b7a747b0c271faeeb8d0f886f0e691eb25f637d9 |
|
17-Nov-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Better modeling of memcpy by the CStringChecker (PR16731). New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
374ae320b87c15b0262c40e5c46e8990111df5ca |
|
10-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Indirect invalidation counts as an escape for leak checkers. Consider this example: char *p = malloc(sizeof(char)); systemFunction(&p); free(p); In this case, when we call systemFunction, we know (because it's a system function) that it won't free 'p'. However, we /don't/ know whether or not it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping out any bindings it contains. But now the malloc'd region looks like a leak, since there are no more bindings pointing to it, and we'll get a spurious leak warning. The fix for this is to notice when something is becoming inaccessible due to invalidation (i.e. an imperfect model, as opposed to being explicitly overwritten) and stop tracking it at that point. Currently, the best way to determine this for a call is the "indirect escape" pointer-escape kind. In practice, all the patch does is take the "system functions don't free memory" special case and limit it to direct parameters, i.e. just the arguments to a call and not other regions accessible to them. This is a conservative change that should only cause us to escape regions more eagerly, which means fewer leak warnings. This isn't perfect for several reasons, the main one being that this example is treated the same as the one above: char **p = malloc(sizeof(char *)); systemFunction(p + 1); // leak Currently, "addresses accessible by offsets of the starting region" and "addresses accessible through bindings of the starting region" are both considered "indirect" regions, hence this uniform treatment. Another issue is our longstanding problem of not distinguishing const and non-const bindings; if in the first example systemFunction's parameter were a char * const *, we should know that the function will not overwrite 'p', and thus we can safely report the leak. <rdar://problem/13758386> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181607 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
262e0d41e49c6b823d62743535e2accb117a6ea9 |
|
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Re-enable using global regions as a symbolic base. Now that we're invalidating global regions properly, we want to continue taking advantage of a particular optimization: if all global regions are invalidated together, we can represent the bindings of each region with a "derived region value" symbol. Essentially, this lazily links each global region with a single symbol created at invalidation time, rather than binding each region with a new symbolic value. We used to do this, but haven't been for a while; the previous commit re-enabled this code path, and this handles the fallout. <rdar://problem/13464044> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
9a0b3c2f7c440c53b65bd1b085a7471d9f7ed490 |
|
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tests: move system functions into system header simulator files. Some checkers ascribe different behavior to functions declared in system headers, so when working with standard library functions it's probably best to always have them in a standard location. Test change only (no functionality change), but necessary for the next commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179552 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
233e26acc0ff2a1098f4c813f69286fce840a422 |
|
08-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pointer escape type param to checkPointerEscape callback The checkPointerEscape callback previously did not specify how a pointer escaped. This change includes an enum which describes the different ways a pointer may escape. This enum is passed to the checkPointerEscape callback when a pointer escapes. If the escape is due to a function call, the call is passed. This changes previous behavior where the call is passed as NULL if the escape was due to indirectly invalidating the region the pointer referenced. A patch by Branden Archer! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
8c888b10fdd2846885e8582b131fa076ce1b77b1 |
|
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Explain why we have system-header-simulator*.h files. Suggested by Csaba. Text based on an e-mail of mine on cfe-dev. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174213 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
9620aa8c6726330c0357799706aa51f64cc449da |
|
20-Sep-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test/Analysis: Fix the declaration of strlen() for 32 bit targets. - Inputs/system-header-simulator.h: Declare strlen() with size_t. - malloc-interprocedural.c: Move the definition of size_t into the header above. Then XFAIL can be pruned. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164300 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|
1b22cec353bc6112653d50b060a1d78d70c51527 |
|
12-Sep-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Adjust some analyzer tests to place widely shared inputs inside of an 'Inputs' subdirectory. The general desire has been to have essentially all of the non-test input files live in such directories, with some exceptions for obvious and common patterns like 'foo.c' using 'foo.h'. This came up because our distributed test runner couldn't find some of the headers, for example with stl.cpp. No functionality changed, just shuffling around here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163674 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/Inputs/system-header-simulator.h
|