Cross Reference: /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89	29-May-2014	Stephen Hines <srhines@google.com>	Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
3aa6f431897edf5fec32cbede8fcddbfb8fa16f7	28-Aug-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add support for testing the presence of weak functions. When casting the address of a FunctionTextRegion to bool, or when adding constraints to such an address, use a stand-in symbol to represent the presence or absence of the function if the function is weakly linked. This is groundwork for possible simple availability testing checks, and can already catch mistakes involving inverted null checks for weakly-linked functions. Currently, the implementation reuses the "extent" symbols, originally created for tracking the size of a malloc region. Since FunctionTextRegions cannot be dereferenced, the extent symbol will never be used for anything else. Still, this probably deserves a refactoring in the future. This patch does not attempt to support testing the presence of weak /variables/ (global variables), which would likely require much more of a change and a generalization of "region structure metadata", like the current "extents", vs. "region contents metadata", like CStringChecker's "string length". Patch by Richard <tarka.t.otter@googlemail.com>! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189492 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1	20-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic Introduce a new helper function, which computes the first symbolic region in the base region chain. The corresponding symbol has been used for assuming that a pointer is null. Now, it will also be used for checking if it is null. This ensures that we are tracking a null pointer correctly in the BugReporter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382	09-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
8f7bfb40b72f478d83b018a280f99c0386576ae3	24-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Teach ConstraintManager to ignore NonLoc <> NonLoc comparisons. These aren't generated by default, but they are needed when either side of the comparison is tainted. Should fix our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177846 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
4708b3dde86b06f40927ae9cf30a2de83949a8f2	23-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Teach constraint managers about unsigned comparisons. In C, comparisons between signed and unsigned numbers are always done in unsigned-space. Thus, we should know that "i >= 0U" is always true, even if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0' is signed. Part of <rdar://problem/13239003> (false positives related to std::vector) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177806 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
281698935f62ac1d35ddd3533a562c1589aadc8b	23-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Also transform "a < b" to "(b - a) > 0" in the constraint manager. We can support the full range of comparison operations between two locations by canonicalizing them as subtraction, as in the previous commit. This won't work (well) if either location includes an offset, or (again) if the comparisons are not consistent about which region comes first. <rdar://problem/13239003> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177803 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
8569281fb7ce9b5ca164a0528b876acbb45eb989	23-Mar-2013	Jordan Rose <jordan_rose@apple.com>	Add reverseComparisonOp and negateComparisonOp to BinaryOperator. ...and adopt them in the analyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177802 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
78114a58f8cf5e9b948e82448b2f0904f5b6c19e	23-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Translate "a != b" to "(b - a) != 0" in the constraint manager. Canonicalizing these two forms allows us to better model containers like std::vector, which use "m_start != m_finish" to implement empty() but "m_finish - m_start" to implement size(). The analyzer should have a consistent interpretation of these two symbolic expressions, even though it's not properly reasoning about either one yet. The other unfortunate thing is that while the size() expression will only ever be written "m_finish - m_start", the comparison may be written "m_finish == m_start" or "m_start == m_finish". Right now the analyzer does not attempt to canonicalize those two expressions, since it doesn't know which length expression to pick. Doing this correctly will probably require implementing unary minus as a new SymExpr kind (<rdar://problem/12351075>). For now, the analyzer inverts the order of arguments in the comparison to build the subtraction, on the assumption that "begin() != end()" is written more often than "end() != begin()". This is purely speculation. <rdar://problem/13239003> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177801 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
ca5d78d0bc3010164f2f9682967d64d7e305a167	01-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make ProgramStateManager's SubEngine parameter optional. It is possible and valid to have a state manager and associated objects without having a SubEngine or checkers. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164947 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
732cdf383f9030ff2b9fb28dfbdae2285ded80c6	26-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove unnecessary ASTContext& parameter from SymExpr::getType(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
05c3b9ac74e12238e7ec5f237132e2348a8b5f4e	24-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer]Prevent infinite recursion(assume->checker:evalAssume->assume) (Unfortunately, I do not have a good reduced test case for this.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164541 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove ProgramState::getSymVal(). It was being misused by Checkers, with at least one subtle bug in MacOSXKeyChainAPIChecker where the calling the method was a substitute for assuming a symbolic value was null (which is not the case). We still keep ConstraintManager::getSymVal(), but we use that as an optimization in SValBuilder and ProgramState::getSVal() to constant-fold SVals. This is only if the ConstraintManager can provide us with that information, which is no longer a requirement. As part of this, introduce a default implementation of ConstraintManager::getSymVal() which returns null. For Checkers, introduce ConstraintManager::isNull(), which queries the state to see if the symbolic value is constrained to be a null value. It does this without assuming it has been implicitly constant folded. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
efb3d56720654f5355ff8fc666499cc6554034f4	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Despite me asking Jordan to do r162313, revert it. We can provide another way to whitelist these special cases. This is an intermediate patch. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162386 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
58fc86d68d53eb6c47cc34974b6f37627a5f386c	21-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Push "references are non-null" knowledge up to the common parent. This reduces duplication across the Basic and Range constraint managers, and keeps their internals free of dealing with the semantics of C++. It's still a little unfortunate that the constraint manager is dealing with this at all, but this is pretty much the only place to put it so that it will apply to all symbolic values, even when embedded in larger expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162313 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
b3b1ae85757a8722caccb742b73ca31b4b53bb0a	10-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Exit early if constraint solver is given a non-integer symbol to reason about. As part of taint propagation, we now allow creation of non-integer symbolic expressions like a cast from int to float. Addresses PR12511 (radar://11215362). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156578 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
1d8db493f86761df9470254a2ad572fc6abf1bf6	08-May-2012	Jordy Rose <jediknil@belkadan.com>	[analyzer] Rework both constraint managers to handle mixed-type comparisons. This involves keeping track of three separate types: the symbol type, the adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL", if the type of $x is 'signed char', the adjustment type is 'int' and the comparison type is 'unsigned long long'. Most of the time these three types will be the same, but we should still do the right thing when the comparison value is out of range, and wraparound should be calculated in the adjustment type. This also re-disables an out-of-bounds test; we were extracting the symbol from non-additive SymIntExprs, but then throwing away the integer. Sorry for the large patch; both the basic and range constraint managers needed to be updated together, since they share code in SimpleConstraintManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156361 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
3026348bd4c13a0f83b59839f64065e0fcbea253	20-Jan-2012	David Blaikie <dblaikie@gmail.com>	More dead code removal (using -Wunreachable-code) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148577 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
5344baa704f42b22d9df25c24ffbbf6b4716603b	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Unify SymbolVal and SymExprVal under a single SymbolVal class. We are going into the direction of handling SymbolData and other SymExpr uniformly, so it makes less sense to keep two different SVal classes. For example, the checkers would have to take an extra step to reason about each type separately. The classes have the same members, we were just using the SVal kind field for easy differentiation in 3 switch statements. The switch statements look more ugly now, but we can make the code more readable in other ways, for example, moving some code into separate functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145833 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
76462f00854171d2aa3ebc34f9aac1c60021b0ea	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove all uses of ConstraintManager::canResonAbout() from ExprEngine. Teach SimpleConstraintManager::assumeSymRel() to propagate constraints to symbolic expressions. + One extra warning (real bug) is now generated due to enhanced assumeSymRel(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
3cdf584e068056540769dab56cad333e95a89750	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] First step toward removing ConstraintManager::canReasonAbout() from the ExprEngine. ExprEngine should not care if the constraint solver can reason about something or not. The solver should be able to handle all the SymExprs. To do this, the solver should be able to keep track of not only the SymbolData but of all SymExprs. This is why we change SymbolRef to be an alias of SymExpr*. When encountering an expression it cannot simplify, the solver should just add the constraints to it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145831 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
b219cfc4d75f0a03630b7c4509ef791b7e97b2c8	23-Sep-2011	David Blaikie <dblaikie@gmail.com>	Switch assert(0/false) llvm_unreachable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140367 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
5e9ebb3c0fb554d9285aa99c470abdf283272bd9	21-May-2011	Douglas Gregor <dgregor@apple.com>	A few more is(Un)signedIntegerType/is(Un)signedOrEnumerationType cleanups. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131793 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
d26a475068535834bbebd87f429ec773d6227e41	01-Mar-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Remove Checker V1. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126725 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
7dfc9420babe83e236a47e752f8723bd06070d9d	16-Feb-2011	Zhanyong Wan <wan@google.com>	Makes most methods in SVals.h conform to the naming guide. Reviewed by kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
9b663716449b618ba0390b1dbebc54fa8e971124	10-Feb-2011	Ted Kremenek <kremenek@apple.com>	Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3	08-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core. Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration. Yet another library to avoid cyclic dependencies between Core and Checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/SimpleConstraintManager.cpp