ef8225444452a1486bd721f3285301fe84643b00 |
21-Jul-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for rebase to r212749. This also fixes a small issue with arm_neon.h not being generated always. Includes a cherry-pick of: r213450 - fixes mac-specific header issue r213126 - removes a default -Bsymbolic on Android Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d
nalyzerOptions.h
athSensitive/CallEvent.h
athSensitive/CheckerContext.h
athSensitive/ExplodedGraph.h
|
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 |
29-May-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
hecker.h
athSensitive/BasicValueFactory.h
athSensitive/BlockCounter.h
athSensitive/CallEvent.h
athSensitive/CheckerContext.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/ProgramStateTrait.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SubEngine.h
athSensitive/SymbolManager.h
athSensitive/WorkList.h
|
651f13cea278ec967336033dd032faef0e9fc2ec |
24-Apr-2014 |
Stephen Hines <srhines@google.com> |
Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
nalyzerOptions.h
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
ugReporter/BugType.h
ugReporter/PathDiagnostic.h
hecker.h
heckerManager.h
athSensitive/APSIntType.h
athSensitive/AnalysisManager.h
athSensitive/BlockCounter.h
athSensitive/CallEvent.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/ProgramStateTrait.h
athSensitive/SValBuilder.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
3eb52bb5d791630f926ff2226dae25012315ad9a |
20-Nov-2013 |
Bill Wendling <isanbard@gmail.com> |
Merging r195174: ------------------------------------------------------------------------ r195174 | zaks | 2013-11-19 16:11:42 -0800 (Tue, 19 Nov 2013) | 1 line [analyzer] Fix an infinite recursion in region invalidation by adding block count to the BlockDataRegion. ------------------------------------------------------------------------ git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@195228 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
|
b7a747b0c271faeeb8d0f886f0e691eb25f637d9 |
17-Nov-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Better modeling of memcpy by the CStringChecker (PR16731). New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
|
9568d1c45feef22713afa551d06d60a05dc07133 |
21-Oct-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Cleanup redundant include. Patch by Daniel Marjamäki. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193093 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
063820655db8121f0022a7c51458463c7250324c |
20-Oct-2013 |
Benjamin Kramer <benny.kra@googlemail.com> |
Miscellaneous speling fixes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193046 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
31b71f3097a338315a144067dde5b160c4e44fc9 |
07-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] ArrayRef-ize BugReporter::EmitBasicReport. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192114 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
edcc199f5861dd8ad1ec3ad1b83512d2a92e515a |
04-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace bug category magic strings with shared constants, take 2. Re-commit r191910 (reverted in r191936) with layering violation fixed, by moving the bug categories to StaticAnalyzerCore instead of ...Checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191937 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugType.h
ugReporter/CommonBugCategories.h
|
10a61586e12fcd94dad877cbcf09cc34aec980d8 |
04-Oct-2013 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Temporarily revert r191910 until the layering violation can be fixed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191936 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugType.h
|
4587cace907ed9a68256bdae506fbb8d93ac232c |
03-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace bug category magic strings with shared constants. One small functionality change is to bring the sizeof-pointer checker in line with the other checkers by making its category be "Logic error" instead of just "Logic". There should be no other functionality changes. Patch by Daniel Marjamäki! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191910 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugType.h
|
9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f |
28-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make inlining decisions based on the callee being variadic. ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8 |
25-Sep-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
36d558d85653315edb389677e995ec9ccdbfbf3d |
03-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
Add an implicit dtor CFG node just before C++ 'delete' expressions. This paves the way for adding support for modeling the destructor of a region before it is deleted. The statement "delete <expr>" now generates this series of CFG elements: 1. <expr> 2. [B1.1]->~Foo() (Implicit destructor) 3. delete [B1.1] Patch by Karthik Bhat! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189828 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
642a4dbc220854927e2e390d11312f1e46a9ae63 |
27-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't include Clang headers inside a namespace. Found by Gabor Kozar! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189370 91177308-0d34-0410-b5e6-96231b3b80d8
heckerRegistry.h
|
d207f55cd58054aab77edca35b3e7f645738dfe2 |
19-Aug-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Fix inefficiency in dead symbol removal Summary: ScanReachableSymbols uses a "visited" set to avoid scanning the same object twice. However, it did not use the optimization for LazyCompoundVal objects, which resulted in exponential complexity for long chains of temporary objects. Adding this resulted in a decrease of analysis time from >3h to 3 seconds for some files. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1398 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188677 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
cacdbc97d11d2bbde00a63dace6ac26f4b12ed88 |
19-Aug-2013 |
Craig Topper <craig.topper@gmail.com> |
Fix indentation. No functional change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188652 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
e9a906b99286b44dcf5eb896f17df74d588e4ce9 |
16-Aug-2013 |
Benjamin Kramer <benny.kra@googlemail.com> |
Replace some DenseMap keys with simpler structures that don't need another DenseMapInfo specialization. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188580 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
b56019a25c0aa7029c0454df4044e19a901f5dc4 |
16-Aug-2013 |
Aaron Ballman <aaron@aaronballman.com> |
Passing false instead of 0; no functional change intended. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188553 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
22e43e8b47e6b96e575633e47afac90bffccb5d0 |
16-Aug-2013 |
Aaron Ballman <aaron@aaronballman.com> |
Passing false instead of 0; no functional change intended. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188552 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
5fba5a789a238c29ef811a39a39be722443ec1b1 |
16-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Merge TextPathDiagnostics and ClangDiagPathDiagConsumer. This once again restores notes to following their associated warnings in -analyzer-output=text mode. (This is still only intended for use as a debugging aid.) One twist is that the warning locations in "regular" analysis output modes (plist, multi-file-plist, html, and plist-html) are reported at a different location on the command line than in the output file, since the command line has no path context. This commit makes -analyzer-output=text behave like a normal output format, which means that the *command line output will be different* in -analyzer-text mode. Again, since -analyzer-text is a debugging aid and lo-fi stand-in for a regular output mode, this change makes sense. Along the way, remove a few pieces of stale code related to the path diagnostic consumers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188514 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses.def
nalyzerOptions.h
ugReporter/PathDiagnostic.h
athDiagnosticConsumers.h
|
76b5dd48c9dbf2ed3e5830060ea55b81b7d1cca0 |
26-Jul-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Fix FP warnings when binding a temporary to a local static variable Summary: When binding a temporary object to a static local variable, the analyzer would complain about a dangling reference even though the temporary's lifetime should be extended past the end of the function. This commit tries to detect these cases and construct them in a global memory region instead of a local one. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1133 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187196 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
78c2ec43284537f65bbd95b0628271a140ba0ec4 |
12-Jul-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Treat nullPtrType as a location type. Fixes PR16584 (radar://14415223). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186172 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
ff8e04e678faddb9f1c876f8a850943be57471d3 |
21-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix stale comment in CallEvent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184510 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
632182d0e2011a6e21cf9abe34eef5a1f037e7ef |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Improve debug output for PathDiagnosticPieces. You can now dump a single PathDiagnosticPiece or PathDiagnosticLocation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183367 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
7f1fd2f182717d5ce6cde60398128910c90f98be |
29-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation This gives slightly better precision, specifically, in cases where a non-typed region represents the array or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
d1913d89e2ff3b38bb6293833cfd9d8ead76348e |
18-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a debug dump for PathPieces, a list of PathDiagnosticPieces. Originally implemented by Ted, extended by me. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182186 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
50fa64d4411a42e0b4f373a84d8d4f5cbf339ea3 |
17-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline ~shared_ptr. The analyzer can't see the reference count for shared_ptr, so it doesn't know whether a given destruction is going to delete the referenced object. This leads to spurious leak and use-after-free warnings. For now, just ban destructors named '~shared_ptr', which catches std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr. PR15987 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182071 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
d95b70175646829c26344d5f0bda1ec3009f2a5b |
17-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to use the last location in the main source file as the report location. Previously, we’ve used the last location of the analyzer issue path as the location of the report. This might not provide the best user experience, when one analyzer a source file and the issue appears in the header. Introduce an option to use the last location of the path that is in the main source file as the report location. New option can be enabled with -analyzer-config report-in-main-source-file=true. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182058 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
athSensitive/AnalysisManager.h
|
cce70c7c5f0f4c1a41658fbed845f8b3a565c99c |
15-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Put back DefaultBool's implicit conversion to bool. DefaultBool is basically just "bool with a default constructor", so it really should implicitly convert to bool. In fact, it should convert to bool&, so that it could be passed to functions that take bools by reference. This time, mark the operator bool& as implicit to promise that it's deliberate. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181908 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
|
7247c88d1e41514a41085f83ebf03dd5220e054a |
15-May-2013 |
David Blaikie <dblaikie@gmail.com> |
Use only explicit bool conversion operator The most common (non-buggy) case are where such objects are used as return expressions in bool-returning functions or as boolean function arguments. In those cases I've used (& added if necessary) a named function to provide the equivalent (or sometimes negative, depending on convenient wording) test. DiagnosticBuilder kept its implicit conversion operator owing to the prevalent use of it in return statements. One bug was found in ExprConstant.cpp involving a comparison of two PointerUnions (PointerUnion did not previously have an operator==, so instead both operands were converted to bool & then compared). A test is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix (adding operator== to PointerUnion in LLVM). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181869 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
hecker.h
athSensitive/Store.h
|
00ffb8079b14cade816d8f668675e853e613dee0 |
06-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove now-unused bindCompoundLiteral helper function. The one user has been changed to use getLValue on the compound literal expression and then use the normal bindLoc to assign a value. No need to special case this in the StoreManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
15676bec6fa9ad9466d93c163f2d1b8a3f559b3a |
04-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer;alternate edges] start experimenting with control flow "barriers" to prevent an edge being optimized away. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181088 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
bb521b8f14ca29ee4e17ae1f9877586ef0bf8378 |
04-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer; alternate edges] prune edges whose end/begin locations have the same statement parents. This change required some minor changes to LocationContextMap to have it map from PathPieces to LocationContexts instead of PathDiagnosticCallPieces to LocationContexts. These changes are in the other diagnostic generation logic as well, but are functionally equivalent. Interestingly, this optimize requires delaying "cleanUpLocation()" until later; possibly after all edges have been optimized. This is because we need PathDiagnosticLocations to refer to the semantic entity (e.g. a statement) as long as possible. Raw source locations tell us nothing about the semantic relationship between two locations in a path. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181084 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
af2836593979d4973bec5bd21f10eb6cc0d0f3e3 |
03-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Start hacking up alternate control-flow edge generation. WIP. Not guaranteed to do anything useful yet. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181040 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
d306a530fca74e40916121f5583e0545e470b3c4 |
03-May-2013 |
Ted Kremenek <kremenek@apple.com> |
Re-apply 180974 with the build error fixed. This was the result of a weird merge error with git. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180981 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
ae8c50552df2498130dd33a940d98e0dc4ec26b9 |
03-May-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Revert "Change LocationContextMap to be a temporary instead of shared variable in BugReporter." This reverts commit 180974. It broke the build. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180979 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
c70fac3c52092013b08163187f034b73c94bf3d0 |
03-May-2013 |
Ted Kremenek <kremenek@apple.com> |
Change LocationContextMap to be a temporary instead of shared variable in BugReporter. BugReporter is used to process ALL bug reports. By using a shared map, we are having mappings from different PathDiagnosticPieces to LocationContexts well beyond the point where we are processing a given report. This state is inherently error prone, and is analogous to using a global variable. Instead, just create a temporary map, one per report, and when we are done with it we throw it away. No extra state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180974 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
4b75085f5669efc6407c662b5686361624c3ff2f |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't try to evaluate MaterializeTemporaryExpr as a constant. ...and don't consider '0' to be a null pointer constant if it's the initializer for a float! Apparently null pointer constant evaluation looks through both MaterializeTemporaryExpr and ImplicitCastExpr, so we have to be more careful about types in the callers. For RegionStore this just means giving up a little more; for ExprEngine this means handling the MaterializeTemporaryExpr case explicitly. Follow-up to r180894. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180944 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
e2b1246a24e8babf2f58c93713fba16b8edb8e2d |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate constant evaluation logic in SValBuilder. Previously, this was scattered across Environment (literal expressions), ExprEngine (default arguments), and RegionStore (global constants). The former special-cased several kinds of simple constant expressions, while the latter two deferred to the AST's constant evaluator. Now, these are all unified as SValBuilder::getConstantVal(). To keep Environment fast, the special cases for simple constant expressions have been left in, but the main benefits are that (a) unusual constants like ObjCStringLiterals now work as default arguments and global constant initializers, and (b) we're not duplicating code between ExprEngine and RegionStore. This actually caught a bug in our test suite, which is awesome: we stop tracking allocated memory if it's passed as an argument along with some kind of callback, but not if the callback is 0. We were testing this in a case where the callback parameter had a default value, but that value was 0. After this change, the analyzer now (correctly) flags that as a leak! <rdar://problem/13773117> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
eb9380db6fcc960d4a589f0acb94b0897821d26f |
30-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Just use std::list<> for PathPieces instead of complicated use of ilist. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180747 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
ed866e73bab7733f5226f84c52edefe23d694b2f |
30-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Revert "[analyzer] Change PathPieces to be a wrapper around an ilist of (through indirection) PathDiagnosticPieces." Jordan rightly pointed out that we can do the same with std::list. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180746 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
7651e53997e20f1e627ffce25ce613f79c48e3e3 |
30-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Change PathPieces to be a wrapper around an ilist of (through indirection) PathDiagnosticPieces. Much of this patch outside of PathDiagnostics.h are just minor syntactic changes due to the return type for operator* and the like changing for the iterator, so the real focus should be on PathPieces itself. This change is motivated so that we can do efficient insertion and removal of individual pieces from within a PathPiece, just like this was a kind of "IR" for static analyzer diagnostics. We currently implement path transformations by iterating over an entire PathPiece and making a copy. This isn't very natural for some algorithms. We use an ilist here instead of std::list because we want operations to rip out/insert nodes in place, just like IR manipulation. This isn't being used yet, but opens the door for more powerful transformation algorithms on diagnostic paths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180741 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
0f8579274a010f360a371b53101859d9d6052314 |
24-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor BugReport::getLocation and PathDiagnosticLocation::createEndOfPath for greater code reuse The 2 functions were computing the same location using different logic (each one had edge case bugs that the other one did not). Refactor them to rely on the same logic. The location of the warning reported in text/command line output format will now match that of the plist file. There is one change in the plist output as well. When reporting an error on a BinaryOperator, we use the location of the operator instead of the beginning of the BinaryOperator expression. This matches our output on command line and looks better in most cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180165 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/ExplodedGraph.h
|
8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1 |
20-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic Introduce a new helper function, which computes the first symbolic region in the base region chain. The corresponding symbol has been used for assuming that a pointer is null. Now, it will also be used for checking if it is null. This ensures that we are tracking a null pointer correctly in the BugReporter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
716859df842e5a56e816d820d8326ead152dd9e4 |
20-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Flip printPretty and printPrettyAsExpr as per suggestion from Jordan (r179572) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179915 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
5b90ae7ba05a10a81f107ec1635deb1bd7292936 |
18-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow TrackConstraintBRVisitor to work when the value it’s tracking is not live in the last node of the path We always register the visitor on a node in which the value we are tracking is live and constrained. However, the visitation can restart at a node, later on the path, in which the value is under constrained because it is no longer live. Previously, we just silently stopped tracking in that case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179731 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
8dae128d16bf98759b7a678ce3eebb613bd17109 |
16-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Factor CheckerManager to be able to pass AnalyzerOptions to checkers during checker registration. There are no immediate clients of this, but this provides a way for checkers to query the options table at startup instead. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179626 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
heckerManager.h
|
a9ad400e7a937e80dddb1b8a6f4c00eddbcb59e0 |
16-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Remove unused "getConfig()" method. A new way is to have high-level APIs that access the configuration table without clients reasoning about the string table. The string table is an implementation detail. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179625 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
07d8470effc0b0364801adddb6ff92bd22334402 |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pretty printing to CXXBaseObjectRegion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179573 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
79d0cceb8847bfe6dc9da8eb2ea2f3c6bb73b813 |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address code review for r179395 Mostly refactoring + handle the nested fields by printing the innermost field only. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179572 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
9e2f5977a180ae927d05e844c65b8a7873be48a4 |
12-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Print field region even when the base region is not printable git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
4de561f470be0cffeff5a92a286e9d6bf9bd8cff |
11-Apr-2013 |
Ryan Govostes <rzg@apple.com> |
[analyzer] Factor common code from {SymSym,SymInt,IntSym}Expr to BinarySymExpr git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179269 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
a5796f87229b4aeebca71fa6ee1790ae7a5a0382 |
09-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/ProgramState.h
athSensitive/SValBuilder.h
|
658a28479dd775f6ff2c07fa5699a7ea01e04127 |
02-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ProgramState.h
athSensitive/SVals.h
athSensitive/Store.h
|
c63a460d78a7625ff38d2b3580f78030c44f07db |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline [cd]tors of C++ containers. This is a heuristic to make up for the fact that the analyzer doesn't model C++ containers very well. One example is modeling that 'std::distance(I, E) == 0' implies 'I == E'. In the future, it would be nice to model this explicitly, but for now it just results in a lot of false positives. The actual heuristic checks if the base type has a member named 'begin' or 'iterator'. If so, we treat the constructors and destructors of that type as opaque, rather than inlining them. This is intended to drastically reduce the number of false positives reported with experimental destructor support turned on. We can tweak the heuristic in the future, but we'd rather err on the side of false negatives for now. <rdar://problem/13497258> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178516 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
c9092bb5eb67d859122abb69a0ef61e9249500cd |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cache whether a function is generally inlineable. Certain properties of a function can determine ahead of time whether or not the function is inlineable, such as its kind, its signature, or its location. We can cache this value in the FunctionSummaries map to avoid rechecking these static properties for every call. Note that the analyzer may still decide not to inline a specific call to a function because of the particular dynamic properties of the call along the current path. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178515 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/FunctionSummary.h
|
992acb2269171b6ef68694d71a36f6b7408d8e82 |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use inline storage in the FunctionSummary DenseMap. The summaries lasted for the lifetime of the map anyway; no reason to include an extra allocation. Also, use SmallBitVector instead of BitVector to track the visited basic blocks -- most functions will have less than 64 basic blocks -- and use bitfields for the other fields to reduce the size of the structure. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178514 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/FunctionSummary.h
|
a12643622ad3b85972dfdd80fe9006a3e8d8fb80 |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Allow suppressing diagnostics reported within the 'std' namespace This is controlled by the 'suppress-c++-stdlib' analyzer-config flag. It is currently off by default. This is more suppression than we'd like to do, since obviously there can be user-caused issues within 'std', but it gives us the option to wield a large hammer to suppress false positives the user likely can't work around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178513 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
84e8a960ad76b3c7ca550b4cc92a1b90ed16d5c1 |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan’s review of r178309 - do not register an extra visitor for nil receiver We can check if the receiver is nil in the node that corresponds to the StmtPoint of the message send. At that point, the receiver is guaranteed to be live. We will find at least one unreclaimed node due to my previous commit (look for StmtPoint instead of PostStmt) and the fact that the nil receiver nodes are tagged. + a couple of extra tests. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178381 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
0f5c5c60e9806d13f0907cd99d7204ffab0e08f7 |
29-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer support for conditionally executing static initializers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178318 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
02a88c3edf1aeb9580e0b6e444b30c52846a673c |
29-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add configuration plumbing to enable static initializer branching in the CFG for the analyzer. This setting still isn't enabled yet in the analyzer. This is just prep work. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178317 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
41988f331a74a72cf243a2a68ffb56418e9a174e |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works for const pointers passed as a top level parameter into a function. We need to differentiate the const pointers escape from regular escape since the content pointed by const pointer will not change; if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers. This should suppress several false positives reported by the NewDelete checker on llvm codebase. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
aabb4c5eacca6d78ef778f33ec5cd4c755d71a39 |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Apply the suppression rules to the nil receiver only if the value participates in the computation of the nil we warn about. We should only suppress a bug report if the IDCed or null returned nil value is directly related to the value we are warning about. This was not the case for nil receivers - we would suppress a bug report that had an IDCed nil receiver on the path regardless of how it’s related to the warning. 1) Thread EnableNullFPSuppression parameter through the visitors to differentiate between tracking the value which is directly responsible for the bug and other values that visitors are tracking (ex: general tracking of nil receivers). 2) in trackNullOrUndef specifically address the case when a value of the message send is nil due to the receiver being nil. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178309 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
94cf910ac2d1719c1dfc163bbec3953f12efdf6f |
28-Mar-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
These are all simple pointer wrappers. Pass them by value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178247 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
e81fdb1fdde48d3fa18df56c5797f6b0bc5dfc4a |
27-Mar-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Cleanup clang's specializations of simplify_type. Now that the basic implementation in llvm has been fixed, simplify the specializations in clang. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178173 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
4a49df3be929d442535d6721ab8a2bbc8a7cd528 |
27-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ensure that the node NilReceiverBRVisitor is looking for is not reclaimed The visitor should look for the PreStmt node as the receiver is nil in the PreStmt and this is the node. Also, tag the nil receiver nodes with a special tag for consistency. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178152 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
8a660eb1084294a903f6dcc00bf2fa4e3bc92cfc |
26-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change inlining policy to inline small functions when reanalyzing ObjC methods as top level. This allows us to better reason about(inline) small wrapper functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178063 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
4708b3dde86b06f40927ae9cf30a2de83949a8f2 |
23-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Teach constraint managers about unsigned comparisons. In C, comparisons between signed and unsigned numbers are always done in unsigned-space. Thus, we should know that "i >= 0U" is always true, even if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0' is signed. Part of <rdar://problem/13239003> (false positives related to std::vector) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177806 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/APSIntType.h
|
0f3a34fb7fea37ebfbcba8b400ccb697b9559b49 |
22-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Break cycles (optionally) when trimming an ExplodedGraph." The algorithm used here was ridiculously slow when a potential back-edge pointed to a node that already had a lot of successors. The previous commit makes this feature unnecessary anyway. This reverts r177468 / f4cf6b10f863b9bc716a09b2b2a8c497dcc6aa9b. Conflicts: lib/StaticAnalyzer/Core/BugReporter.cpp git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177765 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66 |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Invalidate regions indirectly accessible through const pointers. In this case, the value of 'x' may be changed after the call to indirectAccess: struct Wrapper { int *ptr; }; void indirectAccess(const Wrapper &w); void test() { int x = 42; Wrapper w = { x }; clang_analyzer_eval(x == 42); // TRUE indirectAccess(w); clang_analyzer_eval(x == 42); // UNKNOWN } This is important for modelling return-by-value objects in C++, to show that the contents of the struct are escaping in the return copy-constructor. <rdar://problem/13239826> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
f4cf6b10f863b9bc716a09b2b2a8c497dcc6aa9b |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Break cycles (optionally) when trimming an ExplodedGraph. Having a trimmed graph with no cycles (a DAG) is much more convenient for trying to find shortest paths, which is exactly what BugReporter needs to do. Part of the performance work for <rdar://problem/13433687>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177468 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
85a92cfa52ddf4c45fe2baca4d7fea0bdc5ed103 |
19-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace uses of assume() with isNull() in BR visitors. Also, replace a std::string with a SmallString. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177352 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
a8d937e4bdd39cdf503f77454e9dc4c9c730a9f7 |
16-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move assignment operators with a bind as well. r175234 allowed the analyzer to model trivial copy/move constructors as an aggregate bind. This commit extends that to trivial assignment operators as well. Like the last commit, one of the motivating factors here is not warning when the right-hand object is partially-initialized, which can have legitimate uses. <rdar://problem/13405162> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177220 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
c9963132736782d0c9178c744b3e2307cfb98a08 |
16-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Eliminate InterExplodedGraphMap class and NodeBackMap typedef. ...in favor of this typedef: typedef llvm::DenseMap<const ExplodedNode *, const ExplodedNode *> InterExplodedGraphMap; Use this everywhere the previous class and typedef were used. Took the opportunity to ArrayRef-ize ExplodedGraph::trim while I'm at it. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177215 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
|
a4bb4f6ca8dd31ad96cb9526a5abe1273f18ff40 |
14-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change the way in which IDC Visitor decides to kick in and make sure it attaches in the given edge case In the test case below, the value V is not constrained to 0 in ErrorNode but it is in node N. So we used to fail to register the Suppression visitor. We also need to change the way we determine that the Visitor should kick in because the node N belongs to the ExplodedGraph and might not be on the BugReporter path that the visitor sees. Instead of trying to match the node, turn on the visitor when we see the last node in which the symbol is ‘0’. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177121 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
0415998dd77986630efe8f1aed633519cc41e1f3 |
09-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Suppress IDC checker aware that it might not start from the same node it was registered at The visitor used to assume that the value it’s tracking is null in the first node it examines. This is not true. If we are registering the Suppress Inlined Defensive checks visitor while traversing in another visitor (such as FindlastStoreVisitor). When we restart with the IDC visitor, the invariance of the visitor does not hold since the symbol we are tracking no longer exists at that point. I had to pass the ErrorNode when creating the IDC visitor, because, in some cases, node N is neither the error node nor will be visible along the path (we had not finalized the path at that point and are dealing with ExplodedGraph.) We should revisit the other visitors which might not be aware that they might get nodes, which are later in path than the trigger point. This suppresses a number of inline defensive checks in JavaScriptCore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176756 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
962fbc46664f2486d6805549130fa6b310de6d60 |
07-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Clean up a few doc comments for ProgramState and CallEvent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176600 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ProgramState.h
|
713e07591995d761f65c7132289dce003a29870f |
06-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] IDC: Add config option; perform the idc check on first “null node” rather than last “non-null”. The second modification does not lead to any visible result, but, theoretically, is what we should have been looking at to begin with since we are checking if the node was assumed to be null in an inlined function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176576 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
41f3f3a4792f46787632fdb94f952f6b3ce3f4ae |
05-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
Silence a number of static analyzer warnings with assertions and such. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176469 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
cc5dbdae70c6eb2423921f52a35ba4686d2969cf |
02-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simple inline defensive checks suppression Inlining brought a few "null pointer use" false positives, which occur because the callee defensively checks if a pointer is NULL, whereas the caller knows that the pointer cannot be NULL in the context of the given call. This is a first attempt to silence these warnings by tracking the symbolic value along the execution path in the BugReporter. The new visitor finds the node in which the symbol was first constrained to NULL. If the node belongs to a function on the active stack, the warning is reported, otherwise, it is suppressed. There are several areas for follow up work, for example: - How do we differentiate the cases where the first check is followed by another one, which does happen on the active stack? Also, this only silences a fraction of null pointer use warnings. For example, it does not do anything for the cases where NULL was assigned inside a callee. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
athSensitive/ProgramState.h
|
a19dc41bd408732d407d0152f67b389f7333db25 |
28-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Mark the root SVal class as isPodLike. Pure optimization, no functionality change. Probably does not make much of a difference, but it's free. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176229 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
42f2309f739549bead6e5a6c34fd1be4d087998f |
25-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review of r175857. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176043 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
4e9c0854382d37325771b50f6cf899a75119fa24 |
25-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add the notion of an "interesting" lvalue expression for ExplodedNode pruning. r175988 modified the ExplodedGraph trimming algorithm to retain all nodes for "lvalue" expressions. This patch refines that notion to only "interesting" expressions that would be used for diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176010 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
43b82b823a6113fdbee54243b280db9c55ef72cb |
24-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] tracking stores/constraints now works for ObjC ivars or struct fields. This required more changes than I originally expected: - ObjCIvarRegion implements "canPrintPretty" et al - DereferenceChecker indicates the null pointer source is an ivar - bugreporter::trackNullOrUndefValue() uses an alternate algorithm to compute the location region to track by scouring the ExplodedGraph. This allows us to get the actual MemRegion for variables, ivars, fields, etc. We only hand construct a VarRegion for C++ references. - ExplodedGraph no longer drops nodes for expressions that are marked 'lvalue'. This is to facilitate the logic in the previous bullet. This may lead to a slight increase in size in the ExplodedGraph, which I have not measured, but it is likely not to be a big deal. I have validated each of the changed plist output. Fixes <rdar://problem/12114812> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
0dd15d78fb0c99faa5df724139ba4c16a9a345c6 |
24-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Add "KnownSVal" to represent SVals that cannot be UnknownSVal. This provides a few sundry cleanups, and allows us to provide a compile-time check for a case that was a runtime assertion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175987 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
athSensitive/SVals.h
|
8dadf15224f1a8df96793e5fc4e0b0e38a5ffbe4 |
22-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Place all inlining policy checks into one palce Previously, we had the decisions about inlining spread out over multiple functions. In addition to the refactor, this commit ensures that we will always inline BodyFarm functions as long as the Decl is available. This fixes false positives due to those functions not being inlined when no or minimal inlining is enabled such (as shallow mode). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175857 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
5e5440ba9c135f523f72e7e7c5da59d390d697c5 |
22-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make sure a materialized temporary matches its bindings. This is a follow-up to r175830, which made sure a temporary object region created for, say, a struct rvalue matched up with the initial bindings being stored into it. This does the same for the case in which the AST actually tells us that we need to create a temporary via a MaterializeObjectExpr. I've unified the two code paths and moved a static helper function onto ExprEngine. This also caused a bit of test churn, causing us to go back to describing temporary regions without a 'const' qualifier. This seems acceptable; it's our behavior from a few months ago. <rdar://problem/13265460> (part 2) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175854 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
7a95de68c093991047ed8d339479ccad51b88663 |
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace ProgramPoint llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ExplodedGraph.h
|
4411b423e91da0a2c879b70c0222aeba35f72044 |
21-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Record whether a base object region represents a virtual base. This allows MemRegion and MemRegionManager to avoid asking over and over again whether an class is a virtual base or a non-virtual base. Minor optimization/cleanup; no functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175716 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/Store.h
|
66874fb18afbffb8b2ca05576851a64534be3352 |
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Use None rather than Optional<T>() where possible. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175705 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
464011827c5f9047caaba7e245556d66a65a15b6 |
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Doxycomment SVal's getAs/castAs. Also document TypeLoc's operations similarly, since it's a good idea. Post-commit CR feedback from Anna Zaks regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175694 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
dc84cd5efdd3430efb22546b4ac656aa0540b210 |
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
athSensitive/ConstraintManager.h
athSensitive/ProgramState.h
athSensitive/SVals.h
|
3bc7b6bef968a18aa69af6594d192897d329692a |
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Rename SVal::isType functions to SVal::isKind Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175676 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
5251abea41b446c26e3239c8dd6c7edea6fc335d |
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/SVals.h
|
9ef9b8540a608a93efaaae1d26d94e8087c30b55 |
19-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Use LLVM_DELETED_FUNCTION rather than '// do not implement' comments. Also removes some redundant DNI comments on function declarations already using the macro. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175465 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/SVals.h
|
bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a |
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...after a host of optimizations related to the use of LazyCompoundVals (our implementation of aggregate binds). Originally applied in r173951. Reverted in r174069 because it was causing hangs. Re-applied in r174212. Reverted in r174265 because it was /still/ causing hangs. If this needs to be reverted again it will be punted to far in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175234 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
adecec39481f925701e63d7fe3b8bf02dd7ddf01 |
09-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Move DefaultBool so that all checkers can share it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174782 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
athSensitive/CheckerContext.h
|
233e26acc0ff2a1098f4c813f69286fce840a422 |
08-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pointer escape type param to checkPointerEscape callback The checkPointerEscape callback previously did not specify how a pointer escaped. This change includes an enum which describes the different ways a pointer may escape. This enum is passed to the checkPointerEscape callback when a pointer escapes. If the escape is due to a function call, the call is passed. This changes previous behavior where the call is passed as NULL if the escape was due to indirectly invalidating the region the pointer referenced. A patch by Branden Archer! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
5846720f08a6b225484bfe663599c2b057a99bc8 |
05-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Change subexpressions to be visited in the CFG from left-to-right. This is a more natural order of evaluation, and it is very important for visualization in the static analyzer. Within Xcode, the arrows will not jump from right to left, which looks very visually jarring. It also provides a more natural location for dataflow-based diagnostics. Along the way, we found a case in the analyzer diagnostics where we needed to indicate that a variable was "captured" by a block. -fsyntax-only timings on sqlite3.c show no visible performance change, although this is just one test case. Fixes <rdar://problem/13016513> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174447 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
2a3fe34b4a2a1b6ceab8838b896435378ae0e692 |
02-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...again. The problem has not been fixed and our internal buildbot is still getting hangs. This reverts r174212, originally applied in r173951, then reverted in r174069. Will not re-apply until the entire project analyzes successfully on my local machine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174265 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
5500fc193af4b786bbbbee6ece743f523448e90b |
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." With the optimization in the previous commit, this should be safe again. Originally applied in r173951, then reverted in r174069. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174212 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
978aeac1a90020b2a0ae6c7eb7fe65aa8226f74a |
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Reuse a LazyCompoundVal if its type matches the new region. This allows us to keep from chaining LazyCompoundVals in cases like this: CGRect r = CGRectMake(0, 0, 640, 480); CGRect r2 = r; CGRect r3 = r2; Previously we only made this optimization if the struct did not begin with an aggregate member, to make sure that we weren't picking up an LCV for the first field of the struct. But since LazyCompoundVals are typed, we can make that inference directly by comparing types. This is a pure optimization; the test changes are to guard against possible future regressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174211 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
33e83b6cf776875be5716d214710717a898325c0 |
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." It's causing hangs on our internal analyzer buildbot. Will restore after investigating. This reverts r173951 / baa7ca1142990e1ad6d4e9d2c73adb749ff50789. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174069 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
ac3a3e7a402cd349dd2b7d70cd92c5fe702ae831 |
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make shallow mode more shallow. Redefine the shallow mode to inline all functions for which we have a definite definition (ipa=inlining). However, only inline functions that are up to 4 basic blocks large and cut the max exploded nodes generated per top level function in half. This makes shallow faster and allows us to keep inlining small functions. For example, we would keep inlining wrapper functions and constructors/destructors. With the new shallow, it takes 104s to analyze sqlite3, whereas the deep mode is 658s and previous shallow is 209s. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173958 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
6bbe1442a5f3f5f761582a9005e9edf1d49c4da2 |
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use analyzer config for max-inlinable-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173957 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
86ff12c8a8a356ca284ca7687749216fbfd74519 |
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Move report false positive suppression to report visitors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173956 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
|
baa7ca1142990e1ad6d4e9d2c73adb749ff50789 |
30-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move ctors with an aggregate bind. This is faster for the analyzer to process than inlining the constructor and performing a member-wise copy, and it also solves the problem of warning when a partially-initialized POD struct is copied. Before: CGPoint p; p.x = 0; CGPoint p2 = p; <-- assigned value is garbage or undefined After: CGPoint p; p.x = 0; CGPoint p2 = p; // no-warning This matches our behavior in C, where we don't see a field-by-field copy. <rdar://problem/12305288> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173951 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
dede2fd56d053a114a65ba72583981ce7aab27da |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] bugreporter::getDerefExpr now takes a Stmt, not an ExplodedNode. This allows it to be used in places where the interesting statement doesn't match up with the current node. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173546 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
aeca2cc3a6f486abff3fdfb4e82903cd3ca4267e |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add 'prune-paths' config option to disable path pruning. This should be used for testing only. Path pruning is still on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173545 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
7ee8906295d56ceb84b8b3da502cdc8770509868 |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename PruneNullReturnPaths to SuppressNullReturnPaths. "Prune" is the term for eliminating pieces of a path that are not relevant to the user. "Suppress" means don't show that path at all. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173544 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
b8ccd43dbf762935c9202f6f4e3343afb2318725 |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r173385 and r173386 - initialize the members. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173392 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
d130140cb7bce73b4350c5d50495443abe38418a |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add "-analyzer-config mode=[deep|shallow] ". The idea is to introduce a higher level "user mode" option for different use scenarios. For example, if one wants to run the analyzer for a small project each time the code is built, they would use the "shallow" mode. The user mode option will influence the default settings for the lower-level analyzer options. For now, this just influences the ipa modes, but we plan to find more optimal settings for them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173386 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
bfa9ab8183e2fdc74f8633d758cb0c6201314320 |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Replace "-analyzer-ipa" with "-analyzer-config ipa". The idea is to eventually place all analyzer options under "analyzer-config". In addition, this lays the ground for introduction of a high-level analyzer mode option, which will influence the default setting for IPAMode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173385 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses.def
nalyzerOptions.h
athSensitive/AnalysisManager.h
|
73f0563009a6715a5d3d41f664f5bfab5096d51f |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] refactor: access IPAMode through the accessor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173384 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
1dfebd9f995066a229c34516eb14bc69c6bcde2c |
19-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Suppress warnings coming out of macros defined in sys/queue.h Suppress the warning by just not emitting the report. The sink node would get generated, which is fine since we did reach a bad state. Motivation Due to the way code is structured in some of these macros, we do not reason correctly about it and report false positives. Specifically, the following loop reports a use-after-free. Because of the way the code is structured inside of the macro, the analyzer assumes that the list can have cycles, so you end up with use-after-free in the loop, that is safely deleting elements of the list. (The user does not have a way to teach the analyzer about shape of data structures.) SLIST_FOREACH_SAFE(item, &ctx->example_list, example_le, tmpitem) { if (item->index == 3) { // if you remove each time, no complaints assert((&ctx->example_list)->slh_first == item); SLIST_REMOVE(&ctx->example_list, item, example_s, example_le); free(item); } } git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172883 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
64eb070234bc4cd4fd2debf3a91c6e2d8f0d32d8 |
16-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: parameter rename. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172595 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
bdc691f1d61765dd806d5ae3b75ae004f676a7c9 |
14-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add ProgramStatePartialTrait<const void *>. This should fix cast-away-const warnings reported by David Greene. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172446 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/ProgramStateTrait.h
|
469e73035c745f39edf7fe882edb09c06559e581 |
14-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix cast-away-const warning by using const_cast. Patch by David Greene, modified by me. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172445 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramStateTrait.h
|
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f |
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'llvm::' qualifier from names like StringRef and others that are brought into 'clang' namespace by clang/Basic/LLVM.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
hecker.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
9946fc735d7285f2195f89635370f534afd9877e |
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Add missing includes and forward declarations so that headers don't depend on other headers included before them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172320 91177308-0d34-0410-b5e6-96231b3b80d8
heckerOptInfo.h
athSensitive/ProgramStateTrait.h
athSensitive/TaintManager.h
athSensitive/WorkList.h
|
41748f7d3ae36db1b1c52eaaf76631ed60c79c53 |
08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bump down the max size of functions being analyzed. With the new setting, we are not going to inline any functions that are more than 50 basic blocks. (The analyzer is 20% faster on several especially bad benchmarks with the new default.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171891 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
97bfb558f69c09b01a5c1510f08dc91eb62329a7 |
08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Include the bug uniqueing location in the issue_hash. The issue here is that if we have 2 leaks reported at the same line for which we cannot print the corresponding region info, they will get treated as the same by issue_hash+description. We need to AUGMENT the issue_hash with the allocation info to differentiate the two issues. Add the "hash" (offset from the beginning of a function) representing allocation site to solve the issue. We might want to generalize solution in the future when we decide to track more than just the 2 locations from the diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171825 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
|
344c77aac25e5d960aced3f45fbaa09853383f6d |
03-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename callback EndPath -> EndFunction This better reflects when callback is called and what the checkers are relying on. (Both names meant the same pre-IPA.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171432 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
|
30f102b2782d08eb3ea61dd20a2ff7326a15fe1e |
21-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't perform an expensive assertion in release builds. Unfortunately, we don't seem to have a standard way to do this. I'm using the __OPTIMIZE__ GNU extension that Clang also defines, but that doesn't help MSVC. I suppose we could remove the check entirely, but it's useful for developing new constraint managers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170915 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
1655bcd052a67a3050fc55df8ecce57342352e68 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's nitpicks as per code review of r170625. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/ProgramState.h
|
bf53dfac8195835028bd6347433f7dbebcc29fc1 |
20-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add the pointer escaped callback. Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape. Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/ProgramState.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
9fcc2ab2ec5e00802880e205568ff3afbd70a773 |
19-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Pass AnalyzerOptions to PathDiagnosticConsumer to make analyzer options accessible there. This is plumbing needed for later functionality changes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170488 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnosticConsumers.h
|
7959671d456c916706a5f61af609d8f1fc95decf |
17-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Implement "do not inline large functions many times" performance heuristic After inlining a function with more than 13 basic blocks 32 times, we are not going to inline it anymore. The idea is that inlining large functions leads to drastic performance implications. Since the function has already been inlined, we know that we've analyzed it in many contexts. The following metrics are used: - Large function is a function with more than 13 basic blocks (we should switch to another metric, like cyclomatic complexity) - We consider that we've inlined a function many times if it's been inlined 32 times. This number is configurable with -analyzer-config max-times-inline-large=xx This heuristic addresses a performance regression introduced with inlining on one benchmark. The analyzer on this benchmark became 60 times slower with inlining turned on. The heuristic allows us to analyze it in 24% of the time. The performance improvements on the other benchmarks I've tested with are much lower - under 10%, which is expected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170361 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
athSensitive/FunctionSummary.h
|
60c4612d70229d1d079deaec62c7c8613070fbff |
07-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename the option help to reflect better what it does. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169640 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses.def
|
75f31c4862643ab09479c979fabf754e7ffe1460 |
07-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimization heuristic: do not reanalyze every ObjC method as top level. This heuristic is already turned on for non-ObjC methods (inlining-mode=noredundancy). If a method has been previously analyzed, while being inlined inside of another method, do not reanalyze it as top level. This commit applies it to ObjCMethods as well. The main caveat here is that to catch the retain release errors, we are still going to reanalyze all the ObjC methods but without inlining turned on. Gives 21% performance increase on one heavy ObjC benchmark, which suffered large performance regressions due to ObjC inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169639 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
afa7cae15b117c4b75794c6c32424953d94b4359 |
07-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix r168019 to work with unpruned paths as well. This is the case where the analyzer tries to print out source locations for code within a synthesized function body, which of course does not have a valid source location. The previous fix attempted to do this during diagnostic path pruning, but some diagnostics have pruning disabled, and so any diagnostic with a path that goes through a synthesized body will either hit an assertion or emit invalid output. <rdar://problem/12657843> (again) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169631 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
5204d9e2fe0ea4e4b9c85087e355021c93221764 |
07-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove possible pessimizations from r169563. Thanks for reminding me about copy-elision, David. Passing references here doesn't help when we could get move construction in C++11. If we really cared, we'd use std::swap to steal the reference from the temporary arg, but it's probably not /that/ critical outside of Profile anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169570 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ExplodedGraph.h
|
0a6e09f67c719c318856be19d57e19972101f62c |
07-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Avoid ProgramStateRef copy constructors. Suggested by David Blaikie. ExplodedNode, CallEvent, and CheckerContext all hang onto their ProgramState, so the accessors can return a reference to the internal state rather than preemptively copying it. This helps avoid temporary ProgramStateRefs, though local variables will still (correctly) do an extra retain and release. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169563 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/CheckerContext.h
athSensitive/ExplodedGraph.h
|
9428723d6730f4fd257e15b78d24991ae95bbd84 |
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove unused fields from ExprEngine. 'currStmt', 'CleanedState', and 'EntryNode' were being set, but only ever used locally. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169529 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
fbe4d36f1f83ca12b532e0a946cbffcdb54f904c |
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Speed up ExplodedNode::Profile by avoiding copy constructors. ProgramStateRef::Retain isn't free! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169525 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
7affe151f5689b2d3547b8947c4099532c78a021 |
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove bindExprAndLocation, which does extra work for no gain. This feature was probably intended to improve diagnostics, but was currently only used when dumping the Environment. It shows what location a given value was loaded from, e.g. when evaluating an LValueToRValue cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169522 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/ProgramState.h
|
e3ce2c10c3f6ae7b26700d758de909deab190d42 |
06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator. This is a nice conceptual cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
24570c4c258545f8310e4bc96503a5668982cf67 |
06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Pull logic to map from VarDecl* to captured region using a helper function. WIP. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169479 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
30a2e16f6c27f888dd11eba6bbbae1e980078fcb |
04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort #include lines for all files under include/... This is a simpler sort, entirely automatic with the help of llvm/utils/sort_includes.py -- no manual edits here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169238 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
heckerManager.h
heckerRegistry.h
athSensitive/CallEvent.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/FunctionSummary.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
55fc873017f10f6f566b182b70f6fc22aefa3464 |
04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugType.h
athSensitive/BasicValueFactory.h
|
9852f58f50b4fc20914fbce5b4454135a42343f4 |
01-Dec-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Don't include Type.h in DeclarationName.h. Recursively prune some includes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169094 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
683b70c70dc47532af1215e4b1566de9d47a3be5 |
30-Nov-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Update to reflect the change of macro name in r168993. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168994 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
dcd42fbb418cf662c136cb035e235a44b58ad91e |
30-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
Use the new LLVM_LVALUE_FUNCTION to ban two getAs() calls on rvalues. If 'x' is a temporary, x.getAs<Foo>() may not be safe if the result is supposed to persist (if its address is stored somewhere). Since getAs() can return a null value, the result is almost always stored into a variable, which of course is not safe when the original value dies. This has caused several bugs with GCC's "Temporaries May Vanish Sooner Than You Expect" optimization; in C++11 builds, at least, we'll be able to catch these problems now. I would suggest applying these to other getAs() and get*As() methods (castAs is "better" because sometimes the result is used directly, which means the temporary will still be live), but these two have both caused trouble in the analyzer in the past. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168967 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
a4317709127e3b63c44a34f9fa1c3f8abe6a77a3 |
29-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Change SValBuilder::getConditionType() to return BoolTy in C++. Fixes <rdar://problem/12772656>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168846 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
48a7345a0bffcb01290447c73c6f17680d80f02f |
17-Nov-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Remove copy ctor that provides no value over the default. It's also simpler to just copy the words than mangling bits like this ctor did. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168258 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
84c484545c5906ba55143e212b4a5275ab55889f |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Mark symbol values as dead in the environment. This allows us to properly remove dead bindings at the end of the top-level stack frame, using the ReturnStmt, if there is one, to keep the return value live. This in turn removes the need for a check::EndPath callback in leak checkers. This does cause some changes in the path notes for leak checkers. Previously, a leak would be reported at the location of the closing brace in a function. Now, it gets reported at the last statement. This matches the way leaks are currently reported for inlined functions, but is less than ideal for both. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168066 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
368f3b070e8cb657a65bfa443d60256676d269e7 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make sure calls in synthesized functions have valid path locations. We do this by using the "most recent" good location: if a synthesized function 'A' calls another function 'B', the path notes for the call to 'B' will be placed at the same location as the path note for calling 'A'. Similarly, the call to 'A' will have a note saying "Entered call from...", and now we just don't emit that (since the user doesn't have a body to look at anyway). Previously, we were doing this for the "Calling..." notes, but not for the "Entered call from..." or "Returning to caller". This caused a crash when the path entered and then exiting a call within a synthesized body. <rdar://problem/12657843> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168019 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
964490c0a8bd3398dc85d224a167ca9c35a36c85 |
07-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add some examples for the common REGISTER_*_WITH_PROGRAMSTATEs. No functionality change (doc comments only). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167523 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
d1ad5e5d6c895f809ada5b420060b2ec0b48567b |
06-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove isWithinInlined. It's been replaced with inTopFrame(). Thanks Jordan. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167438 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
40d8551890bc8454c4e0a28c9072c9c1d1dd588a |
05-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.h As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167385 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ProgramStateTrait.h
|
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb |
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead on end of path. This will simplify checkers that need to register for leaks. Currently, they have to register for both: check dead and check end of path. I've modified the SymbolReaper to consider everything on the stack dead if the input StackLocationContext is 0. (This is a bit disruptive, so I'd like to flash out all the issues asap.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/SymbolManager.h
|
fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fec |
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] add LocationContext::inTopFrame() helper. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167351 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
b355be838a22a511d078504b2277f70aea52ca85 |
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Remove Pred from NodeBuilderContext. Node builders should manage the nodes, not the context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167350 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
2f3017f9cbd3774f690c979410bfec38423d03af |
03-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add some convenience accessors to CallEvent, and use them. These are CallEvent-equivalents of helpers already accessible in CheckerContext, as part of making it easier for new checkers to be written using CallEvent rather than raw CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167338 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/CheckerContext.h
|
d624607d4196e4b37d235daa14699bcb3c1012a6 |
03-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] isCLibraryFunction: check that the function is at TU-scope. Also, Decls already carry a pointer to the ASTContext, so there's no need to pass an extra argument to the predicate. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167337 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
466224fd068a0a0084968a7f521a690a51c3b226 |
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Convert some of the harder cases over to ProgramStateTrait macros. Add FIXMEs for the traits visible from multiple translation units. Currently the macros hide their key types in an anonymous namespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167277 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/TaintManager.h
|
166d502d5367ceacd1313a33cac43b1048b8524d |
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list). Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ProgramStateTrait.h
|
785950e59424dca7ce0081bebf13c0acd2c4fff6 |
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename 'EmitReport' to 'emitReport'. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167275 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
athSensitive/CheckerContext.h
|
3cdd84318a3ae43fa31da849f1a6d3eeb8a39d2d |
01-Nov-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/include/clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h: Appease msvc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167199 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
baf764092c76d74fb1528cfd62540ae7dc01efbd |
01-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Optimize assumeDual by assuming constraint managers are consistent. Specifically, if adding a constraint makes the current system infeasible, assume the constraint is false, instead of attempting to add its negation. In +Asserts builds we will still assert that at least one state is feasible. Patch by Ryan Govostes! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167195 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
ec8d420d4fa57fc6b5a5a2b1446742e976a7ba00 |
01-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename ConditionTruthVal::isTrue to isConstrainedTrue. (and the same for isFalse) No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167186 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
c45bb4dcb648cd8b5250492afe7df254e4157aaa |
31-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Let ConstraintManager subclasses provide a more efficient checkNull. Previously, every call to a ConstraintManager's isNull would do a full assumeDual to test feasibility. Now, ConstraintManagers can override checkNull if they have a cheaper way to do the same thing. RangeConstraintManager can do this in less than half the work. <rdar://problem/12608209> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167138 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
360b29c52a4c10f9d4c031d84d962ed2a4d58263 |
30-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug in REGISTER_MAP_WITH_PROGRAMSTATE The ImmutableMap should not be the key into the GDM map as there could be several entries with the same map type. Thanks, Jordan. This complicates the usage of the macro a bit. When we want to retrieve the whole map, we need to use another name. Currently, I set it to be Name ## Ty as in "type of the map we are storing in the ProgramState". git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167000 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
ac150f2619efcadbf23acd6e86695b5412723eb1 |
30-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename REGISTER_MAP_WITH_GDM ->REGISTER_MAP_WITH_PROGRAMSTATE git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166999 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
5ac1df3e15f91ed663826faec7efe2462c18d98c |
29-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add checker helpers to CheckerContext. - Adding Immutable Map to GDM and getIdentifierInfo helper method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166975 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
6a329ee7567cf3267ffab2bc755ea8c773d967e7 |
29-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] New option to not suppress null return paths if an argument is null. Our one basic suppression heuristic is to assume that functions do not usually return NULL. However, when one of the arguments is NULL it is suddenly much more likely that NULL is a valid return value. In this case, we don't suppress the report here, but we do attach /another/ visitor to go find out if this NULL argument also comes from an inlined function's error path. This new behavior, controlled by the 'avoid-suppressing-null-argument-paths' analyzer-config option, is turned off by default. Turning it on produced two false positives and no new true positives when running over LLVM/Clang. This is one of the possible refinements to our suppression heuristics. <rdar://problem/12350829> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166941 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporterVisitor.h
|
09f7bf14d25bdc55cb715bc8d40600906848a409 |
29-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use the CallEnter node to get a value for tracked null arguments. Additionally, don't collect PostStore nodes -- they are often used in path diagnostics. Previously, we tried to track null arguments in the same way as any other null values, but in many cases the necessary nodes had already been collected (a memory optimization in ExplodedGraph). Now, we fall back to using the value of the argument at the time of the call, which may not always match the actual contents of the region, but often will. This is a precursor to improving our suppression heuristic. <rdar://problem/12350829> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166940 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
b85cce094887ab5cf1c47acfe306e2fb1d3cfbb1 |
26-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
TrackConstraintBRVisitor and ConditionBRVisitor can emit similar path notes for cases where a value may be assumed to be null, etc. Instead of having redundant diagnostics, do a pass over the generated PathDiagnostic pieces and remove notes from TrackConstraintBRVisitor that are already covered by ConditionBRVisitor, whose notes tend to be better. Fixes <rdar://problem/12252783> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166728 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
4d9e497a2b1eab3b1214848216050c64fc3acfd6 |
24-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace -analyzer-no-eagerly-trim-egraph with graph-trim-interval. After every 1000 CFGElements processed, the ExplodedGraph trims out nodes that satisfy a number of criteria for being "boring" (single predecessor, single successor, and more). Rather than controlling this with a cc1 option, which can only disable this behavior, we now have an analyzer-config option, 'graph-trim-interval', which can change this interval from 1000 to something else. Setting the value to 0 disables reclamation. The next commit relies on this behavior to actually test anything. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166528 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
athSensitive/ExplodedGraph.h
|
d4ce811ae08398e357c8ce3e707ba5f2aa0041a5 |
17-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When binding to a ParenExpr, bind to its inner expression instead. This actually looks through several kinds of expression, such as OpaqueValueExpr and ExprWithCleanups. The idea is that binding and lookup should be consistent, and so if the environment needs to be modified later, the code doing the modification will not have to manually look through these "transparent" expressions to find the real binding to change. This is necessary for proper updating of struct rvalues as described in the previous commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166121 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
|
e5a934d3c840872d58724383a83443ed38f1d831 |
13-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove the "direct bindings only" Environment lookup. This was only used by OSAtomicChecker and makes it more difficult to update values for expressions that the environment may look through instead (it's not the same as IgnoreParens). With this gone, we can have bindExpr bind to the inner expression that getSVal will find. Groundwork for <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165866 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/ProgramState.h
|
42e95acef35f4633119be1c1381e88878c966502 |
13-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove unneeded 'inlineCall' checker callback. I believe the removed assert in CheckerManager says it best: InlineCall is a special hacky callback to allow intrusive evaluation of the call (which simulates inlining). It is currently only used by OSAtomicChecker and should go away at some point. OSAtomicChecker has gone away; inlineCall can now go away as well! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165865 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
b43d87b0646aa04951056c7e0d1ab9a58eb09f66 |
12-Oct-2012 |
Sean Silva <silvas@purdue.edu> |
Remove pointless classof()'s. Updates to llvm/Support/Casting.h have rendered these classof()'s irrelevant. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165770 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
athSensitive/CallEvent.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
d680b986651227b10f1e307861bc23cc89064161 |
12-Oct-2012 |
Sean Silva <silvas@purdue.edu> |
Add missing classof(). Somewhat troublingly, without this implemented, the check inside isa_impl<> would silently use the parent's `classof()` when determining whether it was okay to downcast from the parent to the child! Bug analysis: A build failure after removing the parent's `classof()` initially alerted me to the bug, after which a little bit of thinking and reading of the code identified the root cause. The compiler could be made to prevent this bug from happening if there were a way to ensure that in the code template <typename To, typename From, typename Enabler = void> struct isa_impl { static inline bool doit(const From &Val) { return To::classof(&Val); } }; that `To::classof` is actually inside the class `To`, and not in a base class. I am not aware of a way to check this in C++. If there is a means to perform that check, please bring it up on the list and this will be fixed. There is a high likelihood that there are other instances of this same bug in the codebase. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165769 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
aa66b08d2d8bbf05bae8c68f58724f754ab57b35 |
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Push evalDynamicCast and evalDerivedToBase up to Store. These functions are store-agnostic, and would benefit from information in DynamicTypeInfo but gain nothing from the store type. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165078 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
48d05e6d776f4b68f3db4016eb5680ac041c2b7d |
02-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Refactor clients of AnalyzerOptions::getBooleanOption() to have an intermediate helper method to query and populate the Optional value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165043 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
94bb74cef72a33d77c5d6739abfc0840c781eb8e |
02-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Tweak AnalyzerOptions::getOptionAsInteger() to populate the string table, making it printable with the ConfigDump checker. Along the way, fix a really serious bug where the value was getting parsed from the string in code that was in an assert() call. This means in a Release-Asserts build this code wouldn't work as expected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165041 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
9e28fe60bbfa5de196ce4aa396210bf10fc5c266 |
02-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Change AnalyzerOptions::mayInlineCXXMemberFunction to default populate the config string table. Also setup a test for dumping the analyzer configuration for C++. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165040 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
622b6fb0a1d280c16e135c7e427b79cafffbde1f |
01-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Have AnalyzerOptions::getBooleanOption() stick the matching config string in the config table so that it can be dumped as part of the config dumper. Add a test to show that these options are sticking and can be cross-checked using FileCheck. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164954 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
athSensitive/AnalysisManager.h
|
ca5d78d0bc3010164f2f9682967d64d7e305a167 |
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make ProgramStateManager's SubEngine parameter optional. It is possible and valid to have a state manager and associated objects without having a SubEngine or checkers. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164947 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/ProgramState.h
|
2e4457a006fa2beaa87d909b743aa8f09fbf9ec6 |
30-Sep-2012 |
Bob Wilson <bob.wilson@apple.com> |
Whitespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164900 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
732cdf383f9030ff2b9fb28dfbdae2285ded80c6 |
26-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove unnecessary ASTContext& parameter from SymExpr::getType(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
athSensitive/SymbolManager.h
|
afbb66262948732dc0f9617ffd80768c7145e0c7 |
26-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove 'const' version of getBasicVals(), which is useless. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164643 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/ProgramState.h
|
8cd3f1505f7c8b71cb77aeb8027e6059eb8b6289 |
24-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove unused. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164542 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
b9d4e5e3bb235f1149e99d3c833ff7cb3474c9f1 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Suppress bugs whose paths go through the return of a null pointer. This is a heuristic intended to greatly reduce the number of false positives resulting from inlining, particularly inlining of generic, defensive C++ methods that live in header files. The suppression is triggered in the cases where we ask to track where a null pointer came from, and it turns out that the source of the null pointer was an inlined function call. This change brings the number of bug reports in LLVM from ~1500 down to around ~300, a much more manageable number. Yes, some true positives may be hidden as well, but from what I looked at the vast majority of silenced reports are false positives, and many of the true issues found by the analyzer are still reported. I'm hoping to improve this heuristic further by adding some exceptions next week (cases in which a bug should still be reported). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164449 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
8347d3d45e6f128bba19821f0d2f54cadd4d49bb |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Allow a BugReport to be marked "invalid" during path generation. This is intended to allow visitors to make decisions about whether a BugReport is likely a false positive. Currently there are no visitors making use of this feature, so there are no tests. When a BugReport is marked invalid, the invalidator must provide a key that identifies the invaliation (intended to be the visitor type and a context pointer of some kind). This allows us to reverse the decision later on. Being able to reverse a decision about invalidation gives us more flexibility, and allows us to formulate conditions like "this report is invalid UNLESS the original argument is 'foo'". We can use this to fine-tune our false-positive suppression (coming soon). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164446 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
615a092a511cd2dfe1a5364ebf5f80e55e33034d |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Use llvm::getOrdinalSuffix to print ordinal numbers in diagnostics. Just a refactoring of common infrastructure. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164443 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
ddc0c4814788dda4ef224cd4d22d07154a6ede49 |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Simplify getRuntimeDefinition() back to taking no arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
a43df9539644bf1c258e12710cd69d79b0b078cd |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement faux-body-synthesis of well-known functions in the static analyzer when their implementations are unavailable. Start by simulating dispatch_sync(). This change is largely a bunch of plumbing around something very simple. We use AnalysisDeclContext to conjure up a fake function body (using the current ASTContext) when one does not exist. This is controlled under the analyzer-config option "faux-bodies", which is off by default. The plumbing in this patch is largely to pass the necessary machinery around. CallEvent needs the AnalysisDeclContextManager to get the function definition, as one may get conjured up lazily. BugReporter and PathDiagnosticLocation needed to be relaxed to handle invalid locations, as the conjured body has no real source locations. We do some primitive recovery in diagnostic generation to generate some reasonable locations (for arrows and events), but it can be improved. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
athSensitive/CallEvent.h
|
be2fa7ebf01259b63dc52fe46c8d101c18e72269 |
18-Sep-2012 |
Craig Topper <craig.topper@gmail.com> |
Mark unimplemented copy constructors and copy assignment operators with LLVM_DELETED_FUNCTION. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164102 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/ProgramState.h
|
5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0 |
17-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach the analyzer about implicit initialization of statics in ObjCMethods. Extend FunctionTextRegion to represent ObjC methods as well as functions. Note, it is not clear what type ObjCMethod region should return. Since the type of the FunctionText region is not currently used, defer solving this issue. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164046 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
f56faa01936b9cf909623d7f06e3c2569ca4a78e |
15-Sep-2012 |
Dmitri Gribenko <gribozavr@gmail.com> |
Use LLVM_DELETED_FUNCTION in place of 'DO NOT IMPLEMENT' comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163983 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/CoreEngine.h
|
5f7c0add1ea1d8e1d2f920d77fd1a7b6160c2d93 |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't reimplement an existing function. Thanks Jordan. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163762 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
4ef19205b6912316296db74a9073ad6fa60e4cca |
13-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Refactor logic in ExprEngine for detecting 'noreturn' methods in NSException to a helper object in libAnalysis that can also be used by Sema. Not sure if the predicate name 'isImplicitNoReturn' is the best one, but we can massage that later. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163759 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
16e6a7cb41319459ded69b4d47f405c1035dd347 |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not report use of undef on "return foo();" when the return type is void. Fixes a false positive found by analyzing LLVM code base. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
522fc21f3adc647817edc8017e6928a64c96899b |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach UndefOrNullArgVisitor to track parent regions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163748 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
00b4f64ecb26b031c1f4888f39be6c706156356a |
11-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Member function calls that use qualified names are non-virtual. C++11 [expr.call]p1: ...If the selected function is non-virtual, or if the id-expression in the class member access expression is a qualified-id, that function is called. Otherwise, its final overrider in the dynamic type of the object expression is called. <rdar://problem/12255556> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163577 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not count calls to small functions when computing stack depth. We only want to count how many substantial functions we inlined. This is an improvement to r163558. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163571 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
57330eed3fbe530cb05996e4a346cc5fc217c0d9 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to enable/disable objc inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163562 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
7229d0011766c174beffe6a846d78f448f845b39 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add ipa-always-inline-size option (with 3 as the default). The option allows to always inline very small functions, whose size (in number of basic blocks) is set using -analyzer-config ipa-always-inline-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163558 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
978869aa6e31a4bc6afdf5446ffb717aad3f7d97 |
10-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make the defaults explicit for each of the new config options. Also, document both new inlining options in IPA.txt. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163551 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
81fb50e8b120fc95dc0245b4112972d4d7cca3b5 |
10-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline C++ standard library functions. This is a (heavy-handed) solution to PR13724 -- until we know we can do a good job inlining the STL, it's best to be consistent and not generate more false positives than we did before. We can selectively whitelist certain parts of the 'std' namespace that are known to be safe. This is controlled by analyzer config option 'c++-stdlib-inlining', which can be set to "true" or "false". This commit also adds control for whether or not to inline any templated functions (member or non-member), under the config option 'c++-template-inlining'. This option is currently on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163548 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
fcde83c75ef72da920cfc02e24edeaf36f79f47f |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Have PathDiagnosticPiece::getString() return a StringRef instead of a std::string. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163488 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
ce15cce38c34ae73348457da73c52df81cde3588 |
09-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove dead method ProgramState::MarshalState(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163479 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove ProgramState::getSymVal(). It was being misused by Checkers, with at least one subtle bug in MacOSXKeyChainAPIChecker where the calling the method was a substitute for assuming a symbolic value was null (which is not the case). We still keep ConstraintManager::getSymVal(), but we use that as an optimization in SValBuilder and ProgramState::getSVal() to constant-fold SVals. This is only if the ConstraintManager can provide us with that information, which is no longer a requirement. As part of this, introduce a default implementation of ConstraintManager::getSymVal() which returns null. For Checkers, introduce ConstraintManager::isNull(), which queries the state to see if the symbolic value is constrained to be a null value. It does this without assuming it has been implicitly constant folded. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
athSensitive/ProgramState.h
|
526b4a63cd567393fd43af837ac9d0f35fc267f7 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Add default implementation of ConstraintManager::getSymVal() and a doxygen comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163426 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
ace64b5f6a338111084bf4a7c9b7488a9965ef4e |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove ConstraintManager:isEqual(). It is no longer used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163425 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
200fa2e70d52ae6d620e81cd45536071fdde70c0 |
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't attempt to devirtualize calls to base class destructors. CXXDestructorCall now has a flag for when it is a base destructor call. Other kinds of destructor calls (locals, fields, temporaries, and 'delete') all behave as "whole-object" destructors and do not behave differently from one another (specifically, in these cases we /should/ try to devirtualize a call to a virtual destructor). This was causing crashes in both our internal buildbot, the crash still being tracked in PR13765, and some of the crashes being tracked in PR13763, due to a assertion failure. (The behavior under -Asserts happened to be correct anyway.) Adding this knowledge also allows our DynamicTypePropagation checker to do a bit less work; the special rules about virtual method calls during a destructor only require extra handling during base destructors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163348 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ExprEngine.h
|
9b925ac059089dfe74e3b8fa5effe519fb9ee885 |
06-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Enhance the member expr tracking to account for references. As per Jordan's suggestion. (Came out of code review for r163261.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163269 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
5a1ffe98b04120846a15f7105905b5f363b08635 |
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always include destructors in the analysis CFG. While destructors will continue to not be inlined (unless the analyzer config option 'c++-inlining' is set to 'destructors'), leaving them out of the CFG is an incomplete model of the behavior of an object, and can cause false positive warnings (like PR13751, now working). Destructors for temporaries are still not on by default, since (a) we haven't actually checked this code to be sure it's fully correct (in particular, we probably need to be very careful with regard to lifetime-extension when a temporary is bound to a reference, C++11 [class.temporary]p5), and (b) ExprEngine doesn't actually do anything when it sees a temporary destructor in the CFG -- not even invalidate the object region. To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which controlled all implicit destructors, has been removed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
6ebea89be233eaba5e29de8cf3524ad150c860bb |
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be more forgiving about calling methods on struct rvalues. The problem is that the value of 'this' in a C++ member function call should always be a region (or NULL). However, if the object is an rvalue, it has no associated region (only a conjured symbol or LazyCompoundVal). For now, we handle this in two ways: 1) Actually respect MaterializeTemporaryExpr. Before, it was relying on CXXConstructExpr to create temporary regions for all struct values. Now it just does the right thing: if the value is not in a temporary region, create one. 2) Have CallEvent recognize the case where its 'this' pointer is a non-region, and just return UnknownVal to keep from confusing clients. The long-term problem is being tracked internally in <rdar://problem/12137950>, but this makes many test cases pass. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163220 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
fd11957f02da689480618d5fc642ef14164e9cdc |
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Treat all struct values as regions (even rvalues)." This turned out to have many implications, but what eventually seemed to make it unworkable was the fact that we can get struct values (as LazyCompoundVals) from other places besides return-by-value function calls; that is, we weren't actually able to "treat all struct values as regions" consistently across the entire analyzer core. Hopefully we'll be able to come up with an alternate solution soon. This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163218 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SVals.h
|
91ab900a939e95d965e18299b66928fdbe2aa38d |
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Disallow creation of int vals with explicit bit width / signedness. All clients of BasicValueFactory should be using QualTypes instead, and indeed it seems they are. This caught the (fortunately harmless) bug fixed in the previous commit. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163069 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/APSIntType.h
athSensitive/BasicValueFactory.h
athSensitive/SValBuilder.h
|
02df4f0aef142f00d4637cd851e54da2a123ca8e |
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat all struct values as regions (even rvalues). This allows us to correctly symbolicate the fields of structs returned by value, as well as get the proper 'this' value for when methods are called on structs returned by value. This does require a moderately ugly hack in the StoreManager: if we assign a "struct value" to a struct region, that now appears as a Loc value being bound to a region of struct type. We handle this by simply "dereferencing" the struct value region, which should create a LazyCompoundVal. This should fix recent crashes analyzing LLVM and on our internal buildbot. <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163066 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SVals.h
|
5699f62df144545702b91e91836a63db4e5f2627 |
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always derive a CallEvent's return type from its origin expr. Previously, we preferred to get a result type by looking at the callee's declared result type. This allowed us to handlereferences, which are represented in the AST as lvalues of their pointee type. (That is, a call to a function returning 'int &' has type 'int' and value kind 'lvalue'.) However, this results in us preferring the original type of a function over a casted type. This is a problem when a function pointer is casted to another type, because the conjured result value will have the wrong type. AdjustedReturnValueChecker is supposed to handle this, but still doesn't handle the case where there is no "original function" at all, i.e. where the callee is unknown. Now, we instead look at the call expression's value kind (lvalue, xvalue, or prvalue), and adjust the expr's type accordingly. This will have no effect when the function is inlined, and will conjure the value that will actually be used when it is not. This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately, the cases where it would still be useful are where we need to cast the result of an inlined function or a checker-evaluated function, and in these cases we don't know what we're casting /from/ by the time we can do post- call checks. In light of that, remove AdjustedReturnValueChecker, which was already not checking quite a few calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163065 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
de5277fc555551857602bd7a7e5e616274e2d4a6 |
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Though C++ inlining is enabled, don't inline ctors and dtors. More generally, this adds a new configuration option 'c++-inlining', which controls which C++ member functions can be considered for inlining. This uses the new -analyzer-config table, so the cc1 arguments will look like this: ... -analyzer-config c++-inlining=[none|methods|constructors|destructors] Note that each mode implies that all the previous member function kinds will be inlined as well; it doesn't make sense to inline destructors without inlining constructors, for example. The default mode is 'methods'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163004 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
45796b10d11869e86c6b85e24df165410536b313 |
31-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Make AnalyzerOptions a shared object between CompilerInvocation and AnalysisManager, allowing the StringMap of configuration values to be propagated. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162978 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerOptions.h
|
987695a5ddd78beca784d4e503ffbc2dc879181a |
31-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Move AnalyzerOptions.h into 'Core' StaticAnalyzer sub-library. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162977 91177308-0d34-0410-b5e6-96231b3b80d8
nalyses.def
nalyzerOptions.h
athSensitive/AnalysisManager.h
|
3a46f5fd1709f6df03bbb8b0abf84052dc0f39ff |
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Ensure that PathDiagnostics profile the same regardless of path. PathDiagnostics are actually profiled and uniqued independently of the path on which the bug occurred. This is used to merge diagnostics that refer to the same issue along different paths, as well as by the plist diagnostics to reference files created by the HTML diagnostics. However, there are two problems with the current implementation: 1) The bug description is included in the profile, but some PathDiagnosticConsumers prefer abbreviated descriptions and some prefer verbose descriptions. Fixed by including both descriptions in the PathDiagnostic objects and always using the verbose one in the profile. 2) The "minimal" path generation scheme provides extra information about which events came from macros that the "extensive" scheme does not. This resulted not only in different locations for the plist and HTML diagnostics, but also in diagnostics being uniqued in the plist output but not in the HTML output. Fixed by storing the "end path" location explicitly in the PathDiagnostic object, rather than trying to find the last piece of the path when the diagnostic is requested. This should hopefully finish unsticking our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162965 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
|
fbcb3f11fc90e9f00e6074e9b118b8dc11ca604c |
31-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor the logic that determines if a functions should be reanalyzed. The policy on what to reanalyze should be in AnalysisConsumer with the rest of visitation order logic. There is no reason why ExprEngine needs to pass the Visited set to CoreEngine, it can populate it itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162957 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
dc601f4a9f69315521abddbca04d4652deee5fdb |
31-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r162935 as per Jordan's review. Thanks for catching this! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162949 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
05fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3 |
30-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not propagate the [super init] could be nil assumption from callee to caller. radar://12109638 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162935 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
3b8a04004afa46057a9af4afbd086be71d619793 |
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'VisualizeEGUbi' and 'VisualizeEGDot' to 'visualizeExplodedGraphWithUbigGraph' and 'visualizeExplodedGraphWithGraphViz' respectively. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162931 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
0caa2d47b84337e942b3f6652adfafe4ae506cfe |
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename AnalyzerOptions 'EagerlyAssume' to 'eagerlyAssumeBinOpBifurcation'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162930 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
255d4d4226b24036ceb11228fbb74286e58620f7 |
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Store const& to AnalyzerOptions in AnalysisManager instead of copying individual flags. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162929 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CheckerContext.h
|
5705a40c7ec62f1a903bf26e1e6a7f91b5b98ba3 |
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Move AnalyzerOptions.h to include/clang/StaticAnalyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162928 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
80de487e03dd0f44e4572e2122ebc1aa6a3961f5 |
29-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improved diagnostic pruning for calls initializing values. This heuristic addresses the case when a pointer (or ref) is passed to a function, which initializes the variable (or sets it to something other than '0'). On the branch where the inlined function does not set the value, we report use of undefined value (or NULL pointer dereference). The access happens in the caller and the path through the callee would get pruned away with regular path pruning. To solve this issue, we previously disabled diagnostic pruning completely on undefined and null pointer dereference checks, which entailed very verbose diagnostics in most cases. Furthermore, not all of the undef value checks had the diagnostic pruning disabled. This patch implements the following heuristic: if we pass a pointer (or ref) to the region (on which the error is reported) into a function and it's value is either undef or 'NULL' (and is a pointer), do not prune the function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
|
7b73e0832b20af1f43601a3d19e76d02d9f4dce5 |
29-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Add new -cc1 driver option -analyzer-config, which allows one to specify a comma separated collection of key:value pairs (which are strings). This allows a general way to provide analyzer configuration data from the command line. No clients yet. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162827 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CheckerContext.h
|
a1f81bb0e55749a1414b1b5124bb83b9052ff2ac |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename addTrackNullOrUndefValueVisitor to trackNullOrUndefValue. This helper function (in the clang::ento::bugreporter namespace) may add more than one visitor, but conceptually it's tracking a single use of a null or undefined value and should do so as best it can. Also, the BugReport parameter has been made a reference to underscore that it is non-optional. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162720 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
166b7bd43551964d65bcf4918f51a167b8374e2a |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Refactor FindLastStoreBRVisitor to not find the store ahead of time. As Anna pointed out to me offline, it's a little silly to walk backwards through the graph to find the store site when BugReporter will do the exact same walk as part of path diagnostic generation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162719 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
6062334cc388bce69fb3978c4ecb26c6485a5c2b |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename CallEvent::mayBeInlined to CallEvent::isCallStmt. The two callers are using this in order to be conservative, so let's just clarify the information that's actually being provided here. This is not related to inlining decisions in any way. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162717 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
3682f1ea9c7fddc7dcbc590891158ba40f7fca16 |
25-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use the common evalBind infrastructure for initializers. This allows checkers (like the MallocChecker) to process the effects of the bind. Previously, using a memory-allocating function (like strdup()) in an initializer would result in a leak warning. This does bend the expectations of checkBind a bit; since there is no assignment expression, the statement being used is the initializer value. In most cases this shouldn't matter because we'll use a PostInitializer program point (rather than PostStmt) for any checker-generated nodes, though we /will/ generate a PostStore node referencing the internal statement. (In theory this could have funny effects if someone actually does an assignment within an initializer; in practice, that seems like it would be very rare.) <rdar://problem/12171711> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162637 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/ExprEngine.h
|
df5faf5e7ae6823d0af0b801c4ac26d47f2cee97 |
25-Aug-2012 |
Chad Rosier <mcrosier@apple.com> |
[ms-inline asm] As part of a larger refactoring, rename AsmStmt to GCCAsmStmt. No functional change intended. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162632 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
53b890ba226e8c84a157ab5e757b93666cc6859d |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] More fixups/rewording based on Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162597 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/DynamicTypeInfo.h
athSensitive/ProgramState.h
|
b75e2602e246b44bb285be8cc31166302d77998f |
24-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework how PathDiagnosticConsumers pass knowledge of what files they generated for a given diagnostic to another. Because PathDiagnostics are specific to a give PathDiagnosticConsumer, store in a FoldingSet a unique hash for a PathDiagnostic (that will be the same for the same bug for different PathDiagnosticConsumers) that stores a list of files generated. This can then be read by the other PathDiagnosticConsumers. This fixes breakage in the PLIST-HTML output. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162580 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
81e6cfddcbb32eb9bbbee5c3f5156fc19ca7e774 |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's review comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162579 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/DynamicTypeInfo.h
|
e54778d77d4f2b2d006bdb7e16f49271e1e9d13d |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Move DynamicTypeInfo out of the ProgramState.h (I am not sure if we should move the setters and getters as well and make them into static methods..) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162528 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/DynamicTypeInfo.h
athSensitive/ProgramState.h
|
5a90193ad825656d4a03099cd5e9c928d1782b5e |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make analyzer less aggressive when dealing with [self init]. With inlining, retain count checker starts tracking 'self' through the init methods. The analyser results were too noisy if the developer did not follow 'self = [super init]' pattern (which is common especially in older code bases) - we reported self init anti-pattern AND possible use-after-free. This patch teaches the retain count checker to assume that [super init] does not fail when it's not consumed by another expression. This silences the retain count warning that warns about possibility of use-after-free when init fails, while preserving all the other checking on 'self'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162508 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
70517ca5c07c4b41ff8662b94ee22047b0299f8c |
23-Aug-2012 |
Dmitri Gribenko <gribozavr@gmail.com> |
Fix a bunch of -Wdocumentation warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162452 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/CheckerContext.h
|
ad0fe03b897f9486191e75c8d90c3ffa9b4fd6a5 |
23-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix an assortment of doxygen comment issues found by -Wdocumentation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
1becab2120142b1be87d684a68d3bea98f5abfb5 |
22-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more comments to CallEvent and RuntimeDefinition. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162399 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ProgramState.h
|
e3f3825bd82f84f2a1ae0a02274a33298bb720b3 |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove BasicConstraintManager. It hasn't been in active service for a while. As part of this change, I discovered that a few of our tests were not testing the RangeConstraintManager. Luckily all of those passed when I moved them over to use that constraint manager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162384 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
56a46b51df691f857f7120aaf2d4deeff0b014de |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to 'killBinding()'. The name is more specific, and one just forwarded to the other. Add some doxygen comments along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
66c486f275531df6362b3511fc3af6563561801b |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'currentX' to 'currX' throughout analyzer and libAnalysis. Also rename 'getCurrentBlockCounter()' to 'blockCount()'. This ripples a bunch of code simplifications; mostly aesthetic, but makes the code a bit tighter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995 |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'getConjuredSymbol*' to 'conjureSymbol*'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
athSensitive/SymbolManager.h
|
32a549a64922af0903bdb777613ae7ae4490b70f |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and all forwarding methods. This functionality is already covered by bindLoc(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
5be88dc79d2768d67371103b6535fb8c4a6f27a1 |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and add doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
1833d284346b9fa11aae4e6aa07381347c04745c |
20-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add comments to ExplodedNode::NodeGroup. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162216 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
fa06f0464a04bb7fce1fcfb3780d151bb029e00c |
20-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace boolean IsSink parameters with 'generateSink' methods. Generating a sink is significantly different behavior from generating a normal node, and a simple boolean parameter can be rather opaque. Per offline discussion with Anna, adding new generation methods is the clearest way to communicate intent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162215 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
46e778145c56cd9b42cb399795a294b29cb78b62 |
18-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use PointerUnion to implement ExplodedNode::NodeGroup. We shouldn't be reinventing our own wheels. This also paves the way for marking different kinds of sinks. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162154 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
8ecf59afbab1dbf184dc4c0c47e7213cbd32ba0a |
17-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make BlockDataRegions typed, so that they have DynamicTypeInfo. Fixes <rdar://problem/12119814> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162123 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
2b2c49d2ac5adb34f900f7a854a3ad5a6b0dff3c |
16-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove "range_iterator" from PathDiagnosticPiece and just use ArrayRef<SourceRange> for ranges. This removes conceptual clutter, and can allow us to easy migrate to C++11 style for-range loops if we ever move to using C++11 in Clang. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162029 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
c4bac8e376b98d633bb00ee5f510d5e58449753c |
16-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time. This fixes several issues: - removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer, but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer was used by itself. - emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings, as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine). As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped, just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now the tests have higher fidelity with what users will see. There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph) once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue) for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular consumer expects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162028 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
athDiagnosticConsumers.h
athSensitive/AnalysisManager.h
|
09647f28d7955d0c948ebbbb376a46844056f11a |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Doxygen comments in ObjCMethodCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161917 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
0ad36baedc516005cb6ea97d96327517ebfe5138 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Correctly devirtualize virtual method calls in destructors. C++11 [class.cdtor]p4: When a virtual function is called directly or indirectly from a constructor or from a destructor, including during the construction or destruction of the class’s non-static data members, and the object to which the call applies is the object under construction or destruction, the function called is the final overrider in the constructor's or destructor's class and not one overriding it in a more-derived class. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
5375d82d1d096ddd8879d8e6641a8f042b0d1d43 |
14-Aug-2012 |
Aaron Ballman <aaron@aaronballman.com> |
Changing an enumeration to a const int to fix MSVC compiler warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161877 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
42c72c258e08ca79c9267346b4badcddd8fcd001 |
14-Aug-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Do NOT use inline functions with LLVM_ATTRIBUTE_USED. The function will be emitted into every single TU including the header! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161872 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
955cd444f445bcdbade1cdd3926254c8ee7890d8 |
14-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add getStackFrame() to CheckerContext and ExplodedNode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161819 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ExplodedGraph.h
|
645baeed6800f952e9ad1d5666e01080385531a2 |
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall. While there is now some duplication between SimpleCall and the CXXInstanceCall sub-hierarchy, this is much better than copy-and-pasting the devirtualization logic shared by both instance methods and destructors. An unfortunate side effect is that there is no longer a single CallEvent type that corresponds to "calls written as CallExprs". For the most part this is a good thing, but the checker callback eval::Call still takes a CallExpr rather than a CallEvent (since we're not sure if we want to allow checkers to evaluate other kinds of calls). A mistake here will be caught by a cast<> in CheckerManager::runCheckersForEvalCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161809 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/CallEvent.h
athSensitive/ExprEngine.h
|
b11a3ada9a22e146c6edd33bcc6301e221fedd7a |
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts. ...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class. This allows us to enforce the invariant that a CXXBaseObjectRegion can always provide an offset for its base region if its base region has a known class type, by only allowing virtual bases and direct non-virtual bases to form CXXBaseObjectRegions. This does mean some slight problems for our modeling of dynamic_cast, which needs to be resolved by finding a path from the current region to the class we're trying to cast to. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SVals.h
|
f9c29088a8f64d4af2423fb7b556419597c996df |
11-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove unused StoreManager::CastResult class. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161715 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9 |
10-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Track if a region can be a subclass in the dynamic type info. When object is allocated with alloc or init, we assume it cannot be a subclass (currently used only for bifurcation purposes). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
3f558af01643787d209a133215b0abec81b5fe30 |
10-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases when we don't need to split. In some cases we know that a method cannot have a different implementation in a subclass: - the class is declared in the main file (private) - all the method declarations (including the ones coming from super classes) are in the main file. This can be improved further, but might be enough for the heuristic. (When we are too aggressive splitting the state, efficiency suffers. When we fail to split the state coverage might suffer.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161681 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
824e07ac8f5c9efdddb4254de0203b9675b1ef0b |
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cache the "concrete offset base" for regions with symbolic offsets. This makes it faster to access and invalidate bindings with symbolic offsets by only computing this information once. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161635 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
bf74b568182bcfbe711b6a4f74293d007b8d5f00 |
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Devirtualize StoreManager::evalDerivedToBase(SVal, CastExpr) This was triggering -Woverloaded-virtual, but there's really no reason for the cast version to be virtual anyway. It just calls through to the QualType entry point. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161631 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
2c5f8d79ed128892fa548a3308a938a3a53fbb5e |
09-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] A CXXBaseObjectRegion should correspond to a DIRECT base. An ASTContext's RecordLayoutInfo can only be used to look up offsets of direct base classes, and we need the offset to make non-symbolic bindings in RegionStore. This change makes sure that we have one layer of CXXBaseObjectRegion for each base we are casting through. This was causing crashes on an internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161621 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
d4fe57f7f7a8793227effc1274d70ec44cee9a4f |
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename the function to better reflect what it actually does. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161617 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
5960f4aeac9760198c80e05d70d8dadb1db0ff0e |
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improve readability of the dyn. dispatch bifurcation patch r161552. As per Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161603 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
fc05decf08feefd2ffe8cc250219aee6eab3119c |
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
Unbreak the build. Declaring "const Decl *Decl" is not a good idea. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161567 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
e90d3f847dcce76237078b67db8895eb7a24189e |
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bifurcate the path with dynamic dispatch. This is an initial (unoptimized) version. We split the path when inlining ObjC instance methods. On one branch we always assume that the type information for the given memory region is precise. On the other we assume that we don't have the exact type info. It is important to check since the class could be subclassed and the method can be overridden. If we always inline we can loose coverage. Had to refactor some of the call eval functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ExprEngine.h
|
919e8a1c6698bfa6848571d366430126bced727d |
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Clean up the printing of FieldRegions for leaks. Unfortunately, generalized region printing is very difficult: - ElementRegions are used both for casting and as actual elements. - Accessing values through a pointer means going through an intermediate SymbolRegionValue; symbolic regions are untyped. - Referring to implicitly-defined variables like 'this' and 'self' could be very confusing if they come from another stack frame. We fall back to simply not printing the region name if we can't be sure it will print well. This will allow us to improve in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161512 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
e0d24eb1060a213ec9820dc02c45f26b2d5b348b |
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets. RegionStore currently uses a (Region, Offset) pair to describe the locations of memory bindings. However, this representation breaks down when we have regions like 'array[index]', where 'index' is unknown. We used to store this as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC). Furthermore, ProgramState::scanReachableSymbols depended on the existence of a sub-region map, but RegionStore's implementation doesn't provide for such a thing. Moving the store-traversing logic of scanReachableSymbols into the StoreManager allows us to eliminate the notion of SubRegionMap altogether. This fixes some particularly awkward broken test cases, now in array-struct-region.c. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/Store.h
|
c7ecc43c33a21b82c49664910b19fcc1f555aa51 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a checker to manage dynamic type propagation. Instead of sprinkling dynamic type info propagation throughout ExprEngine, the added checker would add the more precise type information on known APIs (Ex: ObjC alloc, new) and propagate the type info in other cases (ex: ObjC init method, casts (the second is not implemented yet)). Add handling of ObjC alloc, new and init to the checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ProgramState.h
|
685379965c1b105ce89cf4f6c60810932b7f4d0d |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When a symbol is null, we should track its constraints. Because of this, we would previously emit NO path notes when a parameter is constrained to null (because there are no stores). Now we show where we made the assumption, which is much more useful. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161280 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
b0e1badc2a9b8275b48dfb15c6907a282b949b02 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Flatten path diagnostics for text output like we do for HTML. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161279 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
9da59a67a27a4d3fc9d59552f07808a32f85e9d3 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track null/uninitialized C++ objects used in method calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161278 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
athSensitive/CallEvent.h
|
148fee988e32efcad45ecf7b3bf714880c657dda |
03-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] ObjC Inlining: Start tracking dynamic type info in the GDM In the following code, find the type of the symbolic receiver by following it and updating the dynamic type info in the state when we cast the symbol from id to MyClass *. MyClass *a = [[self alloc] init]; return 5/[a testSelf]; git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161264 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
e1ce783708b65eaa832ffad03d239264046dd0eb |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Turn -cfg-add-initializers on by default, and remove the flag. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161060 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
ef15831780b705475e7b237ac16418e9b53cb7a6 |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Let CallEvent decide what goes in an inital stack frame. This removes explicit checks for 'this' and 'self' from Store::enterStackFrame. It also removes getCXXThisRegion() as a virtual method on all CallEvents; it's now only implemented in the parts of the hierarchy where it is relevant. Finally, it removes the option to ask for the ParmVarDecls attached to the definition of an inlined function, saving a recomputation of the result of getRuntimeDefinition(). No visible functionality change! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161017 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
57c033621dacd8720ac9ff65a09025f14f70e22f |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Perform post-call checks for all inlined calls. Previously, we were only checking the origin expressions of inlined calls. Checkers using the generic postCall and older postObjCMessage callbacks were ignored. Now that we have CallEventManager, it is much easier to create a CallEvent generically when exiting an inlined function, which we can then use for post-call checks. No test case because we don't (yet) have any checkers that depend on this behavior (which is why it hadn't been fixed before now). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161005 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/CallEvent.h
|
2d18419a7c8f9a2975d4ed74a202de6467308ad1 |
30-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Very simple ObjC instance method inlining - Retrieves the type of the object/receiver from the state. - Binds self during stack setup. - Only explores the path on which the method is inlined (no bifurcation to explore the path on which the method is not inlined). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ProgramState.h
|
e13056a8bb532ddfdc07952a13169aa422bacd3b |
30-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-ipa=dynamic option for inlining dynamically dispatched methods. Disabled by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160988 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
d563d3fb73879df7147b8a5302c3bf0e1402ba18 |
30-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Only allow CallEvents to be created by CallEventManager. This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ExprEngine.h
|
a989aebecde3d2fd374b894e894a950b0bd9cf67 |
30-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove declaration of refactored evalObjCMessage method. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160985 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
972a3680bdd95f2e9d6316b391f1c47513dc78cc |
30-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Introduce a CallEventManager to keep a pool of CallEvents. This allows us to get around the C++ "virtual constructor" problem when we'd like to create a CallEvent from an ExplodedNode, an inlined StackFrameContext, or another CallEvent. The solution has three parts: - CallEventManager uses a BumpPtrAllocator to allocate CallEvent-sized memory blocks. It also keeps a cache of freed CallEvents for reuse. - CallEvents all have protected copy constructors, along with cloneTo() methods that use placement new to copy into CallEventManager-managed memory, vtables intact. - CallEvents owned by CallEventManager are now wrapped in an IntrusiveRefCntPtr. Going forwards, it's probably a good idea to create ALL CallEvents through the CallEventManager, so that we don't accidentally try to reclaim a stack-allocated CallEvent. All of this machinery is currently unused but will be put into use shortly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160983 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/ProgramState.h
|
6fbe0317aa38dbac22a29f7519c52db838aa1990 |
27-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's and Fariborz's review of r160768. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160883 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
7c99aa385178c630e29f671299cdd9c104f1c885 |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] CallEvent is no longer a value object. After discussion, the type-based dispatch was decided to be bad for maintenance and made it very easy for subtle bugs to creep in. Instead, we'll just be very careful when we do have to allocate these on the heap. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160817 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
|
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CallEvent.h
athSensitive/Calls.h
|
3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C++ member initializers and destructors. This uses CFG to tell if a constructor call is for a member, and uses the member's region appropriately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
888c90ac0ef6baf7d47e86cf5cc4715707d223b1 |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle base class initializers and destructors. Most of the logic here is fairly simple; the interesting thing is that we now distinguish complete constructors from base or delegate constructors. We also make sure to cast to the base class before evaluating a constructor or destructor, since non-virtual base classes may behave differently. This includes some refactoring of VisitCXXConstructExpr and VisitCXXDestructor in order to keep ExprEngine.cpp as clean as possible (leaving the details for ExprEngineCXX.cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160806 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
183ba8e19d49ab1ae25d3cdd0a19591369c5ab9f |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Show paths for destructor calls. This modifies BugReporter and friends to handle CallEnter and CallExitEnd program points that came from implicit call CFG nodes (read: destructors). This required some extra handling for nested implicit calls. For example, the added multiple-inheritance test case has a call graph that looks like this: testMultipleInheritance3 ~MultipleInheritance ~SmartPointer ~Subclass ~SmartPointer ***bug here*** In this case we correctly notice that we started in an inlined function when we reach the CallEnter program point for the second ~SmartPointer. However, when we reach the next CallEnter (for ~Subclass), we were accidentally re-using the inner ~SmartPointer call in the diagnostics. Rather than guess if we saw the corresponding CallExitEnd based on the contents of the active path, we now just ask the PathDiagnostic if there's any known stack before popping off the top path. (A similar issue could have occured without multiple inheritance, but there wasn't a test case for it.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160804 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
9dc5167e4017ef4c8b327abb6f72225eec2e0f19 |
26-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Inline ObjC class methods. - Some cleanup(the TODOs) will be done after ObjC method inlining is complete. - Simplified CallEvent::getDefinition not to require ISDynamicDispatch parameter. - Also addressed Jordan's comments from r160530. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160768 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
athSensitive/ExprEngine.h
|
a2ad394dad8c90fb0374756a331d4a141f4a227d |
26-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove the ability to stash arbitrary pointers into UndefinedVal (no longer needed). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160764 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
829846b5002d7f8d6a54b9c58c3ecf7cac56d2cc |
25-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove ExprEngine::MarkBranch(), as it is no longer needed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160761 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
e81ce256b62717dd846bd19aecc4115a0dcd4995 |
20-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor VisitObjCMessage and VisitCallExpr to rely on the same implementation for call evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160530 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
7dfbfb1835198bf0cb4b0caaa5d9f3c6301f9920 |
19-Jul-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Silence GCC warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160485 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
8919e688dc610d1f632a4d43f7f1489f67255476 |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall. As pointed out by Anna, we only differentiate between explicit message sends This also adds support for ObjCSubscriptExprs, which are basically the same as properties in many ways. We were already checking these, but not emitting nice messages for them. This depends on the llvm::PointerIntPair change in r160456. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
4b3918e9534e46f9ac067c6e0018f94613292efa |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename addExtraInvalidatedRegions to get...Regions Per Anna's comment that "add..." sounds like a method that modifies the receiver, rather than its argument. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160460 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7 |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make CallEvent a value object. We will need to be able to easily reconstruct a CallEvent from an ExplodedNode for diagnostic purposes, and that's exactly what factory functions are for. CallEvent objects are small enough (four pointers and a SourceLocation) that returning them through the stack is fairly cheap. Clients who just need to use existing CallEvents can continue to do so using const references. This uses the same sort of "kind-field-dispatch" as SVal, though most of the nastiness is contained in the DISPATCH and DISPATCH_ARG macros at the end of the file. (We can't use a template for this because member-pointers to base class methods don't call derived-class methods even when casting to the derived class. We can't use variadic macros because they're a C99 feature.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160459 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
4ccc4cc5d4e7c5c436d5f45065d3639cfc7c6e48 |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove obsolete ObjCPropRef SVal kind. ObjC properties are handled through their semantic form of ObjCMessageExprs and their wrapper PseudoObjectExprs, and have been for quite a while. The syntactic ObjCPropertyRefExprs do not appear in the CFG and are not visited by ExprEngine. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160458 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
7ff8f5e9b1b8d87a64853735fc4218a6a9f70652 |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove unused ExprEngine::VisitCXXTemporaryObjectExpr. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160457 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
7373ead8719ceedd21c108419159ea74b02b2461 |
18-Jul-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Remove trivial destructor from SVal. This enables the faster SmallVector in clang and also allows clang's unused variable warnings to be more effective. Fix the two instances that popped up. The RetainCountChecker change actually changes functionality, it would be nice if someone from the StaticAnalyzer folks could look at it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160444 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
19e88c02889017753747e64606d9b1ad0041f11a |
17-Jul-2012 |
Alexey Samsonov <samsonov@google.com> |
Fixup for r160345 - uintptr_t is not always unsigned git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160349 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
e4ed215ccf35d4407916cd0223de26f87ccbb055 |
17-Jul-2012 |
Galina Kistanova <gkistanova@gmail.com> |
Fixed few warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160345 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
c36b30c92c78b95fd29fb5d9d6214d737b3bcb02 |
12-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline virtual calls unless we can devirtualize properly. Previously we were using the static type of the base object to inline methods, whether virtual or non-virtual. Now, we try to see if the base object has a known type, and if so ask for its implementation of the method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160094 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
0ffbfd1a7f80f9a3c07317cb8f44c562f2ba1ba5 |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add debug.DumpCalls, which prints out any CallEvents it sees. This is probably not so useful yet because it is not path-sensitive, though it does try to show inlining with indentation. This also adds a dump() method to CallEvent, which should be useful for debugging. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160030 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
athSensitive/ProgramState.h
athSensitive/Store.h
|
8d276d38c258dfc572586daf6c0e8f8fce249c0e |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a CXXDestructorCall CallEvent. While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160020 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
28038f33aa2db4833881fea757a1f0daf85ac02b |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints. These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
ee158bc29bc12ce544996f7cdfde14aba63acf4d |
09-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When inlining, make sure we use the definition decl. This was a regression introduced during the CallEvent changes; a call to FunctionDecl::hasBody was also being used to replace the decl found by lookup with the actual definition. To keep from making this mistake again (particularly if/when we start inlining Objective-C methods), this commit adds a "getDefinition()" method to CallEvent, which should do the right thing under any circumstances. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
0e020adcb69e91826f4ee14a0c1d381f7b624a34 |
07-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add comments to Calls.h. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159867 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
478851c3ed6bd784e7377dffd8e57b200c1b9ba9 |
04-Jul-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Drop the ASTContext.h include from Stmt.h and fix up transitive users. This required moving the ctors for IntegerLiteral and FloatingLiteral out of line which shouldn't change anything as they are usually called through Create methods that are already out of line. ASTContext::Deallocate has been a nop for a long time, drop it from ASTVector and make it independent from ASTContext.h Pass the StorageAllocator directly to AccessedEntity so it doesn't need to have a definition of ASTContext around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159718 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
|
fdaa33818cf9bad8d092136e73bd2e489cb821ba |
04-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline non-static member overloaded operators. Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
70cbf3cc09eb21db1108396d30a414ea66d842cc |
03-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation. This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
840c9842ed8b3a2b1276519a80f89e7d409fc148 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "Remove unused member (& consequently unused parameter) in SA's Call code." ...and instead add an accessor. We're not using this today, but it's something that should probably stay in the source for potential clients, and it doesn't cost a lot. (ObjCPropertyAccess is only created on the stack, and right now there's only ever one alive at a time.) This reverts r159581 / commit 8e674e1da34a131faa7d43dc3fcbd6e49120edbe. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159595 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
8e674e1da34a131faa7d43dc3fcbd6e49120edbe |
02-Jul-2012 |
David Blaikie <dblaikie@gmail.com> |
Remove unused member (& consequently unused parameter) in SA's Call code. This member became unused in r159559. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159581 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
|
96479da6ad9d921d875e7be29fe1bfa127be8069 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add generic preCall and postCall checks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159562 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
69f87c956b3ac2b80124fd9604af012e1061473a |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for inlining and call default-evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159560 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/Calls.h
athSensitive/ExprEngine.h
|
de507eaf3cb54d3cb234dc14499c10ab3373d15f |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends. The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall argument, which can represent an explicit message send (ObjCMessageSend) or an implicit message generated by a property access (ObjCPropertyAccess). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159559 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/Calls.h
athSensitive/ObjCMessage.h
|
cde8cdbd6a662c636164465ad309b5f17ff01064 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends. Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper around the existing ObjCMessage abstraction (over message sends and property accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses ObjCMessageSend and ObjCPropertyAccess. In addition to removing yet another wrapper object, this should make it easy to add a ObjCSubscriptAccess call event soon. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159558 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
|
85d7e01cf639b257d70f8a129709a2d7594d7b22 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Move the last bits of CallOrObjCMessage over to CallEvent. This involved refactoring some common pointer-escapes code onto CallEvent, then having MallocChecker use those callbacks for whether or not to consider a pointer's /ownership/ as escaping. This still needs to be pinned down, and probably we want to make the new argumentsMayEscape() function a little more discerning (content invalidation vs. ownership/metadata invalidation), but this is a good improvement. As a bonus, also remove CallOrObjCMessage from the source completely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159557 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Calls.h
athSensitive/ObjCMessage.h
|
740d490593e0de8732a697c9f77b90ddd463863b |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/Calls.h
athSensitive/ExprEngine.h
athSensitive/ProgramState.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
8d0f528afd9fcb9ebb8ccb4b8a529a05375b628e |
29-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test that we are, in fact, doing a DFS on the ExplodedGraph. Previously: ...the comment said DFS... ...the WorkList being instantiated said BFS... ...and the implementation was actually DFS... ...due to an unintentional change in 2010... ...and everything kept working anyway. This fixes our std::deque implementation of BFS, but switches back to a SmallVector-based implementation of DFS. We should probably still investigate the ramifications of DFS vs. BFS, especially for large functions (and especially when we hit our block path limit), since this might completely change our memory use. It can also mask some bugs and reveal others depending on when we halt analysis. But at least we will not have this kind of little mistake creep in again. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159397 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
ee681111c713f300884550b1503713ade3b32374 |
25-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be careful about implicitly-declared operator new/delete. (PR13090) The implicit global allocation functions do not have valid source locations, but we still want to treat them as being "system header" functions for the purposes of how they affect program state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159160 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2 |
23-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/SValBuilder.h
|
16ae9de07730832945204877d752db7f1c070962 |
22-Jun-2012 |
James Dennett <jdennett@google.com> |
Documentation cleanup: making \param docs match the code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158982 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
2df3a7a58b37d87ebf9e5e9251d56d1f8506f8b6 |
20-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove dead code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158849 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
7c0d2a366d2810e711f9c6ced8cbd923b9fc823a |
17-Jun-2012 |
James Dennett <jdennett@google.com> |
Documentation cleanup: Add missing parameter name to a \param command git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158621 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
8cd64b4c5553fa6284d248336cb7c82dc960a394 |
11-Jun-2012 |
Chad Rosier <mcrosier@apple.com> |
Etch out the code path for MS-style inline assembly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158325 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
e17fdb2d5dbf0ffefd417587003eebbe5baf5984 |
07-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Anti-aliasing: different heap allocations do not alias Add a concept of symbolic memory region belonging to heap memory space. When comparing symbolic regions allocated on the heap, assume that they do not alias. Use symbolic heap region to suppress a common false positive pattern in the malloc checker, in code that relies on malloc not returning the memory aliased to other malloc allocations, stack. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
|
36397dc6c1bf1513a3bac4eabe9209e5b2295a55 |
06-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Provide debug descriptions for all memory space regions. Patch by Guillem Marpons! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158106 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
facde171ae4b8926622a1bffa833732a06f1875b |
06-Jun-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Remove unused private member variables found by clang's new -Wunused-private-field. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158086 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
c0e71a15bce9bb8c0d4ec1c42fab70c03140f9e0 |
02-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rely on canBeInlined utility instead of checking CallExpr explicitly. This will make it easier to add inlining support to more expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157870 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
7fa9b4f258636d89342eda28f21a986c8ac353b1 |
01-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/SymbolManager.h
|
ed7948b55fa4b2505f240cc5287137f451172b4c |
31-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Allow some BugReports to opt-out of PathDiagnostic callstack pruning until we have significantly improved the pruning heuristics. The current heuristics are pretty good, but they make diagnostics for uninitialized variables warnings particularly useless in some cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157734 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
009072fd2223c823032b804c64ca7b4c7c3badc4 |
28-May-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Fix suspicous isIntegerType() check, found by PVS Studio (PR12357). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157593 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
1831bd29572b6a7243da73d9606209190c0217de |
27-May-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Pass ProgramStateRef by reference. Retain + Release on a ref counted pointer is cheap, but not free (it adds a function call in this case). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157534 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
591b5f53c0e11d87401b4804bb1be1a53f95c619 |
19-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] For locations, use isGLValue() instead of isLValue(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157088 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
1d8db493f86761df9470254a2ad572fc6abf1bf6 |
08-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Rework both constraint managers to handle mixed-type comparisons. This involves keeping track of three separate types: the symbol type, the adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL", if the type of $x is 'signed char', the adjustment type is 'int' and the comparison type is 'unsigned long long'. Most of the time these three types will be the same, but we should still do the right thing when the comparison value is out of range, and wraparound should be calculated in the adjustment type. This also re-disables an out-of-bounds test; we were extracting the symbol from non-additive SymIntExprs, but then throwing away the integer. Sorry for the large patch; both the basic and range constraint managers needed to be updated together, since they share code in SimpleConstraintManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156361 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/APSIntType.h
|
d3b6d99cd57522b15dcec0eb771a97d9599d4db2 |
08-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Add an abstraction for the bit width and signedness of an APSInt. No functionality change. There are more parts of the analyzer that could use the convenience of APSIntType, particularly the constraint engine, but that needs a fair amount of rewriting to handle mixed-type constraints anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156360 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/APSIntType.h
athSensitive/BasicValueFactory.h
|
85d87df66a50a15a1957f7213802000b451a8ec9 |
04-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Explicitly model capturing variables for blocks in the static analyzer. Fixes <rdar://problem/11125868>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
aca0ac58d2ae80d764e3832456667d7322445e0c |
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers escape through calls containing callback args. (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
baeaa9ad120f60b1c5b6f1a84286b507dbe2b55d |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a complexity bound on history tracking. (Currently, this is only relevant for tainted data.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156050 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
914edfbb07c34d8cad8d0451193b4f9dd02a2d5a |
02-May-2012 |
David Blaikie <dblaikie@gmail.com> |
Fix some doxycomments using \class instead of \brief. Patches by Csaba Raduly (rcsaba@gmail.com) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156027 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/SymbolManager.h
|
e2241cbb0455a60ba27d6c4b9d601ffef3ed103f |
01-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Construct a SymExpr even when the constraint solver cannot reason about the expression. This essentially keeps more history about how symbolic values were constructed. As an optimization, previous to this commit, we only kept the history if one of the symbols was tainted, but it's valuable keep the history around for other purposes as well: it allows us to avoid constructing conjured symbols. Specifically, we need to identify the value of ptr as ElementRegion (result of pointer arithmetic) in the following code. However, before this commit '(2-x)' evaluated to Unknown value, and as the result, 'p + (2-x)' evaluated to Unknown value as well. int *p = malloc(sizeof(int)); ptr = p + (2-x); This change brings 2% slowdown on sqlite. Fixes radar://11329382. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
d200187bd27f9ad68699693a6e57f9ee3ff260fa |
28-Apr-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove references to idx::TranslationUnit. Index is dead, cross-TU inlining never panned out. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155751 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
577f14a34457032523e59dbbbacb88ca2cd4db57 |
27-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Use a deque instead of an ImmutableList in AnalysisConsumer to preserve the file order that functions are visited. Should fix the buildbots. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155693 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/FunctionSummary.h
|
cb0a5039c243f5b0c178e70f424adac334e5789b |
27-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Change FunctionSummary.h's definition of SetOfDecls to be an ImmutableList instead of a mutable SmallPtrSet. While iterating over LocalTUDecls, there were cases where we could modify LocalTUDecls, which could result in invalidating an iterator and an analyzer crash. Along the way, switch some uses of std::queue to std::dequeue, which should be slightly more efficient. Unfortunately, this is a difficult case to create a test case for. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155680 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/FunctionSummary.h
|
0b3ade86a1c60cf0c7b56aa238aff458eb7f5974 |
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead bindings right before leaving a function. This is needed to ensure that we always report issues in the correct function. For example, leaks are identified when we call remove dead bindings. In order to make sure we report a callee's leak in the callee, we have to run the operation in the callee's context. This change required quite a bit of infrastructure work since: - We used to only run remove dead bindings before a given statement; here we need to run it after the last statement in the function. For this, we added additional Program Point and special mode in the SymbolReaper to remove all symbols in context lower than the current one. - The call exit operation turned into a sequence of nodes, which are now guarded by CallExitBegin and CallExitEnd nodes for clarity and convenience. (Sorry for the long diff.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
heckerManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SymbolManager.h
|
39b73411313b1204601755e8c4813853f30b9a33 |
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove unused method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155243 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
5a878b2cabb940bf3c1ac420a52cac305765e3e2 |
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Constify git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155242 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
ffce11b95aad43cae18ac8700c026f0d6f62dfa2 |
16-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] +comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154865 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
87e154c09bbb060a0620bc988d7723bee64fb79c |
13-Apr-2012 |
Douglas Gregor <dgregor@apple.com> |
Remove the unused, unmaintained, incomplete 'Index' library. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154672 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
6a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3 |
13-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] PCH deserialization optimization. We should not deserialize unused declarations from the PCH file. Achieve this by storing the top level declarations during parsing (HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call graph only for those. Tested the patch on a sample ObjC file that uses PCH. With the patch, the analyzes is 17.5% faster and clang consumes 40% less memory. Got about 10% overall build/analyzes time decrease on a large Objective C project. A bit of CallGraph refactoring/cleanup as well.. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/FunctionSummary.h
|
e19f86edab8fb3c2c1e99e0e9815b6058504df9b |
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for C++ dynamic_cast. Simulate the C++ dynamic_cast in the analyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
4335a48214dcbb258e08c8867c45648e25edb2ec |
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] + comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154433 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
bd613137499b1d4c3b63dccd0aa21f6add243f4f |
07-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that when we generate a new ExplodedNode we use the same Expr* as the one being currently visited. This is preparation for transitioning to having ProgramPoints refer to CFGStmts. This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact, as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but it will look a lot cleaner when were start using CFGStmt* in the appropriate places. As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed. I have audited these, and they look reasonable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/ExprEngine.h
|
7947bb127629faff4897f04e579d80fd0d7f97f0 |
06-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Fix false positive: pointer might escape through CG*WithData. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154156 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
6fd4505ad67a186da8cc26fdb493c93fe4937555 |
05-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Require that all static analyzer issues have a category. As part of this change, consolidate some commonly used category strings into global references (more of this can be done, I just did a few). Fixes <rdar://problem/11191537>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154121 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
cd863466b97cee866370bc6ff75370628ab01d37 |
05-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a coverage calculation to FunctionSummaries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154076 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/FunctionSummary.h
|
07189521a15d9c088216b943649cb9fe231cbb57 |
04-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Include the "issue context" (e.g. function or method) where a static analyzer issue occurred in the plist output. Fixes <rdar://problem/11004527> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154030 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
|
e62f048960645b79363408fdead53fec2a063c52 |
03-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Record the basic blocks covered by the analyzes run. Store this info inside the function summary generated for all analyzed functions. This is useful for coverage stats and can be helpful for analyzer state space search strategies. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/FunctionSummary.h
|
4a5f724538cbc275370c9504e8169ce92503256c |
01-Apr-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Analyzer: Store BugReports directly in a ilist instead of adding another layer of inderection with std::list git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153847 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
3bbd8cd831788c506f2980293eb3c7e1b3ca2501 |
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not inline functions which previously reached max block count. This is an optimization for "retry without inlining" option. Here, if we failed to inline a function due to reaching the basic block max count, we are going to store this information and not try to inline it again in the translation unit. This can be viewed as a function summary. On sqlite, with this optimization, we are 30% faster then before and cover 10% more basic blocks (partially because the number of times we reach timeout is decreased by 20%). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153730 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/ExprEngine.h
|
b47dbcbc12430fdf3e5a5b9f59cdec5480e89e75 |
28-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Enable retry exhausted without inlining by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153591 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
253955ca25c7e7049963b5db613c0cd15d66e4f8 |
28-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyser] Stats checker: do not mark a node as exhausted if we will retry without inlining. (+ other minor cleanups) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153581 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
5903a373db3d27794c90b25687e0dd6adb0e497d |
27-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to re-analyze a dead-end path without inlining. The analyzer gives up path exploration under certain conditions. For example, when the same basic block has been visited more than 4 times. With inlining turned on, this could lead to decrease in code coverage. Specifically, if we give up inside the inlined function, the rest of parent's basic blocks will not get analyzed. This commit introduces an option to enable re-run along the failed path, in which we do not inline the last inlined call site. This is done by enqueueing the node before the processing of the inlined call site with a special policy encoded in the state. The policy tells us not to inline the call site along the path. This lead to ~10% increase in the number of paths analyzed. Even though we expected a much greater coverage improvement. The option is turned off by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/ProgramStateTrait.h
|
14d83810b14a558b4d3671c75b6d0f5608898d9e |
27-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a typo. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153533 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/TaintManager.h
|
d961ea91e14fdf4047db3e891def9951ee7afde1 |
24-Mar-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Don't cast away constness. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153381 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
3bc75ca0a636efdc93471c9b6bad43085a22bf3a |
24-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Restart path diagnostic generation if any of the visitors change the report configuration while walking the path. This required adding a change count token to BugReport, but also allowed us to ditch ImmutableList as the BugReporterVisitor data type. Also, remove the hack from MallocChecker, now that visitors appear in the opposite order. This is not exactly a fix, but the common case -- custom diagnostics after generic ones -- is now the default behavior. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153369 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
011534973e83db51f49098871186238fc64d5f54 |
24-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able to reset diagnostic generation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153368 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
514f2c9dcb9e04b52929c5b141a6fe88bd68b33f |
23-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/CheckerContext.h
|
3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19 |
21-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: Utter the name of the leaked variable. Specifically, we use the last store of the leaked symbol in the leak diagnostic. (No support for struct fields since the malloc checker doesn't track those yet.) + Infrastructure to track the regions used in store evaluations. This approach is more precise than iterating the store to obtain the region bound to the symbol, which is used in RetainCount checker. The region corresponds to what is uttered in the code in the last store and we do not rely on the store implementation to support this functionality. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
|
27b867ea1c9cb4b40f9b817c303d6df3ee753da9 |
21-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyser] Factor out FindUniqueBinding from RetainCount checker. So that others could use it as well. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153211 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
8fe4525680ce72e90cee3e58b5654e3ae955447f |
17-Mar-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
StaticAnalyzer: Fix abuse of StringRef in r152962. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152982 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
fbd58743fa6c793b84ed60a0e2325335a53da6c4 |
17-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Shorten the stack hint diagnostic. Do not display the standard "Returning from 'foo'", when a stack hint is available. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
56a938ff85a444eb3d30d2634d92ce5b1f6fae56 |
17-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Create symbol-aware stack hints (building upon r152837). The symbol-aware stack hint combines the checker-provided message with the information about how the symbol was passed to the callee: as a parameter or a return value. For malloc, the generated messages look like this : "Returning from 'foo'; released memory via 1st parameter" "Returning from 'foo'; allocated memory via 1st parameter" "Returning from 'foo'; allocated memory returned" "Returning from 'foo'; reallocation of 1st parameter failed" (We are yet to handle cases when the symbol is a field in a struct or an array element.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
d7b83148ac0a537f5ec9be9d87bbec62b75435f4 |
15-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove AggExprVisitor, a dead class that assisted in visiting C++ expressions with a "base object", because the CFG is now linearized. The only use of AggExprVisitor was in #if 0 code (the analyzer's incomplete C++ support), so there is no actual behavioral change anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152856 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
368a0d565f078666ca5bfb7fe08d04648688e4bc |
15-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow checkers to supply call stack diagnostic hints for the BugVisitor DiagnosticPieces. When checkers create a DiagnosticPieceEvent, they can supply an extra string, which will be concatenated with the call exit message for every call on the stack between the diagnostic event and the final bug report. (This is a simple version, which could be/will be further enhanced.) For example, this is used in Malloc checker to produce the ", which allocated memory" in the following example: static char *malloc_wrapper() { // 2. Entered call from 'use' return malloc(12); // 3. Memory is allocated } void use() { char *v; v = malloc_wrapper(); // 1. Calling 'malloc_wrappers' // 4. Returning from 'malloc_wrapper', which allocated memory } // 5. Memory is never released; potential memory leak git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
3183075ff18449594090aacb1793d66f58a95429 |
14-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] A fixup to r152734. Always initialize the flag. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152742 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
9373937945e1e075dfa08169eaccc1ad0b31f699 |
14-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Diagnostics: Supply Caller information even if the bug occurs in the callee. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152734 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
e5049d29f74183d88a332ce4868e84a9c12893f0 |
14-Mar-2012 |
Erik Verbruggen <erikjv@me.com> |
[Analyser] Removes more recursive visitations in ExprEngine that are no longer needed as the CFG is fully linearized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152720 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
29af3c7425b791daf5c9ec0a820d6b5baab2ddcc |
13-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Add new analyzer diagnostic mode where plists can have bugs that span multiple files. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152586 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnosticConsumers.h
|
4e4d08403ca5cfd4d558fa2936215d3a4e5a528d |
11-Mar-2012 |
David Blaikie <dblaikie@gmail.com> |
Unify naming of LangOptions variable/get function across the Clang stack (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152536 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/AnalysisManager.h
athSensitive/CheckerContext.h
|
337e4dbc6859589b8878146a88bebf754e916702 |
10-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix regression in analyzer of NOT actually aborting on Stmts it doesn't understand. We registered as aborted, but didn't treat such cases as sinks in the ExplodedGraph. Along the way, add basic support for CXXCatchStmt, expanding the set of code we actually analyze (hopefully correctly). Fixes: <rdar://problem/10892489> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152468 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/SValBuilder.h
|
3fd5f370a28552976c52e76c3035d79012d78dda |
09-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for NoRedundancy inlining mode. We do not reanalyze a function, which has already been analyzed as an inlined callee. As per PRELIMINARY testing, this gives over 50% run time reduction on some benchmarks without decreasing of the number of bugs found. Turning the mode on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152440 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
aa49a7d70e58dac2aeb40664ba16d2ea571b8c95 |
09-Mar-2012 |
Daniel Dunbar <daniel@zuster.org> |
[AST/etc] Mark {getSourceRange(),getStartLoc(),getEndLoc()} as LLVM_READONLY. - The theory here is that we have these functions sprinkled in all over the place. This should allow the optimizer to at least realize it can still do load CSE across these calls. - I blindly marked all instances as such, even though the optimizer can infer this attribute in some instances (some of the inline ones) as that was easier and also, when given the choice between thinking and not thinking, I prefer the latter. You might think this is mere frivolity, but actually this is good for a .7 - 1.1% speedup on 403.gcc/combine.c, JSC/Interpreter.cpp, OGF/NSBezierPath-OAExtensions.m. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152426 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
76aadc346c3a4c363238a1e1232f324c3355d9e0 |
09-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
66253352131e3e7a22b3bfd0e180607aa2bfb988 |
09-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rework inlining related command line options. - Remove -analyzer-inline-call. - Add -analyzer-ipa=[none|inlining] - Add -analyzer-inlining-mode to allow experimentation for different performance tuning methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152351 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
1a45a5ff5d495cb6cd9a3d4d06317af79c0f634d |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer support for new NSArray/NSDictionary/NSNumber literals. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152139 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
097ebb3d8ce55d1f78a3f1e7a0978dbde5ee2898 |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add a diagnostic event when entering a call via inlining, within the callee, and add an edge. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152086 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
a81d3d434e6581ff354eaf5b2a3c25c75771a792 |
04-Mar-2012 |
Erik Verbruggen <erikjv@me.com> |
Remove a recursive visitation in ExprEngine that is no longer needed because the CFG is fully linearized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152007 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
8235f9c9c8b3d1737d1c6bd57f7ba3f616b92392 |
02-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bound the size of the functions being inlined + provide command line options for inlining tuning. This adds the option for stack depth bound as well as function size bound. + minor doxygenification git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
ca23eb212c78ac5bc62d0881635579dbe7095639 |
29-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: A pointer might escape through CFContainers APIs, funopen, setvbuf. Teach the checker and the engine about these APIs to resolve malloc false positives. As I am adding more of these APIs, it is clear that all this should be factored out into a separate callback (for example, region escapes). Malloc, KeyChainAPI and RetainRelease checkers could all use it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
56d8fd0b8a65a7ccae3669cd650ca443cf24b73e |
29-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer diagnostics] Refactor filtration for PathDiagnosticConsumers that don't support cross-file diagnostics into a common place. Currently enable this filtration for Plist diagnostics as well. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151664 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
c89f4b05721f53cfbaf32fc0c4919a4616e68440 |
29-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer diagnostics] start prototyping stripping PathDiagnostics of unnecessary cruft caused by path inlining. This introduces a concept of a "prunable" PathDiagnosticEvent. Currently this is a flag, but we may evolve the concept to make this more dynamically inferred. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151663 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
4c62b557e269a27515dfca1f754ae936c8fdb824 |
28-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] teach analyzer about ObjC literals, thus trimming out a false positive with the malloc() checker involving comparing literal addresses to nil. Fixes <rdar://problem/10579586> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151602 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
e739a29c62c67eaec0af5c4d5c75f9e8f11228bd |
28-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Don't generate an explicit ExplodedNode for StringLiterals; have the SVal lazily generated from Environment::getSVal(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151589 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
2042fc1f36d471f437023e8899f0c4fadded2341 |
24-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Reapply r151317, but when computing the PathDiagnostic profile and size keep into account the nested structure. Also fix a problem with how inlining impacted Plist diagnostics, and adjust some ranges in the Plist output due to richer information. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151346 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
68fbb3ee8ae374b6505885e907af92b30eef707f |
24-Feb-2012 |
Chad Rosier <mcrosier@apple.com> |
Revert r151317 - Rework PathDiagnostics creation.. - to appease buildbots. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151338 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
4970ef8e3527ac356c3e9fde0710561fcb63e424 |
24-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework PathDiagnostic creation so that call stacks are captured by a nested PathDiagnosticCallPiece. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151317 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
ca8e36eb637e232475ef31c3f22d5da907390917 |
23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: unique leak reports by allocation site. When we find two leak reports with the same allocation site, report only one of them. Provide a helper method to BugReporter to facilitate this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151287 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
c93dc7889644293e318e19d82830ea2acc45b678 |
20-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
Basic: import IntrusiveRefCntPtr<> into clang namespace The class name is long enough without the llvm:: added. Also bring in RefCountedBase and RefCountedBaseVPTR. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150958 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/ProgramState_Fwd.h
|
b673a41c92aa276f2e37164d0747be1cfb0c402b |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150888 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
3133f79cf451e6302dd05262b4bb53a3e4fd6300 |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/SValBuilder.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
2ac58b7c09938bb28c51c7cd2deada609b75f94c |
16-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change." git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150722 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
437ee81e54f39c2363d5fe0ea155604c28adc615 |
16-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150720 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
626719bd2c09e27fe7c182724a812d27f59e3819 |
16-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Minor cleanup to node data structures in ExplodedGraph. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150719 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
66c40400e7d6272b0cd675ada18dd62c1f0362c7 |
14-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Malloc Checker optimistic in presence of inlining. (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
c8bb3befcad8cd8fc9556bc265289b07dc3c94c8 |
13-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: rework realloc handling: 1) Support the case when realloc fails to reduce False Positives. (We essentially need to restore the state of the pointer being reallocated.) 2) Realloc behaves differently under special conditions (from pointer is null, size is 0). When detecting these cases, we should consider under-constrained states (size might or might not be 0). The old version handled this in a very hacky way. The code did not differentiate between definite and possible (no consideration for under-constrained states). Further, after processing each special case, the realloc processing function did not return but chained to the next special case processing. So you could end up in an execution in which you first see the states in which size is 0 and realloc ~ free(), followed by the states corresponding to size is not 0 followed by the evaluation of the regular realloc behavior. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150402 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
63d7ed8470e528da56ac4b2deae6a31ec3bd44fc |
13-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
StaticAnalyzer/Core: fix MSVC build Fix build breakage from r150378: MSVC only allows taking the address of a member function using the &ClassName::Function syntax.# It was giving git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150387 91177308-0d34-0410-b5e6-96231b3b80d8
heckerRegistry.h
|
802e02463b880f53a6e645bde78cc412481ce9e0 |
08-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Change PathDiagnosticPieces to be reference counted (simplifying their management), and introduce 'PathPieces' as a common container for PathDiagnosticPieces. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150054 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
eb2303c76971f3cc89bbb367ce77564ccb7042c1 |
08-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Refactor pieces of PathDiagnostic into its own data structure. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150053 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
a6215b93c45ee5931536b57d10b987747143313b |
07-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Create PathDiagnosticCallEnter and PathDiagnosticCallExit, to remark calls in PathDiagnostics from other events. This will have potential uses later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149960 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
57300760964904cc022a175643342f29f46b7e6b |
07-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow each CString check to be enabled/disabled separately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149947 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
0cf3d471546251b12bdceff360f66c079c40526c |
07-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Add basic BugReporter support for CallEnter/CallExit. WIP. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149939 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
6f42b62b6194f53bcbc349f5d17388e1936535d7 |
05-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
Basic: import OwningPtr<> into clang namespace git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/CoreEngine.h
athSensitive/ProgramState.h
|
c6c090d2722dbae27c7623184bed668f7f29fa4b |
04-Feb-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
StaticAnalyzer: Remove FixIts from PathDiagnosticPieces. They were unused and pulled in Diagnostic.h for no reason. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149779 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
e00575f12cf280621ef0ed4d69e909bdfc9fef62 |
31-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149407 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
a5888f61be9f8d76e9b48a453dbced50523bd2e0 |
31-Jan-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Reapply r149311 which I reverted by mistake. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. # Please enter the commit message for your changes. Lines starting git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149339 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/ProgramState.h
athSensitive/ProgramState_Fwd.h
|
b9b0f6fb6e113b5e6be3ed9754c4bf01186a17bf |
31-Jan-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Revert r149311 which failed to compile. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149336 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/ProgramState.h
athSensitive/ProgramState_Fwd.h
|
841c96a885789afea9d32d1d842033768c6d2b19 |
31-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Minor refactor within ExplodedGraph::reclaimRecentlyAllocatedNodes(). No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149320 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
72e93068c9f2a2f05f5932cdd917c0d2961f11d9 |
31-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149311 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/ProgramState.h
athSensitive/ProgramState_Fwd.h
|
23111dcd66ee242bb5caf1ecab01bd930ee42c4c |
31-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Convert more uses of 'const ProgramState *' to 'ProgramStateRef' (and related cleanups). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149310 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ConstraintManager.h
|
af5f550de34525b27f0ff31dafce792caf8158b6 |
30-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/ProgramStateTrait.h
|
c35fb7d67d515659ad2325b4f6ec97c9fe64fb63 |
28-Jan-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers that don't care about the language don't have to pull in all the headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149178 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
athSensitive/Store.h
|
8bef8238181a30e52dea380789a7e2d760eac532 |
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/CheckerContext.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
athSensitive/ProgramState.h
athSensitive/ProgramState_Fwd.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
bac341346f3c8e713a8f165120fd54b500ee3189 |
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework flushing of diagnostics to PathDiagnosticConsumer. Now all the reports are batched up before being flushed to the underlying consumer implementation. This allows us to unique reports across analyses to multiple functions (which shows up with inlining). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148997 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/AnalysisManager.h
|
9d0064e802e81d0833e8ccab8978b17c0bac3625 |
25-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Reduce peak memory usage of the static analyzer on sqlite3 (when using inlining) by 30%. This is accomplished by periodically reclaiming nodes in the graph. This was an optimization done before the CFG was linearized, but the CFG linearization destroyed that optimization since each freshly created node couldn't be reclaimed and we only looked at a window of nodes created between each ProcessStmt. This optimization can be reclaimed my merely expanding the window to N number of nodes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148888 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
f75823f3d4dc84630a9d814479140145e62accf3 |
23-Jan-2012 |
Bill Wendling <isanbard@gmail.com> |
Remove extraneous ';'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148739 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
be97b7edb112520d764c24e8b9a159cdc692bcb6 |
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Skip casts when determining taint dependencies + pretty printing. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
461af1e502c9bd88330bbf17d449a7593fc0d624 |
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a utility method that allows to find the macro name used at the given location. This could be useful when checkers' logic depends on whether a function is called with a given macro argument. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148516 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
3352ea914644edb2b56e999c94319ce915d68707 |
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Cleanup of Symbol dump methods. This solves a the issue of crashing gdb when dumping a symbol; + consistent vitualization. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148515 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
9b0c749a20d0f7d0e63441d76baa15def3f37fdb |
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: add taint propagation rules for string and memory copy functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
0849ade4bb3e90c2fc0ce01ccd330f76f91da732 |
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/Store.h
|
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e |
12-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename Store::Retrieve() -> getBinding(). + all the other Retrieve..() methods + a comment for ElementRegion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/Store.h
|
f660f4b1bedd6b614acf52108894b805b807c50d |
10-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Make PathDiagnosticLocation more resilient to null Stmt pointers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147854 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
9f03b62036a7abc0a227b17f4a49b9eefced9450 |
07-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add basic format string vulnerability checking. We already have a more conservative check in the compiler (if the format string is not a literal, we warn). Still adding it here for completeness and since this check is stronger - only triggered if the format string is tainted. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
3070e13dca5bbefa32acb80ce4a7b217a6220983 |
07-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove CallEnterNodeBuilder and simplify ExprEngine::processCallEnter(). This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147705 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
894212e9510299abb203801e014fec76b7926a05 |
07-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove CallExitNodeBuilder, and have ExprEngine::processCallExit() do the work manually. This is a nice simplification. Along the way, fix Exprengine::processCallExit() to also perform the postStmt callback for checkers for CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147697 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
5eca482fe895ea57bc82410222e6426c09e63284 |
06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
athSensitive/ProgramState.h
athSensitive/SymbolManager.h
|
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 |
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
athSensitive/ObjCMessage.h
athSensitive/ProgramState.h
athSensitive/Store.h
|
d1247c5002ee511e6f6c3c26214221c391d437cd |
04-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Extend ConditionBRVisitor to handle condition variable assignments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147526 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
|
4617e2843e711136746865d7d6d27c7cead21f2b |
22-Dec-2011 |
Eli Friedman <eli.friedman@gmail.com> |
Delete stray semicolon. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147140 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
2cbe791d3e9b26f30196c4852da75d9ad67b4ad9 |
20-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not invalidate arguments when the parameter's type is a pointer to const. (radar://10595327) The regions corresponding to the pointer and reference arguments to a function get invalidated by the calls since a function call can possibly modify the pointed to data. With this change, we are not going to invalidate the data if the argument is a pointer to const. This change makes the analyzer more optimistic in reporting errors. (Support for C, C++ and Obj C) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147002 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
99ba9e3bd70671f3441fb974895f226a83ce0e66 |
20-Dec-2011 |
David Blaikie <dblaikie@gmail.com> |
Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugType.h
ugReporter/PathDiagnostic.h
hecker.h
athSensitive/AnalysisManager.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/MemRegion.h
athSensitive/ProgramState.h
athSensitive/SValBuilder.h
athSensitive/Store.h
athSensitive/SubEngine.h
athSensitive/SymbolManager.h
|
777d706547ebc751d998134774d9d5388fff8e02 |
17-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor: Simplify & assert. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146792 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
28fd98d66dab4569316de2b5881d91b534a42461 |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor refactor to addTaint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146535 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
6d6a83c3754b449ac24cb83bc6d3a50b10535061 |
11-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer]Fixup r146336. Forgot to commit the Header files. Rename generateUnknownVal -> makeGenericVal. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146337 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
athSensitive/SymbolManager.h
|
432a4558b8161c362efc319f8a38e074e74da201 |
09-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix inconsistency on when SValBuilder assumes that 2 types are equivalent. + A taint test which tests bitwise operations and which was triggering an assertion due to presence of the integer to integer cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146240 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
5fc7def35ee858791e591d005b4ae343632ca931 |
08-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] If memory region is tainted mark data as tainted. + random comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146199 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through MemRegions. SVal can be not only a symbol, but a MemRegion. Add support for such cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
a91efb14cbf6af999dee02d9b611a57c7b52e209 |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add comments related to symbol_iterator git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145987 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it for finding dependent symbols for taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
aace9ef279be3dadd53b481aee568bd7701178b4 |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through NonLoc to NonLoc casts. - Created a new SymExpr type - SymbolCast. - SymbolCast is created when we don't know how to simplify a NonLoc to NonLoc casts. - A bit of code refactoring: introduced dispatchCast to have better code reuse, remove a goto. - Updated the test case to showcase the new taint flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
eca4e6e58170129cbdf105b2cfdb9ac2be61858e |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark ConstraintManager::canReasonAbout as protected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145857 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
5344baa704f42b22d9df25c24ffbbf6b4716603b |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Unify SymbolVal and SymExprVal under a single SymbolVal class. We are going into the direction of handling SymbolData and other SymExpr uniformly, so it makes less sense to keep two different SVal classes. For example, the checkers would have to take an extra step to reason about each type separately. The classes have the same members, we were just using the SVal kind field for easy differentiation in 3 switch statements. The switch statements look more ugly now, but we can make the code more readable in other ways, for example, moving some code into separate functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145833 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
76462f00854171d2aa3ebc34f9aac1c60021b0ea |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove all uses of ConstraintManager::canResonAbout() from ExprEngine. Teach SimpleConstraintManager::assumeSymRel() to propagate constraints to symbolic expressions. + One extra warning (real bug) is now generated due to enhanced assumeSymRel(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
3cdf584e068056540769dab56cad333e95a89750 |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] First step toward removing ConstraintManager::canReasonAbout() from the ExprEngine. ExprEngine should not care if the constraint solver can reason about something or not. The solver should be able to handle all the SymExprs. To do this, the solver should be able to keep track of not only the SymbolData but of all SymExprs. This is why we change SymbolRef to be an alias of SymExpr*. When encountering an expression it cannot simplify, the solver should just add the constraints to it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145831 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
d0167853f46cc78787b06255a44f9dcedd04a8ec |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add ability to do a simple ProgramState dump() without requiring CFG. Adding more ugly code; the evnvironment printing should be moved to envirnment at some point. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145828 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
b805c8ff133ef0c62df032fa711d6b13c5afd7f4 |
01-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor checkers to use helper function for getting callee Decl and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145576 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
d699ade396154238d2fa89bb09fdcfb79e5587d2 |
30-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add checker callback documentation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145495 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
|
426a16d4e5efe7efefe76c405207fb170cabad9f |
28-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor cleanup of SValBuilder: Comments + code reuse. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145274 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
0d339d06f8721d14befd6311bd306ac485772188 |
18-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not conjure a symbol when we need to propagate taint. When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation. With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted. Also added some comments and asserts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
64595fad45abbaa75778609196b9223bf6f2ece3 |
17-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a helper method. Naming could be improved.. But we should first rename the classes in the SVal hierarchy. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144927 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
eeea7c44a6986752fedee1ef1bcef855db373872 |
17-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analysis] Constify CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144871 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
8687397a0f5e4c31632959d907f9d9b38d793b1c |
17-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Put CheckerConext::getCalleeName out of line. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144870 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
ceac1d6e0521161adf7ac9834b1a7ad79d73fea4 |
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Adding basic building blocks for taint propagation. TaintTag.h will contain definitions of different taint kinds and their properties. TaintManager will be responsible for implementing taint specific operations, storing taint. ProgramState will provide API to add/remove taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/TaintManager.h
athSensitive/TaintTag.h
|
fc06f988da35df75e623e0c1c4e4db4d36c0b43b |
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Cleanup (NULL -> 0, no doxygen in cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144822 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
c24b4f6ae3507aa501c2dafdff62c1059f8922ad |
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Assert if we ever get an over constrained state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144821 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ConstraintManager.h
|
0e12ebfd3ef9ad5d894466c6e4910ac5e6041034 |
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Factor getCalleeName to the checker context. many checkers are trying to get a name of the callee when visiting a CallExpr, so provide a convenience API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144820 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
6800ba622e4edf287801ac69c42c61e7e294b06b |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make sink attribute part of the node profile. This prevents caching out on nodes with different sink flag. (This is a cleaner fix for radar://10376675). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143517 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
2d950b15b2b2b650b102ecf0c6b50b45e0cb6a8a |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix PR11282 - an assert in markAsSink This is another fallout from the refactoring. We were calling MarkAsSink on a cached out node. (Fixes radar://10376675) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143516 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
|
cdcc653642d4ac9255c574fabe74a48149e06733 |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] BranchNodeBuilder should not generate autotransitions. This fixes radar://10367606 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143514 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/WorkList.h
|
a2a860306e3697fcf7a12c5ba59551ca60578968 |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] CheckerContext::getPredecessor() cleanup Remove unnecessary calls to CheckerContext::getPredecessor() + Comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143513 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
6706e9783fc18cb32810404b599bf88aeaa389dc |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove the CheckerContext's destructor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143512 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
df95d146c13cf02e106b32b01d147577d6d6b5a1 |
27-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimize by not generating empty transitions in CheckerContext Go not generate a new transition by addTransition methods if nothing changed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143091 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
4d2ae4a70336dc2aa11389b34946be152bb454c9 |
27-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Move enqueueEndOfFunction into CoreEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143090 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
dd7ddf2b2296f95e7591ca3f9791f0eb9a15ee42 |
27-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make CoreEngine responsible for enqueueing Stmt Nodes. Enqueue the nodes generated as the result of processing a statement inside the Core Engine. This makes sure ExpEngine does not access CoreEngine's private members and is more concise. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143089 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
39ac1876f6f9a1a8e0070f0df61036c7ba05202b |
26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add getLocationContext to CheckerContext CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143061 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
48468dfeb3ccf099ed51ff5dcb8ae0fe783692fd |
26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove EmitBasicReport form CheckerContext. The path sensitive checkers should use EmitBasicReport, which provides the node information. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143060 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
0bd6b110e908892d4b5c8671a9f435a1d72ad16a |
26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename generateNode -> addTransition in CheckerContext Also document addTransition methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
1d08123ae7ba455fff8c61fb546521ef95496f08 |
26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove forward declarations of GenericNodeBuilder git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143058 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/SubEngine.h
|
c03a39e16762627b421247b12a2658be630a3300 |
26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] GenericNodeBuilder -> NodeBuilder. Remove GenericNodeBuilder and use a class inherited from NodeBuilder instead. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143057 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
6a93bd526c5136ee5a26871e829cf5a8548a1c6a |
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove getEngine() form CheckerContext A step toward making sure that diagnostics report should only be generated though the CheckerContext and not though BugReporter or ExprEngine directly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142947 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
063e0887ad65d666d23ee3178436ad6507abbd1b |
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simplify CheckerContext Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
2e9264a17bacc7dc228d5f93caaeb98dfb23d508 |
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove unused headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142945 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
f236b6503a4dbc44c1fccb8756bd57c9d0efdf05 |
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make branch for condition callback use CheckerContext Now, all the path sensitive checkers use CheckerContext! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142944 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
af498a28797c075c48d7e943df5f5a8e78ed8eb0 |
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyze] Convert EndOfPath callback to use CheckerContext Get rid of the EndOfPathBuilder completely. Use the generic NodeBuilder to generate nodes. Enqueue the end of path frontier explicitly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
aa0aeb1cbe117db68d35700cb3a34aace0f99b99 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Node builders cleanup + comments Renamed PureNodeBuilder->StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
cca79db2ea94f71fb088f4b0f104cef8bedf8ff2 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove the old StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142848 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/SubEngine.h
|
056c4b46335a3bd2612414735d5749ee159c0165 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Completely remove the global Builder object. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142847 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Convert ExprEngine::visit() to use short lived builders. This commit removes the major functional dependency on the ExprEngine::Builder member variable. In some cases the code became more verbose. Particularly, we call takeNodes() and addNodes() to move responsibility for the nodes from one builder to another. This will get simplified later on. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142831 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
d231d0130a95336610ab9a42eaeb2cdac19992f3 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Convert VisitDeclStmt to use local node builder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142830 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
6b6152ba96c164a292cc0b8d8b1d4cecbec27a60 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Convert more functions (ex:evalBind()) to iterative builders git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142829 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
8ad8c546372fe602708cb7ceeaf0ebbb866735c6 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Convert VisitUnaryOperator to use short lived Node builders To convert iteratively, we take the nodes the local builder will process from the from the global builder and add the generated nodes after the short lived builder is done. PureStmtNodeBuilder is the one we should eventually use everywhere. Added Stmt index and Builder context as ExprEngine globals. To avoid passing them around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142828 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
8ff5c41f2bde7ebbe568b4c15e59f14b8befae66 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use a temporary builder in CheckerContext. First step toward removing the global Stmt builder. Added several transitional methods (like takeNodes/addNodes). + Stop early if the set of exploded nodes for the next iteration is empty. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142827 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
1aae01a8308d2f8e31adab3f4d7ac35543aac680 |
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Pass external Dst set to NodeBuilder This moves the responsibility for storing the output node set from the builder to the clients. The builder is just responsible for transforming an input set into the output set: {SrcSet/SrcNode} -> {Frontier}. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142826 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
1d26f48dc2eea1c07431ca1519d7034a21b9bcff |
24-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
athSensitive/AnalysisManager.h
athSensitive/CheckerContext.h
athSensitive/ExprEngine.h
athSensitive/MemRegion.h
|
b1b5daf30d2597e066936772bd206500232d7d65 |
23-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove LocationContext creation methods from AnalysisManager, and change clients to use AnalysisContext instead. WIP to remove/reduce ExprEngine's usage of AnalysisManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142739 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/ExprEngine.h
|
c9003c89c7aead1686aba89c8e3ddcea1f2bec54 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Move predecessor into the NodeBuilder context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142454 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
4e82d3cf6fd4c907265e3fa3aac0a835c35dc759 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make NodeBuilder and Pred node loosely coupled NodeBuilder should not assume it's dealing with a single predecessor. Remove predecessor getters. Modify the BranchNodeBuilder to not be responsible for doing auto-transitions (which depend on a predecessor). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142453 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
3152b3cb5b6a2f797d0972c81a5eb3fd69c0d620 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove StmtNodeBuilder from CheckerContext It now only depends on a generic NodeBuilder instead. As part of this change, make the generic node builder results finalized by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142452 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
319a9184d5ca9f77622b45ae15c08f6b9ce01621 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Subclassing StmtBuilder from the NodeBuilder git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142451 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
67d9fbac82922ef5b6c9ba5ac4a07e80f9960292 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove dead code. ExprEngineBuilders is not used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142450 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngineBuilders.h
|
9a1e3ab97c48a0381cce449b833c56997048a6d1 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove redundant method + whitespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142449 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
cd656cab3fa3dd4b0c974c6ae1c0e60880b18c22 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Modularize builder use in processBranch. Take advantage of the new builders for branch processing. As part of this change pass generic NodeBuilder (instead of BranchNodeBuilder) to the BranchCondition callback and remove the unused methods form BranchBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142448 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
ad62deeb70e97da6bd514dd390ea1ce6af6ad81d |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Pull Pred out of NodeBuilderContext. Each builder will have a different one, so it doesn't make sense to keep it in the context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142447 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
8c90aadce33152b03e3d1d5c7e9c468c7b939c96 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rely only on NodeBuilder inside CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142446 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
d0b080664bc6514793351a2e2a87ce67214f5306 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove redundant assignment operator. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142445 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
|
a19f4af7a94835ce4693bfe12d6270754e79eb56 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] NodeBuilder Refactoring: Subclass BranchNodeBuilder from NodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142444 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/SubEngine.h
|
f05aac8472d8ed081a361a218fd14d59ddc91b85 |
19-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Node Builder refactoring: Introduce a simple Node Builder responsible for generating the node frontier. Currently we have a bunch of different node builders which provide some common functionality but are difficult to refactor. Each builder generates nodes of different kinds and calculates the frontier nodes, which should be propagated to the next step (after the builder dies). Introduce a new NodeBuilder which provides very basic node generation facilities but takes care of the second problem. The idea is that all the other builders will eventually use it. Use this builder in CheckerContext instead of StmtNodeBuilder (the way the frontier is propagated to the StmtBuilder is a hack and will be removed later on). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142443 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
71fdf469a3b6d7d557b0bfba36e8659f4966c565 |
11-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove an unused member variable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141690 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
15e24065a4a8b6b9d58e138969f8f6ac7495d837 |
08-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove dead code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141432 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
a5937bbfd19e61d651a58b0f0ffeef68457902a5 |
08-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove AnalysisContext::getLiveVariables(), and introduce a templatized mechanism to lazily create analyses that are attached to AnalysisContext objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141425 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
athSensitive/ExplodedGraph.h
|
3f5e8d87dbf449d8b39fe96068415428594d370e |
07-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Previously, we were passing to CheckerContext enough info to construct ProgramPoint and it would pass it to NodeBuilder, which in turn would construct the ProgramPoint. Simplify it by just passing the ProgramPoint to CheckerContext. The ProgramPoint can only change if a checker tags it, in which case, we create a copy with the given tag. (A step closer to making CheckerContext work with all node builders, not only StmtNodeBuilder.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141417 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
390909c89c98ab1807e15e033a72e975f866fb23 |
06-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove the dependency on CheckerContext::getStmt() as well as the method itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141262 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/CheckerContext.h
|
4eff823b8e015e003d05953c386d685ee6bb6235 |
06-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove the last dependency on CheckerContext::getNodeBuilder() as well as the method itself. Checkers should not directly access NodeBuilder, nodes can be created by calling the CheckerContext's generateNode() methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141249 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
dff6ef903ff4fcb43b5ea292ecd772e381393b5d |
06-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] OSAtomicChecker implements evalCall in a very invasive way - it essentially simulates inlining of compareAndSwap() by means of setting the NodeBuilder flags and calling ExprEngine directly. This commit introduces a new callback just for this checker to unblock checker API cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141246 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
cbb7add8d7e3f868a6695a601e45fc13257bd9f5 |
05-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Removing more references to CheckerContext::getNodeBuilder(): ask CheckerContext to generate the nodes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141136 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
50f3cade2a87bda005ae08d42b51c5b960b07779 |
05-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor node generation to use less code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141133 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
5d0ea6d62e076c776ddad028c4eb615783be1323 |
04-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141112 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BlockCounter.h
athSensitive/CheckerContext.h
|
8ba721428af297e540fb40b176eeeea0ee010c1f |
04-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove unused methods, add comments to others. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141098 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
1e9775d36de8edbc665c0f0bf4dae1400e3d2112 |
03-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] In UndefBranchChecker, use a node generator which does not create an edge/branching. (ExprEngine should be in charge of generating edges. The checkers should examine the condition and generate PostCondition node if needed.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141034 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
d30952838421ddfb9f7e346b2ba8213889a5f789 |
30-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-purge option which can take on multiple values, remove -analyzer-purge=none. (Small refactor as well: move the work of constructing AnalysisManager from the callers to the class itself.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140838 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
c41f3652f4e836cff988320bad2d6c5f416ebe1f |
29-Sep-2011 |
Anna Zaks <ganna@apple.com> |
Add more comments to several checker callback functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140797 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
f39d962cf84f46d2c0512157259ae1d41a1a5173 |
27-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Renaming PathDiagnosticClients.h to PathDiagnosticConsumers.h (issue 5397) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140596 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnosticClients.h
athDiagnosticConsumers.h
|
ef3643fbbbf66247c5e205497fae0f46e240c143 |
26-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Rename PathDiagnosticClient to PathDiagnosticConsumer as per issue 5397 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140492 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
athDiagnosticClients.h
athSensitive/AnalysisManager.h
|
d6471f7c1921c7802804ce3ff6fe9768310f72b9 |
26-Sep-2011 |
David Blaikie <dblaikie@gmail.com> |
Rename Diagnostic to DiagnosticsEngine as per issue 5397 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140478 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
athSensitive/AnalysisManager.h
|
5f625712f622f6e57de17b6f7eec242956b993ee |
22-Sep-2011 |
Anna Zaks <ganna@apple.com> |
ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts). Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140323 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
|
09ca9ef5f92cf4375a19bf7a80d571779c9f370f |
21-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug where PathDiagnosticLocation did not generate a valid range and add asserts to check validity of locations early on. Ignore invalid ranges in PathDiagnosticPiece (they could be added by checker writers). Addresses radar://10124836 and radar://radar10102244. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140218 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
ef70724e66d8ede0edbe260fbcdd9781688bb1fd |
21-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Remove SourceRange member from PathDiagnosticLocation - FullSourceLoc Loc and PathDiagnosticRange Range are sufficient. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140206 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
c20f399889f53f74eef0404388de4086b36d2948 |
21-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Add comments. Remove the last constructor which could allow invalid locations to slip in. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140200 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
bc0a3016b9fd51f84780f0f82fb0f7f2ca93e8ff |
21-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove dead code. (This code is trying to implement the idea that PathDiagnosticClient could implement DiagnosticClient and has been dead for a while). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140198 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
590dd8e0959d8df5621827768987c4792b74fc06 |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Make PathDiagnosticLocation(SourceLocation...) private. Most of the effort here goes to making BugReport refer to a PathDiagnosticLocation instead of FullSourceLocation. (Another step closer to the goal of having Diagnostics which can recover from invalid SourceLocations.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140182 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
|
b66f4867702697f1f097ab95f8a23a39310430e0 |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Use PointerUnion of LocationContext and AnalysisContext to support creation of PathDiagnosticLocations for checkers which no context sensitivity. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140162 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
e97436732c0f20aa15ecbf92a5f905eee888528f |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Lazily query LocationContext for a ParentMap as needed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140147 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
23803374d8db054192ea6fcb766b87e04f26c8fb |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove LocationContext and a dependency from PathDiagnosticLoaction. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140146 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
b490c4bb01a5a3a86947851fa66823dda32ed012 |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor PathDiagnosticLocation: Pre-compute Range and Location with gen methods on object creation instead of computing on demand. This would allow to remove dependency on the other members which help with construction and might not even be valid at later stages (to be removed later on). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140131 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
1531bb0c69d9afff6a6434e4cadf345eb628b287 |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use more create methods in the PathDiagnostic, cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140130 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
4522e2a9e7fa0313e8e5a388d8f0ab66feccc6af |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] BugReport has a profile method, so reuse it here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140100 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
cf8742e471a712d551d9a348c85050427dce0b4a |
20-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a convinience method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140092 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
0cd59482abd8aec9ed1eaad11f5fe9c1e42639f6 |
16-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 5 of ?): - Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods. - The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private. - Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139932 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
4fdf97bf51d2a156cec3232efd6dae110aa02aa0 |
15-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?): - Fix a fixme and move the logic of creating a PathDiagnosticLocation corresponding to a ProgramPoint into a PathDiagnosticLocation constructor. - Rename PathDiagnosticLocation::create to differentiate from the added constructor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139825 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
220ac8c175cb1bf9b18d82eefe036995d7a2164d |
15-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?): - Modify all PathDiagnosticLocation constructors that take Stmt to also requre LocationContext. - Add a constructor which should be used in case there is no valid statement/location (it will grab the location of the enclosing function). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139763 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporterVisitor.h
ugReporter/PathDiagnostic.h
|
33e8491d7cf757812b9f8d126e0368c3ac0d2dd6 |
14-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove redundant copy constructor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139704 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
4d353eb8af7324c0ee3736c736668f6c9b162ee0 |
14-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] After CFG has been linearized, we can have a situation where an ExpoledNode has an invalid SourceLocation (which has no correspondence in the source code). This commit is the first step to solve this problem. - It adds LocationContext to the PathDiagnosticLocation object and uses it to lookup the enclosing statement with a valid location. - So far, the LocationContext is only available when the object is constructed from the ExplodedNode. - Already found some subtle bugs(in plist-output-alternate.m) where the intermediate diagnostic steps were not previously shown. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139703 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
43f48b0b1bc763dc56db6e01de4fcc44ad389bef |
14-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Make PathDiagnosticLocation responsible for creating a valid object given an ExploadedNode (the same logic can be reused by other checkers). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139672 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
a81fffe678107d49a9f1c03d80adf85f18a9867f |
12-Sep-2011 |
Anna Zaks <ganna@apple.com> |
Doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139508 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
d1e5a89226da79f7e6f43d40facc46abda9e5245 |
02-Sep-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove TransferFuncs.h, then deal with the fallout. And with that, TransferFuncs is gone! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139003 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/TransferFuncs.h
|
17a38e2636a8b1ce473fc6504c4b16cb09db29f4 |
02-Sep-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine. Remove TransferFuncs from ExprEngine and AnalysisConsumer. Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138998 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/ExprEngine.h
|
f5e39ece75b18c9ce19351929d4879ad9731e7f5 |
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Header cleanup to decrease coupling (and recompilation). No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138729 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugType.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExprEngine.h
|
dbd658e139b3e0bf084f75feaea8d844af9e319f |
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState. Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging. This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138728 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/ProgramState.h
athSensitive/SubEngine.h
athSensitive/TransferFuncs.h
|
93bd5ca766c4d7906878f4ffe76ce1b2080e540b |
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove the ProgramState argument from ExprEngine::evalBind; we were ignoring it anyway. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138720 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
e38dd95dddb8f1b38469c8d0e28aa1c660489324 |
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Migrate argument invalidation from CFRefCount to ExprEngine. This is a common path for function and C++ method calls, Objective-C messages and property accesses, and C++ construct-exprs. As support, add message receiver accessors to ObjCMessage and CallOrObjCMessage. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138718 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
|
537716ad8dd10f984b6cfe6985afade1185c5e3c |
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation. Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well. Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
athSensitive/ProgramState.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
07453ac7b3d46f930733b44a593737bdd98706b6 |
27-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Rename current PathDiagnosticClient::HandlePathDiagnostic() to HandlePathDiagnosticImpl(), and slot in new HandlePathDiagnostic() for potentially handling concurrent access to PathDiagnosticClients (in the future). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138713 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/PathDiagnostic.h
|
782f63ecd124f9384f988dc7e0cf4ae1540c15f6 |
26-Aug-2011 |
Jeffrey Yasskin <jyasskin@google.com> |
Handle CXXTempObjectRegion in StackAddrEscapeChecker. Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now that it doesn't crash, and extract the stack-block test into another file since it errors, and that prevents the analyzer from running. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138613 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
321d70fbde6a0d584a05845f605744889193e70b |
26-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Increase the number of possible checks for a checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138609 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
|
14924267950e75c6c1f6fcea39fa507b7168bc39 |
24-Aug-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow checker writes to specify that no region should be accosiated with the report. (Useful when we report an error on endOfPath or deadSymbols, when the range of the last expression might have nothing to do with the error.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138474 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
294396b9f2a2f4ffee6b7ed5e61211fde50b6554 |
23-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Migrate the handling of retain-count-related RetEffects and ArgEffects from CFRefCount to RetainReleaseChecker. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138309 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
7f2531cb41448852ec78de90fc1d3c0149c95d7d |
22-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Allow checkers to add ExtraDescriptiveText, now renamed into ExtraText, to the diagnostic without subclassing BugReport. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138272 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
500abad7edfcc2409b18dd616cdbc28a094926f5 |
21-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138220 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
f8b5aae41e46f94fe90ed5f1ee98f36f0aa59dc9 |
20-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Handle reads of ObjCPropertyRefExprs implicitly in Environment. No need to bind an explicit value and create a new node. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138196 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
23f395ee1bf4e4aa76b310d896a951799eaca94a |
20-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Move the responsibility for generating the endOfPath diagnostic piece from BugReport to BugReporterVisitor. Switch CFRefCount to use visitors in order to generate the endOfPath piece. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138184 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
|
dc757b049796949e4b11646445a6598f0bdabd7a |
20-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Switch CFRefCount to using the new visitor API. BugReport no longer needs to inherit from BugReporterVisitor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138142 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
|
50bbc165b063155cc23c360deb7b865502e068e2 |
20-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*). 1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well. 2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor. 3) Modify all the checkers to use the new API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138126 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugReporterVisitor.h
|
3b030a28cda2b953758507769c1d436bec5ec45e |
19-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Fix a memory leak in the analyzer - BugReports didn't get freed. Plus, remove invalid assert from the destructor which wasn't called previously due to the leak. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138027 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
8e6431adab313e283a992698f6fc7afe62420999 |
19-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Move custom diagnostic visitors from BugReporterContext to BugReport. One API change: I added BugReporter as an additional parameter to the BugReporterVisitor::VisitNode() method to allow visitors register other visitors with the report on the fly (while processing a node). This functionality is used by NilReceiverVisitor, which registers TrackNullOrUndefValue when the receiver is null. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138001 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
f19eef86422b82e3415c56077f85085e0074e893 |
18-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Fix a regression form r137894. Make sure the custom BugReporterVisitors get registred as they were in EnhancedBugReport. Would be good to add a test for this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137917 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
e7c4c4ccc6a51c82332382267b84e9d72f229b5e |
18-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Add more comments for BugReport. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137901 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
b7530a4ca9a7ef62350682bbb374a06de6fdaa9f |
18-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Remove DiagBugReport by pulling it into its parent BugReport. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137899 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
e172e8b9e7fc67d7d03589af7e92fe777afcf33a |
18-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137894 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
38ca02ed9495a3c708fafc7d8b7d87a8cfcfe8f3 |
17-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Add a bit more comments to the BugReporter and friends. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137859 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
8e240498dfd4355849bcec943e97799f7f75d93d |
17-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Add some documentation for the new analyzer plugin infrastructure. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137805 91177308-0d34-0410-b5e6-96231b3b80d8
heckerOptInfo.h
heckerRegistry.h
|
77a33a71701b59affb5337d9e2b57d69bc095c7d |
17-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Add basic support for pluggable checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137802 91177308-0d34-0410-b5e6-96231b3b80d8
heckerOptInfo.h
heckerRegistry.h
|
08b86531ade68727c56918f162816075b87c864a |
16-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Overhaul of checker registration in preparation for basic plugin support. Removes support for checker groups (we can add them back in later if we decide they are still useful), and -analyzer-checker-help output is a little worse for the time being (no packages). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137758 91177308-0d34-0410-b5e6-96231b3b80d8
heckerOptInfo.h
heckerProvider.h
heckerRegistry.h
|
6c7511db998817e64f2e124013e7d7c9a430c580 |
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add ExprEngine::getEagerlyAssumedTags() to allow externally querying of "eagerly assumed" expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137704 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
ae160f880d183ab938fd7ce3b891694ae2f569c0 |
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Add missing header files. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137676 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ProgramState.h
athSensitive/ProgramStateTrait.h
|
18c66fdc3c4008d335885695fe36fb5353c5f672 |
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
hecker.h
heckerManager.h
athSensitive/BasicValueFactory.h
athSensitive/CheckerContext.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/ExprEngineBuilders.h
athSensitive/GRState.h
athSensitive/GRStateTrait.h
athSensitive/ObjCMessage.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SubEngine.h
athSensitive/SymbolManager.h
athSensitive/TransferFuncs.h
|
9c378f705405d37f49795d5e915989de774fe11f |
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/PathDiagnostic.h
heckerManager.h
athSensitive/BasicValueFactory.h
athSensitive/BlockCounter.h
athSensitive/CheckerContext.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/ExprEngineBuilders.h
athSensitive/GRState.h
athSensitive/GRStateTrait.h
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/StoreRef.h
athSensitive/SubEngine.h
athSensitive/SymbolManager.h
athSensitive/TransferFuncs.h
athSensitive/WorkList.h
|
ca804539d908d3a0e8c72a0df5f1f571d29490bb |
13-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*. Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior. For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
096aef9597b263b4cd6a0feaacf9e7214fa9c75a |
12-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in time. One is cleanup, the other is me being OCD about enum group nesting. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137517 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/MemRegion.h
|
9697934650354bed2e509d8e7e44f21a1fb00f76 |
12-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/MemRegion.h
athSensitive/SValBuilder.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
cb9657cfba92d5a3009e1b37109e03258c20d327 |
12-Aug-2011 |
Bill Wendling <isanbard@gmail.com> |
Remove extra semicolons. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137409 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
579ad7ac56f7940cc543b7216ee1b1a7de1ed712 |
12-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Optimizations for Dependent Symbol tracking (as per Ted's code review for r137309): 1) Change SymbolDependTy map to keep pointers as data. And other small tweaks like making the DenseMap smaller 64->16 elements; remove removeSymbolDependencies() as it will probably not be used. 2) Do not mark dependents live more then once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137401 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
89f920940de4b414616cabb310c37fa84ed2476a |
11-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Analyzer Core: Adding support for user-defined symbol dependencies. (For example, the allocated resource symbol only needs to be freed if no error has been returned by the allocator, so a checker might want to make the lifespan of the error code symbol depend on the allocated resource symbol.) Note, by default, the map that holds the dependencies will get destroyed along with the SymbolManager at the end of function exploration. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137309 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
75eeeb173cd3f6425247d3686c19e49117834fc3 |
11-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Make SymbolManager comments doxygen friendly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137290 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
0e89061a399bae32f0eca5b85658ad66a58c504d |
11-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Cleanup: remove CleanedSate member and GetState() wrapper from StmtNodeBuilder, not needed as of r137273. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137284 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/CoreEngine.h
|
db5e8cd095d1ffdd18f5620ad2348b5f386bebe3 |
11-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Cleanup: remove GetState() wrapper from ExprEngine, not needed as of r137273. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137279 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
6bd528b9d703fdea51053719d9c53504a61a6bd7 |
11-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Analyzer Core: In checkDeadSymbols checker callback, provide the state in which the symbols are not yet deleted so that checkers could inspect them. Since we are now always creating a transition in ProcessStmt(), remove the logic for adding a transition when none was generated. TODO: the extra transitions will have to be removed; more cleanups; a checker that tests teh new fucntionality. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137273 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
993124ecdd44ec1430a3b7f01b22f65bbaadb586 |
06-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Start sketching out a new BugReporterVisitor that inspects branches and other expressions to generate interesting path events in diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137012 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
bea2753da897ede723e70bcd17023d050b0603d0 |
06-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when determining if symbols derived from regions are still live. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137005 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
3f10e32b15e54f507aed90cb72d73c7acaa500bb |
06-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer: Add a convinience API. Add comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137000 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
athSensitive/SymbolManager.h
|
70a34da7a767bda69958d8f659de9f87b03de747 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove recursive visitation in ExprEngine::VisitObjCForCollectionStmt because it isn't needed anymore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136519 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
4410a935e8d8ee3c903b858bbf74ca24fce629b5 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove explicit argument processing from ExprEngine::VisitObjCMessage() since it is no longer needed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136518 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
882998923889a2fcce9b49696506c499e22cf38f |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs. The motivation of this large change is to drastically simplify the logic in ExprEngine going forward. Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings will be called frequently; this can also be improved over time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SymbolManager.h
|
fde18c53548769748b7a2fc59f5281fdec848686 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add accessor to StoreRef. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136417 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/StoreRef.h
|
fa7a95c62aa573a30d87c215b320b0086ed08bdc |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136416 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Store.h
|
eea72a925f294225391ecec876a342771c09b635 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to the proper expression. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136412 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
d47d3b0cfeb7e8564ff77f48130fe63282b6d127 |
23-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
clean up forward declarations of raw_ostream to use the new LLVM.h patch by Jon Mulder! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135851 91177308-0d34-0410-b5e6-96231b3b80d8
heckerProvider.h
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/SymbolManager.h
|
4fed22cdd8bb7d98127853ebb3f42be66bf2ce59 |
21-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Move AnalysisManager constructor out of line. No functionality change (yet). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135667 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
bc5cb8a5fe2b88f917d47ceb58b53696a121e57e |
21-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135666 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/AnalysisManager.h
|
8cc488fefb2fb04bc8d5398da29f0182f97934cf |
20-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
add raw_ostream and Twine to LLVM.h, eliminating a ton of llvm:: qualifications. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135577 91177308-0d34-0410-b5e6-96231b3b80d8
heckerProvider.h
athSensitive/ConstraintManager.h
athSensitive/GRState.h
athSensitive/MemRegion.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SymbolManager.h
|
686775deca8b8685eb90801495880e3abdd844c2 |
20-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
now that we have a centralized place to do so, add some using declarations for some common llvm types: stringref and smallvector. This cleans up the codebase quite a bit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135576 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugType.h
ugReporter/PathDiagnostic.h
heckerManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/SVals.h
athSensitive/Store.h
|
165622faa4a472ff94352dee534e2adeaac9c824 |
15-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Add 'Contains()' method to GRStateTrait for ImmutableList. Patch by Rui Paulo. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135241 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
e5cfd52a3a5d4bb46f77323fa8fa0b973fcde7bc |
26-May-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132100 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
athSensitive/ObjCMessage.h
|
5e9ebb3c0fb554d9285aa99c470abdf283272bd9 |
21-May-2011 |
Douglas Gregor <dgregor@apple.com> |
A few more is(Un)signedIntegerType/is(Un)signedOrEnumerationType cleanups. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131793 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SValBuilder.h
|
9be6e7ce5788e50c62d40c59b0bbc2ea423683f7 |
05-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Add Checker callback for running a checker at the end of processing an entire TranslationUnit. Patch by Lei Zhang. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130913 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
|
35bdbf40624beba3fc00cb72ab444659939c1a6b |
02-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerManager.h
athSensitive/ExprEngine.h
athSensitive/GRState.h
athSensitive/Store.h
athSensitive/SubEngine.h
|
6b4f567109d76ce1f1de289554e35f2a7bbeff6b |
27-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130292 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Environment.h
athSensitive/GRState.h
|
b5ef3ca808b16aa2ba010251773e820f57190d1a |
24-Apr-2011 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Fix PathDiagnosticClients.h header guard. (Case error) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130099 91177308-0d34-0410-b5e6-96231b3b80d8
athDiagnosticClients.h
|
c69a505cfa318d571ce8a0cd038c8d958585a735 |
23-Apr-2011 |
Jay Foad <jay.foad@gmail.com> |
Remove unused STL header includes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130068 91177308-0d34-0410-b5e6-96231b3b80d8
heckerProvider.h
|
fc8f0e14ad142ed811e90fbd9a30e419e301c717 |
15-Apr-2011 |
Chris Lattner <sabre@nondot.org> |
fix a bunch of comment typos found by codespell. Patch by Luis Felipe Strano Moraes! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
athSensitive/CoreEngine.h
athSensitive/MemRegion.h
|
235c02f79e0ece9463490aa87eaaa02bad300dac |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach GRState::getSValAsScalarOrLoc() about C++ references. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129329 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
9fec9b1fbd32e71ce8acb701165fd6649b3d8285 |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129308 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
d40066b0fb883839a9100e5455e33190b9b8abac |
05-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes: 1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt. 2) Update ExprEngine (the static analyzer) to understand (1), so not to regress. 3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method. 4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases. The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer contained control-flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128858 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
8083414ee7cc8f5c807ed6a4e120fb4e0ab50ff8 |
03-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge. Patch by Lei Zhang! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128784 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
4d840e9ac4d8e9baa9459ca3dd7ab14ae884a80f |
02-Apr-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Simplify CheckerFn template and use it more to reduce duplication. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128779 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
2bfa3019b8fb35931ca4927feaf25d39161b423e |
02-Apr-2011 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Remove a redundant method. We have a const version. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
422ab7a49a9a4252dbc6350e49d7a5708337b9c7 |
02-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128761 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/ExprEngine.h
|
66750fa464ace9f8c41666c8585ec71a248c1cca |
02-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128760 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
b277159055933e610bbc80262b600d3ad7e0595c |
30-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Begin reworking static analyzer support for C++ method calls. The current logic was divorced from how we process ordinary function calls, had a tremendous about of redundancy, and relied strictly on inlining behavior (which was incomplete) to provide semantics instead of falling back to the conservative analysis we use for C functions. This is a significant step into making C++ analyzer support more useful. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128557 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
9fc90c1bf7498dc53862156205ab95868b8b849f |
14-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Incorporate source ranges for RangeBugReport when coelescing reports into equivalence classes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127604 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
|
f4e3cfbe8abd124be6341ef5d714819b4fbd9082 |
11-Mar-2011 |
Peter Collingbourne <peter@pcc.me.uk> |
Add support for the OpenCL vec_step operator, by generalising and extending the existing support for sizeof and alignof. Original patch by Guy Benyei. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127475 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
cf333339615da345c2ed6e873d94a501810d9f3f |
09-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127288 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/SValBuilder.h
athSensitive/Store.h
athSensitive/StoreRef.h
|
85f3d76c0ecfdefcf83ea44a57b7a16119c8a045 |
02-Mar-2011 |
John McCall <rjmccall@apple.com> |
Move some of the logic about classifying Objective-C methods into conventional categories into Basic and AST. Update the self-init checker to use this logic; CFRefCountChecker is complicated enough that I didn't want to touch it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126817 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ObjCMessage.h
|
3c0349e87cdbd7316d06d2411d86ee1086e717a5 |
01-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements. - Also, consoldiate getDtorKind() and getKind() into one "kind". - Add empty getDestructorDecl() method to CFGImplicitDtor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126738 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
25a792b0361d80337c75a14320f5be1b210066dc |
01-Mar-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126734 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c |
01-Mar-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Rename CheckerV2 -> Checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8
hecker.h
heckerV2.h
athSensitive/ExprEngine.h
athSensitive/GRState.h
|
d26a475068535834bbebd87f429ec773d6227e41 |
01-Mar-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove Checker V1. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126725 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
|
eb48bd1dd4168ab206a330bf523659170291a6a0 |
01-Mar-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove checker V1 registration and running from ExprEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126724 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExprEngine.h
|
9f8862aa64300ef97b8fe85034ee93bbc03e3b7b |
01-Mar-2011 |
Zhanyong Wan <wan@google.com> |
Improves the coding style in SValBuilder. This patch: - renames evalCastNL and evalCastL to evalCastFromNonLoc and evalCastFromLoc (avoid abbreviations that aren't well known). - makes all function parameter names start with a lower case letter for consistency and distinction from member variables. - avoids abbreviations in function parameter names. Reviewed by kremenek@apple.com. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126722 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
d655ab28fdf7c940d3f79f8f287954d7f76e0977 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126674 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
b3d74da3e1620c9a7a378afb5f244e4987e6713e |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2. They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that DereferenceChecker can dispatch. ImplicitNullDerefEvent is when we dereferenced a location that may be null. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126659 91177308-0d34-0410-b5e6-96231b3b80d8
heckerV2.h
|
deb6447d0029bdb122397fafb5fa2a4e76f2e555 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Introduce "event" mechanism in CheckerManager. A checker can register as receiver/listener of "events" (basically it registers a callback with a function getting called with an argument of the event type) and other checkers can register as "dispatchers" and can pass an event object to all the listeners. This allows cooperation amongst checkers but with very loose coupling. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126658 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
d3bf3c0287a057eafe4b5d5588ebbb29f40ab6e1 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Introduce SVal::getAsVarDecl(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126627 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SVals.h
|
cc05d511b26ac6dc80fcbcc78ac305d2755aa0b9 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UndefBranchChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126616 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
312dbec867f6b8d6b86fd562c53352cd4db27468 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate MallocChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126606 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
3fe71f445f76003649b5da24209e80225a7ee74f |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Have CheckerManager::registerChecker return a pointer to the checker object and only allow a checker to be registered once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126605 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
116f3640daee424dfcdbe55e80be5a67476be4b0 |
25-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Intoduce '-analyzer-checker-help' flag which outputs a list of all available static analyzer checkers. This is pretty basic for now, eventually checkers should be grouped according to package, hidden checkers should be indicated etc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126454 91177308-0d34-0410-b5e6-96231b3b80d8
heckerProvider.h
|
8be5b3aced37e1c7728741c60d47011f11649a58 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ArrayBoundChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126371 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerContext.h
|
9c0d6891b3ec4b0d20b8a295946c0dc5426d147c |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Don't pass a GRState to CheckerManager::runCheckersForLocation, terrible mistake. If the state is new, make sure an ExplodedNode is associated with it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126370 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
64be13795a9b5b25de6b151551a2f5ef2bab353c |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove unused functions from CheckerManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126352 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
183ff98f425d470c2a0276880aaf43496c9dad14 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate CStringChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126350 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
af5800a1e287990bb547e052f257adeeae5ab476 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate StackAddrLeakChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126333 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
f178ac8b68b29e44867777232ba8fee59edc4037 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Refactor EndOfFunctionNodeBuilder. -Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a checker tag and not require the checkers to pass a tag. -For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since there are actual calls that assume the second parameter is ExplodedNode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126332 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
|
cd50e136ad7dc721822f5e6350769a37c216612d |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] const goodness. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126326 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
e1bfb7ae0dd0762c88e1fd94746e973c37f2e04e |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ChrootChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126324 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
30726c6baee1417307236e854f1474fdb3cedb98 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UnreachableCodeChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126308 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
2e471a3e476396be1ddca4ab8b9df721bcfc9437 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Add LangOptions in CheckerManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126306 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
fc26107870e0e450d863541179234bf9063a4da7 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Silence a MSVC warning. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126273 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
404fc3ad6bd844bf8ce70cbf9974ab297704a122 |
23-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Refactor BugTypes and their ownership model. -In general, don't have the BugReporter deleting BugTypes, BugTypes will eventually become owned by checkers and outlive the BugReporter. In the meantime, there will be some leaks since some checkers assume that the BugTypes they create will be destroyed by the BugReporter. -Have BugReporter::EmitBasicReport create BugTypes that are reused if the same name & category strings are passed to EmitBasicReport. These BugTypes are owned and destroyed by the BugReporter. This allows bugs reported through EmitBasicReport to be coalesced. -Remove the llvm::FoldingSet<BugReportEquivClass> from BugType and move it into the BugReporter. For uniquing BugReportEquivClass also use the BugType* so that we can iterate over all of them using only one set. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126272 91177308-0d34-0410-b5e6-96231b3b80d8
ugReporter/BugReporter.h
ugReporter/BugType.h
|
769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5 |
22-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Start moving the path-sensitive checkers to CheckerV2. -Migrate ObjCSelfInitChecker to CheckerV2. In the process remove the 'preCallSelfFlags' field from the checker class and use GRState for storing that info. -Get ExprEngine to start delegating checker running to CheckerManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126229 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
athSensitive/ExprEngine.h
|
6bcb48dc67e417e0ecce803f28d13bbea2ee0243 |
22-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Separate CheckerContext into its own include file. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126228 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/Checker.h
athSensitive/CheckerContext.h
|
9fc8fdd79c5ecf30833ccc0dd5e14be7aa884470 |
22-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix GRStatePartialTrait<bool> and introduce GRStatePartialTrait<unsigned>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126227 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
09fe4a55248bd28a950ec4ba19900e5892be42f6 |
19-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Change 'StoreRef' back to 'Store' in GRState, shrinking the size of GRState back by one pointer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126020 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
370e6e984cc32167228b66eaf9610c010da0d794 |
19-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when analyzing C++ code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126013 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/SValBuilder.h
|
77a4d5687c2cb3199c689892c9d040a94ff270af |
19-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add 'StoreRef' smart pointer to allow more fine-grain memory lifetime control of Store objects. This yields a minor memory reduction (for larger functions) on Sqlite at the cost of slightly higher memory usage on some functions because of the increased size of GRState (which can be optimized). I expect the real memory savings from this enhancement will come when we aggressively canabilize more of the ExplodedGraph. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126012 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
f4699d14b03d805ad9ccaa6288836ac2a8612925 |
18-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix a crash when analyzing C++ code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125958 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
|
380ebecb32993bf0426e25519eb78d7816b74b12 |
18-Feb-2011 |
Francois Pichet <pichet2000@gmail.com> |
Unbreak the MSVC build std::make_pair is unreliable under MSVC 2010. Ref: http://stackoverflow.com/questions/2691680/why-does-visual-studio-2010-throw-this-error-with-boost-1-42-0 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125811 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
9fb9474c5b267400d4abfbff63c8b39f378235d4 |
17-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] -Introduce CheckerV2, a set of templates for convenient declaration & registration of checkers. Currently useful just for checkers working on the AST not the path-sensitive ones. -Enhance CheckerManager to actually collect the checkers and turn it into the entry point for running the checkers. -Use the new mechanism for the LLVMConventionsChecker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125778 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerV2.h
|
695fb502825a53ccd178ec1c85c77929d88acb71 |
17-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Pass CheckerManager to the registration functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125777 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
|
ad8dcf4a9df0e24051dc31bf9e6f3cd138a34298 |
17-Feb-2011 |
Chris Lattner <sabre@nondot.org> |
Step #1/N of implementing support for __label__: split labels into LabelDecl and LabelStmt. There is a 1-1 correspondence between the two, but this simplifies a bunch of code by itself. This is because labels are the only place where we previously had references to random other statements, causing grief for AST serialization and other stuff. This does cause one regression (attr(unused) doesn't silence unused label warnings) which I'll address next. This does fix some minor bugs: 1. "The only valid attribute " diagnostic was capitalized. 2. Various diagnostics printed as ''labelname'' instead of 'labelname' 3. This reduces duplication of label checking between functions and blocks. Review appreciated, particularly for the cindex and template bits. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125733 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CoreEngine.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
|
7dfc9420babe83e236a47e752f8723bd06070d9d |
16-Feb-2011 |
Zhanyong Wan <wan@google.com> |
Makes most methods in SVals.h conform to the naming guide. Reviewed by kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/BasicValueFactory.h
athSensitive/GRState.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
|
43dee220252ef0b42c5f8a3bb1eca97f84f2565f |
14-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Overhauling of the checker registration mechanism. -Checkers will be defined in the tablegen file 'Checkers.td'. -Apart from checkers, we can define checker "packages" that will contain a collection of checkers. -Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g: Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker: -analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit -Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and register them with the CheckerManager which will be the entry point for all checker-related functionality. Currently only the self-initialization checker takes advantage of the new mechanism. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125503 91177308-0d34-0410-b5e6-96231b3b80d8
heckerManager.h
heckerProvider.h
rontendActions.h
athSensitive/AnalysisManager.h
|
5f83d6f36a7308eef21d87104fd70c421e854448 |
14-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove ManagerRegistry which is not used. In the future we may load analyzer plugins dynamically but registration through static constructors should be avoided. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125502 91177308-0d34-0410-b5e6-96231b3b80d8
anagerRegistry.h
|
e6348c336fecc8da9288ea367375a1b1cd2358d2 |
14-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Move include/clang/StaticAnalyzer/AnalysisConsumer.h -> lib/StaticAnalyzer/Frontend/AnalysisConsumer.h since FrontendActions.cpp is the only user. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125501 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.h
|
7502c1d3ce8bb97bcc4f7bebef507040bd93b26f |
13-Feb-2011 |
John McCall <rjmccall@apple.com> |
Give some convenient idiomatic accessors to Stmt::child_range and Stmt::const_child_range, then make a bunch of places use them instead of the individual iterator accessors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125450 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/CheckerHelpers.h
|
b715a7cef11664c1c47cfc3dcc503aadc58b6cac |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125427 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRStateTrait.h
|
2534528c22260211a073e192c38d0db84c70c327 |
11-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename 'InvalidateRegions()' to 'invalidateRegions()'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
athSensitive/Store.h
|
a9d5c30635729f076d77b4eb8d2f413b04301a89 |
11-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Allow the 'Eng' entry in GRStateManager to be a (possibly null) pointer instead of a reference. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125362 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/GRState.h
|
e40b69de464bc695afcaf7ef9602ad727d77b981 |
10-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Make GRStates reference counted, with reference counts managed by ExplodedNodes. This reduces memory usage of the analyzer on sqlite by another 5%. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125260 91177308-0d34-0410-b5e6-96231b3b80d8
athSensitive/ExplodedGraph.h
athSensitive/GRState.h
|
9b663716449b618ba0390b1dbebc54fa8e971124 |
10-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.h
ugReporter/BugReporter.h
ugReporter/BugType.h
ugReporter/PathDiagnostic.h
rontendActions.h
anagerRegistry.h
athDiagnosticClients.h
athSensitive/AnalysisManager.h
athSensitive/BasicValueFactory.h
athSensitive/BlockCounter.h
athSensitive/Checker.h
athSensitive/CheckerHelpers.h
athSensitive/CheckerVisitor.def
athSensitive/CheckerVisitor.h
athSensitive/ConstraintManager.h
athSensitive/CoreEngine.h
athSensitive/Environment.h
athSensitive/ExplodedGraph.h
athSensitive/ExprEngine.h
athSensitive/ExprEngineBuilders.h
athSensitive/GRState.h
athSensitive/GRStateTrait.h
athSensitive/MemRegion.h
athSensitive/ObjCMessage.h
athSensitive/SValBuilder.h
athSensitive/SVals.h
athSensitive/Store.h
athSensitive/SubEngine.h
athSensitive/SummaryManager.h
athSensitive/SymbolManager.h
athSensitive/TransferFuncs.h
athSensitive/WorkList.h
|