Cross Reference: /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
651f13cea278ec967336033dd032faef0e9fc2ec	24-Apr-2014	Stephen Hines <srhines@google.com>	Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
3eb52bb5d791630f926ff2226dae25012315ad9a	20-Nov-2013	Bill Wendling <isanbard@gmail.com>	Merging r195174: ------------------------------------------------------------------------ r195174 \| zaks \| 2013-11-19 16:11:42 -0800 (Tue, 19 Nov 2013) \| 1 line [analyzer] Fix an infinite recursion in region invalidation by adding block count to the BlockDataRegion. ------------------------------------------------------------------------ git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@195228 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
d76cec5567cb5b04cb5cc48a477a0c71b910053c	18-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't even try to convert floats to booleans for now. We now have symbols with floating-point type to make sure that (double)x == (double)x comes out true, but we still can't do much with these. For now, don't even bother trying to create a floating-point zero value; just give up on conversion to bool. PR14634, C++ edition. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190953 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
3aa6f431897edf5fec32cbede8fcddbfb8fa16f7	28-Aug-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add support for testing the presence of weak functions. When casting the address of a FunctionTextRegion to bool, or when adding constraints to such an address, use a stand-in symbol to represent the presence or absence of the function if the function is weakly linked. This is groundwork for possible simple availability testing checks, and can already catch mistakes involving inverted null checks for weakly-linked functions. Currently, the implementation reuses the "extent" symbols, originally created for tracking the size of a malloc region. Since FunctionTextRegions cannot be dereferenced, the extent symbol will never be used for anything else. Still, this probably deserves a refactoring in the future. This patch does not attempt to support testing the presence of weak /variables/ (global variables), which would likely require much more of a change and a generalization of "region structure metadata", like the current "extents", vs. "region contents metadata", like CStringChecker's "string length". Patch by Richard <tarka.t.otter@googlemail.com>! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189492 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
0aaa57d19c23165d5e422c706084799d97eabe97	25-Jul-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Weaken assertion to account for pointer-to-integer casts. PR16690 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187132 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
df70700f5aa5744d7f70fb3e6610ff434f643a71	17-Jul-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle C string default values for const char * arguments. Previously, SValBuilder knew how to evaluate StringLiterals, but couldn't handle an array-to-pointer decay for constant values. Additionally, RegionStore was being too strict about loading from an array, refusing to return a 'char' value from a 'const char' array. Both of these have been fixed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186520 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
7f1fd2f182717d5ce6cde60398128910c90f98be	29-May-2013	Anna Zaks <ganna@apple.com>	[analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation This gives slightly better precision, specifically, in cases where a non-typed region represents the array or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
4b75085f5669efc6407c662b5686361624c3ff2f	02-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't try to evaluate MaterializeTemporaryExpr as a constant. ...and don't consider '0' to be a null pointer constant if it's the initializer for a float! Apparently null pointer constant evaluation looks through both MaterializeTemporaryExpr and ImplicitCastExpr, so we have to be more careful about types in the callers. For RegionStore this just means giving up a little more; for ExprEngine this means handling the MaterializeTemporaryExpr case explicitly. Follow-up to r180894. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180944 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
e2b1246a24e8babf2f58c93713fba16b8edb8e2d	02-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Consolidate constant evaluation logic in SValBuilder. Previously, this was scattered across Environment (literal expressions), ExprEngine (default arguments), and RegionStore (global constants). The former special-cased several kinds of simple constant expressions, while the latter two deferred to the AST's constant evaluator. Now, these are all unified as SValBuilder::getConstantVal(). To keep Environment fast, the special cases for simple constant expressions have been left in, but the main benefits are that (a) unusual constants like ObjCStringLiterals now work as default arguments and global constant initializers, and (b) we're not duplicating code between ExprEngine and RegionStore. This actually caught a bug in our test suite, which is awesome: we stop tracking allocated memory if it's passed as an argument along with some kind of callback, but not if the callback is 0. We were testing this in a case where the callback parameter had a default value, but that value was 0. After this change, the analyzer now (correctly) flags that as a leak! <rdar://problem/13773117> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
112344ab7f96cf482bce80530676712c282756d5	01-May-2013	Jordan Rose <jordan_rose@apple.com>	Re-apply "[analyzer] Model casts to bool differently from other numbers." This doesn't appear to be the cause of the slowdown. I'll have to try a manual bisect to see if there's really anything there, or if it's just the bot itself taking on additional load. Meanwhile, this change helps with correctness. This changes an assertion and adds a test case, then re-applies r180638, which was reverted in r180714. <rdar://problem/13296133> and PR15863 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180864 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
7e6b564d59df6c0594bc3a577f33536850290dec	29-Apr-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Model casts to bool differently from other numbers." This seems to be causing quite a slowdown on our internal analyzer bot, and I'm not sure why. Needs further investigation. This reverts r180638 / 9e161ea981f22ae017b6af09d660bfc3ddf16a09. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180714 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
5e6c06bc7deaaefe130b730032a9acb9cd38bf0c	26-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Model casts to bool differently from other numbers. Casts to bool (and _Bool) are equivalent to checks against zero, not truncations to 1 bit or 8 bits. This improved reasoning does cause a change in the behavior of the alpha BoolAssignment checker. Previously, this checker complained about statements like "bool x = y" if 'y' was known not to be 0 or 1. Now it does not, since that conversion is well-defined. It's hard to say what the "best" behavior here is: this conversion is safe, but might be better written as an explicit comparison against zero. More usefully, besides improving our model of booleans, this fixes spurious warnings when returning the address of a local variable cast to bool. <rdar://problem/13296133> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180638 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
d8eeac5bd5e3cca0b3ff3993ee479ec9e66f386e	16-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Do not crash when processing binary "?:" in C++ When computing the value of ?: expression, we rely on the last expression in the previous basic block to be the resulting value of the expression. This is not the case for binary "?:" operator (GNU extension) in C++. As the last basic block has the expression for the condition subexpression, which is an R-value, whereas the true subexpression is the L-value. Note the operator evaluation just happens to work in C since the true subexpression is an R-value (like the condition subexpression). CFG is the same in C and C++ case, but the AST nodes are different, which the LValue to Rvalue conversion happening after the BinaryConditionalOperator evaluation. Changed the logic to only use the last expression from the predecessor only if it matches either true or false subexpression. Note, the logic needed fortification anyway: L and R were passed but not even used by the function. Also, change the conjureSymbolVal to correctly compute the type, when the expression is an LG-value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179574 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382	09-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
beca02fc66db76eacdaced9df3bc79530c064842	05-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Teach the analyzer to use a symbol for p when evaluating (void*)p. Addresses the false positives similar to the test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174436 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'getConjuredSymbol' to 'conjureSymbol'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2	23-Jun-2012	Ted Kremenek <kremenek@apple.com>	Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
e17fdb2d5dbf0ffefd417587003eebbe5baf5984	07-Jun-2012	Anna Zaks <ganna@apple.com>	[analyzer] Anti-aliasing: different heap allocations do not alias Add a concept of symbolic memory region belonging to heap memory space. When comparing symbolic regions allocated on the heap, assume that they do not alias. Use symbolic heap region to suppress a common false positive pattern in the malloc checker, in code that relies on malloc not returning the memory aliased to other malloc allocations, stack. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
17eb65f1bfcc33d2a9ecefe32368cb374155dbdc	24-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Treat cast of array to reference in the same way as array to pointer. Fixes one of the crashes reported in PR12874. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157401 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
da3960347a5d563d6746cb363b25466282a09ce3	03-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not assert on constructing SymSymExpr with diff types. The resulting type info is stored in the SymSymExpr, so no reason not to support construction of expression with different subexpression types. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156051 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
baeaa9ad120f60b1c5b6f1a84286b507dbe2b55d	03-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a complexity bound on history tracking. (Currently, this is only relevant for tainted data.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156050 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
31595e22b7e0d21b0b7c4c4fb196e97d3edc2a08	03-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Revert the functional part of r155944. The change resulted in multiple issues on the buildbot, so it's not ready for prime time. Only enable history tracking for tainted data(which is experimental) for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156049 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
2a6e30d9ec947e26df55b4ea4eb5b583bb85ee96	02-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix an assertion failure triggered by the analyzer buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155964 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
140d0c64417e2fb5fc4dd40ce0d46b037ac11b02	01-May-2012	Ted Kremenek <kremenek@apple.com>	Teach SValBuilder to handle casts of symbolic pointer values to an integer twice. Fixes <rdar://problem/11212866>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155950 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
e2241cbb0455a60ba27d6c4b9d601ffef3ed103f	01-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Construct a SymExpr even when the constraint solver cannot reason about the expression. This essentially keeps more history about how symbolic values were constructed. As an optimization, previous to this commit, we only kept the history if one of the symbols was tainted, but it's valuable keep the history around for other purposes as well: it allows us to avoid constructing conjured symbols. Specifically, we need to identify the value of ptr as ElementRegion (result of pointer arithmetic) in the following code. However, before this commit '(2-x)' evaluated to Unknown value, and as the result, 'p + (2-x)' evaluated to Unknown value as well. int *p = malloc(sizeof(int)); ptr = p + (2-x); This change brings 2% slowdown on sqlite. Fixes radar://11329382. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
337e4dbc6859589b8878146a88bebf754e916702	10-Mar-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] fix regression in analyzer of NOT actually aborting on Stmts it doesn't understand. We registered as aborted, but didn't treat such cases as sinks in the ExplodedGraph. Along the way, add basic support for CXXCatchStmt, expanding the set of code we actually analyze (hopefully correctly). Fixes: <rdar://problem/10892489> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152468 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
3133f79cf451e6302dd05262b4bb53a3e4fd6300	18-Feb-2012	Ted Kremenek <kremenek@apple.com>	Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
c35fb7d67d515659ad2325b4f6ec97c9fe64fb63	28-Jan-2012	Benjamin Kramer <benny.kra@googlemail.com>	StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers that don't care about the language don't have to pull in all the headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149178 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
b71d1570417d81de7b064ad788bea690e2c89111	13-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Unwrap the pointers when ignoring the const cast. radar://10686991 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
99ba9e3bd70671f3441fb974895f226a83ce0e66	20-Dec-2011	David Blaikie <dblaikie@gmail.com>	Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
bcb3b981da3d29844fea4099c529b43e814b6d7d	15-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordy's comments for r145985. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146683 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
e3d250e488241cbfe71a592df4d07d03ad89434a	11-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression. We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about. In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.) This patch also contains 2 small bug fixes: - swap the order of operators inside SValBuilder::makeGenericVal. - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146343 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
6d6a83c3754b449ac24cb83bc6d3a50b10535061	11-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer]Fixup r146336. Forgot to commit the Header files. Rename generateUnknownVal -> makeGenericVal. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146337 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
24d052cdb75d3c1afa5bef32eacaa224e9d0b85d	11-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Introduce IntSymExpr, where the integer is on the lhs. Fix a bug in SimpleSValBuilder, where we should swap lhs and rhs when calling generateUnknownVal(), - the function which creates symbolic expressions when data is tainted. The issue is not visible when we only create the expressions for taint since all expressions are commutative from taint perspective. Refactor SymExpr::symbol_iterator::expand() to use a switch instead of a chain of ifs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146336 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
432a4558b8161c362efc319f8a38e074e74da201	09-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Fix inconsistency on when SValBuilder assumes that 2 types are equivalent. + A taint test which tests bitwise operations and which was triggering an assertion due to presence of the integer to integer cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146240 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
aace9ef279be3dadd53b481aee568bd7701178b4	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Propagate taint through NonLoc to NonLoc casts. - Created a new SymExpr type - SymbolCast. - SymbolCast is created when we don't know how to simplify a NonLoc to NonLoc casts. - A bit of code refactoring: introduced dispatchCast to have better code reuse, remove a goto. - Updated the test case to showcase the new taint flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
5344baa704f42b22d9df25c24ffbbf6b4716603b	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Unify SymbolVal and SymExprVal under a single SymbolVal class. We are going into the direction of handling SymbolData and other SymExpr uniformly, so it makes less sense to keep two different SVal classes. For example, the checkers would have to take an extra step to reason about each type separately. The classes have the same members, we were just using the SVal kind field for easy differentiation in 3 switch statements. The switch statements look more ugly now, but we can make the code more readable in other ways, for example, moving some code into separate functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145833 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
426a16d4e5efe7efefe76c405207fb170cabad9f	28-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor cleanup of SValBuilder: Comments + code reuse. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145274 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
8f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5	18-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Warn when non pointer arguments are passed to scanf (only when running taint checker). There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144964 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
0d339d06f8721d14befd6311bd306ac485772188	18-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Do not conjure a symbol when we need to propagate taint. When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation. With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted. Also added some comments and asserts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
1d26f48dc2eea1c07431ca1519d7034a21b9bcff	24-Oct-2011	Ted Kremenek <kremenek@apple.com>	Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
f7afe4abd29062b1761e06ec22d2e4216c22519e	12-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Fix a new failure encountered while building Adium exposed as a result of r138196(radar://10087620). ObjectiveC property of type int has a value of type ObjCPropRef, which is a Loc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139507 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
9c378f705405d37f49795d5e915989de774fe11f	13-Aug-2011	Ted Kremenek <kremenek@apple.com>	Cleanup various declarations of 'Stmt' to be 'Stmt ', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
9697934650354bed2e509d8e7e44f21a1fb00f76	12-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
9f8862aa64300ef97b8fe85034ee93bbc03e3b7b	01-Mar-2011	Zhanyong Wan <wan@google.com>	Improves the coding style in SValBuilder. This patch: - renames evalCastNL and evalCastL to evalCastFromNonLoc and evalCastFromLoc (avoid abbreviations that aren't well known). - makes all function parameter names start with a lower case letter for consistency and distinction from member variables. - avoids abbreviations in function parameter names. Reviewed by kremenek@apple.com. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126722 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
b14175a5371a6c71f3b2dbe4e7aa14803ac38c54	19-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Fix crash when analyzing C++ code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126025 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
7dfc9420babe83e236a47e752f8723bd06070d9d	16-Feb-2011	Zhanyong Wan <wan@google.com>	Makes most methods in SVals.h conform to the naming guide. Reviewed by kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
2534528c22260211a073e192c38d0db84c70c327	11-Feb-2011	Ted Kremenek <kremenek@apple.com>	Rename 'InvalidateRegions()' to 'invalidateRegions()'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
9b663716449b618ba0390b1dbebc54fa8e971124	10-Feb-2011	Ted Kremenek <kremenek@apple.com>	Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3	08-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core. Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration. Yet another library to avoid cyclic dependencies between Core and Checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SValBuilder.cpp