c568f1e98938584c0ef0b12ae5018ff7d90a4072 |
|
21-Jul-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for rebase to r212749. This also fixes a small issue with arm_neon.h not being generated always. Includes a cherry-pick of: r213450 - fixes mac-specific header issue r213126 - removes a default -Bsymbolic on Android Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 |
|
29-May-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
651f13cea278ec967336033dd032faef0e9fc2ec |
|
24-Apr-2014 |
Stephen Hines <srhines@google.com> |
Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f |
|
28-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make inlining decisions based on the callee being variadic. ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
95ab9e306f4deefeabd89ea61987f4a8d67e0890 |
|
02-Sep-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Add very limited support for temporary destructors This is an improved version of r186498. It enables ExprEngine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors. Now, the analyzer correctly handles expressions like "a || A()", and executes the destructor of "A" only on the paths where "a" evaluted to false. Temporary destructor processing is still off by default and one has to explicitly request it by setting cfg-temporary-dtors=true. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1259 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189746 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
24146975f1af8c1b4b14e8545f218129d0e7dfeb |
|
22-Aug-2013 |
Eli Friedman <eli.friedman@gmail.com> |
Split isFromMainFile into two functions. Basically, isInMainFile considers line markers, and isWrittenInMainFile doesn't. Distinguishing between the two is useful when dealing with files which are preprocessed files or rewritten with -frewrite-includes (so we don't, for example, print useless warnings). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188968 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
9815ec0a00fe04db92e51a4160fc905f6cd48f30 |
|
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Add very limited support for temporary destructors" The analyzer doesn't currently expect CFG blocks with terminators to be empty, but this can happen when generating conditional destructors for a complex logical expression, such as (a && (b || Temp{})). Moreover, the branch conditions for these expressions are not persisted in the state. Even for handling noreturn destructors this needs more work. This reverts r186498. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186925 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ac7cc2d37e82181e73fcc265c1d0a619d18b7605 |
|
19-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Include analysis stack in crash traces. Sample output: 0. Program arguments: ... 1. <eof> parser at end of file 2. While analyzing stack: #0 void inlined() #1 void test() 3. crash-trace.c:6:3: Error evaluating statement git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186639 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
046e79a425bfa82b480b8a07ce11d96391fa0a9b |
|
17-Jul-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Add very limited support for temporary destructors Summary: This patch enables ExprEndgine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors and close bug #15599. I have also enabled the cfg-temporary-dtors analyzer option by default. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1131 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186498 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
50fa64d4411a42e0b4f373a84d8d4f5cbf339ea3 |
|
17-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline ~shared_ptr. The analyzer can't see the reference count for shared_ptr, so it doesn't know whether a given destruction is going to delete the referenced object. This leads to spurious leak and use-after-free warnings. For now, just ban destructors named '~shared_ptr', which catches std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr. PR15987 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182071 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
776d3bb65c90278b9c65544b235d2ac40aea1d6e |
|
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline the [cd]tors of C++ iterators. This goes with r178516, which instructed the analyzer not to inline the constructors and destructors of C++ container classes. This goes a step further and does the same thing for iterators, so that the analyzer won't falsely decide we're trying to construct an iterator pointing to a nonexistent element. The heuristic for determining whether something is an iterator is the presence of an 'iterator_category' member. This is controlled under the same -analyzer-config option as container constructor/destructor inlining: 'c++-container-inlining'. <rdar://problem/13770187> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180890 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ecee1651c100342366a9417c85c6e50399039930 |
|
03-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Better model for copying of array fields in implicit copy ctors. - Find the correct region to represent the first array element when constructing a CXXConstructorCall. - If the array is trivial, model the copy with a primitive load/store. - Don't warn about the "uninitialized" subscript in the AST -- we don't use the helper variable that Sema provides. <rdar://problem/13091608> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178602 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
c63a460d78a7625ff38d2b3580f78030c44f07db |
|
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline [cd]tors of C++ containers. This is a heuristic to make up for the fact that the analyzer doesn't model C++ containers very well. One example is modeling that 'std::distance(I, E) == 0' implies 'I == E'. In the future, it would be nice to model this explicitly, but for now it just results in a lot of false positives. The actual heuristic checks if the base type has a member named 'begin' or 'iterator'. If so, we treat the constructors and destructors of that type as opaque, rather than inlining them. This is intended to drastically reduce the number of false positives reported with experimental destructor support turned on. We can tweak the heuristic in the future, but we'd rather err on the side of false negatives for now. <rdar://problem/13497258> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178516 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
c9092bb5eb67d859122abb69a0ef61e9249500cd |
|
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cache whether a function is generally inlineable. Certain properties of a function can determine ahead of time whether or not the function is inlineable, such as its kind, its signature, or its location. We can cache this value in the FunctionSummaries map to avoid rechecking these static properties for every call. Note that the analyzer may still decide not to inline a specific call to a function because of the particular dynamic properties of the call along the current path. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178515 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8a660eb1084294a903f6dcc00bf2fa4e3bc92cfc |
|
26-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change inlining policy to inline small functions when reanalyzing ObjC methods as top level. This allows us to better reason about(inline) small wrapper functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178063 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
a8d937e4bdd39cdf503f77454e9dc4c9c730a9f7 |
|
16-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move assignment operators with a bind as well. r175234 allowed the analyzer to model trivial copy/move constructors as an aggregate bind. This commit extends that to trivial assignment operators as well. Like the last commit, one of the motivating factors here is not warning when the right-hand object is partially-initialized, which can have legitimate uses. <rdar://problem/13405162> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177220 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
42f2309f739549bead6e5a6c34fd1be4d087998f |
|
25-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review of r175857. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176043 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8dadf15224f1a8df96793e5fc4e0b0e38a5ffbe4 |
|
22-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Place all inlining policy checks into one palce Previously, we had the decisions about inlining spread out over multiple functions. In addition to the refactor, this commit ensures that we will always inline BodyFarm functions as long as the Decl is available. This fixes false positives due to those functions not being inlined when no or minimal inlining is enabled such (as shallow mode). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175857 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
7a95de68c093991047ed8d339479ccad51b88663 |
|
21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace ProgramPoint llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
5251abea41b446c26e3239c8dd6c7edea6fc335d |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a |
|
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...after a host of optimizations related to the use of LazyCompoundVals (our implementation of aggregate binds). Originally applied in r173951. Reverted in r174069 because it was causing hangs. Re-applied in r174212. Reverted in r174265 because it was /still/ causing hangs. If this needs to be reverted again it will be punted to far in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175234 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
2a3fe34b4a2a1b6ceab8838b896435378ae0e692 |
|
02-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...again. The problem has not been fixed and our internal buildbot is still getting hangs. This reverts r174212, originally applied in r173951, then reverted in r174069. Will not re-apply until the entire project analyzes successfully on my local machine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174265 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
453cb859a3c8dcafe79ae840dfc35ff8eae1b4b3 |
|
02-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Always inline functions with bodies generated by BodyFarm. Inlining these functions is essential for correctness. We often have cases where we do not inline calls. For example, the shallow mode and when reanalyzing previously inlined ObjC methods as top level. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174245 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
5500fc193af4b786bbbbee6ece743f523448e90b |
|
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." With the optimization in the previous commit, this should be safe again. Originally applied in r173951, then reverted in r174069. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174212 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
33e83b6cf776875be5716d214710717a898325c0 |
|
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." It's causing hangs on our internal analyzer buildbot. Will restore after investigating. This reverts r173951 / baa7ca1142990e1ad6d4e9d2c73adb749ff50789. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174069 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
6bbe1442a5f3f5f761582a9005e9edf1d49c4da2 |
|
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use analyzer config for max-inlinable-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173957 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
baa7ca1142990e1ad6d4e9d2c73adb749ff50789 |
|
30-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move ctors with an aggregate bind. This is faster for the analyzer to process than inlining the constructor and performing a member-wise copy, and it also solves the problem of warning when a partially-initialized POD struct is copied. Before: CGPoint p; p.x = 0; CGPoint p2 = p; <-- assigned value is garbage or undefined After: CGPoint p; p.x = 0; CGPoint p2 = p; // no-warning This matches our behavior in C, where we don't see a field-by-field copy. <rdar://problem/12305288> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173951 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
bfa9ab8183e2fdc74f8633d758cb0c6201314320 |
|
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Replace "-analyzer-ipa" with "-analyzer-config ipa". The idea is to eventually place all analyzer options under "analyzer-config". In addition, this lays the ground for introduction of a high-level analyzer mode option, which will influence the default setting for IPAMode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173385 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
73f0563009a6715a5d3d41f664f5bfab5096d51f |
|
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] refactor: access IPAMode through the accessor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173384 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
bdc691f1d61765dd806d5ae3b75ae004f676a7c9 |
|
14-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add ProgramStatePartialTrait<const void *>. This should fix cast-away-const warnings reported by David Greene. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172446 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
7959671d456c916706a5f61af609d8f1fc95decf |
|
17-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Implement "do not inline large functions many times" performance heuristic After inlining a function with more than 13 basic blocks 32 times, we are not going to inline it anymore. The idea is that inlining large functions leads to drastic performance implications. Since the function has already been inlined, we know that we've analyzed it in many contexts. The following metrics are used: - Large function is a function with more than 13 basic blocks (we should switch to another metric, like cyclomatic complexity) - We consider that we've inlined a function many times if it's been inlined 32 times. This number is configurable with -analyzer-config max-times-inline-large=xx This heuristic addresses a performance regression introduced with inlining on one benchmark. The analyzer on this benchmark became 60 times slower with inlining turned on. The heuristic allows us to analyze it in 24% of the time. The performance improvements on the other benchmarks I've tested with are much lower - under 10%, which is expected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170361 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
75f31c4862643ab09479c979fabf754e7ffe1460 |
|
07-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimization heuristic: do not reanalyze every ObjC method as top level. This heuristic is already turned on for non-ObjC methods (inlining-mode=noredundancy). If a method has been previously analyzed, while being inlined inside of another method, do not reanalyze it as top level. This commit applies it to ObjCMethods as well. The main caveat here is that to catch the retain release errors, we are still going to reanalyze all the ObjC methods but without inlining turned on. Gives 21% performance increase on one heavy ObjC benchmark, which suffered large performance regressions due to ObjC inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169639 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
4ecca28e20410f5e2816c5ddff5cdeaf45fb74b5 |
|
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use a smarter algorithm to find the last block in an inlined call. Previously we would search for the last statement, then back up to the entrance of the block that contained that statement. Now, while we're scanning for the statement, we just keep track of which blocks are being exited (in reverse order). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169526 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
55fc873017f10f6f566b182b70f6fc22aefa3464 |
|
04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 |
|
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Report leaks at the closing brace of a function body. This fixes a few cases where we'd emit path notes like this: +---+ 1| v p = malloc(len); ^ |2 +---+ In general this should make path notes more consistent and more correct, especially in cases where the leak happens on the false branch of an if that jumps directly to the end of the function. There are a couple places where the leak is reported farther away from the cause; these are usually cases where there are several levels of nested braces before the end of the function. This still matches our current behavior for when there /is/ a statement after all the braces, though. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
84c484545c5906ba55143e212b4a5275ab55889f |
|
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Mark symbol values as dead in the environment. This allows us to properly remove dead bindings at the end of the top-level stack frame, using the ReturnStmt, if there is one, to keep the return value live. This in turn removes the need for a check::EndPath callback in leak checkers. This does cause some changes in the path notes for leak checkers. Previously, a leak would be reported at the location of the closing brace in a function. Now, it gets reported at the last statement. This matches the way leaks are currently reported for inlined functions, but is less than ideal for both. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168066 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
bae930d4c69a624881e66f1628ee615e149362f7 |
|
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's feedback for r167780. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167790 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
d51db4935736fd943bfd46dfa74d41e9a3c2d41f |
|
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Follow up to r167762 - precisely determine the adjustment conditions. The adjustment is needed only in case of dynamic dispatch performed by the analyzer - when the runtime declaration is different from the static one. Document this explicitly in the code (by adding a helper). Also, use canonical Decls to avoid matching against the case where the definition is different from found declaration. This fix suppresses the testcase I added in r167762, so add another testcase to make sure we do test commit r167762. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167780 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e7ad14e18247ec6fc3d46b208829e3dac6d85a1d |
|
12-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a regression (from r 165079): compare canonical types. Suppresses a leak false positive (radar://12663777). In addition, we'll need to rewrite the adjustReturnValue() method not to return UnknownVal by default, but rather assert in cases we cannot handle. To make it possible, we need to correctly handle some of the edge cases we already know about. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167762 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
40d8551890bc8454c4e0a28c9072c9c1d1dd588a |
|
05-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.h As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167385 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
0a591c242b867844d483091cae546e294bbee312 |
|
03-Nov-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp: Appease msvc. 0 (as nullptr) is incompatible to pointer in type matching on msvc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167355 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb |
|
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead on end of path. This will simplify checkers that need to register for leaks. Currently, they have to register for both: check dead and check end of path. I've modified the SymbolReaper to consider everything on the stack dead if the input StackLocationContext is 0. (This is a bit disruptive, so I'd like to flash out all the issues asap.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
166d502d5367ceacd1313a33cac43b1048b8524d |
|
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list). Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
48314cf6a289bc5a082d8c769c58a38f924c93b7 |
|
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Adjust the return type of an inlined devirtualized method call. In C++, overriding virtual methods are allowed to specify a covariant return type -- that is, if the return type of the base method is an object pointer type (or reference type), the overriding method's return type can be a pointer to a subclass of the original type. The analyzer was failing to take this into account when devirtualizing a method call, and anything that relied on the return value having the proper type later would crash. In Objective-C, overriding methods are allowed to specify ANY return type, meaning we can NEVER be sure that devirtualizing will give us a "safe" return value. Of course, a program that does this will most likely crash at runtime, but the analyzer at least shouldn't crash. The solution is to check and see if the function/method being inlined is the function that static binding would have picked. If not, check that the return value has the same type. If the types don't match, see if we can fix it with a derived-to-base cast (the C++ case). If we can't, return UnknownVal to avoid crashing later. <rdar://problem/12409977> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165079 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
622b6fb0a1d280c16e135c7e427b79cafffbde1f |
|
01-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Have AnalyzerOptions::getBooleanOption() stick the matching config string in the config table so that it can be dumped as part of the config dumper. Add a test to show that these options are sticking and can be cross-checked using FileCheck. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164954 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
0504a598a5dc8f3f45e79d4f8ea206a926507859 |
|
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Reapply "[analyzer] Handle inlined constructors for rvalue temporaries correctly." This is related to but not blocked by <rdar://problem/12137950> ("Return-by-value structs do not have associated regions") This reverts r164875 / 3278d41e17749dbedb204a81ef373499f10251d7. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164952 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
846c898cebf02cb753125633c52e0d1d7fd94b4b |
|
29-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Handle inlined constructors for rvalue temporaries correctly." This reverts commit 580cd17f256259f39a382e967173f34d68e73859. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164875 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
580cd17f256259f39a382e967173f34d68e73859 |
|
28-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle inlined constructors for rvalue temporaries correctly. Previously the analyzer treated all inlined constructors like lvalues, setting the value of the CXXConstructExpr to the newly-constructed region. However, some CXXConstructExprs behave like rvalues -- in particular, the implicit copy constructor into a pass-by-value argument. In this case, we want only the /contents/ of a temporary object to be passed, so that we can use the same "copy each argument into the parameter region" algorithm that we use for scalar arguments. This may change when we start modeling destructors of temporaries, but for now this is the last part of <rdar://problem/12137950>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164830 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ddc0c4814788dda4ef224cd4d22d07154a6ede49 |
|
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Simplify getRuntimeDefinition() back to taking no arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
a43df9539644bf1c258e12710cd69d79b0b078cd |
|
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement faux-body-synthesis of well-known functions in the static analyzer when their implementations are unavailable. Start by simulating dispatch_sync(). This change is largely a bunch of plumbing around something very simple. We use AnalysisDeclContext to conjure up a fake function body (using the current ASTContext) when one does not exist. This is controlled under the analyzer-config option "faux-bodies", which is off by default. The plumbing in this patch is largely to pass the necessary machinery around. CallEvent needs the AnalysisDeclContextManager to get the function definition, as one may get conjured up lazily. BugReporter and PathDiagnosticLocation needed to be relaxed to handle invalid locations, as the conjured body has no real source locations. We do some primitive recovery in diagnostic generation to generate some reasonable locations (for arrows and events), but it can be improved. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2 |
|
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not count calls to small functions when computing stack depth. We only want to count how many substantial functions we inlined. This is an improvement to r163558. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163571 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
57330eed3fbe530cb05996e4a346cc5fc217c0d9 |
|
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to enable/disable objc inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163562 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
7229d0011766c174beffe6a846d78f448f845b39 |
|
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add ipa-always-inline-size option (with 3 as the default). The option allows to always inline very small functions, whose size (in number of basic blocks) is set using -analyzer-config ipa-always-inline-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163558 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
81fb50e8b120fc95dc0245b4112972d4d7cca3b5 |
|
10-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline C++ standard library functions. This is a (heavy-handed) solution to PR13724 -- until we know we can do a good job inlining the STL, it's best to be consistent and not generate more false positives than we did before. We can selectively whitelist certain parts of the 'std' namespace that are known to be safe. This is controlled by analyzer config option 'c++-stdlib-inlining', which can be set to "true" or "false". This commit also adds control for whether or not to inline any templated functions (member or non-member), under the config option 'c++-template-inlining'. This option is currently on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163548 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
9eb214a691663a04ee61197e7d605128c85e09f7 |
|
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Silence unused variable warnings in NDEBUG builds. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163073 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
de5277fc555551857602bd7a7e5e616274e2d4a6 |
|
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Though C++ inlining is enabled, don't inline ctors and dtors. More generally, this adds a new configuration option 'c++-inlining', which controls which C++ member functions can be considered for inlining. This uses the new -analyzer-config table, so the cc1 arguments will look like this: ... -analyzer-config c++-inlining=[none|methods|constructors|destructors] Note that each mode implies that all the previous member function kinds will be inlined as well; it doesn't make sense to inline destructors without inlining constructors, for example. The default mode is 'methods'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163004 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
fbcb3f11fc90e9f00e6074e9b118b8dc11ca604c |
|
31-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor the logic that determines if a functions should be reanalyzed. The policy on what to reanalyze should be in AnalysisConsumer with the rest of visitation order logic. There is no reason why ExprEngine needs to pass the Visited set to CoreEngine, it can populate it itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162957 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
255d4d4226b24036ceb11228fbb74286e58620f7 |
|
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Store const& to AnalyzerOptions in AnalysisManager instead of copying individual flags. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162929 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
632e5022f68fcae3b68bbc90538a60f3ba20229f |
|
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When we look for the last stmt in a function, skip implicit dtors. When exiting a function, the analyzer looks for the last statement in the function to see if it's a return statement (and thus bind the return value). However, the search for "the last statement" was accepting statements that were in implicitly-generated inlined functions (i.e. destructors). So we'd go and get the statement from the destructor, and then say "oh look, this function had no explicit return...guess there's no return value". And /that/ led to the value being returned being declared dead, and all our leak checkers complaining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162791 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
65e209ad795aeb3908760a45b1cbda0748cc0658 |
|
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't purge dead symbols at the end of calls if -analyzer-purge=none. No test case since this is a debug option that we will never turn on by default since it makes the leak checkers much less useful. (We'll only report leaks at the end of analysis if -analyzer-purge=none.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162772 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
6fe4dfbc9e5a7018763b1d898876d9b2b8ec3425 |
|
27-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline constructors for objects allocated with operator new. Because the CXXNewExpr appears after the CXXConstructExpr in the CFG, we don't actually have the correct region to construct into at the time we decide whether or not to inline. The long-term fix (discussed in PR12014) might be to introduce a new CFG node (CFGAllocator) that appears before the constructor. Tracking the short-term fix in <rdar://problem/12180598>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162689 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
210f5a28227c90d739298e3e6729e827858fe397 |
|
27-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] More internal stats collection. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162687 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
c210cb7a358d14cdd93b58562f33ff5ed2d895c1 |
|
27-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Inline constructors for any object with a trivial destructor. This allows us to better reason about status objects, like Clang's own llvm::Optional (when its contents are trivially destructible), which are often intended to be passed around by value. We still don't inline constructors for temporaries in the general case. <rdar://problem/11986434> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162681 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
66c486f275531df6362b3511fc3af6563561801b |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'currentX' to 'currX' throughout analyzer and libAnalysis. Also rename 'getCurrentBlockCounter()' to 'blockCount()'. This ripples a bunch of code simplifications; mostly aesthetic, but makes the code a bit tighter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995 |
|
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Rename 'getConjuredSymbol*' to 'conjureSymbol*'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
12e2fb0db76ca2705ce5169e04d9cd52762fc685 |
|
22-Aug-2012 |
Matt Beaumont-Gay <matthewbg@google.com> |
Add an llvm_unreachable to pacify GCC's -Wreturn-type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162325 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
c568e2f801a62e442cbbd823b71f70175715661f |
|
21-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Set the default IPA mode to 'basic-inlining', which excludes C++. Under -analyzer-ipa=basic-inlining, only C functions, blocks, and C++ static member functions are inlined -- essentially, the calls that behave like simple C function calls. This is essentially the behavior in Xcode 4.4. C++ support still has some rough edges, and we don't want users to be worried about them if they download and run their own checker. (In particular, the massive number of false positives for analyzing LLVM comes from inlining defensively-written code in contexts where more aggressive assumptions are implicitly made. This problem is not unique to C++, but it is exacerbated by the higher proportion of code that lives in header files in C++.) The eventual goal is to be comfortable enough with C++ support (and simple Objective-C support) to advance to -analyzer-ipa=inlining as the default behavior. See the IPA design notes for more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162318 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
da29ac527063fc9714547088bf841bfa30557bf0 |
|
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Even if we are not inlining a virtual call, still invalidate! Fixes a mistake introduced in r161916. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161987 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
4e79fdfe22db1c982e8fdf8397fee426a8c57821 |
|
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Correctly devirtualize virtual method calls in constructors. This is the other half of C++11 [class.cdtor]p4 (the destructor side was added in r161915). This also fixes an issue with post-call checks where the 'this' value was already being cleaned out of the state, thus being omitted from a reconstructed CXXConstructorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161981 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
b763ede873c23c8651bd18eba0c62e929b496ba5 |
|
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline dynamic-dispatch methods unless -analyzer-ipa=dynamic. Previously we were checking -analyzer-ipa=dynamic-bifurcate only, and unconditionally inlining everything else that had an available definition, even under -analyzer-ipa=inlining (but not under -analyzer-ipa=none). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161916 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
645baeed6800f952e9ad1d5666e01080385531a2 |
|
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall. While there is now some duplication between SimpleCall and the CXXInstanceCall sub-hierarchy, this is much better than copy-and-pasting the devirtualization logic shared by both instance methods and destructors. An unfortunate side effect is that there is no longer a single CallEvent type that corresponds to "calls written as CallExprs". For the most part this is a good thing, but the checker callback eval::Call still takes a CallExpr rather than a CallEvent (since we're not sure if we want to allow checkers to evaluate other kinds of calls). A mistake here will be caught by a cast<> in CheckerManager::runCheckersForEvalCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161809 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
6960f6e53b0d9a69a460c99ec199470271ff9603 |
|
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Clarify the values in Dyn. Dispatch Bifurcation map. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161616 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
5960f4aeac9760198c80e05d70d8dadb1db0ff0e |
|
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improve readability of the dyn. dispatch bifurcation patch r161552. As per Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161603 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
fc05decf08feefd2ffe8cc250219aee6eab3119c |
|
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
Unbreak the build. Declaring "const Decl *Decl" is not a good idea. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161567 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e90d3f847dcce76237078b67db8895eb7a24189e |
|
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bifurcate the path with dynamic dispatch. This is an initial (unoptimized) version. We split the path when inlining ObjC instance methods. On one branch we always assume that the type information for the given memory region is precise. On the other we assume that we don't have the exact type info. It is important to check since the class could be subclassed and the method can be overridden. If we always inline we can loose coverage. Had to refactor some of the call eval functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
2f9c40a915593849f6b0f5c4de516e2f597d0d66 |
|
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Control C++ inlining with a macro in ExprEngineCallAndReturn.cpp. For now this will stay on, but this way it's easy to switch off if we need to pull back our support for a while. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161064 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ef15831780b705475e7b237ac16418e9b53cb7a6 |
|
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Let CallEvent decide what goes in an inital stack frame. This removes explicit checks for 'this' and 'self' from Store::enterStackFrame. It also removes getCXXThisRegion() as a virtual method on all CallEvents; it's now only implemented in the parts of the hierarchy where it is relevant. Finally, it removes the option to ask for the ParmVarDecls attached to the definition of an inlined function, saving a recomputation of the result of getRuntimeDefinition(). No visible functionality change! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161017 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
57c033621dacd8720ac9ff65a09025f14f70e22f |
|
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Perform post-call checks for all inlined calls. Previously, we were only checking the origin expressions of inlined calls. Checkers using the generic postCall and older postObjCMessage callbacks were ignored. Now that we have CallEventManager, it is much easier to create a CallEvent generically when exiting an inlined function, which we can then use for post-call checks. No test case because we don't (yet) have any checkers that depend on this behavior (which is why it hadn't been fixed before now). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161005 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e13056a8bb532ddfdc07952a13169aa422bacd3b |
|
30-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-ipa=dynamic option for inlining dynamically dispatched methods. Disabled by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160988 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
d563d3fb73879df7147b8a5302c3bf0e1402ba18 |
|
30-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Only allow CallEvents to be created by CallEventManager. This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
979f098cfa808cc9236b39658cc3757a39dfa459 |
|
27-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use a stack-based local AGAIN to fix the build for real. It's a good thing CallEvents aren't created all over the place yet. I checked all the uses this time and the private copy constructor /really/ shouldn't cause any more problems. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160845 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e460c46c5d602f65354cab0879c458890273591c |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash on array constructors and destructors. This workaround is fairly lame: we simulate the first element's constructor and destructor and rely on the region invalidation to "initialize" the rest of the elements. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160809 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C++ member initializers and destructors. This uses CFG to tell if a constructor call is for a member, and uses the member's region appropriately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
888c90ac0ef6baf7d47e86cf5cc4715707d223b1 |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle base class initializers and destructors. Most of the logic here is fairly simple; the interesting thing is that we now distinguish complete constructors from base or delegate constructors. We also make sure to cast to the base class before evaluating a constructor or destructor, since non-virtual base classes may behave differently. This includes some refactoring of VisitCXXConstructExpr and VisitCXXDestructor in order to keep ExprEngine.cpp as clean as possible (leaving the details for ExprEngineCXX.cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160806 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
183ba8e19d49ab1ae25d3cdd0a19591369c5ab9f |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Show paths for destructor calls. This modifies BugReporter and friends to handle CallEnter and CallExitEnd program points that came from implicit call CFG nodes (read: destructors). This required some extra handling for nested implicit calls. For example, the added multiple-inheritance test case has a call graph that looks like this: testMultipleInheritance3 ~MultipleInheritance ~SmartPointer ~Subclass ~SmartPointer ***bug here*** In this case we correctly notice that we started in an inlined function when we reach the CallEnter program point for the second ~SmartPointer. However, when we reach the next CallEnter (for ~Subclass), we were accidentally re-using the inner ~SmartPointer call in the diagnostics. Rather than guess if we saw the corresponding CallExitEnd based on the contents of the active path, we now just ask the PathDiagnostic if there's any known stack before popping off the top path. (A similar issue could have occured without multiple inheritance, but there wasn't a test case for it.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160804 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
da5fc53d6b024872c4c1d2c8c5da11e08bf116aa |
|
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Inline ctors + dtors when the CFG is built for them. At the very least this means initializer nodes for constructors and automatic object destructors are present in the CFG. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160803 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
9dc5167e4017ef4c8b327abb6f72225eec2e0f19 |
|
26-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Inline ObjC class methods. - Some cleanup(the TODOs) will be done after ObjC method inlining is complete. - Simplified CallEvent::getDefinition not to require ISDynamicDispatch parameter. - Also addressed Jordan's comments from r160530. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160768 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e81ce256b62717dd846bd19aecc4115a0dcd4995 |
|
20-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor VisitObjCMessage and VisitCallExpr to rely on the same implementation for call evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160530 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8919e688dc610d1f632a4d43f7f1489f67255476 |
|
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall. As pointed out by Anna, we only differentiate between explicit message sends This also adds support for ObjCSubscriptExprs, which are basically the same as properties in many ways. We were already checking these, but not emitting nice messages for them. This depends on the llvm::PointerIntPair change in r160456. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
c36b30c92c78b95fd29fb5d9d6214d737b3bcb02 |
|
12-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline virtual calls unless we can devirtualize properly. Previously we were using the static type of the base object to inline methods, whether virtual or non-virtual. Now, we try to see if the base object has a known type, and if so ask for its implementation of the method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160094 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
48b6247804eacc262cc5508e0fbb74ed819fbb6e |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Construct stack variables directly in their VarDecl. Also contains a number of tweaks to inlining that are necessary for constructors and destructors. (I have this enabled on a private branch, but it is very much unstable.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160023 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
852aa0d2c5d2d1faf2d77b5aa3c0848068a342c5 |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPoints These ProgramPoints are used in inlining calls, and not all calls have associated statements anymore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8d276d38c258dfc572586daf6c0e8f8fce249c0e |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a CXXDestructorCall CallEvent. While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160020 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
28038f33aa2db4833881fea757a1f0daf85ac02b |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints. These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ee158bc29bc12ce544996f7cdfde14aba63acf4d |
|
09-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When inlining, make sure we use the definition decl. This was a regression introduced during the CallEvent changes; a call to FunctionDecl::hasBody was also being used to replace the decl found by lookup with the actual definition. To keep from making this mistake again (particularly if/when we start inlining Objective-C methods), this commit adds a "getDefinition()" method to CallEvent, which should do the right thing under any circumstances. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
fdaa33818cf9bad8d092136e73bd2e489cb821ba |
|
04-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline non-static member overloaded operators. Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
70cbf3cc09eb21db1108396d30a414ea66d842cc |
|
03-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation. This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
d4aeb8050a1d0fe47c53a73361c8b0b8ac310f46 |
|
02-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Bail out the LiveVariables analysis when the CFG is very large, as we are encountering some scalability issues with memory usage. The appropriate long term fix is to make the analysis more scalable, but this will at least prevent the analyzer swapping when analyzing very large functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159578 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
96479da6ad9d921d875e7be29fe1bfa127be8069 |
|
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add generic preCall and postCall checks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159562 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
69f87c956b3ac2b80124fd9604af012e1061473a |
|
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for inlining and call default-evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159560 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
740d490593e0de8732a697c9f77b90ddd463863b |
|
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2 |
|
23-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
144e52be486a3906aec90c51b0ac94a30313152e |
|
02-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix lack of coverage after empty inlined function. We should not stop exploring the path after we return from an empty function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157859 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
7fa9b4f258636d89342eda28f21a986c8ac353b1 |
|
01-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
591b5f53c0e11d87401b4804bb1be1a53f95c619 |
|
19-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] For locations, use isGLValue() instead of isLValue(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157088 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
aca0ac58d2ae80d764e3832456667d7322445e0c |
|
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers escape through calls containing callback args. (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
0b3ade86a1c60cf0c7b56aa238aff458eb7f5974 |
|
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead bindings right before leaving a function. This is needed to ensure that we always report issues in the correct function. For example, leaks are identified when we call remove dead bindings. In order to make sure we report a callee's leak in the callee, we have to run the operation in the callee's context. This change required quite a bit of infrastructure work since: - We used to only run remove dead bindings before a given statement; here we need to run it after the last statement in the function. For this, we added additional Program Point and special mode in the SymbolReaper to remove all symbols in context lower than the current one. - The call exit operation turned into a sequence of nodes, which are now guarded by CallExitBegin and CallExitEnd nodes for clarity and convenience. (Sorry for the long diff.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
01561d1039bfdda61edd20eed939011a8632c7c7 |
|
17-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Change ExprEngine::shouldInlineDecl() to be defensive in checking if the CFG of the callee is valid. Fixes <rdar://problem/11257631>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154896 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e62f048960645b79363408fdead53fec2a063c52 |
|
03-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Record the basic blocks covered by the analyzes run. Store this info inside the function summary generated for all analyzed functions. This is useful for coverage stats and can be helpful for analyzer state space search strategies. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
d9b795524eb3dc035523f82f135d0a8adf15cd72 |
|
02-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix potential null dereference in the static analyzer when inlining a call that has already been inlined. Unfortunately I have no test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153900 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
4a5f724538cbc275370c9504e8169ce92503256c |
|
01-Apr-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Analyzer: Store BugReports directly in a ilist instead of adding another layer of inderection with std::list git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153847 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
62a5c34ddc54696725683f6c5af1c8e1592c5c38 |
|
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert. Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
3bbd8cd831788c506f2980293eb3c7e1b3ca2501 |
|
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not inline functions which previously reached max block count. This is an optimization for "retry without inlining" option. Here, if we failed to inline a function due to reaching the basic block max count, we are going to store this information and not try to inline it again in the translation unit. This can be viewed as a function summary. On sqlite, with this optimization, we are 30% faster then before and cover 10% more basic blocks (partially because the number of times we reach timeout is decreased by 20%). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153730 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
5903a373db3d27794c90b25687e0dd6adb0e497d |
|
27-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to re-analyze a dead-end path without inlining. The analyzer gives up path exploration under certain conditions. For example, when the same basic block has been visited more than 4 times. With inlining turned on, this could lead to decrease in code coverage. Specifically, if we give up inside the inlined function, the rest of parent's basic blocks will not get analyzed. This commit introduces an option to enable re-run along the failed path, in which we do not inline the last inlined call site. This is done by enqueueing the node before the processing of the inlined call site with a special policy encoded in the state. The policy tells us not to inline the call site along the path. This lead to ~10% increase in the number of paths analyzed. Even though we expected a much greater coverage improvement. The option is turned off by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
514f2c9dcb9e04b52929c5b141a6fe88bd68b33f |
|
23-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
6cc0969ab37c614d6cf496f2ed6d2fca397a0133 |
|
13-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyser] Refactor shouldInline logic into a helper. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8235f9c9c8b3d1737d1c6bd57f7ba3f616b92392 |
|
02-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bound the size of the functions being inlined + provide command line options for inlining tuning. This adds the option for stack depth bound as well as function size bound. + minor doxygenification git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
b2c60b04a597cc5ba4154837cf8e0a155a376fd7 |
|
01-Mar-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Move llvm/ADT/SaveAndRestore.h -> llvm/Support/SaveAndRestore.h. Needs llvm update. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151829 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ca23eb212c78ac5bc62d0881635579dbe7095639 |
|
29-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: A pointer might escape through CFContainers APIs, funopen, setvbuf. Teach the checker and the engine about these APIs to resolve malloc false positives. As I am adding more of these APIs, it is clear that all this should be factored out into a separate callback (for example, region escapes). Malloc, KeyChainAPI and RetainRelease checkers could all use it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
07d39a479cf8f20294407e749f9933da34ebecb7 |
|
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix Malloc False Positive (PR 12100) When allocated buffer is passed to CF/NS..NoCopy functions, the ownership is transfered unless the deallocator argument is set to 'kCFAllocatorNull'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151608 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
d45d361f2ce5c37824052357e2218e8a5509eba5 |
|
27-Feb-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h" to make it more widely available. Depends on llvm commit r151564 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151566 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e55b03a6e44b99c1cd77b8ea5e4d836c28948904 |
|
24-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] We were silently stopping exploring the path after visiting 'return;' statement! This most likely caused us to skip a bunch of code when analyzing with inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151368 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
0d389b819c33bdf0375694a8f141c8f02e002b18 |
|
23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Invalidate the region passed to pthread_setspecific() call. Make this call an exception in ExprEngine::invalidateArguments: 'int pthread_setspecific(ptheread_key k, const void *)' stores a value into thread local storage. The value can later be retrieved with 'void *ptheread_getspecific(pthread_key)'. So even thought the parameter is 'const void *', the region escapes through the call. (Here we just blacklist the call in the ExprEngine's default logic. Another option would be to add a checker which evaluates the call and triggers the call to invalidate regions.) Teach the Malloc Checker, which treats all system calls as safe about the API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
3133f79cf451e6302dd05262b4bb53a3e4fd6300 |
|
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
10520d76044e8fff71d414f30c21b449fd104960 |
|
09-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Proactively avoid inlining vararg functions and blocks until we properly support them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150207 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
8bef8238181a30e52dea380789a7e2d760eac532 |
|
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
0849ade4bb3e90c2fc0ce01ccd330f76f91da732 |
|
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
256ef642f8feef22fd53be7efa868e8e34752eed |
|
11-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls. My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders and re-evaluating how C++ calls are handled in the CFG. The hope is to turn inlining "on-by-default" as soon as possible with a core set of things working well, and then expand over time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147904 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
3070e13dca5bbefa32acb80ce4a7b217a6220983 |
|
07-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove CallEnterNodeBuilder and simplify ExprEngine::processCallEnter(). This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147705 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
242384ddb0e0b65dd7e9e0ac0cf3c31cf98b06a6 |
|
07-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Correctly enqueue successors in ExprEngine::processCallExit(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147698 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
894212e9510299abb203801e014fec76b7926a05 |
|
07-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Remove CallExitNodeBuilder, and have ExprEngine::processCallExit() do the work manually. This is a nice simplification. Along the way, fix Exprengine::processCallExit() to also perform the postStmt callback for checkers for CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147697 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
5eca482fe895ea57bc82410222e6426c09e63284 |
|
06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 |
|
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
2cbe791d3e9b26f30196c4852da75d9ad67b4ad9 |
|
20-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not invalidate arguments when the parameter's type is a pointer to const. (radar://10595327) The regions corresponding to the pointer and reference arguments to a function get invalidated by the calls since a function call can possibly modify the pointed to data. With this change, we are not going to invalidate the data if the argument is a pointer to const. This change makes the analyzer more optimistic in reporting errors. (Support for C, C++ and Obj C) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147002 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
2e9264a17bacc7dc228d5f93caaeb98dfb23d508 |
|
25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove unused headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142945 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
aa0aeb1cbe117db68d35700cb3a34aace0f99b99 |
|
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Node builders cleanup + comments Renamed PureNodeBuilder->StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
056c4b46335a3bd2612414735d5749ee159c0165 |
|
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Completely remove the global Builder object. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142847 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14 |
|
24-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Convert ExprEngine::visit() to use short lived builders. This commit removes the major functional dependency on the ExprEngine::Builder member variable. In some cases the code became more verbose. Particularly, we call takeNodes() and addNodes() to move responsibility for the nodes from one builder to another. This will get simplified later on. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142831 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
fe27971d54d26997149d6b84057f04ff398d1d5d |
|
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Eliminate almost all uses of TransferFuncs from ExprEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138719 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
e38dd95dddb8f1b38469c8d0e28aa1c660489324 |
|
28-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Migrate argument invalidation from CFRefCount to ExprEngine. This is a common path for function and C++ method calls, Objective-C messages and property accesses, and C++ construct-exprs. As support, add message receiver accessors to ObjCMessage and CallOrObjCMessage. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138718 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
500abad7edfcc2409b18dd616cdbc28a094926f5 |
|
21-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138220 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|
294fd0a62b95f512637910bf85c7efa6c2354b50 |
|
20-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Start partitioning ExprEngine.cpp into separate .cpp files that handle different parts of the analysis (e.g., analysis of C expressions, analysis of Objective-C expressions, and so on). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138194 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
|