xu's commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114059 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| b36cd3e1757fb4fcd9509f35558c847b04bef35f |
16-Sep-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Introduce new CFGElement hierarchy to support C++ CFG, based on Marcin's patch
and discussions with Ted and Jordy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114056 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
lowSensitive/DataflowSolver.h
rogramPoint.h
|
| 2a4cd498ff9b2b126de3e370b768ab307c221ab8 |
15-Sep-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Test commit
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113994 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 6c52c7850bccb6991470668429a1e1edf01b0873 |
15-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Add CFG::BuildOptions class to pass in CFG builder options under on parameter. Patch by Marcin Świderski!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113898 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 58eb45baff08fd27aeef65fc4e6ae35a4b3a1d90 |
14-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Add 'insert()' to BumpVector. Patch by Marcin Świderski!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113799 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| fe255bc6dfddade15644aecead970791e96ddedc |
14-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove from the CFG the half-implemented support for scoping information. We decided that scope information doesn't belong in the CFG at all, since it is a lexical construct.
Patch by Marcin Świderski!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113798 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| be39a566a914df8561d7a1e9654708297f0908c1 |
09-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove stray ';' and convert tabs to spaces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113466 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| ee7f84d509c6382491673883598eb9ed2d3a6a8b |
09-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Add 'filtered_pred_iterator' and 'filtered_succ_iterator' to CFGBlock. This allows a client
to selectively walk successors/predecessors based on commonly used filters. For starters, add
a filter to ignore 'default:' cases for SwitchStmts when all enum values are covered by CaseStmts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113449 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 4462ee2f0000e6cb966e3fff4516c84292f0cce8 |
03-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix enum: CallEnter/CallExit are StmtPoints
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112928 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| ec49bf464c91a52b3a463940da6589d03bf40248 |
28-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Add alternate version of LiveVariables analysis that does not kill liveness at assignments. This 'relaxed' liveness is useful in path sensitive analysis for situations where the resulting extended liveness allows us to find some bugs.
- Added killAtAssign flag to LiveVariables
- Added relaxed LiveVariables to AnalysisContext with an accessor
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112306 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalysisContext.h
|
| 967fea6cd9ae60ea31d27d440967990d2c705729 |
26-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Improved the handling of blocks and block variables in PseudoConstantAnalysis
- Removed the assumption that __block vars are all non-constant
- Simplified some repetitive code in RunAnalysis
- Added block walking support
- Code/comments cleanup
- Separated out test for block pseudoconstants
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112098 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PseudoConstantAnalysis.h
|
| 2de56d1d0c3a504ad1529de2677628bdfbb95cd4 |
25-Aug-2010 |
John McCall <rjmccall@apple.com> |
GCC didn't care for my attempt at API compatibility, so brute-force everything
to the new constants.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112047 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| 9325eaf08fcccbc0d038e703f570c64daacdaa31 |
25-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix printf format string checking for '%lc' (which expects a wint_t or compatible argument). Fixes PR 7981.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111978 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| ef52bcb606c73950139a775af61495f63fbc3603 |
24-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Improvements to IdempotentOperationChecker and its use of PseudoConstantAnalysis
- Added wasReferenced function to PseudoConstantAnalysis to determine if a variable was ever referenced in a function (outside of a self-assignment)
- BlockDeclRefExpr referenced variables are now explicitly added to the non-constant list
- Remove unnecessary ignore of implicit casts
- Generalized parameter self-assign detection to detect deliberate self-assigns of variables to avoid unused variable warnings
- Updated test cases with deliberate self-assignments
- Fixed bug with C++ references and pseudoconstants
- Added test case for C++ references and pseudoconstants
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111965 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PseudoConstantAnalysis.h
|
| db34ab70961ca4b24b600eb47053d7af304659f5 |
23-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Several small changes to PseudoConstantAnalysis and the way IdempotentOperationChecker uses it.
- Psuedo -> Pseudo (doh...)
- C++ reference support
- Added pseudoconstant test case for __block vars
- Separated out static local checking from pseudoconstant analysis and generalized to non-local checking
- Added missing test cases for storage false positives
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111832 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PseudoConstantAnalysis.h
nalyses/PsuedoConstantAnalysis.h
nalysisContext.h
|
| 245adabd97c8c770c13935a9075f2243cc6f1d57 |
18-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Added psuedo-constant analysis and integrated it into the false positive reduction stage in IdempotentOperationChecker.
- Renamed IdempotentOperationChecker::isConstant to isConstantOrPseudoConstant to better reflect the function
- Changed IdempotentOperationChecker::PreVisitBinaryOperator to only run 'CanVary' once on undefined assumptions
- Created new PsuedoConstantAnalysis class and added it to AnalysisContext
- Changed IdempotentOperationChecker to exploit the new analysis
- Updated tests with psuedo-constants
- Added check to IdempotentOperationChecker to see if a Decl is const qualified
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111426 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PsuedoConstantAnalysis.h
nalysisContext.h
|
| ba6f816d633e3b88c38c6896c2d78d19489650f2 |
15-Aug-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Remove dead code, caught by unused function warnings.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111091 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| a6d69302d7c86b1c71b9c18493bb811f7d152075 |
04-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Add CFGStmtMap, which defines a mapping from Stmt* to CFGBlock*. The immediate intended use is in the unreachable code analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110230 91177308-0d34-0410-b5e6-96231b3b80d8
FGStmtMap.h
|
| 9b823e8e1ccb8a2cb49923bad22a80ca96f41f92 |
03-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Add -cc1 option '-unoptimized-cfg' to toggle using a CFG (for static analysis) that doesn't prune CFG edges.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110087 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| ad5a894df1841698c824381b414630799adc26ca |
03-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Add 'AnalysisContext::getUnoptimizedCFG()' to allow clients to get access to the original
CFG without any edges pruned out because of trivially solvable conditions (e.g., 'if (0)').
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110085 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
FG.h
|
| 96827eb52405a71c65c200949f3e644368e86454 |
27-Jul-2010 |
Michael J. Spencer <bigcheesegs@gmail.com> |
Revert r109428 "Hoist argument type checking into CheckFormatHandler. This is prep for scanf format"
Got errors about ASTContext being undefined with Visual Studio 2010.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109491 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| f762905bdefad77f91c7c6782a9c17e6b274d393 |
26-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Hoist argument type checking into CheckFormatHandler. This is prep for scanf format
string argument type checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109428 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| cdd209dd9eb22a33cc9017f6605375fd17c9e809 |
23-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Dataflow solver: Don't overrwite the initial value of a block with top unless new values are available. Patch by Simone Pellegrini!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109243 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| b73279120d67817156717a1625207ee1bbf41477 |
23-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
AnalysisContext is not const.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109210 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 2ce43c8f43254a9edea53a20dc0e69195bc82ae0 |
22-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make a bunch of new data structures for the new analysis
engine of the new translation unit. State marshal is there but no real
work is done. End nodes are passed back.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109105 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| a412a499162c46211c10ad92045b9b5fd2298ede |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Move 'hasValidLengthModifier' from PrintfFormatSpecifier to FormatSpecifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108906 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| cfdcd3066521ee0fa9f303f3863c726943db37e5 |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Refactor ScanfConversionSpecifier to subclass ConversionSpecifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108904 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 6ecb950c65329f8d6ce9ad0514632df35a5ab61f |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Add 'ConversionSpecifier' root class in 'analyze_format_string' namespace and
derived 'PrintfConversionSpecifier' from this class. We will do the same for
'ScanfConversionSpecifier'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108903 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 2da5036adaef57395270ef2dd82358fc513d8616 |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Tidy up analyze_printf::ConversionSpecifier::Kind declaration, prepping it to be merged
with analyze_scanf::ConversionSpecifier::Kind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108902 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| de183a48dd8fcff5e0343e84c8a6b563088447ce |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename 'UnicodeStrArg' to 'SArg'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108901 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 35d353b47bce29200b910371dd9b8ba7f3058ab8 |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename 'ConsumedSoFarArg' -> 'nArg' and 'OutIntPtrArg' to 'nArg' (scanf and printf checking).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108900 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 66932056da99d2441e27c10b27c82706671e1dbf |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename 'VoidPtrArg' to 'pArg' in printf/scanf checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108899 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 99196b1031d37d37f395a3291ccdd12a3fc01242 |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename 'CStrArg' to 'sArg' for printf checking to match with the analagous enum for scanf checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108898 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 92a6febe130dd9ad726983835297e11b2fa3b93f |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename analyze_printf::ConversionSpecifier::IntAsCharArg to 'cArg' to match
analagous enum in analyze_scanf. This is prep for refactoring the logic for handling
ConversionSpecifiers for both scanf and printf.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108897 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| 03509aea098772644bf4662dc1c88634818ceecc |
20-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Constify all references to Stmt* and CFGBlock* in libChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108811 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| a02d893f15d4663bdba3bd92ade10070bf0510e4 |
20-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108795 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| baa400654bd6f8396f9a07188445ae7955b060a3 |
20-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't warn when a '%%' or '%*d' (scanf) is used in a format string with positional arguments, since
these don't actually consume an argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108757 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
|
| c6238d2786cfd961b94580b3d3675a1b3ff0721c |
19-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Reapply r108617.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108668 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
rogramPoint.h
|
| ee30965ce96e0a7b04b1aa16df60e9ba8b0a33c9 |
17-Jul-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
Revert r108617, it broke the build.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108621 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
rogramPoint.h
|
| 69b81941aa4211ba6b8eaa89093f9e45aff81392 |
17-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Prepare the analyzer for the callee in another translation unit:
Let AnalysisContext contain a TranslationUnit.
Let CallEnter refer to an AnalysisContext instead of a FunctionDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108617 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
rogramPoint.h
|
| 826a3457f737f1fc45a22954fd1bfde38160c165 |
16-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Add most of the boilerplate support for scanf format string checking. This includes
handling the parsing of scanf format strings and hooking the checking into Sema.
Most of this checking logic piggybacks on what was already there for checking printf format
strings, but the checking logic has been refactored to support both.
What is left to be done is to support argument type checking in format strings and of course
fix the usual tail of bugs that will follow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108500 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/FormatString.h
nalyses/PrintfFormatString.h
|
| 68f774dc9f4ad823dff4195821ba789e4e61a3a6 |
30-Jun-2010 |
Duncan Sands <baldrick@free.fr> |
Add header file needed to compile with g++-4.6, which has undergone some more
header trimming (needed for std::uninitialized_copy).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107291 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| f683976830768f207ad70150d14e08b04fe532be |
26-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Add support for CXXRecordDecl in CFGRecStmtDeclVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106918 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 4c6021995032a898fb0502d5d1fd2df37638e57b |
18-Jun-2010 |
Tom Care <tcare@apple.com> |
Printf format strings: Added some more tests and fixed some minor bugs.
- Precision toStrings shouldn't print a dot when they have no value.
- Length of char length modifier is now returned correctly.
- Added several fixit tests.
Note: fixit tests are currently broken due to a bug in HighlightRange. Marking as XFAIL for now.
M test/Sema/format-strings-fixit.c
M include/clang/Analysis/Analyses/PrintfFormatString.h
M lib/Analysis/PrintfFormatString.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106275 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| f521d6e151e0cf443bb767c6a83c06ea411530f8 |
18-Jun-2010 |
Tom Care <tcare@apple.com> |
Bug 7394 - Fixed toString representation of Precisions in format strings.
M include/clang/Analysis/Analyses/PrintfFormatString.h
M lib/Analysis/PrintfFormatString.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106245 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| e4ee9663168dfb2b4122c768091e30217328c9fa |
17-Jun-2010 |
Tom Care <tcare@apple.com> |
Bug 7377: Fixed several bad printf format string bugs.
- Added warning for undefined behavior when using field specifier
- Added warning for undefined behavior when using length modifier
- Fixed warnings for invalid flags
- Added warning for ignored flags
- Added fixits for the above warnings
- Fixed accuracy of detecting several undefined behavior conditions
- Receive normal warnings in addition to security warnings when using %n
- Fix bug where '+' flag would remain on unsigned conversion suggestions
Summary of changes:
- Added expanded tests
- Added/expanded warnings
- Added position info to OptionalAmounts for fixits
- Extracted optional flags to a wrapper class with position info for fixits
- Added several methods to validate a FormatSpecifier by component, each checking for undefined behavior
- Fixed conversion specifier checking to conform to C99 standard
- Added hooks to detect the invalid states in CheckPrintfHandler::HandleFormatSpecifier
Note: warnings involving the ' ' (space) flag are temporarily disabled until whitespace highlighting no longer triggers assertions. I will make a post about this on cfe-dev shortly.
M test/Sema/format-strings.c
M include/clang/Basic/DiagnosticSemaKinds.td
M include/clang/Analysis/Analyses/PrintfFormatString.h
M lib/Analysis/PrintfFormatString.cpp
M lib/Sema/SemaChecking.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106233 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 01cb1aa458516b9061a65ea4b8a2ca55f71cb34f |
17-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix format string checking of '%c' by treating it as an integer conversion. Fixes PR 7391.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106196 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 13927a431dd733336cfd664bf0840747a71b0a43 |
16-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Extend format string type-checking to include '%p'. Fixes remaining cases PR 4468.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106151 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 3bfc5f49e0e37e235bb0d33bcbcb36af9d1f84ab |
09-Jun-2010 |
Tom Care <tcare@apple.com> |
Added FixIt support to printf format string checking.
- Refactored LengthModifier to be a class.
- Added toString methods in all member classes of FormatSpecifier.
- FixIt suggestions keep user specified flags unless incorrect.
Limitations:
- The suggestions are not conversion specifier sensitive. For example, if we have a 'pad with zeroes' flag, and the correction is a string conversion specifier, we do not remove the flag. Clang will warn us on the next compilation.
A test/Sema/format-strings-fixit.c
M include/clang/Analysis/Analyses/PrintfFormatString.h
M lib/Analysis/PrintfFormatString.cpp
M lib/Sema/SemaChecking.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105680 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 9a55591af3e5506b95a9718e15380129fbfc5ebc |
30-May-2010 |
Sean Hunt <rideau3@gmail.com> |
Convert DeclNodes to use TableGen.
The macros required for DeclNodes use have changed to match the use of
StmtNodes. The FooFirst enumerator constants have been named firstFoo
to match usage elsewhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105165 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| a5fdd9ce694b1c2dbfd225cb6f55ef743d1ab562 |
11-May-2010 |
Douglas Gregor <dgregor@apple.com> |
Fixes for compilation with Microsoft Visual Studio 2010, from Steven Watanabe!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@103458 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 27b0f510d1d4f9ed5668eec1195f04b4a74a4426 |
04-May-2010 |
Chris Lattner <sabre@nondot.org> |
add the ability to associate 'category' names with diagnostics
and diagnostic groups. This allows the compiler to group
diagnostics together (e.g. "Logic Warning",
"Format String Warning", etc) like the static analyzer does.
This is not exposed through anything in the compiler yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@103051 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 66d5142ab5026aa77ab6f1d7e4d9bdb0b438d55a |
09-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove copy of 'Optional' in Clang tree, and convert clients to use the one now in the LLVM tree.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100891 91177308-0d34-0410-b5e6-96231b3b80d8
upport/Optional.h
|
| bace4ba042d87a0ed0ec15dbe6caad946b97bd33 |
09-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
For 'open' check in UnixAPIChecker, hard code value of 'O_CREAT' on Darwin.
This is still not an ideal solution, but should disable the check for other
targets where the value of O_CREAT is different.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100818 91177308-0d34-0410-b5e6-96231b3b80d8
upport/Optional.h
|
| 0798df70753a5feee0e79f2b51f3d4f50127325d |
31-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
For reverse data flow analyses, enqueue the blocks in reverse order.
This more likely matches with the ideal order the blocks should be visited.
This shaves another 1% off the -fsyntax-only time for compare.c (403.gcc).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100030 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| 2405a0addc2bc627392d9bfe2874bd9431d81d55 |
31-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak DataFlowSolver's worklist data structure to have an ordered worklist
and a DenseSet for caching instead of using a single SmallPtrSet.
This makes the behavior of the DataFlowSolver more deterministic, and
reduces the -fsyntax-only time on compare.c (403.gcc) by 1%.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100026 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| d064fdc4b7b64ca55b40b70490c79d6f569df78e |
23-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Only perform CFG-based warnings on 'static inline' functions that
are called (transitively) by regular functions/blocks within a
translation untion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99233 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 8efb5812b8f49e6c5cb4635e39e4cacafd1ae73c |
15-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Add comment to CFG to 'buildCFG()' arguments indicating that scope
support is not fully implemented.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98555 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| de431c2dc7ec3592327ab23ae315fc915c549f05 |
27-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add reference to positional arguments documentation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97298 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| efaff195ba1fa55b6fe0b0b2435b81451387d241 |
27-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
For printf format string checking, add support for positional format strings.
Along the way, coelesce some of the diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97297 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 7f70dc85d5055c19c8003f43a59135de211ad1b9 |
26-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
For printf format string checking, move the tracking of the data argument index out of
Sema and into analyze_printf::ParseFormatString(). Also use a bitvector to determine
what arguments have been covered (instead of just checking to see if the last argument consumed is the max argument). This is prep. for support positional arguments (an IEEE extension).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97248 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 102acd5369bbb17c0d6ab868af376671acff7a93 |
25-Feb-2010 |
Douglas Gregor <dgregor@apple.com> |
Restore Zhongxing's commits r97122 r97127 r97129 r97131 which were reverted due to a Clang-on-Clang failure
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97162 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 2b706e56b57c9646dae8c9134d8614fe815a1873 |
25-Feb-2010 |
Jakob Stoklund Olesen <stoklund@2pi.dk> |
Revert patches r97122 r97127 r97129 r97131.
They were breaking clang-x86_64-darwin10-selfhost
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97138 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 833e50e6a2c246dbc4b3c17b7c9d657c5b5d333e |
25-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Call inliner improvements:
This patch implements the CallEnter/CallExit idea of Ted.
Add two interfaces to GRSubEngine: ProcessCallEnter, ProcessCallExit.
The CallEnter program point uses caller's location context. The
CallExit program point uses callee's location context.
CallEnter is built by GRStmtNodeBuilder. CallExit is built by
GREndPathNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97122 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 87260c7eabf88eb2009ba2ba20150cd897483241 |
24-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add support for '%C' and '%S' printf conversion specifiers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97005 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 72919a334752bc87001a7e3a0b6e5892768fac20 |
23-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Move the rest of the unreachable code analysis from libSema
to libAnalysis (with only the error reporting in libSema).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96893 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ReachableCode.h
|
| e5064ab8a8be7fbb8bb9727bea954c9fea7b40ab |
23-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add missing header file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96875 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/ReachableCode.h
|
| 44b713938266685b1b1dd452a672f9f21b6060f8 |
22-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96773 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| f7bb329deb2f8ce9ae7f187d6fbe0f98deaeed0d |
21-Feb-2010 |
Daniel Dunbar <daniel@zuster.org> |
Spell string.h correctly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96765 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| 26f178696e90cdf950dce26ccd1fe19a46537999 |
21-Feb-2010 |
Daniel Dunbar <daniel@zuster.org> |
Add missing include, noticed by ace2001ac on IRC.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96764 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| 8ddf7cead8a67342a4584a203e0bf736b7efedbe |
17-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a utility method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96471 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 4e4b30ec62d78b24e6556fea2624855c193d0e3e |
16-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Refactor the logic for printf argument type-checking into analyze_printf::ArgTypeResult.
Implement printf argument type checking for '%s'.
Fixes <rdar://problem/3065808>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96310 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 252bee91e9961d9182323c4017092f90d6a09b1d |
16-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Added 'AsWideChar' flag to LengthModifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96309 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 5c41ee8c49995fb4fd76d686b239c15cbab261ea |
11-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Patch by Cristian Draghici:
Enhance the printf format string checking when using the format
specifier flags ' ', '0', '+' with the 'p' or 's' conversions (since
they are nonsensical and undefined). This is similar to GCC's
checking.
Also warning when a precision is used with the 'p' conversin
specifier, since it has no meaning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95869 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 74d56a168966ff015824279a24aaf566180ed97d |
04-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Move ParseFormatString() and FormatStringHandler back into the analyze_printf namespace.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95324 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 03db470ec53315368f200a2382590e41ef9ff8d4 |
04-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Convert flags in FormatSpecifier to be bitfields instead of doing
direct bit manipulation. This is is less error prone, and fixes a bug
in the handling of the LeadingZeroes flag as pointed out by Cristian
Draghici.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95298 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 01aefc6d20fbfd50bfb83926226dee86dd31c9c5 |
30-Jan-2010 |
Daniel Dunbar <daniel@zuster.org> |
Recognize 'q' as a format length modifier (from BSD).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94894 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 500f189081b2edfcf3e14864c0df870d85701a6f |
30-Jan-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
Silence clang++ warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94878 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 33567d2feb3e52fac6e0b46d5b3d137fc8467fb0 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Per a suggestion from Cristian Draghici, add a method to FormatSpecifier that returns the expected type of the matching data argument. It isn't complete, but should handle several of the important cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94851 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 4dcb18ff9d92c66c78077ac5cae4b83af37292e4 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Enhancements to the alternate (WIP) format string checking:
- Add ConversionSpecifier::consumesDataArgument() as a helper method
to determine if a conversion specifier requires a matching argument.
- Add support for glibc-specific '%m' conversion
- Add an extra callback to HandleNull() for locations within the
format specifier that have a null character
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94834 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| ddc6b664e4caa86bcccbc2ddfe6ad0d4768372bc |
29-Jan-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
Fix typo found by clang++. Yay for -Wuninitialized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94810 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 808015a18bd97781ce437831a95a92fdfc8d5136 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Alternate format string checking: issue warnings for incomplete format specifiers.
In addition, move ParseFormatString() and FormatStringHandler() from
the clang::analyze_printf to the clang namespace. Hopefully this will
resolve some link errors on Linux.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94794 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 26ac2e07b46bfb4d4f00752c96481c0a98c79c69 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Alternate format string checking: issue a warning for invalid conversion specifiers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94792 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| e82d804ee761006250543d6fe6e98ee7896cd756 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Alternate format string checking: warn of '%n' as being potentially insecure.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94782 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 0d27735c51f5bd392e673cf39a675e14e9442387 |
29-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Add precision/field width checking to AlternateCheckPrintfString().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94774 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| a8d8fec7876666d90bb2a144d3b832b2d89a088a |
28-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Add position of conversion specifier character to 'ConversionSpecifier'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94739 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| d2dcece5882215e92a80bff8a7b7fd2fd81d7086 |
28-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename namespace clang::printf to clang::analyze_printf to avoid problems where the reference to 'printf' is ambiguous.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94733 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| d5f2096e266b7905df660b7839e69e9ed6ba9018 |
28-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Allow HandleFormatSpecifier() to indicate that no more processing of the format string is desired.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94715 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| c7cbb9bf8e0bf8c3191ef0b782ec198c433d2a4e |
28-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Add '@' conversion specifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94713 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 8f0a1c73fd2b83afd4b1fce6f964535b51d13659 |
28-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Add skeleton for a more structured way to analyzing pring format
strings than what we currently have in Sema. This is both an
experiment and a WIP.
The idea is simple: parse the format string incrementally,
constructing a well-structure representation of each format specifier.
Each format specifier is then handed back one-by-one to a client via a
callback. Malformed format strings are also handled with callbacks.
The idea is to separate the parsing of the format string from the
emission of diagnostics. Currently what we have in Sema for handling
format strings is a mongrel of both that is hard to follow and
difficult to modify (I can apply this label since I'm the original
author of that code).
This is in libAnalysis as it is reasonable generic and can potentially
be used both by libSema and libChecker.
Comments welcome.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94702 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/PrintfFormatString.h
|
| 9d883b5b3763605cd6850b49fd3b2613074e83a0 |
27-Jan-2010 |
Chandler Carruth <chandlerc@gmail.com> |
Silence a GCC warning about uninitialized variables. The first user of this
showed up with a primitive type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94674 91177308-0d34-0410-b5e6-96231b3b80d8
upport/Optional.h
|
| fee90811c665893bc27a9bfa8b116548afe1b89b |
27-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore to handle initialization of incomplete arrays in structures using a compound value. Fixes <rdar://problem/7515938>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94622 91177308-0d34-0410-b5e6-96231b3b80d8
upport/Optional.h
|
| 326be568e2cb04285c84e6e26a3e6b3822607361 |
25-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Add missing header.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94409 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisContext.h
|
| 1309f9a3b225ea846e5822691c39a77423125505 |
25-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Split libAnalysis into two libraries: libAnalysis and libChecker.
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94406 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
ocalCheckers.h
anagerRegistry.h
athDiagnostic.h
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
athSensitive/BasicValueFactory.h
athSensitive/BugReporter.h
athSensitive/BugType.h
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
athSensitive/Checkers/DereferenceChecker.h
athSensitive/ConstraintManager.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/GRAuditor.h
athSensitive/GRBlockCounter.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRExprEngineBuilders.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRState.h
athSensitive/GRStateTrait.h
athSensitive/GRSubEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/GRWorkList.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/SValuator.h
athSensitive/Store.h
athSensitive/SymbolManager.h
athSensitive/ValueManager.h
|
| b79b117d3b76da58b14ef835ccfcf2e988b7345f |
22-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Process cast according to the cast kind. Prepare for more specific cast
handling (for C++). No functionality change for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94153 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 4c45aa1b00b91847acfb082acfaced3ffa294d1d |
21-Jan-2010 |
Mike Stump <mrs@apple.com> |
Speed up compilation by avoiding generating exceptional edges from
CallExprs as those edges help cause a n^2 explosion in the number of
destructor calls. Other consumers, such as static analysis, that
would like to have more a more complete CFG can select the inclusion
of those edges as CFG build time.
This also fixes up the two compilation users of CFGs to be tolerant of
having or not having those edges. All catch code is assumed be to
live if we didn't generate the exceptional edges for CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94074 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
athSensitive/AnalysisContext.h
|
| b978a441c7d8bf59e7fede938e1f3b672573b443 |
21-Jan-2010 |
Mike Stump <mrs@apple.com> |
Add infrastructure to add base initializers and member initializers to
the CFG. WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94062 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 079bd72439448b78629a28da6b1f8abe2cdeaf4d |
19-Jan-2010 |
Mike Stump <mrs@apple.com> |
Add CFG support for the start and end of scopes and infrastructure for
implicit destructor calls. WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93922 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| c39b2bdd4cef51021fe90de91c9fb6d1a15f4d0a |
19-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix a serious bug: Tmp3 is the wrong destination set. We should create a new
intermediate destination set Tmp4.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93873 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.h
|
| 3ed04d37573c566205d965d2e91d54ccae898d0a |
18-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for computing size in elements for symbolic regions obtained from
malloc().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93722 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 8b9317186fd5243938128a0b0e0494498d78ab8c |
15-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Convert a few more uses of std::string& to llvm::StringRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93506 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| e45c149996ccd0f2ac1da95493b8563c108abc1f |
11-Jan-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
Avoid use of deprecated functions (CStrInCStrNoCase and StringsEqualNoCase).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93175 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| c50e6df965ff264952d8d5805d151f89c89af302 |
11-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Switch RegionStore over to using <BaseRegion+raw offset> to store
value bindings. Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key". This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93137 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValuator.h
athSensitive/Store.h
|
| bc37b8dd9914e02580f531fa6e5e72be34d9675e |
09-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When binding an rvalue to a reference, create a temporary object. Use
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93047 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/MemRegion.h
|
| de0d26310191215a6d1d189dc419f87af18ce6be |
05-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Make static analysis support for C++ 'this' expression context-sensitive. Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92675 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 32a58084a4c53e6938dd81bfce224db25a5976d1 |
05-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove references to 'Checker' and 'GRTransferFuncs' from
GRStateManager. Having these references was an abstraction violation,
as they really should only be known about GRExprEngine.
This change required adding a new 'ProcessAssume' callback in
GRSubEngine. GRExprEngine implements this callback by calling
'EvalAssume' on all registered Checker objects as well as the
registered GRTransferFunc object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92549 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRSubEngine.h
|
| b94b81a9ab46c99b00c7ad28c5e1e212c63fc9ac |
31-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Let constraint manager inform checkers that some assumption logic has happend.
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92342 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| f2017d13ebd4a617415d737fa99c7e013b4d5dd9 |
30-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix a comment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92314 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
|
| 62d399e1880aacd9dc494fce374245b0da915ada |
24-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
As Ted suggested, record the callsite information with the StackFrameContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92121 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
|
| bfbcefb7e99905218b3f0a895b7bc1992203123b |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance dataflow analyses to recognize branch statements in the CFG used as hooks for the initialization of condition variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92119 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtVisitor.h
isitors/CFGStmtVisitor.h
|
| 598278bee8e5797bc73d24d6ac8a1d6ff6413cae |
24-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Inter-procedural analysis: now we can return from the callee.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92116 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| fcfb503c280ed8c66d428fed911b2846c0f434fc |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Teach GRExprEngine to handle the initialization of the condition variable of a SwitchStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92102 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 3ff8481f4be3f30e1082488238d83f78342303e1 |
23-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Migrate the call inliner to the Checker interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91991 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/Checker.h
athSensitive/GRTransferFuncs.h
|
| 61dfbecd8e6181b2ba42ffb5feede27a2bab3b8a |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add CFG support for the condition variable that can appear in IfStmts in C++ mode.
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91987 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| a5083e6ab51b031241152e81457240497ab9bff9 |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add assertion to check for valid source ranges.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91966 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 949bdb43bf370b23a79a37b017e0a0566c0d66e0 |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add basic support for analyzing CastExprs as lvalues.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91952 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 38ac4f504bf8ed514520b5a82be538bdb0860687 |
22-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add transfer functions support for visiting an Objective-C message expression as an lvalue when the return type is a C++ reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91926 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
athSensitive/GRExprEngine.h
|
| 6ecc0b5000e9efac2e677dc4dff80b5dbf3a4a4a |
19-Dec-2009 |
Daniel Dunbar <daniel@zuster.org> |
Remove another ';' after method definition.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91781 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
|
| 7177dee8aee4b432911c91f1b788963bec0cac9f |
19-Dec-2009 |
Daniel Dunbar <daniel@zuster.org> |
Remove ';' after method definition. Noticed by clang++, which one would think
would have a higher respect for its own code. This is getting old, is this
warning really adding value?
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91779 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
lowSensitive/DataflowValues.h
athDiagnostic.h
athSensitive/AnalysisManager.h
athSensitive/ExplodedGraph.h
athSensitive/SVals.h
athSensitive/Store.h
|
| 53287518f69b8f06f82a6cdbd13e4e3a13b58186 |
18-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91710 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 3cead901aab394fe8e84953235959ece8002854f |
17-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Convert GRExprEngine::VisitCallExpr() to use a worklist instead of recursion to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91613 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| c410d4d2bb2de2c186fb48857e99e7809e780081 |
17-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Completely remove ObjCObjectRegion (tests pass this time).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91572 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bb141217871e93767aa3f2de1b9946fa6d37066a |
16-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a new kind of region: CXXObjectRegion. Currently it has only one
attribute: the object type.
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91535 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 3eda63a2e95a4b6c494ec563a5a174cf8c2b6c86 |
16-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91517 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 6b8ee78873442c2d52ecc8ac344dffa2c2cffbe2 |
16-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Teach CheckerVisitor about CXXOperatorCallExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91509 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
| 1c8008715bc6ad9e7e901540ecf000a3e94a486c |
16-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Teach CFRecStmtDeclVisitor about CXXMethodDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91508 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 3ad359b845b3fe302d765dda5ad879dadcc0b9c4 |
16-Dec-2009 |
Douglas Gregor <dgregor@apple.com> |
Make GRSubEngine.h standalone
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91504 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRSubEngine.h
|
| 852274d4257134906995cb252fb3dfd2d71deae8 |
16-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add (initial?) static analyzer support for handling C++ references.
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRSubEngine.h
athSensitive/SVals.h
rogramPoint.h
|
| 28172a27c0fb69439170aab53127582432e7d5a0 |
16-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove ValueManager::getRegionValueSymbolValOrUnknown(). It was just extra veneer on top of getRegionValueSymbolVal().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91471 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 8d09bafdcf870b72e8781279378e7e264499b230 |
15-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove displayProgress parameter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91429 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| 06159e878569e5f39bf0e8f11b84ac3ad0970597 |
15-Dec-2009 |
Chris Lattner <sabre@nondot.org> |
update to match LLVM API change:
Remove isPod() from DenseMapInfo, splitting it out to its own
isPodLike type trait. This is a generally useful type trait for
more than just DenseMap, and we really care about whether something
acts like a pod, not whether it really is a pod.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91422 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 5348f94abd0e9d3945da8d059b55b156967e8ff9 |
14-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91348 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SymbolManager.h
|
| d9c84c8381261530b16512d2aac146de8271ea1e |
12-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add initial support for realloc() in MallocChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91216 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| d8e494faa9f4bc13cd0a136b4d1ee1cfd52860ea |
11-Dec-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Switch PathDiagnostic to StringRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91155 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 2b87ae45e129b941d0a4d221c9d4842385a119bd |
11-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame. Fixes <rdar://problem/7462324>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91107 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/MemRegion.h
|
| 1ec4e976113ac56c0b3d96f484613d1dc62c3f85 |
09-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor OSAtomic evaluation logic into OSAtomicChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90968 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 7cdc25edb6ee3d1673baff05cd582b7285e04748 |
08-Dec-2009 |
Anders Carlsson <andersca@mac.com> |
Make the BugType.h header self-contained so Daniel will stop bugging me ;)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90887 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| 67d1287035767f4f6c8ca0c2bb755990012a44ca |
07-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add analysis support for blocks. This includes a few key changes:
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.
This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects. Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object. In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90809 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 935ef90f4b065c7c865ee5b2a99c5f9b1a115d72 |
07-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add EvalCallExpr interface to checker, and migrate the no-return function
handler to this interface.
GRExprEngine::CheckerEvalCall() will return true if one of the checkers has
processed the node. In the future this might return void when we have some
default checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90755 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/GRExprEngine.h
|
| edeb5b6b50e773b243e0ee0d84589cd1f7dea9b0 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Replace SymbolReaper::isLive(VarDecl) with SymbolReaper::isLive(VarRegion).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90582 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| bfb4fc9ebc64ec3db597441d4b79adcd0f69cf58 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename instance variable to avoid name conflict with parameters, and modify addTransition() to compare the correct state values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90552 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 6dea40475158edea3b64e1247b07b94db4f48dc8 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Revert r90546.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90551 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 1d60710c593c82e6c4a9a5c1e96e24fbb3a61592 |
04-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
the assertion says state is not NULL. When state is not NULL, getState()
returns state. So simplify the predicate.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90546 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| d02e83a548359df978f40cc1a52ffd78b7ef371b |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Allow BlockInvocationContext to wrap either a BlockDecl* or a BlockDataRegion*, giving us choice in our degree of context-sensitivity.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90516 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/MemRegion.h
|
| 0ee4124012950d7bb853438629b8e7652febf183 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor LocationContext creation logic into a single member template.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90509 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
|
| dc0d909f0f6684159c8475db1a15967e5613cb27 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor FoldingSet profiling code for LocationContexts, and add a new BlockInvocationContext to represent the invocation of a block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90506 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| b48ad64a0e9e8d6488adebe597b6af32c1eb84f4 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
constify MemRegion* returned by MemRegionManager::getXXXRegion() methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90503 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bcd7f9f8cb2f1b78e8ad991677a4364044e1deb7 |
04-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
More template-logic for MemRegion construction out of MemRegion.h and into MemRegion.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90499 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| d3d870b96d2f76d981a49595e9395ef09d970812 |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Convert some methods in PathDiagnostic to return StringRefs instead of std::string&.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90477 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 81cef5889027d0f96b24afa7a0bb28d9023474ed |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Make BlockDataRegion::referenced_vars_iterator an actual class that enforces that all MemRegions iterated over are VarRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90430 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 8fd57fea85ff7b4dc1895fbbdf73173feaa063b5 |
03-Dec-2009 |
Daniel Dunbar <daniel@zuster.org> |
Fix layering violation by moving Analysis/CallGraph to Index
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90424 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 81a958366873c8bb49a2ed7324f004047ec18e48 |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add batch version of 'StoreManager::InvalidateRegion()' for invalidating multiple regions as once. After adopting this in the CFRefCount::EvalCall(), we see a reduction in analysis time of 1.5% when analyzing all of SQLite3.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90405 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| a46e4d91d8f3eb341f2387768db66dcfe8dd0afa |
02-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Hard bifurcate the state into nil receiver and non-nil receiver, so that
we don't need to use the DoneEvaluation hack when check for
ObjCMessageExpr.
PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.
Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90296 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 1488c7a0989e4543b9acb46fa02a54d12a9d0cc9 |
01-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
The minimum element size in BumpVector should be 1, not 0.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90268 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| f99ce1e81f965fb0bb56ead76742aadd8b551835 |
01-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Clean up BuiltinBug class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90195 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| f0171732efb4647772ad2a45c0f31978b0e34f71 |
29-Nov-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Port BugReporter and BugType to StringRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90086 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/BugType.h
|
| 149594457da7edfea2ce537ed18ca1b412dffd54 |
28-Nov-2009 |
Kovarththanan Rajaratnam <kovarththanan.rajaratnam@gmail.com> |
Cleanup llvm/Support/Compiler.h include in header files
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90040 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 408ac1767a87e1e49fcea5f8620e386b5007334a |
28-Nov-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Missed a forward declaration.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90035 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 58652887b08da3207226ec6d8bdb59ec0e96edfe |
28-Nov-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Cleanup includes and forward decls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90034 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 4240096011a187807058f887eb81df750ffa17fe |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add iterators to BlockDataRegion that allow clients to iterate over the VarRegions for "captured" variables for a block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89927 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 9dce71ff2bb3016827f519152bd54830c20bb1da |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Added batch versions of GRState::scanReachableSymbols() so that clients can scan a collection of SVals or MemRegions all at once.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89926 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| b1a7b65231e86f7da6aacbf00bcdc16c56350e65 |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance LiveVariables to understand that blocks can extend the liveness of a variable by "capturing" them in a BlockExpr.
This required two changes:
1) Added 'getReferencedgetReferencedBlockVars()' to AnalysisContext so
that clients can iterate over the "captured" variables in a block.
2) Modified LiveVariables to take an AnalysisContext& in its
constructor and to call getReferencedgetReferencedBlockVars() when it
processes a BlockExpr*.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89924 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
athSensitive/AnalysisContext.h
|
| 0a8112a78d00b5140c5b7f16c3b34c2c0c13c1a0 |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Refine MemRegions for blocks. Add a new region called
'BlockDataRegion' to distinguish between the code associated with a
block (which is represented by 'BlockTextRegion') and an instance of a
block, which includes both code and data. 'BlockDataRegion' has an
associated LocationContext, which can be used to eventually model the
lifetime of a block object once LocationContexts can represent scopes
(and iterations around a loop, etc.).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89900 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/ValueManager.h
|
| 66078610be5e4319de02efa283b07887c73c2e27 |
25-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add post-visit Checker support in GRExprEngine for BlockExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89890 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
|
| 32c4995826c76f282fc05fbbc3241d2dded4fb57 |
25-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Make RegisterInternalChecks() part of GRExprEngine's private implementation by making it a static function within GRExprEngine.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89884 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| d23c447e4be8310413c473d83aaa547ad10d2271 |
25-Nov-2009 |
Kovarththanan Rajaratnam <kovarththanan.rajaratnam@gmail.com> |
This patch streamlines CheckerVisitor.def so that it follows the usual '#ifndef foo' pattern:
#ifndef foo
#define foo(parm1)
#endif
foo(parm1) parm1 ...
#undef foo
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89851 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
|
| bc6c676448f4726dbdf086d4cb066b0fa3e97db2 |
25-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
UndefResults is not needed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89834 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| c95ad9ff6e574aecdd759542d5578bc65d586d93 |
25-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add transfer function support for BlockExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89829 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| eb1c7a04509f5d25c09005a6d46bd8bbb3ca88cb |
25-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Split CodeTextRegion into FunctionTextRegion and BlockTextRegion. This a precursor to having basic static analysis support for blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89828 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/ValueManager.h
|
| fee96e043108b6e24e7d4c5464bf89ac970a7f81 |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Cleanups and fixes to the nil-receiver checker, some of it fallout the
initial transition of the nil-receiver checker to the Checker
interface as done in r89745. Some important changes include:
1) We consolidate the BugType object used for nil receiver bug
reports, and don't include the type of the returned value in the
BugType (which would be wrong if a nil receiver bug was reported more
than once)
2) Added a new (temporary) flag to CheckerContext: DoneEvauating.
This is used by GRExprEngine when evaluating message expressions to
not continue evaluating the message expression if this flag is set.
This flag is currently set by the nil receiver checker. This is an
intermediate solution to allow the nil-receiver checker to properly
work as a plug-in outside of GRExprEngine. Basically, this flag
indicates that the entire message expression has been evaluated, not
just a precondition (which is what the nil-receiver checker does).
This flag *should not* be repurposed for general use, but just to pull
more things out of GRExprEngine that already in there as we devise a
better interface in the Checker class.
3) Cleaned up the logic in the nil-receiver checker, making the
control-flow a lot easier to read.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89804 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/ExplodedGraph.h
athSensitive/GRExprEngine.h
|
| 668399b23cf18124c8c8c41a14a7712212f6fa45 |
24-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor undefined result checker. This is the last one.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89750 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
|
| 2055effed54d614b51e3501a174c9b1fe92e4de4 |
24-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor NilReceiverStructRet and NilReceiverLargerThanVoidPtrRet into
CallAndMessageChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89745 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/GRExprEngine.h
|
| e576af2754bfa309bb10a518bbc17c81b9e0723f |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance null dereference diagnostics by indicating what variable (if any) was dereferenced. Addresses <rdar://problem/7039161>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89726 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| 19d67b52b73c04ef8eb663980330a1de2b47c845 |
23-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Clean up the Checker API a little more, resolving some hidden bugs
along the way. Important changes:
1) To generate a sink node, use GenerateSink(); GenerateNode() is for
generating regular transitions. This makes the API clearer and also
allows us to use the 'bool' option to GenerateNode() for a different
purpose.
2) GenerateNode() now automatically adds the generated node to the
destination ExplodedNodeSet (autotransition) unless the client
specifies otherwise with a bool flag. Several checkers did not call
'addTransition()' after calling 'GenerateNode()', causing the
simulation path to be prematurely culled when a non-fail stop bug was
encountered.
3) Add variants of GenerateNode()/GenerateSink() that take neither a
Stmt* or a GRState*; most callers of GenerateNode() just pass in the
same Stmt* as provided when the CheckerContext object is created; we
can just use that the majority of the time. This cleanup also allows
us to potentially coelesce the APIs for evaluating branches and
end-of-paths (which currently directly use builders).
4) addTransition() no longer needs to be called except for a few
cases. We now have a variant of addTransition() that takes a
GRState*; this allows one to propagate the updated state without
caring about generating a new node explicitly. This nicely cleaned up
a bunch of cases that called autoTransition() with a bunch of
conditional logic surround the call (that common logic has now been
swallowed up by addTransition() itself).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89707 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| c6e11fff7623e07681a29c103fcf0bb5c5b39140 |
23-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Provide out-of-line definition for destructor of Checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89688 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 0835e4cccfef3ea5346962722b79484f6b3ca602 |
23-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Initial refactor of UndefBranchChecker. We still use GRBranchNodeBuilder
in the checker directly. But I don't have a better approach for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89640 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| f605aae3227ffa3a5dae8eb34fdd79ba0a0d19d1 |
22-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Save and restore the HasGen flag in MallocChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89590 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| c3372e0ee8dac4fc11c771a92b05e4641bce6b32 |
22-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove UndefinedAssignmentChecker's header.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89585 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/UndefinedAssignmentChecker.h
|
| c79d7d49c5ec42e8bb6ac34350ebb5bc24ca663d |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker also handled undefined receivers in message expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89524 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 64fa85855638d69e56ed1b2fad7ed65deb3ecdfd |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
More checker refactoring. Passing undefined values in a message expression is now handled by UndefinedArgChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89519 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 21433a5fece2bb9a2c1792c18edd13b8d77e0bbd |
20-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
no need to cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89451 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 04b826daa7d5e81d163adc10bf23248caedc99df |
20-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
No need to pass the state argument explicitly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89447 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| c05f23994720b3eb0a3b3494e7bfcec9e1536c89 |
19-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix 80 col. violation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89382 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 243fde9f549a8f5f000c4baccb572dd0b7266a41 |
17-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add EvalEndPath interface to Checker. Now we can check memory leaked at the
end of the path. Need to unify interfaces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89063 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 6490ae5003226cae28f980648948bea8b21a8638 |
17-Nov-2009 |
Douglas Gregor <dgregor@apple.com> |
Silence some warnings produced by Clang, and add a missing header
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89051 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| 6a45c2bffc9b73290aad3041595b3e662b690bdc |
17-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a comment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89032 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRWorkList.h
|
| d651141308a777d60ff98309d21e045bb936f8b7 |
16-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix condition in LocationCheck::classof(). Thanks to Marius Wachtler for pointing this out!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88949 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 652be346f74feba027bcbdeb6a3e3f4755a0e62c |
16-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
* Do the same thing to the basicstore as in r84163.
* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
we can let all Retrieve() methods simply return SVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88888 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/Store.h
|
| 539e9b18e64479e1092e0cd52efdb2ad41b4d07d |
15-Nov-2009 |
Douglas Gregor <dgregor@apple.com> |
Make a couple more headers standalone
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88840 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
athSensitive/BugType.h
athSensitive/GRWorkList.h
upport/Optional.h
|
| 88f0d009db9b8a54b23eff6c1c29d9a8e75291d0 |
15-Nov-2009 |
Douglas Gregor <dgregor@apple.com> |
Remove an obviously-broken header, which still tries to refer to ScopedDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88837 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGVarDeclVisitor.h
|
| d02e232c43b979758810794de24d3f5cde40fe93 |
14-Nov-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Change *BugReport constructors to take StringRefs.
- Eliminates many calls to std::string.c_str()
- Fixes an invalid read in ReturnStackAddressChecker due to an unsafe call to
StringRef.data() which doesn't guarantee null-termination.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88779 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 73099bfea9f5d4ec05265170bbefec3d76fb6b5e |
14-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Move definition of GRExprEngine::ProcessEndPath() out-of-line.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88729 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 8382cf57b722f130f1a6b45380639871c07271c1 |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add clang-cc option "--analyzer-experimental-internal-checks". This
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88671 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 9400613b54bf56c317786d778f58f45f1080d619 |
13-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Check in a new interface of Checker, which will soon be used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@87092 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| ccd373a1162803a7a11f877cbca5ad7b78e833a6 |
13-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
GRStateManager::CurrentStmt is not used. Remove it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@87091 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| eb94113be0ee5f4d38408b413d92464a0bc16b55 |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add clang-cc option "-analyzer-experimental-checks" to enable experimental path-sensitive checks. The idea is to separate "barely working" or "skunkworks" checks from ones that should always run. Later we need more fine-grain checker control.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@87053 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 1acfe8eeafd794c81b8d4fbb27bf483645849156 |
12-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove obsolete 'struct NullDerefTag'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86957 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 31a241a0bbb281040b02ced04d1ad6c45c586d73 |
12-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance Checker class (and GRExprEngine) to support PostVisitation for CallExprs. No clients (yet).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86949 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
| 7422db3eb6753370ece0443c23f636b233f5ec9b |
12-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRExprEngine::EvalCall(). It had a single callsite in GRExprEngine, and was easily inlined.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86948 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e884ff88baa1bd61db273baf107862a2110058ed |
12-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make StoreManager::getSizeInElements() always return DefinedOrUnknownSVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86932 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 10f51e8785e43d5a22acc2d2a638307c582949c2 |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove some stale ErrorNodes variables in GRExprEngine and the old buffer overflow logic in GRExprEngineInternalChecks.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86877 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 0059f1cfb84bcdd78a385f5e3c016374c953756b |
11-Nov-2009 |
Chandler Carruth <chandlerc@gmail.com> |
After drinking caffeine, add the two files missing from the previous submit.
Sorry about that.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86869 91177308-0d34-0410-b5e6-96231b3b80d8
anagerRegistry.h
|
| d694485f9d6e3ea7b458df8241dfffd38f62aca8 |
11-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add undefined array subscript checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86837 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
|
| 1d9cbeb76cf4c36acf5545028e2b2ac207086442 |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix display of "ANALYZE" statements in AnalysisConsumer by correctly resetting the flag indicating that the current Decl* has not yet been displayed. Also move this out of AnalysisManager, since AnalysisManager should not handle text output to the user.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86812 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| f493f49fae3ab242ae055ae00b24fa5512655e15 |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove public headers for UndefinedArgChecker, AttrNonNullChecker, and BadCallChecker, making their implementations completely private.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86809 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/AttrNonNullChecker.h
athSensitive/Checkers/BadCallChecker.h
athSensitive/Checkers/UndefinedArgChecker.h
|
| b4b817d704287836b52b34369009e682f208aa2b |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor DereferenceChecker to use only the new Checker API instead of
the old builder API. This percolated a bunch of changes up to the
Checker class (where CheckLocation has been renamed VisitLocation) and
GRExprEngine. ProgramPoint now has the notion of a "LocationCheck"
point (with PreLoad and PreStore respectively), and a bunch of the old
ProgramPoints that are no longer used have been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86798 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/Checkers/DereferenceChecker.h
athSensitive/GRExprEngine.h
rogramPoint.h
|
| adca27102ff733c7d42fcbbc2c7e134a7fc026f9 |
10-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refine PointerSubChecker: compare the base region instead of the original
region, so that arithmetic within a memory chunk is allowed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86652 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 479529e679957fbb92b56e116e3c86734429331e |
10-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename: StripCasts describes what it does better.
getBaseRegion will be used in another method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86649 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
| 4f3dc698a1bbeea16155e51dfc7d0f69ff689598 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add checker for CWE-588: Attempt to Access Child of a Non-structure Pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86529 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
| b10a7c235f82c6eb074be097c9ae7ee51fccc9c6 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86523 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 8e2a9d8adbd2169b46c2edff5b267b05df3febb0 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86512 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 28a109f63506d8c96e3fbf1b959b603ccec2f586 |
08-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a checker for CWE-467: Use of sizeof() on a Pointer Type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86464 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 31d8cadc8337b5f90c2e5eddf712d769e99c977b |
07-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Use SaveAndRestore to simplify logic in LiveVariables::runOnAllBlocks(). Patch by Kovarththanan Rajaratnam!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86343 91177308-0d34-0410-b5e6-96231b3b80d8
upport/SaveAndRestore.h
|
| ae1623345aed43dcd2e069970a00618378a37b34 |
07-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove Checker::CheckType() (and instead using CheckerVisitor::PreVisitDeclStmt()), and refactor VLASizeChecker to have only one Checker subclass (not two) and to not use the node builders directly (and instead use the newer CheckerContext).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86329 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/GRState.h
|
| 84b3595729d249d89b8b67a547e0992797e19793 |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Make the VLASizeChecker implementation private, and its creation only known to GRExprEngineInternalChecks.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86292 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/VLASizeChecker.h
|
| 36df58ab9e3eb6823966ee16c5516eea1d88e541 |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Make the implementation of DivZeroChecker private.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86288 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/DivZeroChecker.h
|
| abbbfd960cc0978509e060741ff8cc8db32d6b5c |
06-Nov-2009 |
Chris Lattner <sabre@nondot.org> |
add some const qualifiers, patch by Kovarththanan Rajaratnam!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86260 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
|
| ceeb02db9ad4232ea248a44192180d5bc7fe2653 |
06-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a checker for CWE-466: Return of Pointer Value Outside of Expected Range.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86252 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 1053d246f451c399468248625d1146e3d845e21e |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: refactor checking logic for returning the address of a stack variable or a garbage
value into their own respective subclasses of Checker (and put them in .cpp files where their
implementation details are hidden from GRExprEngine).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86215 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/GRExprEngine.h
|
| 2c791bd122285e1212094147454ef996dee8ebaf |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Minor cleanup: use BuiltinBug (which will soon be renamed) for DeferenceChecker and friends so that they always report the same bug type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86208 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| ae78447ef124fcbc6bef14f73a67586420c0196a |
05-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Tweak wording and classifications of analyzer diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86127 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| eb6aeb51977b6755481213a1f31512538648e24b |
05-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Remove unused SetPreprocessor method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86111 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| b01f06ca72362d527bb65fbf018ac53df575ded1 |
05-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
AnalysisManager: Don't rely on PathDiagnosicClients flushing their diagnostics when they are destroyed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86110 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| b697a4e4118d2d59dc0f38463c8417ddaf58a11f |
05-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Acting on Daniel's nagging, remove PathDiagnosticClientFactory() and
migrate work in the destructors of PathDiagnosticClients from their
destructors to FlushReports(). The destructors now currently call
FlushReports(); this will be fixed in a subsequent patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86108 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 50ecd1536a2b70327e9eb2c2c2a652cde3dae365 |
05-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Modify GRExprEngine::EvalBind() to take both a "store expression" and
an "assign expression", representing the expressions where the value
binding occurs and the assignment takes place respectively. These are
largely syntactic clues for better error reporting.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86084 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/Checkers/UndefinedAssignmentChecker.h
athSensitive/GRExprEngine.h
|
| b107c4b7efb907d75620cd3c17f82fe27dc5b745 |
04-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Catch uses of undefined values when they are used in assignment, thus catching such bugs closer to the source.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86003 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/Checkers/UndefinedAssignmentChecker.h
athSensitive/GRExprEngine.h
|
| bf960cb0ff08fd766723a059e012daa596f5e918 |
04-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add mising #ifdef guards.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86002 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/UndefinedArgChecker.h
|
| 05a2338f7ba1c8a0136e120502f80a38cf0e9fd3 |
04-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Merge ZeroSizedVLAChecker and UndefSizedVLAChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85996 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/UndefSizedVLAChecker.h
athSensitive/Checkers/VLASizeChecker.h
athSensitive/Checkers/ZeroSizedVLAChecker.h
|
| f6f56d4fc8ebce17e7b83eb2c35f57a055c22283 |
04-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor StoreManager::BindDecl() to take a VarRegion* instead of a VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well. This paves the way for adding "checker" visitation in EvalBind().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85983 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 1fb7d0c8323d53d10ae4f61e8bce02029f143ff7 |
04-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Change GRTransferFuncs::RegisterChecks() to take a GRExprEngine& instead of a BugReporter&. This paves the way for pulling some of the retain/release checker into a "Checker" class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85971 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRTransferFuncs.h
|
| dc998c1b90a17d747ca2fb05e967779740747162 |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Merge NullDerefChecker.[h,cpp] and UndefDerefChecker.[h,cpp]. They are essentially two parts of the same check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85911 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/DereferenceChecker.h
athSensitive/Checkers/NullDerefChecker.h
athSensitive/Checkers/UndefDerefChecker.h
|
| 5206f0b913d1a11744c9436c83b24f8daa21152c |
03-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Pull VLA size checker into its own files.
Split it to two checkers, one for undefined size,
the other for zero size, so that we don't need to query the size
when emitting the bug report.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85895 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/Checkers/UndefSizedVLAChecker.h
athSensitive/Checkers/ZeroSizedVLAChecker.h
|
| 54cb7ccc769a5e81a13812e08c21daf52a781262 |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in GC mode
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85887 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 94943b6d913718216a95a91864040ffc11a1d779 |
03-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Pull AttrNonNullChecker into its own files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85883 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/AttrNonNullChecker.h
|
| 8958fff8aad09f317a51b2d4cda3d7b126a530a4 |
03-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Pull UndefinedArgChecker into its own files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85875 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
athSensitive/Checkers/UndefinedArgChecker.h
|
| 4f64e5f03149200aaf553d7742966d78b717a32c |
03-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Pull BadCallChecker into its own files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85868 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/BadCallChecker.h
|
| 0296c22557b3735e2ffeff690eb46fb0e9152bcc |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRExprEngine::CheckerVisitLocation(). It was only called in one place, so we inlined it in to GRExprEngine::EvalLocation().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85838 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| cf9c789d449e088814c9e254d48112c96c8c6c6a |
02-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Hopefully make gcc-4.0 happy with respect to the following warning:
warning: 'class clang::StackFrameContext' has virtual functions but non-virtual destructor
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85833 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| 3abf3ad0861fb6eb8368f59dcb4cd454939b1bd2 |
02-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add "virtual" keywords for clarity.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85815 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| 7e36e95e213285bea70854541150868b6b74842b |
31-Oct-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Update CMake file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85652 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| 9e56d2360b2cfb66864755396c5a64b5019871b8 |
31-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move CheckDivZero into its own files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85651 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/DivZeroChecker.h
|
| 246a9ade3e1fd24249c03f1757ed740e35fef0cd |
31-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move UndefDerefChecker into its own file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85645 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/UndefDerefChecker.h
|
| 507eec8d849fd86ac42ebdae2a343f9ab64fb274 |
31-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add header comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85644 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugType.h
|
| 094bef56a7900f13bb777f9a352704104b1458e7 |
30-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Make checkers run in deterministic order.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85597 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| d86caaa6c3d1f8ec4307f883d6b1a7722aecdc81 |
30-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Move NullDerefChecker.h instead a 'Checkers' subdirectory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85596 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checkers/NullDerefChecker.h
athSensitive/NullDerefChecker.h
|
| bc3a021df7f9ee4c4d1e9ec3c2aac2ef6d883206 |
30-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Move all logic for the null dereference checker from GRExprEngineInternalChecks.cpp to a separate .cpp file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85595 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/NullDerefChecker.h
|
| 662174ca204cb520f634bdcb34a3708f45389d14 |
30-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix PR5316: make assignment expressions can be visited as lvalue. Then we
can get the correct base lvalue.
Revert r85578.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85579 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| ec9227fea66c3439991fc84b0d33b0a8b4b8875e |
29-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move NullDeref and UndefDeref into their own checker.
Add a CheckLocation() interface to Checker.
Now ImplicitNullDeref nodes are cached in NullDerefChecker.
More cleanups follow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85471 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/BugType.h
athSensitive/Checker.h
athSensitive/GRExprEngine.h
athSensitive/NullDerefChecker.h
|
| f20288c91601dd3fbab6362a3400a0e6c472795f |
28-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
make CallGraph more flexible by letting it accept ASTContext instead of ASTUnit.
Patch by Simone Pellegrini.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85386 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 9f8eb2032030482b1d3de86e9bee725d93564302 |
26-Oct-2009 |
Chandler Carruth <chandlerc@gmail.com> |
Update location of DataTypes.h to reflect move in LLVM with r85086.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85087 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/SymbolManager.h
rogramPoint.h
|
| 58e4677a948e80c92deeebbcd3bdd9266adda798 |
23-Oct-2009 |
John McCall <rjmccall@apple.com> |
Remove OriginalTypeParmDecl; the original type is the one specified
in the DeclaratorInfo, if one is present.
Preserve source information through template instantiation. This is made
more complicated by the possibility that ParmVarDecls don't have DIs, which
is possibly worth fixing in the future.
Also preserve source information for function parameters in ObjC method
declarations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84971 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 58f5ec7d56b1ebf5f90ee11226ebe7663f2821ea |
20-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add destructor and cleanup code to LocationContext (fixing some leaks). Along the way, have
AnalysisManager periodically cleanup its AnalysisContextManager and LocationContextManager objects,
as they don't need to forever retain all the CFGs ever created when analyzing a file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84684 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
|
| 375e69cb19e9ba65ab5f822ad5d44cffae15edb1 |
20-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
BumpVectorContext: Use 'unsigned' integer type with PointerIntUnion instead of bool to keep it clear that we are reasoning about an unsigned integer with a single bit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84607 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| 473e16745a6f3370ba3ab6fe70bff43b1c8b2ab9 |
16-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84223 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 09270cc1b9cdd4c50012cb7984df8745e05833e5 |
14-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Now StoreManager::CastRegion() takes a MemRegion, returns a MemRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84081 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| d0f8bb1f6b51b93bf07b27b4a8f9d1823063cba8 |
14-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
* Remove unused GRState* parameter
* Make all Base value the last argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84071 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| d6116cc4730245f09d458167aa94f2ea6e2b2b53 |
13-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Return the original state by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83949 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 798d2ca60d1cd6de70d28a5ce60337a2b03a663f |
13-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add two utility methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83935 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/GRCoreEngine.h
|
| 4e3c1f7c2a2053cf770f744846a87087415eb340 |
13-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add an initial implementation of EnterStackFrame() to the StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83934 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/Store.h
|
| ee82d9bdc5025b82de8ce2a4ad4685e0a8b79da9 |
12-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Use a BumpPtrAllocator to allocate all aspects of CFG, including CFGBlocks, successor and predecessor vectors, etc.
Speedup: when doing 'clang-cc -analyze -dump-cfg' (without actual printing, just
CFG building) on the amalgamated SQLite source (all of SQLite in one source
file), runtime reduced by 9%.
This fixes: <rdar://problem/7250745>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83899 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
lowSensitive/DataflowSolver.h
|
| 87342dc37237c6efb9e311bacb12547de3ccbc0f |
12-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Allow BumpVectorContext to conditionally own the underlying BumpPtrAllocator.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83884 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| 82887688bdd931c37488c9a8d089fd811485947f |
09-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove unused code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83612 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| f0e75d6baf0dc6ba0a7d66726d9e3ba455db8639 |
07-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add 'template' keyword to disambiguate the use of a member template within a templated class. Hopefully this will please the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83452 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BumpVector.h
|
| 5fe4d9deb543a19f557e3d85c5f33867af97cd96 |
07-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Change ExplodedNode to have its NodeGroups all BumpPtrAllocated, avoiding malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT).
This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83439 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
upport/BumpVector.h
|
| cd8f6ac9b613e1fe962ebf9c87d822ce765275e6 |
06-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7275774> Static analyzer warns about NULL pointer when
adding assert
This fix required a few changes:
SimpleSValuator:
- Eagerly replace a symbolic value with its constant value in EvalBinOpNN
when it is constrained to a constant. This allows us to better constant fold
values along a path.
- Handle trivial case of '<', '>' comparison of pointers when the two pointers
are exactly the same.
RegionStoreManager:
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83358 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/SValuator.h
|
| bf1cc05907ceb2081e8158b26f3d3f48b31caad3 |
30-Sep-2009 |
John McCall <rjmccall@apple.com> |
Desugaring optimizations. Add single-step desugaring methods to all
concrete types. Use unqualified desugaring for getAs<> and sundry.
Fix a few users to either not desugar or use qualified desugar, as seemed
appropriate. Removed Type's qualified desugar method, as it was easy
to accidentally use instead of QualType's.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83116 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 8780679b02bea5ab6360f3f8ebf3b221aaeda93f |
27-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix:
<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure
The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions. This required a
rewrite of this method using a worklist.
As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument. This tag is used to
differentiate two different symbols created at the same location.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82920 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 80417471b01ab2726cd04773b2ab700ce564073c |
25-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/7249327> by allowing silent conversions between signed and unsigned integer values for symbolic values. This is an intermediate solution (i.e. hack) until we support extension/truncation of symbolic integers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82737 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| 6c2497248bc4f7fd8e5fb0a206d20abbf0e16645 |
24-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
When building CFGs, no longer reverse the statements in the CFGBlock. Instead
have the iterators and operator[] handle the traversal of statements, as they
are stored in reverse order. Tests show this has no real performance impact, but
it does simply the CFG construction logic and will make it slightly easier to
change the allocation strategy for CFGBlocks (as we have fewer copies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82702 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| db8338a35fa729c08bc2dfd87cdc43533506f548 |
19-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Reintroduce FoldingSet profiling for PathDiagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82299 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 7f473c546602de69b35f0c657619c2ffe8e4136a |
18-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Revert most of r82198, which was causing a large number of crashes
when running the analyzer on real projects. We'll keep the change to
AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code
correctly in both GC and non-GC modes, although this may emit two
diagnostics for each bug in some cases (a better solution will come
later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82201 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 6a19832d08f00ac78c0a69c4fbe38b04a55b75cc |
18-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce caching of diagnostics in BugReporter. This provides extra
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82198 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 76823024e0b68068915f7631acc88f44e1315133 |
16-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove ImplicitBadDivides/ExplicitBadDivides node sets. This checking is now down by a 'Checker' and not build into GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82017 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 06c9cb4d1a29e708f51bce9f7ee5acbe1c3761c3 |
15-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/5905851> do not report a leak when post-dominated by a call
to a noreturn or panic function
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81803 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 5b9bd2137ebef350af803c634e3fdf5d74678100 |
12-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce "DefinedOrUnknownSVal" into the SVal class hierarchy, providing a way
to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.
Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81579 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/SVals.h
athSensitive/SValuator.h
athSensitive/ValueManager.h
|
| 66847a2826c97b8e09aec304a0a7b4fe1dc35969 |
11-Sep-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Start to add a new transfer function that inlines callee. To be continued.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81501 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRTransferFuncs.h
|
| b317f8f5ca8737a5bbad97a3f7566a2dbd2ed61b |
10-Sep-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make AnalysisManager stateless. Now other analyzer components only depends on
local node information.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81433 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
|
| 1eb4433ac451dc16f4133a88af2d002ac26c58ef |
09-Sep-2009 |
Mike Stump <mrs@apple.com> |
Remove tabs, and whitespace cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalyses/UninitializedValues.h
nalysisDiagnostic.h
FG.h
lowSensitive/DataflowSolver.h
lowSensitive/DataflowValues.h
ocalCheckers.h
athDiagnostic.h
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
athSensitive/BasicValueFactory.h
athSensitive/BugReporter.h
athSensitive/Checker.h
athSensitive/CheckerVisitor.h
athSensitive/ConstraintManager.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/GRAuditor.h
athSensitive/GRBlockCounter.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRExprEngineBuilders.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRState.h
athSensitive/GRStateTrait.h
athSensitive/GRSubEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/GRWorkList.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/SValuator.h
athSensitive/Store.h
athSensitive/SymbolManager.h
athSensitive/ValueManager.h
rogramPoint.h
upport/BlkExprDeclBitVector.h
upport/Optional.h
upport/SaveAndRestore.h
isitors/CFGRecStmtDeclVisitor.h
isitors/CFGRecStmtVisitor.h
isitors/CFGStmtVisitor.h
isitors/CFGVarDeclVisitor.h
|
| 248072a8b9cd956c4ac63172fc2af09790f7c6a9 |
05-Sep-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor builtin function evaluation code into its own function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81061 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e1ccccff777f6bad6b25e9c6a762f98fd8003181 |
03-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix 80 column violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80873 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 6403b57eda05a22273d920ad0bd2991d11eaa7b8 |
02-Sep-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor the check for bad divide into a checker.
Also fix a checker context bug: the Dst set is not always empty initially.
Because in GRExprEngine::CheckerVisit(), *CurrSet is used repeatedly.
So we removed the Dst.empty() condition in ~CheckerContext() when deciding
whether to do autotransision.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80786 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
| a97d54c165ca6b6e57b9f333059a84c2188dd591 |
02-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Replace uses of ImmutableSet in SymbolReaper with DenseSet. This was
motivated from Shark profiles that shows that 'markLive' was very
heavy when using --analyzer-store=region. On my benchmark file, this
reduces the analysis time for --analyzer-store=region from 19.5s to
13.5s and for --analyzer-store=basic from 5.3s to 3.5s. For the
benchmark file, this is a reduction of about 30% analysis time for
both analysis modes (a huge win).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80765 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| abd46e13cfd48f2c9bf26d9759edb4366aaa6d5b |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Use SymbolicRegion instead of CodeTextRegion for symbolic function
pointers. Most logic cares first about whether or not a region is
symbolic, and second if represents code. This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80335 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 8e0293406f9d62a293be6be3b1fb89d359f5ea40 |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename 'bindExpr' to 'BindExpr'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80294 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 6d2c657b528d9ac1bacd382281f0bc49975aa89a |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Move the AnalysisContext* from GRState to Environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80293 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
|
| 1d8bdd34101651e5ffca93486f9f4034eb0a564f |
27-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove unused utility methods of GRStmtNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80237 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 99330ca3e3e5311b8106b631ea25dbc2b924a944 |
27-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove unused utility methods of GRStmtNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80236 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| c99949653fa00bab038af008ceeec15d3d8f62cc |
27-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove a unused member variable. Instead query the option from AnalysisManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80226 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 0fb0bc4067d6c9d7c0e655300ef309b05d3adfc9 |
27-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Simplify 'Environment' to contain only one map from 'const Stmt*' to SVals, greatly simplifying the logic of the analyzer in many places. We now only distinguish between block-level expressions and subexpressions in Environment::RemoveDeadBindings and GRState pretty-printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80194 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
|
| 1894dce96476dbe58c0e60d47f8987cbeb3d3869 |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash reported in <rdar://problem/7124210> by "back-porting" some of the
implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80026 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| ff4264dae31cf42807b64ecc114906b0b835690a |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Move logic of GRExprEngine::EvalBinOp to SValuator::EvalBinOp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80018 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/SValuator.h
|
| 5032ffe4259e7d436f2eb19e5a29fdae559e7c12 |
25-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove CodeDecl and CFG from GRExprEngine and GRStateManager.
Now AnalysisManager is the only place we can get CodeDecl.
This leads to an API change: GRState::bindExpr() now takes the CFG argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79980 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| cc0255383f96a557c36923f602819bdb0cdd2761 |
25-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove Decl and CFG from ExplodedGraph. This leads to a series small changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79973 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| 08780078183ae4b2534c69a3e0ded596cdb695ba |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
ConstraintManager::AssumeDual now accepts a 'DefinedSVal' instead of 'SVal' for
the condition. This eliminates a source of bugs where the client doesn't
correctly reason about undefined or unknown values. This fixes PR 4759.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79952 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/SVals.h
|
| c3a94151d12e3821f760e1e342f719ddeebeea19 |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce 'DefinedSVal', an intermediate parent class between Loc/NonLoc and
SVal. This allows us to use the C++ type system to distinguish between SVals
that are potentially unknown/undefined and those that are not.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79951 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 2376002038c8b904acd20be754aedd1a7471be71 |
22-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove 'AnalysisContext::setDecl()', as we the Decl associated with an
AnalysisContext should never change. Along the way, propagate some constness
around.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79701 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| 54c809b19444a01444f36e93d1d28c9a5668484c |
22-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Constify LocationContext* (parent) and Stmt* fields in LocationContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79700 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| 82cd37cf1cccde162d1f13eda6cdfe1398216f36 |
22-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove 'SelfRegion' field from both BasicStoreManager and RegionStoreManager.
SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.
For RegionStoreManager, the value for SelfRegion is just lazily created.
For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.
As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79694 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/GRState.h
athSensitive/Store.h
|
| d17da2b99f323fa91b01e1dd119cc32e0ee8197d |
22-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Add LocationContext* field to VarRegion. This is needed for interprocedural analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79680 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 5ab128b02d3b10413fb30738ec9f401dcfb47252 |
21-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Tie the local check NSErrorCheck to a Decl to pave the way
to untie the ExplodedGraph from a specific Decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79588 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| fafd3834754d2093e0ad7a1c005860fd527ecb7f |
20-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename: ProgramPoint::getContext() => ProgramPoint::getLocationContext().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79502 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
rogramPoint.h
|
| f7a50a4ee255b3a624ae64125537a7bdbd1da0ef |
19-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Get the Decl from the current ExplodedNode. Eventually the diagnostic client
and other core analysis logic will be untied to a particular Decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79420 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| 292a5c04694ebf0cfcf41f5afe7e3db27019260e |
18-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove unused parameter BugReporter due to previous patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79328 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 50d5bc4e3b53eb8bb4ebf198f1213348a3fa0f38 |
18-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Now we can get the CFG from the ProgramPoint. No need to pass in the
BugReporter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79327 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/BugReporter.h
|
| 592362b46ad69db0db0988e7f9d8cbe647510bdd |
18-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance static analyzer diagnostics by introducing a new 'EnhancedBugReporter'
which allows custom checks to register callback creator functions for creating
BugReporterVisitor objects. This allows various checks to include diagnostics
such as 'assuming value is null' with little extra work. Eventually this API
should be refactored to be cleaner and more simple.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79302 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/Checker.h
|
| 94f1d16bb0f46c22bc51f4d7a483b77c0766201d |
17-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove unused variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79229 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 17fd8632dcda97022a51effc24060eacdad9dbe0 |
17-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
To make the analysis independent on the locally stored liveness and cfg
of GRStateManager and GRExprEngine, pass the initial location context
to the getInitialState() method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79228 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRSubEngine.h
athSensitive/Store.h
|
| 25e695b2d574d919cc1bbddf3a2efe073d449b1c |
15-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Extend the ProgramPoint to include the context information LocationContext,
which is either a stack frame context of the function or a local scope
context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79072 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
athSensitive/AnalysisManager.h
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
rogramPoint.h
|
| e96de2dfde487211fb52f9139cdcae64d051a406 |
12-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
More cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78782 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 2ddde27ac627a1daf85edcf16e13eedc3b688984 |
12-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove redundant forward declarations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78781 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| d4e5a606c9c64e24c05e5f4610796087e911fb9c |
06-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a couple false positive "uninitialized value" warnings with RegionStore
involving reasoning about unions (which we don't handle yet).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78342 91177308-0d34-0410-b5e6-96231b3b80d8
upport/Optional.h
|
| b1e92b3d3a095cd2ca820148a86f7239f82fe6c6 |
06-Aug-2009 |
Benjamin Kramer <benny.kra@googlemail.com> |
Silence gcc warning about non-virtual destructors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78306 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRSubEngine.h
|
| d91bb0c0c47e2219e94238468f0df0e354bdff29 |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
I forgot adding this header for r78298.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78302 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRSubEngine.h
|
| 031ccc0555a82afc2e8afe29e19dd57ff204e2de |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Last step of template cleanup: merge *BuilderImpl to *Builder.
Some Builders need further cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78301 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/ExplodedGraph.h
athSensitive/GRAuditor.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRExprEngineBuilders.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRTransferFuncs.h
|
| 0111f575b968e423dccae439e501225b8314b257 |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Core analysis engine template cleanup step 2:
merge GRCoreEngineImpl and GRCoreEngine.
Introduce a new interface class GRSubEngine as the subengine of GRCoreEngine.
GRExprEngine subclasses GRSubEngine now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78298 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| bb8e6488bda12b41b32fc22397a44510cacdac50 |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix comment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78296 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| 38b02b912e1a55c912f603c4369431264d36a381 |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Core analysis engine template cleanup step 2:
merge ExplodedGraphImpl and ExplodedGraph.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78291 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRState.h
|
| 451ac091cd1868433985396a25cbbf2092ae8ca9 |
06-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor RegionStoreManager::RemoveDeadBindings to also scan the bindings of LazyCompoundSVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78284 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| c5619d901a68dc27a9e310a6a831f03efebcd950 |
06-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
As GRState seems general enough, it is time to merge some template classes
and their impl base classes. This can greatly simply some code of the core
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78270 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/Checker.h
athSensitive/ExplodedGraph.h
athSensitive/GRAuditor.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/GRWorkList.h
|
| a5e81f1240bcc5b9b0721fc6275075ad7cadaf5e |
06-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement lazy "copying" of structures and arrays in RegionStore. While
RegionStore already lazily abstracted the contents of arrays and structs, when
doing an assignment from one array/struct to another we did an explicit
element-wise copy, which resulted in a loss of laziness and huge performance
problem when analyzing many code bases.
Now RegionStoreManager handles such assignments using a new SVal could
'LazyCompoundSVal', which basically means the value of a given struct or array
(a MemRegion*) in a specific state (GRState). When we do a load from a field
whose encompassing struct binds to a LazyCompoundSVal, we essentially do a field
lookup in the original structure. This means we have essentially zero copying of
data for structs/arrays and everything stays lazy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78268 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/ValueManager.h
|
| a52ad4e1f423bed2e9e0dcb12661268091d20a54 |
05-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
If the UnaryOperator has non-location type, use its type to create the
constant value. If the UnaryOperator has location type, create the
constant with int type and pointer width.
This fixes the bug that all pointer increments 'p++' evaluated to Unknown.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78147 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/ValueManager.h
|
| 98f6f2573e400a4245cfb2d6976ffb8a875d25c7 |
03-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Regression fix: reset 'DisplayedFunction' when a new function/method decl gets analyzed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77996 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| 18c7c06033cafe8c0cdcbe5759c802728688b49f |
03-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add a bunch of routine methods to AnalysisContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77961 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
athSensitive/AnalysisManager.h
|
| d07a0d0279c09d1017f8450fce575a94dc9703c0 |
03-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
now we can let AnalysisManager to own the PathDiagnosticClient.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77945 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| c471e7b44e63ff1b46b480e723c4130aeaef5a8a |
03-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Create only one AnalysisManager for each translation unit. In HandleCode(),
reset the current analysis context of the AnalysisManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77943 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| 2e3124486f343d770a2a5c2b7e78268bfc328a58 |
03-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add LocationContext classes to enable creation of cross function
ProgramPoints. ProgramPoints will refer to them in the furture.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77941 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| df74e25bf0d82339a28e8a4c5e9413584771363b |
02-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove RegionViews and RegionCasts. These are no longer used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77876 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 093569cfab473e7b461523136a4df30a0473324d |
02-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager::RemoveDeadBindings() now removes dead 'default' bindings as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77875 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 2f26bc39f3b7bc93b9fdfbb79751b25704e5fdc6 |
02-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Generalize the interface of 'StoreManager::RemoveDeadBindings()' to manipulate the entire GRState, not just the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77870 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 19e1f0ba5cec738ce6cebe3fe0e1edc782206494 |
01-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
This is a fairly large patch, which resulted from a cascade of changes
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
athSensitive/ValueManager.h
|
| 82ec2e99084996eecbdf3a304f3cbba8c16c2f6b |
31-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix use-after-release bug introduced in r77585 where the PathDiagnosticClient
created by AnalysisConsumer would be released by an instance of AnalysisManager
and then reused by later instances of AnalysisManager. Ownership of the
PathDiagnosticClient now belongs (for now) in AnalysisConsumer.
We also need this layering (for now) because the HTMLDiagnostiClient requires
that the entire translation unit be processed before emitting diagnostics. This
is done in its destructor (which should also be fixed, but that is another
issue).
This fixes PR 4653.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77648 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| fda7832b000ff8927386f093b52c067641679469 |
30-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make AnalysisManager into its own source file and a pure data management class.
Move all components creation code into AnalysisConsumer::DigestAnalyzerOptions().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77585 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
| 97ab3941effe1f508c7113d9aa0c2887774f6fa8 |
30-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This patch collects all analysis context data into a new class
AnalysisContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77563 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisContext.h
|
| f7a0cf426eddae76e1a71dd2295631a2cf0560af |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove 'StoreManager::OldCastRegion()', TypedViewRegion (which only
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 1004a9f2b9eaf885e55ad8656194ef2a341db0f5 |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Make StoreManager::InvalidateRegion() virtual, move the current implementation
in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.
These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77483 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 0e3ec3ff2477e60f0ceda922cc2e3a25a59d81f2 |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add 'MemRegion::getBaseRegion()', a utility method to strip ElementRegions with
index 0. This will be used for refinements to InvalidateRegion and CastRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77481 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
| 5a5c60d273130990a7da770d7f5dc809920d3b65 |
29-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
delete an undefined method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77446 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| c4e4acb774ee4437227154215e1f602393eb1389 |
28-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add missing break statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77356 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerVisitor.h
|
| bb977228e642e0d12365862a3838dd5005ef783b |
28-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in attribute 'nonnull' checking when a transition node
was created but not added to the destination NodeSet. This fixes PR 4630.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77353 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| bc0a2226c7fcd18b29b6846049e2cfcb872d3593 |
27-Jul-2009 |
Owen Anderson <resistor@mac.com> |
Update for LLVM API change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77249 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.h
|
| e3e643f12cc65a70e440bcdbb37b81d5fd022143 |
24-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add getDecl() to CallGraph and CallGraphNode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76940 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 3111218bc7ec7ff8b0ab8fdd15a6949904ef698e |
24-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Mark destructor of Checker virtual.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76924 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
|
| 56a5d8087735438fcedea4ce3e22eb07d1d27e75 |
23-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add two nodes to the call graph:
- Root is the main function or 0.
- ExternalCallingNode has edges to all external functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76876 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 16a705f26d069a0c9e391bf064bcd1bc3496ca83 |
23-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add template specializations to view the call graph in dot format.
- change the DenseMap used in callgraph to std::map, since DenseMap cannot
be used with mapped_iterator and friends.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76874 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 25c155abc154a23ff59e8def196441a2fbf20270 |
23-Jul-2009 |
Daniel Dunbar <daniel@zuster.org> |
Add newline at EOF.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76870 91177308-0d34-0410-b5e6-96231b3b80d8
upport/SaveAndRestore.h
|
| 36292550118ebdd5e0fe8e46df74f7202046d316 |
23-Jul-2009 |
Daniel Dunbar <daniel@zuster.org> |
Revert r76831, there are many Analyzer test failures on multiple platforms.
--- Reverse-merging r76831 into '.':
U include/clang/Analysis/PathSensitive/GRExprEngine.h
U lib/Analysis/GRExprEngine.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76851 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| dbfb5f853547c4cc2b4b39e90f01537dd317457a |
23-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add initial implementation of checking for uses of floating point as a loop counter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76833 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 7a2d953224e51b2b7d7cbf9194a1dbc1ca0be4a0 |
23-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add 'previsit' Checker pass for ObjCMessageExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76831 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 5f85e17df3f5b0a8021443f2b590daecfb2cbd17 |
23-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor 'PostStmt' and 'PreStmt' to subclass a common parent 'StmtPoint'.
Educate GRExprEngine::VisitGraph() about 'PreStmt'.
Mark the constructor of 'PostStmt' to be explicit, preventing implicit
conversions and the selection of the wrong 'generateNode' method in
GRStmtNodeBuilder.
Constify a bunch of arguments, which falls out of the changes to ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76809 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRCoreEngine.h
athSensitive/GRState.h
rogramPoint.h
|
| 6621bcf2a8ee0ff6d4b7c3df64407279d52ed23e |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Use SaveAndRestore in 'clang/Analysis/Support/SaveAndRestore.h'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76800 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngineBuilders.h
|
| 67afec15ddbea77d9560165282542cbe1b413d01 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add AssumeDual method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76798 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
| bd0487825751230a4396952b770349d2beac60b3 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Make 'SaveAndRestore' and friends reusable classes in libAnalysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76795 91177308-0d34-0410-b5e6-96231b3b80d8
upport/SaveAndRestore.h
|
| 5a5d98bc6962dc2d1aaa5e0e522f1bf84273b9c1 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add support for registering 'Checker' objects with GRExprEngine.
Add a 'previsit' stage (that dispatches to registered Checkers) when evaluating the effects of CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76794 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 29e543cc4cacfec24ccb888b1d82b92a98ffe99b |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add new 'Checker' and 'CheckerVisitor' classes, which represent a more powerful
interface to plug in domain-specific checker logic than the current
GRSimpleAPICheck interface. The new 'Checker' interface can actually generate
new nodes, allowing it to modify the state and refine the analysis (which
GRSimpleAPIChecks could not).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76793 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
| e01ac5712a94279db2404134817fe6bbf16c1f7c |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add support for 'PreStmt' program points to GRCoreEngine and GRStmtNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76792 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| cdd4f1783da7c7565be2376d14ca6ab2625aa4b6 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add 'PreStmt' program point. This will be used to represent checking for
preconditions (in GRExprEngine) before the statement itself is evaluated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76791 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| cc2c6eb04d882466c7cfbb544c251d7e0ba0f356 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement operator= for ExplodedNodeSet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76790 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 5350066e7b19d17a5b137caa6c039ab9626dbfa5 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Move bug reporter "visitors" to their own file and make them part of the public
BugReporter API. No real functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76760 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 0c8c5365be0176e8399e97d7da3293c79bc9da24 |
22-Jul-2009 |
Mike Stump <mrs@apple.com> |
Add some documentation, to make it so the next person doens't select
the wrong function. :-)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76752 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| d6b9e37311013bdf24fd709f7e9962e3b141e6fb |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Restructure ProgramPoint to have the 'Kind' value be its own instance
variable. This gives us much more flexibility with defining more
ProgramPoints, which is the direction we are heading. The removal of
various bit-mangling of pointers also cleans up the logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76721 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| e38158de9236dfcded7da56126134e5e3e49cb01 |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Update stale comment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76644 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 32c3fa4195762ba93f0b7114ab36c0941bc34432 |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4594 by refactoring almost all casting logic from GRExprEngine::VisitCast
to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76641 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/SValuator.h
athSensitive/Store.h
athSensitive/ValueManager.h
|
| 4c7c5a1d01d5e35aa6fb7724336c9506a88b6b62 |
21-Jul-2009 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Remove the ASTContext parameter from Entity::getPrintableName().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76546 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| f7cf15ca3c9bee7c0348f549e7a8f0af32b5fa54 |
21-Jul-2009 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Change the semantics for Entity.
Entity can now refer to declarations that are not visible outside the translation unit.
It is a wrapper of a pointer union, it's either a Decl* for declarations that don't
"cross" translation units, or an EntityImpl* which is associated with the specific "visible" Decl.
Included is a test case for handling fields across translation units.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76515 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| e5af3ce53ec58995b09381ba645ab2117a46647b |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Add yet more analysis for CFGs involving conditionals that are actually constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76500 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 02f43e71121d1c9cc4baed7b21770b66fe1f4305 |
20-Jul-2009 |
Mike Stump <mrs@apple.com> |
Remove an apparently unused forward class decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76476 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
|
| 0b5a07d3a08e84f5c73aedacdda176c5cdb77c4e |
20-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Update DataflowSolver to handle the case where a successor/predecessor block
could be NULL. This allows the solver to handle optimized CFGs where branches
can be determined during CFG-construction to be infeasible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76452 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| 520035439d7133064325c4df6378c5a8f2f05539 |
20-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance GRBranchNodeBuilderImpl (part of GRCoreEngine) to understand the case
where the true or false CFGBlock* for a branch could be NULL. This will handle
the case where we can determine during CFG construction that a branch is
infeasible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76450 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| bcfe03a0beb61082fa2f40887216d8dbca19a024 |
19-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Improve debug pretty-printing for ObjCIVarRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76380 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 35366a67baa970c287c714c957cf78a4131cf60d |
17-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Per offline discussion with Steve Naroff, add back Type::getAsXXXType() methods
until Doug Gregor's Type smart pointer code lands (or more discussion occurs).
These methods just call the new Type::getAs<XXX> methods, so we still have
reduced implementation redundancy. Having explicit getAsXXXType() methods makes
it easier to set breakpoints in the debugger.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76193 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 56aac3f6c2d23c68f527c8225c74d833e534a262 |
17-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename Entity::getName() to Entity::getPrintableName() to make its purpose
more obvious.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76167 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 24ff030f400b261c142bab748bf2d26e5aaa948c |
17-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
CallGraph:
- add IfStmt visitor.
- print information only when a function has callee. Otherwise its ASTContext
map is NULL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76156 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| 1a1a6e2bd4c5aefd7fd643cf25915f9623a02e59 |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add member template 'Type::getAs<T>', which converts a Type* to a respective T*.
This method is intended to eventually replace the individual
Type::getAsXXXType<> methods.
The motivation behind this change is twofold:
1) Reduce redundant implementations of Type::getAsXXXType() methods. Most of
them are basically copy-and-paste.
2) By centralizing the implementation of the getAs<Type> logic we can more
smoothly move over to Doug Gregor's proposed canonical type smart pointer
scheme.
Along with this patch:
a) Removed 'Type::getAsPointerType()'; now clients use getAs<PointerType>.
b) Removed 'Type::getAsBlockPointerTypE()'; now clients use getAs<BlockPointerType>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76098 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| e41611aa2237d06a0ef61db4528fb2883a8defcd |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Move the source-level CFG from libAST to libAnalysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76092 91177308-0d34-0410-b5e6-96231b3b80d8
FG.h
lowSensitive/DataflowSolver.h
lowSensitive/DataflowValues.h
rogramPoint.h
upport/BlkExprDeclBitVector.h
isitors/CFGStmtVisitor.h
isitors/CFGVarDeclVisitor.h
|
| 465373946b5ae84f7c3d890cc25cb23fd88dd650 |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Move RegionStoreManager over to using new
ValueManager::makeArrayIndex()/convertArrayIndex() methods. This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75884 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValuator.h
|
| 06669c8e5c24251f6b140298148fbe53ab70a936 |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Two changes:
(1) Moved the SValuator object from GRExprEngine to ValueManager. This
allows ValueManager to use the SValuator when creating SVals.
(2) Added ValueManager::makeArrayIndex() and
ValueManager::convertToArrayIndex(), two SVal creation methods
that will help RegionStoreManager always have a consistent set of
SVals with the same integer size and type when reasoning about
array indices.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75882 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/ValueManager.h
|
| 6bd8fb50acadeeafd923e98cd6a94efeb75693dc |
16-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Commit the initial implementation of call graph building.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75873 91177308-0d34-0410-b5e6-96231b3b80d8
allGraph.h
|
| a6275a534da701f37d19a068e6361e5f10f983a1 |
15-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
More test cases revealed that the logic in StoreManager::InvalidateRegion() needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| fb91c70e24e20f8704edf9bc5049ffbe7e234a38 |
15-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduced the notion of a "derived symbol" using the class SymbolDerived.
SymbolDerived allows us to model symbolic values that are related to other
symbols via a region hierarchy. For example, SymbolDerived can be used to model
individual values of a symbolic array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75728 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
athSensitive/ValueManager.h
|
| 58f9f2c884af6b72d036b746a016d8031d31cb7a |
14-Jul-2009 |
Steve Naroff <snaroff@apple.com> |
Introduce Type::isAnyPointerType() and convert all clients (suggested by Chris).
I don't love the name, however it simplifies the code and is a worthwhile change. If/when we come up with a better name, we can do a search/replace.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75650 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 8203725f37fbb45ded343e4378247fee3389c0da |
14-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Instead of recovering from a wrong invalidation, this patch aims to
invalidate the region correctly. It uses the cast-to type to invalidate
the region when available. To avoid invalid cast-to type like 'void*' or 'id',
region store now only records non-generic casts of regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75580 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 6f9b3a4d7143362d3c2ac1f843d76971799f5b97 |
14-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Tidy pretty-printing for SVals, using 'dump()' instead of 'printStdErr()', and implementing operator<< support for llvm::raw_ostream.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75560 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 8800ad4eaa1621f6d23c8264971063b9f8da6a2e |
14-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Change pretty-printing API for SymExprs and MemRegions to use a naming convention and style similar to other elements in Clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75548 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SymbolManager.h
|
| 14108da7f7fc059772711e4ffee1322a27b152a7 |
11-Jul-2009 |
Steve Naroff <snaroff@apple.com> |
This patch includes a conceptually simple, but very intrusive/pervasive change.
The idea is to segregate Objective-C "object" pointers from general C pointers (utilizing the recently added ObjCObjectPointerType). The fun starts in Sema::GetTypeForDeclarator(), where "SomeInterface *" is now represented by a single AST node (rather than a PointerType whose Pointee is an ObjCInterfaceType). Since a significant amount of code assumed ObjC object pointers where based on C pointers/structs, this patch is very tedious. It should also explain why it is hard to accomplish this in smaller, self-contained patches.
This patch does most of the "heavy lifting" related to moving from PointerType->ObjCObjectPointerType. It doesn't include all potential "cleanups". The good news is additional cleanups can be done later (some are noted in the code). This patch is so large that I didn't want to include any changes that are purely aesthetic.
By making the ObjC types truly built-in, they are much easier to work with (and require fewer "hacks"). For example, there is no need for ASTContext::isObjCIdStructType() or ASTContext::isObjCClassStructType()! We believe this change (and the follow-up cleanups) will pay dividends over time.
Given the amount of code change, I do expect some fallout from this change (though it does pass all of the clang tests). If you notice any problems, please let us know asap! Thanks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75314 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| eeea45611d45238c34474c183cee96d47ae79e24 |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename potentially ambiguous member template 'getRegion' to 'getSubRegion' to hopefully resolve template lookup ambiguities on some compilers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75253 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c037eac3bda3c636c961aab6377beea3242e81e4 |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Switch BasicStoreManager to use the new CastRegion implementation by default,
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75209 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 599788806ada4be1d635304104165500d6f9668d |
09-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7034511> ValueManager::makeIntVal(uint64_t X, QualType T) should return a 'Loc' when 'T' is a pointer
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75062 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 0307cd59e0a48adeb9b69e3270dfe3625e7e2954 |
07-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Unbreak build by including header.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74870 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| e1cea75e70d76f55157749a7bcad319050492945 |
06-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74865 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 48ce7deb86ffb1e028ac9a8e7cddffc32843c26c |
06-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Move the new 'CastRegion' implementation from RegionStoreManager to StoreManager
(its superclass). This will allow us to experiment with using the new CastRegion
with BasicStoreManager, and gradually phase out the old implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74851 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 313b6dab9efcce465b68da0fed7bf422b6e5c375 |
06-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Further cleanup of region invalidation code. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74816 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 9852b5bf94d4934de63da6356c651c61e81f58d9 |
06-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
AllocaRegion and SymbolicRegion are both boundable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74815 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 43e2aafea1cdeca3a3fc849b41a92cc18e001ac0 |
06-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Start to gradually move region invalidation code into store manager.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74812 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 9a08fee80a34938b8c11c7166e009a89ced4c2b4 |
04-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
CompoundLiteralRegion is boundable when it is not in the file scope.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74788 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 0a51f1c6cec6032bcf64ce205bc4edfdc3cb3a2f |
04-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
StringRegion is not boundable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74786 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 8834af3f8e85c0a7e309e5be9b41e438f51b9b36 |
03-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
remove utility methods that are not very useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74762 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| bb2b433ae14ca18e88a46032096ce5ec5c05c8e7 |
03-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Replace guarded calls in RegionStoreManager to
ValueManager::getRegionValueSymbolVal() with unguarded calls to
ValueManager::getRegionValueSymbolValOrUnknown(). This changes centralizes the
decision of what values to symbolicate in SymbolManager rather than having it
scatter in RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74730 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 1508636e99faddf569a57fce82c0fb3aa2124396 |
02-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
StoreManagers: Use 'hasGlobalsStorage()' and 'hasParametersStorage()' instead of
directly consulting if a VarDecl is an implicit or actual parameter, a global,
etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74716 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| d05552a21377f493c882298c59e8829040b01d34 |
02-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a separate MemSpaceRegion for function/method arguments passed on the stack.
This will simplify the logic of StoreManagers that want to specially reason
about the values of parameters.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74715 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 7f39d29cb69e7488f994870800d548008e50e1cb |
02-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove commented methods. Add MemRegion::printStdErr().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74709 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| edb883cabf32ef39a3f2ce7a7437894e176a740b |
30-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add utility method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74521 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 7859cc6f2f88ebdb09b5df6fac8c185301d6bf51 |
30-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add utility methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74520 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| f0f0605c87739c906861f73d4287798a4969b1e0 |
29-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
The default answer for isBoundable() should be false.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74418 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 4f596c2263e2e3be3000e10017cc0351eb8bb399 |
27-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove the last 'GetXXX' methods from GRStateManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74361 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| e74eaef9b550c002e59dfc57c0dd640a5f129e8e |
26-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Add missing header file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74233 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValuator.h
|
| 6c07bdba93b095b66e2c8c82dd5ed458fa8285ea |
26-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce a new concept to the static analyzer: SValuator.
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.
We now have one implementation of SValuator: SimpleSValuator.
SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.
As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/ValueManager.h
|
| 53ba0b636194dbeaa65a6f85316c9397a0c5298b |
25-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove uses of std::ostream from libAnalysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74136 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRState.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
| 233e913eec6c178ab58d901a212318bae95dbebd |
25-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRStateManager::GetSValAsScalarOrLoc()/GetSVal().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74128 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| d696aa50200fda369b9031b80d1570688fc9b0be |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix build.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74009 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 25e751a6c9ceb13f313c36facff93be30a057d97 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRStateManager::getRegion/getSelfRegion().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74006 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 76500d072e97b5256c496304b40deb035ca1e375 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRStateManager::BindLoc() and GRStateManager::Unbind().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73996 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| f3b097523614608537f3cc235585a426a0dd6117 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRStateManager::BindDecl() and GRStateManager::BindDeclWithInit().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73995 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| bb7c96f290453104ec35ca17111a5165f68a4697 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
- Add MemRegion::getMemorySpace()
- Change implementation of MemRegion::hasStackStorage()/hasHeapStorage() to use
'getMemorySpace()'. This avoids a double traversal up the region hierarchy
and is simpler.
- Add MemRegion::hasHeapOrStackStorage() as a slightly more efficient
alternative to 'hasStackStorage() || hasHeapStorage()'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73977 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| ea20cd74793d257679267032419a9ff7fc89dc05 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Move 'hasStackStorage()' and 'hasHeapStorage()' from MemRegionManager to MemRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73973 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
|
| dbc2afc5fbafcffff06da0b875ce62f364cf11e0 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
API cleanup: move more methods from GRStateManager to GRState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73968 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| d91ee27950ef5c321db1ac2aa5becb75ffe7cb14 |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move all factory methods from SVal to ValueManager. API cleanup!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73954 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/SVals.h
athSensitive/ValueManager.h
|
| 2ace5cd1dc3340a4a12a3e0d3df51f094cbfde97 |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Split ValueManager method definitions into its own source file.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73952 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 3038c5a44fbe7e3260a538f7dd1ace7fa13c90ae |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
ValueManager::makeNonLoc -> ValueManager::makeIntVal
Clean up code with ValueManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73951 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 087d6c20876ced37d544552b43cf33332687f074 |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Instead of setting the default value of the array region, bind the rest of the
array elements to 0 explicitly. Create 0 values with the element type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73946 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 0dea5241bca707789d706ed1fda3a29a8fedc4c0 |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
MemRegionManager: Migrate logic for getCodeTextRegion() over to using
trait-based MemRegion creation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73941 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| dd198f04897df87c52fef66398035cbf67fdc33d |
23-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove duplicated methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73940 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| a43484afda4c4fb4b23a53a2dc91d985d39dc2c4 |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
MemRegions:
- Embed a reference to MemRegionManager objects in MemSpaceRegion objects
- Use this embedded reference for MemRegion objects to access ASTContext objects without external help
- Use this access to ASTContext to simplify 'isBoundable' (no ASTContext& argument required)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73935 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/ValueManager.h
|
| 7ae7ad9951f032d0a33b64c964f7cdcb9cc6f59b |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
MemRegionManager: Migrate logic for getAllocaRegion() over to using trait-based MemRegion creation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73927 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 6304b08daee27b25ae2e2bdb8bffd67dfad74b3c |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Migrate factory methods for FieldRegion and ObjCIVarRegion creation to use the
new generalized region-construction code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73921 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 250101353b711a409b075f1bc11070dddec7100b |
23-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor some of the logic in MemRegionManager for constructing regions using
member template functions and traits. The idea is to allow MemRegionManager to
construct subclasses of MemRegion that aren't declared in MemRegion.h (e.g.,
checker-specific regions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73917 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 3ff12591494a3cb3d3a24427975df58714ac3b2f |
19-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove more GetSVal/GetLValue methods in GRExprEngine/GRState, instead
preferring to use their replacements in GRState. This further unifies the code
paths for such logic and leads to some code reduction.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73771 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| 45257c37a4e9a8f915661e0f964aec375909eb4c |
19-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
A further step of r73690: associate the cast-to type with the created symbol,
because the type of the symbol is used to create the default range. We need the
sign to be consistent.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73756 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| 23ec48cd3369c8d7d1ab3c3f2226cfcffd2cd3d3 |
19-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Move clients over from using GRStateManager::BindXXX and friends to
GRState->bindXXX and friends (and constify some arguments along the way).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73740 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
athSensitive/SVals.h
|
| a591bc04d21fa62ebffcb2c7814d738ca8f5e2f9 |
19-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
libAnalysis:
- Remove the 'isFeasible' flag from all uses of 'Assume'.
- Remove the 'Assume' methods from GRStateManager. Now the only way to
create a new GRState with an assumption is to use the new 'assume' methods
in GRState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73731 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
|
| 88c675f001e046b7264e2a2d4174dacf3781ce5f |
18-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When casting region, if we do not create an element region, record the cast-to
type.
When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73690 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| 4d5d994a069d6f7513cc025266afcfa73b020405 |
18-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
More GRStateRef removal fix.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73674 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngineBuilders.h
|
| 47fed90f77a3644b2224d9c34e9bae74d8625332 |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove GRStateRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73670 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| b65be70779bdaf75e91731bfd89362bf4118ae31 |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove more dependencies on GRStateRef. As a consequence, we can now
pretty-print a GRState object anywhere it is referenced (instead of
needing a GRStateRef of a GRStateManager handy).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73669 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 3a7720368937e69c3d1ddab353667f256827717f |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove another dependency on GRStateRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73667 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| c87813824896a7124d2dd1c08e4661bbe119abf5 |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove more uses of GRStateRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73648 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| fdf6a56339b3df94d46a49c4977e0a21e8922cf3 |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Class 'Environment' no longer should subclass llvm::FoldingSetNode.
Environment hasn't been uniqued in a FoldingSet for some time, so this
was just wasting a pointer in GRState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73645 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
|
| 67f28534c090650ffa123afa84ff4a96f56de14e |
18-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Start moving in the direction of removing GRStateRef. Now each
GRState object has a direct reference to its GRStateManager, making
the functionality of GRStateRef redunandant. This will lead to some
nice API cleanup and code shrinking across libAnalysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73644 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| cb7835f4f9b681c548f256b62b0810289d4856cd |
17-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Add utility method GRStateRef::makeWithStore().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73576 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 9af46f59242cfaec74fa491a66724970478263eb |
17-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager:
- Add "sections" to RegionStoreManager.cpp to delineate functionality.
- Add new function "CreateFieldsOnlyRegionStoreManager" that uses the new
RegionStoreFeatures class to use a reduced set of features from
RegionStoreManager (in this case, only field-sensitivity). This isn't
completely hooked up yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73572 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 143b2fc6fd3945c250b333383749010c2c8e3a4c |
16-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use canonical type for building ElementRegion. Otherwise ElementRegions cannot
be unique.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73482 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 5e9f35c7cb61aea46f56d46c77cbcf47c0cf28ba |
14-Jun-2009 |
Douglas Gregor <dgregor@apple.com> |
Update LLVM.
Implement support for C++ Substitution Failure Is Not An Error
(SFINAE), which says that errors that occur during template argument
deduction do *not* produce diagnostics and do not necessarily make a
program ill-formed. Instead, template argument deduction silently
fails. This is currently implemented for template argument deduction
during matching of class template partial specializations, although
the mechanism will also apply to template argument deduction for
function templates. The scheme is simple:
- If we are in a template argument deduction context, any diagnostic
that is considered a SFINAE error (or warning) will be
suppressed. The error will be propagated up the call stack via the
normal means.
- By default, all warnings and errors are SFINAE errors. Add the
NoSFINAE class to a diagnostic in the .td file to make it a hard
error (e.g., for access-control violations).
Note that, to make this fully work, every place in Sema that emits an
error *and then immediately recovers* will need to check
Sema::isSFINAEContext() to determine whether it must immediately
return an error rather than recovering.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73332 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 262fd03ee934bebfbbfaabc14744427dd2e7a231 |
20-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
* API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72164 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/Store.h
|
| 6bad354120ce0d35901e86ca63e5534b7b9ed092 |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add PostStmt::getStmtAs(). This unbreaks the build.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71701 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 52c3196a89a26cebcf069dd140c3396b743b8e33 |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add ExplodedNode utility methods 'getLocationAs()' and 'getFirstPred()'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71699 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 264e93799c891c03d60cf0b09a032b0a9935d3b5 |
12-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71548 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/Store.h
|
| 3ef538dd1bb1001fa1a1d50594d13f480a8dfa21 |
12-May-2009 |
Ted Kremenek <kremenek@apple.com> |
BugReport::getEndPath() - Only add a Stmt's range to the constructed PathDiagnosticEventPiece if the BugReport contained no explicit ranges.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71516 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| d9b6ad609ef0b90527e848ba69dc2e492771be4f |
09-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename:
SymbolRegionRValue => SymbolRegionValue
SymExpr::RegionRValue => SymExpr::RegionValueKind
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71322 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
athSensitive/ValueManager.h
|
| a82d8aa5b3b3d24998b4d98b9f45a43cc84cac6f |
09-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
As discussed with Ted, rename TypedRegion::getObjectType() to
TypedRegion::getValueType().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71321 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
|
| c1c739bd4b7b2d6d8eca62579e2b18ac0261be08 |
09-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix lurking bug in one of the versions of
GRStmtNodeBuilder::generateNode() where the HasGeneratedNode flag
wouldn't properly be set.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71306 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| ff6978263439e21d795b0602fabcb38488ef8441 |
09-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
rename: MemRegion:
RValueType => ObjectType
LValueType => LocationType
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71304 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
|
| ab422d17dce198f2af9851340ea7384771a2a8c5 |
09-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Make BlockEntrace program points taggable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71280 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
rogramPoint.h
|
| cbc8c791fd1ab18330161e5d73b831a82422b201 |
09-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix typo in method name.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71279 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 7090d5465de7ca620da16211cf886edf1edc1f1f |
07-May-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: Add ProgramPoint 'PostLValue' just to distinguish (for
analysis introspection) when we computed an lvalue. This shouldn't
effect the current analysis results in any way.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71169 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| dd986cc9989f665370cef0917ba8ba3b4871e3e6 |
07-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add preliminary support for enhancing null-pointer dereference diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71135 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 46a54eb500aa1f841308ad78ef356d28b1bbb0cc |
07-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Bug fix: Not all ConstraintManagers always return a null state when setting
isFeasible to false. This is something we may wish to do further validation on.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71134 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 8966bc1c8ce271c09936c0eaf6c841aef4a0af1b |
06-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor BugReporter interface to have a new 'BugReporterContext' and
'BugReporterVisitor'. This simplifies callbacks from BugReporter to BugReports
(via VisitNode). It also lays the foundation for arbitrary visitor "call backs"
that can be registered to a BugReporterContext as a PathDiagnostic is
constructed. These call backs can help operate as separate "experts" that can
work on constructed pieces of a PathDiagnostic for which they possess special
knowledge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71121 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 4c44e243e36aaaab3fee24ba1190ca65d33bf2ca |
06-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
The super region of ElementRegion no longer needs to be TypedRegion. In the
future we would create ElementRegion directly on top of typeless regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71075 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 889805931bdffe5eaf770bb9f926f738ccd18c0f |
06-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71058 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| cd9392ff7336a2cd5547305ba83a65e63b4f6ff8 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename 'makeZeroIndex' to 'makeZeroArrayIndex'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70865 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| b5b848e046e1899a3ebab4ca3822ae97eef36b1e |
04-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
array indexes are unsigned integers of the same width as pointer.
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70844 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueManager.h
|
| f936f4568700d799e7d92eecef67b0e2b822ae7e |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Per conversations with Zhongxing, add an 'element type' to
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70830 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 8ff59e832591eaa5f3be9885857e71bbcb3da77c |
02-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a new BFS GRWorkList and make it the default worklist model for
GRCoreEngine. This tends to result in shorter paths for pathological cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70585 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRWorkList.h
|
| d49967f8764135ae65658e354b6d38e3637c9de3 |
29-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
BugReporter/PathDiagnostics:
- Add an (optional) short description for BugReports for clients that want
to distinguish between long and short descriptions for bugs
- Make the bug report for VLA less obscene for Plist diagnostics by using
the short description
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70415 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
athSensitive/BugReporter.h
|
| 16f0049415ec596504891259e2a83e19871c0d52 |
26-Apr-2009 |
Chris Lattner <sabre@nondot.org> |
split ObjC and C++ Statements out into their own headers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70105 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 4c5fcd946971756bd644fe76511f292e10225981 |
23-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add PathDiagnosticRange to PathDiagnostics. These simply wrap SourceRange and
indicate whether or not the range represents an absolute range or should be
extended by lexing to the end of the token.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69834 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 3b3a45858c6b2a45114e91902c3bf3c4b7f5f302 |
22-Apr-2009 |
Daniel Dunbar <daniel@zuster.org> |
Mark another TypeForDecl const and make getObjCInterfaceType's argument const.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69772 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c62abc1012feb0b15eff091b02c176649766a347 |
21-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor 'BasicStoreManager::CastRegion' and 'RegionStoreManager::CastRegion'
into StoreManager::CastRegion. Both methods were practically identical, and this
is core logic that is common to all StoreManagers since it defines the basic
invariants of the abstract memory model.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69730 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 72e032004b0d2c2c298e8e4f7027f23a21c0cc7d |
21-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Recommit 69694 but this time also include the header changes (sorry for breaking
the build).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69702 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 5cbe5f9105eae5968229fa2d82fc258e61e27153 |
20-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove loc::FuncVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69577 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 369f447eded97e6048ced02c0c2be3842f61fc1c |
20-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
get a CodeTextRegion when visiting FunctionDecl reference.
get FunctionDecl with more general utility method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69570 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
| 409d4e716a01a71c4fecfaec59ca8348c8a5d275 |
17-Apr-2009 |
Chris Lattner <sabre@nondot.org> |
refactor htmldiags to be created up front like the other diag clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69379 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 19cbb44e3c4f2181dafa2ab92d3e3a26619b71d9 |
16-Apr-2009 |
Chris Lattner <sabre@nondot.org> |
tblgen is now passing diagnostic group information in the .inc file, ignore it everywhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69269 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 4ac072aceb9c68f7a023050e2ab9ccacb4fe6e5b |
15-Apr-2009 |
Chris Lattner <sabre@nondot.org> |
Tblgen now passes the default mapping explicitly, instead of having it
be tied to the diag class. This requires an LLVM tree update.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69175 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 3fabc86064359d6de3b9ac25f137eca5d76b7ec0 |
15-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69133 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 8ec3d7dbff9d526fcdce4fbea683830192340c90 |
11-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: We cannot bind values to CodeTextRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68857 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 1670e403c48f3af4fceff3f6773a0e1cfc6c4eb3 |
11-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"
ProgramPoints all the way through to GRCoreEngine.
NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68845 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
athSensitive/BasicValueFactory.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRExprEngineBuilders.h
athSensitive/MemRegion.h
athSensitive/ValueManager.h
rogramPoint.h
|
| e8063ae53bd241de10ba1053054d06867a5c56ab |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add arbitrary "tags" to ProgramPoints. While this fattens up ProgramPoint even
more, it gives us a tremendous amount of flexibility for extending the analyzer
to handle arbitrary program points.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68823 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| fc3388dfddf760cf3484fd99de28e1eb53769554 |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Move a few more NonLoc static functions to ValueManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68800 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/ValueManager.h
|
| 83a1d1d1a28aafca1f2a271189b78a299b4c9d65 |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Default initialize 'code' instance variable to NULL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68799 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| ec13d9206645af07ef7c571405893b8d901de151 |
10-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add prototype for CodeTextRegion.
A CodeTextRegion wraps two kinds of data: FunctionDecl* or SymbolRef.
The latter comes from the symbolic function pointer that are generated from
function calls or input data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68777 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/ValueManager.h
|
| 3330dcb0da654fb06e78dc410ba15ab90c1b08e7 |
10-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Finally nuke loc::SymbolVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68771 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 8d7f5481a0eeb4c0508202a4bd2b754cfa93c4fe |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
- Move ownership of MemRegionManager into ValueManager.
- Pull SVal::GetConjuredSymbol() and friends into ValueManager. This greatly
simplifies the calling interface to clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68731 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/ValueManager.h
|
| 8e5fb2849d9a8cb40d008a409273766f8ff8f854 |
09-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove SVal::MakeZero and replace it with ValueManager::makeZeroVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68711 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/SVals.h
athSensitive/ValueManager.h
|
| 044b6f0417cb98741f277602fabf5f07ec9a02c0 |
09-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: Introduce a new class, ValueManager, that serves as an aggregate
"manager of symbolic values", wrapping BasicValueFactory, SymbolManager, and
MemRegionManager. While these individual managers nicely separate functionality
in the analyzer, constructing symbolic values can sometimes be cumbersome
because it requires using multiple managers at once. The goal of this class is
to create some factory methods to create SVals that require the use of these
different managers, thus (hopefully) simplifying the analyzer API for clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68709 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/ValueManager.h
|
| c565b63a7905347a51249fafbcaf41b177a22bf0 |
09-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
stop using loc::SymbolVal and clean up code with new API.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68703 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| fe1635bb27f5a13314169143cfdae6ecc6e4b3e2 |
09-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a new method because sometimes the type of the conjured symbol is not the
type of the expression where we create the symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68692 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 867418fdb53b351f7c88cb0255c4a250ea283c3a |
09-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Create a symbolic region instead of a loc::SymbolVal. This is a continued step
to eliminate the use of loc::SymbolVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68685 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| da9ae6088b9543134a6561a412b79530e290408d |
08-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance analyzer reasoning about sending messages to nil. A nil receiver returns 0 for scalars of size <= sizeof(void*).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68629 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 899b3de7bc32434fc406f35255cc828ba8372b3d |
08-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
New static analyzer check by Nikita Zhuk!
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718. The patch also includes test cases."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68585 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| fea5f5a1e8fe558d716ddeddf1aecf63f2e9a54f |
07-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnosticLocation now also wraps Decls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68470 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| a1718c78770db93d1b762620f07728a56786f2ae |
03-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This is the first step to gradually remove the use of loc::SymbolVal. Now
when creating symbolic values, we distinguish between location and non-location
values. For location values, we create a symbolic region instead of a
loc::SymbolVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68373 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 96a69267fc771dcb288bb7b3c5b5b6d49a9542ff |
02-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Hack: Add 'PathDiagnostic::flattenLocations()'. Because PlistDiagnosticClient
can use a PathLocation after any reference Stmts are reclaimed,
flattenLocation() converts those references to statements to source ranges.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68292 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| b930d7adb7cb7642c9c49b39df04ebd5cbfa713a |
01-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6740387>. Sending nil to an object that returns a struct
should only be an error if that value is consumed. This fix was largely
accomplished by moving 'isConsumedExpr' back to ParentMap.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68195 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 5fb5dfb6646464db3cd6d54a6332375c8fe36b75 |
01-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
- Changed PathDiagnosticPiece::getLocation() to return a PathDiagnosticLocation
instead of a FullSourceLoc. This resulted in a bunch of small edits in various
clients.
- Updated BugReporter to include an alternate PathDiagnostic generation
algorithm for PathDiagnosticClients desiring more control-flow pieces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68193 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 7dc8664a54f4ede40a5f4adee3f5081a59d7ee1c |
31-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Allow two codepaths for PathDiagnostic generation. This patch mainly consists of
refactoring to make this possible (no functionality change).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68141 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| e8e86482da4c1872673bbb9c237649229d19793b |
31-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Re-apply 68028. The code had drifted enough that the tests would fail without
it. Will discuss offline whether symbolic regions should by typed or typeless.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68070 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 782582df7b06952e96123b3cde509ef4f5c794a3 |
30-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Revert 68028.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68068 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| be65d908d6da886a03cd2b3a47605e10ee0645f2 |
30-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68063 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 536aa02b29ea2bdffff2cc507ed04f6b56737116 |
30-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add version of GRExprEngine::AddCheck that registered a GRSimpleAPICheck that
will be called for every expression in a basic block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68041 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| a45fec1a586a3b234d301bb89e26f2e891def0d7 |
30-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make SymbolicRegion untyped.
Layer the type information with a TypedViewRegion on top of the SymbolicRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68028 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| f1d537f460c529906c73de56d891046b45434fb3 |
30-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Implement a FIXME.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68024 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 827ecb0db9225c98f08cfc991598210bcf0045dd |
29-Mar-2009 |
Chris Lattner <sabre@nondot.org> |
DeclRefExpr refers to one decl, not all the declarators in a declaration.
Ted, please check this, this change causes no regression tests to fail.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68001 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 3b0868d1da749f7122757016f57f9f4b62b539f4 |
28-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add comparison operators for PathDiagosticLocation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67947 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 8a9a26785c3cd8f4fd4e71aa71b4a87b3da2344a |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Move declaration of 'PathDiagnostic' to the end of PathDiagnostic.h and add PathDiagnostic::getLocation().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67842 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 89e65a1fabf5a9569b3358203b8e9e9813209b8f |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnostic: replace 'std::list' with 'std::deque'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67840 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| c3a838bef9565295850923eb8cb622b5b8e861e4 |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add iterators to PathDiagnosticControlFlowDiagnostic for iterating over the
multiple location vectors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67838 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| babdd7b56d02e2b6924a2c93b061d6a48bb5f0ca |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
BugReporter:
- Added an internal helper class 'PathDiagnosticBuilder' which now bundles the
'ExecutionContinues' methods.
- Added preliminary diagnostics for short-circuit '&&' and '||'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67822 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| a11982a01d2a239a5132b1871f2b417de11ab80d |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
- Fix thinko in implementation of PathDiagnosticLocation::asStmt(). Thanks to
Anders Johnsen for pointing this out.
- Have PathDiagnosticControlFlowPiece take PathDiagnosticLocation for the
arguments to its constructors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67812 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 6f00204d44dfab30f55c19b744e3ece9f229043f |
27-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
- Add class PathDiagosticLocationPair.
- Have PathDiagnosticControlFlowPiece use a vector of PathDiagnosticLocationPairs to represent transitions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67786 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| becf8886d10c41a4605c5e66cd806492eb8b864c |
26-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement PathDiagnosticLocation::asRange() and PathDiagnosticLocation::asStmt().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67777 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 97b40036d4d4d1bf4e7be71fc2bce009de4e8c0c |
26-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
- Implement PathDiagnosticLocation::asLocation.
- Switch PathDiagnosticEventPiece and PathDiagnosticMacroPiece to use
PathDiagnosticLocation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67774 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 1f9bd0fbf5894b41bba5f2fdb0c6546a7a6ef3d8 |
26-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnostics (analyzer):
- Added a new class, 'PathDiagnosticLocation', that is a variant for
SourceLocation, SourceRange, or Stmt*. This will be used soon by
PathDiagnosticPieces to describe locations for targets of branches, locations
of events, etc.
- Did some prep. refactoring of PathDiagnosticPieces to prepare them for
adopting the new PathDiagnosticLocation
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67767 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| e0e4ebf6bfca5a71b2344d8a1b748b852509279c |
26-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer infrastructure: make a bunch of changes to symbolic expressions that
Zhongxing and I discussed by email.
Main changes:
- Removed SymIntConstraintVal and SymIntConstraint
- Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr
- Added nonloc::SymExprVal to wrap SymExpr
- SymbolRef is now just a typedef of 'const SymbolData*'
- Bunch of minor code cleanups in how some methods were invoked (no functionality change)
This changes are part of a long-term plan to have full symbolic expression
trees. This will be useful for lazily evaluating complicated expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67731 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| a129eb974d8ff0ad4a4dd94ad1e6c5f98897ddb4 |
25-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This patch adds two more SymbolData subclasses: SymIntExpr and SymSymExpr, for
representing symbolic expressions like 'x'+3 and 'x'+'y'. The design is
subjected to change later when we fix the class hierarchy of symbolic
expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67678 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| 693de5d7feb92c096431c98ea6ee637494bfe6fb |
23-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: Fix embarrassing regression in BasicStore when invalidating struct
values passed-by-reference to unknown functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67519 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| bb9b2711ded08d39f9c9aa08b06ac5e288f32c62 |
20-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine:
- Conjure symbols at '--' and '++' unary operations
- Add utility method SVal::GetConjuredSymbolVal() and constify some arguments
along the way.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67395 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| def1a888f999725dba7184e4fae7b94f8978032f |
20-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Allow profiling of "invalid" Symbols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67383 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| 4d7a089144f336b11e5e8ce437b3b27bce2b310d |
20-Mar-2009 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Bindir and Win32 builds work, so switch to .inc files. Leave the .def files in the tree for a day or so longer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67346 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| e89b6b272f9f3b15afa56a701a4d7a6b1001ed34 |
14-Mar-2009 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Revert the switch to the tablegen diags. It fails for seperate objdir builds and cmake builds, and I have no clue what to do about it. Revisit this after someone with a clue about the build systems has looked at it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67009 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 3801d71fbeb6e74a22cdd6a858e10d887bc29c7a |
14-Mar-2009 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Switch diagnostics from .def to tablegen files. Please validate the Windows build.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67007 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 36c233837a37e295ecef133739d2b6429c72b960 |
13-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix typo.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66905 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| 610e81d6b7248ce4be4be2252b03a5d4052c9835 |
13-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix failure reported by Sebastian of test/Analysis/ptr-arith.c when the target
is 64-bit. I used his suggestion of doing a direct bitwidth/signedness
conversion of the 'offset' instead of just changing the sign. For more
information, see:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2009-March/004587.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66892 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| e6fbdf538bc50122876639e08a1401e2bc9555ba |
12-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when using TypedViewRegions and ObjCQualifiedIdTypes (TypedViewRegion::getLValueType() was not implemented).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66830 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 082cb8d7bd9bdb3fe58e8e1a2897c79c4ebcc3a7 |
12-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnostics:
- PathDiagnosticControlFlowPiece now consists of a "start" and "end" location
to indicating the branch location and where the branch goes.
BugReporter:
- Updated BugReporter to construct PathDiagnosticControlFlowPiece objects with
"end" locations.
PlistDiagnostics:
- Plists now contain the bug "type" (not just bug "category")
- Plists now encode control-flow pieces differently than events; now the
"start" and "end" locations are recorded
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66818 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| b2dea734527ae75281642a1c6ace28f9e00cab11 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add TypedViewRegion::isBoundable() to indicate whether or not the
TypedViewRegion has a valid rvalue type. Also renamed instance variable 'T' to
'LvalueType' to make it unambiguous of its purpose.
This fixes some crashes I was seeing after:
http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20090309/013771.html
This is because 'isBoundable()' is defined in TypedRegion (the parent class) in
terms of the rvalue type (which could be null), while for TypedViewRegion it
should be defined in terms of the lvalue type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66712 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 2e3f73b963b5831d6230f69e157b0964b11eff91 |
11-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
The RValueType of a TypedViewRegion should be the pointee type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66655 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 672e408f14b528fe5e41c5dc99e95e671149a1e9 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add utility method to BasicValueFactory to convert an APSInt to one of a different sign.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66637 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| a516ce16b472e61924f5dd10d181c3e8330979af |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add accessor method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66626 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 78a5361ae7cb6f468a6dc721f34883072cf11b34 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add accessor method to return a GRStateManager's internal ConstraintManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66625 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 66b527193aa6f3aa94c03f6769c42d7642e1e147 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Added method "canReasonAbout" to ConstraintManager. This method returns true if
a ConstraintManager can usefully reason about the given SVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66624 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
| 3aa1ab27c14d16c853ccb61f17a4a75d8e366806 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add some iterators to BugReporter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66621 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 83d889b6e8b5b0bb7305cc1d1749780d205a6c9b |
10-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnosticControlFlowPiece:
- Correctly set "ControlFlow" kind (fix regression)
PathDiagnosticMacroPiece:
- add method "containsEvent" to determine if a PathDiagnosticMacroPiece
transitively contains a PathDiagnosticEvent
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66519 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| ed65d3d97132fbcdd124aef4d2478e348dfbd36b |
09-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add member template "MemRegion::getAs<RegionType>" that dynamically casts a
given MemRegion object to a target region type. This differs from dyn_cast<> in
that it also ignores TypedViewRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66439 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 1fbfd5b9b8b82aea084773b76dd1ec6796a7000c |
07-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Create PathDiagnosticPiece subclasses PathDiagnosticEventPiece and
PathDiagnosticControlFlowPiece to distinguish (in the class hierarchy) between
events and control-flow diagnostic pieces. Clients must now use these directly
when constructing PathDiagnosticPieces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66310 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 6d3dee9f9deda0dbe8e71d4228322ed82da70ff7 |
07-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Re-order contents of file. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66304 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 4e06387c2d6d00c7a30167d4c2206756992dde38 |
06-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Start work on subclassing PathDiagnosticPiece to distinguish more between control-flow pieces, events, etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66291 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| a15a81c45b44d9949be6ce16682a405cbb9b4228 |
06-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Use list instead of vector for storing strings.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66271 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 4850451c8e93789c099d907dd469898ea9561ecb |
06-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression: initialize 'size' for PathDiagnostic to 0.
Add some assertions along the way...
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66265 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| a127ccaa38a23dbd9bd3884a2627c091075a7227 |
06-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Like PathDiagnosticPieces, strip trailing periods at the end of PathDiagnostic descriptions
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66263 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| be91224894e1501133e224934285ba6440bf5b59 |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicStore:
- Store bindings using a MemRegion -> SVal binding instead of VarDecl -> SVal
binding. This mirrors some of the idea of RegionStore, but is far simpler and
not nearly as functional. This leads to some code simplification and
some potential for some minor precision hacks.
Along the way...
- constify the use of MemRegion* in a few places
- add operator<<(llvm::raw_ostream, const MemRegion*)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66163 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 1b9b883a95215e38e153d253a46a2a2fcac25896 |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
MemRegion:
- Have 'TypedRegion::getRValueType()' return a null QualType for 'id<...>'
instead of aborting.
- Change 'TypedRegion::isBoundable()' to return true for all objects with a
non-null RValueType (this may not be the final behavior).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66093 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| a880b66d6e0e446501fcbc27b87a1ec0e4ecde4c |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add an optional "tag" to conjured symbols that allows us to distinguish between
multiple symbols conjured at the same location. All that is required of the tag
is that it is a fixed void* value that points to an memory address that remains
valid throughout the remainder of the lifetime of the SymbolManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66092 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| 41168eac256fed59ec5406a75fce91c59cd5dd91 |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Added the notion of a "boundable region", which is a region that can have a direct binding in the StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66005 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
|
| 1cb151eadee0ef1944bd9a16aa4348ead7160259 |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add "GetSValAsScalarOrLoc" methods to GRState/GRStateRef that only perform a
retrieval from the store/environment for locations or scalar types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65982 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 94c969804b1f98650316a8f75434b2d24dbe94ea |
03-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Rework use of loc::SymbolVal in the retain/release checker to use the new method
SVal::getAsLocSymbol(). This simplifies the code and allows the retain/release
checker to (I believe) also correctly reason about location symbols wrapped in
SymbolicRegions.
Along the way I cleaned up SymbolRef a little, disallowing implicit casts to
'unsigned'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65972 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| 14453bf723c025034823e4d4005a98ee176753a0 |
03-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Don't use std::auto_ptr with getSubRegionMap().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65957 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 5dc2746b6c759d2fdab050d3d41ba60ad141a0a3 |
03-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement FIXME: GRStateManager::scanReachableSymbols now supports scanning MemRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65919 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 59e8f1128019aef95f45c6fa09cc0f8bfea99f13 |
03-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add StoreManager::getSubRegionMap(). This method returns an opaque mapping for clients of StoreManagers from MemRegions to their subregions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65914 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| d0feed6224d70ed7b1483342ddef4437b80beef2 |
02-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a 'kind' field to PathDiagnosticPieces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65862 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 94aa6c16e7404b2ff83a6f0ae7db8a758d389fc4 |
02-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Initial support for pointer arithmetic. Only support concrete indexes and
offsets for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65814 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 0312c0e09c9de480d78607972ac64a88f4e94a33 |
01-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename AnonTypedRegion to TypedViewRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65764 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 72564e73277e29f6db3305d1f27ba408abb7ed88 |
27-Feb-2009 |
Douglas Gregor <dgregor@apple.com> |
Create a new TypeNodes.def file that enumerates all of the types,
giving them rough classifications (normal types, never-canonical
types, always-dependent types, abstract type representations) and
making it far easier to make sure that we've hit all of the cases when
decoding types.
Switched some switch() statements on the type class over to using this
mechanism, and filtering out those things we don't care about. For
example, CodeGen should never see always-dependent or non-canonical
types, while debug info generation should never see always-dependent
types. More switch() statements on the type class need to be moved
over to using this approach, so that we'll get warnings when we add a
new type then fail to account for it somewhere in the compiler.
As part of this, some types have been renamed:
TypeOfExpr -> TypeOfExprType
FunctionTypeProto -> FunctionProtoType
FunctionTypeNoProto -> FunctionNoProtoType
There shouldn't be any functionality change...
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65591 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 8af2975d50270813ae6366d007e9e1f5b65ddc68 |
26-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnosticPiece now automatically strips off trailing periods in diagnostic messages.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65574 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 4b2d3f7bcc4df31157df443af1b80bcaa9b58bba |
26-Feb-2009 |
Douglas Gregor <dgregor@apple.com> |
Introduce code modification hints into the diagnostics system. When we
know how to recover from an error, we can attach a hint to the
diagnostic that states how to modify the code, which can be one of:
- Insert some new code (a text string) at a particular source
location
- Remove the code within a given range
- Replace the code within a given range with some new code (a text
string)
Right now, we use these hints to annotate diagnostic information. For
example, if one uses the '>>' in a template argument in C++98, as in
this code:
template<int I> class B { };
B<1000 >> 2> *b1;
we'll warn that the behavior will change in C++0x. The fix is to
insert parenthese, so we use code insertion annotations to illustrate
where the parentheses go:
test.cpp:10:10: warning: use of right-shift operator ('>>') in template
argument will require parentheses in C++0x
B<1000 >> 2> *b1;
^
( )
Use of these annotations is partially implemented for HTML
diagnostics, but it's not (yet) producing valid HTML, which may be
related to PR2386, so it has been #if 0'd out.
In this future, we could consider hooking this mechanism up to the
rewriter to actually try to fix these problems during compilation (or,
after a compilation whose only errors have fixes). For now, however, I
suggest that we use these code modification hints whenever we can, so
that we get better diagnostics now and will have better coverage when
we find better ways to use this information.
This also fixes PR3410 by placing the complaint about missing tokens
just after the previous token (rather than at the location of the next
token).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65570 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| b293902c5cfa18365ffb0e00763849c9808a2ad1 |
26-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix subtle bug in EvalEagerlyAssume: Check if the previous node was at the same statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65486 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 48af2a9c1ed3259512f2d1431720add1fbe8fb5f |
25-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add experimental logic in GRExprEngine::EvalEagerlyAssume() to handle
expressions of the form: 'short x = (y != 10);' While we handle 'int x = (y !=
10)' lazily, the cast to another integer type currently loses the symbolic
constraint. Eager evaluation of the constraint causes the paths to bifurcate and
eagerly evaluate 'y != 10' to a constant of 1 or 0. This should address
<rdar://problem/6619921> until we have a better (more lazy approach) for
handling promotions/truncations of symbolic integer values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65480 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 22017911050544b923302c2bc66563f8f4d32de5 |
25-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement 'Add' method for GRStatePartialTrait<ImmutableList<T>>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65424 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 58e899b336c63fa25d4cc8986d97a40933cded9b |
20-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Added a new method to GRStmtNodeBuilder to build nodes using an arbitrary
PostStmt program point. This allows clients to pass in PostStmtCustom program
points.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65080 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 2680b5f926fad29c1a2b2723a70d189f4b637979 |
20-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
ProgramPoint::Profile now specially handles PostStmtCustom (hashes on tag and data) so that clients don't need a unique address for the pair itself.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65079 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 21fe8370f660a30e3a0493c74728dcb369b9c58b |
19-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Implemented simple check in <rdar://problem/6600344>: When the receiver of a
message expression is nil and the return type is struct then the returned value
is undefined or potentially garbage.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65003 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| fe9e543a2a363df7fcaa899367d3b2580b63b27c |
18-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Hooked up the necessary machinery to allow the retain/release checker reference
back to the summary used when evaluating the statement associated with a
simulation node. This is now being used to help improve the checker's
diagnostics. To get things started, the checker now emits a path diagnostic
indicating that 'autorelease' is a no-op in GC mode.
Some of these changes are exposing further grossness in the interface between
BugReporter and the ExplodedGraph::Trim facilities. These really need to be
cleaned up one day.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64881 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
|
| 63eb5878c3d97b002139b7da8ba449592bdef717 |
17-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicValueFactory: getMinValue/getMaxValue can be applied to any location type as specified by Loc::IsLocType().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64832 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| eca69623c2c942fdb995cecc92a275a189fd731c |
17-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicValueFactory: getMaxValue and getMinValue now also handle 'block' pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64786 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| 4b441f057688cf0d3e6d74ac530ce3eb2d965c5e |
16-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Modify getMaxValue/getMinValue to take pointer values as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64682 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| 6175dc676c515a74e5f41afb4ac2b44cc2367a24 |
16-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicValueFactory: Add utility methods 'Add1' and 'Sub1' to get a persistent APSInt value that is 1 greater or 1 less than the provided value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64678 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| 0d3aeae8bf09fb9cdc536cfa5fefa983bd900dfc |
16-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicValueFactory: Add getMaxValue and getMinValue variants that take QualTypes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64677 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| f81895f963f0910c7df422709f7f1668eb9f7c4f |
16-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add getSymbolManager() and getBasicVals() accessors to GRStateRef.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64675 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 4502195fecf399fdbbb9ee2393ad08148c394179 |
14-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Patch by Ben Laurie:
ConstraintManager:
- constify getSymVal()
BasicConstraintManager:
- Pull out logic that would be common to ConstraintManagers of a similar nature
and put them in a parent class called 'SimpleConstraintManager'.
RangeConstraintManager:
- Added a new prototype ConstraintManager to track ranges of variables! This
ConstraintManager keeps tracks of ranges of concrete integers that a symbolic
integer may have.
AnalysisConsumer:
- Add driver option to use RangeConstraintManager with GRExprEngine-based
analyses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64558 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
| 5216ad7e095873f19e535ad1efba91973f05d8e8 |
14-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Added GRStateManager::scanReachableSymbols(), a method which scans the reachable
symbols from an SVal.
- Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark
live all the symbols reachable from a live block-level expression.
- Fixed a bug in the retain/release checker where it did not stop tracking
symbols that 'escaped' via compound literals being assigned to something the
BasicStoreManager didn't reason about.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64534 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
athSensitive/SymbolManager.h
|
| 41573ebf8fb971f40fa8a3e20648362c359b4916 |
14-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Static analyzer:
- Added a new 'node builder' class called GRStmtNodeBuilderRef (name may
change). This is essentially a smart reference to a GRStmtNodeBuilder object
that keeps track of the current context (predecessor node, GRExprEngine
object, etc.) The idea is to gradually simplify the interface between
GRExprEngine and GRTransferFuncs using this new builder (i.e., passing 1
argument instead of 5). It also handles some of the "auto-transition" for node
creation, simplifying some of the logic in GRExprEngine itself.
- Used GRStmtBuilderRef to replace GRTransferFuncs::EvalStore with
GRTransferFuncs::EvalBind. The new EvalBind method will be used at any
arbitrary places where a binding between a location and value takes place.
Moreover, GRTransferFuncs no longer has the responsibility to request
StoreManager to do the binding; this is now in GRExprEngine::EvalBind. All
GRTransferFuncs::EvalBind does is checker-specific logic (which can be a
no-op).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64525 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRExprEngineBuilders.h
athSensitive/GRTransferFuncs.h
|
| a8538d902fce9cfec20f39b34492268b51643819 |
13-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine:
- Add 'EvalBind', which will be used by 'EvalStore' to pull much of the value binding logic out of GRTransferFuncs.
- Rename many cases of 'St' to 'state'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64426 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 59753441b6391a9843eff287f0adb2614153b7c8 |
09-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Refine PostStmtCustom to reference a tagged data pair with the tag to indicate the checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64144 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| f4be8ee748831bc23e35b542e6c1bb6d1eb49baa |
09-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Added a new ProgramPoint 'PostStmtCustom' to enable checker-specific ProgramPoints.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64143 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 7a9bb52171f962d51ab13c1e012d2236feb9558d |
07-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Commit header.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64042 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 026c66395b88a09437319139a43b090093f7e1dd |
05-Feb-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make SymbolicRegion subclass TypedRegion, for symbols usually have types, so
do the symblic regions associated with them and we need them to be typed.
Current SymbolicRegion::getRValueType() method is very restricting. It may be
modified when we are more clear about what could be the types of symblic
regions.
BasicConstraintManager::Assume() is changed due to that now SymblicRegion is a
subclass of SubRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63844 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| cf118d41f7930a18dce97416ef7834a62642f587 |
05-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Overhaul BugReporter interface and implementation. The new interface cleans up
the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.
The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.
Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63796 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
athSensitive/GRExprEngine.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRTransferFuncs.h
|
| 97c4d4759da403bccaaccdadb513164c84c85bef |
04-Feb-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove dead code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63715 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 64650af7cc4352c6c67b9bd1bf8ef3ce7471b910 |
03-Feb-2009 |
Douglas Gregor <dgregor@apple.com> |
Add a macro-based enumeration of all of the Decl nodes (like we do
with Stmt/Expr nodes), and convert some of the more mundane
switch-on-all-decl-kinds uses over to use this new file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63570 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| bf98c99600017bfcdde2a7966c47a6beb15a96dc |
30-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix horrible non-termination bug in LiveVariables. The issue was that
the liveness state of block-level expressions could oscillate because
of two issues:
- The initial value before a merge was not always set to "Top"
- The set of live block-level expressions is a union, not an intersection
This fixes <rdar://problem/650084>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63421 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
upport/BlkExprDeclBitVector.h
|
| 1e2b1fc4c4ae775adb2b236a8190f5a93b09ea12 |
30-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Move method out-of-line.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 14553abd17d303b0b310b3ab1523eb0d30d8121c |
30-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a couple bugs:
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
ASTContext for the size (in bits) of 'int'. While it worked, it was a
conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
type "ConstantArray", and handles the case when uses use ordinary variables
as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
"array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63347 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/MemRegion.h
athSensitive/SVals.h
|
| 19e8e2cffc19606d0f44e7c2897cd126ffd3f9b0 |
29-Jan-2009 |
Chris Lattner <sabre@nondot.org> |
next round of diagnostics cleanups, moving some
diags around, eliminating #defines, etc. Patch by
Anders Johnsen!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63318 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 88eccaf06f9d88191723e71bdf5ca68409393be6 |
29-Jan-2009 |
Chris Lattner <sabre@nondot.org> |
Fix -Wimplicit-function-declaration, which required some refactoring and
changes in various diagnostics code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63282 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| 500d3297d2a21edeac4d46cbcbe21bc2352c2a28 |
29-Jan-2009 |
Chris Lattner <sabre@nondot.org> |
move library-specific diagnostic headers into library private dirs. Reduce
redundant #includes. Patch by Anders Johnsen!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63271 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisDiagnostic.h
|
| b2bf7cda4661c54510e6cbb96ba6ea9b5ddafca9 |
28-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove method 'AddNE' from the public interface of ConstraintManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63249 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRState.h
|
| 679f4981e33643d3bc459b8208803ad2925cf282 |
28-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Add some comments to GRStateManager. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63243 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| a26ddabc0eb8cf8ea4de1878f84d3b920fc2349f |
27-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnostics:
- Add the distinction between the 'bug type' and the 'bug description'
HTMLDiagnostics:
- Output the bug type field as HTML comments
scan-build:
- Use the bug type field instead of the bug description for the HTML table.
- Radar filing now automatically picks up the bug description in the title (addresses <rdar://problem/6265970>)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63084 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 3148eb4a75f70f2636075c364d03104223f004d3 |
24-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
More hacking on static analyzer diagnostics. When emitting summary diagnostics the code paths for diagnostics involving paths or single locations are now unified. This patch also constifies many arguments/methods that are touched by this logic, leading to a nice overall code cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62903 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
|
| cabe66811fe43835b8c5a0854552768fc53261e3 |
23-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Added virtual method DiagnosticClient::IncludeInDiagnosticCounts(). This is used by Diagnostics to determine if a diagnostic sent to a given DiagnosticClient should be included in the count of diagnostics. The default implementation of this method returns 'true'.
Implemented DiagCollector::IncludeInDiagnosticCounts() to return 'false' so that the batching of diagnostics for use with BugReporter doesn't mess up the count of real diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62873 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 9ab6b9cfb76ee56a61829e2bdb08e5cdc288726e |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Static analyzer: Remove a bunch of outdated SymbolData objects and
their associated APIs. We no longer need separate SymbolData objects
for fields, variables, etc. Instead, we now associated symbols with
the "rvalue" of a MemRegion (i.e., the value stored at that region).
Now we only have two kinds of SymbolData objects: SymbolRegionRValue
and SymbolConjured.
This cleanup also makes the distinction between a SymbolicRegion and a
symbolic value that is a location much clearer. A SymbolicRegion
represents a chunk of symbolic memory, while a symbolic location is
just a "pointer" with different possible values. Without any specific
knowledge, a symbolic location resolves (i.e., via a dereference) to a
SymbolicRegion. In the future, when we do better alias reasoning, a
symbolic location can become an alias for another location, thus
merging the constraints on the referred SymbolicRegion with the other
region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62769 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| 241677a13cc46647a8f5098b3e3239bd9480dca2 |
21-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62722 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
| 4afa39deaa245592977136d367251ee2c173dd8d |
20-Jan-2009 |
Douglas Gregor <dgregor@apple.com> |
Remove ScopedDecl, collapsing all of its functionality into Decl, so
that every declaration lives inside a DeclContext.
Moved several things that don't have names but were ScopedDecls (and,
therefore, NamedDecls) to inherit from Decl rather than NamedDecl,
including ObjCImplementationDecl and LinkageSpecDecl. Now, we don't
store empty DeclarationNames for these things, nor do we try to insert
them into DeclContext's lookup structure.
The serialization tests are temporarily disabled. We'll re-enable them
once we've sorted out the remaining ownership/serialiazation issues
between DeclContexts and TranslationUnion, DeclGroups, etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62562 91177308-0d34-0410-b5e6-96231b3b80d8
upport/BlkExprDeclBitVector.h
isitors/CFGRecStmtDeclVisitor.h
|
| e1c2a675e0c089e1f53cbd55d2197a8beaa852ae |
13-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Handle casts from arrays to integers. This fixes PR 3297.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62130 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 7e5d6ed47dcedce35043de59ee00464b681bc786 |
08-Jan-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add isSubRegionOf() method to SubRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61924 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c6ed3840d685bd40bd921dd1f76cfb5a9b4fc599 |
07-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Update some doxygen comments to be more rich. Remove StoreManager::GetRegionSVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61894 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| d6cfbe4bd5103cd020d987d09438744eb17226a3 |
07-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Refactor MemRegionManager instance variable into parent class. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61888 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| ff944a8c481d6c0f1ad2633e4be9bf8b1dd2a09f |
22-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add an option to make 'RemoveDeadBindings' a configurable behavior. This enables
us to measure the effect of this optimization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61319 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 4306d3cb9116605728252e2738df24b9f6ab53c3 |
21-Dec-2008 |
Fariborz Jahanian <fjahanian@apple.com> |
Finish up saving original parameter type and
using it in ObjC's method parameter encoding.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61293 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 4193eca10ce0cc8b2dae887e935a43b26f492b5b |
20-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Lazy bingding for region-store manager.
* Now Bind() methods take and return GRState* because binding could
also alter GDM.
* No variables are initialized except those declared with initial
values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61274 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
| 62b585701d626dec90b0aa0dfd8c2b75ffe29265 |
18-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add method used by ImmutableMap GDM specialization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61193 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 2fb78a70536274426302415b6fc54a1074788e91 |
17-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
CF-retain/release checker:
- Fix regression reported in <rdar://problem/6452745>. After a null check, null references to resources should not have a retain count. This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61155 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 500d2ee83d407106d80920fb4325fa2e06fa61a5 |
17-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add pretty-printing for AnonTypedRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61146 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| e1efd4de8685e0785daf9cab227f7a21cfc9c80b |
16-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add new GRWorkList class that uses two queues:
- one queue (FIFO) to queue up nodes at block entrances
- another queue (LIFO) to queue up other nodes
- The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61106 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRWorkList.h
|
| 8c354758c2d39db87c77c723d81e34b4d967f762 |
16-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
ProgramPoint:
- Added four new ProgramPoint types that subclass PostStmt for use in
GRExprEngine::EvalLocation:
- PostOutOfBoundsCheckFailed
- PostUndefLocationCheckFailed
- PostNullCheckFailed
- PostLocationChecksSucceed
These were created because of a horribly subtle caching bug in EvalLocation
where a node representing an "bug condition" in EvalLocation (e.g. a null
dereference) could be re-used as the "non-bug condition" because the Store did
not contain any information to differentiate between the two. The extra
program points just disables any accidental caching between EvalLocation and
its callers.
GRExprEngine:
- EvalLocation now returns a NodeTy* instead of GRState*. This should be used as the "vetted" predecessor for EvalLoad/EvalStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61105 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
rogramPoint.h
|
| 6eddeb153415049c7b62de4b45385a759a6906c6 |
13-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
MemRegion:
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60995 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
| abb042f33ea8e6107a7dc8efc51d2ace329f9f48 |
13-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
A series of cleanups/fixes motivated by <rdar://problem/6442306>:
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60990 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 3d8173c1c68f451c7492f92023d829c626845925 |
12-Dec-2008 |
Chris Lattner <sabre@nondot.org> |
fix breakage I introduced in r60938
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60941 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 43b28d07019bc78447ecbbb721526de4ffd83f20 |
12-Dec-2008 |
Chris Lattner <sabre@nondot.org> |
silence warning in release-asserts mode about unused variable, also
move comment into assert message.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60938 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c5458622a30ede903e8d1e800cbf9382bd45b69f |
11-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Identify AnonPointeeRegion by the symbol that is concretized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60870 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 3bb662a8635a1f85a64719759ead76abffe0e172 |
11-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
AnonPointeeRegions are now identified by the MemRegion of the pointer pointing
to them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60868 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 0bc27eab2079c01771cf025a77fd2205378182d8 |
09-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
initialize member variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60759 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 2fdf555af136cb017f4dc0c26d5d3415d122e1ff |
09-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add utility method. Remove an unused method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60758 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 159d2487e6b49f0aa64c44aef96bc9d643929931 |
09-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
[static analyzer] Extend VLA size checking to look for undefined sizes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60734 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e0dbda136444b2f3550a421f4436d438230c732f |
09-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed LiveVariables bug where we didn't consider block-level expressions that functioned as the size of a VLA to be live.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60730 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalyses/UninitializedValues.h
upport/BlkExprDeclBitVector.h
|
| efd5994d6a35b6b16b29cc59a0d9ef8a14d9c6f8 |
08-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add checking for zero-sized VLAs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60726 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 96f560b96ba3fb7b9a5408db22b481206b211f1c |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Change the implementation of symbol_iterator to not use a union and rely on any details of SymbolRef's implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60579 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| 562731eabbed616535874c99655c81cc55d713fb |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add SymbolRef::print() and have SymbolicRegion::print() use this method instead of calling SymbolRef::getNumber().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60578 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| 9ceffa9ef4c1398815cddde7120779e8e0a84917 |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove (unused) RegionExtent and subclasses. Extents are now represented easily using SVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60576 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 2dabd4372c50019fa00aae223ce634e0e754a3f2 |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename SymbolID to SymbolRef. This is a precursor to some overhauling of the representation of symbolic values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60575 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/BugReporter.h
athSensitive/ConstraintManager.h
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
| f3d416267ec92cf28da11a79b47383179b77c5d0 |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove SymbolDataContentsOf (unused).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60572 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| 2ed14beed7dcb46245328d72ac7011c92c1bd676 |
05-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a GRState* argument instead of a Store. This allows them to use the GDM for storing other data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60570 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 39b630fc1cef83d58c6e0f551debb16a4d547abe |
03-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Added GDM query functions "contains" for the data types that support the "Contains" method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60505 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| 32d600ce59e780b7ff969309cbf742159abe018b |
03-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Added partial specialization of GRStatePartialTrait<T> with T = ImmutableSet<...>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60504 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 0395b5d4987fe5baa818015e9d294c128619e4ec |
29-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
To be consistent, make the index of the ElementRegion always signed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60248 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| e73dc26690776887bd2991461f6814498600d6eb |
28-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enable the GRStateManager to do something when we finish a path. For example,
the ConstraintManager can print its internal state before its solver instance is
destroyed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60204 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| e42aaba04bff90a1d08b95e36edcb7ff314c77c7 |
27-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
ImmutableList::getInternalPointer() returns a const ImmutableListImpl<T>* pointer, which must be converted to void* explicitly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60152 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 22438a8dfe9f2f273c0b1a47f3f80be782ea6f09 |
27-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for pluggable components of static analyzer.
- Creator function pointers are saved in ManagerRegistry.
- The Register* class is used to notify ManagerRegistry new module is
available.
- AnalysisManager queries ManagerRegistry for configurable module. Then it
passes them to GRExprEngine, in turn to GRStateManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60143 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| baf03a7c0a846632396f9f5a19f6cd45bbe2b926 |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for AllocaRegion extent with GDM.
One design problem that is emerging is the signed-ness problem during static
analysis. Many unsigned value have to be converted into signed value because
it partipates in operations with signed values.
On the other hand, we cannot blindly make all values occuring in static analysis
signed, because we do have cases where unsignedness is required, for example,
integer overflow detection.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59957 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 8b8627380638d0889d6924d1ec10d42a9c743593 |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add utility methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59956 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 887058af514f7288cf8d49128459b9126d892206 |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix 80-col violation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59954 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 6613d08a19aa6ce9b6330487f3bfac841d4b8a4d |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add getSize() support for StringRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59930 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
| 011bb4edf731d529da1cbf71c7c2696aaf5a054f |
23-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
add support for inserting a DeclarationName into a diagnostic directly
without calling getAsString(). This implicitly puts quotes around the
name, so diagnostics need to be tweaked to accommodate this.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59916 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 3fdf4b071dc79fae778fb5f376485480756c76a3 |
23-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Genericize the qualtype formating callback to support any diag argument.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59908 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 22caddc91d2f6186739c6b20ec58ed38cd68e595 |
23-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Add support for sending QualType's directly into diags and convert two
diags over to use this. QualTypes implicitly print single quotes around
them for uniformity and future extension.
Doing this requires a little function pointer dance to prevent libbasic
from depending on libast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59907 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 1c0c23325312df5d40fe788ffcb48484f190e9a3 |
23-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add out-of-bound memory access warning report code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59903 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e8a964bdb46349e4fa3433c8e5104d2a0f7f5c65 |
22-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Initial support for checking out of bound memory access. Only support
ConcreteInt index for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59869 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/ConstraintManager.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/SVals.h
|
| 3cbfe2c4159e0a219ae660d50625c013aa4afbd0 |
22-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Split the DiagnosticInfo class into two disjoint classes:
one for building up the diagnostic that is in flight (DiagnosticBuilder)
and one for pulling structured information out of the diagnostic when
formatting and presenting it.
There is no functionality change with this patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59849 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 5917d7894e8274b9625275dd4dd86c5d0040a242 |
21-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
- Clean up transfer function logic for 'return' statements.
- Add check for returning an undefined value to a caller.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59764 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| eabf776661662a8e652eb692084d20fddffd5cca |
19-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add SymbolData for array elements and struct fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59618 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
| 43b628cd47ecdc3caf640d79b3ad7ecef0f2c285 |
19-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Allow sending IdentifierInfo*'s into Diagnostics without turning them into strings
first. This should allow removal of a bunch of II->getName() calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59601 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 30bc96544346bea42921cf6837e66cef80d664b4 |
19-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
add direct support for signed and unsigned integer arguments to diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59598 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 73d2a1b05bb04ab0136af374ddaa5d4602d4c939 |
19-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
implement a transparent optimization with the diagnostics stuff:
const char*'s are now not converted to std::strings when the diagnostic
is formed, we just hold onto their pointer and format as needed.
This commit makes DiagnosticClient::FormatDiagnostic even more of a
mess, I'll fix it in the next commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59593 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| db0e15ae3e2b5e180541eec35e2bce54359ca7d8 |
18-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix 80-col violation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59523 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 0a14eee528a901c16f0e288fbc10a3abc1660d87 |
18-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
This reworks some of the Diagnostic interfaces a bit to change how diagnostics
are formed. In particular, a diagnostic with all its strings and ranges is now
packaged up and sent to DiagnosticClients as a DiagnosticInfo instead of as a
ton of random stuff. This has the benefit of simplifying the interface, making
it more extensible, and allowing us to do more checking for things like access
past the end of the various arrays passed in.
In addition to introducing DiagnosticInfo, this also substantially changes how
Diagnostic::Report works. Instead of being passed in all of the info required
to issue a diagnostic, Report now takes only the required info (a location and
ID) and returns a fresh DiagnosticInfo *by value*. The caller is then free to
stuff strings and ranges into the DiagnosticInfo with the << operator. When
the dtor runs on the DiagnosticInfo object (which should happen at the end of
the statement), the diagnostic is actually emitted with all of the accumulated
information. This is a somewhat tricky dance, but it means that the
accumulated DiagnosticInfo is allowed to keep pointers to other expression
temporaries without those pointers getting invalidated.
This is just the minimal change to get this stuff working, but this will allow
us to eliminate the zillions of variant "Diag" methods scattered throughout
(e.g.) sema. For example, instead of calling:
Diag(BuiltinLoc, diag::err_overload_no_match, typeNames,
SourceRange(BuiltinLoc, RParenLoc));
We will soon be able to just do:
Diag(BuiltinLoc, diag::err_overload_no_match)
<< typeNames << SourceRange(BuiltinLoc, RParenLoc));
This scales better to support arbitrary types being passed in (not just
strings) in a type-safe way. Go operator overloading?!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59502 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
athSensitive/BugReporter.h
|
| 2383b7f6aea2cb2bf2b5bfc0ec730f9354fecbbf |
18-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Change the diagnostics interface to take an array of pointers to
strings instead of array of strings. This reduces string copying
in some not-very-important cases, but paves the way for future
improvements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59494 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
athSensitive/BugReporter.h
|
| c5c8d7d57dbfb2ecb7c7db51711e3b198e379d6a |
18-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59493 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| cb529b542a6c473251d15fdd637b3230906ea1dc |
16-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enhance modularization: return a <state,loc> pair to let GRExprEngine modify the
environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59407 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| dc0a25d9bff956cdbe54ea0bfc8fbbe3ceb4eb92 |
16-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enhances SCA to process untyped region to typed region conversion.
- RegionView and RegionViewMap is introduced to assist back-mapping from
super region to subregions.
- GDM is used to carry RegionView information.
- AnonTypedRegion is added to represent a typed region introduced by pointer
casting. Later AnonTypedRegion can be used in other similar cases, e.g.,
malloc()'ed region.
- The specific conversion is delegated to store manager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59382 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
| 8bb87e8de5fc8e4c91e78468b65a66b5b2b82d71 |
15-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add isUnsigned option.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59355 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
| e04a5cb9afb5faa205c0bfa93103d6df691e05b2 |
15-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Implement FIXME in GRExprEngine::VisitUnaryOperator() to handle implicit conversions caused by the '!' operator. This required adding some logic to GRSimpleVals to reason about nonloc::LocAsInteger SVals. This code appears to work fine, but it should eventually be cleaned up.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59335 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 90e72e4106a0c3efa7575e9f9cba0c775bb54552 |
15-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add handy method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59332 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 06fb99fb403bff1651429923f666a2ebe2b1522f |
14-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Second attempt at implementation transfer function support for ObjCForCollectionStmt. We now assume that the 'element' expression can be any lvalue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59313 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 8d798c75b8aa8457ea06b22c6637d626ce1402de |
14-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename header file.
Update include files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59284 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
nalyses/UninitializedValues.h
upport/BlkExprDeclBitVector.h
upport/ExprDeclBitVector.h
|
| 366982aa941f949a0770d714de0de4d104f436bc |
14-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename ExprDeclBitVector to BlkExprDeclBitVector, and store mappings from Stmt* to bit indices instead using Expr*.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59283 91177308-0d34-0410-b5e6-96231b3b80d8
upport/ExprDeclBitVector.h
|
| 82bd99f4db2454cc6e1b7bfaac6db25cb3444ddc |
13-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
- Revert r59229 and r59232: AllocRegion should be immutable.
- Temporarily disabled test Analysis/array-struct.c for region store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59245 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 56af9773056eb064937c872845c0da6e3d46d4b4 |
13-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Change AllocaRegion to subclass TypedRegion. We need to know ElementRegion's
type when assigning to it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59229 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bfcb712627b9346ab92880d9075896dcc7700ac2 |
12-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Update CFGStmtVisitor to recognize that ObjCForCollectionStmts are special block-level "expressions".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59176 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| af3374187c47acea45706eab6744be6b1c66a856 |
12-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add (preliminary) transfer function support for ObjCForCollectionStmt. Still need to flesh out some logic.
When processing DeclStmt, use the new interface to StateManager::BindDecl. Conjuring of symbols is now done in VisitDeclStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59155 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| b5abb429e7aac731c3b4363a6118a6b3a6e27abc |
12-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Conjured symbols now bind to Stmt* instead of Expr*.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59154 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| d4931632946fe86fc2b09496f2b62443440a7da4 |
12-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
GRStateRef:
- Rename SetSVal to BindLoc
- Add BindDecl
- Add BindExpr
GRState:
- Environment now binds to Stmt* instead of Expr*. This is needed for processing ObjCForCollectionStmt (essentially the declaration of the the 'element' variable can have an SVal attached to it).
- BindDecl no longer accepts Expr* for the initialization value; use SVal* instead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59152 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
|
| 42577d145e2c6c3f77731645d442faa716f4c852 |
12-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
StoreManager::BindDecl now takes an SVal* for the initialization value instead of an Expr* (which can be null). Lazy symbolication of conjured symbols is now the sole responsibility of GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59151 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 7fdee87c203f8e9b6feed63e85256a8f8bc2bbc0 |
11-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add fine-grain methods for control which bits are set/reset in ExprDeclBitVector.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59073 91177308-0d34-0410-b5e6-96231b3b80d8
upport/ExprDeclBitVector.h
|
| 0518999d3adcc289997bd974dce90cc97f5c1c44 |
11-Nov-2008 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Introduce a single AST node SizeOfAlignOfExpr for all sizeof and alignof expressions, both of values and types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59057 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| cc128b32429494fe04ed36d7ba30c011cb4e173a |
10-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add pretty printing to StringRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58985 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 60156f0596a7ab9a39ddec74942b60a3da847174 |
08-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a boilerplate for out-of-bound array checking. This has no real function currently.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58886 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/Store.h
|
| c12dedbe9c164a2cc47940a3b7ea0c27efe58f1a |
07-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add simple get method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58848 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| b1ae7d985b72764f2c42bf45d6a801b600a59890 |
07-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Join two lines.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58847 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| f22679e3e5d5f5754931952e58112b4c863a4137 |
07-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Finish the implementation of VisitCompoundLiteralExpr. As VisitInitListExpr is
available, things get much simplified.
One addition is that CompoundLiteralExpr can appear both in rvalue and lvalue
context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58837 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
|
| a3d9ea8d93a0a4dbba0fd95c6a54c33faebc277c |
06-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Bring back RegionExtent classes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58795 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 817c67daf845b35a242cd9b68e9c5eccf09c63df |
03-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
- Remove AnonTypedRegion, which is not to be used.
- Prepare AnonPointeeRegioin for later use.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58595 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 7090ae1a984eb446a5fb4da7b1f2573830653799 |
02-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Added AllocaRegion, which represents regions created by calls to alloca().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58551 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 77cfac623178d0c16e16e2f171d20b0fea8fde30 |
31-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make CompoundLiteralRegion a subclass of TypedRegiion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58493 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 11a83dc7a9a5738cc0bc76180b508eae896eefa9 |
31-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add accessor method to CompoundLiteralRegion to retrieve the CompoundLiteralExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58476 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| b8b4161e52bacc6d189146bd632393dc5f060cb0 |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Pretty-printing for SVals now mainly uses llvm::raw_ostream. We have an adapter for std::ostream, but this will be removed in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58445 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| a6fac4e446eb30ed270eff9d4084d5db5e657fcf |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added iterators to nonloc::CompoundSVal.
Added pretty-printing for nonloc::CompoundSVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58442 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SVals.h
|
| a693d4fa7a6dc31b23837cf38cba7aa2af8f00f3 |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Update #includes since SVals.h no longer includes BasicValueFactory.h.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58439 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
|
| 632e8b84976f683b365eddfacd04ea5d6f4d8cdf |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
CompoundVal now uses an ImmutableList<SVal> to store its set of SVals. This change was motivated by the need to allow state-splitting in GRExprEngine::VisitInitListExpr. As a side-benefit, we no longer need to perform any copies of SVals when creating a CompoundSVal, and the profiling of CompoundSVal is now constant time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58437 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SVals.h
|
| 8cd5aaea92f12c25d65ecff5fc820def4c81c1aa |
30-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename:
- SetSVal(GRState*, Loc, SVal) => BindLoc
- SetSVal(GRState*, Expr*, SVal) => BindExpr
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58421 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| c4f8706b6539e06a5de153bd72850bb2e0a71456 |
30-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Implement VisitInitListExpr(). InitListExpr will have a nonloc::CompoundVal value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58419 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 6764b72f6f26b5c03471b9e379a44d379d2d4a9e |
30-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add CompoundVal and CompoundValData for representing the value of InitListExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58418 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SVals.h
|
| 8b2e05d9eef692f30054216237e776cb51acd054 |
29-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename: AddDecl => BindDecl
BindDecl better describes what the function does:
- Bind the VarDecl to its memory region
- Bind the memory region to some initial value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58359 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| ce63911d6bdd795f63365723d4cdaa6998529e1e |
29-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
MemSpaceRegions could be uninitialized. We only require R is a real region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58356 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c540b261ac553b91840146eaa3fee3f11b1013a7 |
28-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add isGlobalsRegion() predicate to MemRegionManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58313 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 9d293dfc0ad7c44ae0b5eb9517f1ed8c8d8b7ff7 |
28-Oct-2008 |
Douglas Gregor <dgregor@apple.com> |
Improve our handling of (C++) references within Clang. Specifically:
- Do not allow expressions to ever have reference type
- Extend Expr::isLvalue to handle more cases where having written a
reference into the source implies that the expression is an lvalue
(e.g., function calls, C++ casts).
- Make GRExprEngine::VisitCall treat the call arguments as lvalues when
they are being bound to a reference parameter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58306 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 0d958e7066db0ac2ecbce7286068db50cdb1de63 |
28-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
- Fix type-punning warning in SVals.cpp by using a real iterator class for symbol_iterator.
- Add symbol_iterator support for SymbolicRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58300 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 4f09027385466f1f4c382c80ca77157e2aef97d9 |
27-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added preliminary support for CompoundLiterals in the static analyzer:
- GRExprEngine::VisitCompoundLiteral...
(1) visits the initializer list (generating ExplodedNodes)
(2) creates a CompoundMemRegion for the literal
(3) creates a new state with the bound literal values using
GRStateManager::BindCompoundLiteral
- GRStateManager::BindCompoundLiteral simply calls
StoreManager::BindCompoundLiteral to get a new store and returns a persistent
GRState with that store.
- BasicStore::BindCompoundLiteral simply returns the same store, as it
doesn't handle field sensitivity
- RegionStore::BindCompoundLiteral currently fires an assert (pending discussion
of how to best implement mappings for CompoundLiteralRegion).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58277 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 9a1f03afc569abbdcc182379c99d1fe1ece67c9d |
27-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Pull determination of the super region for a VarRegion into a single getVarRegion() method. This provides a common clean API for clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58272 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 329d6fde79254503b14724e1231a9d70fa6b387f |
27-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added CompoundLiteralRegion to represent the (temporary) memory allocated for a compound literal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58270 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| e70559fd25bfd1970a82086c5f99cf9ef181b1ae |
27-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use ASTContext::getCanonicalType() to get TypedRegion's type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58247 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 27b57063d83b00474d7563fb5d608544e2364862 |
27-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
An ElementRegion is really a typed region. Its super region's type has to be ArrayType.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58245 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 197fa58ab40e3fee2137715e96d9bb1c59340837 |
26-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove loc::StringLiteralVal. Now we allocate regions for string literals in the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58182 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 143bf82ac5afba0757e6817a2c2bb970c20b32d3 |
25-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add code for get the lvalue for string literals. Now we return a StringRegion
for StringLiteral lvalue evaluation, instead of directly returning a
loc::StringLiteralVal by the Environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58138 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| e9f4e5420895a75dd788e9891921e7781c1823b9 |
25-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add StringRegion to MemRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58137 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 9deb0e35dea0f82691fadb60b61f45887ba67aba |
24-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added method "getSelfRegion" to Store. This method returns the region associated with the "this" or "self" object (C++ and Objective-C respectively).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58107 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| a7f1b9e8804012ed8df25d93f5a06cb26c9bbd2b |
24-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added region ObjCObjectRegion that represents an instance of an Objective-C object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58106 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bfb6582ef46dfb33672d9621f879fc262339d704 |
24-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
The Decl of an array region can be VarDecl or FieldDecl. Handle this in RegionStoreManager::ArrayToPointer().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58086 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| b21ff77c8126ea628b66d2ffb931fdaa7884f5d2 |
24-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add printing method to ElementRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58077 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| 9012bff2ce5afc85936315662d675f2bcede1ca2 |
24-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add printing with llvm::raw_ostream methods to SVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58073 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
| 95c7b00fe857a61a19185483aa0d85492ec9e258 |
24-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Make the analyzer store (memory model) a command line option.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58056 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/Store.h
|
| e1911afd2a79cb508bc81b30be49a0c8648a81b0 |
23-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Let StoreManager do different cast on arrays. BasicStore will just keep it intact.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58028 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 6e78e1b22f3b16bb2ef76950b9b75f060bdba7bf |
23-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Added a method to ElementRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58020 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| c92e5feb73a99e0e44d00c3ce0275d32bc56d7c6 |
22-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Adjust parameter order to more natural one.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57964 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 8e9bebdea69c590dedfbf27374114cb76fe12fbd |
21-Oct-2008 |
Douglas Gregor <dgregor@apple.com> |
Preliminary support for function overloading
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57909 91177308-0d34-0410-b5e6-96231b3b80d8
upport/ExprDeclBitVector.h
isitors/CFGRecStmtDeclVisitor.h
|
| 8485ec6a1d7d7f25ea680ea3740bc1a11d2bb7cd |
21-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Modify Store interface: GetSVal/SetSVal => Retrieve/Bind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57896 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 65e5e4054bdce29917995cb31934e96af62263b9 |
21-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add partial specialization of ImmutableList for GRStatePartialTrait.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57895 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
| 22ab7a4d900ed53285fd0b6720e7b43af84724d8 |
21-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Rename:
RValues.h/cpp => SVals.h/cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57893 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
athSensitive/MemRegion.h
athSensitive/RValues.h
athSensitive/SVals.h
athSensitive/Store.h
|
| 511191ce8920160525611be2be754c32a0724c3e |
21-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add ElementRegion to represent memory chunks for array elements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57891 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| dda0468b5aad99a59bd251a1b15c5cfd0243c041 |
21-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Change signature for CheckDivideZero.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57876 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 4bd1eefd48c70ebef185e524d0484c00f16000cf |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add pretty-printing support for FieldRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57724 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bf4e419d996bf42e4933cada610d973a0fcc40eb |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed an elusive caching bug in ExplodedGraph construction when a PostStmtKind was used instead of a PostStoreKind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57719 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 993f1c72913417be7c534ec7a634363cdfc84fa5 |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
- constify some uses of MemRegion* (MemRegion should be immutable).
- Added new region "SymbolicRegion", which maps symbol values to the region domain.
- Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion)
- Added some utility methods to GRState for fetch svals from the store.
- Fixed regression in CheckNSError (we weren't getting the value bound to the parameter)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57717 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/RValues.h
athSensitive/Store.h
|
| 1c96b24285d05c0eac455ae96d7c9ff43d42bc96 |
17-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This patch did the following renaming. There should be no functional changes.
RVal => SVal
LVal => Loc
NonLVal => NonLoc
lval => loc
nonlval => nonloc
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57671 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/ConstraintManager.h
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
athSensitive/RValues.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
| d9bc33efa195114d6f2a365c26e5b8dba4e1cc38 |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove lval::FieldOffset, lval::ArrayOffset. These will be replaced with regions.
Remove GRExprEngine::getLVal and RValues::MakeVal.
Enhance StoreManager "GetLValue" methods to dispatch for specific kinds of lvalue queries, as opposed to interogating the expression tree (GRExprEngine already does this).
Added FIXMEs. In particular, we no longer "assume" that a base pointer in a field/array access is null (this logic was removed). Perhaps we should do this when fetching the lvalue for fields and array elements?
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57657 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/RValues.h
athSensitive/Store.h
|
| 97ed4f68f5dba3e21e7a490ef0f9ffd3bfead7f8 |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add transfer function support for ObjCIvarRefExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57654 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 6d69b5d82281992e981caa9bc038e3f6cac6594a |
16-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This is the first step to build a better evaluation model for GRExprEngine. A
new VisitLValue method is added to replace the old VisitLVal. The semantics
model becomes more explicit to separate rvalue evaluation from lvalue
evaluation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57627 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 35bc0821c4f80041724cd4c5c4889b2581546a41 |
15-Oct-2008 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Simplify handling of struct/union/class tags.
Instead of using two sets of Decl kinds (Struct/Union/Class and CXXStruct/CXXUnion/CXXClass), use one 'Record' and one 'CXXRecord' Decl kind and make tag kind a property of TagDecl.
Cleans up the code a bit and better reflects that Decl class structure.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57541 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 178927517fa09ddbb04dc8ef725b5716c18aae21 |
08-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This is the first step to implement a field-sensitive store model. Other things are simplified: no heap shape assumption, no parameter alias assumption, etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57285 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
| bc678fdf614d2b66a4358f14a0a072f31b559c5c |
07-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Migrate MemRegionManager from StateManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57225 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| 4e27b8bb3f59e328e6f6c75104f86e354065438c |
06-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Use DeclStmt::decl_iterator instead of walking the ScopedDecl chain (which will soon be removed).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57187 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| c1d1bbf691819dc69c122cbdd376c5c630bae378 |
05-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove redundant parameter and rename StMgr to StateMgr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57107 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| 9e24049bef26b6289cce9ac9b483c5cbb096e3ae |
04-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.
This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h. This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses. This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.
The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls. In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal. Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.
There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.
The memory region abstraction also allows type-information to literally be affixed to a memory region. This will allow the some now redundant logic to be removed from the retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57042 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/RValues.h
athSensitive/Store.h
|
| 60a6e0ce72a24d6247602625c631fc3dc7bfd8d4 |
01-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add a QualType to ConjuredSymbol to represent the type and size of the symbol.
Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56894 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
| dfd296bae332d10a854620c059f5d9cef98764b8 |
29-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Extend 'IsLValType' to handle BlockPointerTypes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56797 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/RValues.h
|
| fa708259cb518e87a2e7f636671b94a49f823608 |
23-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 2819: Compute dataflow values for all CFG blocks by not relying on having the "Exit" block being reachable by all (or any) of the blocks in the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56492 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| 62059e809596a419e6fc3e751b2f0b57b7cc51e7 |
21-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add a bug category for NSError** checks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56394 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 8c036c7f77d69f96df49219ed0bdbade200d52eb |
20-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add "category" to BugTypes, allowing bugs to be grouped.
Changed casing of many bug names. The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56385 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
athSensitive/BugReporter.h
|
| 82bae3f6bf7bc4733d9c87659b266e23ad55f420 |
20-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add PostStore, a new ProgramPoint to distinguish between 'stores' and other PostStmts.
GRExprEngine:
Use PostStore in EvalStore.
Use a second version of EvalStore in EvalBinaryOperator to associate the store with the expression on the LHS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56383 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
rogramPoint.h
|
| 7360fda1efd88fd28ca2882579676dbd8569c181 |
19-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Implement second part of PR 2600: NSError** parameter may be null, and should be checked before being dereferenced.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56318 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/GRExprEngine.h
athSensitive/GRState.h
|
| cfdf9b4edf1172728be97d1ae2d95171975f812b |
18-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Change implementation of NSError** coding-style check to be invoked at the end of the retain/release analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56312 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/BugReporter.h
athSensitive/GRExprEngine.h
|
| f45d18c08b549644dd5f3d3ad731b8e4d09be730 |
18-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Implemented one of the checks requested in PR 2600:
"Method accepting NSError** argument should have non-void return value to indicate that an error occurred."
Test case written, but the header needs to be delta-debugged reduced. Will commit shortly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56297 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| d452758bb6b59340528a26def9ecc24b329d4ecf |
16-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
ProgramPoint now takes the space of two pointers instead of one. This change was
motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56245 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
athSensitive/BugReporter.h
rogramPoint.h
|
| 60dbad831a35ba0f58256b9bcd2a085af98ff2ec |
03-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Store: (static analyzer)
- Change definition of store::Region and store::Binding (once again) to make
them real classes that just wrap pointers. This makes them more strictly
typed, and allows specific implementations of Regions/Bindings to just
subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments
StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'
BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55688 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| f43aa4410f6fa53d72a277b3429c9f814f54d1b5 |
02-Sep-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fit the comments into 80 columns.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55619 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRWorkList.h
|
| d19e21bcd347542bd1fa9ec767f14d91ef593d34 |
29-Aug-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Added LLVM comment header.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55537 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
| 39cfed397baf1ffca0ab85cfa3d03087fe80e2cc |
29-Aug-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Migrate the rest symbolic analysis stuff to BasicConstraintManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55536 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/GRState.h
|
| 2bc39c61077e6a49728f309bb80a949fb0b2aaff |
29-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "getBindings" and "BindingAsString" to GRStateManager and StoreManager.
Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55522 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| c0637cfe928da2251d4379602c1c86fa5f0de2ca |
29-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove BasicStore.h (migrated function prototype for CreateBasicStore() to Store.h)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55519 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicStore.h
athSensitive/Store.h
|
| 05d0977a1c1a02bd2258113bbb623da43904c8ef |
29-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove Regions.h and Regions.cpp, since we are now using an even more abstract representation of "memory regions" in the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55515 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Regions.h
|
| 5f81c4415422b0aa5c59db69580b1079fc12a65f |
29-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Make store "Regions" and "Bindings" more abstract instead of concrete variants.
Their precise semantics will be implemented by a specific StoreManager.
Use function pointer to create the StoreManager in GRStateManager. This matches how we create ConstraintsManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55514 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicStore.h
athSensitive/GRState.h
athSensitive/Store.h
|
| 982e674e39b8022ff7dc020f9ed371f3904549c3 |
28-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed analyzer caching bug involving the transfer function for loads.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55494 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| e6c62e3d43728b0a4477fffd543723dd2170af1a |
28-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed analyzer caching bug in DeclStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55487 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 05125f180d8f0967d8bcb7e9d578e36eb6905b92 |
28-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Make the destructor of ConstraintManager virtual.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55448 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
| 30ad167f74cb8a04c35ced6c69b116f15d104f8e |
27-Aug-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor Assume logic into a separate class ConstraintManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicStore.h
athSensitive/ConstraintManager.h
athSensitive/GRState.h
|
| 2e287540c90255e14208e7e5f43f07cb752a1fd7 |
27-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "Auditor" interface for auditing the construction of ExplodedGraphs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55403 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 45b8789258b282769b03cbeb68e9f5b0308f067b |
27-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Make implementation of ExplodedNodeImpl::addPredecessor out-of-line.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55402 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 38a23ba1938b3996718d028f3505bc5ef8c07abd |
27-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove default value for 'Pred' argument to GRCoreEngineImpl::GenerateNode().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55392 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| d0c4b28aa9e1a0754d71dc61c37cda94bc8d27ed |
25-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added 'extents' for Regions.
Added 'getExtent()' to StoreManager.
Implemented 'getExtent()' for BasicStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55321 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicStore.h
athSensitive/GRState.h
athSensitive/Regions.h
athSensitive/Store.h
|
| e53c069bdaf0683f52ecfaf45ccfc816fdb4288f |
23-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Simplify interface to Store::AddDecl
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55213 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
| f03a8d276ced40f55478bfc29326c4365510e84c |
23-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added Regions.h: Regions define abstract memory locations for the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55211 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Regions.h
athSensitive/Store.h
|
| bbe8ff48be1728ef145c874d6d99879fac78892f |
22-Aug-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move the handling of DeclStmt from GRExprEngine to BasicStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55144 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| df9cdf8fce5bb43b335994f946f7c8e3a3bca7fa |
20-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Patch by Zhongxing Xu:
This patch moves some code in GRStateManager::RemoveDeadBindings() to EnvironmentManager::RemoveDeadBindings().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55064 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
|
| a622d8c2719e927b47f48dbebcece770e752dfb8 |
20-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Move store pretty-printing logic inside of StoreManager (previously in GRState).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55013 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| caa3724b1d525a888982f94a6ae2b527eb3bca7d |
19-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Patch by Zhongxing Xu!
This patch extends BasicStoreManager::getInitialStore() to include code that symbolicates input variables.
It also removes redundant handling of ImplicitParamDecl, since it is a subclass of VarDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54993 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
| b9d17f9384651d1052a17978d2e160448bfad404 |
17-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Migrate the retain/release checker to not manage the RefBindings::Factory object
directly, but instead have GRStateManager manage it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54862 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/GRStateTrait.h
|
| ffdbefd4415c33c8e1a25a950f36cb8e1e2c8673 |
17-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Migrate GRState::ConstEqTy (map used from tracking constants for symbols) to use the generic data map instead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54860 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| e7aa9a13642f50101ac1718098b41f8788b115bc |
17-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added GRStateTrait.h, which includes boilerplate code for creating specializations of GRStateTrait<>.
Modified GRStateTrait<ConstNotEq> in GRState to use the boilerplate in GRStateTrait<> for ImmutableMaps.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54859 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
athSensitive/GRWorkList.h
|
| 1c72ef092f3d931639cf44b4f4f9d0eedc1baa8f |
16-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
GRState:
- Remove ConstNotEq from GRState/GRStateManager (!= tracking uses GDM instead).
- GRStateManager now can book-keep "contexts" (e.g., factory objects) for uses
with data elements stored into the GDM.
- Refactor pretty-printing of states to use GRState::Printer objects
exclusively. This removed a huge amount of pretty-printing logic from
GRExprEngine.
CFRefCount
- Simplified some API calls based on refinements to the GDM api.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54835 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
|
| 72cd17f0a4722e1fa3eb47c08a7aa29aeba16754 |
14-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Migrated retain/release checker to use the Generic Data Map in GRState (instead
of using CheckerState).
Removed CheckerState from GRState.
Added class GRStateRef which wraps GRState* and GRStateManager*. This is handy
for generating new states with a single handle.
Added member template set/get functions to GRStateRef/GRState/GRStateManager for
accessing the Generic Data Map.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54788 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
| ae6814efb6c41bd0c0f6413d25097105284d5be7 |
13-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Renamed GRState::CheckerStatePrinter to GRState::Printer.
Updated checker state printer interface to allow transfer functions to return an arbitrary number of GRState::Printers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54762 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/GRTransferFuncs.h
|
| 62e1dcca86e2b2be6168a447f0399337e2b71f33 |
13-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename ValueState.h -> GRState.h
Rename ValueState.cpp -> GRState.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54722 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/ValueState.h
|
| 4adc81e540b874bafa15715fd2c5cb662463debd |
13-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename ValueState -> GRState.
Rename ValueStateManager -> GRStateManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54721 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRExprEngine.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRTransferFuncs.h
athSensitive/ValueState.h
|
| 5c135b47d0fcdc33c912c4ed2ea750bdd6064da3 |
13-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix memory leak found by Sam Bishop: delete WList in the dstor of GRCoreEngineImpl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54714 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 450202284e7e0a1758be935ee6ae1296cc9dc97d |
12-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added GenericDataMap as a component of ValueState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54704 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueState.h
|
| 2619be072ccc6a722278d1ec39b98eae068d3da3 |
08-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added AssumeSymGT, AssumeSymGE, AssumeSymLT, AssumeSymLE to add some minor improvements to path-sensitivity. Right now we basically treat 'x > y' and 'x < y' as implying 'x != y', but this restriction will only inevitably apply to our must rudimentary value tracking component (we'll implement more advanced value reasoning later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54493 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ValueState.h
|
| 22bda887aacd0e591978541a799aa43835652ec9 |
31-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54253 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| a32980435ab2e3a5e037b2ebe936682e1ffe80e1 |
23-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Use typedef range_iterator instead of SourceRange* in PathDiagnosticPiece.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53962 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 395aaf20d6e1ab04741562dc6b7d47164bcbd87e |
23-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Add prototype implementation of unused ivar check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53942 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 78d46242e3351484c2b773f5610beba5d316914b |
22-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Moved registration of basic path-sensitive checks from GRSimpleVals.cpp to GRExprEngineInternalChecks.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53909 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/GRExprEngine.h
|
| 584def7364f51e35bfcaf5c3c64673096533adda |
22-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added path-sensitive checking for null pointer values passed to function arguments marked nonnull.
This implements <rdar://problem/6069935>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53891 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRAuditor.h
athSensitive/GRCoreEngine.h
athSensitive/GRSimpleAPICheck.h
athSensitive/ValueState.h
|
| 70a733e64e2379a654631a14fa29e46761d5f80d |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Add panic support for NSAssertionHandler.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53758 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 40fc5c7e235965af368a34cdbb6d32827cd1e1d8 |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix regression by explicitly checking if we are negating a SymIntConstantVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53753 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/RValues.h
|
| ad8329e58df5b0b2c44dca1447b324467a6c5da1 |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Renamed deterministic EvalBinOp to DetermEvalBinOpNN. This name mangling is unfortunately needed because virtual methods with the same name can be hidden by subclasses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53751 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 6297a8ec313c722db50f686fd190842b7ea91118 |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Created ValueStateSet class to manage the creation of multiple states by a method.
Modified the new EvalBinOpNN to generate states instead of nodes. This is a much simpler interface and is what clients will want to do.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53750 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/ValueState.h
|
| 4d9985ab390079ccc8b05b6c349026f237567b8f |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove dead method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53748 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 729a9a276f39e75038ed100fc76055fb709b17f4 |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Move GRTransferFunc* into ValueStateManager, and move the assumption logic there as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53743 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/ValueState.h
|
| b48c6455dde10395cd4f3b6b054b2de34a73f7f5 |
17-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove redundant logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53740 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| df7533b5e523a3def04b5c33b56361a94dd97d35 |
17-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Begin major changes to EvalXXX methods in GRTransferFuncs. Currently some of the methods only return an RVal; we want them to be able to create an arbitrary number of states.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53739 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/ValueState.h
|
| f59bf48ee79ed218e6dcaf1b82fa730efd0e9999 |
17-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Moved RemoveDeadBindings logic for the contents of 'Store' to a virtual RemoveDeadBindings method in StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53726 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
athSensitive/ValueState.h
|
| 8f2698621f5090db1dea691059bd0ebd79fb7f14 |
14-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactor Dead Stores error reporting to use the simplified BugReporter::EmitBasicReport interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53573 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 57202071e477530e9348bc76671ee369b2399b92 |
14-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added method "EmitBasicReport" to BugReporter to simplify the emission of simple bug diagnostics.
Refactored error reporting in CheckObjCDealloc and CheckObjCInstMethSignature to use this new bug reporting interface (major code simplification).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53560 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 0d8019e55c0f465bafc11b04aed691de95b9131d |
12-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Add new check: -check-objc-methodsigs. This check scans methods in
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53482 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| bdb435ddaafd5069becd543d638112f68825b89d |
11-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactored auditor interface within GRExprEngine and GRCoreEngine to use a "batch auditor" to dispatch to specialized auditors instead of having a separate vector for each audited Expr*. This not only provides a much cleaner implementation, but also allows us to install auditors for any expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53464 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| 4323a57627e796dcfdfdb7d47672dc09ed308eda |
11-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactored most of the "Store" piece of ValueState into a Store type. The
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53423 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicStore.h
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
athSensitive/Store.h
athSensitive/ValueState.h
|
| e5690319a0e834b9bd9dcb5e444e59ecc5da3105 |
10-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove unused class AnnotatedPath.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53413 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnnotatedPath.h
|
| d72ee907f76000446c706471e93d1f299104f9a7 |
10-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Move some environment methods from ValueState/ValueStateManager to Environment/EnvironmentManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/ValueState.h
|
| 1fa7f58b3a5e8aca4745c59f99659c3e11e876c4 |
09-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove getParentMap() from GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53343 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 8133a26c166be89fb4f0a339db1e2fe923c51a70 |
08-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Initial work on splitting the ValueState into an Environment, Store, and
Constraints. These concepts are already present in the current ValueState, but
the implementation is monolothic. Making ValueState more modular opens up new
design choices for customizing the analysis engine.
In the context of the analysis engine, the "Environment" is the binding between
Expr* (expressions) and intermediate symbolic values (RValues).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53252 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/ValueState.h
|
| 3cd483cbbf8921f463b3ee91d5da8a63db9d1299 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
For the -dealloc checker, check the LangOptions to determine whether or not the code is compiled with GC.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53098 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 7032f460fc9828f386056e75933da5af61e88638 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Have BugReporter::getCFG and BugReporter::getLiveVariables returns pointers instead of references, because they can both fail
on functions we cannot construct full CFGs for yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53081 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| db09a4dee28a4515438af60f2d2b4a83e4965c31 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added static analysis check to see if a subclass of NSObject implements -dealloc, and whether or not that implementation calls [super dealloc].
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53075 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/BugReporter.h
|
| e207558e9dbed963eebf5cf31fdb02616f1545a3 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Unify the code path for the Dead Stores checker to always use the BugReporter interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53054 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/BugReporter.h
|
| c095997b853270d8adb6fe55209a4dbc42803d16 |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactored some of the BugReporter interface so that data such as the ASTContext&, PathDiagnosticClient*, can be provided by an external source.
Split BugReporter into BugReporter and GRBugReporter so checkers not based on GRExprEngine can still use the BugReporter mechanism.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53048 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRExprEngine.h
|
| 8b23361a6a50be6dbd1056add570eb90598474b0 |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine now expects the LiveVariables information to be provided by its creator.
This allows an optimization in AnalysisConsumer where the same LiveVariables information is used between multiple analyses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53046 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 17fdf955237aa626acbfd6070633318380c2340f |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added version of CheckDeadStores that accepts a client-provided LiveVariables object.
Modified the DeadStores logic in AnalysisConsumer.cpp to use the LiveVariables object created by the AnalysisManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53043 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 1a654b60ef40e84f3943cdb581795c4d4dae1e45 |
20-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Modified the dead stores checker to...
1) Check if a dead store appears as a subexpression. For such cases, we emit
a verbose diagnostic so that users aren't confused. This addresses:
<rdar://problem/5968508> checker gives misleading report for dead store in loop
2) Don't emit a dead store warning when assigning a null value to a pointer.
This is a common form of defensive programming. We may wish to make
this an option to the the checker one day.
This addresses the feature request in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52555 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/BugReporter.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| 331b0ac44b9eb0ffcba66b4f3f3f9adb27c2434f |
18-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Added a new ProgramPoint: PostPurgeDeadSymbols. This new program point distinguishes between the cases when we just evaluated the transfer function of a Stmt* (PostStmt) or performed a load (PostLoad). This solves a caching bug observed in a recent bug report.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52443 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
rogramPoint.h
|
| 4111024be81e7c0525e42dadcc126d27e5bf2425 |
17-Jun-2008 |
Chris Lattner <sabre@nondot.org> |
Change self/_cmd to be instances of ImplicitParamDecl instead of ParmVarDecl.
Patch by David Chisnall!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52422 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 259dfdc79126a957e56e55e3e3788031b99be12f |
07-Jun-2008 |
Chris Lattner <sabre@nondot.org> |
Mark the right ctor explicit, patch by Cédric Venet
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52078 91177308-0d34-0410-b5e6-96231b3b80d8
upport/ExprDeclBitVector.h
|
| f494b579b22f9950f5af021f0bf9879a91bb8b41 |
29-May-2008 |
Steve Naroff <snaroff@apple.com> |
- Move ObjC Expresssion AST's from Expr.h => ExprObjC.h
- #include ExprObjC.h in many places
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51703 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| f377fc85488f4799ced714ac60e65a0e3f8f69cb |
23-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Unbreak build. Forget to check in this header file change with a previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51470 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 76d90c8bf83d071fd1bdbffa6d9f2af87c6bb7b5 |
16-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Partitioned BugTypeCachedLocation::isCached() into two methods: one that accepts and ExplodedNode, and the other that accepts a ProgramPoint. The default behavior is to cache bug reports by the
location they occur (the end node). Subclasses can override this behavior by providing a different ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51197 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 0e470a5326ccf2f6a7c3d12b2aa54a7af2292837 |
10-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename IsPointerType to LVal::IsLValType, and update CFRefCount::EvalSummary to use IsLValType when conjuring symbols for return values (this fixes a bug with an assertion firing in the analyzer when two qualified objective-c types were compared).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50924 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/RValues.h
|
| 466265cd04df98428967adfade577bed7636d910 |
06-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "DisplayHint" to PathDiagnosticPiece to provide a hint for the
PathDiagnosticClient of where to display a string (beyond just the SourceLocation).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50773 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 922059dec59c7bed235da01aff75ae522a369811 |
06-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed subtle bug in the an GRAuditor object could mark a node as a sink
after it was already added to the destination NodeSet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50701 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 200ed924bb13784ca043088f71c62fc323fd836d |
03-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename member variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50597 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 9f7416138b8befe2d274f6f2cadc792d2c279711 |
02-May-2008 |
Ted Kremenek <kremenek@apple.com> |
When running the reference count checker twice (GC and non-GC mode), only emit
basic warnings (dead stores, null dereferences) on the first pass.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50584 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| c9fa2f7bcc3061aa8bcdbe0df26d2c7cf7281539 |
02-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Added line number diagnostics to indicate the allocation site of the leaked object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50553 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| bb77e9b908658b354b058509d3801f3aed052bec |
02-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Do not highlight bogus ranges for leaks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50549 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| e448ab4f9dd162802f5d7cfea60f7830cc61c654 |
01-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Added temporary fix for Obj-C exception handling in the static analyzer: treat these as panic functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50535 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 31593ac2782b2039484210052535f40c243dcf72 |
01-May-2008 |
Ted Kremenek <kremenek@apple.com> |
When processing "release", "retain", and "autorelease" messages return the
lval passed as an argument.
Fix: Inverted diagnostic messages.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50513 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 072192bcbb05a0fee7ec3061750b27e8d2004952 |
01-May-2008 |
Ted Kremenek <kremenek@apple.com> |
added preliminary diagnostics in scan-build results to denote whether
a CF memory leak occurred with GC enabled, etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50507 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athDiagnostic.h
athSensitive/BugReporter.h
|
| c0c3f5dbc9e78aa53a86c7d5e3eeda23ddad93d6 |
30-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Teach more of the static analyzer about ObjCQualifiedIdType.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50494 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 4d0348b6c74d2710a3693bbfbcfc5fcb3bc132ee |
30-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Add lval::ArrayOffset, which represent the locations of entries in an array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50453 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/RValues.h
|
| 718c4f7b3ff713c3ebee46553d687bde63e5666f |
30-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added lval::FieldOffset, which represents symbolic lvalues for field offsets from other Lvalues.
This removes the failure in null-deref-ps.c (test suite).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50449 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/RValues.h
|
| 1b8bd4d71c2098126041b4de4267175a82f0103c |
29-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Major rewrite/refactoring of static analysis engine. We now use
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.
This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50443 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/ValueState.h
rogramPoint.h
|
| e5c30122cae6113660c6098301fd22db1693e69a |
29-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Provide the option to run the CF-retain checker in GC enabled mode.
The transfer functions for the checker don't do anything special yet in GC mode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50394 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 6e5977f0a8a680191fb4b4d8f32bc2c629faf0c2 |
26-Apr-2008 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Make assertions for all addresses passed to ProgramPoint that they have at least an 8-byte alignment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50310 91177308-0d34-0410-b5e6-96231b3b80d8
rogramPoint.h
|
| 910e999c19dfcad3ae2a649e08e616525cef0af3 |
25-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Do a better job at computing dead symbols.
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.
This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50241 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRTransferFuncs.h
|
| 846d4e923bf11bcdc2816758aafa331795f29230 |
25-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
More boilerplate for handling specialized-transfer function logic for dead symbols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50233 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 77d7ef8d8a80ccb2ab3d25c80810571e3ab14ee4 |
24-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added initial boilerplate in GRExprEngine to allow checker-specific transfer
function logic to act when symbols become dead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50221 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/ValueState.h
|
| a43a1eb6e7c773b79898541794bf819601719493 |
24-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
When building PathDiagnostics for bug reports, generate a trimmed ExplodedGraph with a single path that BugReport objects can safely walk and introspect.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50194 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 186350f192bbc6a81bc6d7c3647c2243353f21ba |
23-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed: <rdar://problem/5881148>
Problem:
In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference. This was a horrible regression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50176 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 5b7dcce86c79370f16fd89ecebd454a3b4eec73c |
23-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Rewrote VisitDeclStmt to properly handle initializers that can do anything.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50112 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| a548846b471f7ca05ec6038c7d9d3b4d0de777cc |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added lval type (and tracking) for StringLiterals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50109 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/RValues.h
|
| 0fe33bc94a822e315585e5cde1964d3c3b9052f9 |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50108 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/RValues.h
|
| 5585114307b6ba4874546212cb6e5399cfff7ffb |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnosticClients now retain ownership of passed PathDiagnostics, requiring
them to not be stack-allocated.
HTMLDiagnostics now batches PathDiagnostics before emitting HTML in its dtor.
This is a workaround for a problem when we trampled the Preprocessor state
when highlighting macros (sometimes resulting in an assertion failure).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50102 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| c5b1bf10133a8ecbfe9e6b3ec92bae84e3d927e8 |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Add VisitArraySubscriptExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50090 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 469ecbded3616416ef938ed94a67f86149faf226 |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added support for detected bad dereferences involving MemberExprs, e.g. x->f where "x" is NULL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50071 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 95cc1bae89ac68626d6f4d389e189ce1ef3aa7f6 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Generalize caching mechanism for bugs reports. Now individual BugTypes
can decide the policy on how to cache related bugs. This allows us to
properly to handle warning about multiple leaks in the same location in the
ref count checker (not yet done).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49918 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| b0533965f1b4db020692e3b23ca7b3bc15bf5897 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed more caching bugs related to the one fixed in r49914. Silence
compiler warning introduced by a recent patch of mine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49917 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| eaa9edac11531178b14e060a32d0ac8b805021d0 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed elusive caching bug that led to false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49914 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| cb61292aeafc1dc1bc4064fb3d2733717d1d50e5 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "GetErrorNodes()" to BugType so that -trim-egraph can recognize errors
from registered BugTypes. This helps with debugging.
Add detection of NULL values in ref count checker; this suppresses false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49912 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRTransferFuncs.h
|
| 550a0f94938817e3550d79adcc6f1f27410f7593 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "EvalAssume" virtual method to GRTransferFuncs; this is for evaluating
the checker-specific logic of symbolic assumptions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49910 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 8dd564630c901d6d62dd2ffd4110b613d0055078 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
BugReport::VisitNode now takes BugReporter& instead of ASTContext&.
Shuffled around code in CFRefCount to better pair classes with implementation,
and started adding subclasses of RangedBugReport to handle better diagnostics
for reference count bugs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49889 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 75840e1501563fe7c3dcb5600b75965ba1fe1bc4 |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Simplified internal logic of BugReporter, consolidating EmitWarning and
EmitPathWarning into one method. We now properly handle emitting warnings
without a PathDiagnosticClient when the warning does not involve a particular
statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49884 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| bd7efa8ca27ed9676acf00abf31d5e1cd54651cc |
18-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Modified BugReport::getEndPath() to handle the case where end path is at
the exit block of the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49880 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 6b31e8ed11721505645860f40486e091ecd23dd0 |
17-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Handle ReturnStmts by dispatching to "EvalReturn" in the transfer function object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49826 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 411cdee0b490f79428c9eb977f25199eb7d21cd8 |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added CFGBlock::getTerminatorCondition() to get the Expr* of the condition a block's terminator.
Refactored LiveVariables to use getTerminatorCondition() in VisitTerminator().
Bug fix: CFG now computes Block-level expression numbers using information
from block terminators. This fixes <rdar://problem/5868189>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49818 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| 1392261ff4418a070fb919cb4832b76b468b6faa |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Small tweaks to EvalStore: pass an "RVal" instead of "LVal" for the TargetLV to
represent possible stores to "Unknown."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49811 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| ec96a2d52d16e150baaf629cd35e3fabff5d8915 |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Hook up "EvalStore" from GRTransferFuncs to GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49804 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| e38718e3251d9f2489f38a5467fdab06f53e8e77 |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Take first step to migrating handling of "stores" to values from GRExprEngine
to the plug-in GRTransferFuncs object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49801 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e695e1cd7d8a579455e8969be36cbaf10a316a64 |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added some comments to GRExprEngine. Reorder some of the method definitions
to start logically organizing them.
Added initial plug-in transfer function support for Objective-C message expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49752 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| d4bad1ed00d19c44d3c8122e4486486488f38ae9 |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Revert my previous patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49751 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 12ce650bbab95450b7b3d3399212609cd9aba72c |
16-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove dispatch to "VisitParmVarDecl".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49750 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 248a753f6b670692523c99afaeb8fe98f7ae3ca7 |
16-Apr-2008 |
Steve Naroff <snaroff@apple.com> |
Remove FileVarDecl and BlockVarDecl. They are replaced by VarDecl::isBlockVarDecl() and VarDecl::isFileVarDecl().
This is a fairly mechanical/large change. As a result, I avoided making any changes/simplifications that weren't directly related. I did break two Analysis tests. I also have a couple FIXME's in UninitializedValues.cpp. Ted, can you take a look? If the bug isn't obvious, I am happy to dig in and fix it (since I broke it).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49748 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/UninitializedValues.h
isitors/CFGRecStmtDeclVisitor.h
|
| 7deed0c65b315cac037539401c49586283158d9f |
15-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in terminator processing for uninitialized-values: simply ignore the terminator, don't reprocess it.
LiveVariables analysis now does a flow-insensitive analysis to determine what variables have their address taken; these variables are now always treated as being live.
The DataflowSolver now uses "SetTopValue()" when getting the initial value for the entry/exit block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49734 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/LiveVariables.h
lowSensitive/DataflowSolver.h
|
| 42e7fe5685de54c18d1c466632dacacabde0b202 |
15-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Bug fix in VisitChildren: Only visit the last statement in a StmtExpr and the RHS of a comma expression, as the other Stmts will be visited elsewhere in a CFGBlock.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49710 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGStmtVisitor.h
|
| 37622081d8a139a3249613acaa80106ec97261fb |
15-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added initial support into the flow-sensitive dataflow solver to visit the Block-level expression
in a block's terminator. This expression is visited within a block, but it is accessed by the
terminator. This is important to observe because for live-variables analysis the block-level
expression is live between the terminator and where the expression occurs in the block. So far
this hasn't been an issue to not observe this because the block-level expression used in the
terminator is always the last one in the block, and we have never queried the liveness information
about this point (but before the terminator).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49709 91177308-0d34-0410-b5e6-96231b3b80d8
lowSensitive/DataflowSolver.h
|
| d2f642b56e87493edfc3b0dab359b5e32d5f8a5e |
14-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Hooked up the dead-store checker to the BugReporter interface. Now dead-store
warnings are emitted as part of the warnings registered by GRSimpleVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49658 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
athSensitive/BugReporter.h
athSensitive/GRExprEngine.h
|
| 52f379500f4290efaf425a9a5cbc631e2e48a559 |
12-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "EvalEndPath" to GRTransferFuncs: the default implementation does not
change the state (and thus the GREndPathNodeBuilder automatically contructs a
node).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49563 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
athSensitive/GRTransferFuncs.h
|
| 11062b118476368fa5b294954713e5df97d8599f |
12-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "GREndPathNodeBuilder", a new node builder that will be used for
evaluating transfer functions at the end-of-path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49561 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
|
| 5e55cda64f4452fa65d83f66390c7126a8b248bb |
11-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "RangedBugReport".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49551 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 3ea0b6a0870889fc2822549ed52d98bf5e292a24 |
11-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix some bonehead bugs in summary generation in CFRefCount.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49503 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| d71ed26dd80cdfebb5bb49000cce538e6c9a90e3 |
11-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.
Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49500 91177308-0d34-0410-b5e6-96231b3b80d8
ocalCheckers.h
|
| 4d35dacf85fc9fb257baa1a846abef2361a1c426 |
10-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed regressions in error reporting due to copy-paste errors (using the "begin"
iterator instead of "end") and not implementing "getDescription()" for Nil
argument checks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49485 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| 50a6d0ce344c02782e0207574005c3b2aaa5077c |
09-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Major refactoring/cleanup of GRExprEngine, ExplodedGraph, and BugReporter.
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.
GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.
ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49453 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/ExplodedGraph.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRSimpleAPICheck.h
athSensitive/GRTransferFuncs.h
|
| 6837faa083bebad39aa342f84c2b450fb6410eaf |
09-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added new "BugReporterHelper" class which is used by BugReporter to emit
checker-specific diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| e0def7589a8afa8a6acef13476bb3f882c104b91 |
06-Apr-2008 |
Chris Lattner <sabre@nondot.org> |
fix a number of const qualification bugs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49257 91177308-0d34-0410-b5e6-96231b3b80d8
upport/ExprDeclBitVector.h
|
| b22d589e2ccd09cada0bcea136f0966883a8bb11 |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Make typedefs public.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49185 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| f1ae705460552655fe7275327804444c62e86bae |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Hooked up GRSimpleAPICheck and the simple Objective-C Foundation checks to use
the new BugReporter interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49180 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
athSensitive/GRSimpleAPICheck.h
|
| 84867e60a466fa1199eb4e838ddf873a2f7658a9 |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Mark nodes as sinks that GRAuditor says should be marked as sinks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49179 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRCoreEngine.h
|
| 7ebde953bb050caa69f791fc1de449d435c6a36f |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added node_iterator to ExplodedGraph to allow iteration over all nodes in
the graph.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49132 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 61f3e058056ab519d249aa67e3d52b0ead57c63e |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Created new path-sensitive bug-reporting scheme based on the classes
"BugReporter" and "BugDescription". BugDescription is used to describe
a bug and provide pieces of the PathDiagnostic, and BugReporter creates
the actual PathDiagnostic by crawling through the ExplodedGraph.
Migrated checks done by GRSimpleVals to be reported using the new BugReporter
mechanism.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49127 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BugReporter.h
|
| d065d6080f0620bb80b933f3f5d52d37bb2ea770 |
03-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added missing #ifndef...#define...#endif directives to protect against
double includes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49126 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| 3352fbab86aa669453c9d39cb1581dd229d20af3 |
02-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix initialization bug.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49115 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 725779aa8f786fc844c6db89f52de47a8b24d229 |
02-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "back()" method to PathDiagnostic to access the last piece in a path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49112 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 3110251f13981689f384eb3c0aba2afffea18d9d |
02-Apr-2008 |
Steve Naroff <snaroff@apple.com> |
Change ObjCInterfaceDecl to inherit from NamedDecl (not TypeDecl). While ObjCInterfaceDecl is arguably a TypeDecl, it isn't a ScopedDecl. Since TypeDecl's are scoped, it makes sense to simply treat them as NamedDecl's. I could have fiddled a bit more with the hierarchy (in terms of creating a non-scoped TypeDecl), however this probably isn't worth the effort.
I also finished unifying access to scope decl change by converting Sema::getObjCInterfaceDecl() to use Sema::LookupDecl(). This is much cleaner now:-)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49107 91177308-0d34-0410-b5e6-96231b3b80d8
isitors/CFGRecStmtDeclVisitor.h
|
| 845ddbcd7f0eacbf59ea85e5dcccbe18eaae35eb |
02-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "description" field to PathDiagnostic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49083 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| 0e8a3c743b9b3e3039e329a1736122d3b5b5fed9 |
02-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix copy-paste error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49076 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 4dc41cc8de3a915d8dfb3b02d91304a3975aa3ca |
31-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Inlined clang/Analysis/Analyses/GRSimpleVals.h into LocalCheckers.h and removed
GRSimpleVals.h
Added a PathDiagnosticClient option to the driver functions for the
CFRefCountChecker and the GRSimpleVals analysis. Both analyses now accept a "-o"
argument from the driver that specifies where HTML reports should be dumped.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48989 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses/GRSimpleVals.h
ocalCheckers.h
|
| 02737ed29d7fff2206f7c7ee958cdf0665e35542 |
31-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Added path-sensitive check for return statements that return the address
of a stack variable. This is the path-sensitive version of a check that
is already done during semantic analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48980 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRExprEngine.h
|
| e5d5c204c761cc3b2a6374a15b035420f207c7af |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Hooked up initial NSString interface checking to GRSimpleVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48895 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnnotatedPath.h
athSensitive/GRCoreEngine.h
athSensitive/GRSimpleAPICheck.h
|
| 0f9063c116b7c3b05d8042b5976463c2dae04861 |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
ProgramPoint is just a smart pointer; no reason to return a constant reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48891 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
| 5c6422f36c5280046bbbcb54ff797639458a64ff |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Add default ctor implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48885 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnnotatedPath.h
|
| 99c6ad3f22b865d0f4cce52bc36904403c9ed4c4 |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "GRAuditor" and "GRSimpleAPICheck" interface to allow simple stateless checkers to be injected into the analyzer.
Added "AnnotatedPath" class to record an annotated path that will be useful for inspecting paths.
Added some boilerplate code for simple checks of Apple's Foundation API.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48867 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnnotatedPath.h
athSensitive/GRAuditor.h
athSensitive/GRCoreEngine.h
athSensitive/GRExprEngine.h
athSensitive/GRSimpleAPICheck.h
|
| 120187de4be187a6b0f903c05175bfa05af8002f |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
PathDiagnosticPiece no longer contains a vector of strings; just one string.
PathDiagnostic no longer contains a diagnostic ID or diagnostic level.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48864 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| d3abcdfa30e476571e214d5d74fb12ac43d153ba |
27-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Added classes "PathDiagnosticPiece", "PathDiagnostic", and "PathDiagnosticClient", which encapsulate diagnostic reporting for paths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48861 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnostic.h
|
| dbfe41acda3078f8fe566318c0097f7ae683c6bb |
25-Mar-2008 |
Ted Kremenek <kremenek@a |