Cross Reference: /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89	29-May-2014	Stephen Hines <srhines@google.com>	Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
651f13cea278ec967336033dd032faef0e9fc2ec	24-Apr-2014	Stephen Hines <srhines@google.com>	Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8	25-Sep-2013	Anton Yartsev <anton.yartsev@gmail.com>	[analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
d207f55cd58054aab77edca35b3e7f645738dfe2	19-Aug-2013	Pavel Labath <labath@google.com>	[analyzer] Fix inefficiency in dead symbol removal Summary: ScanReachableSymbols uses a "visited" set to avoid scanning the same object twice. However, it did not use the optimization for LazyCompoundVal objects, which resulted in exponential complexity for long chains of temporary objects. Adding this resulted in a decrease of analysis time from >3h to 3 seconds for some files. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1398 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188677 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
00ffb8079b14cade816d8f668675e853e613dee0	06-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove now-unused bindCompoundLiteral helper function. The one user has been changed to use getLValue on the compound literal expression and then use the normal bindLoc to assign a value. No need to special case this in the StoreManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1	20-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic Introduce a new helper function, which computes the first symbolic region in the base region chain. The corresponding symbol has been used for assuming that a pointer is null. Now, it will also be used for checking if it is null. This ensures that we are tracking a null pointer correctly in the BugReporter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382	09-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
c1bef5671e682de5a573c7c6b66871b36de0ec61	03-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Properly handle the ternary operator in trackNullOrUndefValue 1) Look for the node where the condition expression is live when checking if it is constrained to true or false. 2) Fix a bug in ProgramState::isNull, which was masking the problem. When the expression is not a symbol (,which is the case when it is Unknown) return unconstrained value, instead of value constrained to “false”! (Thankfully other callers of isNull have not been effected by the bug.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178684 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
77e278880380fe9dc95a1491fe9216967d2e6d63	03-Apr-2013	Aaron Ballman <aaron@aaronballman.com>	Silencing warnings in MSVC due to duplicate identifiers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178591 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
658a28479dd775f6ff2c07fa5699a7ea01e04127	02-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
41988f331a74a72cf243a2a68ffb56418e9a174e	29-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works for const pointers passed as a top level parameter into a function. We need to differentiate the const pointers escape from regular escape since the content pointed by const pointer will not change; if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers. This should suppress several false positives reported by the NewDelete checker on llvm codebase. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66	20-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Invalidate regions indirectly accessible through const pointers. In this case, the value of 'x' may be changed after the call to indirectAccess: struct Wrapper { int *ptr; }; void indirectAccess(const Wrapper &w); void test() { int x = 42; Wrapper w = { x }; clang_analyzer_eval(x == 42); // TRUE indirectAccess(w); clang_analyzer_eval(x == 42); // UNKNOWN } This is important for modelling return-by-value objects in C++, to show that the contents of the struct are escaping in the return copy-constructor. <rdar://problem/13239826> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
cc5dbdae70c6eb2423921f52a35ba4686d2969cf	02-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Simple inline defensive checks suppression Inlining brought a few "null pointer use" false positives, which occur because the callee defensively checks if a pointer is NULL, whereas the caller knows that the pointer cannot be NULL in the context of the given call. This is a first attempt to silence these warnings by tracking the symbolic value along the execution path in the BugReporter. The new visitor finds the node in which the symbol was first constrained to NULL. If the node belongs to a function on the active stack, the warning is reported, otherwise, it is suppressed. There are several areas for follow up work, for example: - How do we differentiate the cases where the first check is followed by another one, which does happen on the active stack? Also, this only silences a fraction of null pointer use warnings. For example, it does not do anything for the cases where NULL was assigned inside a callee. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
ef9e6d66574393310da7e7508a5a363eb9f6c4d1	15-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Scan the correct store when finding symbols in a LazyCompoundVal. Previously, we were scanning the current store. Now, we properly scan the store that the LazyCompoundVal came from, which may have very different live symbols. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175232 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
1655bcd052a67a3050fc55df8ecce57342352e68	21-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's nitpicks as per code review of r170625. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
bf53dfac8195835028bd6347433f7dbebcc29fc1	20-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add the pointer escaped callback. Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape. Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
7affe151f5689b2d3547b8947c4099532c78a021	06-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove bindExprAndLocation, which does extra work for no gain. This feature was probably intended to improve diagnostics, but was currently only used when dumping the Environment. It shows what location a given value was loaded from, e.g. when evaluating an LValueToRValue cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169522 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
40d8551890bc8454c4e0a28c9072c9c1d1dd588a	05-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.h As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167385 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
166d502d5367ceacd1313a33cac43b1048b8524d	02-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list). Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
ca5d78d0bc3010164f2f9682967d64d7e305a167	01-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make ProgramStateManager's SubEngine parameter optional. It is possible and valid to have a state manager and associated objects without having a SubEngine or checkers. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164947 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
732cdf383f9030ff2b9fb28dfbdae2285ded80c6	26-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove unnecessary ASTContext& parameter from SymExpr::getType(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
0073a5c7ce38e98365c00921316030627b3d129f	25-Sep-2012	Jordan Rose <jordan_rose@apple.com>	Reapply "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings." Previously, we'd just keep constraints around forever, which means we'd never be able to merge paths that differed only in constraints on dead symbols. Because we now allow constraints on symbolic expressions, not just single symbols, this requires changing SymExpr::symbol_iterator to include intermediate symbol nodes in its traversal, not just the SymbolData leaf nodes. This depends on the previous commit to be correct. Originally applied in r163444, reverted in r164275, now being re-applied. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164622 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
8e289bb59c5c1c29900604b86238c3088f506782	20-Sep-2012	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings." While we definitely want this optimization in the future, we're not currently handling constraints on symbolic /expressions/ correctly. These should stay live even if the SymExpr itself is no longer referenced because could recreate an identical SymExpr later. Only once the SymExpr can no longer be recreated -- i.e. a component symbol is dead -- can we safely remove the constraints on it. This liveness issue is tracked by <rdar://problem/12333297>. This reverts r163444 / 24c7f98828e039005cff3bd847e7ab404a6a09f8. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164275 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
ce15cce38c34ae73348457da73c52df81cde3588	09-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove dead method ProgramState::MarshalState(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163479 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
24c7f98828e039005cff3bd847e7ab404a6a09f8	08-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove constraints on dead symbols as part of removeDeadBindings. Previously, we'd just keep constraints around forever, which means we'd never be able to merge paths that differed only in constraints on dead symbols. Because we now allow constraints on symbolic expressions, not just single symbols, this requires changing SymExpr::symbol_iterator to include intermediate symbol nodes in its traversal, not just the SymbolData leaf nodes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163444 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove ProgramState::getSymVal(). It was being misused by Checkers, with at least one subtle bug in MacOSXKeyChainAPIChecker where the calling the method was a substitute for assuming a symbolic value was null (which is not the case). We still keep ConstraintManager::getSymVal(), but we use that as an optimization in SValBuilder and ProgramState::getSVal() to constant-fold SVals. This is only if the ConstraintManager can provide us with that information, which is no longer a requirement. As part of this, introduce a default implementation of ConstraintManager::getSymVal() which returns null. For Checkers, introduce ConstraintManager::isNull(), which queries the state to see if the symbolic value is constrained to be a null value. It does this without assuming it has been implicitly constant folded. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
56a46b51df691f857f7120aaf2d4deeff0b014de	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to 'killBinding()'. The name is more specific, and one just forwarded to the other. Add some doxygen comments along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
32a549a64922af0903bdb777613ae7ae4490b70f	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and all forwarding methods. This functionality is already covered by bindLoc(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
5be88dc79d2768d67371103b6535fb8c4a6f27a1	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and add doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
0ad36baedc516005cb6ea97d96327517ebfe5138	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Correctly devirtualize virtual method calls in destructors. C++11 [class.cdtor]p4: When a virtual function is called directly or indirectly from a constructor or from a destructor, including during the construction or destruction of the class’s non-static data members, and the object to which the call applies is the object under construction or destruction, the function called is the final overrider in the constructor's or destructor's class and not one overriding it in a more-derived class. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
f41c0dd023b2990eee0296390a88641d157777f7	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look up DynamicTypeInfo by region instead of symbol. This allows us to store type info for non-symbolic regions. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161811 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
d4fe57f7f7a8793227effc1274d70ec44cee9a4f	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rename the function to better reflect what it actually does. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161617 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
0d53ab4024488d0c6cd283992be3fd4b67099bd3	08-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Track malloc'd regions stored in structs. The main blocker on this (besides the previous commit) was that ScanReachableSymbols was not looking through LazyCompoundVals. Once that was fixed, it's easy enough to clear out malloc data on return, just like we do when we bind to a global region. <rdar://problem/10872635> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161511 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
e0d24eb1060a213ec9820dc02c45f26b2d5b348b	08-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets. RegionStore currently uses a (Region, Offset) pair to describe the locations of memory bindings. However, this representation breaks down when we have regions like 'array[index]', where 'index' is unknown. We used to store this as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC). Furthermore, ProgramState::scanReachableSymbols depended on the existence of a sub-region map, but RegionStore's implementation doesn't provide for such a thing. Moving the store-traversing logic of scanReachableSymbols into the StoreManager allows us to eliminate the notion of SubRegionMap altogether. This fixes some particularly awkward broken test cases, now in array-struct-region.c. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
c7ecc43c33a21b82c49664910b19fcc1f555aa51	07-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a checker to manage dynamic type propagation. Instead of sprinkling dynamic type info propagation throughout ExprEngine, the added checker would add the more precise type information on known APIs (Ex: ObjC alloc, new) and propagate the type info in other cases (ex: ObjC init method, casts (the second is not implemented yet)). Add handling of ObjC alloc, new and init to the checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
c1290e006045a72120329ad23aa43c66fbe300be	03-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fixup: remove the extra whitespace git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161265 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
148fee988e32efcad45ecf7b3bf714880c657dda	03-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] ObjC Inlining: Start tracking dynamic type info in the GDM In the following code, find the type of the symbolic receiver by following it and updating the dynamic type info in the state when we cast the symbol from id to MyClass . MyClass a = [[self alloc] init]; return 5/[a testSelf]; git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161264 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
2d18419a7c8f9a2975d4ed74a202de6467308ad1	30-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Very simple ObjC instance method inlining - Retrieves the type of the object/receiver from the state. - Binds self during stack setup. - Only explores the path on which the method is inlined (no bifurcation to explore the path on which the method is not inlined). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
972a3680bdd95f2e9d6316b391f1c47513dc78cc	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Introduce a CallEventManager to keep a pool of CallEvents. This allows us to get around the C++ "virtual constructor" problem when we'd like to create a CallEvent from an ExplodedNode, an inlined StackFrameContext, or another CallEvent. The solution has three parts: - CallEventManager uses a BumpPtrAllocator to allocate CallEvent-sized memory blocks. It also keeps a cache of freed CallEvents for reuse. - CallEvents all have protected copy constructors, along with cloneTo() methods that use placement new to copy into CallEventManager-managed memory, vtables intact. - CallEvents owned by CallEventManager are now wrapped in an IntrusiveRefCntPtr. Going forwards, it's probably a good idea to create ALL CallEvents through the CallEventManager, so that we don't accidentally try to reclaim a stack-allocated CallEvent. All of this machinery is currently unused but will be put into use shortly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160983 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
740d490593e0de8732a697c9f77b90ddd463863b	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
7fa9b4f258636d89342eda28f21a986c8ac353b1	01-Jun-2012	Ted Kremenek <kremenek@apple.com>	static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
7f9b1d963d4b7e2faff7305733e3453130b402fe	21-Feb-2012	Ted Kremenek <kremenek@apple.com>	Have ScanReachableSymbols reported reachable regions. Fixes a false positive with nested array literals. <rdar://problem/10686586> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151012 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
3133f79cf451e6302dd05262b4bb53a3e4fd6300	18-Feb-2012	Ted Kremenek <kremenek@apple.com>	Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
66c40400e7d6272b0cd675ada18dd62c1f0362c7	14-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Make Malloc Checker optimistic in presence of inlining. (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
a5888f61be9f8d76e9b48a453dbced50523bd2e0	31-Jan-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Reapply r149311 which I reverted by mistake. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. # Please enter the commit message for your changes. Lines starting git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149339 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
b9b0f6fb6e113b5e6be3ed9754c4bf01186a17bf	31-Jan-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Revert r149311 which failed to compile. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149336 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
72e93068c9f2a2f05f5932cdd917c0d2961f11d9	31-Jan-2012	Ted Kremenek <kremenek@apple.com>	Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149311 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
af5f550de34525b27f0ff31dafce792caf8158b6	30-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
be97b7edb112520d764c24e8b9a159cdc692bcb6	20-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Skip casts when determining taint dependencies + pretty printing. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
0849ade4bb3e90c2fc0ce01ccd330f76f91da732	12-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
9f03b62036a7abc0a227b17f4a49b9eefced9450	07-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add basic format string vulnerability checking. We already have a more conservative check in the compiler (if the format string is not a literal, we warn). Still adding it here for completeness and since this check is stronger - only triggered if the format string is tainted. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
5eca482fe895ea57bc82410222e6426c09e63284	06-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt,LocationContext) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
eb31a76d1cdaaf8874c549dc6bd964ff270d3822	05-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
99ba9e3bd70671f3441fb974895f226a83ce0e66	20-Dec-2011	David Blaikie <dblaikie@gmail.com>	Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
777d706547ebc751d998134774d9d5388fff8e02	17-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor: Simplify & assert. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146792 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
d3d8548e75f3fb6db53ed0927c1df30d78f4ce1d	16-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Better stdin support. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146748 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
28fd98d66dab4569316de2b5881d91b534a42461	14-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor refactor to addTaint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146535 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
e55a22b917327651178ddea36b3615f579681eea	14-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Mark getenv output as tainted. Also, allow adding taint to a region (not only a symbolic value). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
24d052cdb75d3c1afa5bef32eacaa224e9d0b85d	11-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Introduce IntSymExpr, where the integer is on the lhs. Fix a bug in SimpleSValBuilder, where we should swap lhs and rhs when calling generateUnknownVal(), - the function which creates symbolic expressions when data is tainted. The issue is not visible when we only create the expressions for taint since all expressions are commutative from taint perspective. Refactor SymExpr::symbol_iterator::expand() to use a switch instead of a chain of ifs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146336 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
5fc7def35ee858791e591d005b4ae343632ca931	08-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] If memory region is tainted mark data as tainted. + random comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146199 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
b39c5b4ddc9dcc7d9845c6c637e03e83302f8538	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Cleanup: use the variable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146056 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Propagate taint through MemRegions. SVal can be not only a symbol, but a MemRegion. Add support for such cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
a91efb14cbf6af999dee02d9b611a57c7b52e209	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add comments related to symbol_iterator git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145987 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it for finding dependent symbols for taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
aace9ef279be3dadd53b481aee568bd7701178b4	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Propagate taint through NonLoc to NonLoc casts. - Created a new SymExpr type - SymbolCast. - SymbolCast is created when we don't know how to simplify a NonLoc to NonLoc casts. - A bit of code refactoring: introduced dispatchCast to have better code reuse, remove a goto. - Updated the test case to showcase the new taint flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
76462f00854171d2aa3ebc34f9aac1c60021b0ea	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove all uses of ConstraintManager::canResonAbout() from ExprEngine. Teach SimpleConstraintManager::assumeSymRel() to propagate constraints to symbolic expressions. + One extra warning (real bug) is now generated due to enhanced assumeSymRel(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
d0167853f46cc78787b06255a44f9dcedd04a8ec	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add ability to do a simple ProgramState dump() without requiring CFG. Adding more ugly code; the evnvironment printing should be moved to envirnment at some point. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145828 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
ee081c4051cde4bd44475b5e29d695008c15a9cc	17-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor tweaks to the ProgramState::isTainted(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144928 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
ceac1d6e0521161adf7ac9834b1a7ad79d73fea4	16-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Adding basic building blocks for taint propagation. TaintTag.h will contain definitions of different taint kinds and their properties. TaintManager will be responsible for implementing taint specific operations, storing taint. ProgramState will provide API to add/remove taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
5f625712f622f6e57de17b6f7eec242956b993ee	22-Sep-2011	Anna Zaks <ganna@apple.com>	ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts). Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140323 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
d1e5a89226da79f7e6f43d40facc46abda9e5245	02-Sep-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Remove TransferFuncs.h, then deal with the fallout. And with that, TransferFuncs is gone! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139003 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
dbd658e139b3e0bf084f75feaea8d844af9e319f	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState. Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging. This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138728 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
537716ad8dd10f984b6cfe6985afade1185c5e3c	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation. Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well. Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp
2fde35d89320a92cb5ec5ec7b0603697aa17b089	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Add ProgramState.cpp. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137677 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ProgramState.cpp