| 33337ca4d89605025818daf83390ab4271d598d9 |
06-May-2015 |
Pirama Arumuga Nainar <pirama@google.com> |
Update aosp/master clang for rebase to r235153
Change-Id: Ia94bbcb6da7c75b6e7c2afedd1001094d62a7324
alloc+MismatchedDeallocator_intersections.cpp
ewDelete-checker-test.cpp
ewDelete-intersections.mm
alloc.c
roperties.m
etain-release-path-notes.m
|
| 3ea9e33ea25e0c2b12db56418ba3f994eb662c04 |
08-Apr-2015 |
Pirama Arumuga Nainar <pirama@google.com> |
Update aosp/master clang for rebase to r233350
Change-Id: I12d4823f10bc9e445b8b86e7721b71f98d1df442
ree.c
tml-diags.c
nlining/path-notes.cpp
alloc-annotations.c
alloc.c
utofbound.c
roperties.m
ecurity-syntax-checks.m
ndef-buffers.c
|
| 0e2c34f92f00628d48968dfea096d36381f494cb |
23-Mar-2015 |
Stephen Hines <srhines@google.com> |
Update aosp/master clang for rebase to r230699.
Change-Id: I6a546ab3d4ae37119eebb735e102cca4f80ab520
ismatchedDeallocator-checker-test.mm
ismatchedDeallocator-path-notes.cpp
ewDelete-checker-test.cpp
ewDelete-intersections.mm
ewDelete-path-notes.cpp
rray-struct.c
onditional-path-notes.c
rash-trace.c
xx-for-range.cpp
ebug-CallGraph.c
iagnostics/deref-track-symbolic-region.c
iagnostics/report-issues-within-main-file.cpp
iagnostics/undef-value-caller.c
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
tor.cpp
dges-new.mm
ree.c
nline-plist.c
nline-unique-reports.c
nlining/eager-reclamation-path-notes.c
nlining/eager-reclamation-path-notes.cpp
nlining/path-notes.c
nlining/path-notes.cpp
nlining/path-notes.m
alloc-plist.c
ethod-call-path-notes.cpp
odel-file.cpp
ull-deref-path-notes.m
bjc-arc.m
bjc-radar17039661.m
list-macros.cpp
list-output-alternate.m
list-output.m
roperties.m
edefined_system.c
etain-release-path-notes-gc.m
etain-release-path-notes.m
tack-addr-ps.c
nix-fns.c
|
| 176edba5311f6eff0cad2631449885ddf4fbc9ea |
01-Dec-2014 |
Stephen Hines <srhines@google.com> |
Update aosp/master Clang for rebase to r222490.
Change-Id: Ic557ac55e97fbf6ee08771c7b7c3594777b0aefd
nputs/Models/modeledFunction.model
nputs/Models/notzero.model
nputs/system-header-simulator-for-pthread-lock.h
alloc+MismatchedDeallocator+NewDelete.cpp
alloc+NewDelete_intersections.cpp
SContainers.m
ewDelete+MismatchedDeallocator_intersections.cpp
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
ewDelete-variadic.cpp
ewDeleteLeaks-PR18394.cpp
ewDeleteLeaks-PR19102.cpp
string.c
uiltin-functions.cpp
fg.cpp
ead-stores.c
isable-all-checks.c
xercise-ps.c
dentical-expressions.cpp
ogical-ops.c
alloc-protoype.c
alloc-sizeof.cpp
isc-ps.m
odel-file.cpp
onnull.m
bjc-boxing.m
threadlock.c
emp-obj-dtors-cfg-output.cpp
emporaries.cpp
nix-api.c
irtualcall.cpp
la.c
|
| c568f1e98938584c0ef0b12ae5018ff7d90a4072 |
21-Jul-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for rebase to r212749.
This also fixes a small issue with arm_neon.h not being generated always.
Includes a cherry-pick of:
r213450 - fixes mac-specific header issue
r213126 - removes a default -Bsymbolic on Android
Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d
iagnostics/undef-value-param.m
nlining/containers.cpp
nlining/path-notes.cpp
isc-ps-region-store.cpp
bjc-radar17039661.m
eference.cpp
etain-release-cache-out.m
etain-release.m
tack-addr-ps.cpp
est-after-div-zero.c
|
| 6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 |
29-May-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for 3.5 rebase (r209713).
Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
SContainers.m
all-invalidation.cpp
tor.mm
tor.cpp
ember-expr.cpp
isc-ps-region-store.m
emp-obj-dtors-cfg-output.cpp
emporaries.cpp
|
| 651f13cea278ec967336033dd032faef0e9fc2ec |
24-Apr-2014 |
Stephen Hines <srhines@google.com> |
Updated to Clang 3.5a.
Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
nputs/system-header-simulator-cxx.h
nputs/system-header-simulator-objc.h
SContainers.m
ewDelete-checker-test.cpp
ewDelete-variadic.cpp
ewDeleteLeaks-PR18394.cpp
oReturn.m
R9741.cpp
nalyzer-stats.c
uto-obj-dtors-cfg-output.cpp
itwise-ops.c
asts.c
asts.cpp
fg.cpp
hecker-plugins.c
ead-stores.c
ead-stores.m
efault-analyze.m
tor-cxx11.cpp
tor.cpp
ynamic-cast.cpp
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
dentical-expressions.cpp
nline.cpp
nlining/dyn-dispatch-bifurcate.cpp
nlining/path-notes.cpp
nlining/stl.cpp
malloc-linux.c
alloc-three-arg.c
alloc.c
alloc.m
ethod-arg-decay.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps.m
ew.cpp
o-outofbounds.c
onnull.m
ull-deref-ps.c
bjc-arc.m
bjc-boxing.m
bjc-for.m
bjc-properties.m
bjc-string.mm
bjc/direct-ivar-assignment-in-annotated-functions.m
roperties.m
roperties.mm
threadlock.c
tr-arith.c
egion-1.m
etain-release.m
tackaddrleak.c
uperclass.m
emp-obj-dtors-cfg-output.cpp
emporaries.cpp
ninit-const.c
ninit-const.cpp
ninit-vals-ps-region.m
eak-functions.c
|
| 6df32e24975ab457fa4b428326076436e48dad06 |
09-Dec-2013 |
Bill Wendling <isanbard@gmail.com> |
Merging r196599:
------------------------------------------------------------------------
r196599 | zaks | 2013-12-06 11:28:16 -0800 (Fri, 06 Dec 2013) | 5 lines
Fixup to r196593.
This is another regression fixed by reverting r189090.
In this case, the problem is not live variables but the approach that was taken in r189090. This regression was caused by explicitly binding "true" to the condition when we take the true branch. Normally that's okay, but in this case we're planning to reuse that condition as the value of the expression.
------------------------------------------------------------------------
git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@196796 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| dd9e9cec6f863afa15dd91b34fbf15c66c678c02 |
09-Dec-2013 |
Bill Wendling <isanbard@gmail.com> |
Merging r196593:
------------------------------------------------------------------------
r196593 | zaks | 2013-12-06 10:56:29 -0800 (Fri, 06 Dec 2013) | 7 lines
Revert "[analyzer] Refactor conditional expression evaluating code"
This reverts commit r189090.
The original patch introduced regressions (see the added live-variables.* tests). The patch depends on the correctness of live variable analyses, which are not computed correctly. I've opened PR18159 to track the proper resolution to this problem.
The patch was a stepping block to r189746. This is why part of the patch reverts temporary destructor tests that started crashing. The temporary destructors feature is disabled by default.
------------------------------------------------------------------------
git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@196795 91177308-0d34-0410-b5e6-96231b3b80d8
ive-variables.cpp
ive-variables.m
emporaries.cpp
|
| 3eb52bb5d791630f926ff2226dae25012315ad9a |
20-Nov-2013 |
Bill Wendling <isanbard@gmail.com> |
Merging r195174:
------------------------------------------------------------------------
r195174 | zaks | 2013-11-19 16:11:42 -0800 (Tue, 19 Nov 2013) | 1 line
[analyzer] Fix an infinite recursion in region invalidation by adding block count to the BlockDataRegion.
------------------------------------------------------------------------
git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@195228 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| b7a747b0c271faeeb8d0f886f0e691eb25f637d9 |
17-Nov-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Better modeling of memcpy by the CStringChecker (PR16731).
New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like
char *f() {
void *x = malloc(47);
char *a;
memcpy(&a, &x, sizeof a);
return a;
}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator.h
alloc.c
|
| fda9dbf1f4d15baaedffdd4b4bb529e06172f73d |
15-Nov-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Silence warnings coming from allocators used by std::basic_string.
This is similar to r194004: because we can't reason about the data structure
invariants of std::basic_string, the analyzer decides it's possible for an
allocator to be used to deallocate the string's inline storage. Just ignore
this by walking up the stack, skipping past methods in classes with
"allocator" in the name, and seeing if we reach std::basic_string that way.
PR17866
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194764 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
nlining/stl.cpp
|
| 6973a27866b176b1cf4e3e3ebcf0196e101b85dd |
14-Nov-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat MSVC's _wassert as noreturn.
This makes sure the analyzer actually honors assert() in an MSVC project.
Patch by Anders Montonen!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194716 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| 9a7a568821b85cc83b80056268ef0dc32aecea12 |
08-Nov-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add IdenticalExprChecker, to find copy-pasted code.
This syntactic checker looks for expressions on both sides of comparison
operators that are structurally the same. As a special case, the
floating-point idiom "x != x" for "isnan(x)" is left alone.
Currently this only checks comparison operators, but in the future we could
extend this to include logical operators or chained if-conditionals.
Checker by Per Viberg!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194236 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
dentical-expressions.cpp
|
| 219103d76a10b35b5a1e8d2b6737cf724a7cfee7 |
08-Nov-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track whether an ObjC for-in loop had zero iterations.
An Objective-C for-in loop will have zero iterations if the collection is
empty. Previously, we could only detect this case if the program asked for
the collection's -count /before/ the for-in loop. Now, the analyzer
distinguishes for-in loops that had zero iterations from those with at
least one, and can use this information to constrain the result of calling
-count after the loop.
In order to make this actually useful, teach the checker that methods on
NSArray, NSDictionary, and the other immutable collection classes don't
change the count.
<rdar://problem/14992886>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194235 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-for.m
|
| 64cc0c37f78719f905029a9099445c214cb40ce3 |
08-Nov-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Specialize "loop executed 0 times" for for-in and for-range loops.
The path note that says "Loop body executed 0 times" has been changed to
"Loop body skipped when range is empty" for C++11 for-range loops, and to
"Loop body skipped when collection is empty" for Objective-C for-in loops.
Part of <rdar://problem/14992886>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194234 91177308-0d34-0410-b5e6-96231b3b80d8
xx-for-range.cpp
dges-new.mm
|
| 7638cf06ae8312e7f8407354b5aae2eba318fa84 |
05-Nov-2013 |
Alp Toker <alp@nuanti.com> |
Fix test that wasn't testing anything
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194069 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags-multifile.c
|
| 741c5411f491a12cd965c9f5ebdff742eddbdc79 |
04-Nov-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194005 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| bdc0bf3f84b8771572d8401c66903c56a2e1318e |
04-Nov-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Suppress warnings coming out of std::basic_string.
The analyzer cannot reason about the internal invariances of the data structure (radar://15194597).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194004 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
iagnostics/explicit-suppression.cpp
nlining/stl.cpp
|
| 2a648169f9ad854536814515cba1780fd02586d2 |
31-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash when a path goes through a 'delete' destructor call.
This was just left unimplemnted from r191381; the fix is to report this call
location as the location of the 'delete' expr.
PR17746
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193783 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| bb17ff90d9d9a3fac5388304840a3424c04bf2ee |
29-Oct-2013 |
Alp Toker <alp@nuanti.com> |
Switch %clang -cc1 tests to %clang_cc1
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193561 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator.cpp
|
| 8686d857c5461d56852154bafc05644890a0eee0 |
26-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't emit an "Assuming x is <OP> y" if it's not a comparison op.
We could certainly be more precise in many of our diagnostics, but before we
were printing "Assuming x is && y", which is just ridiculous.
<rdar://problem/15167979>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193455 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
onditional-path-notes.c
|
| 1dc31f5ead63d7197edf6f34a7821b93ea6698a1 |
23-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Generate a LazyCompoundVal when loading from a union-typed region.
This ensures that variables accessible through a union are invalidated when
the union value is passed to a function. We still don't fully handle union
values, but this should at least quiet some false positives.
PR16596
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193265 91177308-0d34-0410-b5e6-96231b3b80d8
nions.cpp
|
| 3f5b4de5a05c07a2af5b0e61e919ac0f803c78c9 |
23-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
CFG: Properly print delegating initializer CFG elements.
...rather than segfaulting.
Patch by Enrico P!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193208 91177308-0d34-0410-b5e6-96231b3b80d8
nitializers-cfg-output.cpp
|
| d661d50118716e9695af5a893a2df45e87a6b3c8 |
22-Oct-2013 |
Chandler Carruth <chandlerc@gmail.com> |
Revert r193073 and the attempt to fix it in r193170.
This patch wasn't reviewed, and isn't correctly preserving the behaviors
relied upon by QT. I don't have a direct example of fallout, but it
should go through the standard code review process. For example, it
should never have removed the QT test case that was added when fixing
those users.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193174 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| fb90266d8bb5a977de45d07e702277f4cb54d74e |
21-Oct-2013 |
Serge Pavlov <sepavloff@gmail.com> |
Fix to PR8880 (clang dies processing a for loop).
Due to statement expressions supported as GCC extension, it is possible
to put 'break' or 'continue' into a loop/switch statement but outside its
body, for example:
for ( ; ({ if (first) { first = 0; continue; } 0; }); )
Such usage must be diagnosed as an error, GCC rejects it. To recognize
this and similar patterns the flags BreakScope and ContinueScope are
temporarily turned off while parsing condition expression.
Differential Revision: http://llvm-reviews.chandlerc.com/D1762
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193073 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| d3d0dcfbf784c828c2f07384fd6a3401b0cd4e9e |
16-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't draw edges to C++11 in-class member initializers.
Since these aren't lexically in the constructor, drawing arrows would
be a horrible jump across the body of the class. We could still do
better here by skipping over unimportant initializers, but this at least
keeps everything within the body of the constructor.
<rdar://problem/14960554>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192818 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 391165f4b6e90918dd8b97d6970617591821a8d8 |
07-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCountChecker: add support for CFAutorelease.
<rdar://problems/13710586&13710643>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192113 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
etain-release.m
|
| d000b852022bcd4fc14029b48d2fa873f63e4032 |
03-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add new debug helper clang_analyzer_warnIfReached.
This will emit a warning if a call to clang_analyzer_warnIfReached is
executed, printing REACHABLE. This is a more explicit way to declare
expected reachability than using clang_analyzer_eval or triggering
a bug (divide-by-zero or null dereference), and unlike the former will
work the same in inlined functions and top-level functions. Like the
other debug helpers, it is part of the debug.ExprInspection checker.
Patch by Jared Grubb!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191909 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
isc-ps-region-store.cpp
|
| 7453624b98817f06d28ed2abe39c98805cfec623 |
02-Oct-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add missing return after function pointer null check.
Also add some tests that there is actually a message and that the bug is
actually a hard error. This actually behaved correctly before, because:
- addTransition() doesn't actually add a transition if the new state is null;
it assumes you want to propagate the predecessor forward and does nothing.
- generateSink() is called in order to emit a bug report.
- If at least one new node has been generated, the predecessor node is /not/
propagated forward.
But now it's spelled out explicitly.
Found by Richard Mazorodze, who's working on a patch that may require this.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191805 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
|
| 04fa7a33279808dc3e5117c41b5f84c40eeb7362 |
28-Sep-2013 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Per latest drafting, switch to implementing init-captures as if by declaring
and capturing a variable declaration, and complete the implementation of them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191605 91177308-0d34-0410-b5e6-96231b3b80d8
ambdas.cpp
|
| 9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f |
28-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make inlining decisions based on the callee being variadic.
...rather than trying to figure it out from the call site, and having
people complain that we guessed wrong and that a prototype-less call is
the same as a variadic call on their system. More importantly, fix a
crash when there's no decl at the call site (though we could have just
returned a default value).
<rdar://problem/15037033>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
|
| 14f9889b9b88f73a891688d7732bf01a127d9e7c |
27-Sep-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Replace -fobjc-default-synthesize-properties with disable-objc-default-synthesize-properties.
We want the modern behavior most of the time, so inverting the option simplifies
the driver and the tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191551 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-properties.m
bjc/direct-ivar-assignment-in-annotated-functions.m
bjc_invalidation.m
elf-init.m
|
| 81557223ba8d7ef8b0468a6e1dc8fc79f2de46f2 |
25-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle destructors for the argument to C++ 'delete'.
Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.
This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.
Patch by Karthik Bhat!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191381 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
ew.cpp
|
| d76cec5567cb5b04cb5cc48a477a0c71b910053c |
18-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't even try to convert floats to booleans for now.
We now have symbols with floating-point type to make sure that
(double)x == (double)x comes out true, but we still can't do much with
these. For now, don't even bother trying to create a floating-point zero
value; just give up on conversion to bool.
PR14634, C++ edition.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190953 91177308-0d34-0410-b5e6-96231b3b80d8
asts.cpp
|
| 73fa2525b4d8b9768dbc1e5a09976d6f9e568e23 |
17-Sep-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Stop tracking the objects with attribute cleanup in the RetainCountChecker.
This suppresses false positive leaks. We stop tracking a value if it is assigned to a variable declared with a cleanup attribute.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190835 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2440fb1f91557912f8c43cb72201170254ae09f4 |
16-Sep-2013 |
Amara Emerson <amara.emerson@arm.com> |
Add error checking to reject neon_vector_type attribute on targets without NEON.
Patch by Artyom Skrobov.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190801 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-arm.m
|
| 30845189af590de0af68ad9c7c47dd789ee28df2 |
16-Sep-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
New message for cases when ownership is taken:
"+method_name: cannot take ownership of memory allocated by 'new'."
instead of the old
"Memory allocated by 'new' should be deallocated by 'delete', not +method_name"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190800 91177308-0d34-0410-b5e6-96231b3b80d8
ismatchedDeallocator-checker-test.mm
|
| 8a1fdfc69cc6c2ccbfd57fc8ff643c589da9df9b |
12-Sep-2013 |
Richard Smith <richard-llvm@metafoo.co.uk> |
PR16054: Slight strengthening for -Wsometimes-uninitialized: if we use a
variable uninitialized every time we reach its (reachable) declaration, or
every time we call the surrounding function, promote the warning from
-Wmaybe-uninitialized to -Wsometimes-uninitialized.
This is still slightly weaker than desired: we should, in general, warn
if a use is uninitialized the first time it is evaluated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190623 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-sometimes.cpp
|
| d8dfae602d7b2e42b0eef6b1e7779c96833f83c1 |
11-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle zeroing constructors for fields of structs with empty bases.
RegionStore tries to protect against accidentally initializing the same
region twice, but it doesn't take subregions into account very well. If
the outer region being initialized is a struct with an empty base class,
the offset of the first field in the struct will be 0. When we initialize
the base class, we may invalidate the contents of the struct by providing
a default value of Unknown (or some new symbol). We then go to initialize
the member with a zeroing constructor, only to find that the region at
that offset in the struct already has a value. The best we can do here is
to invalidate that value and continue; neither the old default value nor
the new 0 is correct for the entire struct after the member constructor call.
The correct solution for this is to track region extents in the store.
<rdar://problem/14914316>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190530 91177308-0d34-0410-b5e6-96231b3b80d8
tor.mm
|
| a7be2f4c745120d6ee5adfd19ef259919bdc3f7f |
09-Sep-2013 |
Matt Beaumont-Gay <matthewbg@google.com> |
Fix a crash introduced in r189828.
The predicates in CXXRecordDecl which test various properties of special
members can't be called on incomplete decls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190353 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 1ae74842cd1be37a8d99d0865623ef16432d3b67 |
06-Sep-2013 |
Pavel Labath <labath@google.com> |
Avoid double edges when constructing CFGs
Summary:
If a noreturn destructor is executed while returning a value from a function,
the resulting CFG has had two edges to the exit block. This crashed the analyzer,
because it expects that blocks with no terminators have only one outgoing edge.
I added code to avoid creating the second edge in this case.
PS: The crashes did not manifest themselves always, as usually the
NoReturnFunctionChecker would stop program evaluation before the analyzer hit
the assertion, but in the case of lifetime extended temporaries, the checker
failed to do that (which is a separate bug in itself).
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1513
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190125 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
|
| e768c974a696388072effd617e87af3f8716a581 |
05-Sep-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Restructure a test file
Summary:
I've had a test failure here while experimenting and I've found that it's
impossible to find what is wrong with the previous structure of the file. So I
have grouped the expected output with the function that produces it, to make
searching for discrepancies more obvious.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1595
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190037 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 36d558d85653315edb389677e995ec9ccdbfbf3d |
03-Sep-2013 |
Jordan Rose <jordan_rose@apple.com> |
Add an implicit dtor CFG node just before C++ 'delete' expressions.
This paves the way for adding support for modeling the destructor of a
region before it is deleted. The statement "delete <expr>" now generates
this series of CFG elements:
1. <expr>
2. [B1.1]->~Foo() (Implicit destructor)
3. delete [B1.1]
Patch by Karthik Bhat!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189828 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
|
| 95ab9e306f4deefeabd89ea61987f4a8d67e0890 |
02-Sep-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Add very limited support for temporary destructors
This is an improved version of r186498. It enables ExprEngine to reason about
temporary object destructors. However, these destructor calls are never
inlined, since this feature is still broken. Still, this is sufficient to
properly handle noreturn temporary destructors.
Now, the analyzer correctly handles expressions like "a || A()", and executes the
destructor of "A" only on the paths where "a" evaluted to false.
Temporary destructor processing is still off by default and one has to
explicitly request it by setting cfg-temporary-dtors=true.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1259
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189746 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
emporaries.cpp
|
| bf3d71e85f7449161a414c2ec3410e60394bf38a |
30-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat the rvalue of a forward-declared struct as Unknown.
This will never happen in the analyzed code code, but can happen for checkers
that over-eagerly dereference pointers without checking that it's safe.
UnknownVal is a harmless enough value to get back.
Fixes an issue added in r189590, caught by our internal buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189688 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.cpp
|
| 66ea35d9f3d93cab3ca6d735c8eb19a5f701b86f |
30-Aug-2013 |
Pavel Labath <labath@google.com> |
Sema: avoid reuse of Exprs when synthesizing operator=
Summary:
Previously, Sema was reusing parts of the AST when synthesizing an assignment
operator, turning it into a AS-dag. This caused problems for the static
analyzer, which assumed an expression appears in the tree only once.
Here I make sure to always create a fresh Expr, when inserting something into
the AST, fixing PR16745 in the process.
Reviewers: doug.gregor
CC: cfe-commits, jordan_rose
Differential Revision: http://llvm-reviews.chandlerc.com/D1425
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189659 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| 3c114f704a882f6923d6107f22aab89ba3d0a6b5 |
29-Aug-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Fix handling of "empty" structs with base classes
Summary:
RegionStoreManager had an optimization which replaces references to empty
structs with UnknownVal. Unfortunately, this check didn't take into account
possible field members in base classes.
To address this, I changed this test to "is empty and has no base classes". I
don't consider it worth the trouble to go through base classes and check if all
of them are empty.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1547
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189590 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
|
| 3aa6f431897edf5fec32cbede8fcddbfb8fa16f7 |
28-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add support for testing the presence of weak functions.
When casting the address of a FunctionTextRegion to bool, or when adding
constraints to such an address, use a stand-in symbol to represent the
presence or absence of the function if the function is weakly linked.
This is groundwork for possible simple availability testing checks, and
can already catch mistakes involving inverted null checks for
weakly-linked functions.
Currently, the implementation reuses the "extent" symbols, originally created
for tracking the size of a malloc region. Since FunctionTextRegions cannot
be dereferenced, the extent symbol will never be used for anything else.
Still, this probably deserves a refactoring in the future.
This patch does not attempt to support testing the presence of weak
/variables/ (global variables), which would likely require much more of
a change and a generalization of "region structure metadata", like the
current "extents", vs. "region contents metadata", like CStringChecker's
"string length".
Patch by Richard <tarka.t.otter@googlemail.com>!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189492 91177308-0d34-0410-b5e6-96231b3b80d8
eak-functions.c
|
| f18bfd44c4fe4ab28c44eecb7aeed618bcf8f627 |
28-Aug-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Assume new returns non-null even under -fno-exceptions
Summary:
-fno-exceptions does not implicitly attach a nothrow specifier to every operator
new. Even in this mode, non-nothrow new must not return a null pointer. Failure
to allocate memory can be signalled by other means, or just by killing the
program. This behaviour is consistent with the compiler - even with
-fno-exceptions, the generated code never tests for null (and would segfault if
the opeator actually happened to return null).
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1528
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189452 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-path-notes.cpp
ew-with-exceptions.cpp
|
| 2450b82b7d110ac1a11ffde3be90b8255767381d |
27-Aug-2013 |
Roman Divacky <rdivacky@freebsd.org> |
Make the information about disabled ARCMT/Rewriter/StaticAnalyzer available
to lit and use this info to disable Analysis/FixIt/Rewriter/Analysis tests
when those are not compiled into clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189395 91177308-0d34-0410-b5e6-96231b3b80d8
it.local.cfg
|
| 6a556a42d48cc098fb8dcb5d4ecdd0e03e32c0ec |
23-Aug-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Refactor conditional expression evaluating code
Summary:
Instead of digging through the ExplodedGraph, to figure out which edge brought
us here, I compute the value of conditional expression by looking at the
sub-expression values.
To do this, I needed to change the liveness algorithm a bit -- now, the full
conditional expression also depends on all atomic sub-expressions, not only the
outermost ones.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1340
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189090 91177308-0d34-0410-b5e6-96231b3b80d8
ogical-ops.c
|
| 13fca0e165fd9e05bfe7a94005081d09c4025d95 |
19-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a triple to test/Analysis/cfg.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188683 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
|
| 51718e3555404192040a5fad715367bc4cef22fb |
19-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't run unreachable code checker on inlined functions.
This is still an alpha checker, but we use it in certain tests to make sure
something is not being executed.
This should fix the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188682 91177308-0d34-0410-b5e6-96231b3b80d8
nreachable-code-path.c
|
| a728e927c6e58f26b2c8615a8baa761d2f157e4b |
19-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Assume that strings are no longer than SIZE_MAX/4.
This keeps the analyzer from making silly assumptions, like thinking
strlen(foo)+1 could wrap around to 0. This fixes PR16558.
Patch by Karthik Bhat!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188680 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
tring.c
|
| 7d0dcd2de023e2667a3f1f14daff9d087fab9bf7 |
19-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
Omit arguments of __builtin_object_size from the CFG.
This builtin does not actually evaluate its arguments for side effects,
so we shouldn't include them in the CFG. In the analyzer, rely on the
constant expression evaluator to get the proper semantics, at least for
now. (In the future, we could get ambitious and try to provide path-
sensitive size values.)
In theory, this does pose a problem for liveness analysis: a variable can
be used within the __builtin_object_size argument expression but not show
up as live. However, it is very unlikely that such a value would be used
to compute the object size and not used to access the object in some way.
<rdar://problem/14760817>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188679 91177308-0d34-0410-b5e6-96231b3b80d8
uiltin-functions.cpp
fg.cpp
|
| 5fba5a789a238c29ef811a39a39be722443ec1b1 |
16-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Merge TextPathDiagnostics and ClangDiagPathDiagConsumer.
This once again restores notes to following their associated warnings
in -analyzer-output=text mode. (This is still only intended for use as a
debugging aid.)
One twist is that the warning locations in "regular" analysis output modes
(plist, multi-file-plist, html, and plist-html) are reported at a different
location on the command line than in the output file, since the command
line has no path context. This commit makes -analyzer-output=text behave
like a normal output format, which means that the *command line output
will be different* in -analyzer-text mode. Again, since -analyzer-text is
a debugging aid and lo-fi stand-in for a regular output mode, this change
makes sense.
Along the way, remove a few pieces of stale code related to the path
diagnostic consumers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188514 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/text-diagnostics.c
etain-release-path-notes-gc.m
etain-release-path-notes.m
|
| 68502e52938f84b97267b51e86d4a90a11552512 |
15-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If realloc fails on an escaped region, that region doesn't leak.
When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.
Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.
PR16730
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188468 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 931a4feb64f18190d189c222d61b2abf52f18ab8 |
12-Aug-2013 |
Tim Northover <tnorthover@apple.com> |
Fix FileCheck --check-prefix lines.
Various tests had sprung up over the years which had --check-prefix=ABC on the
RUN line, but "CHECK-ABC:" later on. This happened to work before, but was
strictly incorrect. FileCheck is getting stricter soon though.
Patch by Ron Ofir.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188174 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 6ebe9df900b79fd56a4db03b4f8aa6a180307a9d |
09-Aug-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Enable usage of temporaries in InitListExprs
Summary:
ExprEngine had code which specificaly disabled using CXXTempObjectRegions in
InitListExprs. This was a hack put in r168757 to silence a false positive.
The underlying problem seems to have been fixed in the mean time, as removing
this code doesn't seem to break anything. Therefore I propose to remove it and
solve PR16629 in the process.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1325
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188059 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| fa220f58f02014e4a3389f429b82948a09dc4986 |
09-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Warn when using 'delete' on an uninitialized variable.
Patch by Karthik Bhat, modified slightly by me.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188043 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
|
| d8188f8ad5d584b5f6e1f58e5a4882586cc630d4 |
02-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't process autorelease counts in synthesized function bodies.
We process autorelease counts when we exit functions, but if there's an
issue in a synthesized body the report will get dropped. Just skip the
processing for now and let it get handled when the caller gets around to
processing autoreleases.
(This is still suboptimal: objects autoreleased in the caller context
should never be warned about when exiting a callee context, synthesized
or not.)
Second half of <rdar://problem/14611722>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187625 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| cd007b18ba218925923a82ad4462fecf903f4a93 |
02-Aug-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Silently drop all reports within synthesized bodies.
Much of our diagnostic machinery is set up to assume that the report
end path location is valid. Moreover, the user may be quite confused
when something goes wrong in our BodyFarm-synthesized function bodies,
which may be simplified or modified from the real implementations.
Rather than try to make this all work somehow, just drop the report so
that we don't try to go on with an invalid source location.
Note that we still handle reports whose /paths/ go through invalid
locations, just not those that are reported in one.
We do have to be careful not to lose warnings because of this.
The impetus for this change was an autorelease being processed within
the synthesized body, and there may be other possible issues that are
worth reporting in some way. We'll take these as they come, however.
<rdar://problem/14611722>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187624 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| 99b3cc6ec4fbcd887b632dcb7147ef472d83fc37 |
26-Jul-2013 |
Pavel Labath <labath@google.com> |
Fix tests on targets that don't support thread_local
This also reverts r187197.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187199 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 68ffe1557f9daa023027c970a00d947cfe3d5770 |
26-Jul-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Add a triple. Should fix the windows bots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187197 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 76b5dd48c9dbf2ed3e5830060ea55b81b7d1cca0 |
26-Jul-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Fix FP warnings when binding a temporary to a local static variable
Summary:
When binding a temporary object to a static local variable, the analyzer would
complain about a dangling reference even though the temporary's lifetime should
be extended past the end of the function. This commit tries to detect these
cases and construct them in a global memory region instead of a local one.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1133
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187196 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
emporaries.cpp
|
| 062ef6e6d956b8873e33fe84574c7630d2829d3d |
25-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add regression test for the crash in PR16664.
This goes with r186925, which reverted Pavel's commit in r186498.
Also, add a correctness test for the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187133 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 0aaa57d19c23165d5e422c706084799d97eabe97 |
25-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Weaken assertion to account for pointer-to-integer casts.
PR16690
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187132 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
|
| c2294ef9024bda79e61c2cf9de64f66417fdf90d |
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
Remove line number from test/Analysis/crash-trace.c.
...and hopefully, finally, unbreak buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186953 91177308-0d34-0410-b5e6-96231b3b80d8
rash-trace.c
|
| 371aad5ad9f12a988508e7c2bd7ff2e5723a3da0 |
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
Mark test/Analysis/crash-trace.c as requiring crash recovery.
This plus Rafael's fix at r186943 should keep all the buildbots happy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186950 91177308-0d34-0410-b5e6-96231b3b80d8
rash-trace.c
|
| 84248529493d75bfe6ba78d6a4ee3d041d8d1d12 |
23-Jul-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Run %clang_cc1, it is the one that actually crashes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186943 91177308-0d34-0410-b5e6-96231b3b80d8
rash-trace.c
|
| fee16225a103ee1459af4f3ecb89fa2804e81ac3 |
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Enable pseudo-destructor expressions.
These are cases where a scalar type is "destructed", usually due to
template instantiation (e.g. "obj.~T()", where 'T' is 'int'). This has
no actual effect and the analyzer should just skip over it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186927 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 413c572d3b732bf8f79772530dc21883958a3f5f |
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add test for crash tracing (r186639)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186926 91177308-0d34-0410-b5e6-96231b3b80d8
rash-trace.c
|
| 9815ec0a00fe04db92e51a4160fc905f6cd48f30 |
23-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Add very limited support for temporary destructors"
The analyzer doesn't currently expect CFG blocks with terminators to be
empty, but this can happen when generating conditional destructors for
a complex logical expression, such as (a && (b || Temp{})). Moreover,
the branch conditions for these expressions are not persisted in the
state. Even for handling noreturn destructors this needs more work.
This reverts r186498.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186925 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
tor.cpp
emp-obj-dtors-cfg-output.cpp
|
| bccda13aa3fc2a4c674a8c0a7003a7e6b1ff17b0 |
17-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C++11 member initializer expressions.
Previously, we would simply abort the path when we saw a default member
initialization; now, we actually attempt to evaluate it. Like default
arguments, the contents of these expressions are not actually part of the
current function, so we fall back to constant evaluation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186521 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
|
| df70700f5aa5744d7f70fb3e6610ff434f643a71 |
17-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C string default values for const char * arguments.
Previously, SValBuilder knew how to evaluate StringLiterals, but couldn't
handle an array-to-pointer decay for constant values. Additionally,
RegionStore was being too strict about loading from an array, refusing to
return a 'char' value from a 'const char' array. Both of these have been
fixed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186520 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| be2e1b11e3350e3a6e632c71beaab83aae3824d2 |
17-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat std::initializer_list as opaque rather than aborting.
Previously, the use of a std::initializer_list (actually, a
CXXStdInitializerListExpr) would cause the analyzer to give up on the rest
of the path. Now, it just uses an opaque symbolic value for the
initializer_list and continues on.
At some point in the future we can add proper support for initializer_list,
with access to the elements in the InitListExpr.
<rdar://problem/14340207>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186519 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
tor.mm
iagnostics/explicit-suppression.cpp
|
| 046e79a425bfa82b480b8a07ce11d96391fa0a9b |
17-Jul-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Add very limited support for temporary destructors
Summary:
This patch enables ExprEndgine to reason about temporary object destructors.
However, these destructor calls are never inlined, since this feature is still
broken. Still, this is sufficient to properly handle noreturn temporary
destructors and close bug #15599. I have also enabled the cfg-temporary-dtors
analyzer option by default.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1131
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186498 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
tor.cpp
emp-obj-dtors-cfg-output.cpp
|
| 78c2ec43284537f65bbd95b0628271a140ba0ec4 |
12-Jul-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Treat nullPtrType as a location type.
Fixes PR16584 (radar://14415223).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186172 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 7c0a8b560ae78b28d72bff8614b94ac05cb2b469 |
12-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add support for __builtin_addressof.
...so we don't regress on std::addressof.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186140 91177308-0d34-0410-b5e6-96231b3b80d8
uiltin-functions.cpp
|
| 8f6134c308951a72642eebb65a44408ea1e237a8 |
10-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove bogus assert: in C++11, 'new' can do list-initialization.
Previously, we asserted that whenever 'new' did not include a constructor
call, the type must be a non-record type. In C++11, however, uniform
initialization syntax (braces) allow 'new' to construct records with
list-initialization: "new Point{1, 2}".
Removing this assertion should be perfectly safe; the code here matches
what VisitDeclStmt does for regions allocated on the stack.
<rdar://problem/14403437>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186028 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| e600d4be7d01661ab7601f9ef9c4d3236c377385 |
09-Jul-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r185609: actually do suppress warnings coming out of std::list.
list is the name of a class, not a namespace. Change the test as well - the previous
version did not test properly.
Fixes radar://14317928.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185898 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
|
| 0dfdfb57d2a2520bfaa7f79343d36478c0929e42 |
05-Jul-2013 |
Benjamin Kramer <benny.kra@googlemail.com> |
Add a test case for r185707/PR16547.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185708 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags.c
|
| d029cbbd18689a8110ea47aa33ed3387a7cf3674 |
04-Jul-2013 |
Rafael Espindola <rafael.espindola@gmail.com> |
Replace 'grep foo | count 0' with 'not grep foo'.
This avoids depending on pipefail not being used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185648 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags-multifile.c
|
| 8b625a3f7764959d0a2ac3cd860ce1e168e0fc9b |
04-Jul-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Suppress reports reported in std::list
The motivation is to suppresses false use-after-free reports that occur when calling
std::list::pop_front() or std::list::pop_back() twice. The analyzer does not
reason about the internal invariants of the list implementation, so just do not report
any of warnings in std::list.
Fixes radar://14317928.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185609 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
nlining/stl.cpp
|
| 7f79b78351af03a392ee16d8ec557d47746c33c6 |
04-Jul-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make sure that inlined defensive checks work on div by zero.
This suppresses a false positive in std::hash_map.
Fixes radar://14255587.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185608 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
nlining/inline-defensive-checks.c
|
| 2a02f4d535ddae30898f013649d8c1902082921c |
03-Jul-2013 |
Pavel Labath <labath@google.com> |
[analyzer] Improve handling of noreturn destructors
Summary:
The analyzer incorrectly handled noreturn destructors which were hidden inside
function calls. This happened because NoReturnFunctionChecker only listened for
PostStmt events, which are not executed for destructor calls. I've changed it to
listen to PostCall events, which should catch both cases.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1056
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185522 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 330231537010ab1d77affcbcaffd4bbe358b4cfa |
02-Jul-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Pointers-to-members are (currently) Locs, not NonLocs.
While we don't model pointers-to-members besides "null" and "non-null",
we were using Loc symbols for valid pointers and NonLoc integers for the
null case. This hit the assert committed in r185401.
Fixed by using a true (Loc) null for null member pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185444 91177308-0d34-0410-b5e6-96231b3b80d8
ointer-to-member.cpp
|
| ed2e2de580f840385f25a188ed48d2a14948af76 |
02-Jul-2013 |
Pavel Labath <labath@google.com> |
Teach static analyzer about AttributedStmts
Summary:
Static analyzer used to abort when encountering AttributedStmts, because it
asserted that the statements should not appear in the CFG. This is however not
the case, since at least the clang::fallthrough annotation makes it through.
This commit simply makes the analyzer ignore the statement attributes.
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1030
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185417 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| be35df19cf9540c03048942ecafc6811643073ec |
25-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle zeroing CXXConstructExprs.
Re-apply r184511, reverted in r184561, with the trivial default constructor
fast path removed -- it turned out not to be necessary here.
Certain expressions can cause a constructor invocation to zero-initialize
its object even if the constructor itself does no initialization. The
analyzer now handles that before evaluating the call to the constructor,
using the same "default binding" mechanism that calloc() uses, rather
than simply ignoring the zero-initialization flag.
<rdar://problem/14212563>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184815 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
tor.mm
|
| 1fc9111d85c3929018cd5c85dd14f3dbb5d23d68 |
25-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't initialize virtual base classes more than once.
In order to make sure virtual base classes are always initialized once,
the AST contains initializers for the base class in /all/ of its
descendents, not just the immediate descendents. However, at runtime,
the most-derived object is responsible for initializing all the virtual
base classes; all the other initializers will be ignored.
The analyzer now checks to see if it's being called from another base
constructor, and if so does not perform virtual base initialization.
<rdar://problem/14236851>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184814 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
|
| dbcc7561f6964404c590f42454a249af5324fa44 |
24-Jun-2013 |
Reid Kleckner <reid@kleckner.net> |
Check the canonical parameter type with getAs<>() in a static checker
This will prevent breakage when I introduce the DecayedType sugar node.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184755 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 2ffcd18b845d4f855074ff7011c46e20616e08fd |
22-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use output form collections’ count to decide if ObjC for loop should be entered
This fixes false positives by allowing us to know that a loop is always entered if
the collection count method returns a positive value and vice versa.
Addresses radar://14169391.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184618 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
bjc-for.m
|
| 053c88bd93e6b2f4e498fd835155f955127d3489 |
21-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Handle zeroing CXXConstructExprs."
Per review from Anna, this really should have been two commits, and besides
it's causing problems on our internal buildbot. Reverting until these have
been worked out.
This reverts r184511 / 98123284826bb4ce422775563ff1a01580ec5766.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184561 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
tor.mm
nlining/path-notes.cpp
|
| 98123284826bb4ce422775563ff1a01580ec5766 |
21-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle zeroing CXXConstructExprs.
Certain expressions can cause a constructor invocation to zero-initialize
its object even if the constructor itself does no initialization. The
analyzer now handles that before evaluating the call to the constructor,
using the same "default binding" mechanism that calloc() uses, rather
than simply ignoring the zero-initialization flag.
As a bonus, trivial default constructors are now no longer inlined; they
are instead processed explicitly by ExprEngine. This has a (positive)
effect on the generated path edges: they no longer stop at a default
constructor call unless there's a user-provided implementation.
<rdar://problem/14212563>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184511 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
tor.mm
nlining/path-notes.cpp
|
| 9122025df6682a29ba4bdfc4330d2caebb8ea4de |
20-Jun-2013 |
Pavel Labath <labath@google.com> |
Fix static analyzer crash when casting from an incomplete type
Summary:
When doing a reinterpret+dynamic cast from an incomplete type, the analyzer
would crash (bug #16308). This fix makes the dynamic cast evaluator ignore
incomplete types, as they can never be used in a dynamic_cast. Also adding a
regression test.
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1006
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184403 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| 37926da411d5a0047240b3ffd4dad0c4838aac57 |
19-Jun-2013 |
Pavel Labath <labath@google.com> |
Fix a crash in the static analyzer (bug #16307)
Summary:
When processing a call to a function, which got passed less arguments than it
expects, the analyzer would crash.
I've also added a test for that and a analyzer warning which detects these
cases.
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D994
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184288 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
nline.cpp
|
| bd34520a8c4fe689cca8afaa8114e50bd6bad8f8 |
19-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not create a CompoundVal for lvalue InitListExprs.
These should be treated like scalars. This fixes a crash reported in radar://14164698.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184257 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| 52810c51afaa10b30319d236d353d70534cf9356 |
19-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not report uninitialized value warnings inside swap functions.
This silences warnings that could occur when one is swapping partially initialized structs. We suppress
not only the assignments of uninitialized members, but any values inside swap because swap could
potentially be used as a subroutine to swap class members.
This silences a warning from std::try::function::swap() on partially initialized objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184256 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.m
|
| a3f5a5afefca7653349a88472d5ce01ba7226e27 |
08-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer; alternate edges] Fix the edge locations in presence of macros.
We drew the diagnostic edges to wrong statements in cases the note was on a macro.
The fix is simple, but seems to work just fine for a whole bunch of test cases (plist-macros.cpp).
Also, removes an unnecessary edge in edges-new.mm, when function signature starts with a macro.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183599 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
list-macros.cpp
|
| 57c8736e7dce5e63b4e1665d2c4fcf6e6ef959d0 |
07-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan’s code review for r183451
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183455 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 6838710779a23ea5dfdb5764ad7b7a7451b00bf8 |
07-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ensure that pieces with invalid locations always get removed from the BugReport
The function in which we were doing it used to be conditionalized. Add a new unconditional
cleanup step.
This fixes PR16227 (radar://14073870) - a crash when generating html output for one of the test files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183451 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 49a246f4fad959888bb0164c624c3c2b03078e91 |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183449 91177308-0d34-0410-b5e6-96231b3b80d8
xx-for-range.cpp
dges-new.mm
|
| fb6f75feaa0fa6621282df1075677a26fdfde1b7 |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through ExprWithCleanups to see if an expr's consumed.
We based decisions during analysis and during path generation on whether
or not an expression is consumed, so if a top-level expression has
cleanups it's important for us to look through that.
<rdar://problem/14076125>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183368 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
nix-fns.c
|
| 1089a57a88051f84aca66f3d8c92bda32a3a5c49 |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Don't crash if the top-level entry edge is missing.
We previously asserted that there was a top-level function entry edge, but
if the function decl's location is invalid (or within a macro) this edge
might not exist. Change the assertion to an actual check, and don't drop
the first path piece if it doesn't match.
<rdar://problem/14070304>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183358 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 574c7cf6d0c8e8f8ecda360ae271d5391c404534 |
06-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Ignore self-edges, not all edges with the same location.
The edge optimizer needs to see edges for, say, implicit casts (which have
the same source location as their operand) to uniformly simplify the
entire path. However, we still don't want to produce edges from a statement
to /itself/, which could occur when two nodes in a row have the same
statement location.
This necessitated moving the check for redundant notes to after edge
optimization, since the check relies on notes being adjacent in the path.
<rdar://problem/14061675>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183357 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
bjc-arc.m
|
| 2a1551fa14728891bf8e325d3eb686ed404cd8b2 |
04-Jun-2013 |
David Majnemer <david.majnemer@gmail.com> |
Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully covered
Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered()
as well as having no cases at all (i.e. the enum it covers has no
enumerators).
In this case, we should add a successor to repair the CFG.
This fixes PR16212.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183237 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
|
| 048eeea6852043990c87e52938b53b5337bd098e |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Enable the new edge algorithm by default.
...but don't yet migrate over the existing plist tests. Some of these
would be trivial to migrate; others could use a bit of inspection first.
In any case, though, the new edge algorithm seems to have proven itself,
and we'd like more coverage (and more usage) of it going forwards.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183165 91177308-0d34-0410-b5e6-96231b3b80d8
ismatchedDeallocator-path-notes.cpp
ewDelete-path-notes.cpp
onditional-operator-path-notes.c
iagnostics/deref-track-symbolic-region.c
iagnostics/report-issues-within-main-file.cpp
iagnostics/undef-value-caller.c
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
nline-plist.c
nline-unique-reports.c
nlining/eager-reclamation-path-notes.c
nlining/eager-reclamation-path-notes.cpp
nlining/path-notes.c
nlining/path-notes.cpp
nlining/path-notes.m
alloc-plist.c
ethod-call-path-notes.cpp
ull-deref-path-notes.m
list-output-alternate.m
list-output.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
nix-fns.c
|
| e624524705ab660eb8d1feb9870ef2989fb2bdf4 |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Omit subexpression back-edges that span multiple lines.
A.1 -> A -> B
becomes
A.1 -> B
This only applies if there's an edge from a subexpression to its parent
expression, and that is immediately followed by another edge from the
parent expression to a subsequent expression. Normally this is useful for
bringing the edges back to the left side of the code, but when the
subexpression is on a different line the backedge ends up looking strange,
and may even obscure code. In these cases, it's better to just continue
to the next top-level statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183164 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 22b0ad2d2a9c723bcdc94525a091fdbfbaa480fa |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Don't eliminate subexpr edge cycles if the line is long.
Specifically, if the line is over 80 characters, or if the top-level
statement spans mulitple lines, we should preserve sub-expression edges
even if they form a simple cycle as described in the last commit, because
it's harder to infer what's going on than it is for shorter lines.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183163 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 3b5977e690b3d4476938a548bbd6f66c4a4a6dcd |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Eliminate "cycle edges" for a single subexpression.
Generating context arrows can result in quite a few arrows surrounding a
relatively simple expression, often containing only a single path note.
|
1 +--2---+
v/ v
auto m = new m // 3 (the path note)
|\ |
5 +--4---+
v
Note also that 5 and 1 are two ends of the "same" arrow, i.e. they go from
event to event. 3 is not an arrow but the path note itself.
Now, if we see a pair of edges like 2 and 4---where 4 is the reverse of 2
and there is optionally a single path note between them---we will
eliminate /both/ edges. Anything more complicated will be left as is
(more edges involved, an inlined call, etc).
The next commit will refine this to preserve the arrows in a larger
expression, so that we don't lose all context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183162 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 66c2399931dd5cf036db34286579ddc5208a9a95 |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Extra test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183161 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 9d9b494aa36ceeb823c48acf04d2d7677174be88 |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Improve enclosing contexts for logical expressions.
The old edge builder didn't have a notion of nested statement contexts,
so there was no special treatment of a logical operator inside an if
(or inside another logical operator). The new edge builder always tries
to establish the full context up to the top-level statement, so it's
important to know how much context has been established already rather
than just checking the innermost context.
This restores some of the old behavior for the old edge generation:
the context of a logical operator's non-controlling expression is the
subexpression in the old edge algorithm, but the entire operator
expression in the new algorithm.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183160 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 96f1061fbe59faff5b266a3a04061cefcfe03e2f |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Include context for edges to sub-expressions.
The current edge-generation algorithm sometimes creates edges from a
top-level statement A to a sub-expression B.1 that's not at the start of B.
This creates a "swoosh" effect where the arrow is drawn on top of the
text at the start of B. In these cases, the results are clearer if we see
an edge from A to B, then another one from B to B.1.
Admittedly, this does create a /lot/ of arrows, some of which merely hop
into a subexpression and then out again for a single note. The next commit
will eliminate these if the subexpression is simple enough.
This updates and reuses some of the infrastructure from the old edge-
generation algorithm to find the "enclosing statement" context for a
given expression. One change in particular marks the context of the
LHS or RHS of a logical binary operator (&&, ||) as the entire operator
expression, rather than the subexpression itself. This matches our behavior
for ?:, and allows us to handle nested context information.
<rdar://problem/13902816>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183159 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 2794bc0e3757992194dd587d0f6a253ec72afc9a |
04-Jun-2013 |
Jordan Rose <jordan_rose@apple.com> |
CFG: In a DeclStmt, skip anything that's not a VarDecl.
Neither the compiler nor the analyzer are doing anything with non-VarDecl
decls in the CFG, and having them there creates extra nodes in the
analyzer's path diagnostics. Simplify the CFG (and the path edges) by
simply leaving them out. We can always add interesting decls back in when
they become relevant.
Note that this only affects decls declared in a DeclStmt, and then only
those that appear within a function body.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183157 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
dges-new.mm
list-output-alternate.m
list-output.m
|
| e7a5c829540a452f30cd5a1c0609dddcb1af33ce |
01-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.
Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape.
For example, NSData initWithBytes id not going to free the memory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183062 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-objc.h
alloc.m
|
| ee1af2398086464cfa2b7306ac4d8359d61872ee |
01-Jun-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive reported on rare strange code, which happens to be in JSONKit
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183055 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.m
|
| f94cb007d03031bcf3d1b02f6a683a189e934953 |
31-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer; new edges] add simplifySimpleBranches() to reduce edges for branches.
In many cases, the edge from the "if" to the condition, followed by an edge from the branch condition to the target code, is uninteresting.
In such cases, we should fold the two edges into one from the "if" to the target.
This also applies to loops.
Implements <rdar://problem/14034763>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183018 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 042ca3de1e8d723cb73ee4d9984509e4489a6bb7 |
31-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer; new edges] in splitBranchConditionEdges() do not check that predecessor edge has source in the same lexical scope as the target branch.
Fixes <rdar://problem/14031292>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182987 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| 904fd08edbedeb18b16875dd54b3f1edb049e9b9 |
30-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer; alternate edges] don't add an edge incoming from the start of a function"
...and make this work correctly in the current codebase.
After living on this for a while, it turns out to look very strange for
inlined functions that have only a single statement, and somewhat strange
for inlined functions in general (since they are still conceptually in the
middle of the path, and there is a function-entry path note).
It's worth noting that this only affects inlined functions; in the new
arrow generation algorithm, the top-level function still starts at the
first real statement in the function body, not the enclosing CompoundStmt.
This reverts r182078 / dbfa950abe0e55b173286a306ee620eff5f72ea.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182963 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.mm
|
| b347c76054a0a4b8e6d1fce44314f6daf3294c69 |
30-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash if a block's signature just has the return type.
It is okay to declare a block without an argument list: ^ {} or ^void {}.
In these cases, the BlockDecl's signature-as-written will just contain
the return type, rather than the entire function type. It is unclear if
this is intentional, but the analyzer shouldn't crash because of it.
<rdar://problem/14018351>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182948 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 3e8a85fcfc3d264e4c5b21fbdd741bbc0c24a266 |
30-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] In for(;;), use the ForStmt itself for loop notes.
Most loop notes (like "entering loop body") are attached to the condition
expression guarding a loop or its equivalent. For loops may not have a
condition expression, though. Rather than crashing, just use the entire
ForStmt as the location. This is probably the best we can do.
<rdar://problem/14016063>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182904 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.m
dges-new.mm
|
| 1acb394679b6e644044a0f6c358229759009b1a6 |
29-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Accept references to variables declared "extern void" (C only).
In C, 'void' is treated like any other incomplete type, and though it is
never completed, you can cast the address of a void-typed variable to do
something useful. (In C++ it's illegal to declare a variable with void type.)
Previously we asserted on this code; now we just treat it like any other
incomplete type.
And speaking of incomplete types, we don't know their extent. Actually
check that in TypedValueRegion::getExtent, though that's not being used
by any checkers that are on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182880 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
ut-of-bounds.c
|
| 7f1fd2f182717d5ce6cde60398128910c90f98be |
29-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation
This gives slightly better precision, specifically, in cases where a non-typed region represents the array
or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 3056439bb175db8c46b89fb4385de8b3a8e42d0d |
29-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-enable reasoning about CK_LValueBitCast
It’s important for us to reason about the cast as it is used in std::addressof. The reason we did not
handle the cast previously was a crash on a test case (see commit r157478). The crash was in
processing array to pointer decay when the region type was not an array. Address the issue, by
just returning an unknown in that case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182808 91177308-0d34-0410-b5e6-96231b3b80d8
einterpret-cast.cpp
|
| 4e9179a3d0ec612a4d540281020b200254348a6b |
28-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use a more generic MemRegion.getAsOffset to evaluate bin operators on MemRegions
In addition to enabling more code reuse, this suppresses some false positives by allowing us to
compare an element region to its base. See the ptr-arith.cpp test cases for an example.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182780 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
tr-arith.cpp
|
| b9814c867e69d542ea6b90c756814dab462019c7 |
24-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test for r182677.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182678 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| d474da062565596015558856333423199aed5eb1 |
24-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat analyzer-synthesized function bodies like implicit bodies.
When generating path notes, implicit function bodies are shown at the call
site, so that, say, copying a POD type in C++ doesn't jump you to a header
file. This is especially important when the synthesized function itself
calls another function (or block), in which case we should try to jump the
user around as little as possible.
By checking whether a called function has a body in the AST, we can tell
if the analyzer synthesized the body, and if we should therefore collapse
the call down to the call site like a true implicitly-defined function.
<rdar://problem/13978414>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182677 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
nix-fns.c
|
| 5a6fb20841220488f8be7254fbea8ba7233ebcd3 |
24-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer; new edges] Properly set location after exiting an inlined call.
The new edge algorithm would keep track of the previous location in each
location context, so that it could draw arrows coming in and out of each
inlined call. However, it tried to access the location of the call before
it was actually set (at the CallEnter node). This only affected
unterminated calls at the end of a path; calls with visible exit nodes
already had a valid location.
This patch ditches the location context map, since we're processing the
nodes in order anyway, and just unconditionally updates the PrevLoc
variable after popping out of an inlined call.
<rdar://problem/13983470>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182676 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.m
|
| 0d2223f52daff1a8c5eb49a2e267108b4f23ed98 |
23-May-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer; alternate edges] Add a new test case file to regression test the new arrows algorithm.
This essentially combines the tests in plist-output.m and plist-alternate-output.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182612 91177308-0d34-0410-b5e6-96231b3b80d8
dges-new.m
|
| eb41640fb417e25eb3218c2662a0dd512cdab04a |
22-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash if a block doesn't have a type signature.
Currently, blocks instantiated in templates lose their "signature as
written"; it's not clear if this is intentional. Change the analyzer's
use of BlockDecl::getSignatureAsWritten to check whether or not the
signature is actually there.
<rdar://problem/13954714>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182497 91177308-0d34-0410-b5e6-96231b3b80d8
emplates.cpp
|
| 61dfd6f160f7501e140704990db9c449d29f8649 |
22-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not assert on reports ending in calls within macros.
The crash is triggered by the newly added option (-analyzer-config report-in-main-source-file=true) introduced in r182058.
Note, ideally, we’d like to report the issue within the main source file here as well.
For now, just do not crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182445 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/Inputs/include/report-issues-within-main-file.h
iagnostics/report-issues-within-main-file.cpp
|
| 5a8e1ad062420ef74707bf093889403d07664b17 |
17-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's review comments for r182058
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182156 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/report-issues-within-main-file.cpp
|
| 50fa64d4411a42e0b4f373a84d8d4f5cbf339ea3 |
17-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline ~shared_ptr.
The analyzer can't see the reference count for shared_ptr, so it doesn't
know whether a given destruction is going to delete the referenced object.
This leads to spurious leak and use-after-free warnings.
For now, just ban destructors named '~shared_ptr', which catches
std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr.
PR15987
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182071 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
nalyzer-config.cpp
|
| d95b70175646829c26344d5f0bda1ec3009f2a5b |
17-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to use the last location in the main source file as the report location.
Previously, we’ve used the last location of the analyzer issue path as the location of the
report. This might not provide the best user experience, when one analyzer a source
file and the issue appears in the header. Introduce an option to use the last location
of the path that is in the main source file as the report location.
New option can be enabled with -analyzer-config report-in-main-source-file=true.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182058 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/Inputs/include/report-issues-within-main-file.h
iagnostics/report-issues-within-main-file.cpp
|
| 14040142a3b3c1029092bc1f7c51e347c3fa8f89 |
15-May-2013 |
Fariborz Jahanian <fjahanian@apple.com> |
improve of note message and minor refactoring of my last
patch (r181847).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181896 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
dar-6540084.m
|
| 9f00b1d3962147a2fe049b8b45f70680bc12fbc1 |
15-May-2013 |
Fariborz Jahanian <fjahanian@apple.com> |
Objective-C [diagnostics] [QOI], when method is not
found for a receiver, note where receiver class
is declaraed (this is most common when receiver is a forward
class). // rdar://3258331
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181847 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
dar-6540084.m
|
| ef202c35b37c137e32fe30f4453915b6d3b525d7 |
14-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: address Jordan’s code review of r181738.
(Modifying the checker to record that the values are no longer nil will be done separately.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181744 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| b834a78f9b79cb71b093ebbbb381b92f9d4bbf3b |
13-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn about nil elements/keys/values in array and dictionary literals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181738 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| f2d8fbed93541b74c3a84bf788f151df2d543b27 |
10-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Assume [NSNull null] does not return nil.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181616 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| 265448963a856bebdd0ae5abf67210054f44c64b |
10-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not check if sys/queue.h file is a system header.
In most cases it is, by just looking at the name. Also, this check prevents the heuristic from working in strange user settings.
radar://13839692
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181615 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/Inputs/include/sys/queue.h
|
| 374ae320b87c15b0262c40e5c46e8990111df5ca |
10-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Indirect invalidation counts as an escape for leak checkers.
Consider this example:
char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);
In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.
The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.
In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.
This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:
char **p = malloc(sizeof(char *));
systemFunction(p + 1);
// leak
Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.
Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.
<rdar://problem/13758386>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181607 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator.h
alloc.c
imple-stream-checks.c
|
| 636478e288b88396d860f6b01b48b47953e3d5e9 |
07-May-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash triggered by printing a note on a default argument
Instead, use the location of the call to print the note.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181337 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 6376703eb3325fe41233aed234fde81164af42a1 |
06-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle CXXTemporaryObjectExprs in compound literals.
This occurs because in C++11 the compound literal syntax can trigger a
constructor call via list-initialization. That is, "Point{x, y}" and
"(Point){x, y}" end up being equivalent. If this occurs, the inner
CXXConstructExpr will have already handled the object construction; the
CompoundLiteralExpr just needs to propagate that value forwards.
<rdar://problem/13804098>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181213 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 2faee99ab67105e834d11df7db80a78a3e3ed37b |
03-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check the stack frame when looking for a var's initialization.
FindLastStoreBRVisitor is responsible for finding where a particular region
gets its value; if the region is a VarRegion, it's possible that value was
assigned at initialization, i.e. at its DeclStmt. However, if a function is
called recursively, the same DeclStmt may be evaluated multiple times in
multiple stack frames. FindLastStoreBRVisitor was not taking this into
account and just picking the first one it saw.
<rdar://problem/13787723>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180997 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| dcd6224911e234ab3657b7d0b79a2add1ae4fdd8 |
03-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix trackNullOrUndef when tracking args that have nil receivers.
There were actually two bugs here:
- if we decided to look for an interesting lvalue or call expression, we
wouldn't go find its node if we also knew we were at a (different) call.
- if we looked through one message send with a nil receiver, we thought we
were still looking at an argument to the original call.
Put together, this kept us from being able to track the right values, which
means sub-par diagnostics and worse false-positive suppression.
Noticed by inspection.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180996 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.m
nlining/path-notes.m
|
| 4b75085f5669efc6407c662b5686361624c3ff2f |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't try to evaluate MaterializeTemporaryExpr as a constant.
...and don't consider '0' to be a null pointer constant if it's the
initializer for a float!
Apparently null pointer constant evaluation looks through both
MaterializeTemporaryExpr and ImplicitCastExpr, so we have to be more
careful about types in the callers. For RegionStore this just means giving
up a little more; for ExprEngine this means handling the
MaterializeTemporaryExpr case explicitly.
Follow-up to r180894.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180944 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 8a729b4b20796bc0ca25e8d86d57c0cd0c5e40d4 |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCountChecker: don't track through xpc_connection_set_context.
It is unfortunate that we have to mark these exceptions in multiple places.
This was already in CallEvent. I suppose it does let us be more precise
about saying /which/ arguments have their retain counts invalidated -- the
connection's is still valid even though the context object's isn't -- but
we're not tracking the retain count of XPC objects anyway.
<rdar://problem/13783514>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180904 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| e2b1246a24e8babf2f58c93713fba16b8edb8e2d |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate constant evaluation logic in SValBuilder.
Previously, this was scattered across Environment (literal expressions),
ExprEngine (default arguments), and RegionStore (global constants). The
former special-cased several kinds of simple constant expressions, while
the latter two deferred to the AST's constant evaluator.
Now, these are all unified as SValBuilder::getConstantVal(). To keep
Environment fast, the special cases for simple constant expressions have
been left in, but the main benefits are that (a) unusual constants like
ObjCStringLiterals now work as default arguments and global constant
initializers, and (b) we're not duplicating code between ExprEngine and
RegionStore.
This actually caught a bug in our test suite, which is awesome: we stop
tracking allocated memory if it's passed as an argument along with some
kind of callback, but not if the callback is 0. We were testing this in
a case where the callback parameter had a default value, but that value
was 0. After this change, the analyzer now (correctly) flags that as a
leak!
<rdar://problem/13773117>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.cpp
bjc-string.mm
|
| 776d3bb65c90278b9c65544b235d2ac40aea1d6e |
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline the [cd]tors of C++ iterators.
This goes with r178516, which instructed the analyzer not to inline the
constructors and destructors of C++ container classes. This goes a step
further and does the same thing for iterators, so that the analyzer won't
falsely decide we're trying to construct an iterator pointing to a
nonexistent element.
The heuristic for determining whether something is an iterator is the
presence of an 'iterator_category' member. This is controlled under the
same -analyzer-config option as container constructor/destructor inlining:
'c++-container-inlining'.
<rdar://problem/13770187>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180890 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
nlining/containers.cpp
|
| 112344ab7f96cf482bce80530676712c282756d5 |
01-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model casts to bool differently from other numbers."
This doesn't appear to be the cause of the slowdown. I'll have to try a
manual bisect to see if there's really anything there, or if it's just
the bot itself taking on additional load. Meanwhile, this change helps
with correctness.
This changes an assertion and adds a test case, then re-applies r180638,
which was reverted in r180714.
<rdar://problem/13296133> and PR15863
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180864 91177308-0d34-0410-b5e6-96231b3b80d8
ool-assignment.c
asts.c
tack-addr-ps.cpp
tackaddrleak.c
valbuilder-logic.c
|
| 7e6b564d59df6c0594bc3a577f33536850290dec |
29-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model casts to bool differently from other numbers."
This seems to be causing quite a slowdown on our internal analyzer bot,
and I'm not sure why. Needs further investigation.
This reverts r180638 / 9e161ea981f22ae017b6af09d660bfc3ddf16a09.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180714 91177308-0d34-0410-b5e6-96231b3b80d8
ool-assignment.c
asts.c
tack-addr-ps.cpp
tackaddrleak.c
|
| 5d2e4e1f9ed87ea26295e891acf7e5a3b106f194 |
26-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] An ObjC for-in loop runs 0 times if the collection is nil.
In an Objective-C for-in loop "for (id element in collection) {}", the loop
will run 0 times if the collection is nil. This is because the for-in loop
is implemented using a protocol method that returns 0 when there are no
elements to iterate, and messages to nil will result in a 0 return value.
At some point we may want to actually model this message send, but for now
we may as well get the nil case correct, and avoid the false positives that
would come with this case.
<rdar://problem/13744632>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180639 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-for.m
|
| 5e6c06bc7deaaefe130b730032a9acb9cd38bf0c |
26-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model casts to bool differently from other numbers.
Casts to bool (and _Bool) are equivalent to checks against zero,
not truncations to 1 bit or 8 bits.
This improved reasoning does cause a change in the behavior of the alpha
BoolAssignment checker. Previously, this checker complained about statements
like "bool x = y" if 'y' was known not to be 0 or 1. Now it does not, since
that conversion is well-defined. It's hard to say what the "best" behavior
here is: this conversion is safe, but might be better written as an explicit
comparison against zero.
More usefully, besides improving our model of booleans, this fixes spurious
warnings when returning the address of a local variable cast to bool.
<rdar://problem/13296133>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180638 91177308-0d34-0410-b5e6-96231b3b80d8
ool-assignment.c
asts.c
tack-addr-ps.cpp
tackaddrleak.c
|
| ed6847ee6944757dfc4911abb29c6fc2d7cf9d79 |
26-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate BoolAssignmentChecker tests by using two RUN lines.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180637 91177308-0d34-0410-b5e6-96231b3b80d8
ool-assignment.c
ool-assignment.cpp
ool-assignment2.c
|
| 9ed6d8068f767819951bc4eebf6f4912087c442a |
25-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach DeadStoreChecker to look though BO_Comma and disregard the LHS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180579 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 3d8f462d58a4be21f9f5d287253b9b2565506ca5 |
25-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash in RetainCountChecker - we should not rely on CallEnter::getCallExpr to return non-NULL
We get a CallEnter with a null expression, when processing a destructor. All other users of
CallEnter::getCallExpr work fine with null as return value.
(Addresses PR15832, Thanks to Jordan for reducing the test case!)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180234 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| caadc413a88e864e058a3bea832f42debd8ddef2 |
24-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] IvarInvalidation: correctly handle cases where only partial invalidators exist
- If only partial invalidators exist and there are no full invalidators in @implementation, report every ivar that has
not been invalidated. (Previously, we reported the first Ivar in the list, which could actually have been invalidated
by a partial invalidator. The code assumed you cannot have only partial invalidators.)
- Do not report missing invalidation method declaration if a partial invalidation method declaration exists.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180170 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| e3a813abc1874bbd842bcfbdd0fd676fb5cfdde8 |
24-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Set the allocation site to be the uniqueing location for retain count checker leaks.
The uniqueing location is the location which is part of the hash used to determine if two reports are
the same. This is used by the CmpRuns.py script to compare two analyzer runs and determine which
warnings are new.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180166 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
list-output.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
|
| 0f8579274a010f360a371b53101859d9d6052314 |
24-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor BugReport::getLocation and PathDiagnosticLocation::createEndOfPath for greater code reuse
The 2 functions were computing the same location using different logic (each one had edge case bugs that the other
one did not). Refactor them to rely on the same logic.
The location of the warning reported in text/command line output format will now match that of the plist file.
There is one change in the plist output as well. When reporting an error on a BinaryOperator, we use the location of the
operator instead of the beginning of the BinaryOperator expression. This matches our output on command line and
looks better in most cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180165 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
iagnostics/undef-value-param.c
nline-plist.c
nline-unique-reports.c
nlining/eager-reclamation-path-notes.c
nlining/path-notes.c
nlining/path-notes.cpp
nlining/path-notes.m
ull-deref-path-notes.m
list-output-alternate.m
list-output.m
nix-fns.c
|
| 2545b1d99942080bac4a74cda92c620123d0d6e9 |
23-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCountChecker: Clean up path notes for autorelease.
No functionality change.
<rdar://problem/13710586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180075 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-subscript.m
roperties.m
etain-release-path-notes.m
etain-release.m
|
| af22621352481e91488a54ea0e0b5e73f6551ab7 |
23-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model strsep(), particularly that it returns its input.
This handles the false positive leak warning in PR15374, and also serves
as a basic model for the strsep() function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180069 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| f2edbec1d9817df109304f9c19ae2b34fec1feea |
22-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat reinterpret_cast like a base cast in certain cases.
The analyzer represents all pointer-to-pointer bitcasts the same way, but
this can be problematic if an implicit base cast gets layered on top of a
manual base cast (performed with reinterpret_cast instead of static_cast).
Fix this (and avoid a valid assertion) by looking through cast regions.
Using reinterpret_cast this way is only valid if the base class is at the
same offset as the derived class; this is checked by -Wreinterpret-base-class.
In the interest of performance, the analyzer doesn't repeat this check
anywhere; it will just silently do the wrong thing (use the wrong offsets
for fields of the base class) if the user code is wrong.
PR15394
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180052 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| fbc4444eb2675934b44f3720ef9a5f368ecbeb0a |
22-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Type information from C++ new expressions is perfect.
This improves our handling of dynamic_cast and devirtualization for
objects allocated by 'new'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180051 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
nlining/dyn-dispatch-bifurcate.cpp
|
| 8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1 |
20-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic
Introduce a new helper function, which computes the first symbolic region in
the base region chain. The corresponding symbol has been used for assuming that
a pointer is null. Now, it will also be used for checking if it is null.
This ensures that we are tracking a null pointer correctly in the BugReporter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.c
|
| 10391c2890be5309d8b166507a0ed967eb9e5586 |
20-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Correct the comment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179914 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 62fba4f08af16ff17b5cbe8816061349504317e4 |
18-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Refine 'nil receiver' diagnostics to mention the name of the method not called.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179776 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
list-output.m
|
| 258277d5a922e06ef523f7805900689b680ddc7d |
18-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] "Force" LazyCompoundVals on bind when they are simple enough.
The analyzer uses LazyCompoundVals to represent rvalues of aggregate types,
most importantly structs and arrays. This allows us to efficiently copy
around an entire struct, rather than doing a memberwise load every time a
struct rvalue is encountered. This can also keep memory usage down by
allowing several structs to "share" the same snapshotted bindings.
However, /lookup/ through LazyCompoundVals can be expensive, especially
since they can end up chaining back to the original value. While we try
to reuse LazyCompoundVals whenever it's safe, and cache information about
this transitivity, the fact is it's sometimes just not a good idea to
perpetuate LazyCompoundVals -- the tradeoffs just aren't worth it.
This commit changes RegionStore so that binding a LazyCompoundVal to struct
will do a memberwise copy if the struct is simple enough. Today's definition
of "simple enough" is "up to N scalar members" (see below), but that could
easily be changed in the future. This is enough to bring the test case in
PR15697 back down to a manageable analysis time (within 20% of its original
time, in an unfair test where the new analyzer is not compiled with LTO).
The actual value of "N" is controlled by a new -analyzer-config option,
'region-store-small-struct-limit'. It defaults to "2", meaning structs with
zero, one, or two scalar members will be considered "simple enough" for
this code path.
It's worth noting that a more straightforward implementation would do this
on load, not on bind, and make use of the structure we already have for this:
CompoundVal. A long time ago, this was actually how RegionStore modeled
aggregate-to-aggregate copies, but today it's only used for compound literals.
Unfortunately, it seems that we've special-cased LazyCompoundVal in certain
places (such as liveness checks) but failed to similarly special-case
CompoundVal in all of them. Until we're confident that CompoundVal is
handled properly everywhere, this solution is safer, since the entire
optimization is just an implementation detail of RegionStore.
<rdar://problem/13599304>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179767 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
ninit-vals.m
|
| 476f41c4750421a7ead5014e75a0e790ff682754 |
18-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash if we cache out after making a temporary region.
A C++ overloaded operator may be implemented as an instance method, and
that instance method may be called on an rvalue object, which has no
associated region. The analyzer handles this by creating a temporary region
just for the evaluation of this call; however, it is possible that /by
creating the region/, the analyzer ends up in a previously-explored state.
In this case we don't need to continue along this path.
This doesn't actually show any behavioral change now, but it starts being
used with the next commit and prevents an assertion failure there.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179766 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| 86f1745be24c834175e7a8a51b12f9a0063d532e |
18-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Tweak getDerefExpr more to track DeclRefExprs to references.
In the committed example, we now see a note that tells us when the pointer
was assumed to be null.
This is the only case in which getDerefExpr returned null (failed to get
the dereferenced expr) throughout our regression tests. (There were multiple
occurrences of this one.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179736 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
eference.cpp
|
| 1e1d011874340f33b807ac90609424f90f72488a |
18-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improve dereferenced expression tracking for MemberExpr with a dot and non-reference base
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179734 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 441625e6c7f8bf58e62a284ae1f855dafde31ec2 |
18-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Gain more precision retrieving the right SVal by specifying the type of the expression.
Thanks to Jordan for suggesting the fix.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179732 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 5b90ae7ba05a10a81f107ec1635deb1bd7292936 |
18-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow TrackConstraintBRVisitor to work when the value it’s tracking is not live in the last node of the path
We always register the visitor on a node in which the value we are tracking is live and constrained. However,
the visitation can restart at a node, later on the path, in which the value is under constrained because
it is no longer live. Previously, we just silently stopped tracking in that case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179731 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.c
|
| 898be7b4a7b0a527d9bd2569eebc41a198e6e528 |
17-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't warn for returning void expressions in void blocks.
This was slightly tricky because BlockDecls don't currently store an
inferred return type. However, we can rely on the fact that blocks with
inferred return types will have return statements that match the inferred
type.
<rdar://problem/13665798>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179699 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| b42f200777a66b98989160bf3987ce431540a584 |
17-Apr-2013 |
Andy Gibbs <andyg1001@hotmail.co.uk> |
Extended VerifyDiagnosticConsumer to also verify source file for diagnostic.
VerifyDiagnosticConsumer previously would not check that the diagnostic and
its matching directive referenced the same source file. Common practice was
to create directives that referenced other files but only by line number,
and this led to problems such as when the file containing the directive
didn't have enough lines to match the location of the diagnostic in the
other file, leading to bizarre file formatting and other oddities.
This patch causes VerifyDiagnosticConsumer to match source files as well as
line numbers. Therefore, a new syntax is made available for directives, for
example:
// expected-error@file:line {{diagnostic message}}
This extends the @line feature where "file" is the file where the diagnostic
is generated. The @line syntax is still available and uses the current file
for the diagnostic. "file" can be specified either as a relative or absolute
path - although the latter has less usefulness, I think! The #include search
paths will be used to locate the file and if it is not found an error will be
generated.
The new check is not optional: if the directive is in a different file to the
diagnostic, the file must be specified. Therefore, a number of test-cases
have been updated with regard to this.
This closes out PR15613.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179677 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/explicit-suppression.cpp
|
| 11983018670eb6c1e02dd497f5df37117cfa28fb |
16-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Make test portable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179635 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| 08a838d16825159f7d0ae20d171aa5b3ebab3939 |
16-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add experimental option "leak-diagnostics-reference-allocation".
This is an opt-in tweak for leak diagnostics to reference the allocation
site if the diagnostic consumer only wants a pithy amount of information,
and not the entire path.
This is a strawman enhancement that I expect to see some experimentation
with over the next week, and can go away if we don't want it.
Currently it is only used by RetainCountChecker, but could be used
by MallocChecker if and when we decide this should stay in.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179634 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| 148d9223f02dba1ba6e40848d413daa3ffc09dfe |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improve the malloc checker stack hint message
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179580 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-path-notes.cpp
alloc-plist.c
|
| d8eeac5bd5e3cca0b3ff3993ee479ec9e66f386e |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not crash when processing binary "?:" in C++
When computing the value of ?: expression, we rely on the last expression in
the previous basic block to be the resulting value of the expression. This is
not the case for binary "?:" operator (GNU extension) in C++. As the last
basic block has the expression for the condition subexpression, which is an
R-value, whereas the true subexpression is the L-value.
Note the operator evaluation just happens to work in C since the true
subexpression is an R-value (like the condition subexpression). CFG is the
same in C and C++ case, but the AST nodes are different, which the LValue to
Rvalue conversion happening after the BinaryConditionalOperator evaluation.
Changed the logic to only use the last expression from the predecessor only
if it matches either true or false subexpression. Note, the logic needed
fortification anyway: L and R were passed but not even used by the function.
Also, change the conjureSymbolVal to correctly compute the type, when the
expression is an LG-value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179574 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator.cpp
|
| 07d8470effc0b0364801adddb6ff92bd22334402 |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pretty printing to CXXBaseObjectRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179573 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 79d0cceb8847bfe6dc9da8eb2ea2f3c6bb73b813 |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address code review for r179395
Mostly refactoring + handle the nested fields by printing the innermost field only.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179572 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 82dd4396fcd2517d06382b7170f393d1b6351c7f |
16-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more specialized error messages for corner cases as per Jordan's code review for r179396
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179571 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 28117be48de465bc2862a8f4aaab09338be5090b |
16-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't assert on a temporary of pointer-to-member type.
While we don't do anything intelligent with pointers-to-members today,
it's perfectly legal to need a temporary of pointer-to-member type to, say,
pass by const reference. Tweak an assertion to allow this.
PR15742 and PR15747
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179563 91177308-0d34-0410-b5e6-96231b3b80d8
ointer-to-member.cpp
|
| 262e0d41e49c6b823d62743535e2accb117a6ea9 |
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Re-enable using global regions as a symbolic base.
Now that we're invalidating global regions properly, we want to continue
taking advantage of a particular optimization: if all global regions are
invalidated together, we can represent the bindings of each region with
a "derived region value" symbol. Essentially, this lazily links each
global region with a single symbol created at invalidation time, rather
than binding each region with a new symbolic value.
We used to do this, but haven't been for a while; the previous commit
re-enabled this code path, and this handles the fallout.
<rdar://problem/13464044>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179554 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator.h
lobal-region-invalidation.c
lobal_region_invalidation.mm
|
| e0208ff84598f48e0aafecf5b543afeff8574045 |
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Properly invalidate global regions on opaque function calls.
This fixes a regression where a call to a function we can't reason about
would not actually invalidate global regions that had explicit bindings.
void test_that_now_works() {
globalInt = 42;
clang_analyzer_eval(globalInt == 42); // expected-warning{{TRUE}}
invalidateGlobals();
clang_analyzer_eval(globalInt == 42); // expected-warning{{UNKNOWN}}
}
This has probably been around since the initial "cluster" refactoring of
RegionStore, if not longer.
<rdar://problem/13464044>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179553 91177308-0d34-0410-b5e6-96231b3b80d8
lobal_region_invalidation.mm
|
| 9a0b3c2f7c440c53b65bd1b085a7471d9f7ed490 |
15-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tests: move system functions into system header simulator files.
Some checkers ascribe different behavior to functions declared in system
headers, so when working with standard library functions it's probably best
to always have them in a standard location.
Test change only (no functionality change), but necessary for the next commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179552 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator.h
alloc+MismatchedDeallocator+NewDelete.cpp
aint-tester.c
|
| 9df151c5bc2a746096632bbd21dc61e18675ed55 |
13-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179428 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
|
| e0c804b214cbca72e00ecefecb19b43c9b0cdda7 |
13-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
NewDeleteLeaks is a subchecker of NewDelete checker; it is tested in NewDelete-checker-test.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179426 91177308-0d34-0410-b5e6-96231b3b80d8
ewDeleteLeaks-checker-test.cpp
|
| b1b683ea5f1ff161b6bbdf2e2519317618ee2811 |
12-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Makes NewDeleteLeaks checker work independently from NewDelete.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179410 91177308-0d34-0410-b5e6-96231b3b80d8
ewDeleteLeaks-checker-test.cpp
|
| 8713e1a5c3f6658d54061e176b5baa9fadf14675 |
12-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Print a diagnostic note even if the region cannot be printed.
There are few cases where we can track the region, but cannot print the note,
which makes the testing limited. (Though, I’ve tested this manually by making
all regions non-printable.) Even though the applicability is limited now, the enhancement
will be more relevant as we start tracking more regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179396 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 9e2f5977a180ae927d05e844c65b8a7873be48a4 |
12-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Print field region even when the base region is not printable
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 7be2245487f9cd7d04f013db92280d9ccd323586 |
12-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Show "Returning from ..." note at caller's depth, not callee's.
Before:
1. Calling 'foo'
2. Doing something interesting
3. Returning from 'foo'
4. Some kind of error here
After:
1. Calling 'foo'
2. Doing something interesting
3. Returning from 'foo'
4. Some kind of error here
The location of the note is already in the caller, not the callee, so this
just brings the "depth" attribute in line with that.
This only affects plist diagnostic consumers (i.e. Xcode). It's necessary
for Xcode to associate the control flow arrows with the right stack frame.
<rdar://problem/13634363>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179351 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
nline-plist.c
nlining/eager-reclamation-path-notes.cpp
nlining/path-notes.c
nlining/path-notes.cpp
nlining/path-notes.m
alloc-plist.c
etain-release-path-notes.m
|
| 3ea09a802f973c2726b2a489ae08a4bded93410b |
12-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't emit extra context arrow after returning from an inlined call.
In this code
int getZero() {
return 0;
}
void test() {
int problem = 1 / getZero(); // expected-warning {{Division by zero}}
}
we generate these arrows:
+-----------------+
| v
int problem = 1 / getZero();
^ |
+---+
where the top one represents the control flow up to the first call, and the
bottom one represents the flow to the division.* It turns out, however, that
we were generating the top arrow twice, as if attempting to "set up context"
after we had already returned from the call. This resulted in poor
highlighting in Xcode.
* Arguably the best location for the division is the '/', but that's a
different problem.
<rdar://problem/13326040>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179350 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nlining/eager-reclamation-path-notes.c
nlining/eager-reclamation-path-notes.cpp
nlining/path-notes.c
nlining/path-notes.cpp
nlining/path-notes.m
etain-release-path-notes.m
|
| 1fd1e288d0f45b86d191d8f53f569e5143f3a18a |
11-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
Force a load when creating a reference to a temporary copied from a bitfield.
For this source:
const int &ref = someStruct.bitfield;
We used to generate this AST:
DeclStmt [...]
`-VarDecl [...] ref 'const int &'
`-MaterializeTemporaryExpr [...] 'const int' lvalue
`-ImplicitCastExpr [...] 'const int' lvalue <NoOp>
`-MemberExpr [...] 'int' lvalue bitfield .bitfield [...]
`-DeclRefExpr [...] 'struct X' lvalue ParmVar [...] 'someStruct' 'struct X'
Notice the lvalue inside the MaterializeTemporaryExpr, which is very
confusing (and caused an assertion to fire in the analyzer - PR15694).
We now generate this:
DeclStmt [...]
`-VarDecl [...] ref 'const int &'
`-MaterializeTemporaryExpr [...] 'const int' lvalue
`-ImplicitCastExpr [...] 'int' <LValueToRValue>
`-MemberExpr [...] 'int' lvalue bitfield .bitfield [...]
`-DeclRefExpr [...] 'struct X' lvalue ParmVar [...] 'someStruct' 'struct X'
Which makes a lot more sense. This allows us to remove code in both
CodeGen and AST that hacked around this special case.
The commit also makes Clang accept this (legal) C++11 code:
int &&ref = std::move(someStruct).bitfield
PR15694 / <rdar://problem/13600396>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179250 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 8cf91f7efb4dcb238fe443915d9a30119ce5b70c |
11-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan’s review of r179219
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179235 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 337ad7627ca82b1bcba37618d40129c3e59be86b |
11-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] +Testcase: several used-after-free args passed to a function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179232 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
|
| 55e57a50a36749ce0483db2f16259649c9d25792 |
11-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Switched to checkPreCall interface for detecting usage after free.
Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179230 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
alloc.mm
ew.cpp
|
| fececcbc3890955fd46f92036e9cb6ee7d0a60f4 |
11-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash in SyntaxCString checker when given a custom strncat.
Fixes PR13476
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179228 91177308-0d34-0410-b5e6-96231b3b80d8
string-syntax-cxx.cpp
|
| 7a87e520e42c1e58c358e3a9a436ef17f551fd13 |
10-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] When reporting a leak in RetainCount checker due to an early exit from init, step into init.
The heuristic here (proposed by Jordan) is that, usually, if a leak is due to an early exit from init, the allocation site will be
a call to alloc. Note that in other cases init resets self to [super init], which becomes the allocation site of the object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179221 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
|
| 27d99dd714895564b526b786284a46b40f53be01 |
10-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Cleanup leak warnings: do not print the names of variables from other functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179219 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
etain-release.m
|
| a5796f87229b4aeebca71fa6ee1790ae7a5a0382 |
09-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType().
Previously, the analyzer used isIntegerType() everywhere, which uses the C
definition of "integer". The C++ predicate with the same behavior is
isIntegerOrUnscopedEnumerationType().
However, the analyzer is /really/ using this to ask if it's some sort of
"integrally representable" type, i.e. it should include C++11 scoped
enumerations as well. hasIntegerRepresentation() sounds like the right
predicate, but that includes vectors, which the analyzer represents by its
elements.
This commit audits all uses of isIntegerType() and replaces them with the
general isIntegerOrEnumerationType(), except in some specific cases where
it makes sense to exclude scoped enumerations, or any enumerations. These
cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>()
plus BuiltinType::isInteger().
isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and
include/clang/StaticAnalysis. :-)
Fixes real assertion failures. PR15703 / <rdar://problem/12350701>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
num.cpp
|
| 0413023bed8ec91d3642cd6ff114957badf51f31 |
09-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator
Test that the path notes do not change. I don’t think we should print a note on escape.
Also, I’ve removed a check that assumed that the family stored in the RefStete could be
AF_None and added an assert in the constructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179075 91177308-0d34-0410-b5e6-96231b3b80d8
alloc+MismatchedDeallocator+NewDelete.cpp
ismatchedDeallocator-path-notes.cpp
alloc.c
|
| f34cb3d3df1612e14a19d259afa3424337cd315e |
08-Apr-2013 |
Ted Kremenek <kremenek@apple.com> |
Tweak warning text for nil value in ObjC container warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179034 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| 3e5ebf1a05603e08f2d0b2b2a5fa9406fe4cfb22 |
06-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When creating a trimmed graph, preserve whether a node is a sink.
This is important because sometimes two nodes are identical, except the
second one is a sink.
This bug has probably been around for a while, but it wouldn't have been an
issue in the old report graph algorithm. I'm ashamed to say I actually looked
at this the first time around and thought it would never be a problem...and
then didn't include an assertion to back that up.
PR15684
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178944 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 68eb4c25e961d18f82b47a0a385f90d7af09bcc3 |
06-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Shorten the malloc checker’s leak message
As per Ted’s suggestion!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178938 91177308-0d34-0410-b5e6-96231b3b80d8
alloc+MismatchedDeallocator+NewDelete.cpp
alloc+NewDelete_intersections.cpp
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
overage.c
alloc-annotations.c
alloc-interprocedural.c
alloc-plist.c
alloc.c
ew.cpp
bjc-boxing.m
|
| 24cac5a4847b9e4673afb9fd02701f273097f57a |
06-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Reword error messages for nil keys and values of NSMutableDictionary.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178935 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| 4b69feb6d90eb120d04f5d54f6b28cc295a46098 |
06-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix null tracking for the given test case, by using the proper state and removing redundant code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178933 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.cpp
|
| e449edc5bdace60f9d754c32abc5459bc7d94a14 |
05-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Re-enable cplusplus.NewDelete (but not NewDeleteLeaks).
As mentioned in the previous commit message, the use-after-free and
double-free warnings for 'delete' are worth enabling even while the
leak warnings still have false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178891 91177308-0d34-0410-b5e6-96231b3b80d8
alloc+MismatchedDeallocator+NewDelete.cpp
alloc+NewDelete_intersections.cpp
ewDelete+MismatchedDeallocator_intersections.cpp
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
ewDelete-path-notes.cpp
ewDelete-variadic.cpp
|
| e85deb356f5d2d2172b7ef70314bc9cfc742a936 |
05-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Split new/delete checker into use-after-free and leaks parts.
This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the
difficult false positives we've seen with the new/delete checker have been
spurious leak warnings; the use-after-free warnings and mismatched
deallocator warnings, while rare, have always been valid.
<rdar://problem/6194569>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178890 91177308-0d34-0410-b5e6-96231b3b80d8
alloc+MismatchedDeallocator+NewDelete.cpp
alloc+NewDelete_intersections.cpp
ewDelete+MismatchedDeallocator_intersections.cpp
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
ewDelete-variadic.cpp
|
| a3ae937ab7b7026953b6e93e0159cf1dd918e2a1 |
05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Path notes for the MismatchedDeallocator checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178862 91177308-0d34-0410-b5e6-96231b3b80d8
ismatchedDeallocator-path-notes.cpp
|
| 0c2b10485317afa88fb25ad917ee238e76342f08 |
05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Better name for the test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178861 91177308-0d34-0410-b5e6-96231b3b80d8
ismatchedDeallocator-checker-test.mm
lloc-match-dealloc.mm
|
| 610f79cbab4d752349b5c81a94682a6a82b102e7 |
05-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Show path diagnostic for C++ initializers
Also had to modify the PostInitializer ProgramLocation to contain the field region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178826 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 6e22712b73ce5f0361355c9f2d0fa81b56722cd8 |
05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Updated the testcase.
Missed check added to testMallocFreeNoWarn().
Removed FIXMEs as the current behaviour is considered acceptable now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178824 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-intersections.mm
|
| 648cb71625a2ab3164b2cacac9e9cb3d22b03bd7 |
05-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp
This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new.
Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).
Additional changes:
improved test coverage for checker correlations;
refactoring: BadDealloc -> MismatchedDealloc
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178814 91177308-0d34-0410-b5e6-96231b3b80d8
alloc+MismatchedDeallocator+NewDelete.cpp
alloc+MismatchedDeallocator_intersections.cpp
alloc+NewDelete_intersections.cpp
ewDelete+MismatchedDeallocator_intersections.cpp
ewDelete-checker-test.cpp
|
| b11a9086ebaf8e081daa8a6cd94ea99c97c027d2 |
05-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Enable destructor inlining by default (c++-inlining=destructors).
This turns on not only destructor inlining, but inlining of constructors
for types with non-trivial destructors. Per r178516, we will still not
inline the constructor or destructor of anything that looks like a
container unless the analyzer-config option 'c++-container-inlining' is
set to 'true'.
In addition to the more precise path-sensitive model, this allows us to
catch simple smart pointer issues:
#include <memory>
void test() {
std::auto_ptr<int> releaser(new int[4]);
} // memory allocated with 'new[]' should not be deleted with 'delete'
<rdar://problem/12295363>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178805 91177308-0d34-0410-b5e6-96231b3b80d8
lloc-match-dealloc.mm
nalyzer-config.cpp
|
| 44405b7aacdb869be129430313a7bcb050336aa4 |
05-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCountChecker: refactor annotation handling.
...and add a new test case.
I thought this was broken, but it isn't; refactoring and reformatting anyway
so that I don't make the same mistake again. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178799 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 702077f14100f2d7acdb12ad49b53e64efc37d72 |
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow tracknullOrUndef look through the ternary operator even when condition is unknown
Improvement of r178684 and r178685.
Jordan has pointed out that I should not rely on the value of the condition to know which expression branch
has been taken. It will not work in cases the branch condition is an unknown value (ex: we do not track the constraints for floats).
The better way of doing this would be to find out if the current node is the right or left successor of the node
that has the ternary operator as a terminator (which is how this is done in other places, like ConditionBRVisitor).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178701 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| 08291a937a149dbd036fd6ac8ab061eb8034343d |
03-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Correctly handle destructors for lifetime-extended temporaries.
The lifetime of a temporary can be extended when it is immediately bound
to a local reference:
const Value &MyVal = Value("temporary");
In this case, the temporary object's lifetime is extended for the entire
scope of the reference; at the end of the scope it is destroyed.
The analyzer was modeling this improperly in two ways:
- Since we don't model temporary constructors just yet, we create a fake
temporary region when it comes time to "materialize" a temporary into
a real object (lvalue). This wasn't taking base casts into account when
the bindings being materialized was Unknown; now it always respects base
casts except when the temporary region is itself a pointer.
- When actually destroying the region, the analyzer did not actually load
from the reference variable -- it was basically destroying the reference
instead of its referent. Now it does do the load.
This will be more useful whenever we finally start modeling temporaries,
or at least those that get bound to local reference variables.
<rdar://problem/13552274>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178697 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 88530f880e7f3b1874f6bb98d7cfe84348ed0227 |
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename “Mac OS X API”, “Mac OS API” -> “API Misuse (Apple)”
As they are relevant on both Mac and iOS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178687 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 841f16846e17f625874ecfe9c6dba822d29a2b95 |
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn when nil receiver results in forming null reference
This also allows us to ensure IDC/return null suppression gets triggered in such cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178686 91177308-0d34-0410-b5e6-96231b3b80d8
eference.mm
|
| cabc3fddae63f5eb3bd44bdecce7a3fbd69421a9 |
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] make peelOffOuterExpr in BugReporterVisitors recursively peel off select Exprs
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178685 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| c1bef5671e682de5a573c7c6b66871b36de0ec61 |
03-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Properly handle the ternary operator in trackNullOrUndefValue
1) Look for the node where the condition expression is live when checking if
it is constrained to true or false.
2) Fix a bug in ProgramState::isNull, which was masking the problem. When
the expression is not a symbol (,which is the case when it is Unknown) return
unconstrained value, instead of value constrained to “false”!
(Thankfully other callers of isNull have not been effected by the bug.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178684 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| ecee1651c100342366a9417c85c6e50399039930 |
03-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Better model for copying of array fields in implicit copy ctors.
- Find the correct region to represent the first array element when
constructing a CXXConstructorCall.
- If the array is trivial, model the copy with a primitive load/store.
- Don't warn about the "uninitialized" subscript in the AST -- we don't use
the helper variable that Sema provides.
<rdar://problem/13091608>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178602 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
|
| 3d11708c491a96198ebfee49079ae458ed90eaf8 |
02-Apr-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Moving cplusplus.NewDelete to alpha.* for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178529 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
ewDelete-path-notes.cpp
ewDelete-variadic.cpp
|
| 658a28479dd775f6ff2c07fa5699a7ea01e04127 |
02-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated
Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore
about processing LazyCompoundVal as a top-level “escaping” value.
This addresses several false positives that get triggered by the NewDelete checker, but the
underlying issue is reproducible with other checkers as well (for example, MallocChecker).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.cpp
|
| c63a460d78a7625ff38d2b3580f78030c44f07db |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline [cd]tors of C++ containers.
This is a heuristic to make up for the fact that the analyzer doesn't
model C++ containers very well. One example is modeling that
'std::distance(I, E) == 0' implies 'I == E'. In the future, it would be
nice to model this explicitly, but for now it just results in a lot of
false positives.
The actual heuristic checks if the base type has a member named 'begin' or
'iterator'. If so, we treat the constructors and destructors of that type
as opaque, rather than inlining them.
This is intended to drastically reduce the number of false positives
reported with experimental destructor support turned on. We can tweak the
heuristic in the future, but we'd rather err on the side of false negatives
for now.
<rdar://problem/13497258>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178516 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.cpp
iagnostics/explicit-suppression.cpp
nlining/containers.cpp
nlining/stl.cpp
|
| a12643622ad3b85972dfdd80fe9006a3e8d8fb80 |
02-Apr-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Allow suppressing diagnostics reported within the 'std' namespace
This is controlled by the 'suppress-c++-stdlib' analyzer-config flag.
It is currently off by default.
This is more suppression than we'd like to do, since obviously there can
be user-caused issues within 'std', but it gives us the option to wield
a large hammer to suppress false positives the user likely can't work
around.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178513 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
iagnostics/explicit-suppression.cpp
|
| e6f2bf86288bc45060b21c4f55a6153b8ba80443 |
30-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle caching out while evaluating a C++ new expression.
Evaluating a C++ new expression now includes generating an intermediate
ExplodedNode, and this node could very well represent a previously-
reachable state in the ExplodedGraph. If so, we can short-circuit the
rest of the evaluation.
Caught by the assertion a few lines later.
<rdar://problem/13510065>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178401 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 5184dd45b046b5c68a095d2d18a157723aeb904f |
30-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Garbage removed
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178398 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-intersections.mm
|
| 70be6d8401a0b9b2570476ba976a3f67f849c137 |
30-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Test added
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178397 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-intersections.mm
|
| 8e452e7d6ee00a7d12eb54b91498b59b6fefef4f |
30-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Enabled unix.Malloc checker.
+ Refactoring.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178388 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
ewDelete-custom.cpp
ewDelete-intersections.mm
ewDelete-path-notes.cpp
ewDelete-variadic.cpp
|
| 1f3b5d990e9afa0b2b8db0908f46d8de7818e642 |
30-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Tests for intersections with other checkers from MallocChecker.cpp factored out to NewDelete-intersections.mm
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178387 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.cpp
ewDelete-checker-test.mm
|
| 84e8a960ad76b3c7ca550b4cc92a1b90ed16d5c1 |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan’s review of r178309 - do not register an extra visitor for nil receiver
We can check if the receiver is nil in the node that corresponds to the StmtPoint of the message send.
At that point, the receiver is guaranteed to be live. We will find at least one unreclaimed node due to
my previous commit (look for StmtPoint instead of PostStmt) and the fact that the nil receiver nodes are tagged.
+ a couple of extra tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178381 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.m
|
| 84e480447a20a8a5ed9ee561c8901475f0a4fd9c |
29-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add static initializer test case (from <rdar://problem/13227740>).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178321 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| 0f5c5c60e9806d13f0907cd99d7204ffab0e08f7 |
29-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer support for conditionally executing static initializers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178318 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| 41988f331a74a72cf243a2a68ffb56418e9a174e |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape
Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.
This should suppress several false positives reported by the NewDelete checker on llvm codebase.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.mm
|
| aabb4c5eacca6d78ef778f33ec5cd4c755d71a39 |
29-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Apply the suppression rules to the nil receiver only if the value participates in the computation of the nil we warn about.
We should only suppress a bug report if the IDCed or null returned nil value is directly related to the value we are warning about. This was
not the case for nil receivers - we would suppress a bug report that had an IDCed nil receiver on the path regardless of how it’s
related to the warning.
1) Thread EnableNullFPSuppression parameter through the visitors to differentiate between tracking the value which
is directly responsible for the bug and other values that visitors are tracking (ex: general tracking of nil receivers).
2) in trackNullOrUndef specifically address the case when a value of the message send is nil due to the receiver being nil.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178309 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
nlining/inline-defensive-checks.m
|
| 849c7bf718ed3c08bd66b93f0bd508a44bb2f669 |
28-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] These implements unix.MismatchedDeallocatorChecker checker.
+ Improved display names for allocators and deallocators
The checker checks if a deallocation function matches allocation one. ('free' for 'malloc', 'delete' for 'new' etc.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178250 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.mm
lloc-match-dealloc.mm
ree.c
alloc.mm
|
| 697462881c4b9b704c7859f4bab0a6116c684bb1 |
28-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] For now assume all standard global 'operator new' functions allocate memory in heap.
+ Improved test coverage for cplusplus.NewDelete checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178244 91177308-0d34-0410-b5e6-96231b3b80d8
ewDelete-checker-test.mm
ewDelete-custom.cpp
ewDelete-variadic.cpp
|
| 0353b70b6a1f51e0b59c4707d2d73870f075b322 |
27-Mar-2013 |
Fariborz Jahanian <fjahanian@apple.com> |
Fixes a typo in my last patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178184 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 7e35274df4a598d5e3e4b8b5567bcb256fc2ab2f |
27-Mar-2013 |
Fariborz Jahanian <fjahanian@apple.com> |
Objective-C: Issue more precise warning when user
is accessing 'isa' as an object pointer.
// rdar://13503456. FixIt to follow in another patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178179 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| b061720ddf88b4a1934dbbb1b874a424716cd7d7 |
27-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use evalBind for C++ new of scalar types.
These types will not have a CXXConstructExpr to do the initialization for
them. Previously we just used a simple call to ProgramState::bindLoc, but
that doesn't trigger proper checker callbacks (like pointer escape).
Found by Anton Yartsev.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178160 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 8b43d2b0ea2d72b53a10f38903b176e58cb93b9c |
27-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Split "incomplete implementation" warnings for ObjC into separate warnings.
Previously all unimplemented methods for a class were grouped under
a single warning, with all the unimplemented methods mentioned
as notes. Based on feedback from users, most users would like
a separate warning for each method, with a note pointing back to
the original method declaration.
Implements <rdar://problem/13350414>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178097 91177308-0d34-0410-b5e6-96231b3b80d8
R3991.m
ethod-arg-decay.m
r4209.m
|
| ddb61764abf07ea4580796752d87fda53378ba26 |
27-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Better test for r178063.
Jordan pointed out that my previously committed test was bogus.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178094 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| 1533833e21ae5b3f5f39b168b3fbac109ee77008 |
27-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make sure IDC works for ‘NSContainer value/key is nil’ checks.
Register the nil tracking visitors with the region and refactor trackNullOrUndefValue a bit.
Also adds the cast and paren stripping before checking if the value is an OpaqueValueExpr
or ExprWithCleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178093 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| 8a660eb1084294a903f6dcc00bf2fa4e3bc92cfc |
26-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change inlining policy to inline small functions when reanalyzing ObjC methods as top level.
This allows us to better reason about(inline) small wrapper functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178063 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| 5db8fac5f304d9973f724d5aeb4108367d36f781 |
25-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Set concrete offset bindings to UnknownVal when processing symbolic offset binding, even if no bindings are present.
This addresses an undefined value false positive from concreteOffsetBindingIsInvalidatedBySymbolicOffsetAssignment.
Fixes PR14877; radar://12991168.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177905 91177308-0d34-0410-b5e6-96231b3b80d8
egion-store.c
|
| 2de19edab6001d2c17720d02fe0760b9b452192a |
25-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177849 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
ewDelete-checker-test.mm
ewDelete-path-notes.cpp
nline.cpp
ew.cpp
|
| 8f7bfb40b72f478d83b018a280f99c0386576ae3 |
24-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Teach ConstraintManager to ignore NonLoc <> NonLoc comparisons.
These aren't generated by default, but they are needed when either side of
the comparison is tainted.
Should fix our internal buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177846 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 4708b3dde86b06f40927ae9cf30a2de83949a8f2 |
23-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Teach constraint managers about unsigned comparisons.
In C, comparisons between signed and unsigned numbers are always done in
unsigned-space. Thus, we should know that "i >= 0U" is always true, even
if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0'
is signed.
Part of <rdar://problem/13239003> (false positives related to std::vector)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177806 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.cpp
|
| 281698935f62ac1d35ddd3533a562c1589aadc8b |
23-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Also transform "a < b" to "(b - a) > 0" in the constraint manager.
We can support the full range of comparison operations between two locations
by canonicalizing them as subtraction, as in the previous commit.
This won't work (well) if either location includes an offset, or (again)
if the comparisons are not consistent about which region comes first.
<rdar://problem/13239003>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177803 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 78114a58f8cf5e9b948e82448b2f0904f5b6c19e |
23-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Translate "a != b" to "(b - a) != 0" in the constraint manager.
Canonicalizing these two forms allows us to better model containers like
std::vector, which use "m_start != m_finish" to implement empty() but
"m_finish - m_start" to implement size(). The analyzer should have a
consistent interpretation of these two symbolic expressions, even though
it's not properly reasoning about either one yet.
The other unfortunate thing is that while the size() expression will only
ever be written "m_finish - m_start", the comparison may be written
"m_finish == m_start" or "m_start == m_finish". Right now the analyzer does
not attempt to canonicalize those two expressions, since it doesn't know
which length expression to pick. Doing this correctly will probably require
implementing unary minus as a new SymExpr kind (<rdar://problem/12351075>).
For now, the analyzer inverts the order of arguments in the comparison to
build the subtraction, on the assumption that "begin() != end()" is
written more often than "end() != begin()". This is purely speculation.
<rdar://problem/13239003>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177801 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 8958efacf8d52918cfe624116338bec62312582d |
23-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use SymExprs to represent '<loc> - <loc>' and '<loc> == <loc>'.
We just treat this as opaque symbols, but even that allows us to handle
simple cases where the same condition is tested twice. This is very common
in the STL, which means that any project using the STL gets spurious errors.
Part of <rdar://problem/13239003>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177800 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| b095782ec09329b474a4e0d0ccdad4c15d515b39 |
23-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn when a nil key or value are passed to NSMutableDictionary and ensure it works with subscripting.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177789 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| 88de5a0963cbd2b92810d20d1bfbd9eb4951dc42 |
22-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 12921.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177767 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 03af377b2755fb2ddb0621dea5dd91cd5fda631d |
22-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test to actually test what was intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177763 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.cpp
|
| f8e2c06cea1548c437761cb65cfbf97d50a057a7 |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't invalidate globals when there's no call involved.
This fixes some mistaken condition logic in RegionStore that caused
global variables to be invalidated when /any/ region was invalidated,
rather than only as part of opaque function calls. This was only
being used by CStringChecker, and so users will now see that strcpy()
and friends do not invalidate global variables.
Also, add a test case we don't handle properly: explicitly-assigned
global variables aren't being invalidated by opaque calls. This is
being tracked by <rdar://problem/13464044>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177572 91177308-0d34-0410-b5e6-96231b3b80d8
lobal_region_invalidation.mm
tring.c
|
| 74f6982232c25ae723b1cc5abc59665a10867f21 |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track malloc'd memory into struct fields.
Due to improper modelling of copy constructors (specifically, their
const reference arguments), we were producing spurious leak warnings
for allocated memory stored in structs. In order to silence this, we
decided to consider storing into a struct to be the same as escaping.
However, the previous commit has fixed this issue and we can now properly
distinguish leaked memory that happens to be in a struct from a buffer
that escapes within a struct wrapper.
Originally applied in r161511, reverted in r174468.
<rdar://problem/12945937>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177571 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
imple-stream-checks.c
|
| f8ddc098981d4d85cad4e72fc6dfcfe83b842b66 |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Invalidate regions indirectly accessible through const pointers.
In this case, the value of 'x' may be changed after the call to indirectAccess:
struct Wrapper {
int *ptr;
};
void indirectAccess(const Wrapper &w);
void test() {
int x = 42;
Wrapper w = { x };
clang_analyzer_eval(x == 42); // TRUE
indirectAccess(w);
clang_analyzer_eval(x == 42); // UNKNOWN
}
This is important for modelling return-by-value objects in C++, to show
that the contents of the struct are escaping in the return copy-constructor.
<rdar://problem/13239826>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8
all-invalidation.cpp
|
| 4d25b51d582bc7a6a4d83be1642be2f4e812beef |
20-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add an integer version of the Circle tests in uninit-vals.m.
A floating-point version is nice for testing unknown values, but it's
good to be able to check all parts of the structure as well.
Test change only, no functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177455 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.m
|
| 9f3495aeaa24da4eacf8f6c274adcef65e2f3617 |
19-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not believe lazy binding when symbolic region types do not match
This fixes a crash when analyzing LLVM that was exposed by r177220 (modeling of
trivial copy/move assignment operators).
When we look up a lazy binding for “Builder”, we see the direct binding of Loc at offset 0.
Previously, we believed the binding, which led to a crash. Now, we do not believe it as
the types do not match.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177453 91177308-0d34-0410-b5e6-96231b3b80d8
egion-store.cpp
ninit-vals.m
|
| 6e65e1047f861d4db87ad0154c171ac66d53b649 |
19-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test case for diagnostic suppression on a graph with cycles.
(see previous commit)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177449 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/shortest-path-suppression.c
|
| 4b94f4daa13118441b4cf53b7e57cae1b48dc427 |
18-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn when a ‘nil’ object is added to NSArray or NSMutableArray.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177318 91177308-0d34-0410-b5e6-96231b3b80d8
SContainers.m
|
| a8d937e4bdd39cdf503f77454e9dc4c9c730a9f7 |
16-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move assignment operators with a bind as well.
r175234 allowed the analyzer to model trivial copy/move constructors as
an aggregate bind. This commit extends that to trivial assignment
operators as well. Like the last commit, one of the motivating factors here
is not warning when the right-hand object is partially-initialized, which
can have legitimate uses.
<rdar://problem/13405162>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177220 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
|
| 74c0d6988462c2cb882e7a8b8050fe119a5af56f |
16-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use isLiveRegion to determine when SymbolRegionValue is dead.
Fixes a FIXME, improves dead symbol collection, suppresses a false positive,
which resulted from reusing the same symbol twice for simulation of 2 calls to the same function.
Fixing this lead to 2 possible false negatives in CString checker. Since the checker is still alpha and
the solution will not require revert of this commit, move the tests to a FIXME section.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177206 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
tring.c
|
| f510f5cd57fa9b7ea6f6e103c65c0df95a55d986 |
16-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] BugReporterVisitors: handle the case where a ternary operator is wrapped in a cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177205 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| 6a15f39a6bfd7a30085c5fa8f67d0b64b74b132a |
15-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through ExprWhenCleanups when trying to track a NULL.
Silences a few false positives in LLVM.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177186 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.cpp
|
| dc9c160dede7e2f5cc11755db6aaa57e7fccbcec |
15-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach trackNullOrUndef to look through ternary operators
Allows the suppression visitors trigger more often.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177137 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| a4bb4f6ca8dd31ad96cb9526a5abe1273f18ff40 |
14-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change the way in which IDC Visitor decides to kick in and make sure it attaches in the given edge case
In the test case below, the value V is not constrained to 0 in ErrorNode but it is in node N.
So we used to fail to register the Suppression visitor.
We also need to change the way we determine that the Visitor should kick in because the node N belongs to
the ExplodedGraph and might not be on the BugReporter path that the visitor sees. Instead of trying to match the node,
turn on the visitor when we see the last node in which the symbol is ‘0’.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177121 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.cpp
|
| 4a374f9a58a5b350ec2e4123b20c9884ed1f5f15 |
14-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix scan-build's -stats mode.
We were failing to match the output line, which led to us collecting no
stats at all, which led to a divide-by-zero error.
Fixes PR15510.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177084 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-stats.c
|
| 6022c4e17c0d2ad9c43ef6bc830d394b670a4705 |
13-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] BugReporter - more precise tracking of C++ references
When BugReporter tracks C++ references involved in a null pointer violation, we
want to differentiate between a null reference and a reference to a null pointer. In the
first case, we want to track the region for the reference location; in the second, we want
to track the null pointer.
In addition, the core creates CXXTempObjectRegion to represent the location of the
C++ reference, so teach FindLastStoreBRVisitor about it.
This helps null pointer suppression to kick in.
(Patch by Anna and Jordan.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176969 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.cpp
nlining/false-positive-suppression.cpp
|
| c5b9c8bc6d77175f6d41d898511b1e7b1e2f86f8 |
13-Mar-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Handle Objc Fast enumeration for "loop is executed 0 times".
Fixes <rdar://problem/12322528>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176965 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| f96df9083937e198721f0e1dbd21d882bb4413ae |
11-Mar-2013 |
Jan Wen Voung <jvoung@google.com> |
Partly revert "Move clang tests that depend on llvm/ADT/Statistic.h to a subdir".
This reverts commit 176730, and uses "REQUIRES: asserts" instead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176815 91177308-0d34-0410-b5e6-96231b3b80d8
tats/lit.local.cfg
tats/objc-method-coverage.m
tats/stats.c
bjc-method-coverage.m
tats.c
|
| 0415998dd77986630efe8f1aed633519cc41e1f3 |
09-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Suppress IDC checker aware that it might not start from the same node it was registered at
The visitor used to assume that the value it’s tracking is null in the first node it examines. This is not true.
If we are registering the Suppress Inlined Defensive checks visitor while traversing in another visitor
(such as FindlastStoreVisitor). When we restart with the IDC visitor, the invariance of the visitor does
not hold since the symbol we are tracking no longer exists at that point.
I had to pass the ErrorNode when creating the IDC visitor, because, in some cases, node N is
neither the error node nor will be visible along the path (we had not finalized the path at that point
and are dealing with ExplodedGraph.)
We should revisit the other visitors which might not be aware that they might get nodes, which are
later in path than the trigger point.
This suppresses a number of inline defensive checks in JavaScriptCore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176756 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.cpp
|
| 80412c4e28c8247ad9c8d30d04c94938f01b21fb |
09-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename AttrNonNullChecker -> NonNullParamChecker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176755 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 6cc4e25e76981ae47019bc47911724eaaf2f9a3f |
09-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add test case for reference to null pointer param check
This tests that we track the original Expr if getDerefExpr fails.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176754 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.cpp
|
| 9fe09f30f76cb65ca2a5fcd8e649f5b2f0cf02bd |
09-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be more consistent about Objective-C methods that free memory.
Previously, MallocChecker's pointer escape check and its post-call state
update for Objective-C method calls had a fair amount duplicated logic
and not-entirely-consistent checks. This commit restructures all this to
be more consistent and possibly allow us to be more aggressive in warning
about double-frees.
New policy (applies to system header methods only):
(1) If this is a method we know about, model it as taking/holding ownership
of the passed-in buffer.
(1a) ...unless there's a "freeWhenDone:" parameter with a zero (NO) value.
(2) If there's a "freeWhenDone:" parameter (but it's not a method we know
about), treat the buffer as escaping if the value is non-zero (YES) and
non-escaping if it's zero (NO).
(3) If the first selector piece ends with "NoCopy" (but it's not a method we
know about and there's no "freeWhenDone:" parameter), treat the buffer
as escaping.
The reason that (2) and (3) don't explicitly model the ownership transfer is
because we can't be sure that they will actually free the memory using free(),
and we wouldn't want to emit a spurious "mismatched allocator" warning
(coming in Anton's upcoming patch). In the future, we may have an idea of a
"generic deallocation", i.e. we assume that the deallocator is correct but
still continue tracking the region so that we can warn about double-frees.
Patch by Anton Yartsev, with modifications from me.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176744 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-for-malloc.h
alloc.mm
|
| 0183768813658d419e3124b576744b03ec8e9b55 |
09-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look for lvalue nodes when tracking a null pointer.
r176010 introduced the notion of "interesting" lvalue expressions, whose
nodes are guaranteed never to be reclaimed by the ExplodedGraph. This was
used in bugreporter::trackNullOrUndefValue to find the region that contains
the null or undef value being tracked.
However, the /rvalue/ nodes (i.e. the loads from these lvalues that produce
a null or undef value) /are/ still being reclaimed, and if we couldn't
find the node for the rvalue, we just give up. This patch changes that so
that we look for the node for either the rvalue or the lvalue -- preferring
the former, since it lets us fall back to value-only tracking in cases
where we can't get a region, but allowing the latter as well.
<rdar://problem/13342842>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176737 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/eager-reclamation-path-notes.cpp
|
| 325de0ca0cdcde7b4ff9eef4796c48685572c60f |
08-Mar-2013 |
Jan Wen Voung <jvoung@google.com> |
Move clang tests that depend on llvm/ADT/Statistic.h to a subdir.
The subdirectory has a lit.local.cfg that marks the tests unsupported
if llvm was built without Asserts. There will be a patch in LLVM
that disables statistics gathering when built without Asserts so
that full Release builds can be faster. Statistics can also
be enabled by building with -DLLVM_ENABLE_STATS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176730 91177308-0d34-0410-b5e6-96231b3b80d8
tats/lit.local.cfg
tats/objc-method-coverage.m
tats/stats.c
bjc-method-coverage.m
tats.c
|
| 018e9aa033ff7363797c62fc3b14669d0558284b |
07-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn on passing a reference to null pointer as an argument in a call
Warn about null pointer dereference earlier when a reference to a null pointer is
passed in a call. The idea is that even though the standard might allow this, reporting
the issue earlier is better for diagnostics (the error is reported closer to the place where
the pointer was set to NULL). This also simplifies analyzer’s diagnostic logic, which has
to track “where the null came from”. As a consequence, some of our null pointer
warning suppression mechanisms started triggering more often.
TODO: Change the name of the file and class to reflect the new check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176612 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
eference.cpp
|
| c236b7327f989c1e7fe6b08a188bfef86727513d |
07-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check for returning null references in ReturnUndefChecker.
Officially in the C++ standard, a null reference cannot exist. However,
it's still very easy to create one:
int &getNullRef() {
int *p = 0;
return *p;
}
We already check that binds to reference regions don't create null references.
This patch checks that we don't create null references by returning, either.
<rdar://problem/13364378>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176601 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.cpp
nlining/path-notes.cpp
eference.cpp
|
| 42773d64f98db0dd5cc80181c3b2d561851668f7 |
06-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Pass the correct Expr to the bug reporter visitors when dealing with CompoundLiteralExpr
This allows us to trigger the IDC visitor in the added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176577 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.m
|
| 713e07591995d761f65c7132289dce003a29870f |
06-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] IDC: Add config option; perform the idc check on first “null node” rather than last “non-null”.
The second modification does not lead to any visible result, but, theoretically, is what we should
have been looking at to begin with since we are checking if the node was assumed to be null in
an inlined function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176576 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/inline-defensive-checks.c
|
| 5aff3f1e9a66fa72576a6b04c8c319c17e0360c6 |
05-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't let cf_audited_transfer override CFRetain semantics.
We weren't treating a cf_audited_transfer CFRetain as returning +1 because
its name doesn't contain "Create" or "Copy". Oops! Fortunately, the
standard definitions of these functions are not marked audited.
<rdar://problem/13339601>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176463 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-cf-audited.m
|
| cc5dbdae70c6eb2423921f52a35ba4686d2969cf |
02-Mar-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simple inline defensive checks suppression
Inlining brought a few "null pointer use" false positives, which occur because
the callee defensively checks if a pointer is NULL, whereas the caller knows
that the pointer cannot be NULL in the context of the given call.
This is a first attempt to silence these warnings by tracking the symbolic value
along the execution path in the BugReporter. The new visitor finds the node
in which the symbol was first constrained to NULL. If the node belongs to
a function on the active stack, the warning is reported, otherwise, it is
suppressed.
There are several areas for follow up work, for example:
- How do we differentiate the cases where the first check is followed by
another one, which does happen on the active stack?
Also, this only silences a fraction of null pointer use warnings. For example, it
does not do anything for the cases where NULL was assigned inside a callee.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.c
nlining/inline-defensive-checks.c
nlining/path-notes.c
|
| d764e20189dbb42b38ada383a0a159f6adc0d56c |
02-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Special-case bitfields when finding sub-region bindings.
Previously we were assuming that we'd never ask for the sub-region bindings
of a bitfield, since a bitfield cannot have subregions. However,
unification of code paths has made that assumption invalid. While we could
take advantage of this by just checking for the single possible binding,
it's probably better to do the right thing, so that if/when we someday
support unions we'll do the right thing there, too.
This fixes a handful of false positives in analyzing LLVM.
<rdar://problem/13325522>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176388 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| 9abf1b4577b75ffcc46afbdfb55de334f68f05c0 |
01-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Suppress paths involving a reference whose rvalue is null.
Most map types have an operator[] that inserts a new element if the key
isn't found, then returns a reference to the value slot so that you can
assign into it. However, if the value type is a pointer, it will be
initialized to null. This is usually no problem.
However, if the user /knows/ the map contains a value for a particular key,
they may just use it immediately:
// From ClangSACheckersEmitter.cpp
recordGroupMap[group]->Checkers
In this case the analyzer reports a null dereference on the path where the
key is not in the map, even though the user knows that path is impossible
here. They could silence the warning by adding an assertion, but that means
splitting up the expression and introducing a local variable. (Note that
the analyzer has no way of knowing that recordGroupMap[group] will return
the same reference if called twice in a row!)
We already have logic that says a null dereference has a high chance of
being a false positive if the null came from an inlined function. This
patch simply extends that to references whose rvalues are null as well,
silencing several false positives in LLVM.
<rdar://problem/13239854>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176371 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nlining/false-positive-suppression.cpp
nlining/path-notes.cpp
|
| 854e75575e1d54ef9c8f4d812c646b325737eaa6 |
27-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test for previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176202 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.m
|
| 6f4160828db75f36b22a204da202723c592644f3 |
27-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Teach FindLastStoreBRVisitor to understand stores of the same value.
Consider this case:
int *p = 0;
p = getPointerThatMayBeNull();
*p = 1;
If we inline 'getPointerThatMayBeNull', we might know that the value of 'p'
is NULL, and thus emit a null pointer dereference report. However, we
usually want to suppress such warnings as error paths, and we do so by using
FindLastStoreBRVisitor to see where the NULL came from. In this case, though,
because 'p' was NULL both before and after the assignment, the visitor
would decide that the "last store" was the initialization, not the
re-assignment.
This commit changes FindLastStoreBRVisitor to consider all PostStore nodes
that assign to this region. This still won't catches changes made directly
by checkers if they re-assign the same value, but it does handle the common
case in user-written code and will trigger ReturnVisitor's suppression
machinery as expected.
<rdar://problem/13299738>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176201 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.m
nlining/false-positive-suppression.c
ull-deref-path-notes.m
list-output.m
|
| a11f22f60673c6c9556976b49e64bf7fa751f4eb |
27-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Turn on C++ constructor inlining by default.
This enables constructor inlining for types with non-trivial destructors.
The plan is to enable destructor inlining within the next month, but that
needs further verification.
<rdar://problem/12295329>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176200 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.cpp
|
| deb8f5d533b7bcd962976ecdbc1464fe754b6de0 |
27-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If a struct has a partial lazy binding, its fields aren't Undef.
This is essentially the same problem as r174031: a lazy binding for the first
field of a struct may stomp on an existing default binding for the
entire struct. Because of the way RegionStore is set up, we can't help
but lose the top-level binding, but then we need to make sure that accessing
one of the other fields doesn't come back as Undefined.
In this case, RegionStore is now correctly detecting that the lazy binding
we have isn't the right type, but then failing to follow through on the
implications of that: we don't know anything about the other fields in the
aggregate. This fix adds a test when searching for other kinds of default
values to see if there's a lazy binding we rejected, and if so returns
a symbolic value instead of Undefined.
The long-term fix for this is probably a new Store model; see
<rdar://problem/12701038>.
Fixes <rdar://problem/13292559>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176144 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.m
|
| 4238f41d484729aca260140fbbc53a68769bf60a |
26-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Use 'MemRegion::printPretty()' instead of assuming the region is a VarRegion.
Fixes PR15358 and <rdar://problem/13295437>.
Along the way, shorten path diagnostics that say "Variable 'x'" to just
be "'x'". By the context, it is obvious that we have a variable,
and so this just consumes text space.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176115 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
efault-diagnostic-visitors.c
iagnostics/deref-track-symbolic-region.cpp
iagnostics/undef-value-caller.c
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
nline-plist.c
nlining/eager-reclamation-path-notes.c
nlining/path-notes.c
nlining/path-notes.m
ethod-call-path-notes.cpp
ull-deref-path-notes.m
list-output-alternate.m
list-output.m
nix-fns.c
|
| eafb5c694cc5d165149fcb9453bc9355fb0d44a5 |
26-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't look through casts when creating pointer temporaries.
Normally, we need to look through derived-to-base casts when creating
temporary object regions (added in r175854). However, if the temporary
is a pointer (rather than a struct/class instance), we need to /preserve/
the base casts that have been applied.
This also ensures that we really do create a new temporary region when
we need to: MaterializeTemporaryExpr and lvalue CXXDefaultArgExprs.
Fixes PR15342, although the test case doesn't include the crash because
I couldn't isolate it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176069 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| a0e6e6dd37f4acee8477c106d5e5679de015d120 |
26-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] StackAddrEscapeChecker: strip qualifiers from temporary types.
With the new support for trivial copy constructors, we are not always
consistent about whether a CXXTempObjectRegion gets reused or created
from scratch, which affects whether qualifiers are preserved. However,
we probably don't care anyway.
This also switches to using the current PrintingPolicy for the type,
which means C++ types don't get a spurious 'struct' prefix anymore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176068 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| db061e40d639da0d938f915f0eef9e9772019c22 |
25-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Restrict ObjC type inference to methods that have related result type.
This addresses a case when we inline a wrong method due to incorrect
dynamic type inference. Specifically, when user code contains a method from init
family, which creates an instance of another class.
Use hasRelatedResultType() to find out if our inference rules should be triggered.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176054 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/ObjCDynTypePopagation.m
|
| fbdbed3bde8577815826b9d15790e5effb913f7b |
25-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle reference parameters with default values.
r175026 added support for default values, but didn't take reference
parameters into account, which expect the default argument to be an
lvalue. Use createTemporaryRegionIfNeeded if we can evaluate the default
expr as an rvalue but the expected result is an lvalue.
Fixes the most recent report of PR12915. The original report predates
default argument support, so that can't be it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176042 91177308-0d34-0410-b5e6-96231b3b80d8
lobal_region_invalidation.mm
nline.cpp
|
| 6dc5c33fd4334ccf4a661c331f86e23829e51d55 |
25-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Base regions may be invalid when layered on symbolic regions.
While RegionStore checks to make sure casts on TypedValueRegions are valid,
it does not do the same for SymbolicRegions, which do not have perfect type
info anyway. Additionally, MemRegion::getAsOffset does not take a
ProgramState, so it can't use dynamic type info to determine a better type
for the regions. (This could also be dangerous if the type of a super-region
changes!)
Account for this by checking that a base object region is valid on top of a
symbolic region, and falling back to "symbolic offset" mode if not.
Fixes PR15345.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176034 91177308-0d34-0410-b5e6-96231b3b80d8
einterpret-cast.cpp
|
| 43b82b823a6113fdbee54243b280db9c55ef72cb |
24-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] tracking stores/constraints now works for ObjC ivars or struct fields.
This required more changes than I originally expected:
- ObjCIvarRegion implements "canPrintPretty" et al
- DereferenceChecker indicates the null pointer source is an ivar
- bugreporter::trackNullOrUndefValue() uses an alternate algorithm
to compute the location region to track by scouring the ExplodedGraph.
This allows us to get the actual MemRegion for variables, ivars,
fields, etc. We only hand construct a VarRegion for C++ references.
- ExplodedGraph no longer drops nodes for expressions that are marked
'lvalue'. This is to facilitate the logic in the previous bullet.
This may lead to a slight increase in size in the ExplodedGraph,
which I have not measured, but it is likely not to be a big deal.
I have validated each of the changed plist output.
Fixes <rdar://problem/12114812>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.c
iagnostics/undef-value-param.c
list-output-alternate.m
list-output.m
|
| ae7396c3891748762d01431e16541b3eb9125c4d |
22-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't canonicalize the RecordDecl used in CXXBaseObjectRegion.
This Decl shouldn't be the canonical Decl; it should be the Decl used by
the CXXBaseSpecifier in the subclass. Unfortunately, that means continuing
to throw getCanonicalDecl() on all comparisons.
This fixes MemRegion::getAsOffset's use of ASTRecordLayout when redeclarations
are involved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175913 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| b04a2387ac23adfa063de03844cb16c0d77fb405 |
22-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Implement "Loop executed 0 times" diagnostic correctly.
Fixes <rdar://problem/13236549>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175863 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 8dadf15224f1a8df96793e5fc4e0b0e38a5ffbe4 |
22-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Place all inlining policy checks into one palce
Previously, we had the decisions about inlining spread out
over multiple functions.
In addition to the refactor, this commit ensures
that we will always inline BodyFarm functions as long as the Decl
is available. This fixes false positives due to those functions
not being inlined when no or minimal inlining is enabled such (as
shallow mode).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175857 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 5e5440ba9c135f523f72e7e7c5da59d390d697c5 |
22-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make sure a materialized temporary matches its bindings.
This is a follow-up to r175830, which made sure a temporary object region
created for, say, a struct rvalue matched up with the initial bindings
being stored into it. This does the same for the case in which the AST
actually tells us that we need to create a temporary via a
MaterializeObjectExpr. I've unified the two code paths and moved a static
helper function onto ExprEngine.
This also caused a bit of test churn, causing us to go back to describing
temporary regions without a 'const' qualifier. This seems acceptable; it's
our behavior from a few months ago.
<rdar://problem/13265460> (part 2)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175854 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
emporaries.cpp
|
| f08740ba5903d089a53cc315c19286e2189f9ff3 |
22-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in modeling assignments of an address of a variable to itself. Fixes <rdar://problem/13226577>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175852 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| 9f1d541ef1aca8f953e5bb4e7177969f0a2062d5 |
22-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make sure a temporary object region matches its initial bindings.
When creating a temporary region (say, when a struct rvalue is used as
the base of a member expr), make sure we account for any derived-to-base
casts. We don't actually record these in the LazyCompoundVal that
represents the rvalue, but we need to make sure that the temporary region
we're creating (a) matches the bindings, and (b) matches its expression.
Most of the time this will do exactly the same thing as before, but it
fixes spurious "garbage value" warnings introduced in r175234 by the use
of lazy bindings to model trivial copy constructors.
<rdar://problem/13265460>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175830 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 0cd3142cc55f69acae1568ed9ba80470c6fabe61 |
21-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add another reinterpret_cast behavior test.
The test is similar to <rdar://problem/13239840> but doesn't actually test
the case that fails there. It's still a good test, though.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175715 91177308-0d34-0410-b5e6-96231b3b80d8
einterpret-cast.cpp
|
| 11f0cae4bf4f62dcc706d33c1f795d460cd64816 |
21-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tighten up safety in the use of lazy bindings.
- When deciding if we can reuse a lazy binding, make sure to check if there
are additional bindings in the sub-region.
- When reading from a lazy binding, don't accidentally strip off casts or
base object regions. This slows down lazy binding reading a bit but is
necessary for type sanity when treating one class as another.
A bit of minor refactoring allowed these two checks to be unified in a nice
early-return-using helper function.
<rdar://problem/13239840>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175703 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
erived-to-base.cpp
|
| 65f991ccbec43b4a860f70594c92528ee8fb7c6f |
19-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't accidentally strip off base object regions for lazy bindings.
If a base object is at a 0 offset, RegionStoreManager may find a lazy
binding for the entire object, then try to attach a FieldRegion or
grandparent CXXBaseObjectRegion on top of that (skipping the intermediate
region). We now preserve as many layers of base object regions necessary
to make the types match.
<rdar://problem/13239840>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175556 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| 724cfee8b506ffef6f55e556a3329a7403ef7198 |
18-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Disable dead stores checker for template instantations. Fixes <rdar://problem/13213575>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175425 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| 12e0c13819f09162aa8ff1036351be4f97839cae |
16-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
libAnalysis: Add a case for TypeAliasDecl in CFGRecStmtDeclVisitor.
Neither of the current clients of CFGRecStmtDeclVisitor are doing
anything with typedefs, so I assume type aliases (C++11 "using")
can be safely ignored. This was causing assertion failures in
the analyzer.
<rdar://problem/13228440>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175335 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| ada0d224fcff5ff07c9dd846379592f92ccf5ee7 |
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't assert when mixing reinterpret_cast and derived-to-base casts.
This just adds a very simple check that if a DerivedToBase CastExpr is
operating on a value with known C++ object type, and that type is not the
base type specified in the AST, then the cast is invalid and we should
return UnknownVal.
In the future, perhaps we can have a checker that specifies that this is
illegal, but we still shouldn't assert even if the user turns that checker
off.
PR14872
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175239 91177308-0d34-0410-b5e6-96231b3b80d8
einterpret-cast.cpp
|
| bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a |
15-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind."
...after a host of optimizations related to the use of LazyCompoundVals
(our implementation of aggregate binds).
Originally applied in r173951.
Reverted in r174069 because it was causing hangs.
Re-applied in r174212.
Reverted in r174265 because it was /still/ causing hangs.
If this needs to be reverted again it will be punted to far in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175234 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
emporaries.cpp
|
| 697a68590a75f5cd2326c8f686a6c666b51688b6 |
14-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Try constant-evaluation for all variables, not just globals.
In C++, constants captured by lambdas (and blocks) are not actually stored
in the closure object, since they can be expanded at compile time. In this
case, they will have no binding when we go to look them up. Previously,
RegionStore thought they were uninitialized stack variables; now, it checks
to see if they are a constant we know how to evaluate, using the same logic
as r175026.
This particular code path is only for scalar variables. Constant arrays and
structs are still unfortunately unhandled; we'll need a stronger solution
for those.
This may have a small performance impact, but only for truly-undefined
local variables, captures in a non-inlined block, and non-constant globals.
Even then, in the non-constant case we're only doing a quick type check.
<rdar://problem/13105553>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175194 91177308-0d34-0410-b5e6-96231b3b80d8
locks-no-inline.c
|
| 38f68ef19cb51d5876e9025b5fceb44b33ec9ed7 |
13-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use Clang's evaluation for global constants and default arguments.
Previously, we were handling only simple integer constants for globals and
the smattering of implicitly-valued expressions handled by Environment for
default arguments. Now, we can use any integer constant expression that
Clang can evaluate, in addition to everything we handled before.
PR15094 / <rdar://problem/12830437>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175026 91177308-0d34-0410-b5e6-96231b3b80d8
lobal-region-invalidation.c
nline.cpp
|
| d523df6a143a97eea46916c6e31c8f2a0728bf28 |
09-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Invalidation checker: move the "missing implementation" check
The missing definition check should be in the same category as the
missing ivar validation - in this case, the intent is to invalidate in
the given class, as described in the declaration, but the implementation
does not perform the invalidation. Whereas the MissingInvalidationMethod
checker checks the cases where the method intention is not to
invalidate. The second checker has potential to have a much higher false
positive rate.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174787 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 722cd9e3c0142948b9eb3190211dbc0dd4da4105 |
09-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Split IvarInvalidation into two checkers
Separate the checking for the missing invalidation methods into a
separate checker so that it can be turned on/off independently.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174781 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 26db7dbf67b1532b2d617b3a85428699a1ffc997 |
09-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] IvarInvalidation: add annotation for partial invalidation
The new annotation allows having methods that only partially invalidate
IVars and might not be called from the invalidation methods directly
(instead, are guaranteed to be called before the invalidation occurs).
The checker is going to trust the programmer to call the partial
invalidation method before the invalidator.This is common in cases when
partial object tear down happens before the death of the object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174779 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 8185674528423e2504a1fae35c28c24104846510 |
08-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Teach BugReporter (extensive diagnostics) to emit a diagnostic when a loop body is skipped.
Fixes <rdar://problem/12322528>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174736 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 118aa750c5cfe975542dce8e41586b2054d1f5dd |
08-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Report bugs when freeing memory with offset pointer
The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point to the
start of the allocated memory. For example:
int *p1 = malloc(sizeof(int));
p1++;
free(p1); // warn
From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry
in the list of potential checkers.
A patch by Branden Archer!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174678 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 233e26acc0ff2a1098f4c813f69286fce840a422 |
08-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pointer escape type param to checkPointerEscape callback
The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.
A patch by Branden Archer!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-for-simple-stream.h
nputs/system-header-simulator.h
alloc.c
imple-stream-checks.c
|
| 2b6876173b36d92aaf379c29cb339d91b4d358ee |
08-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't reinitialize static globals more than once along a path
This patch makes sure that we do not reinitialize static globals when
the function is called more than once along a path. The motivation is
code with initialization patterns that rely on 2 static variables, where
one of them has an initializer while the other does not. Currently, we
reset the static variables with initializers on every visit to the
function along a path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174676 91177308-0d34-0410-b5e6-96231b3b80d8
lobal-region-invalidation.c
lobal_region_invalidation.mm
|
| b98c6fe8877b809d4da3020692c9b38f972b92cf |
06-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Revert part of r161511; suppresses leak false positives in C++
This is a "quick fix".
The underlining issue is that when a const pointer to a struct is passed
into a function, we do not invalidate the pointer fields. This results
in false positives that are common in C++ (since copy constructors are
prevalent). (Silences two llvm false positives.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174468 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
alloc.cpp
|
| 5846720f08a6b225484bfe663599c2b057a99bc8 |
05-Feb-2013 |
Ted Kremenek <kremenek@apple.com> |
Change subexpressions to be visited in the CFG from left-to-right.
This is a more natural order of evaluation, and it is very important
for visualization in the static analyzer. Within Xcode, the arrows
will not jump from right to left, which looks very visually jarring.
It also provides a more natural location for dataflow-based diagnostics.
Along the way, we found a case in the analyzer diagnostics where we
needed to indicate that a variable was "captured" by a block.
-fsyntax-only timings on sqlite3.c show no visible performance change,
although this is just one test case.
Fixes <rdar://problem/13016513>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174447 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
nix-fns.c
|
| beca02fc66db76eacdaced9df3bc79530c064842 |
05-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach the analyzer to use a symbol for p when evaluating
(void*)p.
Addresses the false positives similar to the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174436 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 2a3fe34b4a2a1b6ceab8838b896435378ae0e692 |
02-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind."
...again. The problem has not been fixed and our internal buildbot is still
getting hangs.
This reverts r174212, originally applied in r173951, then reverted in r174069.
Will not re-apply until the entire project analyzes successfully on my
local machine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174265 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
emporaries.cpp
|
| 453cb859a3c8dcafe79ae840dfc35ff8eae1b4b3 |
02-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Always inline functions with bodies generated by BodyFarm.
Inlining these functions is essential for correctness. We often have
cases where we do not inline calls. For example, the shallow mode and
when reanalyzing previously inlined ObjC methods as top level.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174245 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 8c888b10fdd2846885e8582b131fa076ce1b77b1 |
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Explain why we have system-header-simulator*.h files.
Suggested by Csaba. Text based on an e-mail of mine on cfe-dev.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174213 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
nputs/system-header-simulator-for-simple-stream.h
nputs/system-header-simulator-objc.h
nputs/system-header-simulator.h
|
| 5500fc193af4b786bbbbee6ece743f523448e90b |
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind."
With the optimization in the previous commit, this should be safe again.
Originally applied in r173951, then reverted in r174069.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174212 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
emporaries.cpp
|
| 978aeac1a90020b2a0ae6c7eb7fe65aa8226f74a |
01-Feb-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Reuse a LazyCompoundVal if its type matches the new region.
This allows us to keep from chaining LazyCompoundVals in cases like this:
CGRect r = CGRectMake(0, 0, 640, 480);
CGRect r2 = r;
CGRect r3 = r2;
Previously we only made this optimization if the struct did not begin with
an aggregate member, to make sure that we weren't picking up an LCV for
the first field of the struct. But since LazyCompoundVals are typed, we can
make that inference directly by comparing types.
This is a pure optimization; the test changes are to guard against possible
future regressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174211 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| cd0655b17249c4c4908ca91462657f62285017e6 |
01-Feb-2013 |
Nick Lewycky <nicholas@mxc.ca> |
Add a new -Wundefined-inline warning for inline functions which are used but not
defined. Fixes PR14993!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174158 91177308-0d34-0410-b5e6-96231b3b80d8
ngine/replay-without-inlining.c
|
| 0217b1d045ea99fe792e83ed1a785816289dd53c |
31-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]RetainCount: Fix an autorelease related false positive.
The Cnt variable is adjusted (incremented) for simplification of
checking logic. The increment should not be stored in the state.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174104 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| e36d81b1eeab13fb1bbd15291d009a1699de6ec1 |
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't track autorelease pools created by +new.
This matches our behavior for autorelease pools created by +alloc. Some
people like to create autorelease pools in one method and release them
somewhere else.
If you want safe autorelease pool semantics, use the new ARC-compatible
syntax: @autoreleasepool { ... }
<rdar://problem/13121353>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174096 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 33e83b6cf776875be5716d214710717a898325c0 |
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind."
It's causing hangs on our internal analyzer buildbot. Will restore after
investigating.
This reverts r173951 / baa7ca1142990e1ad6d4e9d2c73adb749ff50789.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174069 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
emporaries.cpp
|
| 0e450cbd94e5936fdecf42b810069e7becd3938d |
31-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If a lazy binding is undefined, pretend that it's unknown instead.
This is a hack to work around the fact that we don't track extents for our
default bindings:
CGPoint p;
p.x = 0.0;
p.y = 0.0;
rectParam.origin = p;
use(rectParam.size); // warning: uninitialized value in rectParam.size.width
In this case, the default binding for 'p' gets copied into 'rectParam',
because the 'origin' field is at offset 0 within CGRect. From then on,
rectParam's old default binding (in this case a symbol) is lost.
This patch silences the warning by pretending that lazy bindings are never
made from uninitialized memory, but not only is that not true, the original
default binding is still getting overwritten (see FIXME test cases).
The long-term solution is tracked in <rdar://problem/12701038>
PR14765 and <rdar://problem/12875012>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174031 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.m
|
| 5255f27362ffbfedea889870bf8d5812dae97553 |
31-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug in region store that lead to undefined value false
positives.
The includeSuffix was only set on the first iteration through the
function, resulting in invalid regions being produced by getLazyBinding
(ex: zoomRegion.y).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174016 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| ac3a3e7a402cd349dd2b7d70cd92c5fe702ae831 |
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make shallow mode more shallow.
Redefine the shallow mode to inline all functions for which we have a
definite definition (ipa=inlining). However, only inline functions that
are up to 4 basic blocks large and cut the max exploded nodes generated
per top level function in half.
This makes shallow faster and allows us to keep inlining small
functions. For example, we would keep inlining wrapper functions and
constructors/destructors.
With the new shallow, it takes 104s to analyze sqlite3, whereas
the deep mode is 658s and previous shallow is 209s.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173958 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| 6bbe1442a5f3f5f761582a9005e9edf1d49c4da2 |
30-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use analyzer config for max-inlinable-size option.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173957 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| baa7ca1142990e1ad6d4e9d2c73adb749ff50789 |
30-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Model trivial copy/move ctors with an aggregate bind.
This is faster for the analyzer to process than inlining the constructor
and performing a member-wise copy, and it also solves the problem of
warning when a partially-initialized POD struct is copied.
Before:
CGPoint p;
p.x = 0;
CGPoint p2 = p; <-- assigned value is garbage or undefined
After:
CGPoint p;
p.x = 0;
CGPoint p2 = p; // no-warning
This matches our behavior in C, where we don't see a field-by-field copy.
<rdar://problem/12305288>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173951 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
emporaries.cpp
|
| 07c52d2813a6b5e4025276d3687bd25f75fd51b9 |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] C++ initializers may require cleanups; look through these.
When the analyzer sees an initializer, it checks if the initializer
contains a CXXConstructExpr. If so, it trusts that the CXXConstructExpr
does the necessary work to initialize the object, and performs no further
initialization.
This patch looks through any implicit wrapping expressions like
ExprWithCleanups to find the CXXConstructExpr inside.
Fixes PR15070.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173557 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
|
| 44ec3f00e64199667edf9f12c0f31f66916c95fe |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track null object lvalues back through C++ method calls.
The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'.
We emit an error if 'a' is NULL, but previously didn't actually track
the null value back through the 'a->b' expression, which caused us to
miss important false-positive-suppression cases, including
<rdar://problem/12676053>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173547 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.cpp
|
| aeca2cc3a6f486abff3fdfb4e82903cd3ca4267e |
26-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add 'prune-paths' config option to disable path pruning.
This should be used for testing only. Path pruning is still on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173545 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/no-prune-paths.c
|
| 10442564e1ba3c4dfb184cc4e36beffbee4811c3 |
26-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Comment parsing: actually check for a block command after "\param x"
This fixes PR15068.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173539 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 3d115cfd1b9c48155d478b1f2f14dba1b6ba9a91 |
25-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'XPASS: *' from tests
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173511 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
tors-in-dtor-cfg-output.cpp
nitializers-cfg-output.cpp
emp-obj-dtors-cfg-output.cpp
|
| a6cd5cd98b45298ed6a13ff14551a43d1a210a32 |
25-Jan-2013 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test: Drop "REQUIRES:shell" in three tests. They can run on win32.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173419 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags-multifile.c
|
| d130140cb7bce73b4350c5d50495443abe38418a |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add "-analyzer-config mode=[deep|shallow] ".
The idea is to introduce a higher level "user mode" option for
different use scenarios. For example, if one wants to run the analyzer
for a small project each time the code is built, they would use
the "shallow" mode.
The user mode option will influence the default settings for the
lower-level analyzer options. For now, this just influences the ipa
modes, but we plan to find more optimal settings for them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173386 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
hallow-mode.m
|
| bfa9ab8183e2fdc74f8633d758cb0c6201314320 |
25-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Replace "-analyzer-ipa" with "-analyzer-config ipa".
The idea is to eventually place all analyzer options under
"analyzer-config". In addition, this lays the ground for introduction of
a high-level analyzer mode option, which will influence the
default setting for IPAMode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173385 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
ase-init.cpp
locks-no-inline.c
tor-inlining.mm
erived-to-base.cpp
tor.cpp
ynamic-cast.cpp
nitializer.cpp
nline.cpp
nlining/DynDispatchBifurcate.m
nlining/InlineObjCClassMethod.m
nlining/ObjCDynTypePopagation.m
nlining/ObjCImproperDynamictallyDetectableCast.m
nlining/RetainCountExamples.m
nlining/assume-super-init-does-not-return-nil.m
nlining/dyn-dispatch-bifurcate.cpp
nlining/retain-count-self-init.m
nlining/stl.cpp
nlining/test_objc_inlining_option.m
ethod-call-path-notes.cpp
ethod-call.cpp
isc-ps-region-store.cpp
perator-calls.cpp
ointer-to-member.cpp
efcnt_naming.m
einterpret-cast.cpp
elf-init.m
emporaries.cpp
nix-fns.c
|
| 38878aa394dc6e08146288e86939956bc742fb0b |
23-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Add a test case for 'analyzer_noreturn' on category methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173295 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| a5b6469a55fb8796353b073f6c12694b0adc77c2 |
23-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Honor attribute 'analyzer_noreturn' on Objective-C methods.
This isn't likely a full solution, but it catches the common cases
and can be refined over time.
Fixes <rdar://problem/11634353>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173291 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| 141b90cd3d095b638045d9bc2a070af37d32e1e1 |
21-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test for r173067.
Note to self: don't remove comments /after/ updating the line-sensitive
part of a test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173070 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 187f8bd88bfc92cf3fea62b7d8db5f92edce410a |
21-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Show notes inside implicit calls at the last explicit call site.
Before:
struct Wrapper { <-- 2. Calling default constructor for 'NonTrivial'.
NonTrivial m;
};
Wrapper w; <-- 1. Calling implicit default constructor for 'Wrapper'.
After:
struct Wrapper {
NonTrivial m;
};
Wrapper w; <-- 1. Calling implicit default constructor for 'Wrapper'.
^-- 2. Calling default constructor for 'NonTrivial'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173067 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 2b9de0bc05e3e1092a9d1880e62aeaa54dc343e3 |
19-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't show "Entered 'foo'" if 'foo' is implicit.
Before:
Calling implicit default constructor for 'Foo' (where Foo is constructed)
Entered call from 'test' (at "=default" or 'Foo' declaration)
Calling default constructor for 'Bar' (at "=default" or 'Foo' declaration)
After:
Calling implicit default constructor for 'Foo' (where Foo is constructed)
Calling default constructor for 'Bar' (at "=default" or 'Foo' declaration)
This only affects the plist diagnostics; this note is never shown in the
other diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172915 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| 6ee777de8b35a3a18da424356aebe9ec743dc497 |
19-Jan-2013 |
Chandler Carruth <chandlerc@gmail.com> |
Move an input header file under an Inputs directory to be consistent
with other auxilliary test inputs and simplify the identification of
inputs to tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172890 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/Inputs/include/sys/queue.h
iagnostics/false-positive-suppression.c
iagnostics/include/sys/queue.h
|
| 1dfebd9f995066a229c34516eb14bc69c6bcde2c |
19-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Suppress warnings coming out of macros defined in sys/queue.h
Suppress the warning by just not emitting the report. The sink node
would get generated, which is fine since we did reach a bad state.
Motivation
Due to the way code is structured in some of these macros, we do not
reason correctly about it and report false positives. Specifically, the
following loop reports a use-after-free. Because of the way the code is
structured inside of the macro, the analyzer assumes that the list can
have cycles, so you end up with use-after-free in the loop, that is
safely deleting elements of the list. (The user does not have a way to
teach the analyzer about shape of data structures.)
SLIST_FOREACH_SAFE(item, &ctx->example_list, example_le, tmpitem) {
if (item->index == 3) { // if you remove each time, no complaints
assert((&ctx->example_list)->slh_first == item);
SLIST_REMOVE(&ctx->example_list, item, example_s, example_le);
free(item);
}
}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172883 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/false-positive-suppression.c
iagnostics/include/sys/queue.h
|
| e02be97811c785f91ac43a0feed2db862de1867f |
18-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Special path notes for C++ special member functions.
Examples:
Calling implicit default constructor for Foo
Calling defaulted move constructor for Foo
Calling copy constructor for Foo
Calling implicit destructor for Foo
Calling defaulted move assignment operator for Foo
Calling copy assignment operator for Foo
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172833 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| dc47c9a71c99ce2e5b9d84f1cd3487b6852b3543 |
18-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Do a better job describing C++ member functions in the call stack.
Examples:
Calling constructor for 'Foo'
Entered call from 'Foo::create'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172832 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.cpp
|
| fa2b53c5780a8a6f38803a26e3c6f9f0a9ba8b4d |
18-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] DirectIvarAssignment: allow suppression annotation on Ivars.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172766 91177308-0d34-0410-b5e6-96231b3b80d8
bjc/direct-ivar-assignment-in-annotated-functions.m
|
| d7b1d2467d8bf01be5068dbbad1a6324cee8bf4a |
16-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an annotation to allow suppression of direct ivar
assignment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172597 91177308-0d34-0410-b5e6-96231b3b80d8
bjc/direct-ivar-assignment-in-annotated-functions.m
|
| 79ccd5635495fb4588d0ec47c0bf05764441a14c |
16-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix warning typo.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172596 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 14a372bb7d7681cdfbcebe71b109e773327e4e1c |
14-Jan-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] -drain is not an alias for -release.
This was previously added to support -[NSAutoreleasePool drain], which
behaves like -release under non-GC and "please collect" under GC. We're
not currently modeling the autorelease pool stack, though, so we can
just take this out entirely.
Fixes PR14927.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172444 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 9195caf28f2a5dcef1e299bf3e5232a018ca1c68 |
12-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Refine analyzer's handling of unary '!' and floating types to not assert.
Fixes PR 14634 and <rdar://problem/12903080>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172274 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 707a8659a546d32cf976d4c3927c793a643b18e1 |
11-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Correctly propagate uninitialized values within logical expressions.
Fixes assertion failure reported in PR 14635 and
<rdar://problem/12902945> respectively.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172263 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 6de7daa60412744bcf168c6c0d521688435fe221 |
11-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename the warning: state the issue before the hint of how it
can be fixed
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172170 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| b8f6678bdd54d4dabac416476993343837dd229c |
11-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Recognize ivar invalidation protocol even if it was redeclared
This will get rid of some false positives as well as false negatives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172169 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| ae81e172e93b75594c7053f3226a16b9d8daa6fd |
11-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ivar invalidation: track ivars declared in categories.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172168 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 6503255e4fa0689f427b3b798180fceac29c98c2 |
11-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow IvarInvalidation checker to suppress warnings via
assertions.
To ensure that custom assertions/conditional would also be supported,
just check if the ivar that needs to be invalidated or set to nil is
compared against 0.
Unfortunately, this will not work for code containing 'assert(IvarName)'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172147 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 664566c37f81d70226df22c12aa05d1603b620f3 |
10-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix non-determinizm introduced in r172104.
In some cases, we just pick any ivar that needs invalidation and attach
the warning to it. Picking the first from DenseMap of pointer keys was
triggering non-deterministic output.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172134 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| b1fc673783dd0215a1426b2c411779cd05a16a07 |
10-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more checks to the ObjC Ivar Invalidation checker.
Restructured the checker so that it could easily find two new classes of
issues:
- when a class contains an invalidatable ivar, but no declaration of an
invalidation method
- when a class contains an invalidatable ivar, but no definition of an
invalidation method in the @implementation.
The second case might trigger some false positives, for example, when
the method is defined in a category.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172104 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| beac9e3772e255f89dad0abe34811953121912b2 |
09-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Do not model loads from complex types, since we don't accurately model the imaginary and real parts yet.
Fixes false positive reported in <rdar://problem/12964481>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171987 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 6dfb96045bebe00212d251da1dad4660cb8652ac |
08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Only include uniqueling location as issue_hash when available
This makes us more optimistic when matching reports in a changing code
base. Addresses Jordan's feedback for r171825.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171884 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 97bfb558f69c09b01a5c1510f08dc91eb62329a7 |
08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Include the bug uniqueing location in the issue_hash.
The issue here is that if we have 2 leaks reported at the same line for
which we cannot print the corresponding region info, they will get
treated as the same by issue_hash+description. We need to AUGMENT the
issue_hash with the allocation info to differentiate the two issues.
Add the "hash" (offset from the beginning of a function) representing
allocation site to solve the issue.
We might want to generalize solution in the future when we decide to
track more than just the 2 locations from the diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171825 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| c1c6a4981a4b50476d71c88f8dac81a1430885ed |
08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Plist: change the type of issue_hash from int to string.
This gives more flexibility to what could be stored as issue_hash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171824 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
iagnostics/deref-track-symbolic-region.c
iagnostics/undef-value-caller.c
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
nline-plist.c
nline-unique-reports.c
nlining/eager-reclamation-path-notes.c
nlining/path-notes.c
nlining/path-notes.m
alloc-plist.c
ethod-call-path-notes.cpp
ull-deref-path-notes.m
list-output-alternate.m
list-output.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
nix-fns.c
|
| 0b67c75c988f7188743059713a04ca2320c9f15a |
07-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive in Secure Keychain API checker.
Better handle the blacklisting of known bad deallocators when symbol
escapes through a call to CFStringCreateWithBytesNoCopy.
Addresses radar://12702952.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171770 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 5879fb3f6d559863c18df7132ee3d5fdb62b6ae5 |
07-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive in the ivar invalidation checker.
When a property is "inherited" through both a parent class and directly
through a protocol, we should not require the child to invalidate it
since the backing ivar belongs to the parent class.
(Fixes radar://12913734)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171769 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| dac62528c1a66db867e21cfa7cfc439d557d6f0c |
07-Jan-2013 |
Will Dietz <wdietz2@illinois.edu> |
CFG.cpp: Fix wrapping logic when printing block preds/succs.
First check only wrapped with i==8, second wrapped at i==2,8,18,28,...
This fix restores the intended behavior: i==8,18,28,...
Found with -fsanitize=integer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171718 91177308-0d34-0410-b5e6-96231b3b80d8
fg.cpp
|
| bcde478a5f2600718a225eade94549c9792166b8 |
03-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Fix capitalization of Objective-C in diagnostic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171440 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 344c77aac25e5d960aced3f45fbaa09853383f6d |
03-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename callback EndPath -> EndFunction
This better reflects when callback is called and what the checkers
are relying on. (Both names meant the same pre-IPA.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171432 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-path-unification.c
|
| a05d2741c40c71b59cf6d2f8bbc5d433a5d0e6de |
22-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix typo: objc_no_direct_instance_variable_assignmemt => objc_no_direct_instance_variable_assignment.
Fixes <rdar://problem/12927551>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170971 91177308-0d34-0410-b5e6-96231b3b80d8
bjc/direct-ivar-assignment-in-annotated-functions.m
|
| bd80231672a7418aa1a99d3dbbe1774205c88f74 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-apply r170826 and make the dumping of the GallGraph
deterministic.
Commit message for r170826:
[analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170906 91177308-0d34-0410-b5e6-96231b3b80d8
ebug-CallGraph.c
|
| 6d42f4d8b8a176336a8c49ec3cf5f7fb6545ccfd |
21-Dec-2012 |
Rafael Espindola <rafael.espindola@gmail.com> |
Revert r170826. The output of
./bin/clang -cc1 -internal-isystem /home/espindola/llvm/build/lib/clang/3.3/include/ -analyze -analyzer-checker=debug.DumpCallGraph /home/espindola/llvm/clang/test/Analysis/debug-CallGraph.c -fblocks
changes in each run.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170829 91177308-0d34-0410-b5e6-96231b3b80d8
ebug-CallGraph.c
|
| e34e1939ad67576293b2b205b2169488cc6b3b14 |
21-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170826 91177308-0d34-0410-b5e6-96231b3b80d8
ebug-CallGraph.c
|
| 5964df144c21c548b9963f2ca35e0fa852b2f6f7 |
20-Dec-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Use some heuristics so that when a fixit removes a source range, we try
to also remove a trailing space if possible.
For example, removing '__bridge' from:
i = (__bridge I*)p;
should result in:
i = (I*)p;
not:
i = ( I*)p;
rdar://11314821
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170764 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-sometimes.cpp
|
| bbf4d53343c2bbd082b7c1488f34650a7d07ae3b |
20-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Update RetainCountChecker to understand attribute ns_returns_autoreleased.
Fixes <rdar://problem/12887356>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170724 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 39cf781d62daaec09e443c6e66a01cd7543ffb41 |
17-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Tweak the NumFunctionsAnalyzed stat so that it's more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170362 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-method-coverage.m
|
| 7959671d456c916706a5f61af609d8f1fc95decf |
17-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Implement "do not inline large functions many times"
performance heuristic
After inlining a function with more than 13 basic blocks 32 times, we
are not going to inline it anymore. The idea is that inlining large
functions leads to drastic performance implications. Since the function
has already been inlined, we know that we've analyzed it in many
contexts.
The following metrics are used:
- Large function is a function with more than 13 basic blocks (we
should switch to another metric, like cyclomatic complexity)
- We consider that we've inlined a function many times if it's been
inlined 32 times. This number is configurable with -analyzer-config
max-times-inline-large=xx
This heuristic addresses a performance regression introduced with
inlining on one benchmark. The analyzer on this benchmark became 60
times slower with inlining turned on. The heuristic allows us to analyze
it in 24% of the time. The performance improvements on the other
benchmarks I've tested with are much lower - under 10%, which is
expected.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170361 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| e14999e768fe55f620719fc4fbc361759e990e80 |
13-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Generalize ObjCMissingSuperCallChecker.
We now check a few methods for UIResponder, NSResponder, and NSDocument.
Patch by Julian Mayer!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170089 91177308-0d34-0410-b5e6-96231b3b80d8
uperclass.m
iewcontroller.m
|
| 1812652c24c5a7847654cef9b0875414000af27f |
13-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a self-init checker false positive.
This is a Band-Aid fix to a false positive, where we complain about not
initializing self to [super init], where self is not coming from the
init method, but is coming from the caller to init.
The proper solution would be to associate the self and it's state with
the enclosing init.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170059 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 4f69eb4daa3c5ce8b88535fc560f2ee102a580f4 |
12-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash running destructors for multidimensional arrays.
We don't handle array destructors correctly yet, but we now apply the same
hack (explicitly destroy the first element, implicitly invalidate the rest)
for multidimensional arrays that we already use for linear arrays.
<rdar://problem/12858542>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170000 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| c2cca2361aeafdf9170de2695b17d8bcd1c6f7db |
11-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't generate a summary for "freeWhenDone" if method is
inlined.
Fixes a false positive that occurs if a user writes their own
initWithBytesNoCopy:freeWhenDone wrapper.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169795 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 75f31c4862643ab09479c979fabf754e7ffe1460 |
07-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimization heuristic: do not reanalyze every ObjC method as
top level.
This heuristic is already turned on for non-ObjC methods
(inlining-mode=noredundancy). If a method has been previously analyzed,
while being inlined inside of another method, do not reanalyze it as top
level.
This commit applies it to ObjCMethods as well. The main caveat here is
that to catch the retain release errors, we are still going to reanalyze
all the ObjC methods but without inlining turned on.
Gives 21% performance increase on one heavy ObjC benchmark, which
suffered large performance regressions due to ObjC inlining.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169639 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-method-coverage.m
|
| afa7cae15b117c4b75794c6c32424953d94b4359 |
07-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix r168019 to work with unpruned paths as well.
This is the case where the analyzer tries to print out source locations
for code within a synthesized function body, which of course does not have
a valid source location. The previous fix attempted to do this during
diagnostic path pruning, but some diagnostics have pruning disabled, and
so any diagnostic with a path that goes through a synthesized body will
either hit an assertion or emit invalid output.
<rdar://problem/12657843> (again)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169631 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| 4ee1c557c3ebddb8a9be8f6fb66605b971793820 |
06-Dec-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Simplify RetainCountChecker's handling of dead symbols.
Previously we made three passes over the set of dead symbols, and removed
them from the state /twice/. Now we combine the autorelease pass and the
symbol death pass, and only have to remove the bindings for the symbols
that leaked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169527 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
|
| b929f6636c79565e9a34c0656a962f9b198c5e80 |
06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Use the BlockDecl captures list to infer the direct captures for a BlockDataRegion. Fixes <rdar://problem/12415065>.
We still need to do a recursive walk to determine all static/global variables
referenced by a block, which is needed for region invalidation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169481 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| d515e62c7fc221b773b463a9c4de4eed258f39ec |
05-Dec-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
This test used to fail forever if it failed once, because it does not clean up after itself if it failed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169356 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags.c
|
| 39a62fcd3003785d9cc913ab2820be2f6f27bb40 |
05-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Implement an opt-in variant of direct ivar assignment.
This will only check the direct ivar assignments in the annotated
methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169349 91177308-0d34-0410-b5e6-96231b3b80d8
bjc/direct-ivar-assignment-in-annotated-functions.m
|
| 9c0466603f2051fec9270686dfcd270630e62530 |
29-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Correctly handle IntegralToBool casts in C++ in the static analyzer. Fixes <rdar://problem/12759044>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168843 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 1994e3993e5e2c606f4ab22563768af6f03dad30 |
28-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix another false positive due to a CXX temporary object appearing in a C initializer.
The stop-gap here is to just drop such objects when processing the InitListExpr.
We still need a better solution.
Fixes <rdar://problem/12755044>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168757 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| bd8a11e224c3ec6cbc4bb9b1fc70a8aa3a633e43 |
28-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Provide stop-gap solution to crash reported in PR 14436.
This was also covered by <rdar://problem/12753384>. The static analyzer
evaluates a CXXConstructExpr within an initializer expression and
RegionStore doesn't know how to handle the resulting CXXTempObjectRegion
that gets created. We need a better solution than just dropping the
value, but we need to better understand how to implement the right
semantics here.
Thanks to Jordan for his help diagnosing the behavior here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168741 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 6e99f9f56f320818d814a5474d76a2849e037c55 |
27-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test to work on non-LP64 systems.
Thanks for the original catch in r168303, Takumi.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168671 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| dac6cd533d90fa1f75e66f83f7d5ebc12e34bfb7 |
26-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash reported in PR 14400.
The AllocaRegion did not have the superRegion (based on LocationContext)
as part of it's hash. As a consequence, the AllocaRegions from
different frames were uniqued to be the same region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168599 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 7a29070e01c1b48f85b7d3fced5315db8958fae2 |
19-Nov-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test: Suppress two tests on LLP64 target, Windows x64.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168303 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Report leaks at the closing brace of a function body.
This fixes a few cases where we'd emit path notes like this:
+---+
1| v
p = malloc(len);
^ |2
+---+
In general this should make path notes more consistent and more correct,
especially in cases where the leak happens on the false branch of an if
that jumps directly to the end of the function. There are a couple places
where the leak is reported farther away from the cause; these are usually
cases where there are several levels of nested braces before the end of
the function. This still matches our current behavior for when there /is/
a statement after all the braces, though.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
overage.c
eychainAPI.m
alloc-annotations.c
alloc-interprocedural.c
alloc-plist.c
alloc.c
alloc.cpp
list-output-alternate.m
etain-release.m
imple-stream-checks.c
tackaddrleak.c
|
| 84c484545c5906ba55143e212b4a5275ab55889f |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Mark symbol values as dead in the environment.
This allows us to properly remove dead bindings at the end of the top-level
stack frame, using the ReturnStmt, if there is one, to keep the return value
live. This in turn removes the need for a check::EndPath callback in leak
checkers.
This does cause some changes in the path notes for leak checkers. Previously,
a leak would be reported at the location of the closing brace in a function.
Now, it gets reported at the last statement. This matches the way leaks are
currently reported for inlined functions, but is less than ideal for both.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168066 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
alloc.c
list-output-alternate.m
|
| 5d23eeaaad325c5310591b0b8ae69298fecd21a0 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test case broken by previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168020 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 368f3b070e8cb657a65bfa443d60256676d269e7 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make sure calls in synthesized functions have valid path locations.
We do this by using the "most recent" good location: if a synthesized
function 'A' calls another function 'B', the path notes for the call to 'B'
will be placed at the same location as the path note for calling 'A'.
Similarly, the call to 'A' will have a note saying "Entered call from...",
and now we just don't emit that (since the user doesn't have a body to look
at anyway).
Previously, we were doing this for the "Calling..." notes, but not for the
"Entered call from..." or "Returning to caller". This caused a crash when
the path entered and then exiting a call within a synthesized body.
<rdar://problem/12657843>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168019 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
nix-fns.c
|
| 1fc9a647f9fbcb2374ebc569964c687576437920 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix test in previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167995 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 318fd66628d3ad43459c38d5bffb4ffe202028c3 |
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test case for printing a path note at a PreStmt point.
This is also a false-positive test case for <rdar://problem/12415065>.
<rdar://problem/12687586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167994 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 526e627d2bd7e8cbf630526d315c90864898d9ff |
14-Nov-2012 |
Richard Trieu <rtrieu@google.com> |
Improve -Wtautological-constant-out-of-range-compare by taking into account
type conversion between integers. This allows the warning to be more accurate.
Also, turned the warning off in an analyzer test. The relavent test cases
are covered by the tests in Sema.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167992 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.cpp
|
| 2ccecfaa4852c134191d4075d94e09399ab46fea |
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review for r167813.
This simplifies logic, fixes a bug, and adds a test case.
Thanks Jordan!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167868 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| cbf5f60996fa2bd0ecd779b1472dc5cbad3ca464 |
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
Add a test that shows that reporting a leak after failure to free is
tricky.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167814 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 4141e4dcab6b175374710925aa90d547600a5e66 |
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.
When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we should allow the user to free
the pointer by calling another function when the return value is NULL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167813 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 8f81acfa95a5d2a22fc875c1a10901eaa30b8405 |
13-Nov-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix bad CFG construction bug when handling C++ 'try' statements.
This code assigned the last created CFGBlock* to the variable 'Block',
which is a scratch variable which is null'ed out after a block is
completed. By assigning the last created block to 'Block', we start
editing a completed block, inserting CFGStmts that should be in
another block. This was the case with 'try'. The test case that
showed this had a while loop inside a 'try', and the logic before
the while loop was being included as part of the "condition block"
for the loop. This showed up as a bogus dead store, but could
have lots of implications.
Turns out this bug was replicated a few times within CFG.cpp, so
I went and fixed up those as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167788 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| d51db4935736fd943bfd46dfa74d41e9a3c2d41f |
13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Follow up to r167762 - precisely determine the adjustment
conditions.
The adjustment is needed only in case of dynamic dispatch performed by
the analyzer - when the runtime declaration is different from the static
one.
Document this explicitly in the code (by adding a helper). Also, use
canonical Decls to avoid matching against the case where the definition
is different from found declaration.
This fix suppresses the testcase I added in r167762, so add another
testcase to make sure we do test commit r167762.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167780 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| e7ad14e18247ec6fc3d46b208829e3dac6d85a1d |
12-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a regression (from r 165079): compare canonical types.
Suppresses a leak false positive (radar://12663777).
In addition, we'll need to rewrite the adjustReturnValue() method not to
return UnknownVal by default, but rather assert in cases we cannot
handle. To make it possible, we need to correctly handle some of the
edge cases we already know about.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167762 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| 4e674f77150b52d8e6ae82faf64fbdac79d675d3 |
10-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When invalidating symbolic offset regions, take fields into account.
Previously, RegionStore was being VERY conservative in saying that because
p[i].x and p[i].y have a concrete base region of 'p', they might overlap.
Now, we check the chain of fields back up to the base object and check if
they match.
This only kicks in when dealing with symbolic offset regions because
RegionStore's "base+offset" representation of concrete offset regions loses
all information about fields. In cases where all offsets are concrete
(s.x and s.y), RegionStore will already do the right thing, but mixing
concrete and symbolic offsets can cause bindings to be invalidated that
are known to not overlap (e.g. p[0].x and p[i].y).
This additional refinement is tracked by <rdar://problem/12676180>.
<rdar://problem/12530149>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167654 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| 0fe4d400ab05995727440620c25fe1d185b4e046 |
07-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check that the argument to CFMakeCollectable is non-NULL.
Patch by Sean McBride!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167537 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.m
etain-release.m
|
| 35d4a09efbdc313b02f05612e6501a7ec7d3a37d |
06-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add symbol escapes logic to the SimpleStreamChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167439 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-for-simple-stream.h
imple-stream-checks.c
|
| 8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb |
03-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead on end of path.
This will simplify checkers that need to register for leaks. Currently,
they have to register for both: check dead and check end of path.
I've modified the SymbolReaper to consider everything on the stack dead
if the input StackLocationContext is 0.
(This is a bit disruptive, so I'd like to flash out all the issues
asap.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
imple-stream-checks.c
|
| 32133cfb333510ba94aff040067713c0b32d58c5 |
31-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] SimpleStreamChecker - remove evalAssume and other refinements
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167099 91177308-0d34-0410-b5e6-96231b3b80d8
imple-stream-checks.c
|
| 3719ed248b7b7e239b1b435dd569b007aaea9d26 |
31-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Don't invalidate const arguments when there is no
IdentifierInfo.
Ee: C++ copy constructors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167092 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| eafaad279f7be4552e5a2246fcda1b5d65698104 |
30-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Warn about reallocf with an allocation size of 0, like realloc.
Patch by Sean McBride!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166995 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 3cf9a72743d147f3a6152ba3374f081bac749c28 |
30-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] New checker for missing super calls in UIViewController subclasses.
This is a syntactic checker aimed at helping iOS programmers correctly
subclass and override the methods of UIViewController. While this should
eventually be covered by the 'objc_requires_super' attribute, this
checker can be used with the existing iOS SDKs without any header changes.
This new checker is currently named 'alpha.osx.cocoa.MissingSuperCall'.
Patch by Julian Mayer!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166993 91177308-0d34-0410-b5e6-96231b3b80d8
iewcontroller.m
|
| d65e55d691655462880ffd51c10784955ab6a362 |
29-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add SimpleStreamChecker.
This is an example checker for catching fopen fclose API misuses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166976 91177308-0d34-0410-b5e6-96231b3b80d8
imple-stream-checks.c
|
| 6a329ee7567cf3267ffab2bc755ea8c773d967e7 |
29-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] New option to not suppress null return paths if an argument is null.
Our one basic suppression heuristic is to assume that functions do not
usually return NULL. However, when one of the arguments is NULL it is
suddenly much more likely that NULL is a valid return value. In this case,
we don't suppress the report here, but we do attach /another/ visitor to
go find out if this NULL argument also comes from an inlined function's
error path.
This new behavior, controlled by the 'avoid-suppressing-null-argument-paths'
analyzer-config option, is turned off by default. Turning it on produced
two false positives and no new true positives when running over LLVM/Clang.
This is one of the possible refinements to our suppression heuristics.
<rdar://problem/12350829>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166941 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/false-positive-suppression.c
|
| 09f7bf14d25bdc55cb715bc8d40600906848a409 |
29-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use the CallEnter node to get a value for tracked null arguments.
Additionally, don't collect PostStore nodes -- they are often used in
path diagnostics.
Previously, we tried to track null arguments in the same way as any other
null values, but in many cases the necessary nodes had already been
collected (a memory optimization in ExplodedGraph). Now, we fall back to
using the value of the argument at the time of the call, which may not
always match the actual contents of the region, but often will.
This is a precursor to improving our suppression heuristic.
<rdar://problem/12350829>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166940 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/eager-reclamation-path-notes.c
|
| b85cce094887ab5cf1c47acfe306e2fb1d3cfbb1 |
26-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
TrackConstraintBRVisitor and ConditionBRVisitor can emit similar
path notes for cases where a value may be assumed to be null, etc.
Instead of having redundant diagnostics, do a pass over the generated
PathDiagnostic pieces and remove notes from TrackConstraintBRVisitor
that are already covered by ConditionBRVisitor, whose notes tend
to be better.
Fixes <rdar://problem/12252783>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166728 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
iagnostics/deref-track-symbolic-region.cpp
nline-plist.c
nlining/path-notes.c
ethod-call-path-notes.cpp
ull-deref-path-notes.m
list-output-alternate.m
list-output.m
etain-release-path-notes.m
|
| a0d5878b7e1c54551c0445354788e4259900c03c |
25-Oct-2012 |
David Tweed <david.tweed@arm.com> |
Correct test inovocations to use %clang_cc1 rather than direct invocation (so that it can have additional options set when trying to debug issues causing regressions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166681 91177308-0d34-0410-b5e6-96231b3b80d8
omtest.c
|
| 603513d2294c437b37bcf47f326b686e31bd9e84 |
24-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle 'SomeVar.SomeEnumConstant', which is legal in C++.
This caused assertion failures analyzing LLVM.
<rdar://problem/12560282>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166529 91177308-0d34-0410-b5e6-96231b3b80d8
ember-expr.cpp
|
| 4d9e497a2b1eab3b1214848216050c64fc3acfd6 |
24-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Replace -analyzer-no-eagerly-trim-egraph with graph-trim-interval.
After every 1000 CFGElements processed, the ExplodedGraph trims out nodes
that satisfy a number of criteria for being "boring" (single predecessor,
single successor, and more). Rather than controlling this with a cc1 option,
which can only disable this behavior, we now have an analyzer-config option,
'graph-trim-interval', which can change this interval from 1000 to something
else. Setting the value to 0 disables reclamation.
The next commit relies on this behavior to actually test anything.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166528 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| b59b580a57a36df9d146473098d14c64508ff319 |
20-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Assume 'new' never returns NULL if it could throw an exception.
This is actually required by the C++ standard in
[basic.stc.dynamic.allocation]p3:
If an allocation function declared with a non-throwing
exception-specification fails to allocate storage, it shall return a
null pointer. Any other allocation function that fails to allocate
storage shall indicate failure only by throwing an exception of a type
that would match a handler of type std::bad_alloc.
We don't bother checking for the specific exception type, but just go off
the operator new prototype. This should help with a certain class of lazy
initalization false positives.
<rdar://problem/12115221>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166363 91177308-0d34-0410-b5e6-96231b3b80d8
ew-with-exceptions.cpp
|
| 8e8fb3be5bd78f0564444eca02b404566a5f3b5d |
19-Oct-2012 |
Andy Gibbs <andyg1001@hotmail.co.uk> |
Prior to adding the new "expected-no-diagnostics" directive to VerifyDiagnosticConsumer, make the necessary adjustment to 580 test-cases which will henceforth require this new directive.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166280 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers-invalid.c
FRetainRelease_NSAssertionHandler.m
issingDealloc.m
SPanel.m
oReturn.m
SAtomic_mac.cpp
bjCProperties.m
R9741.cpp
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex-init-list.cpp
oncrete-address.c
string-syntax-cxx.cpp
xx-method-names.cpp
xx11-crashes.cpp
ead-stores.m
elegates.m
ngine/replay-without-inlining.c
dempotent-operations.m
nline2.c
nline3.c
nline4.c
nlining/test_objc_inlining_option.m
value.cpp
alloc-overflow.cpp
ethod-call-intra-p.cpp
isc-ps-64.m
isc-ps-arm.m
isc-ps-eager-assume.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.mm
o-exit-cfg.c
ull-deref-ps-region.c
bjc-bool.m
r_4164.c
dar-6442306-1.m
dar-6562655.m
dar-6600344-nil-receiver-undefined-struct-ret.m
edefined_system.c
egion-1.m
egion-store.c
ecurity-syntax-checks-no-emit.c
tatic_local.m
valbuilder-logic.c
aint-tester.cpp
aint-tester.m
ninit-vals.m
nions-region.m
nions.cpp
|
| c3c26b7390bc4ac3ad122f557a10ba17ab871216 |
18-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ivar invalidation: identify properties declared in protocols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166211 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| d4ce811ae08398e357c8ce3e707ba5f2aa0041a5 |
17-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When binding to a ParenExpr, bind to its inner expression instead.
This actually looks through several kinds of expression, such as
OpaqueValueExpr and ExprWithCleanups. The idea is that binding and lookup
should be consistent, and so if the environment needs to be modified later,
the code doing the modification will not have to manually look through these
"transparent" expressions to find the real binding to change.
This is necessary for proper updating of struct rvalues as described in
the previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166121 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
|
| f1e67d75fc922ff905de9faa6326bb1a96685ec1 |
17-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Create a temporary region when accessing a struct rvalue.
In C++, rvalues that need to have their address taken (for example, to be
passed to a function by const reference) will be wrapped in a
MaterializeTemporaryExpr, which lets CodeGen know to create a temporary
region to store this value. However, MaterializeTemporaryExprs are /not/
created when a method is called on an rvalue struct, even though the 'this'
pointer needs a valid value. CodeGen works around this by creating a
temporary region anyway; now, so does the analyzer.
The analyzer also does this when accessing a field of a struct rvalue.
This is a little unfortunate, since the rest of the struct will soon be
thrown away, but it does make things consistent with the rest of the
analyzer.
This allows us to bring back the assumption that all known 'this' values
are Locs. This is a revised version of r164828-9, reverted in r164876-7.
<rdar://problem/12137950>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166120 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
ields.c
eference.cpp
|
| e0c50fa01d59749e9392ccff50ee6fb90a61725b |
16-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ivar Invalidation: track ivars in continuations and
@implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166047 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 9b29f4fe3d0600edf6ba00d48f2d4f2b1984f247 |
16-Oct-2012 |
David Blaikie <dblaikie@gmail.com> |
Implement GCC's -Wint-to-pointer-cast.
This implementation doesn't warn on anything that GCC doesn't warn on with the
exception of templates specializations (GCC doesn't warn, Clang does). The
specific skipped cases (boolean, constant expressions, enums) are open for
debate/adjustment if anyone wants to demonstrate that GCC is being overly
conservative here. The only really obvious false positive I found was in the
Clang regression suite's MPI test - apparently MPI uses specific flag values in
pointer constants. (eg: #define FOO (void*)~0)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166039 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
dempotent-operations.c
isc-ps-region-store.m
aint-tester.c
|
| bc9e5ffb0d0757238c071764e4bc1fc8a1521097 |
16-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] ObjCContainersASTChecker: minor cleanup and an extra test case.
Follow-up to r165838, which fixed a potential crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166002 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers-invalid.c
|
| 625ce084bc8de75e74b8920593ab761f20ff5971 |
16-Oct-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not warn on direct ivar assignments within copy methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165992 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-properties.m
|
| 42adacbb9bc7b6172bd36f9baa297180c77ab6d7 |
11-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove OSAtomicChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165744 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
isc-ps.m
|
| 786e6204e55cc01094a3e86104c82932a65fb2ca |
11-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Reapply "[analyzer] Treat fields of unions as having symbolic offsets."
This time, actually uncomment the code that's supposed to fix the problem.
This reverts r165671 / 8ceb837585ed973dc36fba8dfc57ef60fc8f2735.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165676 91177308-0d34-0410-b5e6-96231b3b80d8
nions.cpp
|
| 8ceb837585ed973dc36fba8dfc57ef60fc8f2735 |
11-Oct-2012 |
Eric Christopher <echristo@gmail.com> |
Temporarily Revert "[analyzer] Treat fields of unions as having symbolic offsets."
Author: Jordan Rose <jordan_rose@apple.com>
Date: Wed Oct 10 21:31:21 2012 +0000
[analyzer] Treat fields of unions as having symbolic offsets.
This allows only one field to be active at a time in RegionStore.
This isn't quite the correct behavior for unions, but it at least
would handle the case of "value goes in, value comes out" from the
same field.
RegionStore currently has a number of places where any access to a union
results in UnknownVal being returned. However, it is clearly missing
some cases, or the original issue wouldn't have occurred. It is probably
now safe to remove those changes, but that's a potentially destabilizing
change that should wait for more thorough testing.
Fixes PR14054.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165660 91177308-0d34-0410-b5e6-96231b3b80d8
This reverts commit cf9030e480f77ab349672f00ad302e216c26c92c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165671 91177308-0d34-0410-b5e6-96231b3b80d8
nions.cpp
|
| cf9030e480f77ab349672f00ad302e216c26c92c |
10-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat fields of unions as having symbolic offsets.
This allows only one field to be active at a time in RegionStore.
This isn't quite the correct behavior for unions, but it at least
would handle the case of "value goes in, value comes out" from the
same field.
RegionStore currently has a number of places where any access to a union
results in UnknownVal being returned. However, it is clearly missing
some cases, or the original issue wouldn't have occurred. It is probably
now safe to remove those changes, but that's a potentially destabilizing
change that should wait for more thorough testing.
Fixes PR14054.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165660 91177308-0d34-0410-b5e6-96231b3b80d8
nions.cpp
|
| 4eff6b5d6a5cbb6bd669854a84365aa61d70819e |
10-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't run non-path-sensitive checks on system headers...
...but do run them on user headers.
Previously, we were inconsistent here: non-path-sensitive checks on code
/bodies/ were only run in the main source file, but checks on
/declarations/ were run in /all/ headers. Neither of those is the
behavior we want.
Thanks to Sujit for pointing this out!
<rdar://problem/12454226>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165635 91177308-0d34-0410-b5e6-96231b3b80d8
irtualcall.cpp
irtualcall.h
|
| b1368c8089b707616cd76612d4f207e5dc0be22a |
06-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Tweak test to run the retain-count checker even on non-Darwin.
This should fix the bots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165358 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 1e5101e1e52729564b6fc8d7bf146cef33bc31ca |
06-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
ParentMap: Restore the ability to update an existing map.
The Clang ASTs are a DAG, not a pure tree. However, ParentMap has to
choose a single parent for each object. In the main (only?) cases in
which the AST forms a DAG, it protects from multiple traversal by using
OpaqueValueExprs. Previously, ParentMap would just unconditionally look
through all OpaqueValueExprs when building its map.
In order to make this behavior better for the analyzer's diagnostics,
ParentMap was changed to not set a statement's parent if there already
was one in the map. However, ParentMap is supposed to allow updating
existing mappings by calling addStmt once again. This change makes the
"transparency" of OpaqueValueExprs explicit, and disables it when it
is not desired, rather than checking the current contents of the map.
This new code seems like a big change, but it should actually have
essentially the same performance as before. Only OpaqueValueExprs and
their users (PseudoObjectExpr and BinaryConditionalOperator) will
have any different behavior.
There should be no user-visible functionality change, though a test
has been added for the current behavior of BinaryConditionalOperator
source locations and accompanying Xcode arrows (which are not so great...).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165355 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-operator-path-notes.c
|
| cf4ce93caedca1d91ec5824981f9e45eda20b261 |
06-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle implicit statements used for end-of-path nodes' source locs.
Some implicit statements, such as the implicit 'self' inserted for "free"
Objective-C ivar access, have invalid source locations. If one of these
statements is the location where an issue is reported, we'll now look at
the enclosing statements for a valid source location.
<rdar://problem/12446776>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165354 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| ff63227817217cd33c587e054d4892285b8e00c6 |
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "InlineObjCInstanceMethod.m: Remove lines introduced in r165079."
...and fix the run line so that the expected warnings are the same on
all platforms.
This reverts r165088 / d09074f0ca06626914108f1c0d4e70adeb851e01.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165124 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| d09074f0ca06626914108f1c0d4e70adeb851e01 |
03-Oct-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
InlineObjCInstanceMethod.m: Remove lines introduced in r165079. It broke some builds, on FreeBSD, Linux and Windows.
error: 'warning' diagnostics expected but not seen:
Line 94: types are incompatible
1 error generated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165088 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| 48314cf6a289bc5a082d8c769c58a38f924c93b7 |
03-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Adjust the return type of an inlined devirtualized method call.
In C++, overriding virtual methods are allowed to specify a covariant
return type -- that is, if the return type of the base method is an
object pointer type (or reference type), the overriding method's return
type can be a pointer to a subclass of the original type. The analyzer
was failing to take this into account when devirtualizing a method call,
and anything that relied on the return value having the proper type later
would crash.
In Objective-C, overriding methods are allowed to specify ANY return type,
meaning we can NEVER be sure that devirtualizing will give us a "safe"
return value. Of course, a program that does this will most likely crash
at runtime, but the analyzer at least shouldn't crash.
The solution is to check and see if the function/method being inlined is
the function that static binding would have picked. If not, check that
the return value has the same type. If the types don't match, see if we
can fix it with a derived-to-base cast (the C++ case). If we can't,
return UnknownVal to avoid crashing later.
<rdar://problem/12409977>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165079 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
nlining/InlineObjCInstanceMethod.m
|
| 94bb74cef72a33d77c5d6739abfc0840c781eb8e |
02-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Tweak AnalyzerOptions::getOptionAsInteger() to populate the string
table, making it printable with the ConfigDump checker. Along the
way, fix a really serious bug where the value was getting parsed
from the string in code that was in an assert() call. This means
in a Release-Asserts build this code wouldn't work as expected.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165041 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
nalyzer-config.cpp
|
| 9e28fe60bbfa5de196ce4aa396210bf10fc5c266 |
02-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Change AnalyzerOptions::mayInlineCXXMemberFunction to default populate
the config string table. Also setup a test for dumping the analyzer
configuration for C++.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165040 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.cpp
|
| e606e3d224d3fa8f6d4358ec66858d46754457a0 |
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Allow ObjC ivar lvalues where the base is nil.
By analogy with C structs, this seems to be legal, if probably discouraged.
It's only if the ivar is read from or written to that there's a problem.
Running a program that gets the "address" of an instance variable does in
fact return the offset when the base "object" is nil.
This isn't a full revert because r164442 includes some diagnostic tweaks
as well; those have been kept.
This partially reverts r164442 / 08965091770c9b276c238bac2f716eaa4da2dca4.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164960 91177308-0d34-0410-b5e6-96231b3b80d8
vars.m
ull-deref-path-notes.m
|
| 75c5e6df52e055537cf92687cf80fe644233381f |
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test for PR13927 "offsetof replacement flagged as null deref"
This seems to be legal according to C11 6.5.3.2.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164959 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| d27a368f4800b447b970b7c438d0fb4da00838dc |
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Check that a member expr is valid even when the result is an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164958 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
ullptr.cpp
|
| 622b6fb0a1d280c16e135c7e427b79cafffbde1f |
01-Oct-2012 |
Ted Kremenek <kremenek@apple.com> |
Have AnalyzerOptions::getBooleanOption() stick the matching config
string in the config table so that it can be dumped as part of the
config dumper. Add a test to show that these options are sticking
and can be cross-checked using FileCheck.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164954 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-config.c
|
| 0504a598a5dc8f3f45e79d4f8ea206a926507859 |
01-Oct-2012 |
Jordan Rose <jordan_rose@apple.com> |
Reapply "[analyzer] Handle inlined constructors for rvalue temporaries correctly."
This is related to but not blocked by <rdar://problem/12137950>
("Return-by-value structs do not have associated regions")
This reverts r164875 / 3278d41e17749dbedb204a81ef373499f10251d7.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164952 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
tor-inlining.mm
|
| ce6644bc1e921833f9b3c10cf7d4a0b78e8d5dc9 |
29-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Create a temporary region for rvalue structs when accessing fields"
This reverts commit 6f61df3e7256413dcb99afb9673f4206e3c4992c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164877 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
eference.cpp
|
| 20aa40342bd74895128860c081aa84cd85bfa68d |
29-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Create a temp region when a method is called on a struct rvalue."
This reverts commit 0006ba445962621ed82ec84400a6b978205a3fbc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164876 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
|
| 846c898cebf02cb753125633c52e0d1d7fd94b4b |
29-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Handle inlined constructors for rvalue temporaries correctly."
This reverts commit 580cd17f256259f39a382e967173f34d68e73859.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164875 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
tor-inlining.mm
|
| 31f69cc770888ec0f0f7012212e5df7979aba4f3 |
29-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-implement IvarInvalidationChecker so that it verifies that
the validation occurred.
The original implementation was pessimistic - we assumed that ivars
which escape are invalidated. This version is optimistic, it assumes
that the ivars will always be explicitly invalidated: either set to nil
or sent an invalidation message.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164868 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 580cd17f256259f39a382e967173f34d68e73859 |
28-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle inlined constructors for rvalue temporaries correctly.
Previously the analyzer treated all inlined constructors like lvalues,
setting the value of the CXXConstructExpr to the newly-constructed
region. However, some CXXConstructExprs behave like rvalues -- in
particular, the implicit copy constructor into a pass-by-value argument.
In this case, we want only the /contents/ of a temporary object to be
passed, so that we can use the same "copy each argument into the
parameter region" algorithm that we use for scalar arguments.
This may change when we start modeling destructors of temporaries,
but for now this is the last part of <rdar://problem/12137950>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164830 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
tor-inlining.mm
|
| 0006ba445962621ed82ec84400a6b978205a3fbc |
28-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Create a temp region when a method is called on a struct rvalue.
An rvalue has no address, but calling a C++ member function requires a
'this' pointer. This commit makes the analyzer create a temporary region
in which to store the struct rvalue and use as a 'this' pointer whenever
a member function is called on an rvalue, which is essentially what
CodeGen does.
More of <rdar://problem/12137950>. The last part is tracking down the
C++ FIXME in array-struct-region.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164829 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
|
| 6f61df3e7256413dcb99afb9673f4206e3c4992c |
28-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Create a temporary region for rvalue structs when accessing fields
Struct rvalues are represented in the analyzer by CompoundVals,
LazyCompoundVals, or plain ConjuredSymbols -- none of which have associated
regions. If the entire structure is going to persist, this is not a
problem -- either the rvalue will be assigned to an existing region, or
a MaterializeTemporaryExpr will be present to create a temporary region.
However, if we just need a field from the struct, we need to create the
temporary region ourselves.
This is inspired by the way CodeGen handles calls to temporaries;
support for that in the analyzer is coming next.
Part of <rdar://problem/12137950>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164828 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
eference.cpp
|
| bf24792e00a47fd9d74ff21e21d2cbffc6d62818 |
27-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review for r164790.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164803 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-properties.m
|
| 377945cc9e4f23cdbb01ade2a664acd5ff95a888 |
27-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] IvarInvalidation: track synthesized ivars and allow escape
through property getters.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164802 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 88a83e3f3bade5497ff371ed5a570b83d9373e3a |
27-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an experimental ObjC direct ivar assignment checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164790 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-properties.m
|
| b087bbf3cf44a56d60ad1ed6fd5abb48dab0e0b3 |
27-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review comments for r164716.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164788 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 5bf5c2ec54ede5352293e5739e9b44bea2f6b01b |
26-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add experimental ObjC invalidation method checker.
This checker is annotation driven. It checks that the annotated
invalidation method accesses all ivars of the enclosing objects that are
objects of type, which in turn contains an invalidation method.
This is driven by
__attribute((annotation("objc_instance_variable_invalidator")).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164716 91177308-0d34-0410-b5e6-96231b3b80d8
bjc_invalidation.m
|
| 0be2638cc5809bbf8645a2721e80507abd076790 |
26-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Commit a test case for r164579.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164715 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
|
| dc32de2d92fe4e68e44406ee9667265103fb89bf |
26-Sep-2012 |
Nico Weber <nicolasweber@gmx.de> |
Fix two more tests that didn't do anything.
Found with
find test -type f | xargs grep RUN: | grep '%clang' | grep -iv '%s' | grep -v '%t' | grep -v '\\$'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164678 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-for.m
|
| bf7f77ac1cd1f31fc6bf2072327eeee7baed5c6a |
25-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add tests for symbolic expression liveness.
There are very few tests here because SValBuilder is fairly aggressive
about not building SymExprs that we can't evaluate, which saves memory
and CPU but also makes it very much tied to the current constraint
manager. We should probably scale back here and let things decay to
UnknownVal later on.
bitwise-ops.c tests that for the SymExprs we do create, we persist our
assumptions about them. traversal-path-unification.c tests that we do
clean out constraints on arbitrary SymExprs once they have actually died.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164623 91177308-0d34-0410-b5e6-96231b3b80d8
itwise-ops.c
raversal-path-unification.c
|
| 0073a5c7ce38e98365c00921316030627b3d129f |
25-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Reapply "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings."
Previously, we'd just keep constraints around forever, which means we'd
never be able to merge paths that differed only in constraints on dead
symbols.
Because we now allow constraints on symbolic expressions, not just single
symbols, this requires changing SymExpr::symbol_iterator to include
intermediate symbol nodes in its traversal, not just the SymbolData leaf
nodes.
This depends on the previous commit to be correct. Originally applied in
r163444, reverted in r164275, now being re-applied.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164622 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-path-unification.c
|
| 70e5b575e187beb10f4a10667d9f4f5227131c40 |
24-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Really turn on dynamic-bifurcation on by default.
Thanks to Byoungyoung for realizing taht we are not passing the default
option correctly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164543 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| b9d4e5e3bb235f1149e99d3c833ff7cb3474c9f1 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Suppress bugs whose paths go through the return of a null pointer.
This is a heuristic intended to greatly reduce the number of false
positives resulting from inlining, particularly inlining of generic,
defensive C++ methods that live in header files. The suppression is
triggered in the cases where we ask to track where a null pointer came
from, and it turns out that the source of the null pointer was an inlined
function call.
This change brings the number of bug reports in LLVM from ~1500 down to
around ~300, a much more manageable number. Yes, some true positives may
be hidden as well, but from what I looked at the vast majority of silenced
reports are false positives, and many of the true issues found by the
analyzer are still reported.
I'm hoping to improve this heuristic further by adding some exceptions
next week (cases in which a bug should still be reported).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164449 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nlining/false-positive-suppression.c
nlining/path-notes.c
nlining/path-notes.m
|
| 53221da865144db0ba6bd89ab30bcf81de0fe5d2 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track a null value back through FindLastStoreBRVisitor.
Also, tidy up the other tracking visitors so that they mark the right
things as interesting and don't do extra work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164448 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nlining/path-notes.c
list-output-alternate.m
list-output.m
|
| 6686b6694a7998623550ff6529f2f53bfee94328 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through OpaqueValueExprs when tracking a nil value.
This allows us to show /why/ a particular object is nil, even when it is
wrapped in an OpaqueValueExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164445 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.m
|
| 85e99373835fe1b4cec624bc48dc8dfe14c2a783 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Better path notes for null pointers passed as arguments.
Rather than saying "Null pointer value stored to 'foo'", we now say
"Passing null pointer value via Nth parameter 'foo'", which is much better.
The note is also now on the argument expression as well, rather than the
entire call.
This paves the way for continuing to track arguments back to their sources.
<rdar://problem/12211490>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164444 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
|
| 991bcb4370fe849603346ebbddc8dd47bc29d235 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check that an ObjCIvarRefExpr's base is non-null even as an lvalue.
Like with struct fields, we want to catch cases like this early,
so that we can produce better diagnostics and path notes:
PointObj *p = nil;
int *px = &p->_x; // should warn here
*px = 1;
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164442 91177308-0d34-0410-b5e6-96231b3b80d8
vars.m
isc-ps.m
ull-deref-path-notes.m
|
| dd1d7d88f1fe6d7d7e79acaec3f83bc10d9f7b97 |
22-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check that a member expr is valid even when the result is an lvalue.
We want to catch cases like this early, so that we can produce better
diagnostics and path notes:
Point *p = 0;
int *px = &p->x; // should warn here
*px = 1;
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164441 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
ullptr.cpp
|
| cc85d217d329aa3c78aa3f57a238e5b7931ee2c5 |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Add faux-body support for dispatch_once().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164348 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| a43df9539644bf1c258e12710cd69d79b0b078cd |
21-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement faux-body-synthesis of well-known functions in the static analyzer when
their implementations are unavailable. Start by simulating dispatch_sync().
This change is largely a bunch of plumbing around something very simple. We
use AnalysisDeclContext to conjure up a fake function body (using the
current ASTContext) when one does not exist. This is controlled
under the analyzer-config option "faux-bodies", which is off by default.
The plumbing in this patch is largely to pass the necessary machinery
around. CallEvent needs the AnalysisDeclContextManager to get
the function definition, as one may get conjured up lazily.
BugReporter and PathDiagnosticLocation needed to be relaxed to handle
invalid locations, as the conjured body has no real source locations.
We do some primitive recovery in diagnostic generation to generate
some reasonable locations (for arrows and events), but it can be
improved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| a193f20916f0e0e5a3b0f76ca69e2b3870c1a325 |
20-Sep-2012 |
Fariborz Jahanian <fjahanian@apple.com> |
Improvements to my patch in r164143 per
Richard's comments. // rdar://12202422
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164316 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.cpp
|
| 9620aa8c6726330c0357799706aa51f64cc449da |
20-Sep-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test/Analysis: Fix the declaration of strlen() for 32 bit targets.
- Inputs/system-header-simulator.h: Declare strlen() with size_t.
- malloc-interprocedural.c: Move the definition of size_t into the header above.
Then XFAIL can be pruned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164300 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator.h
alloc-interprocedural.c
|
| 2d9cc1367af4c0a8bacc99d7012d1ddaaf4236c0 |
20-Sep-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
test/Analysis/malloc-interprocedural.c: Mark it as XFAIL: cygwin,mingw,msvc for now. Investigating.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164295 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| c20c7275c351f362b42915901d308ac66b8b71d1 |
20-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] MallocChecker should not do post-call checks on inlined functions.
If someone provides their own function called 'strdup', or 'reallocf', or
even 'malloc', and we inlined it, the inlining should have given us all the
malloc-related information we need. If we then try to attach new information
to the return value, we could end up with spurious warnings.
<rdar://problem/12317671>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164276 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| 8e289bb59c5c1c29900604b86238c3088f506782 |
20-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings."
While we definitely want this optimization in the future, we're not
currently handling constraints on symbolic /expressions/ correctly.
These should stay live even if the SymExpr itself is no longer referenced
because could recreate an identical SymExpr later. Only once the SymExpr
can no longer be recreated -- i.e. a component symbol is dead -- can we
safely remove the constraints on it.
This liveness issue is tracked by <rdar://problem/12333297>.
This reverts r163444 / 24c7f98828e039005cff3bd847e7ab404a6a09f8.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164275 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-path-unification.c
|
| 15a9356464f0809e1cb24aa3a7cc2577914ff5bb |
18-Sep-2012 |
Fariborz Jahanian <fjahanian@apple.com> |
c: warn when an integer value comparison with an
integral expression have the obvious result.
Patch reviewed by John McCall off line.
// rdar://12202422
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164143 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.cpp
|
| 5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0 |
17-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach the analyzer about implicit initialization of statics
in ObjCMethods.
Extend FunctionTextRegion to represent ObjC methods as well as
functions. Note, it is not clear what type ObjCMethod region should
return. Since the type of the FunctionText region is not currently used,
defer solving this issue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164046 91177308-0d34-0410-b5e6-96231b3b80d8
tatic_local.m
|
| be879727893994532b4a643bfae6fb656742057f |
13-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
When warning about unsafe uses of dispatch_once, specially handle the
crazy case where dispatch_once gets redefined as a macro that calls
_dispatch_once (which calls the real dispatch_once). Users want to
see the warning in their own code.
Fixes <rdar://problem/11617767>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163816 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 16e6a7cb41319459ded69b4d47f405c1035dd347 |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not report use of undef on "return foo();" when the return type is void.
Fixes a false positive found by analyzing LLVM code base.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| 9dc298bf8e4001978e44e7f1872f337fe5805960 |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix another false positive in malloc realloc logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163749 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 522fc21f3adc647817edc8017e6928a64c96899b |
13-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach UndefOrNullArgVisitor to track parent regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163748 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.c
|
| 3225d072a348658cb67c45cdb46a981b09d1f562 |
12-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Re-add reinterpret_cast virtual call test case from r163644.
We mostly just don't want to crash analyzing this test case; it's likely
the code found here will actually crash if compiled and run.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163746 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/dyn-dispatch-bifurcate.cpp
|
| fe3769dbb448edf8e5ece13b14017608558d4763 |
12-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Use the static type for a virtual call if the dynamic type is worse."
Using the static type may be inconsistent with later calls. We should just
report that there is no inlining definition available if the static type is
better than the dynamic type. See next commit.
This reverts r163644 / 19d5886d1704e24282c86217b09d5c6d35ba604d.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163744 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/dyn-dispatch-bifurcate.cpp
|
| b774d73540ba62a5e6a8e9217b320b27a946cfad |
12-Sep-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test: [PR8833] Introduce the feature "LP64" to suppress LLP64-incompatible tests.
I think some of them could be rewritten to fit also LLP64.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163699 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| f57a2aa02c0578c5bd834fec0d44c16ad9908620 |
12-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix regression where "looping back to the head of" PathDiagnosticEvents
were not emitted.
Fixes <rdar://problem/12280665>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163683 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 1b22cec353bc6112653d50b060a1d78d70c51527 |
12-Sep-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Adjust some analyzer tests to place widely shared inputs inside of an
'Inputs' subdirectory.
The general desire has been to have essentially all of the non-test
input files live in such directories, with some exceptions for obvious
and common patterns like 'foo.c' using 'foo.h'.
This came up because our distributed test runner couldn't find some of
the headers, for example with stl.cpp.
No functionality changed, just shuffling around here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163674 91177308-0d34-0410-b5e6-96231b3b80d8
nputs/system-header-simulator-cxx.h
nputs/system-header-simulator-objc.h
nputs/system-header-simulator.h
overage.c
lobal-region-invalidation.c
nlining/stl.cpp
alloc-interprocedural.c
alloc.c
alloc.m
alloc.mm
ystem-header-simulator-cxx.h
ystem-header-simulator-objc.h
ystem-header-simulator.h
|
| 93040b75251f3d8e27ff06bf3d0437cc8e0be1b4 |
12-Sep-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Fix up more "$t"s in this test that should be "%t"s.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163673 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 19d5886d1704e24282c86217b09d5c6d35ba604d |
11-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use the static type for a virtual call if the dynamic type is worse.
reinterpret_cast does not provide any of the usual type information that
static_cast or dynamic_cast provide -- only the new type. This can get us
in a situation where the dynamic type info for an object is actually a
superclass of the static type, which does not match what CodeGen does at all.
In these cases, just fall back to the static type as the best possible type
for devirtualization.
Should fix the crashes on our internal buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163644 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/dyn-dispatch-bifurcate.cpp
|
| 00b4f64ecb26b031c1f4888f39be6c706156356a |
11-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Member function calls that use qualified names are non-virtual.
C++11 [expr.call]p1: ...If the selected function is non-virtual, or if the
id-expression in the class member access expression is a qualified-id,
that function is called. Otherwise, its final overrider in the dynamic type
of the object expression is called.
<rdar://problem/12255556>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163577 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
nline.cpp
|
| e08dcbe75eb9b3ffe6f1f60ac2b216b4c878606a |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Turn stl inlining back on.
The one reported bug, which was exposed by stl inlining, is addressed in
r163558.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163574 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/stl.cpp
|
| 4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not count calls to small functions when computing stack
depth.
We only want to count how many substantial functions we inlined. This
is an improvement to r163558.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163571 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/test-always-inline-size-option.c
|
| 57330eed3fbe530cb05996e4a346cc5fc217c0d9 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to enable/disable objc inlining.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163562 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/test_objc_inlining_option.m
|
| 7229d0011766c174beffe6a846d78f448f845b39 |
11-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add ipa-always-inline-size option (with 3 as the default).
The option allows to always inline very small functions, whose size (in
number of basic blocks) is set using -analyzer-config
ipa-always-inline-size option.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163558 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/test-always-inline-size-option.c
|
| 81fb50e8b120fc95dc0245b4112972d4d7cca3b5 |
10-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline C++ standard library functions.
This is a (heavy-handed) solution to PR13724 -- until we know we can do
a good job inlining the STL, it's best to be consistent and not generate
more false positives than we did before. We can selectively whitelist
certain parts of the 'std' namespace that are known to be safe.
This is controlled by analyzer config option 'c++-stdlib-inlining', which
can be set to "true" or "false".
This commit also adds control for whether or not to inline any templated
functions (member or non-member), under the config option
'c++-template-inlining'. This option is currently on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163548 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/stl.cpp
ystem-header-simulator-cxx.h
emp-obj-dtors-cfg-output.cpp
emplates.cpp
|
| bd7e30605253ae053087619173713c19355e28ea |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Now that I have a test file to work with, disable the Filecheck part of this test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163536 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| ac0bc913b3d681a5fb0781c325b221658dc6854c |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Correctly 'cat' out test files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163534 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 776da9e05efadf86e4d7cc177d8ff2b1a0953319 |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
As a debugging aid to unbreak the buildbots, cat the plist files so I can view them on different builders.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163529 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 121ec0a1a903d07ca8f5eaa6976f3233795a3d20 |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Re-enable FileCheck testing of retain-release.m test, and force
a C++ dialect. Let's see if this is the portability issue with this test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163524 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 84012e60599ec5d67405b19953737f59d8a53cbf |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Temporarily disable FileCheck part of this test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163515 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| acc714ba6c448e6dc278acf9b6eafee44d7f48a7 |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "Revert Ted's r163489 and r163490, due to breakage."
I need to see how this breaks on other platforms when I fix the issue
that Benjamin Kramer pointed out.
This includes r163489 and r163490, plus a two line change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163512 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2343b3d0c29356583a013d900f2817083ac2d4a0 |
10-Sep-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
Revert Ted's r163489 and r163490, due to breakage.
r163489, "Take another crack at stabilizing the emission order of analyzer"
r163490, "Use isBeforeInTranslationUnitThan() instead of operator<."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163497 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 4dfd141350009c742f4949a753ffe4a1524a2792 |
10-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Take another crack at stabilizing the emission order of analyzer
diagnostics without using FoldingSetNodeIDs. This is done
by doing a complete recursive comparison of the PathDiagnostics.
Note that the previous method of comparing FoldingSetNodeIDs did
not end up relying on unstable things such as pointer addresses, so
I suspect this may still have some issues on various buildbots because
I'm not sure if the true source of non-determinism has been eliminated.
The tests pass for me, so the only way to know is to commit this change
and see what happens.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163489 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 9655ecb06277fa6aade4092531ec6925926767e2 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Try disabling the FileCheck part of the retain-release.m test to see if it fixes the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163462 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 22505ef15e32db31a4f834a387cf73a913bc8f66 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in BugReporter::RemoveUneededCalls() where "prunable"
PathDiagnosticEventPieces were *always* pruned. Instead, they
are suppose to only be pruned if the entire call gets pruned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163460 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
list-output-alternate.m
list-output.m
etain-release.m
|
| 49f9434a4a69d56779aa37feb2d85e06e7289fce |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
This test does not require --exact-match from FileCheck.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163456 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 0187a1b8b9b2b7657de0ba8b0d4f67d30bec83e8 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Attempt (again) to stabilize the order of the emission of diagnostics
of the analyzer by using the FullProfile() of a PathDiagnostic
for ordering them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163455 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nlining/path-notes.c
alloc-plist.c
ethod-call-path-notes.cpp
il-receiver-undefined-larger-than-voidptr-ret.m
list-output-alternate.m
list-output.m
etain-release-path-notes-gc.m
etain-release.m
|
| 82f2ad456a82da1b9cb7ddfc994c8f5fa44b59e6 |
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] ObjCSelfInitChecker should always clean up in postCall checks.
ObjCSelfInitChecker stashes information in the GDM to persist it across
function calls; it is stored in pre-call checks and retrieved post-call.
The post-call check is supposed to clear out the stored state, but was
failing to do so in cases where the call did not have a symbolic return
value.
This was actually causing the inappropriate cache-out from r163361.
Per discussion with Anna, we should never actually cache out when
assuming the receiver of an Objective-C message is non-nil, because
we guarded that node generation by checking that the state has changed.
Therefore, the only states that could reach this exact ExplodedNode are
ones that should have merged /before/ making this assumption.
r163361 has been reverted and the test case removed, since it won't
actually test anything interesting now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163449 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-crashes.m
|
| 30ca73237c05ec466f43054c2b686d65538c26e7 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "Add plist output for retain-release.m in addition to -verify checking."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163447 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| e157ae53772e90a3ee3cba3eaa7da3300eb249eb |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "Attempt to make the PathDiagnostic emission order more deterministic by"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163446 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 24c7f98828e039005cff3bd847e7ab404a6a09f8 |
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Remove constraints on dead symbols as part of removeDeadBindings.
Previously, we'd just keep constraints around forever, which means we'd
never be able to merge paths that differed only in constraints on dead
symbols.
Because we now allow constraints on symbolic expressions, not just single
symbols, this requires changing SymExpr::symbol_iterator to include
intermediate symbol nodes in its traversal, not just the SymbolData leaf
nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163444 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-path-unification.c
|
| 9874f597ef5d5748695c88daaa9a3208f95c2032 |
08-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cast the result of a placement new-expression to the correct type.
This is necessary because further analysis will assume that the SVal's
type matches the AST type. This caused a crash when trying to perform
a derived-to-base cast on a C++ object that had been new'd to be another
object type.
Yet another crash in PR13763.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163442 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 9f6ec8253e3ec3e9722ca7e4599f977db2f786ef |
08-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address John's code review for r163407.
Teach malloc sizeof checker to find type inconsistencies in multi-
dimensional arrays.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163438 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| b4b4523cc52bebc5ed47cc501959ab31286a1065 |
08-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Attempt to make the PathDiagnostic emission order more deterministic by
looking at PathPieces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163427 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2308436b2cd30473d5f94bf7e9ac616ac27fe6b2 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Add plist output for retain-release.m in addition to -verify checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163418 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 258bd59eee5403fc2a98fb23df71fa0281a3ec29 |
07-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive in sizeof malloc checker.
Don't warn when the sizeof argument is an array with the same element
type as the pointee of the return type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163407 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| c957319941e93db2bc399efa7a9d1425bc609ba9 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/12075238>, which recently got fixed by changes to RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163406 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 971073b8e4eb82fa1bae9d2b0d354f35a54099ee |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Revert "Rework the retain-release.m test to use FileCheck and the "text" output"
Apparently the output of this test is not deterministic. Needs investigation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163377 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2ab012a6de2b2769ec7ad99c4b61788cc5175d17 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix off-by-one bug in diagnostic prose of ObjCContainersASTChecker.
While the check itself should count 0-based for the parameter index,
the diagnostic should be 1-based (first, second, third, not start at 0).
Fixes <rdar://problem/12249569>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163375 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| 689268a426cf4624c1b8ce67bf9d437ad84c6b04 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework the retain-release.m test to use FileCheck and the "text" output
of the analyzer, as the RetainReleaseChecker has many fine-grain
path diagnostic events that were not being checked. This uncovered
an inconsistency between the path diagnostics between Objective-C
and Objective-C++ code in ConditionBRVisitor that was fixed in a recent
patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163373 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c47dc1b9734ea9bebb281499d58d22c2647713a9 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in ConditionBRVisitor where for C++ (and not C) we were not ignoring
implicit pointer-to-boolean conversions in condition expressions. This would
result in inconsistent diagnostic emission between C and C++.
A consequence of this is now ConditionBRVisitor and TrackConstraintBRVisitor may
emit redundant diagnostics, for example:
"Assuming pointer value is null" (TrackConstraintBRVisitor)
"Assuming 'p' is null" (ConditionBRVisitor)
We need to reconcile the two, and perhaps prefer one over the other in some
cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163372 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.cpp
ethod-call-path-notes.cpp
|
| 8f0d0fef5f90b16600cdb802d5d7344417c34aad |
07-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fail gracefully when the dynamic type is outside the hierarchy.
With some particularly evil casts, we can get an object whose dynamic type
is not actually a subclass of its static type. In this case, we won't even
find the statically-resolved method as a devirtualization candidate.
Rather than assert that this situation cannot occur, we now simply check
that the dynamic type is not an ancestor or descendent of the static type,
and leave it at that.
This error actually occurred analyzing LLVM: CallEventManager uses a
BumpPtrAllocator to allocate a concrete subclass of CallEvent
(FunctionCall), but then casts it to the actual subclass requested
(such as ObjCMethodCall) to perform the constructor.
Yet another crash in PR13763.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163367 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 061707a86f20bf608758e7013df24bd1be12ffc6 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach RetainCountChecker that CFPlugInInstanceCreate does not
return a CF object at all.
Fixes <rdar://problem/9566345>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163362 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5601c9aac3bf7be5e1ea8a76149090933d2d3c78 |
07-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash if we cache out while evaluating an ObjC message.
A bizarre series of coincidences led us to generate a previously-seen
node in the middle of processing an Objective-C message, where we assume
the receiver is non-nil. We were assuming that such an assumption would
never "cache out" like this, and blithely went on using a null ExplodedNode
as the predecessor for the next step in evaluation.
Although the test case committed here is complicated, this could in theory
happen in other ways as well, so the correct fix is just to test if the
non-nil assumption results in an ExplodedNode we've seen before.
<rdar://problem/12243648>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163361 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-crashes.m
|
| ec9f36ea83e0f57683dceaa53163f6246d1442d5 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Refine diagnostics for leaks reported when returning an object
via function/method with [CF,NS]_RETURNS_NOT_RETAINED.
Fixes <rdar://problem/11379000>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163355 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2827f5af018c515986ffb1779ec2e7246988f150 |
07-Sep-2012 |
Ted Kremenek <kremenek@apple.com> |
Tweak DeadStoresChecker to not warn about dead stores to variables that
are used in EH code. Right now the CFG doesn't support exceptions well,
so we need this hack to avoid bogus dead store warnings.
Fixes <rdar://problem/12147586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163353 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| 200fa2e70d52ae6d620e81cd45536071fdde70c0 |
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't attempt to devirtualize calls to base class destructors.
CXXDestructorCall now has a flag for when it is a base destructor call.
Other kinds of destructor calls (locals, fields, temporaries, and 'delete')
all behave as "whole-object" destructors and do not behave differently
from one another (specifically, in these cases we /should/ try to
devirtualize a call to a virtual destructor).
This was causing crashes in both our internal buildbot, the crash still
being tracked in PR13765, and some of the crashes being tracked in PR13763,
due to a assertion failure. (The behavior under -Asserts happened to be
correct anyway.)
Adding this knowledge also allows our DynamicTypePropagation checker to do
a bit less work; the special rules about virtual method calls during a
destructor only require extra handling during base destructors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163348 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 9b925ac059089dfe74e3b8fa5effe519fb9ee885 |
06-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Enhance the member expr tracking to account for references.
As per Jordan's suggestion. (Came out of code review for r163261.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163269 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.cpp
|
| 5a1ffe98b04120846a15f7105905b5f363b08635 |
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always include destructors in the analysis CFG.
While destructors will continue to not be inlined (unless the analyzer
config option 'c++-inlining' is set to 'destructors'), leaving them out
of the CFG is an incomplete model of the behavior of an object, and
can cause false positive warnings (like PR13751, now working).
Destructors for temporaries are still not on by default, since
(a) we haven't actually checked this code to be sure it's fully correct
(in particular, we probably need to be very careful with regard to
lifetime-extension when a temporary is bound to a reference,
C++11 [class.temporary]p5), and
(b) ExprEngine doesn't actually do anything when it sees a temporary
destructor in the CFG -- not even invalidate the object region.
To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer
config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which
controlled all implicit destructors, has been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
tor.cpp
tors-in-dtor-cfg-output.cpp
alloc.cpp
emp-obj-dtors-cfg-output.cpp
|
| 352c657f789d5633b07d56d76cf78fda05c31353 |
06-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash PR13762.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163262 91177308-0d34-0410-b5e6-96231b3b80d8
omplex-init-list.cpp
|
| d91696e8680bbe89df1076fded1bc54104526060 |
06-Sep-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] NullOrUndef diagnostics: track symbols binded to regions.
If a region is binded to a symbolic value, we should track the symbol.
(The code I changed was not previously exercised by the regression
tests.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163261 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/deref-track-symbolic-region.c
|
| e885dd6a135a335422f33e5f1aa64b8d62c84255 |
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix bad test from r163220.
Add a FIXME to the test while I track down the real problem.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163222 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
|
| 6ebea89be233eaba5e29de8cf3524ad150c860bb |
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be more forgiving about calling methods on struct rvalues.
The problem is that the value of 'this' in a C++ member function call
should always be a region (or NULL). However, if the object is an rvalue,
it has no associated region (only a conjured symbol or LazyCompoundVal).
For now, we handle this in two ways:
1) Actually respect MaterializeTemporaryExpr. Before, it was relying on
CXXConstructExpr to create temporary regions for all struct values.
Now it just does the right thing: if the value is not in a temporary
region, create one.
2) Have CallEvent recognize the case where its 'this' pointer is a
non-region, and just return UnknownVal to keep from confusing clients.
The long-term problem is being tracked internally in <rdar://problem/12137950>,
but this makes many test cases pass.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163220 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
eference.cpp
|
| fd11957f02da689480618d5fc642ef14164e9cdc |
05-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Treat all struct values as regions (even rvalues)."
This turned out to have many implications, but what eventually seemed to
make it unworkable was the fact that we can get struct values (as
LazyCompoundVals) from other places besides return-by-value function calls;
that is, we weren't actually able to "treat all struct values as regions"
consistently across the entire analyzer core.
Hopefully we'll be able to come up with an alternate solution soon.
This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163218 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
eference.cpp
|
| 791dd0a3f855b61ee97387dca67af86a1edff9f2 |
04-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't use makeIntVal to create a floating-point value.
SimpleSValBuilder processes a couple trivial identities, including 'x - x'
and 'x ^ x' (both 0). However, the former could appear with arguments of
floating-point type, and we weren't checking for that. This started
triggering an assert with r163069, which checks that a constant value is
actually going to be used as an integer or pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163159 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 02df4f0aef142f00d4637cd851e54da2a123ca8e |
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat all struct values as regions (even rvalues).
This allows us to correctly symbolicate the fields of structs returned by
value, as well as get the proper 'this' value for when methods are called
on structs returned by value.
This does require a moderately ugly hack in the StoreManager: if we assign
a "struct value" to a struct region, that now appears as a Loc value being
bound to a region of struct type. We handle this by simply "dereferencing"
the struct value region, which should create a LazyCompoundVal.
This should fix recent crashes analyzing LLVM and on our internal buildbot.
<rdar://problem/12137950>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163066 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.cpp
eference.cpp
|
| 5699f62df144545702b91e91836a63db4e5f2627 |
01-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always derive a CallEvent's return type from its origin expr.
Previously, we preferred to get a result type by looking at the callee's
declared result type. This allowed us to handlereferences, which are
represented in the AST as lvalues of their pointee type. (That is, a call
to a function returning 'int &' has type 'int' and value kind 'lvalue'.)
However, this results in us preferring the original type of a function
over a casted type. This is a problem when a function pointer is casted
to another type, because the conjured result value will have the wrong
type. AdjustedReturnValueChecker is supposed to handle this, but still
doesn't handle the case where there is no "original function" at all,
i.e. where the callee is unknown.
Now, we instead look at the call expression's value kind (lvalue, xvalue,
or prvalue), and adjust the expr's type accordingly. This will have no
effect when the function is inlined, and will conjure the value that will
actually be used when it is not.
This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately,
the cases where it would still be useful are where we need to cast the
result of an inlined function or a checker-evaluated function, and in these
cases we don't know what we're casting /from/ by the time we can do post-
call checks. In light of that, remove AdjustedReturnValueChecker, which
was already not checking quite a few calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163065 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| a89f719ad3a7134e3eec7c9e03aa0e22031c0de9 |
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCountChecker: don't assume all functions have names.
Fixes a hard-to-reach crash when calling a non-member overloaded operator
with arguments that may be callbacks.
Future-proofing: don't make the same assumption in MallocSizeofChecker.
Aside from possibly respecting attributes in the future, it might be
possible to call 'malloc' through a function pointer.
I audited all other uses of FunctionDecl::getIdentifier() in the analyzer;
they all now correctly test to see if the identifier is present before
using it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163012 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| de5277fc555551857602bd7a7e5e616274e2d4a6 |
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Though C++ inlining is enabled, don't inline ctors and dtors.
More generally, this adds a new configuration option 'c++-inlining', which
controls which C++ member functions can be considered for inlining. This
uses the new -analyzer-config table, so the cc1 arguments will look like this:
... -analyzer-config c++-inlining=[none|methods|constructors|destructors]
Note that each mode implies that all the previous member function kinds
will be inlined as well; it doesn't make sense to inline destructors
without inlining constructors, for example.
The default mode is 'methods'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163004 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
tor-inlining.mm
tor.cpp
nitializer.cpp
nline.cpp
ethod-call.cpp
|
| 3a46f5fd1709f6df03bbb8b0abf84052dc0f39ff |
31-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Ensure that PathDiagnostics profile the same regardless of path.
PathDiagnostics are actually profiled and uniqued independently of the
path on which the bug occurred. This is used to merge diagnostics that
refer to the same issue along different paths, as well as by the plist
diagnostics to reference files created by the HTML diagnostics.
However, there are two problems with the current implementation:
1) The bug description is included in the profile, but some
PathDiagnosticConsumers prefer abbreviated descriptions and some
prefer verbose descriptions. Fixed by including both descriptions in
the PathDiagnostic objects and always using the verbose one in the profile.
2) The "minimal" path generation scheme provides extra information about
which events came from macros that the "extensive" scheme does not.
This resulted not only in different locations for the plist and HTML
diagnostics, but also in diagnostics being uniqued in the plist output
but not in the HTML output. Fixed by storing the "end path" location
explicitly in the PathDiagnostic object, rather than trying to find the
last piece of the path when the diagnostic is requested.
This should hopefully finish unsticking our internal buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162965 91177308-0d34-0410-b5e6-96231b3b80d8
list-html-macros.c
|
| 3f2a55d81983577c85c03f6b9844f51c566c785b |
31-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make analyzer-ipa=dynamic-bifurcate the default.
There are two tests regressions that come from the fact that the Retain
Count checker does not cancel out inlining of ObjC methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162950 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| dc601f4a9f69315521abddbca04d4652deee5fdb |
31-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r162935 as per Jordan's review.
Thanks for catching this!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162949 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/assume-super-init-does-not-return-nil.m
|
| 05fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3 |
30-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not propagate the [super init] could be nil assumption
from callee to caller.
radar://12109638
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162935 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/assume-super-init-does-not-return-nil.m
|
| e788365f513a579b03ff7f49296d5b95645ea3fe |
30-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach RetainCountChecker about 'pragma clang arc_cf_code_audited'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162934 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 554067f290282f366ccf65a27e0b914aa67a52c6 |
30-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Stop tracking symbols based on a retain count summary of
inlined function.
This resolves retain count checker false positives that are caused by
inlining ObjC and other methods. Essentially, if we are passing an
object to a method with "delegate" in the selector or a function pointer
as another argument, we should stop tracking the other parameters/return
value as far as the retain count checker is concerned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162876 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/RetainCountExamples.m
|
| 28694c1fe44082970cd53ca7ffef25f668e4c545 |
30-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup 162863.
Thanks Jordan.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162875 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-param.c
|
| 80de487e03dd0f44e4572e2122ebc1aa6a3961f5 |
29-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Improved diagnostic pruning for calls initializing values.
This heuristic addresses the case when a pointer (or ref) is passed
to a function, which initializes the variable (or sets it to something
other than '0'). On the branch where the inlined function does not
set the value, we report use of undefined value (or NULL pointer
dereference). The access happens in the caller and the path
through the callee would get pruned away with regular path pruning. To
solve this issue, we previously disabled diagnostic pruning completely
on undefined and null pointer dereference checks, which entailed very
verbose diagnostics in most cases. Furthermore, not all of the
undef value checks had the diagnostic pruning disabled.
This patch implements the following heuristic: if we pass a pointer (or
ref) to the region (on which the error is reported) into a function and
it's value is either undef or 'NULL' (and is a pointer), do not prune
the function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-caller.c
iagnostics/undef-value-param.c
iagnostics/undef-value-param.m
|
| 73212dff6437d409e0c1b779fdcac2f4f98ca8b0 |
29-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] C++ objects returned on the stack may be wrapped in ExprWithCleanups.
In C++, objects being returned on the stack are actually copy-constructed into
the return value. That means that when a temporary is returned, it still has
to be destroyed, i.e. the returned expression will be wrapped in an
ExprWithCleanups node. Our "returning stack memory" checker needs to look
through this node to see if we really are returning an object by value.
PR13722
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162817 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 827eeb63614309bafac9d77a5a3a7ca81f1e4751 |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Teach CallEventManager that CXXTemporaryObjectExpr is also a ctor.
Specifically, CallEventManager::getCaller was looking at the call site for
an inlined call and trying to see what kind of call it was, but it only
checked for CXXConstructExprClass. (It's not using an isa<> here to avoid
doing three more checks on the the statement class.)
This caused an unreachable when we actually did inline the constructor of a
temporary object.
PR13717
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162792 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 632e5022f68fcae3b68bbc90538a60f3ba20229f |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When we look for the last stmt in a function, skip implicit dtors.
When exiting a function, the analyzer looks for the last statement in the
function to see if it's a return statement (and thus bind the return value).
However, the search for "the last statement" was accepting statements that
were in implicitly-generated inlined functions (i.e. destructors). So we'd
go and get the statement from the destructor, and then say "oh look, this
function had no explicit return...guess there's no return value". And /that/
led to the value being returned being declared dead, and all our leak
checkers complaining.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162791 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 7aba1171b32265b2206f3fa8f8886953051b58f5 |
28-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If the last store into a region came from a function, step into it.
Previously, if we were tracking stores to a variable 'x', and came across this:
x = foo();
...we would simply emit a note here and stop. Now, we'll step into 'foo' and
continue tracking the returned value from there.
<rdar://problem/12114689>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162718 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 364b9f95fa47b0ca7f1cc694195f7a9953652f81 |
27-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through casts when trying to track a null pointer dereference.
Also, add comments to addTrackNullOrUndefValueVisitor.
Thanks for the review, Anna!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162695 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 6fe4dfbc9e5a7018763b1d898876d9b2b8ec3425 |
27-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline constructors for objects allocated with operator new.
Because the CXXNewExpr appears after the CXXConstructExpr in the CFG, we don't
actually have the correct region to construct into at the time we decide
whether or not to inline. The long-term fix (discussed in PR12014) might be to
introduce a new CFG node (CFGAllocator) that appears before the constructor.
Tracking the short-term fix in <rdar://problem/12180598>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162689 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| c210cb7a358d14cdd93b58562f33ff5ed2d895c1 |
27-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Inline constructors for any object with a trivial destructor.
This allows us to better reason about status objects, like Clang's own
llvm::Optional (when its contents are trivially destructible), which are
often intended to be passed around by value.
We still don't inline constructors for temporaries in the general case.
<rdar://problem/11986434>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162681 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
ethod-call.cpp
ew.cpp
|
| 3682f1ea9c7fddc7dcbc590891158ba40f7fca16 |
25-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use the common evalBind infrastructure for initializers.
This allows checkers (like the MallocChecker) to process the effects of the
bind. Previously, using a memory-allocating function (like strdup()) in an
initializer would result in a leak warning.
This does bend the expectations of checkBind a bit; since there is no
assignment expression, the statement being used is the initializer value.
In most cases this shouldn't matter because we'll use a PostInitializer
program point (rather than PostStmt) for any checker-generated nodes, though
we /will/ generate a PostStore node referencing the internal statement.
(In theory this could have funny effects if someone actually does an
assignment within an initializer; in practice, that seems like it would be
very rare.)
<rdar://problem/12171711>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162637 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
|
| cdc3a89d5de90b2299c56f4a46c3de590c5184d1 |
24-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162588 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
FRetainRelease_NSAssertionHandler.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
rray-struct-region.c
rray-struct.c
ool-assignment.cpp
ool-assignment2.c
string.c
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
hroot.c
oncrete-address.c
xx-method-names.cpp
ead-stores.c
ead-stores.m
lementtype.c
xercise-ps.c
ields.c
ree.c
unc.c
lobal-region-invalidation.c
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
alloc-annotations.c
alloc-overflow.c
alloc-overflow.cpp
alloc.c
alloc.cpp
isc-ps-64.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps-region-store.mm
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
perator-calls.cpp
ut-of-bounds.c
utofbound-notwork.c
utofbound.c
verride-werror.c
list-output-alternate.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
threadlock.c
tr-arith.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6562655.m
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
edefined_system.c
efcnt_naming.m
eference.cpp
egion-1.m
izeofpointer.c
tream.c
tring.c
aint-generic.c
aint-tester.c
aint-tester.cpp
aint-tester.m
ndef-buffers.c
ninit-vals-ps-region.m
nreachable-code-path.c
irtualcall.cpp
|
| 23df2437a47ff129d2923ae325d42e79682a7f14 |
24-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If we dereference a NULL that came from a function, show the return.
More generally, any time we try to track where a null value came from, we
should show if it came from a function. This usually isn't necessary if
the value is symbolic, but if the value is just a constant we previously
just ignored its origin entirely. Now, we'll step into the function and
recursively add a visitor to the returned expression.
<rdar://problem/12114609>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162563 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 55dd956d521d4d650dfd929d67f4b98ede61c0ea |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix realloc related bug in the malloc checker.
When reallocation of a non-allocated (not owned) symbol fails do not
expect it to be freed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162533 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 5a90193ad825656d4a03099cd5e9c928d1782b5e |
24-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make analyzer less aggressive when dealing with [self init].
With inlining, retain count checker starts tracking 'self' through the
init methods. The analyser results were too noisy if the developer
did not follow 'self = [super init]' pattern (which is common
especially in older code bases) - we reported self init anti-pattern AND
possible use-after-free. This patch teaches the retain count
checker to assume that [super init] does not fail when it's not consumed
by another expression. This silences the retain count warning that warns
about possibility of use-after-free when init fails, while preserving
all the other checking on 'self'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162508 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/RetainCountExamples.m
nlining/retain-count-self-init.m
|
| 0156439a3d718ea0ef5922c38d189a60829c8a86 |
24-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, treat pointers-to-members as non-null void * symbols.
Until we have full support for pointers-to-members, we can at least
approximate some of their use by tracking null and non-null values.
We thus treat &A::m_ptr as a non-null void * symbol, and MemberPointer(0)
as a pointer-sized null constant.
This enables support for what is sometimes called the "safe bool" idiom,
demonstrated in the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162495 91177308-0d34-0410-b5e6-96231b3b80d8
ointer-to-member.cpp
|
| c386d8f148c1a9d4992c64188e2873fcbc6da20d |
24-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle UserDefinedConversion casts in C++.
This is trivial; the UserDefinedConversion always wraps a CXXMemberCallExpr
for the appropriate conversion function, so it's just a matter of
propagating that value to the CastExpr itself.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162494 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| b66529d04727dc686b97ea3d937fc9785792f505 |
23-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Support C++ default arguments if they are literal values.
A CXXDefaultArgExpr wraps an Expr owned by a ParmVarDecl belonging to the
called function. In general, ExprEngine and Environment ought to treat this
like a ParenExpr or other transparent wrapper expression, with the inside
expression evaluated first.
However, if we call the same function twice, we'd produce a CFG that contains
the same wrapped expression twice, and we're not set up to handle that. I've
added a FIXME to the CFG builder to come back to that, but meanwhile we can
at least handle expressions that don't need to be explicitly evaluated:
literals. This probably handles many common uses of default parameters:
true/false, null, etc.
Part of PR13385 / <rdar://problem/12156507>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162453 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 266636128f87c167ff5a99e2e6e6136ab2495f08 |
22-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add osx.cocoa.NonNilReturnValue checker.
The checker adds assumptions that the return values from the known APIs
are non-nil. Teach the checker about NSArray/NSMutableArray/NSOrderedSet
objectAtIndex, objectAtIndexedSubscript.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162398 91177308-0d34-0410-b5e6-96231b3b80d8
est-objc-non-nil-return-value-checker.m
|
| efb3d56720654f5355ff8fc666499cc6554034f4 |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Despite me asking Jordan to do r162313, revert it. We can provide
another way to whitelist these special cases. This is an intermediate patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162386 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| e3f3825bd82f84f2a1ae0a02274a33298bb720b3 |
22-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove BasicConstraintManager. It hasn't been in active service for a while.
As part of this change, I discovered that a few of our tests were not testing
the RangeConstraintManager. Luckily all of those passed when I moved them
over to use that constraint manager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162384 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R3991.m
dditive-folding.cpp
rray-struct-region.c
rray-struct.c
fref_PR2519.c
fref_rdar6080742.c
omparison-implicit-casts.cpp
omplex.c
ead-stores.c
ead-stores.cpp
isc-ps-64.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
dar-6562655.m
dar-6600344-nil-receiver-undefined-struct-ret.m
eference.cpp
|
| ee04959f88e26ed38dccf4aed2ff10cad1f703c9 |
21-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] -analyzer-ipa=inlining is now the default. Remove it from tests.
The actual change here is a little more complicated than the summary above.
What we want to do is have our generic inlining tests run under whatever
mode is the default. However, there are some tests that depend on the
presence of C++ inlining, which still has some rough edges. These tests have
been explicitly marked as -analyzer-ipa=inlining in preparation for a new
mode that limits inlining to C functions and blocks. This will be the
default until the false positives for C++ have been brought down to
manageable levels.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162317 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
tor-inlining.mm
erived-to-base.cpp
xceptions.mm
nitializer.cpp
nline-not-supported.c
nline-plist.c
nline-unique-reports.c
nline.c
nline2.c
nline3.c
nline4.c
nlining/path-notes.c
eychainAPI.m
alloc-interprocedural.c
isc-ps-region-store.cpp
bjc-method-coverage.m
etain-release-inline.m
|
| 58fc86d68d53eb6c47cc34974b6f37627a5f386c |
21-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Push "references are non-null" knowledge up to the common parent.
This reduces duplication across the Basic and Range constraint managers, and
keeps their internals free of dealing with the semantics of C++. It's still
a little unfortunate that the constraint manager is dealing with this at all,
but this is pretty much the only place to put it so that it will apply to all
symbolic values, even when embedded in larger expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162313 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| a34d4f47321324187ed57948628f5938357ae034 |
21-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Assume that reference symbols are non-null.
By doing this in the constraint managers, we can ensure that ANY reference
whose value we don't know gets the effect, even if it's not a top-level
parameter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162246 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| dc42dc9a2cab7aaf257e391c62435785c95e6819 |
21-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] More tests for "release and stop tracking".
Under GC, a release message is ignored, so "release and stop tracking" just
becomes "stop tracking". But CFRelease is still honored. This is the main
difference between ns_consumed and cf_consumed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162234 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| f902d097bf7ee24d27e34f351e7c3d66a9db538e |
20-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test for "release and stop tracking" behavior.
This is used to handle functions and methods that consume an argument
(annotated with the ns_consumed or cf_consumed attribute), but then the
argument's retain count may be further modified in a callback. We want
to warn about over-releasing, but we can't really track the object afterwards.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162221 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 7f839a6b35e5007964b538423b0a570eed26fc10 |
20-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] The result of && or || is always a 1 or 0.
Forgetting to at least cast the result was giving us Loc/NonLoc problems
in SValBuilder (hitting an assertion). But the standard (both C and C++)
does actually guarantee that && and || will result in the actual values
1 and 0, typed as 'int' in C and 'bool' in C++, and we can easily model that.
PR13461
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162209 91177308-0d34-0410-b5e6-96231b3b80d8
ogical-ops.c
|
| 5965b7c7ddf8d9635426943a05441c71cb59fef6 |
20-Aug-2012 |
Hans Wennborg <hans@hanshq.net> |
Better wording for reference self-initialization warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162198 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| c32a453e40b2c8878fed10512fb2f570b7aba576 |
18-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat C++ 'throw' as a sink.
Our current handling of 'throw' is all CFG-based: it jumps to a 'catch' block
if there is one and the function exit block if not. But this doesn't really
get the right behavior when a function is inlined: execution will continue on
the caller's side, which is always the wrong thing to do.
Even within a single function, 'throw' completely skips any destructors that
are to be run. This is essentially the same problem as @finally -- a CFGBlock
that can have multiple entry points, whose exit points depend on whether it
was entered normally or exceptionally.
Representing 'throw' as a sink matches our current (non-)handling of @throw.
It's not a perfect solution, but it's better than continuing analysis in an
inconsistent or even impossible state.
<rdar://problem/12113713>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162157 91177308-0d34-0410-b5e6-96231b3b80d8
xceptions.mm
isc-ps-region-store.cpp
|
| 19275bdec34b2ec5d77a78c0ea393a45ab05e128 |
18-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat @throw as a sink (stop processing).
The CFG approximates @throw as a return statement, but that's not good
enough in inlined functions. Moreover, since Objective-C exceptions are
usually considered fatal, we should be suppressing leak warnings like we
do for calls to noreturn functions (like abort()).
The comments indicate that we were probably intending to do this all along;
it may have been inadvertantly changed during a refactor at one point.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162156 91177308-0d34-0410-b5e6-96231b3b80d8
xceptions.mm
|
| 8ecf59afbab1dbf184dc4c0c47e7213cbd32ba0a |
17-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Make BlockDataRegions typed, so that they have DynamicTypeInfo.
Fixes <rdar://problem/12119814>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162123 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 8be9e77f7e532866fa0ef2bc8c3cd549f0cc8da2 |
17-Aug-2012 |
Hans Wennborg <hans@hanshq.net> |
Warn about self-initialization of references.
Initializing a reference with itself, e.g. "int &a = a;" seems like a
very bad idea.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162093 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| eae57a65fe6467f982266420b5619bea5a622315 |
17-Aug-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Fix test so that it doesn't keep failing forever when it's failed once.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162077 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags.c
|
| c4bac8e376b98d633bb00ee5f510d5e58449753c |
16-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162028 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
heckNSError.m
rray-struct.c
eychainAPI.m
alloc-annotations.c
alloc.c
isc-ps-region-store.m
il-receiver-undefined-larger-than-voidptr-ret.m
tr-arith.c
ecurity-syntax-checks.m
izeofpointer.c
tream.c
ariadic-method-types.m
|
| e6cd0548fd8f52bcda917add482770fa418c619b |
16-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through all casts when trying to track constraints.
Previously, we were losing path notes (in both text and plist form)
because the interesting DeclRefExpr was buried in a cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161999 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call-path-notes.cpp
|
| 7f660857309a14c036a80ef90b40bf8f68fda9da |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] If we call a C++ method on an object, assume it's non-null.
This is analogous to our handling of pointer dereferences: if we
dereference a pointer that may or may not be null, we assume it's non-null
from then on.
While some implementations of C++ (including ours) allow you to call a
non-virtual method through a null pointer of object type, it is technically
disallowed by the C++ standard, and should not prune out any real paths in
practice.
[class.mfct.non-static]p1: A non-static member function may be called
for an object of its class type, or for an object of a class derived
from its class type...
(a null pointer value does not refer to an object)
We can also make the same assumption about function pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161992 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
ethod-call.cpp
|
| da29ac527063fc9714547088bf841bfa30557bf0 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Even if we are not inlining a virtual call, still invalidate!
Fixes a mistake introduced in r161916.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161987 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 4e79fdfe22db1c982e8fdf8397fee426a8c57821 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Correctly devirtualize virtual method calls in constructors.
This is the other half of C++11 [class.cdtor]p4 (the destructor side
was added in r161915). This also fixes an issue with post-call checks
where the 'this' value was already being cleaned out of the state, thus
being omitted from a reconstructed CXXConstructorCall.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161981 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
|
| 9f6441ad92c30028032eb3df6f4a7f2ebe393a68 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Only adjust the type of 'this' when we devirtualize a method call.
With reinterpret_cast, we can get completely unrelated types in a region
hierarchy together; this was resulting in CXXBaseObjectRegions being layered
directly on an (untyped) SymbolicRegion, whose symbol was from a completely
different type hierarchy. This was what was causing the internal buildbot to
fail.
Reverts r161911, which merely masked the problem.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161960 91177308-0d34-0410-b5e6-96231b3b80d8
einterpret-cast.cpp
|
| b763ede873c23c8651bd18eba0c62e929b496ba5 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline dynamic-dispatch methods unless -analyzer-ipa=dynamic.
Previously we were checking -analyzer-ipa=dynamic-bifurcate only, and
unconditionally inlining everything else that had an available definition,
even under -analyzer-ipa=inlining (but not under -analyzer-ipa=none).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161916 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/dyn-dispatch-bifurcate.cpp
|
| 0ad36baedc516005cb6ea97d96327517ebfe5138 |
15-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Correctly devirtualize virtual method calls in destructors.
C++11 [class.cdtor]p4: When a virtual function is called directly or
indirectly from a constructor or from a destructor, including during
the construction or destruction of the class’s non-static data members,
and the object to which the call applies is the object under
construction or destruction, the function called is the final overrider
in the constructor's or destructor's class and not one overriding it in
a more-derived class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 38aee3bb4ffe14c8323785ae2fafed6f627fb577 |
14-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Assume that the properties cannot be overridden when dot
syntax is used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161889 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
|
| 95b277e38875ac06faaf8570b5f7594bb6d99e21 |
14-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's comments for r161822, r161683.
Add a TODO test case for r161822 - calling self from a class method.
Remove a TODO comment for r161683 - value2 is not a property - we just
have method names that look like they are getters/setters for a
property.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161884 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
nlining/InlineObjCClassMethod.m
|
| c739406d37b9b1dc95bc3a3d899024e5ce31e5d5 |
14-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach live variable analyzes that super uses self pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161822 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/RetainCountExamples.m
|
| 8ec104b9fffb917924c495ce3dd25694e4e3087a |
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be more careful when downcasting for devirtualization.
Virtual base regions are never layered, so simply stripping them off won't
necessarily get you to the correct casted class. Instead, what we want is
the same logic for evaluating dynamic_cast: strip off base regions if possible,
but add new base regions if necessary.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161808 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 0a5629812019ce8bef86ade5425ac261bb544fd8 |
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle dynamic_casts that turn out to be upcasts.
This can occur with multiple inheritance, which jumps from one parent to
the other, and with virtual inheritance, since virtual base regions always
wrap the actual object and can't be nested within other base regions.
This also exposed some incorrect logic for multiple inheritance: even if B
is known not to derive from C, D might still derive from both of them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161798 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| b11a3ada9a22e146c6edd33bcc6301e221fedd7a |
14-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts.
...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class.
This allows us to enforce the invariant that a CXXBaseObjectRegion can always
provide an offset for its base region if its base region has a known class
type, by only allowing virtual bases and direct non-virtual bases to form
CXXBaseObjectRegions.
This does mean some slight problems for our modeling of dynamic_cast, which
needs to be resolved by finding a path from the current region to the class
we're trying to cast to.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
ynamic-cast.cpp
|
| b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53 |
11-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Strip CXXBaseObjectRegions when devirtualizing method calls.
This was causing a crash when we tried to re-apply a base object region to
itself. It probably also caused incorrect offset calculations in RegionStore.
PR13569 / <rdar://problem/12076683>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161710 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| 9584f67b6da17283a31dedf0a1cab2d83a3d121c |
11-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Try to devirtualize even if the static callee has no definition.
This mostly affects pure virtual methods, but would also affect parent
methods defined inline in the header when analyzing the child's source file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161709 91177308-0d34-0410-b5e6-96231b3b80d8
nline.cpp
|
| e5399f1375f8571bdd821ae08291af1c895adfd3 |
11-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add clang_analyzer_checkInlined for debugging purposes.
This check is also accessible through the debug.ExprInspection checker.
Like clang_analyzer_eval, you can use it to test the analyzer engine's
current state; the argument should be true or false to indicate whether or
not you expect the function to be inlined.
When used in the positive case (clang_analyzer_checkInlined(true)), the
analyzer prints the message "TRUE" if the function is ever inlined. However,
clang_analyzer_checkInlined(false) should never print a message; this asserts
that there should be no paths on which the current function is inlined, but
then there are no paths on which to print a message! (If the assertion is
violated, the message "FALSE" will be printed.)
This asymmetry comes from the fact that the only other chance to print a
message is when the function is analyzed as a top-level function. However,
when we do that, we can't be sure it isn't also inlined elsewhere (such as
in a recursive function, or if we want to analyze in both general or
specialized cases). Rather than have all checkInlined calls have an appended,
meaningless "FALSE" or "TOP-LEVEL" case, there is just no message printed.
void clang_analyzer_checkInlined(int);
For debugging purposes only!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161708 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 5498e3a01be0446f38c102278847566176f6507f |
10-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] ObjC Inlining: add tests for ivars and properties.
TODO:
- Handle @syncronized properties.
- Always inline properties declared publicly (do not split the path).
This is tricky since there is no mapping from a Decl to the property in
the AST as far as I can tell.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161683 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
nlining/InlineObjCInstanceMethod.h
|
| 54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9 |
10-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Track if a region can be a subclass in the dynamic type info.
When object is allocated with alloc or init, we assume it cannot be a
subclass (currently used only for bifurcation purposes).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
nlining/InlineObjCInstanceMethod.h
nlining/InlineObjCInstanceMethod.m
nlining/ObjCDynTypePopagation.m
nlining/ObjCImproperDynamictallyDetectableCast.m
|
| 3f558af01643787d209a133215b0abec81b5fe30 |
10-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases
when we don't need to split.
In some cases we know that a method cannot have a different
implementation in a subclass:
- the class is declared in the main file (private)
- all the method declarations (including the ones coming from super
classes) are in the main file.
This can be improved further, but might be enough for the heuristic.
(When we are too aggressive splitting the state, efficiency suffers.
When we fail to split the state coverage might suffer.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161681 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
nlining/InlineObjCInstanceMethod.h
|
| 1e934431adba0f459668a59c6059b9596fd627b4 |
10-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Cluster bindings in RegionStore by base region.
This should speed up activities that need to access bindings by cluster,
such as invalidation and dead-bindings cleaning. In some cases all we save
is the cost of building the region cluster map, but other times we can
actually avoid traversing the rest of the store.
In casual testing, this produced a speedup of nearly 10% analyzing SQLite,
with /less/ memory used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161636 91177308-0d34-0410-b5e6-96231b3b80d8
vars.m
|
| 2c5f8d79ed128892fa548a3308a938a3a53fbb5e |
09-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] A CXXBaseObjectRegion should correspond to a DIRECT base.
An ASTContext's RecordLayoutInfo can only be used to look up offsets of
direct base classes, and we need the offset to make non-symbolic bindings
in RegionStore. This change makes sure that we have one layer of
CXXBaseObjectRegion for each base we are casting through.
This was causing crashes on an internal buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161621 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| e90d3f847dcce76237078b67db8895eb7a24189e |
09-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bifurcate the path with dynamic dispatch.
This is an initial (unoptimized) version. We split the path when
inlining ObjC instance methods. On one branch we always assume that the
type information for the given memory region is precise. On the other we
assume that we don't have the exact type info. It is important to check
since the class could be subclassed and the method can be overridden. If
we always inline we can loose coverage.
Had to refactor some of the call eval functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/DynDispatchBifurcate.m
|
| 919e8a1c6698bfa6848571d366430126bced727d |
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Clean up the printing of FieldRegions for leaks.
Unfortunately, generalized region printing is very difficult:
- ElementRegions are used both for casting and as actual elements.
- Accessing values through a pointer means going through an intermediate
SymbolRegionValue; symbolic regions are untyped.
- Referring to implicitly-defined variables like 'this' and 'self' could be
very confusing if they come from another stack frame.
We fall back to simply not printing the region name if we can't be sure it
will print well. This will allow us to improve in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161512 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 0d53ab4024488d0c6cd283992be3fd4b67099bd3 |
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track malloc'd regions stored in structs.
The main blocker on this (besides the previous commit) was that
ScanReachableSymbols was not looking through LazyCompoundVals.
Once that was fixed, it's easy enough to clear out malloc data on return,
just like we do when we bind to a global region.
<rdar://problem/10872635>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161511 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
|
| e0d24eb1060a213ec9820dc02c45f26b2d5b348b |
08-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets.
RegionStore currently uses a (Region, Offset) pair to describe the locations
of memory bindings. However, this representation breaks down when we have
regions like 'array[index]', where 'index' is unknown. We used to store this
as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC).
Furthermore, ProgramState::scanReachableSymbols depended on the existence of
a sub-region map, but RegionStore's implementation doesn't provide for such
a thing. Moving the store-traversing logic of scanReachableSymbols into the
StoreManager allows us to eliminate the notion of SubRegionMap altogether.
This fixes some particularly awkward broken test cases, now in
array-struct-region.c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| d43e114291eed272f8d7b735d3d1c4ca4cd04986 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
Turn on strncat-size warning implemented a while ago.
Warns on anti-patterns/typos in the 'size' argument to strncat. The
correct size argument should look like the following:
- strncat(dst, src, sizeof(dst) - strlen(dest) - 1);
We warn on:
- sizeof(dst)
- sizeof(src)
- sizeof(dst) - strlen(dst)
- sizeof(src) - anything
(This has been implemented in void Sema::CheckStrncatArguments().)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161440 91177308-0d34-0410-b5e6-96231b3b80d8
string-syntax.c
|
| acac844992d9b28d30f2801711bd92f353ada084 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] + New line at end of file
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161392 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/ObjCImproperDynamictallyDetectableCast.m
|
| 8ed21ef726be89ef7151b5ff397631379bd8a537 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's review of DynamicTypePropagation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161391 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/ObjCDynTypePopagation.m
|
| daa88985ed6d174aeb8c6ddca394f734a73268b7 |
07-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test case for OS X 10.8's NSMakeCollectable under non-GC.
This is an additional test for r161349 (ignoring 10.8's annotations for
NSMakeCollectable).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161380 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 340868161576d892f0e1d8f17a044502a98d3373 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] DynTypes: Add a test for improper cast performed by user.
Dynamic type inference does the right thing in this case. However, as
Jordan suggested, it would be nice to add a warning here as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161365 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/ObjCImproperDynamictallyDetectableCast.m
|
| c4c647c88ced2e953f15f8987952ede9b96aa969 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Dynamic type info - propagate through implicit casts.
I currently have a bit of redundancy with the cast kind switch statement
inside the ImplicitCast callback, but I might be adding more casts going
forward.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161358 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/ObjCDynTypePopagation.m
|
| c7ecc43c33a21b82c49664910b19fcc1f555aa51 |
07-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a checker to manage dynamic type propagation.
Instead of sprinkling dynamic type info propagation throughout
ExprEngine, the added checker would add the more precise type
information on known APIs (Ex: ObjC alloc, new) and propagate
the type info in other cases (ex: ObjC init method, casts (the second is
not implemented yet)).
Add handling of ObjC alloc, new and init to the checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
nlining/ObjCDynTypePopagation.m
|
| a801acd9773cacdbe16690269ecb47bd127440c5 |
06-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add plist output checks for all four "path notes" tests.
No functionality change, but from now on, any new path notes should be
tested both with plain-text output (for ease of human auditing) and with
plist output (to ensure control flow and events are being correctly
represented in Xcode).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161351 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
ethod-call-path-notes.cpp
etain-release-path-notes-gc.m
etain-release-path-notes.m
|
| 2b1b025fa6e848ec36c0554924d7d63342aa80e4 |
06-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Improve arrow locations for PseudoObjectExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161350 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 4d33286d59e5d71a072c7e08ea0c5dd65e45b81c |
04-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: remove assert since is not valid as of r161248
We can be in the situation where we did not track the symbol before
realloc was called on it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161294 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| a8695180217806bb421cfc6700bec76fc0b1ae56 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use a more robust check for null in CallAndMessageChecker.
This should fix the failing test on the buildbot as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161290 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 522f46f497d9ccecc8bc2f5ec132b9bb7060dee1 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't assume values bound to references are automatically non-null.
While there is no such thing as a "null reference" in the C++ standard,
many implementations of references (including Clang's) do not actually
check that the location bound to them is non-null. Thus unlike a regular
null dereference, this will not cause a problem at runtime until the
reference is actually used. In order to catch these cases, we need to not
prune out paths on which the input pointer is null.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161288 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 563ea2335d7d0df44bbfe8941f64523e8af1fc14 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Update initializer assertion for delegating constructors.
Like base constructors, delegating constructors require no further
processing in the CFGInitializer node.
Also, add PrettyStackTraceLoc to the initializer and destructor logic
so we can get better stack traces in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161283 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
|
| 685379965c1b105ce89cf4f6c60810932b7f4d0d |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When a symbol is null, we should track its constraints.
Because of this, we would previously emit NO path notes when a parameter
is constrained to null (because there are no stores). Now we show where we
made the assumption, which is much more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161280 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
ethod-call-path-notes.cpp
|
| b0e1badc2a9b8275b48dfb15c6907a282b949b02 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Flatten path diagnostics for text output like we do for HTML.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161279 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/path-notes.c
|
| 9da59a67a27a4d3fc9d59552f07808a32f85e9d3 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Track null/uninitialized C++ objects used in method calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161278 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call-path-notes.cpp
isc-ps-cxx0x.cpp
|
| 51e87c5fa1d506058ed594b4290b06775ec74a8e |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
Enhance getImplicitObjectArgument to look through ->*.
This only applies in the case where ->* is not overloaded, since it
specifically looks for BinaryOperator and not CXXOperatorCallExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161275 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| bf83e7cd7eaa1257ae8c2317b812fee17adcf919 |
04-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test for copy-constructor inlining.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161274 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
|
| 148fee988e32efcad45ecf7b3bf714880c657dda |
03-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] ObjC Inlining: Start tracking dynamic type info in the GDM
In the following code, find the type of the symbolic receiver by
following it and updating the dynamic type info in the state when we
cast the symbol from id to MyClass *.
MyClass *a = [[self alloc] init];
return 5/[a testSelf];
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161264 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| ede875b794e8f35aa1432e61610ea6e84360b6d3 |
03-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: track non-allocated but freed memory
There is no reason why we should not track the memory which was not
allocated in the current function, but was freed there. This would
allow to catch more use-after-free and double free with no/limited IPA.
Also fix a realloc issue which surfaced as the result of this patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161248 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 967d833784786324f8ae62d2042cba363f1b658f |
03-Aug-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Reduce temp file pollution in some test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161237 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags.c
|
| d015f4febe85d3e3340172d70042840c51bbd836 |
03-Aug-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Solve another source of non-determinism in the diagnostic
engine.
The code that was supposed to split the tie in a deterministic way is
not deterministic. Most likely one of the profile methods uses a
pointer. After this change we do finally get the consistent diagnostic
output. Testing this requires running the analyzer on large code bases
and diffing the results.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161224 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| 9f3b9d54ccbbf212591602f389ebde7923627490 |
02-Aug-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a simple check for initializing reference variables with null.
There's still more work to be done here; this doesn't catch reference
parameters or return values. But it's a step in the right direction.
Part of <rdar://problem/11212286>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161214 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
isc-ps-region-store.cpp
eference.cpp
|
| e1ce783708b65eaa832ffad03d239264046dd0eb |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Turn -cfg-add-initializers on by default, and remove the flag.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161060 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
tor-inlining.mm
tor.cpp
nitializer.cpp
nitializers-cfg-output.cpp
emp-obj-dtors-cfg-output.cpp
|
| 4fe64ad383c056774087113561063429103ac9a6 |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't try to inline if there's no region for a message receiver.
While usually we'd use a symbolic region rather than a straight-up Unknown,
we can still generate unknowns via array subscripts with symbolic indexes.
(And if this ever changes in the future, we still shouldn't crash.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161059 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.m
|
| 6b4be2ef4ce49717ff972434975ce3c34c9a1c4c |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Getting an lvalue for a reference field still requires a load.
This was causing a crash in our array-to-pointer logic, since the region
was clearly not an array.
PR13440 / <rdar://problem/11977113>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161051 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| d72f56de7c79828928147389aed2c6c46f331031 |
31-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test that messages to super invalidate ivars.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161021 91177308-0d34-0410-b5e6-96231b3b80d8
vars.m
|
| f0324d33967f28758f7243c7bb1a469c5a0394b6 |
31-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Handle inlining of instance calls to super.
Use self-init.m for testing. (It used to have a bunch of failing tests
with dynamic inlining turned on.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161012 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 5d0f37306ef4726c91c1eb1e4050ecc0e860fcf1 |
31-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Only run this test with no IPA
The inlinable portion of the test relies on attributes/instead of the
function implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161011 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 2d18419a7c8f9a2975d4ed74a202de6467308ad1 |
30-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Very simple ObjC instance method inlining
- Retrieves the type of the object/receiver from the state.
- Binds self during stack setup.
- Only explores the path on which the method is inlined (no
bifurcation to explore the path on which the method is not inlined).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCInstanceMethod.h
nlining/InlineObjCInstanceMethod.m
|
| e13056a8bb532ddfdc07952a13169aa422bacd3b |
30-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-ipa=dynamic option for inlining dynamically
dispatched methods.
Disabled by default for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160988 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
|
| bccc594946d439351174831949a6a2cf7ff04f66 |
27-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Another false positive in Class method inlining.
We are currently not setting the self object to the calling class object
during inlining nor do we reason about [AAA class].
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160884 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
|
| 6fbe0317aa38dbac22a29f7519c52db838aa1990 |
27-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's and Fariborz's review of r160768.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160883 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
|
| 69a0e5021c5c49a34aa25cd89b1e613a52097e65 |
27-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Look through SubstNonTypeTemplateParmExprs.
We were treating this like a CXXDefaultArgExpr, but
SubstNonTypeTemplateParmExpr actually appears when a template is
instantiated, i.e. we have all the information necessary to evaluate it.
This allows us to inline functions like llvm::array_lengthof.
<rdar://problem/11949235>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160846 91177308-0d34-0410-b5e6-96231b3b80d8
emplates.cpp
|
| 61b135a20b9e0ee7c4fe7ce4fdbc1815c5ff66ff |
27-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Tweak test case to not emit warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160822 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 6da60499eae46caf9f92f7ba35c607043dc3f7fa |
27-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Look at the preceding CFGBlock for the expression to load from in ExprEngine::VisitGuardedExpr
instead of walking to the preceding PostStmt node. There are cases where the last evaluated
expression does not appear in the ExplodedGraph.
Fixes PR 13466.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160819 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 1d3ca251f9891623fac0dbe70eece42564e274ed |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash on implicit statements inside initializers.
Our BugReporter knows how to deal with implicit statements: it looks in
the ParentMap until it finds a parent with a valid location. However, since
initializers are not in the body of a constructor, their sub-expressions are
not in the ParentMap. That was easy enough to fix in AnalysisDeclContext.
...and then even once THAT was fixed, there's still an extra funny case
of Objective-C object pointer fields under ARC, which are initialized with
a top-level ImplicitValueInitExpr. To catch these cases,
PathDiagnosticLocation will now fall back to the start of the current
function if it can't find any other valid SourceLocations. This isn't great,
but it's miles better than a crash.
(All of this is only relevant when constructors and destructors are being
inlined, i.e. under -cfg-add-initializers and -cfg-add-implicit-dtors.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160810 91177308-0d34-0410-b5e6-96231b3b80d8
tor-inlining.mm
tor.cpp
|
| e460c46c5d602f65354cab0879c458890273591c |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't crash on array constructors and destructors.
This workaround is fairly lame: we simulate the first element's constructor
and destructor and rely on the region invalidation to "initialize" the rest
of the elements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160809 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle C++ member initializers and destructors.
This uses CFG to tell if a constructor call is for a member, and uses
the member's region appropriately.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
nitializer.cpp
|
| 183ba8e19d49ab1ae25d3cdd0a19591369c5ab9f |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Show paths for destructor calls.
This modifies BugReporter and friends to handle CallEnter and CallExitEnd
program points that came from implicit call CFG nodes (read: destructors).
This required some extra handling for nested implicit calls. For example,
the added multiple-inheritance test case has a call graph that looks like this:
testMultipleInheritance3
~MultipleInheritance
~SmartPointer
~Subclass
~SmartPointer
***bug here***
In this case we correctly notice that we started in an inlined function
when we reach the CallEnter program point for the second ~SmartPointer.
However, when we reach the next CallEnter (for ~Subclass), we were
accidentally re-using the inner ~SmartPointer call in the diagnostics.
Rather than guess if we saw the corresponding CallExitEnd based on the
contents of the active path, we now just ask the PathDiagnostic if there's
any known stack before popping off the top path.
(A similar issue could have occured without multiple inheritance, but there
wasn't a test case for it.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160804 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| da5fc53d6b024872c4c1d2c8c5da11e08bf116aa |
26-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Inline ctors + dtors when the CFG is built for them.
At the very least this means initializer nodes for constructors and
automatic object destructors are present in the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160803 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| 9dc5167e4017ef4c8b327abb6f72225eec2e0f19 |
26-Jul-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Inline ObjC class methods.
- Some cleanup(the TODOs) will be done after ObjC method inlining is
complete.
- Simplified CallEvent::getDefinition not to require ISDynamicDispatch
parameter.
- Also addressed Jordan's comments from r160530.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160768 91177308-0d34-0410-b5e6-96231b3b80d8
nlining/InlineObjCClassMethod.m
|
| fc999ac663eca933359047c88dc4a1ef6e579e8a |
26-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer check for calling a C++ instance method with a null/uninitialized pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160767 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| 469841a8e0967f038aa0f78e1926ce82e06248c7 |
25-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Update ExprEngine's handling of ternary operators to find the ternary expression
value by scanning the path, rather than assuming we have visited the '?:' operator
as a terminator (which sets a value indicating which expression to grab the
final ternary expression value from).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160760 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 5292718007095d59ee9c4bca554a386674aa7045 |
25-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove experimental invalid iterators checker from the codebase until we have the time
to fix all the issues. Currently the code is essentially unmaintained and buggy, and
needs major revision (with coupled enhancements to the analyzer core).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160754 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
|
| 310fe466761023874250a44cc9a5f56600c44f46 |
25-Jul-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
test/Analysis/iterators.cpp: Mark as REQUIRES:asserts. It crashes due to assertion failure.
I saw the case it XPASSes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160715 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
|
| 34653184b0dbd9423215b8324b23c260ab7efa2e |
25-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Turn -Wobjc-root-class on by default. <rdar://problem/11203649>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160707 91177308-0d34-0410-b5e6-96231b3b80d8
elegates.m
|
| 8919e688dc610d1f632a4d43f7f1489f67255476 |
18-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall.
As pointed out by Anna, we only differentiate between explicit message sends
This also adds support for ObjCSubscriptExprs, which are basically the same
as properties in many ways. We were already checking these, but not emitting
nice messages for them.
This depends on the llvm::PointerIntPair change in r160456.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-subscript.m
etain-release-path-notes.m
|
| 21625c69e88d232e71a3bd4ba9d4bbb484183bf1 |
18-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in RegionStoreManager::evalDerivedToBase() due to not handling references
(in uses of dynamic_cast<>).
Fixes <rdar://problem/11817693>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160427 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| 88237bf587581026dcfc8386abf055cb201aa487 |
18-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach CFG construction about destructors resulting from references to array types. Fixes crash in <rdar://problem/11671507>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160424 91177308-0d34-0410-b5e6-96231b3b80d8
xx-for-range-cfg.cpp
|
| 89e5aaf57e20b39e35b0d068ebbc09ae736f2e1e |
17-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Handle new-expressions with initializers for scalars.
<rdar://problem/11818967>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160328 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 3f635c08b2d0b2d5bafb38da09589cb238407faa |
14-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Refine CFG so that '&&' and '||' don't lead to extra confluence points when used in a branch, but
instead push the terminator for the branch down into the basic blocks of the subexpressions of '&&' and '||'
respectively. This eliminates some artifical control-flow from the CFG and results in a more
compact CFG.
Note that this patch only alters the branches 'while', 'if' and 'for'. This was complex enough for
one patch. The remaining branches (e.g., do...while) can be handled in a separate patch, but they
weren't immediately tackled because they were less important.
It is possible that this patch introduces some subtle bugs, particularly w.r.t. to destructor placement.
I've tried to audit these changes, but it is also known that the destructor logic needs some refinement
in the area of '||' and '&&' regardless (i.e., their are known bugs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160218 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
omtest.c
emp-obj-dtors-cfg-output.cpp
|
| 558e8872b364b43ab9f201dd6b2df9a5b74b0542 |
14-Jul-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
PR13360: When deciding the earliest point which inevitably leads to an
uninitialized variable use, walk back over branches where we've reached all the
non-null successors, not just cases where we've reached all successors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160206 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-sometimes.cpp
|
| c36b30c92c78b95fd29fb5d9d6214d737b3bcb02 |
12-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Don't inline virtual calls unless we can devirtualize properly.
Previously we were using the static type of the base object to inline
methods, whether virtual or non-virtual. Now, we try to see if the base
object has a known type, and if so ask for its implementation of the method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160094 91177308-0d34-0410-b5e6-96231b3b80d8
ynamic-cast.cpp
nline.cpp
|
| 5ef6e94b294cc47750d8ab220858a36726caba59 |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Guard against C++ member functions that look like system functions.
C++ method calls and C function calls both appear as CallExprs in the AST.
This was causing crashes for an object that had a 'free' method.
<rdar://problem/11822244>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160029 91177308-0d34-0410-b5e6-96231b3b80d8
xx-method-names.cpp
|
| e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 |
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use CallEvent for building inlined stack frames.
In order to accomplish this, we now build the callee's stack frame
as part of the CallEnter node, rather than the subsequent BlockEdge node.
This should not have any effect on perceived behavior or diagnostics.
This makes it safe to re-enable inlining of member overloaded operators.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| ee158bc29bc12ce544996f7cdfde14aba63acf4d |
09-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] When inlining, make sure we use the definition decl.
This was a regression introduced during the CallEvent changes; a call to
FunctionDecl::hasBody was also being used to replace the decl found by
lookup with the actual definition. To keep from making this mistake again
(particularly if/when we start inlining Objective-C methods), this commit
adds a "getDefinition()" method to CallEvent, which should do the right
thing under any circumstances.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 48088ed56f406dc244f04f4e9164999b7a40e1fd |
07-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix mis-committed test. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159869 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| 752bee2493ec2931bd18899753552e3a47dc85fe |
06-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be careful about LazyCompoundVals, which may be for the first field.
We use LazyCompoundVals to avoid copying the contents of structs and arrays
around in the store, and when we need to pass a struct around that already
has a LazyCompoundVal we just use the original one. However, it's possible
that the first field of a struct may have a LazyCompoundVal of its own, and
we currently can't distinguish a LazyCompoundVal for the first element of a
struct from a LazyCompoundVal for the entire struct. In this case we should
just drop the optimization and make a new LazyCompoundVal that encompasses
the old one.
PR13264 / <rdar://problem/11802440>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159866 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| fdaa33818cf9bad8d092136e73bd2e489cb821ba |
04-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] For now, don't inline non-static member overloaded operators.
Our current inlining support (specifically RegionStore::enterStackFrame)
doesn't know that calls to overloaded operators may be calls to non-static
member functions, and that in these cases the first argument should be
treated as 'this'. This caused incorrect results and sometimes crashes.
The long-term fix will be to rewrite RegionStore::enterStackFrame to use
CallEvent and its subclasses, but for now we can just disable these
problematic calls by classifying them under a new CallEvent,
CXXMemberOperatorCall.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| 70cbf3cc09eb21db1108396d30a414ea66d842cc |
03-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation.
This is NOT full-blown support for operator new, but removes some nasty
duplicated code introduced in r158784.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 24364151180895f90018b6e373e51c0082ecff35 |
02-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Make this test invariant to future changes of the max loop unrolling count.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159585 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-algorithm.mm
|
| 371b477836f289f2e9caaab58530f187b51bc86d |
02-Jul-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix subtle bug in AnalysisConsumer where we would not analyze functions whose parent
in the call graph had been inlined but for whatever reason we did not inline some
of its callees.
Also, fix a related traversal bug where we meant to do a BFS of the callgraph but
instead were doing a DFS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159577 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
raversal-algorithm.mm
|
| fe6a011a113b3ddcb32f42af152d7476054e7f79 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Convert existing checkers to use check::preCall and check::postCall.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159563 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
onnull.m
|
| 85d7e01cf639b257d70f8a129709a2d7594d7b22 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Move the last bits of CallOrObjCMessage over to CallEvent.
This involved refactoring some common pointer-escapes code onto CallEvent,
then having MallocChecker use those callbacks for whether or not to consider
a pointer's /ownership/ as escaping. This still needs to be pinned down, and
probably we want to make the new argumentsMayEscape() function a little more
discerning (content invalidation vs. ownership/metadata invalidation), but
this is a good improvement.
As a bonus, also remove CallOrObjCMessage from the source completely.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159557 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 4531b7d64e1ed03a925ffdcfb4aa065f2721afb8 |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Convert RetainCountChecker to use CallEvent as much as possible.
This ended allowing quite a bit of cleanup, and some minor changes.
- CallEvent makes it easy to use hasNonZeroCallbackArg more aggressively, which
we check in order to avoid false positives with callbacks that might release
the object.
- In order to support this for functions which consume their arguments, there
are two new ArgEffects: DecRefAndStopTracking and DecRefMsgAndStopTracking.
These act just like StopTracking, except that if the object only had a
return count of +1 it's now considered released instead (so we still get
use-after-free messages).
- On the plus side, we no longer have to special-case
+[NSObject performSelector:withObject:afterDelay:] and friends.
- The use of IdentifierInfos in the method summary cache is now hidden; only
the ObjCInterfaceDecl gets passed around most of the time.
- Since we cache all "simple" summaries and check every function call, there is
no real benefit to having NULL stand in for default summaries anymore.
- Whitespace, unused methods, etc.
Even more simplification to come when we get check::postCall and can unify all
these other post* checks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159555 91177308-0d34-0410-b5e6-96231b3b80d8
elegates.m
|
| 740d490593e0de8732a697c9f77b90ddd463863b |
02-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a new abstraction over all types of calls: CallEvent
This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
locks-no-inline.c
|
| 8d0f528afd9fcb9ebb8ccb4b8a529a05375b628e |
29-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add a test that we are, in fact, doing a DFS on the ExplodedGraph.
Previously:
...the comment said DFS...
...the WorkList being instantiated said BFS...
...and the implementation was actually DFS...
...due to an unintentional change in 2010...
...and everything kept working anyway.
This fixes our std::deque implementation of BFS, but switches back to a
SmallVector-based implementation of DFS.
We should probably still investigate the ramifications of DFS vs. BFS,
especially for large functions (and especially when we hit our block path
limit), since this might completely change our memory use. It can also mask
some bugs and reveal others depending on when we halt analysis. But at least
we will not have this kind of little mistake creep in again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159397 91177308-0d34-0410-b5e6-96231b3b80d8
raversal-algorithm.mm
|
| ee681111c713f300884550b1503713ade3b32374 |
25-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be careful about implicitly-declared operator new/delete. (PR13090)
The implicit global allocation functions do not have valid source locations,
but we still want to treat them as being "system header" functions for the
purposes of how they affect program state.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159160 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2 |
23-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement initial static analysis inlining support for C++ methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
isc-ps-region-store.cpp
|
| 7186dc63094d3ba24e57e16a66a226d21448dd4f |
23-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach malloc checker that initWith[Bytes|Characters}NoCopy
relinquish memory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159043 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 3e4f65d863bff9c4bbb2e7061a5d69b8c0366d66 |
23-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup to r158958.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159037 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
ystem-header-simulator-objc.h
|
| 6c234b1fd1da64a14a77433cb805cb1aa798512a |
22-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Check for +raise:format: on subclasses of NSException as well.
We don't handle exceptions yet, so we treat them as sinks. ExprEngine
hardcodes messages that are known to raise Objective-C exceptions like -raise,
but it was only checking for +raise:format: and +raise:format:arguments: on
NSException itself, not subclasses.
<rdar://problem/11724201>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159010 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| 9dda4746867a747c1c3421d8a04a1b666aeb5809 |
22-Jun-2012 |
Dmitri Gribenko <gribozavr@gmail.com> |
Add a warning about almost-Doxygen trailing comments: //< and /*< ... */
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159001 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5b7aa34167f23e6137bd257addac4dd67f612ec4 |
22-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: Warn about use-after-free when memory ownership was
transfered with dataWithBytesNoCopy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158958 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.mm
|
| 52a04812e5767dab68efb33ad044760b5b168941 |
21-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc leak false positive: Allow xpc context to escape.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158875 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ystem-header-simulator.h
|
| 050cdd7107526df8ff7a8e0a08b3e99c83c263c0 |
20-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: cleanup, disallow free on relinquished memory.
This commits sets the grounds for more aggressive use after free
checking. We will use the Relinquished sate to denote that someone
else is now responsible for releasing the memory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158850 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
|
| 260611a32535c851237926bfcf78869b13c07d5b |
20-Jun-2012 |
John McCall <rjmccall@apple.com> |
Restructure how the driver communicates information about the
target Objective-C runtime down to the frontend: break this
down into a single target runtime kind and version, and compute
all the relevant information from that. This makes it
relatively painless to add support for new runtimes to the
compiler. Make the new -cc1 flag, -fobjc-runtime=blah-x.y.z,
available at the driver level as a better and more general
alternative to -fgnu-runtime and -fnext-runtime. This new
concept of an Objective-C runtime also encompasses what we
were previously separating out as the "Objective-C ABI", so
fragile vs. non-fragile runtimes are now really modelled as
different kinds of runtime, paving the way for better overall
differentiation.
As a sort of special case, continue to accept the -cc1 flag
-fobjc-runtime-has-weak, as a sop to PLCompatibilityWeak.
I won't go so far as to say "no functionality change", even
ignoring the new driver flag, but subtle changes in driver
semantics are almost certainly not intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158793 91177308-0d34-0410-b5e6-96231b3b80d8
dar-7168531.m
|
| 3c4e76d712eac172b100bb10b96637ffca105433 |
20-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Move failing 'new' test cases back into new.cpp instead of XFAILing.
Per Anna's comment, this is a better way to handle "to-do list"-type failures.
This way we'll know if any of the features get fixed; in an XFAIL file, /all/
the cases have to be fixed before lit would tell us anything.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158791 91177308-0d34-0410-b5e6-96231b3b80d8
ew-fail.cpp
ew.cpp
|
| e38c1c2c449529e60f48e740cb8662e68e5a5330 |
20-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Invalidate placement args; return the pointer given to placement new
The default global placement new just returns the pointer it is given.
Note that other custom 'new' implementations with placement args are not
guaranteed to do this.
In addition, we need to invalidate placement args, since they may be updated by
the allocator function. (Also, right now we don't properly handle the
constructor inside a CXXNewExpr, so we need to invalidate the placement args
just so that callers know something changed!)
This invalidation is not perfect because CallOrObjCMessage doesn't support
CXXNewExpr, and all of our invalidation callbacks expect that if there's no
CallOrObjCMessage, the invalidation is happening manually (e.g. by a direct
assignment) and shouldn't affect checker-specific metadata (like malloc state);
hence the malloc test case in new-fail.cpp. But region values are now
properly invalidated, at least.
The long-term solution to this problem is to rework CallOrObjCMessage into
something more general, rather than the morass of branches it is today.
<rdar://problem/11679031>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158784 91177308-0d34-0410-b5e6-96231b3b80d8
ew-fail.cpp
ew.cpp
|
| 5f75768579b9b1d70d01903ab4766aede65defcc |
19-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers to escape into NSPointerArray.
(Fixes radar://11691035 PR13140)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158703 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
ystem-header-simulator-objc.h
|
| 3065cf9ecc883715edbd3bf875acb2cab531138e |
19-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
Sink definition of IBOutlet, IBOutletCollection, and IBAction into
the compiler predefines buffer. These are essentially part of
the Objective-C language.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158690 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| 3083d3c550dedf68101dd9133905c3c7d35662bd |
16-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Array CompoundLiteralExprs need to be treated like lvalues.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158588 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 9955e708ffadb479b82b26d93dfcf0f5a2a6e372 |
16-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Return an UnknownVal when we try to get the binding for a VLA.
This happens in C++ mode right at the declaration of a struct VLA;
MallocChecker sees a bind and tries to get see if it's an escaping bind.
It's likely that our handling of this is still incomplete, but it fixes a
crash on valid without disturbing anything else for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158587 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 1bf908df57cc43f3bc7296f4e51f5708bd323c6b |
16-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Buffers passed to CGBitmapContextCreate can escape.
Specifically, although the bitmap context does not take ownership of the
buffer (unlike CGBitmapContextCreateWithData), the data buffer can be extracted
out of the created CGContextRef. Thus the buffer is not leaked even if its
original pointer goes out of scope, as long as
- the context escapes, or
- it is retrieved via CGBitmapContextGetData and freed.
Actually implementing that logic is beyond the current scope of MallocChecker,
so for now CGBitmapContextCreate goes on our system function exception list.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158579 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ystem-header-simulator.h
|
| 50571a9fd8871c722e8655c7c2c3b2871a0d14c1 |
15-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] RetainCount: don't track objects init'd with a delegate
We already didn't track objects that have delegates or callbacks or
objects that are passed through void * "context pointers". It's a
not-uncommon pattern to release the object in its callback, and so
the leak message we give is not very helpful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158532 91177308-0d34-0410-b5e6-96231b3b80d8
elegates.m
|
| 5b8c69494881b7d35bc6244b4a19be0cc2eab368 |
12-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
Revert "[analyzer] Treat LValueBitCasts like regular pointer bit casts."
This does not actually give us the right behavior for reinterpret_cast
of references. Reverting so I can think about it some more.
This reverts commit 50a75a6e26a49011150067adac556ef978639fe6.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158341 91177308-0d34-0410-b5e6-96231b3b80d8
asts.cpp
|
| 570d03c6831a8e19447dc863aa94ffff020077eb |
12-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Treat LValueBitCasts like regular pointer bit casts.
These casts only appear in very well-defined circumstances, in which the
target of a reinterpret_cast or a function formal parameter is an lvalue
reference. According to the C++ standard, the following are equivalent:
reinterpret_cast<T&>( x)
*reinterpret_cast<T*>(&x)
[expr.reinterpret.cast]p11
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158338 91177308-0d34-0410-b5e6-96231b3b80d8
asts.cpp
|
| 1895a0a6936001374f66adbdfcf8abe5edf912ea |
11-Jun-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Add ObjCLoopChecker: objects from NSArray et al are non-nil.
While collections containing nil elements can still be iterated over in an
Objective-C for-in loop, the most common Cocoa collections -- NSArray,
NSDictionary, and NSSet -- cannot contain nil elements. This checker adds
that assumption to the analyzer state.
This was the cause of some minor false positives concerning CFRelease calls
on objects in an NSArray.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158319 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-for.m
|
| 2e336ac5ace420470bbb0ff54a94a5484443a44f |
08-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocSizeofChecker false positive: when sizeof is argument
to addition.
We should not to warn in case the malloc size argument is an
addition containing 'sizeof' operator - it is common to use the pattern
to pack values of different sizes into a buffer.
Ex:
uint8_t *buffer = (uint8_t*)malloc(dataSize + sizeof(length));
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158219 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| a64fae162fd1ca9398f6f4ecb27648d965e01587 |
08-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add experimental "issue hash" to the plist diagnostic.
CmpRuns.py can be used to compare issues from different analyzer runs.
Since it uses the issue line number to unique 2 issues, adding a new
line to the beginning of a file makes all issues in the file reported as
new.
The hash will be an opaque value which could be used (along with the
function name) by CmpRuns to identify the same issues. This way, we only
fail to identify the same issue from two runs if the function it appears
in changes (not perfect, but much better than nothing).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158180 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
alloc-plist.c
list-output-alternate.m
list-output.m
|
| adccc3f088784423ec8048b00dc2e76140e0c3f1 |
08-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyze] Change some of the malloc tests to use clang_analyzer_eval.
Thanks, Jordan.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158179 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 783f0087ecb5af27d2f8caed7d6b904797c3d752 |
07-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixit for r158136.
I falsely assumed that the memory spaces are equal when we reach this
point, they might not be when memory space of one or more is stack or
Unknown. We don't want a region from Heap space alias something with
another memory space.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158165 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| e17fdb2d5dbf0ffefd417587003eebbe5baf5984 |
07-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Anti-aliasing: different heap allocations do not alias
Add a concept of symbolic memory region belonging to heap memory space.
When comparing symbolic regions allocated on the heap, assume that they
do not alias.
Use symbolic heap region to suppress a common false positive pattern in
the malloc checker, in code that relies on malloc not returning the
memory aliased to other malloc allocations, stack.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 7453a72cd0dcc70f29006ba488b743f078072bc7 |
06-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
PlistDiagnostics: force the ranges for control-flow edges to be single locations, forcing
adjacent edges to have compatible ranges. This simplifies the layout logic for some clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158028 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-caller.c
nline-plist.c
nline-unique-reports.c
alloc-plist.c
list-output-alternate.m
list-output.m
|
| d5edd849b6003b97e0e1ee5cf964c10affbe6bce |
04-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r157950. Unbreak the bots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157954 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-caller.c
|
| 0344e5423db6dbb614f057887be714d2c0f7f0f6 |
04-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a diagnostics bug which lead to a crash on the buildbot.
This bug was triggered by r157851. It only happens in the case where we
don't perform optimal diagnostic pruning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157950 91177308-0d34-0410-b5e6-96231b3b80d8
iagnostics/undef-value-callee.h
iagnostics/undef-value-caller.c
|
| 183ff2aaacbc1995ed64d5e2ffea4456fd871633 |
02-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a spurious undef value warning.
When we timeout or exceed a max number of blocks within an inlined
function, we retry with no inlining starting from a node right before
the CallEnter node. We assume the state of that node is the state of the
program before we start evaluating the call. However, the node pruning
removes this node as unimportant.
Teach the node pruning to keep the predecessors of the call enter nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157860 91177308-0d34-0410-b5e6-96231b3b80d8
ngine/replay-without-inlining.c
|
| 144e52be486a3906aec90c51b0ac94a30313152e |
02-Jun-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix lack of coverage after empty inlined function.
We should not stop exploring the path after we return from an empty
function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157859 91177308-0d34-0410-b5e6-96231b3b80d8
overage.c
|
| 7fa9b4f258636d89342eda28f21a986c8ac353b1 |
01-Jun-2012 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: add inlining support for directly called blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
nline-plist.c
etain-release.m
|
| 350e956532d99ce2e804a478df5b6f1f5e096d88 |
27-May-2012 |
Fariborz Jahanian <fjahanian@apple.com> |
-Wdeprecated warning to include reference (as a note)
to the declaration in this patch. // rdar://10893232
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157537 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| bdb97ff687ce85e45cc728b87612ed546f48c1e7 |
26-May-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
In response to some discussions on IRC, tweak the wording of the new
-Wsometimes-uninitialized diagnostics to make it clearer that the cause
of the issue may be a condition which must always evaluate to true or
false, rather than an uninitialized variable.
To emphasize this, add a new note with a fixit which removes the
impossible condition or replaces it with a constant.
Also, downgrade the diagnostic from -Wsometimes-uninitialized to
-Wconditional-uninitialized when it applies to a range-based for loop,
since the condition is not written explicitly in the code in that case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157511 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-sometimes.cpp
|
| e41458c37923c77fdae39676b3b4bce9f6c80def |
25-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't crash on LValBitCast
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157478 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| 2815e1a075c74143a0b60a632090ece1dffa5c7c |
25-May-2012 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Split a chunk of -Wconditional-uninitialized warnings out into a separate flag,
-Wsometimes-uninitialized. This detects cases where an explicitly-written branch
inevitably leads to an uninitialized variable use (so either the branch is dead
code or there is an uninitialized use bug).
This chunk of warnings tentatively lives within -Wuninitialized, in order to
give it more visibility to existing Clang users.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157458 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-sometimes.cpp
|
| 17eb65f1bfcc33d2a9ecefe32368cb374155dbdc |
24-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Treat cast of array to reference in the same way as array to
pointer.
Fixes one of the crashes reported in PR12874.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157401 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| 98553e894111627ac0bd4a6972431f09ea37f2c1 |
24-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix typo. Thanks Jordy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157400 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| d95e95ec5300249f5b7c6f1b72bde59e5141069c |
22-May-2012 |
Simon Atanasyan <satanasyan@mips.com> |
Replace inline asm constraint "=a" by the more general constraint "=r".
That extend a range of platforms support this test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157247 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 13dd47a0c01f8b4a6b3fbe379218f7ba8e692d0f |
22-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bind UnknownVal to InitListExpr for unsupported types
(ex: float).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157211 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| b7824d9919c3588e898c22f47a5248f10a7a084d |
21-May-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Analyzer: Fix PR12905, a crash when encountering a call to a function named "C".
While there clean up indentation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157204 91177308-0d34-0410-b5e6-96231b3b80d8
R12905.c
|
| 671e3bc1a16562902c0e6efc157b519977c299a8 |
19-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] c++11: do not crash on namespace alias
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157089 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| 719b429e3ed660cfd9cce88397b29c695a25fa50 |
19-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a c++11 crash: xvalues can be locations (VisitMemberExpr)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157082 91177308-0d34-0410-b5e6-96231b3b80d8
xx11-crashes.cpp
|
| 1434518f17272968765602a54391c794c975350a |
18-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Malloc: refactor and report use after free by memory
allocating functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157037 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 6d2b92e15f0c07f32c19c3b4f631287ff47aa39a |
16-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
Add triples for test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156949 91177308-0d34-0410-b5e6-96231b3b80d8
omparison-implicit-casts.cpp
|
| f158b7181cef728dfb5e340b6d51586742042836 |
16-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix test for PR12206, which was failing on i386.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156941 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.cpp
omparison-implicit-casts.cpp
tring.c
|
| 533718fb27f87a25bf9f6fdd69df4a4ce8b783a6 |
16-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Revert a regression committed in r156920.
This breaks the build with -triple i386-apple-darwin9.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156932 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| e337cba7c5db7f102f6d86c93ecdbf123ae197f1 |
16-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix RUN lines for old XFAIL tests, one of which actually works.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156921 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound-notwork.c
eference.cpp
|
| 43d9f0d4e9b88dcab473a359a7b5579c2a619b22 |
16-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Convert many existing tests to use clang_analyzer_eval.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156920 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.cpp
rray-struct-region.c
ase-init.cpp
string.c
onstant-folding.c
nitializer.cpp
ethod-call.cpp
tr-arith.c
tring-fail.c
tring.c
|
| 93a9d828378b5c969344f27aeb275b8c2a19d918 |
16-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Introduce clang_analyzer_eval for regression test constraint checks.
The new debug.ExprInspection checker looks for calls to clang_analyzer_eval,
and emits a warning of TRUE, FALSE, or UNKNOWN (or UNDEFINED) based on the
constrained value of its (boolean) argument. It does not modify the analysis
state though the conditions tested can result in branches (e.g. through the
use of short-circuit operators).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156919 91177308-0d34-0410-b5e6-96231b3b80d8
lobal-region-invalidation.c
|
| f1db0c9d8db882972832b0a16bbf2e5943605ed0 |
16-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a test for dead stores, which uses OpaqueValExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156875 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| 5ec351c9507f12d5bede569c51d5257fad167134 |
16-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a regression in ObjCUnusedIVars checker.
We can no longer rely on children iterator to visit all the AST
tree children of an expression (OpaqueValueExpr has no children).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156870 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| be0ee875d8a91c031a085cbbd73ad9e8dc1aa8ff |
15-May-2012 |
David Blaikie <dblaikie@gmail.com> |
Improve some of the conversion warnings to fire on conversion to bool.
Moves the bool bail-out down a little in SemaChecking - so now
-Wnull-conversion and -Wliteral-conversion can fire when the target type is
bool.
Also improve the wording/details in the -Wliteral-conversion warning to match
the -Wconstant-conversion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156826 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| 45246a7fc00f07bba9a34a3f13c0af72a05f95be |
15-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash in templated code which uses blocks.
We should investigate why signature info is not set in this case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156784 91177308-0d34-0410-b5e6-96231b3b80d8
emplates.cpp
|
| 6e4244ee86a2d71af4eac791808f2dc50c7484e6 |
14-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.
We check the address of the last element accessed, but with 0 calculating that
address results in element -1. This patch bails out early (and avoids a bunch
of other work at that).
Fixes PR12807.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156769 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| f1139400e8015b3fc4bbb125df79d9fa1ca18bf6 |
12-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Test case: p->x is the same as p[0].x. (PR7297)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156720 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| 70fdbc366da85880aae5baebd3351e993ca05603 |
12-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] RetainCountChecker: track ObjC boxed expression objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156699 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
etain-release.m
|
| 58715da82b9e1e9da937657a562a87f28e61ea6b |
12-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Test variable modified types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156664 91177308-0d34-0410-b5e6-96231b3b80d8
est-variably-modified-types.c
|
| 297ca4593ce77cb4e640e518fcc27d7530b22dc9 |
12-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Test objC boxing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156660 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-boxing.m
|
| 72b74aab5191cb103bce90e62b824e4baacc6950 |
12-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add buffer overflow test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156659 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| b3b1ae85757a8722caccb742b73ca31b4b53bb0a |
10-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Exit early if constraint solver is given a non-integer symbol
to reason about.
As part of taint propagation, we now allow creation of non-integer
symbolic expressions like a cast from int to float.
Addresses PR12511 (radar://11215362).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156578 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 88feba05142651618aba0a0e57b0b98e026de336 |
10-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not highlight the range of the statement in case of leak.
We report a leak at a point a leaked variable is no longer accessible.
The statement that happens to be at that point is not relevant to the
leak diagnostic and, thus, should not be highlighted.
radar://11178519
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156530 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| caa62af79db9be0ef0843aa77cbc216108842855 |
09-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers to escape through selector callbacks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156481 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| a8f2362307b436023095e66efd678ae591c02184 |
09-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] We currently do not fully support CompoundLiterals in
RegionStore, so be explicit about it and generate UnknownVal().
This is a hack to ensure we never produce undefined values for a value
coming from a compound value. (The undefined values can lead to
false positives.)
radar://10127782
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156446 91177308-0d34-0410-b5e6-96231b3b80d8
egion-store.c
|
| 4213e389d6f8fa96ab30eec0d932e4e3eee32997 |
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Having RegionStore lower field bindings to raw offsets, just like ElementRegions. This is a bit
disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values
as structs. Fixes <rdar://problem/11405978>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156428 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-arm.m
aint-tester.c
|
| 6a2a1865f8bfaedff312b043f1e875a43e95b259 |
08-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] SelfInit: Stop tracking self if it's assigned a value we
don't reason about.
Self is just like a local variable in init methods, so it can be
assigned anything like result of static functions, other methods ... So
to suppress false positives that result in such cases, stop tracking the
checker-specific state after self is being assigned to (unless the
value is't being assigned to is either self or conforms to our rules).
This change does not invalidate any existing regression tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156420 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| c319c585c0d5899cba0dca2272e6e4909c8b9f16 |
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach the analyzer about CXXScaleValueInitExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156369 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 1d8db493f86761df9470254a2ad572fc6abf1bf6 |
08-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Rework both constraint managers to handle mixed-type comparisons.
This involves keeping track of three separate types: the symbol type, the
adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL",
if the type of $x is 'signed char', the adjustment type is 'int' and the
comparison type is 'unsigned long long'. Most of the time these three types
will be the same, but we should still do the right thing when the
comparison value is out of range, and wraparound should be calculated in
the adjustment type.
This also re-disables an out-of-bounds test; we were extracting the symbol
from non-additive SymIntExprs, but then throwing away the integer.
Sorry for the large patch; both the basic and range constraint managers needed
to be updated together, since they share code in SimpleConstraintManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156361 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.cpp
ut-of-bounds.c
|
| c91fdf662d4f453ce9bb975b25cec348d0ced9c6 |
08-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach the static analyzer that NSLog() and friends do not hold on to object references (thus extending their lifetime).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156346 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| ca11510d399ae0493bcb3daf24e3c1df399d75f2 |
08-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Turn on MallocSizeOfChecker by default; shorten the diagnostic
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156341 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| 6400f02ab2048eb9aa2bc31b26db9f19a99d35f4 |
07-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash in triggered by OSAtomicChecker.
SValBuilder should return an UnknownVal() when comparison of int and ptr
fails. Previous to this commit, it went on assuming that we are dealing
with pointer arithmetic.
PR12509, radar://11390991
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156320 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| c838fd2ab889ffbb82c90da0cd634ef75b614b2c |
07-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Reduce parallel code paths in SimpleSValBuilder::evalBinOpNN, and handle mixed-type operations more generally.
The logical change is that the integers in SymIntExprs may not have the same type as the symbols they are paired with. This was already the case with taint-propagation expressions created by SValBuilder::makeSymExprValNN, but I think those integers may never have been used. SimpleSValBuilder should be able to handle mixed-integer-type SymIntExprs fine now, though, and the constraint managers were already being defensive (though not entirely correct). All existing tests pass.
The logic in evalBinOpNN has been simplified so that conversion is done as late as possible. As a result, most of the switch cases have been reduced to do the minimal amount of work, delegating to another case when they can by substituting ConcreteInts and (as before) reversing the left and right arguments when useful.
Comparisons require special handling in two places (building SymIntExprs and evaluating constant-constant operations) because we don't /know/ the best type for comparing the two values. I've approximated the rules in Sema [C99 6.3.1.8] but it'd be nice to refactor Sema's actual algorithm into ASTContext.
This is also groundwork for handling mixed-type constraints better than we do now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156270 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
|
| 58822c403cc8855adeecba92248612ee08dc1f3a |
05-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] RetainCountChecker: Allow objects to escape through callbacks
Fixes radar://10973977.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156215 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| f132ba8e571298ceda306c4484e031f990b347da |
05-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] One more pointer escape test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156214 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.cpp
|
| 85d87df66a50a15a1957f7213802000b451a8ec9 |
04-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Explicitly model capturing variables for blocks in the static analyzer. Fixes <rdar://problem/11125868>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 84d43848e39eab9e3386cbfb3906ba2d6a382f24 |
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Fixup r156134: Handle the case when FunctionDecl isn't avail.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156183 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| b79d862af66d8dd9d059863813b9a27d744bd990 |
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Assume pointer escapes when a callback is passed inside
a struct.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156135 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ystem-header-simulator.h
|
| aca0ac58d2ae80d764e3832456667d7322445e0c |
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers escape through calls containing callback args.
(Since we don't have a generic pointer escape callback, modify
ExprEngineCallAndReturn as well as the malloc checker.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
alloc.cpp
alloc.m
alloc.mm
ystem-header-simulator-objc.h
ystem-header-simulator.h
|
| 90a7126f76b7511b0a073cbbcde40d1334b40542 |
03-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] When promoting constant integers in a comparison, use the larger width of the two to avoid truncation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156089 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.cpp
|
| dd160f3ed50def10765ed823bf4ce2a56b2cd035 |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] CString Checker: Do not split the path unless the user
specifically checks for equality to null.
Enforcing this general practice, which keeps the analyzer less
noisy, in the CString Checker. This change suppresses "Assigned value is
garbage or undefined" warning in the added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156085 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| 14d20b1dff6370f76279fcfb0fd780e2e5eb57bb |
03-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Equality ops are like relational ops in that the arguments shouldn't be converted to the result type. Fixes PR12206 and dupe PR12510.
This was probably the original intent of r133041 (also me, a year ago).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156062 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
dditive-folding.cpp
tring.c
|
| 9e607dd1dff375b4fa33d923ed592dad3ad43d42 |
03-May-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix RUN line and general cleanup for additive folding tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156061 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.c
|
| e55a14a025c38800d07f1ab0db7dbbe4a2fe1605 |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Conjure a symbol to ensure we can identify pointer arithmetic
We need to identify the value of ptr as
ElementRegion (result of pointer arithmetic) in the following code.
However, before this commit '(2-x)' evaluated to Unknown value, and as
the result, 'p + (2-x)' evaluated to Unknown value as well.
int *p = malloc(sizeof(int));
ptr = p + (2-x);
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156052 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| da3960347a5d563d6746cb363b25466282a09ce3 |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not assert on constructing SymSymExpr with diff types.
The resulting type info is stored in the SymSymExpr, so no reason not to
support construction of expression with different subexpression types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156051 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| baeaa9ad120f60b1c5b6f1a84286b507dbe2b55d |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a complexity bound on history tracking.
(Currently, this is only relevant for tainted data.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156050 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 31595e22b7e0d21b0b7c4c4fb196e97d3edc2a08 |
03-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Revert the functional part of r155944.
The change resulted in multiple issues on the buildbot, so it's not
ready for prime time. Only enable history tracking for tainted
data(which is experimental) for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156049 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 11abcecc8c919673237cf37384290a1ef1943976 |
02-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Refine analyzer diagnostics by adding an expression "cone-of-influence" to reverse track interesting
values through interesting expressions. This allows us to map from interesting values in a caller
to interesting values in a caller, thus recovering some precision in diagnostics lost from IPA.
Fixes <rdar://problem/11327497>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155971 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
alloc-plist.c
|
| e7958da55ec0ec66e56b6beed6c6ce24dbdc4075 |
02-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] RetainRelease: Self assignment should not suppress a leak
warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155966 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2a6e30d9ec947e26df55b4ea4eb5b583bb85ee96 |
02-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix an assertion failure triggered by the analyzer buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155964 91177308-0d34-0410-b5e6-96231b3b80d8
valbuilder-logic.c
|
| 93c5a24b517e65eb61481ed866b503f1e37cff20 |
02-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155963 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 140d0c64417e2fb5fc4dd40ce0d46b037ac11b02 |
01-May-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach SValBuilder to handle casts of symbolic pointer values to an integer twice. Fixes <rdar://problem/11212866>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155950 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 33e4a1d3f061a2b8549fbfbf2d15a396cc395dca |
01-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Test case reported for a reported false positive, now fixed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155945 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| e2241cbb0455a60ba27d6c4b9d601ffef3ed103f |
01-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Construct a SymExpr even when the constraint solver cannot
reason about the expression.
This essentially keeps more history about how symbolic values were
constructed. As an optimization, previous to this commit, we only kept
the history if one of the symbols was tainted, but it's valuable keep
the history around for other purposes as well: it allows us to avoid
constructing conjured symbols.
Specifically, we need to identify the value of ptr as
ElementRegion (result of pointer arithmetic) in the following code.
However, before this commit '(2-x)' evaluated to Unknown value, and as
the result, 'p + (2-x)' evaluated to Unknown value as well.
int *p = malloc(sizeof(int));
ptr = p + (2-x);
This change brings 2% slowdown on sqlite. Fixes radar://11329382.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 88db6a2daa8bb55fe924773805f42616c8a4f314 |
01-May-2012 |
Ted Kremenek <kremenek@apple.com> |
malloc size checker: Ignore const'ness of pointer types when determining of a sizeof() type is compatible with a pointed type.
Fixes <rdar://problem/11292586>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155864 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| e720ce7a3b1c1bfa5f7482183caa6e31fca9a3fb |
01-May-2012 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
When going through references to check if the function returns the address
of a local variable, make sure we don't infinitely recurse when the
reference binds to itself.
e.g:
int* func() {
int& i = i; // assign non-exist variable to a reference which has same name.
return &i; // return pointer
}
rdar://11345441
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155856 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| 577f14a34457032523e59dbbbacb88ca2cd4db57 |
27-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Use a deque instead of an ImmutableList in AnalysisConsumer to preserve the file order that functions are visited. Should fix the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155693 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 8f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdc |
26-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] check lazy bindings in RegionStore first before looking for default values. Fixes <rdar://problem/11269741>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155615 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| befc6d2eae269efa2da9c81d0be8dba144a74d47 |
26-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach RetainCountChecker that it doesn't quite understand pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155613 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 454393e3e6dc909806ce24d0af0d7c12381037ce |
25-Apr-2012 |
Chad Rosier <mcrosier@apple.com> |
Add atan, atan2, exp, and log to the builtin math library functions.
With -fno-math-errno (the default for Darwin) or -ffast-math these library
function can be marked readnone enabling more opportunities for CSE and other
optimizations.
rdar://11251464
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155498 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 0b3ade86a1c60cf0c7b56aa238aff458eb7f5974 |
20-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead bindings right before leaving a function.
This is needed to ensure that we always report issues in the correct
function. For example, leaks are identified when we call remove dead
bindings. In order to make sure we report a callee's leak in the callee,
we have to run the operation in the callee's context.
This change required quite a bit of infrastructure work since:
- We used to only run remove dead bindings before a given statement;
here we need to run it after the last statement in the function. For
this, we added additional Program Point and special mode in the
SymbolReaper to remove all symbols in context lower than the current
one.
- The call exit operation turned into a sequence of nodes, which are
now guarded by CallExitBegin and CallExitEnd nodes for clarity and
convenience.
(Sorry for the long diff.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 9a70cddef6850f302615b4f5d27f16ec45926ca6 |
16-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false alarm in SelfInitChecker (radar://11235991).
Along with it, fix a couple of other corner cases and add more tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154866 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 5a389f1da1d4c8e2b2b7934e5855882347e6f2f9 |
16-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for a test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154864 91177308-0d34-0410-b5e6-96231b3b80d8
edefined_system.c
|
| 030c7e9d105fdd9b5cb11b5b16c258bcb39bdac1 |
16-Apr-2012 |
David Blaikie <dblaikie@gmail.com> |
Fix tests that weren't actually verifying anything.
Passing -verify to clang without -cc1 or -Xclang silently passes (with a
printed warning, but lit doesn't care about that). This change adds -cc1 or,
as is necessary in one case, -Xclang to fix this so that these tests are
actually verifying as intended.
I'd like to change the driver so this kind of mistake could not be made, but
I'm not entirely sure how. Further, since the driver only warns about unknown
flags in general, we could have similar bugs with a misspellings of arguments
that would be nice to find.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154776 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-bool.m
|
| 6a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3 |
13-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] PCH deserialization optimization.
We should not deserialize unused declarations from the PCH file. Achieve
this by storing the top level declarations during parsing
(HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call
graph only for those.
Tested the patch on a sample ObjC file that uses PCH. With the patch,
the analyzes is 17.5% faster and clang consumes 40% less memory.
Got about 10% overall build/analyzes time decrease on a large Objective
C project.
A bit of CallGraph refactoring/cleanup as well..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8
heck-deserialization.cpp
bjc-method-coverage.m
|
| 273ed9870aa064992fb3c25a1f4d8973b10ad36e |
13-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Test case for r154451 (redefining system functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154624 91177308-0d34-0410-b5e6-96231b3b80d8
edefined_system.c
|
| 83748e2f41ea0ac7c954946feb5da9ccc6ab8bec |
12-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Include lambda capture init expressions in CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154611 91177308-0d34-0410-b5e6-96231b3b80d8
ambdas.cpp
|
| c3fa98f67038bec98651f833b685c104ef6438ab |
12-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Another dynamic_cast false positive/negative.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154543 91177308-0d34-0410-b5e6-96231b3b80d8
ynamic-cast.cpp
|
| 06868aa7e7231a755f1a5078af6bd2703de665bb |
12-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Better test cases for explaining where tracking types of
symbolic regions would help.
Thanks to Richard Smith.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154541 91177308-0d34-0410-b5e6-96231b3b80d8
ynamic-cast.cpp
|
| a2c8d2edfff1573450c6feba876830dd746ffaad |
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] dynamic_cast: Better model cast from a reference.
Generate a sink when the dynamic_cast from a reference fails to
represent a thrown exception.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154438 91177308-0d34-0410-b5e6-96231b3b80d8
ynamic-cast.cpp
|
| e19f86edab8fb3c2c1e99e0e9815b6058504df9b |
10-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for C++ dynamic_cast.
Simulate the C++ dynamic_cast in the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
ynamic-cast.cpp
|
| bd613137499b1d4c3b63dccd0aa21f6add243f4f |
07-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that when we generate a new ExplodedNode
we use the same Expr* as the one being currently visited. This is preparation for transitioning to having
ProgramPoints refer to CFGStmts.
This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact,
as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for
the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra
argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but
it will look a lot cleaner when were start using CFGStmt* in the appropriate places.
As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed.
I have audited these, and they look reasonable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nline-unique-reports.c
list-output-alternate.m
list-output.m
|
| f439e00c7055d2d51b88141f63ebfc893af10951 |
06-Apr-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Check that the arguments to NSOrderedSet creation methods are valid ObjC objects.
Patch by Sean McBride!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154194 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| b2f6820773aabff3c5c9e0dbb1cbbbda0d80c41f |
06-Apr-2012 |
Patrick Beard <pcbeard@mac.com> |
Added a new attribute, objc_root_class, which informs the compiler when a root class is intentionally declared.
The warning this inhibits, -Wobjc-root-class, is opt-in for now. However, all clang unit tests that would trigger
the warning have been updated to use -Wno-objc-root-class. <rdar://problem/7446698>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154187 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
SPanel.m
SString.m
bjCProperties.m
bjCRetSigs.m
ead-stores.m
alloc.m
isc-ps-region-store.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
r_2542_rdar_6793404.m
roperties.m
dar-6600344-nil-receiver-undefined-struct-ret.m
etain-release-gc-only.m
etain-release.m
nused-ivars.m
|
| 7947bb127629faff4897f04e579d80fd0d7f97f0 |
06-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Fix false positive: pointer might escape through CG*WithData.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154156 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| b98b998e9a5637012ab39ad1dabdad7c798721e8 |
05-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Handle symbolicating a reference in an initializer expression that we don't understand.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154084 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 04a18c9f42e91db1b2d2c7483723c1cd321c3d39 |
05-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach ObjCContainersChecker that the array passed to CFArrayGetValueAtIndex might not be a symbolic value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154083 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| bb3d20f80c98e7919411bc7e062d69b17462899b |
05-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Do not crash in the callgraph construction when encountering deleted function definitions. Fixes <rdar://problem/11178609>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154081 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| e31b8fb25b458f00e31dcd657c0840e5238e0f05 |
05-Apr-2012 |
David Blaikie <dblaikie@gmail.com> |
Enable warn_impcast_literal_float_to_integer by default.
This diagnostic seems to be production ready, it's just an oversight that it
wasn't turned on by default.
The test changes are a bit of a mixed bag. Some tests that seemed like they
clearly didn't need to use this behavior have been modified not to use it.
Others that I couldn't be sure about, I added the necessary expected-warnings
to.
It's possible the diagnostic message could be improved to make it clearer that
this warning can be suppressed by using a value that won't lose precision when
converted to the target type (but can still be a floating point literal, such
as "bool b = 1.0;").
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154068 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| bb811cab1bfa91074f1992b154fcb0c288e6eda3 |
04-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Look through chains of 'x = y = z' when employing silencing heuristics in the DeadStoresChecker.
Fixes <rdar://problem/11185138>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154040 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 07189521a15d9c088216b943649cb9fe231cbb57 |
04-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Include the "issue context" (e.g. function or method) where a static analyzer issue occurred in the plist output.
Fixes <rdar://problem/11004527>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154030 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
alloc-plist.c
list-output-alternate.m
list-output.m
|
| e62f048960645b79363408fdead53fec2a063c52 |
03-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Record the basic blocks covered by the analyzes run.
Store this info inside the function summary generated for all analyzed
functions. This is useful for coverage stats and can be helpful for
analyzer state space search strategies.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
tats.c
|
| 31b57628576a2355428fd4b57f828a3aa8423000 |
03-Apr-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix another false positive in RegionStore involving doing loads from symbolic offsets. We still don't
properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings
either. Fixes <rdar://problem/11127008>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 62a5c34ddc54696725683f6c5af1c8e1592c5c38 |
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.
Fixes a false positive (radar://11152419). The current solution of
adding the info into 3 places is quite ugly. Pending a generic pointer
escapes callback.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
etain-release.mm
ystem-header-simulator-objc.h
|
| 4b81e742c8d23600e4244d69f20322e3535e3d86 |
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a malloc cpp test file.
Includes a test from a reported false positive fixed in some earlier
commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153702 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.cpp
|
| b47dbcbc12430fdf3e5a5b9f59cdec5480e89e75 |
28-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Enable retry exhausted without inlining by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153591 91177308-0d34-0410-b5e6-96231b3b80d8
overage.c
|
| 5903a373db3d27794c90b25687e0dd6adb0e497d |
27-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an option to re-analyze a dead-end path without inlining.
The analyzer gives up path exploration under certain conditions. For
example, when the same basic block has been visited more than 4 times.
With inlining turned on, this could lead to decrease in code coverage.
Specifically, if we give up inside the inlined function, the rest of
parent's basic blocks will not get analyzed.
This commit introduces an option to enable re-run along the failed path,
in which we do not inline the last inlined call site. This is done by
enqueueing the node before the processing of the inlined call site
with a special policy encoded in the state. The policy tells us not to
inline the call site along the path.
This lead to ~10% increase in the number of paths analyzed. Even though
we expected a much greater coverage improvement.
The option is turned off by default for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
overage.c
|
| de5b4fbe31e50641806234b3334eb9aa829673f8 |
27-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Change RetainCountChecker to eagerly "escape" retained objects when they are
assigned to a struct. This is fallout from inlining results, which expose
far more patterns where people stuff CF objects into structs and pass them
around (and we can reason about it). The problem is that we don't have
a general way to detect when values have escaped, so as an intermediate step
we need to eagerly prune out such tracking.
Fixes <rdar://problem/11104566>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153489 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
etain-release.m
|
| 4cd7edfa851ff5d9b37d09539a77685a12e82994 |
26-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: Allow a pointer to escape through OSAtomicEnqueue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153453 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 514f2c9dcb9e04b52929c5b141a6fe88bd68b33f |
23-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
etain-release.mm
|
| 5aac0b6ae95f137b1783f3e6227241fb457b8f8b |
22-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix static analyzer crash on code taking the address of a field. Fixes PR 11146.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153283 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 06911d4e88b1a6ca7ec3b2d8e234e679a4c09ff9 |
22-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
"Teach" RetainCountChecker about dispatch_set_context, which can indirectly free its argument later. Fixes <rdar://problem/11059275>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153244 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
|
| f5aa3f5e58356d0bea823fe75dd7bf6aea6f47f4 |
22-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: drop symbols captured by blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153232 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| 3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19 |
21-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: Utter the name of the leaked variable.
Specifically, we use the last store of the leaked symbol in the leak diagnostic.
(No support for struct fields since the malloc checker doesn't track those
yet.)
+ Infrastructure to track the regions used in store evaluations.
This approach is more precise than iterating the store to
obtain the region bound to the symbol, which is used in RetainCount
checker. The region corresponds to what is uttered in the code in the
last store and we do not rely on the store implementation to support
this functionality.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc-interprocedural.c
alloc-plist.c
alloc.c
|
| 046c9e6d18b1ee8c77755336bf350cc4ca8545ca |
21-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-enable the test disabled by r152969.
(The fix was committed in r152982.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153210 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| d967c6a17576b83cdeba656ce10f9676ceb009c0 |
20-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/10553686>, which illustrates RetainCount checker working with inlined C++ template functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153069 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| 393f98b5b7f7c950d2b0a7d84501b5dfd00ad780 |
18-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Mark a failed-realloc's result as an interesting symbol between the realloc call and the null check, so we get nicer path notes. Fixes a regression introduced by the diagnostic pruning added in r152361.
This is accomplished by calling markInteresting /during/ path diagnostic generation, and as such relies on deterministic ordering of BugReporterVisitors -- namely, that BugReporterVisitors are run in /reverse/ order from how they are added. (Right now that's a consequence of storing visitors in an ImmutableList, where new items are added to the front.) It's a little hacky, but it works for now.
I think this is the best we can do without storing the relation between the old and new symbols, and that would be a hit whether or not there ends up being an error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153010 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 74b7b2b42dd710ccea78d86a47c979d4b2af7093 |
17-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Don't claim an object was returned with +1 retain count before counting autoreleases. Fixes PR10376.
(Also, 80-column violations.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152976 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
|
| 7a4a9cddea09ced9aab7228ad81892854f97b6fa |
17-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Add test case from PR10794 for using 'new' with Obj-C objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152975 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| 9c20b75ad622456cb4811a21f436cfe4543cc1d1 |
17-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] This test is breaking windows bots, make it darwin-specific.
(The plist output does not match the one we expect, specifically we do
not detect that the interesting symbol is returned by a call.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152969 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| fbd58743fa6c793b84ed60a0e2325335a53da6c4 |
17-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Shorten the stack hint diagnostic.
Do not display the standard "Returning from 'foo'", when a stack hint is
available.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 56a938ff85a444eb3d30d2634d92ce5b1f6fae56 |
17-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Create symbol-aware stack hints (building upon r152837).
The symbol-aware stack hint combines the checker-provided message
with the information about how the symbol was passed to the callee: as
a parameter or a return value.
For malloc, the generated messages look like this :
"Returning from 'foo'; released memory via 1st parameter"
"Returning from 'foo'; allocated memory via 1st parameter"
"Returning from 'foo'; allocated memory returned"
"Returning from 'foo'; reallocation of 1st parameter failed"
(We are yet to handle cases when the symbol is a field in a struct or
an array element.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| ce612f5a7d306f919c7ae57fcd8c5ecb5d83d54e |
16-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer crash on analyzing 'catch' with no condition variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152900 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 2befa8c763c84df0aa77f830b1cf530cd0bb987c |
16-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/8808566>, which is now fixed by inlining support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152894 91177308-0d34-0410-b5e6-96231b3b80d8
efault-analyze.m
|
| 7b204d6433d842341f602fbd8b31b5c0020b35a4 |
15-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Include full plist output in FileCheck test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152859 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| 11e35b62c1966f0796fd12ed37a4ec2279aea505 |
15-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Include full plist output in FileCheck test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152858 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 76b85acdd253cc33bbebde7f25fe50d908742e7d |
15-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Do not truncate expected plist output in FileCheck test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152857 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
|
| 368a0d565f078666ca5bfb7fe08d04648688e4bc |
15-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow checkers to supply call stack diagnostic hints for the
BugVisitor DiagnosticPieces.
When checkers create a DiagnosticPieceEvent, they can supply an extra
string, which will be concatenated with the call exit message for every
call on the stack between the diagnostic event and the final bug report.
(This is a simple version, which could be/will be further enhanced.)
For example, this is used in Malloc checker to produce the ",
which allocated memory" in the following example:
static char *malloc_wrapper() { // 2. Entered call from 'use'
return malloc(12); // 3. Memory is allocated
}
void use() {
char *v;
v = malloc_wrapper(); // 1. Calling 'malloc_wrappers'
// 4. Returning from 'malloc_wrapper', which allocated memory
} // 5. Memory is never released; potential
memory leak
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 95187bdd5c955c8edf3527eae41f1e4f80377f27 |
15-Mar-2012 |
David Blaikie <dblaikie@gmail.com> |
Reapply r152745 (reverted in 152765) now that compiler-rt is fixed.
Original commit message:
Provide -Wnull-conversion separately from -Wconversion.
Like GCC, provide a NULL conversion to non-pointer conversion as a separate
flag, on by default. GCC's flag is "conversion-null" which we provide for
cross compatibility, but in the interests of consistency (with
-Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called
-Wnull-conversion.
Patch by Lubos Lunak.
Review feedback by myself, Chandler Carruth, and Chad Rosier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152774 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 9ca33fd56720112bcc4bccb8aa6107abbb68cae3 |
15-Mar-2012 |
Chad Rosier <mcrosier@apple.com> |
Revert r152745 as it's breaking the internal buildbots.
Abbreviated commit message:
Provide -Wnull-conversion separately from -Wconversion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152765 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 47bfaf19ddc980a9eb48f2978f4da9b7861b9cda |
14-Mar-2012 |
David Blaikie <dblaikie@gmail.com> |
Provide -Wnull-conversion separately from -Wconversion.
Like GCC, provide a NULL conversion to non-pointer conversion as a separate
flag, on by default. GCC's flag is "conversion-null" which we provide for
cross compatibility, but in the interests of consistency (with
-Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called
-Wnull-conversion.
Patch by Lubos Lunak.
Review feedback by myself, Chandler Carruth, and Chad Rosier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152745 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 9373937945e1e075dfa08169eaccc1ad0b31f699 |
14-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Diagnostics: Supply Caller information even if the bug occurs
in the callee.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152734 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
|
| e711d7e7875920fee4180a26bfc67d67f0f71a2c |
14-Mar-2012 |
Erik Verbruggen <erikjv@me.com> |
[Analyser] Remove unnecessary recursive visits for ExprWithCleanups and
MaterializeTemporaryExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152730 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| fc544e3d52c43746b1b273f38ec7d65461f0064a |
13-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Call enter/exit diagnostic should refer to caller/callee,
respectively.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152676 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
nline-unique-reports.c
alloc-plist.c
|
| b990d039c7e01ad0055dcbd1e13a691813397b96 |
13-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change the order in which we analyze the functions under
inlining to be the reverse of their declaration.
This optimizes running time under inlining up to 20% since we do not
re-analyze the utility functions which are usually defined first in the
translation unit if they have already been analyzed while inlined into
the root functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152653 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
il-receiver-undefined-larger-than-voidptr-ret.m
|
| aa5609891df937291bf962dd2fc7deb2ceae292f |
13-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Use recursive AST visitor to drive simple visitation order in
AnalysisConsumer.
As a result:
- We now analyze the C++ methods which are defined within the
class body. These were completely skipped before.
- Ensure that AST checkers are called on functions in the
order they are defined in the Translation unit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152650 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| e881efe78596a6ce9219237b737ced4adb1f8251 |
12-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Include inlining call stack depth in plist output.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152584 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
|
| 337e4dbc6859589b8878146a88bebf754e916702 |
10-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix regression in analyzer of NOT actually aborting on Stmts it doesn't understand. We registered
as aborted, but didn't treat such cases as sinks in the ExplodedGraph.
Along the way, add basic support for CXXCatchStmt, expanding the set of code we actually analyze (hopefully correctly).
Fixes: <rdar://problem/10892489>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152468 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
isc-ps-region-store.cpp
|
| 7acf23f03e4598d9a68d4a5e5441947300f0d32c |
10-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach RetainCountChecker about mixing method families with explicit annotations. Fixes <rdar://problem/10824732>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152448 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 76aadc346c3a4c363238a1e1232f324c3355d9e0 |
09-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.
The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.
This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
list-output-alternate.m
list-output.m
|
| 66253352131e3e7a22b3bfd0e180607aa2bfb988 |
09-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rework inlining related command line options.
- Remove -analyzer-inline-call.
- Add -analyzer-ipa=[none|inlining]
- Add -analyzer-inlining-mode to allow experimentation for
different performance tuning methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152351 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
nline-not-supported.c
nline-plist.c
nline-unique-reports.c
nline.c
nline2.c
nline3.c
nline4.c
eychainAPI.m
alloc-interprocedural.c
etain-release-inline.m
|
| 196b8cfe9cfcc452eb2f83aa4ad330c2324f8c7d |
08-Mar-2012 |
Anna Zaks <ganna@apple.com> |
Add a basic CallGraph to Analysis.
The final graph contains a single root node, which is a parent of all externally available functions(and 'main'). As well as a list of Parentless/Unreachable functions, which are either truly unreachable or are unreachable due to our analyses imprecision.
The analyzer checkers debug.DumpCallGraph or debug.ViewGraph can be used to look at the produced graph.
Currently, the graph is not very precise, for example, it entirely skips edges resulted from ObjC method calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152272 91177308-0d34-0410-b5e6-96231b3b80d8
ebug-CallGraph.c
|
| 1a45a5ff5d495cb6cd9a3d4d06317af79c0f634d |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer support for new NSArray/NSDictionary/NSNumber literals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152139 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
bjc-bool.m
etain-release.m
|
| 097ebb3d8ce55d1f78a3f1e7a0978dbde5ee2898 |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add a diagnostic event when entering a call via inlining, within the callee, and add an edge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152086 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| e4d653b5a4cba281502177f6ef03d43e3ebb2b6a |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Teak CallAndMessageChecker to only warn about uninitialized struct fields in call arguments
when the called function is never inlined.
Fixes <rdar://problem/10977037>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152073 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| a99f874bf2ade1e32f0feda7d5b8211171440f02 |
06-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach SimpleSValBuilder that (in the absence of more information) stack memory doesn't alias symbolic memory. This is a heuristic/hack, but works well in practice. Fixes <rdar://problem/10978247>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152065 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
tr-arith.c
|
| f420fe35dc3a7b7b53809b615fb28379e5694c22 |
05-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] False positive in SelfInit - teach the checker about method
calls with self as a parameter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152039 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| fb7f76f285faa4c21d299f2bce8f55de3f71e548 |
05-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc should assume that ownership is transfered when
calling an ObjC method ending with 'NoCopy'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152037 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
|
| a81d3d434e6581ff354eaf5b2a3c25c75771a792 |
04-Mar-2012 |
Erik Verbruggen <erikjv@me.com> |
Remove a recursive visitation in ExprEngine that is no longer needed because the CFG is fully linearized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152007 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 7e8678314cf19f28cfddb2d9d0567d993073ec7e |
03-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] do not warn about returning stack-allocated memory when it comes from an ancestor stack frame.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151964 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 4ba86bc53bb280ba46a08459eda7d283d513b61f |
02-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer diagnostics] flush locations *before* popping the current path when visiting a CallEnter.
Fixes <rdar://problem/10967815>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151938 91177308-0d34-0410-b5e6-96231b3b80d8
nline-plist.c
|
| 8235f9c9c8b3d1737d1c6bd57f7ba3f616b92392 |
02-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Bound the size of the functions being inlined + provide
command line options for inlining tuning.
This adds the option for stack depth bound as well as function size
bound.
+ minor doxygenification
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| 77d09441e59d3bced6c3d55505eb3a67a784fe02 |
02-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer diagnostics] Change CompactPathDiagnostic to recursively compact diagnostics in calls into macro pieces.
Also fix handling of macros within calls in the HTMLDiagnostics.
This also adds a test case for r151774.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151872 91177308-0d34-0410-b5e6-96231b3b80d8
tml-diags-multifile.c
tml-diags-multifile.h
tml-diags.c
|
| 278f1f8d9557babb22b966379dd89039f3f8a440 |
01-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Turn inlining on by default for better testing exposure.
Fix a test, which was most likely an unintended recursive call.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151848 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| b3d7275c1a4a9f676af850cd661b56c4ad7ef5c9 |
01-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a regression introduced in malloc with
attributes, introduced in r151188.
+ the test to catch it.
Thanks to Ahmed Charles for pointing this out.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151840 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
|
| ca23eb212c78ac5bc62d0881635579dbe7095639 |
29-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: A pointer might escape through CFContainers APIs,
funopen, setvbuf.
Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
alloc.mm
ystem-header-simulator-objc.h
ystem-header-simulator.h
|
| 4fafeb6452a79794726a1adc53fb5e2a5887c5f9 |
29-Feb-2012 |
Erik Verbruggen <erikjv@me.com> |
Remove a recursive visitiation in ExprEngine that is no longer needed
because the CFG is fully linearized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151711 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 28cd22d7c2d2458575ce9cc19dfe63c6321010ce |
29-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Tweak the UnreachableCode checker to not warning about unreachable default blocks. Patch by Cyril Roelandt!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151709 91177308-0d34-0410-b5e6-96231b3b80d8
nreachable-code-path.c
|
| 13e6cb02ea43f2dc0e2263e12edc5152b4305db6 |
29-Feb-2012 |
NAKAMURA Takumi <geek4civic@gmail.com> |
clang/test/Analysis/stats.c: Fix up r151656.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151695 91177308-0d34-0410-b5e6-96231b3b80d8
tats.c
|
| e7e0168f625368032a5d2b4471d3406cd9d9f8ae |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Leaks should be uniqued by the allocation point in the
closest function context (RetainCountChecker).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151661 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| 212000e24cf11da0badea90c23d4f300da34e607 |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Retain release: drop the line number info from the leak
message.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151657 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
etain-release-gc-only.m
etain-release.m
|
| c2994283aa7538b7420c8e398cde7afa328d7042 |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Stats: Add the stats about remove dead bindings, correct the
test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151656 91177308-0d34-0410-b5e6-96231b3b80d8
tats.c
|
| 721aa37621e047755a45b742160e21f4e879f462 |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Leaks should be uniqued by the allocation point in the
closest function context (Keychain API).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151613 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 07d39a479cf8f20294407e749f9933da34ebecb7 |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix Malloc False Positive (PR 12100)
When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151608 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
alloc.mm
ystem-header-simulator-objc.h
|
| 4c62b557e269a27515dfca1f754ae936c8fdb824 |
28-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] teach analyzer about ObjC literals, thus trimming out a false positive with the malloc() checker involving
comparing literal addresses to nil.
Fixes <rdar://problem/10579586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151602 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.m
|
| 7752d292c97fd4b78a954c9a027b2a862be50f8b |
28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Leaks should be uniqued by the allocation point in the
closest function context.
This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151592 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| e2133c86896b2728ea97a9028b97a65cdb695973 |
28-Feb-2012 |
Richard Trieu <rtrieu@google.com> |
Fix a test case that was added in r151570. The redirect of output was broken
so no testing was actually done. Further, the commands produce no output.
The redirection has been fixed and the test has been disabled.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151591 91177308-0d34-0410-b5e6-96231b3b80d8
tats.c
|
| 3306ec1923973d7b5767b23ba95915af2fec87d7 |
27-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
After numerous requests, have Objective-C 'method declared here' notes mention the actual method. This looks better within an IDE, where text isn't always regurgitated in the presentation of a warning. Fixes radar 10914035.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151579 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-arg-decay.m
|
| 81fb169f42769e02c7425b23885a261c025fd5e6 |
27-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-stats, which hooks up LLVM stats tracking.
As in http://llvm.org/docs/ProgrammersManual.html#Statistic
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151570 91177308-0d34-0410-b5e6-96231b3b80d8
tats.c
|
| e571578002fc3d4ebb654d2f31d2446d7cc1831d |
25-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
RetainCountChecker: don't adjust the retain count when analyzing a ReturnStmt unless we are in the top-level call frame. We can do more later, but this makes the checker self-consistent (and fixes a crash).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151426 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| 3cd89ad193834e766ce5dc24e260aa8615d0d5e1 |
25-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: reason about the ObjC messages and C++.
Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').
For now, always assume that regions escape when passed to C++ methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151410 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.mm
ystem-header-simulator-objc.h
|
| ff80afcfb2b00ccffcb6cb10528bec565fc59edd |
24-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Run remove dead bindings before each call.
This ensures that we report the bugs associated with symbols going
out of scope in the correct function context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151369 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
alloc-interprocedural.c
|
| e55b03a6e44b99c1cd77b8ea5e4d836c28948904 |
24-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] We were silently stopping exploring the path after
visiting 'return;' statement!
This most likely caused us to skip a bunch of code when analyzing with
inlining.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151368 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| 59950d3aa54ca5066b1fb08a8c79ebfe10e0919b |
24-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Make PathDiagnosticBuilder sensitive to varying LocationContexts, thus fixing a bug in the inlining diagnostics where the wrong location could be used.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151349 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| 5b03c17bc9cdc0989e59d73c8f76279600812b60 |
24-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove stray path in test file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151347 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| 2042fc1f36d471f437023e8899f0c4fadded2341 |
24-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Reapply r151317, but when computing the PathDiagnostic profile and size keep into account the nested structure. Also fix a problem with how
inlining impacted Plist diagnostics, and adjust some ranges in the Plist output due to richer information.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151346 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| d708bacd66794e66681e635b9d42e126d8ae8552 |
23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] KeyChainAPI: unique the leaks by allocation site.
(Very similar to the previous change in malloc.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151297 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| f64bc202a2bcdf7b10f418ad52aaa7366c8ffef9 |
23-Feb-2012 |
Fariborz Jahanian <fjahanian@apple.com> |
objective-c++: Type of an objc string literal is NSString, not 'id'.
// rdar://10907410
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151296 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| ca8e36eb637e232475ef31c3f22d5da907390917 |
23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: unique leak reports by allocation site.
When we find two leak reports with the same allocation site, report only
one of them.
Provide a helper method to BugReporter to facilitate this.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151287 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 0d389b819c33bdf0375694a8f141c8f02e002b18 |
23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.
(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)
Teach the Malloc Checker, which treats all system calls as safe about
the API.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ystem-header-simulator.h
|
| 87cb5bed5060805a86509c297fae133816c1cd87 |
22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc cleanup:
- We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.
- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151188 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 60a1fa497b978114b969f4f0176a7cbad3b5d9c6 |
22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: mark 'strdup' and 'strndup' as allocators.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151124 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266 |
22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: fix another false positive.
, when we return a symbol reachable to the malloced one via pointer
arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151121 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 5fdadf4b643dd2f7a467244946dc1587b2f9ed1f |
22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change naming in bug reports "tainted" -> "untrusted"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151120 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 7f9b1d963d4b7e2faff7305733e3453130b402fe |
21-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Have ScanReachableSymbols reported reachable regions. Fixes a false positive with nested array literals. <rdar://problem/10686586>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151012 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 362054766d3dacb8a87c0ee3f503d096709adf08 |
21-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] + a couple more malloc tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151008 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| 9c1e1bd0405b990b6e7909647def7b23d5c28f17 |
21-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make KeyChainAPI checker inlining-aware.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151007 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| a19581ae489335abf5cf96b253b31ecefe96b8e4 |
20-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Malloc aware of inter-procedural execution + basic
tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150993 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-interprocedural.c
|
| bb2a6864f111e13f7905725963649c60c60bf18b |
20-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Turn on by default the Malloc Checker and a couple of CString
checks:
- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150988 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
string.c
string-syntax-cxx.cpp
string-syntax.c
ree.c
alloc-plist.c
alloc.c
alloc.mm
tring.c
|
| 99c06be61f13c6bfe41586b59f5747d644f1b2ac |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach analyzer that blocks with no captures are globals. Fixes <rdar://problem/10348049>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150896 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| e215ba1c2a3f29fe2cbc4cfb0e532cd204970c49 |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in analyzer diagnostic generation involving subexpressions of OpaqueValueExpr not appearing in the ParentMap. Fixes <rdar://problem/10797980>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150894 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| a979712238d6285e79e8f1d6e8b813a1f640e88c |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach analyzer about NSAutoreleasePool -allocWithZone:. Fixes <rdar://problem/10640253>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150892 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5550a2f4d5493864d1b80ec64b72ee59cfdccdac |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Add analyzer test for using of C++ references with ObjC object pointers, reported in <rdar://problem/10569024>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150891 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.mm
|
| b673a41c92aa276f2e37164d0747be1cfb0c402b |
18-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150888 91177308-0d34-0410-b5e6-96231b3b80d8
roperties.m
|
| d8a8a3b6ad7c786dfcf341b080bd19b5d4b84b5b |
17-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker more tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150847 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| f0dfc9c0f29fd82552896558c04043731d30b851 |
17-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix another false positive in the Malloc Checker, by making
it aware of CString APIs that return the input parameter.
Malloc Checker needs to know how the 'strcpy' function is
evaluated. Introduce the dependency on CStringChecker for that.
CStringChecker knows all about these APIs.
Addresses radar://10864450
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150846 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| ad901a6cf3c57d7dd3d7b400835440992e99cff8 |
16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker: more tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150734 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
alloc.mm
|
| febdc324faaf1678a4f41497fd691efe54e145c9 |
16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Clean up bug naming:
- Rename the category "Logic Error" -> "Memory Error".
- Shorten all the messages.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150733 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc-plist.c
alloc.c
|
| fe571608b925079227d053a459eca86f7408e5c6 |
16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Make the diagnostic visitor handle the case
of failing realloc. + Minor cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150732 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| 2aed8b88613863f3c439cdfb205bdf8b608fb205 |
16-Feb-2012 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Revert "Revert "Make CXXNewExpr contain only a single initialier, and not hold the used constructor itself.""
This reintroduces commit r150682 with a fix for the Bullet benchmark crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150685 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 1548d14f4092a817f7d90ad3e7a65266dc85fbc5 |
16-Feb-2012 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Revert "Make CXXNewExpr contain only a single initialier, and not hold the used constructor itself."
It leads to a compiler crash in the Bullet benchmark.
This reverts commit r12014.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150684 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 5f688f4b15d02aa7ad159c46b1f78fe59d412f12 |
16-Feb-2012 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Make CXXNewExpr contain only a single initialier, and not hold the used constructor itself.
Holding the constructor directly makes no sense when list-initialized arrays come into play. The constructor is now held in a CXXConstructExpr, if construction is what is done. The new design can also distinguish properly between list-initialization and direct-initialization, as well as implicit default-initialization constructors and explicit value-initialization constructors. Finally, doing it this way removes redundance from the AST because CXXNewExpr doesn't try to handle both the allocation and the initialization responsibilities.
This breaks the static analysis of new expressions. I've filed PR12014 to track this.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150682 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 5a0917d1367115d5fddfe7551f8634759217b54b |
16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Diagnostics: Ensure that the default end of diagnostic path
piece can always be generated.
The default end of diagnostic path piece was failing to generate on a
BlockEdge that was outgoing from a basic block without a terminator,
resulting in a very simple diagnostic being rendered (ex: no path
highlighting or custom visitors). Reuse another function, which is
essentially doing the same thing and correct it not to fail when a block
has no terminator.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150659 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-plist.c
|
| ac593008c2035fa241c80352a0c97c5d853facbf |
16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Give up when a pointer escapes into a struct.
We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be conservative here
and give up when a pointer escapes into a struct.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150658 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
|
| ebc1d3261e42f45d693fffef5a01a570ef2e89cf |
15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Add another false positive as a todo test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150534 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 40add2983dedcf489d7ad8c7bccc58b6ae368ee4 |
15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: add support for reallocf, which always frees
the passed in pointer on failure.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150533 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7 |
15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: add support for valloc + minor code
hardening.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150532 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 625bb569df0c34feec0d52c0ec5215f21ef2e054 |
14-Feb-2012 |
Dmitri Gribenko <gribozavr@gmail.com> |
Generalize -Wempty-body: warn when statement body is empty (closes: PR11329)
* if, switch, range-based for: warn if semicolon is on the same line.
* for, while: warn if semicolon is on the same line and either next
statement is compound statement or next statement has more
indentation.
Replacing the semicolon with {} or moving the semicolon to the next
line will always silence the warning.
Tests from SemaCXX/if-empty-body.cpp merged into SemaCXX/warn-empty-body.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150515 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b276bd9cc98247331cac8b290ba278b939e53657 |
14-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.
If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed, which would lead us to
missing a memory leak warning.
Also added new test cases, which we can handle now.
Plus minor cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150446 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 30838b994527d12e269abb14d395b1878e78c16d |
13-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: realloc: correct the way we are handing the
case when size is 0.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150412 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| c8bb3befcad8cd8fc9556bc265289b07dc3c94c8 |
13-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: rework realloc handling:
1) Support the case when realloc fails to reduce False Positives. (We
essentially need to restore the state of the pointer being reallocated.)
2) Realloc behaves differently under special conditions (from pointer is
null, size is 0). When detecting these cases, we should consider
under-constrained states (size might or might not be 0). The
old version handled this in a very hacky way. The code did not
differentiate between definite and possible (no consideration for
under-constrained states). Further, after processing each special case,
the realloc processing function did not return but chained to the next
special case processing. So you could end up in an execution in which
you first see the states in which size is 0 and realloc ~ free(),
followed by the states corresponding to size is not 0 followed by the
evaluation of the regular realloc behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150402 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 15d0ae170c2037815b6383c532253585fcd3d04e |
12-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: reduce false negatives rate by assuming that
a pointer cannot escape through calls to system functions. Also, stop
after reporting the first use-after-free.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150315 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ystem-header-simulator.h
|
| 0860cd0646ed40f87085df39563f2c5f7f77750b |
11-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Report a leak when we are returning freed
memory.
(As per one test case, the existing checker thought that this could
cause a lot of false positives - not sure if that's valid, to be
verified.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150313 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
|
| da04677092c7b08fe7438f82a8636dcc8c6e9683 |
11-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: Leak bugs should be suppressed by sinks.
Resolves a common false positive, where we were reporting a leak inside
asserts
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150312 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 4fb548710837dc4e709e1a84f241c4bea121e895 |
11-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker: refactor/improve the symbol escape logic.
We use the same logic here as the RetainRelease checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150311 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| b141b285d17934a08d1cb0f5f0a5a4d65b2caab2 |
11-Feb-2012 |
Ryan Govostes <rzg@apple.com> |
[analyzer] New checker for assignment of non-0/1 values to Boolean variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150306 91177308-0d34-0410-b5e6-96231b3b80d8
ool-assignment.cpp
ool-assignment2.c
|
| f8b1c316cb294d4d47579fbdf7d97d3260e2ba6e |
10-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker: add a list of false positives based on running
the checker over postgres and sqlite.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150216 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| e9ef5622a7600604b101f1843e7a3736eeb45d83 |
10-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker Cleanup - harden against crashes, fix an error
(use of return instead of continue), wording.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150215 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-annotations.c
alloc.c
|
| 10520d76044e8fff71d414f30c21b449fd104960 |
09-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Proactively avoid inlining vararg functions and blocks until we properly support them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150207 91177308-0d34-0410-b5e6-96231b3b80d8
nline-not-supported.c
|
| ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6f |
09-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add custom path diagnostic to the Malloc Checker.
Very simple so far - we just highlight every allocation and release
site.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150156 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| cdfec5e5ea0d1cfebe27888ef072346704424ed8 |
09-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker cleanup, more tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150155 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 91c2a1192cdd4e7b2b4ac7838c5aceef200ea251 |
09-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] MallocChecker: implement pessimistic version of the checker,
which allows values to escape through unknown calls.
Assumes all calls but the malloc family are unknown.
Also, catch a use-after-free when a pointer is passed to a
function after a call to free (previously, you had to explicitly
dereference the pointer value).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150112 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 231361ad343d655e4bbb1574ccbb4173b72dadfd |
09-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Split the MallocChecker into two versions - pessimistic and
optimistic.
TODO: actually implement the pessimistic version of the checker. Ex: it
needs to assume that any function that takes a pointer might free it.
The optimistic version relies on annotations to tell us which functions
can free the pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150111 91177308-0d34-0410-b5e6-96231b3b80d8
ree.c
alloc-annotations.c
|
| 2ea020c8bbcc4ad18f35fd2c1edfea56ad44eae3 |
07-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149964 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| 57300760964904cc022a175643342f29f46b7e6b |
07-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow each CString check to be enabled/disabled
separately.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149947 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
tring.c
|
| 0cf3d471546251b12bdceff360f66c079c40526c |
07-Feb-2012 |
Ted Kremenek <kremenek@apple.com> |
Add basic BugReporter support for CallEnter/CallExit. WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149939 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-inline.m
|
| e59ec3dfe17c1ceb648861b621a3890a9a56ab0c |
04-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make sure Containers OutOfBounds checker does not crash on undefined arguments, when CF functions are called with wrong number of arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149771 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| 52a3888c4a695ebbb5d7c39c29270ae3408b47e8 |
04-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Turn on by default two checkers:
- osx.coreFoundation.containers.IndexOutOfBounds
- osx.cocoa.SelfInit
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149747 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
elf-init.m
|
| 4f502fbf14c59b9e8f31270655f8bc53e1530a6b |
04-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] fixup to the previous commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149746 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 1efcc42c922204d6797a70d90d3c350882f3c098 |
04-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Minor cleanups to the ObjCSelfInitChecker.
(Also renames in other ObjC checkers to create one category of checks.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149745 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 7a0a31ce0cd38147bfe853f71a3f7261444ddf4c |
03-Feb-2012 |
Chad Rosier <mcrosier@apple.com> |
[frontend] Don't allow a mapping to a warning override an error/fatal mapping.
rdar://10736625
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149662 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| f196a90b26479a2c67959c6715491763cbc8ade1 |
02-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a false positive in the CFArrayCreate check that surfaces
the the code like this (due to x and &x being the same value but
different size):
void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149579 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| 84aac9acc7a73360a7553c46f8da72773adbdd17 |
01-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a crash in CheckerContext::isCLibraryFunction for C++
declarations with special names.
A patch by Dmitri Gribenko.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149525 91177308-0d34-0410-b5e6-96231b3b80d8
string-syntax-cxx.cpp
|
| 48b68a0dc345b3208cbd9dda719b9b3ec167c8c2 |
01-Feb-2012 |
Bob Wilson <bob.wilson@apple.com> |
Use the new Triple::getMacOSXVersion function in another place.
I removed support for "*-darwin*-iphoneos" triples, since we now have
iOS listed as a separate OS in the triples.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149455 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| e00575f12cf280621ef0ed4d69e909bdfc9fef62 |
31-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add checks for common anti-patterns in strncat.
(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149407 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
string-syntax.c
tring.c
|
| 393b9793da0b62e26e3974c88a0bca18f2d7fd5e |
31-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change the warning to suggest 'strlcat/strlcpy' as
replacements for 'starcat/strcpy' instead of 'strncat/strncpy'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149406 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 7fc800356f3c86a0c63e94353d7a1ac5a0ffbf66 |
30-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename the checker as per Ted's comment. Remove the reference
from the driver.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149276 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| 304e6f1495f4796ba5f93e8db2fa9e925a68dae8 |
30-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make osx.cocos.CFContainersSyntax a default checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149258 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| af5f550de34525b27f0ff31dafce792caf8158b6 |
30-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| 5faf5d31fa634e1fdb576c4d9708cd4efa5ea310 |
28-Jan-2012 |
Jean-Daniel Dupas <devlists@shadowlab.org> |
Remove the "C" in "implicitly declaring C library function" diagnostic
because all functions are not C functions (i.e. NSLog).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149150 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
xercise-ps.c
|
| f81263f04b0c211e1f2e2a08aca74256654c362b |
26-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] The CFContainer test should only be run on x86_64.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149042 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| cbd273387a61409f179fcfe8460a8733fcf8f872 |
26-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add an AST checker that checks for a common pitfall when
using CFArrayCreate & family.
Specifically, CFArrayCreate's input should be:
'A C array of the pointer-sized values to be in the new array.'
(radar://10717339)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149008 91177308-0d34-0410-b5e6-96231b3b80d8
FContainers.mm
|
| bac341346f3c8e713a8f165120fd54b500ee3189 |
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Rework flushing of diagnostics to PathDiagnosticConsumer. Now all the reports are batched up before being flushed
to the underlying consumer implementation. This allows us to unique reports across analyses to multiple functions (which
shows up with inlining).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148997 91177308-0d34-0410-b5e6-96231b3b80d8
nline-unique-reports.c
|
| d814eaf0dfb30f1cb6f90b056f8126f7e31e7ef4 |
24-Jan-2012 |
Eli Friedman <eli.friedman@gmail.com> |
Switch PerformImplicitConversion over to use DefaultLvalueConversion for lvalue-to-rvalue conversion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148874 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| b9ac30cf9ec001fd0d63ffc44289a333a21e691d |
24-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more C taint sources/sinks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148844 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
aint-tester.cpp
|
| 665b00265858a47f3ccd80b2f27b250c54f5fd5d |
21-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148631 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.m
|
| 3bfd6d701ee297bd062967e11400daae51b36eb2 |
21-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make VLA checker taint aware.
Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148626 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| ce506ae231703a23ea95335cd4de19c60082f361 |
20-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Tighten format string diagnostic and make it a bit clearer (and a bit closer to GCC's).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148579 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 02019f7134e69e39e33c5a938183fd492410464c |
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add taint awareness to DivZeroChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148566 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| a8180e5a8795b4b80587662167dfc13646a494a1 |
20-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Reenable DeadStoresChecker under --analyze, and move the IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148533 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
efault-analyze.m
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
isc-ps-region-store.m
isc-ps.m
ull-deref-ps.c
ninit-vals-ps-region.m
|
| b63d8d8f7b2d101838af992749411dd79c2ed116 |
20-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Implement checker that looks for calls to mktemps and friends that have fewer than 6 Xs. Implements <rdar://problem/6336672>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148531 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 76a54246dbbe6cc3c74186e64f8ea0deb4a64ea2 |
20-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure APIs. Now
multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148525 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks-no-emit.c
ecurity-syntax-checks.m
|
| 2bf8fd84087231fd92dfdebe18895e01a6ae405c |
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add socket API as a source of taint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148518 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 556b1d0f3a039a691ed4f6dd91b8587435f30b0b |
18-Jan-2012 |
Fariborz Jahanian <fjahanian@apple.com> |
objc: deprecate direct usage of 'isa' of objc objects
in favor of usage of api's intended for.
// rdar://8290002
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148404 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 4e46221e38b7d434fbecb1cd56b259437206d246 |
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: warn when tainted data is used to specify a buffer
size (Ex: in malloc, memcpy, strncpy..)
(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148371 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 9b0c749a20d0f7d0e63441d76baa15def3f37fdb |
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: add taint propagation rules for string and memory copy
functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 8568ee743406ac4bb23c9768a0dffd627fdbc579 |
14-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: add system and popen as undesirable sinks for taint
data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148176 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| b71d1570417d81de7b064ad788bea690e2c89111 |
13-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Unwrap the pointers when ignoring the const cast.
radar://10686991
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148081 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| ce8ef16b1c58a304b7b59fad9836ad32d6ed020c |
13-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] RegionStoreManager::getBinding() should not crash when
looking up value at a CodeTextRegion even when the type is not provided.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148079 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 3d33622cf50fe8bd2f10e71b9135bc5c74b1786e |
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Adjust set of default checkers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148055 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 0849ade4bb3e90c2fc0ce01ccd330f76f91da732 |
12-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 1fb826a6fd893234f32b0b91bb92ea4d127788ad |
12-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add taint transfer by strcpy & others (part 1).
To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.
Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148010 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 3e97758f22f31d0dbc336fc4794b86aed8607053 |
11-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
"This change adds alloca/valloc checks to UnixAPIChecker. It includes a small refactoring for
the common *alloc functions as well as a few tiny wibbles (adds a note
to CWE/CERT advisory numbers in the bug output, and fixes a couple
80-column-wide violations.)"
Patch by Austin Seipp!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147931 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 97a72c35a62304c3781aa280e28cb97a59afd585 |
11-Jan-2012 |
Zhongxing Xu <xuzhongxing@foxmail.com> |
Add elidable CXXConstructExpr as block-level expr. It converts an lvalue to a rvalue, which is a useful step during AST evaluation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147918 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 256ef642f8feef22fd53be7efa868e8e34752eed |
11-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls.
My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders
and re-evaluating how C++ calls are handled in the CFG. The hope is to turn inlining "on-by-default" as soon as possible
with a core set of things working well, and then expand over time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147904 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 9f03b62036a7abc0a227b17f4a49b9eefced9450 |
07-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add basic format string vulnerability checking.
We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 273c3a3a3f009e26349ad9dfe67eaaa12db43af4 |
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add another tests to taint tester.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147570 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| eb31a76d1cdaaf8874c549dc6bd964ff270d3822 |
05-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.
Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.
Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:
* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars
* invalidated by functions defined in system headers:
B: errno
* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
lobal-region-invalidation.c
isc-ps.c
ystem-header-simulator.h
|
| d1247c5002ee511e6f6c3c26214221c391d437cd |
04-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Extend ConditionBRVisitor to handle condition variable assignments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147526 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 1c87980ef18dbf4669c7194d60138ff9747d7ab7 |
04-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Teach the static analyzer to not treat XPC types as CF types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147506 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c1275da4eb5778eb3c9600e79918ad1fbec589c6 |
04-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Enhance UnixAPIChecker to also warn about zero-sized allocations to calloc() and realloc(). Patch by Cyril Roelandt!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147500 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| de9f25365ca1fbc146eefeb839053b1cf9b75ae1 |
04-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Add initial version of checker to check if virtual member functions are called transitively
from C++ constructors or destructors. Checker by Lei Zhang with a few tweaks by Ted Kremenek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147494 91177308-0d34-0410-b5e6-96231b3b80d8
irtualcall.cpp
|
| 682060c5d95f6e4f79536013781ab0870cdd3850 |
23-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Colorize and condense CFG pretty-printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147203 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
tors-in-dtor-cfg-output.cpp
nitializers-cfg-output.cpp
emp-obj-dtors-cfg-output.cpp
|
| b7dcddf1820f4d2e5c2605c12090ea7d17f9fa82 |
22-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix typos in analyzer diagnostics pointed out by Matt Beaumont-Gay and Robert Purves.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147139 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
|
| 280cf1451b4f02093e47ce956a0688407aa595b9 |
22-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in LiveVariables when reasoning about variables captured by blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147116 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| 2cbe791d3e9b26f30196c4852da75d9ad67b4ad9 |
20-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not invalidate arguments when the parameter's
type is a pointer to const. (radar://10595327)
The regions corresponding to the pointer and reference arguments to
a function get invalidated by the calls since a function call can
possibly modify the pointed to data. With this change, we are not going
to invalidate the data if the argument is a pointer to const. This
change makes the analyzer more optimistic in reporting errors.
(Support for C, C++ and Obj C)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147002 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call-intra-p.cpp
isc-ps.m
ull-deref-ps.c
tring.c
aint-tester.c
|
| 6ae325737c2ef7ce60ac6650a96bd489ef6e7ebe |
20-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix inversion of static analyzer path diagnostics for path conditions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146993 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| b44b96668653e2b19c33712edf73330e2904cd20 |
18-Dec-2011 |
Dylan Noblesmith <nobled@dreamwidth.org> |
test/Analysis: fix error message
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146848 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 5238474707de2c9a08465429bbb083be15b8e81a |
17-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fixup for r146793. Add tests for atol and atoll.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146794 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 9ffbe243cca46082b4a59b5c3be454ab0c455378 |
17-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for taint flowing through a function (atoi).
Check if the input parameters are tainted (or point to tainted data) on
a checkPreStmt<CallExpr>. If the output should be tainted, record it in
the state. On post visit (checkPostStmt<CallExpr>), use the state to
make decisions (in addition to the existing logic). Use this logic for
atoi and fscanf.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146793 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| d3d8548e75f3fb6db53ed0927c1df30d78f4ce1d |
16-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Better stdin support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146748 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 2135ebb83179ee87910afdebc1bc091e17a7d1eb |
15-Dec-2011 |
Anna Zaks <ganna@apple.com> |
Add support for matching one or more (aka regex +) diagnostic messages with -verify.
Ex:
// expected-warning + {{tainted}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146633 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 557a3829ebe0e36785b9a7679dc19dc67dbc7639 |
15-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Ensure that the order in which checker callbacks are called
is deterministic.
Non-determinism was the reason for the test which caused the earlier
buildbot failures, so re-enable the test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146628 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 2fe9b7fb07dff15dd15dd8755a9a9e6de0fe46fc |
15-Dec-2011 |
Richard Trieu <rtrieu@google.com> |
Modify how the -verify flag works. Currently, the verification string and
diagnostic message are compared. If either is a substring of the other, then
no error is given. This gives rise to an unexpected case:
// expect-error{{candidate function has different number of parameters}}
will match the following error messages from Clang:
candidate function has different number of parameters (expected 1 but has 2)
candidate function has different number of parameters
It will also match these other error messages:
candidate function
function has different number of parameters
number of parameters
This patch will change so that the verification string must be a substring of
the diagnostic message before accepting. Also, all the failing tests from this
change have been corrected. Some stats from this cleanup:
87 - removed extra spaces around verification strings
70 - wording updates to diagnostics
40 - extra leading or trailing characters (typos, unmatched parens or quotes)
35 - diagnostic level was included (error:, warning:, or note:)
18 - flag name put in the warning (-Wprotocol)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146619 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
SString.m
ethod-arg-decay.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
etain-release-region-store.m
|
| 99295233aef6a73c7fa20d6442f05222b2cb7116 |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Disable verification step on the failing test.
I need to keep the test itself in the repository since it's the only way I can currently reproduce the issue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146582 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 86277c5cd80d4f5911945fa207062aa9a44db8ff |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Re-enable the test which was failing on one of the bots.
I cannot reproduce the failures neither on my machine nor on the same buildbot machine (with the clang binary built on it). Let's see if it fails again..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146574 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| f512560e06185f99b156e1a269d7297658768881 |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Revert the taint test, which is failing on one of the bots for time being.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146541 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| efd6989f4644c8460854606e085fc69535054058 |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Treat stdin as a source of taint.
Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146536 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 1009ac715501a4fa1951d94722dcbe6ab30068f8 |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark output of fscanf and fopen as tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146533 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| e55a22b917327651178ddea36b3615f579681eea |
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark getenv output as tainted.
Also, allow adding taint to a region (not only a symbolic value).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| e3d250e488241cbfe71a592df4d07d03ad89434a |
11-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about.
In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)
This patch also contains 2 small bug fixes:
- swap the order of operators inside SValBuilder::makeGenericVal.
- handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146343 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
aint-generic.c
|
| 6fcd932dfd6835f70cc00d6f7c6789793f6d7b66 |
10-Dec-2011 |
Hans Wennborg <hans@hanshq.net> |
Check that arguments to a scanf call match the format specifier,
and offer fixits when there is a mismatch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146326 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
aint-tester.c
|
| 432a4558b8161c362efc319f8a38e074e74da201 |
09-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix inconsistency on when SValBuilder assumes that 2
types are equivalent.
+ A taint test which tests bitwise operations and which was
triggering an assertion due to presence of the integer to integer cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146240 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 5fc7def35ee858791e591d005b4ae343632ca931 |
08-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] If memory region is tainted mark data as tainted.
+ random comments
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146199 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| dc30967a4633186782e0e204c65dba2552301ec9 |
08-Dec-2011 |
Peter Collingbourne <peter@pcc.me.uk> |
Add an experimental MallocSizeofChecker, which reports inconsistencies
between the casted type of the return value of a malloc/calloc/realloc
call and the operand of any sizeof expressions contained within
its argument(s).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146144 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-sizeof.c
|
| dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through MemRegions.
SVal can be not only a symbol, but a MemRegion. Add support for such
cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| aace9ef279be3dadd53b481aee568bd7701178b4 |
07-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Propagate taint through NonLoc to NonLoc casts.
- Created a new SymExpr type - SymbolCast.
- SymbolCast is created when we don't know how to simplify a NonLoc to
NonLoc casts.
- A bit of code refactoring: introduced dispatchCast to have better
code reuse, remove a goto.
- Updated the test case to showcase the new taint flow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 447375500b03f208ebac7303364106c530e2a9b3 |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simplify the expected-warning statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145855 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| bea728b0f49fcb7fef74d34bfe7d19db4f09075b |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a missing taint tester warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145834 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| 76462f00854171d2aa3ebc34f9aac1c60021b0ea |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove all uses of ConstraintManager::canResonAbout() from
ExprEngine.
Teach SimpleConstraintManager::assumeSymRel() to propagate constraints
to symbolic expressions.
+ One extra warning (real bug) is now generated due to enhanced
assumeSymRel().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| a50b7ab5af79690855af68f1fff7897291ba9535 |
05-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a debug checker to test for tainted data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145827 91177308-0d34-0410-b5e6-96231b3b80d8
aint-tester.c
|
| ee5a21fda5efce750c21db5a1d635c9742f5859b |
01-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make KeychainAPI checker less aggressive. radar://10508828
We trigger an error if free is called after a possibly failed allocation. Do not trigger the error if we know that the buffer is not null.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145584 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 60a4481fd9e5dc68b1070306bd70f2865985961d |
01-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix typo.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145577 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| a078ecf3484d62b01d9f8c01e0fecffd65c583e1 |
01-Dec-2011 |
Ted Kremenek <kremenek@apple.com> |
When analyzing a C++ method (without a specific caller), assume 'this' is non-null. Fixes <rdar://problem/10508787>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145575 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 381c0662095014532bce6706858fd8c4e34da3f7 |
30-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
Per an offline conversation with John McCall, have StmtPrinter actually print out the source expression for OpaqueValueExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145524 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 214323b78b01ef9c1ad226f0eb5bd1187f3efa70 |
29-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
Relax RegionStore to allow loads from CodeTextRegions. Apparently you can actually write code that does this. This seems worthy of a checker, but the StoreManager should handle the memory abstraction without crashing. Fixes PR 11450.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145424 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 3881c6907e3a18dca7878e06ef915e64021156b0 |
28-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more simple taint tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145275 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 8f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5 |
18-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn when non pointer arguments are passed to scanf (only when running taint checker).
There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144964 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 01f2a1ea4d2b124d83eca82e01a0a7482c2c3614 |
18-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] The compiler warning was disabling the analyzer in this test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144946 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 0d339d06f8721d14befd6311bd306ac485772188 |
18-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Do not conjure a symbol when we need to propagate taint.
When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation.
With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted.
Also added some comments and asserts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| 960809e7e9f4a6e949797d20bc081da80495c0e1 |
16-Nov-2011 |
Abramo Bagnara <abramo.bagnara@gmail.com> |
Added missing ImplicitCastExpr around conversion operator call.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144850 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
emp-obj-dtors-cfg-output.cpp
|
| e42a0ab77ca4ad5201591aac5679ef47a08af4b6 |
16-Nov-2011 |
Jim Goodnow II <jim@thegoodnows.net> |
Fixed crash with initializer lists and unnamed bitfields in the RegionStore
Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 9b0970f2c7fdc070b18e113f0bbd96e7f77b4f54 |
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Catch the first taint propagation implied buffer overflow.
Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.
+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144826 91177308-0d34-0410-b5e6-96231b3b80d8
aint-generic.c
|
| b3029960632ca8a3248e74770eda64d6c16f7246 |
14-Nov-2011 |
Douglas Gregor <dgregor@apple.com> |
Use Sema::RequireCompleteType to check for the completeness of
Objective-C classes. This has two purposes: to consistently provide
"forward declaration here" notes when we hit an incomplete type, and
to give LLDB a chance to complete the type.
RequireCompleteType bits from Sean Callanan!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144573 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6540084.m
|
| 4c42bb7815e4f6317826767f8c53776ae03b4028 |
14-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
[static analyzer] Tweak RetainCountChecker's diagnostics to correctly indicate if a message was due to a property access. This can
potentially be refactored for other clients, and this is a regression from the refactoring of property acceses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144571 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes.m
|
| 729aa06b9d190ce01eccb7108415e698fc52f6f4 |
14-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer;Regionstore] handle loads from StringLiteral elements for StringLiterals representing wide strings. Fixes PR 11294.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144563 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| ccf1bfde160c03c677ba530c9dcb77365a9c2d7b |
14-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] teach AnalysisDeclContext::getSelfDecl() about blocks that capture the 'self' variable of the enclosing ObjC method decl. Fixes <rdar://problem/10380300>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144556 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 4b9c2d235fb9449e249d74f48ecfec601650de93 |
06-Nov-2011 |
John McCall <rjmccall@apple.com> |
Change the AST representation of operations on Objective-C
property references to use a new PseudoObjectExpr
expression which pairs a syntactic form of the expression
with a set of semantic expressions implementing it.
This should significantly reduce the complexity required
elsewhere in the compiler to deal with these kinds of
expressions (e.g. IR generation's special l-value kind,
the static analyzer's Message abstraction), at the lower
cost of specifically dealing with the odd AST structure
of these expressions. It should also greatly simplify
efforts to implement similar language features in the
future, most notably Managed C++'s properties and indexed
properties.
Most of the effort here is in dealing with the various
clients of the AST. I've gone ahead and simplified the
ObjC rewriter's use of properties; other clients, like
IR-gen and the static analyzer, have all the old
complexity *and* all the new complexity, at least
temporarily. Many thanks to Ted for writing and advising
on the necessary changes to the static analyzer.
I've xfailed a small diagnostics regression in the static
analyzer at Ted's request.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143867 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
etain-release-path-notes.m
|
| 129d92478d9747fc7a1bb498efb089badf7cee69 |
05-Nov-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Switch these two tests to use the Clang driver instead of CC1. They want
to do "realistic" includes, and so need the header search logic now in
the driver. This in turn requires switching the CC1 options to the
actual driver options, and passing -Xclang where there is no analogy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143805 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
|
| 6a9065a39ab15383082b914af28759da1652db18 |
05-Nov-2011 |
Ted Kremenek <kremenek@apple.com> |
Per discussion with John McCall, don't add OpaqueValueExprs to the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143766 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 2d950b15b2b2b650b102ecf0c6b50b45e0cb6a8a |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix PR11282 - an assert in markAsSink
This is another fallout from the refactoring. We were
calling MarkAsSink on a cached out node.
(Fixes radar://10376675)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143516 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| cdcc653642d4ac9255c574fabe74a48149e06733 |
01-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] BranchNodeBuilder should not generate autotransitions.
This fixes radar://10367606
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143514 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 4a037c70fdaefafb9c635fedb7035ad462a2742c |
28-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143215 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret-region.m
dar-6600344-nil-receiver-undefined-struct-ret.m
|
| 58f6f1e37ab32fdd0c8bab6771d8e09bc139e9ed |
25-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Add source-level dominators analysis. Patch by Guoping Long!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142885 91177308-0d34-0410-b5e6-96231b3b80d8
omtest.c
|
| 1d26f48dc2eea1c07431ca1519d7034a21b9bcff |
24-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
nline3.c
|
| beedc5f4b027576f3a58d397f1599fc9d61baa4a |
20-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Add test case for analyzer crash reported in <rdar://problem/10308201> (which is already fixed in mainline).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142606 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 18c9bd3b4751c70f297caadf9ae0bfb863df2be7 |
19-Oct-2011 |
Rafael Espindola <rafael.espindola@gmail.com> |
Fix the signatures of vfork, __sigsetjmp and sigsetjmp.
Patch by Dimitry Andric.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142531 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 762bb9d0ad20320b9f97a841dce57ba5e8e48b07 |
14-Oct-2011 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Update all tests other than Driver/std.cpp to use -std=c++11 rather than
-std=c++0x. Patch by Ahmed Charles!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141900 91177308-0d34-0410-b5e6-96231b3b80d8
R9741.cpp
isc-ps-cxx0x.cpp
ullptr.cpp
|
| 6700415542121e2cb7d867728046ffa21e402019 |
12-Oct-2011 |
Rafael Espindola <rafael.espindola@gmail.com> |
Add returns_twice to functions that are known to return twice. This implements
the same behavior of gcc by keeping the attribute out of the function type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141803 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| a7957ff18c2480cb46081311067b61eb47023355 |
11-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053).
A patch by Graham Lee!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141643 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 46eaf7789a1059a7b42b7dbd183150c72df5738f |
11-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Teach the static analyzer about CXXForRangeStmt. Patch by Jim Goodnow II!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141587 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| 744f1cd66bb6747ea71fbf1172698e7bf35ec88d |
08-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Provide basic static analyzer support for CXXTemporaryObjectExpr. Patch by Jim Goodnow II.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141433 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| c80850353f4051f36be9f5be9738cf877406311a |
06-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
[static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141312 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| 93edbc5269c166e3ab50ccb323b934c7bdf07c3c |
06-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix major regression in RetainCountChecker. DefaultSummaries were not being used when they were meant to be. Fixes <rdar://problem/10241614>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141250 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| d1e40d5389a4382cbebc97d54792f41ee0414af4 |
02-Oct-2011 |
John McCall <rjmccall@apple.com> |
Make -fobjc-nonfragile-abi the -cc1 default, since it's the
increasingly prevailing case to the point that new features
like ARC don't even support the fragile ABI anymore.
This required a little bit of reshuffling with exceptions
because a check was assuming that ObjCNonFragileABI was
only being set in ObjC mode, and that's actually a bit
obnoxious to do.
Most, though, it involved a perl script to translate a ton
of test cases.
Mostly no functionality change for driver users, although
there are corner cases with disabling language-specific
exceptions that we should handle more correctly now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140957 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
dar-7168531.m
nused-ivars.m
|
| 6a835dddf45922e71a87637fdfac0863de65123c |
02-Oct-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix LiveVariables analysis bug with MaterializeTemporaryExpr and fix handling in ExprEngine. Fixes <rdar://problem/10201666>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140956 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| b459cf34c4df1a1317a9bda1e1e2cc32364e62cf |
01-Oct-2011 |
Anna Zaks <ganna@apple.com> |
Address PR10616. The crash has already been fixed by Ted in r140725, so just refactor to use existing API + test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140932 91177308-0d34-0410-b5e6-96231b3b80d8
iv-zero.cpp
|
| 7df2ff45f101c87398329d0ea23c1377328dca40 |
01-Oct-2011 |
John McCall <rjmccall@apple.com> |
Tweak the interface for analyzing the CF conventions for a name
to take a FunctionDecl* instead of an llvm::StringRef. Eventually
we might push more logic in there, like using slightly different
conventions for C++ methods.
Also, fix a bug where 'copy' and 'create' were being caught in
non-camel-cased strings. We want copyFoo and CopyFoo and XCopy
but not Xcopy or xcopy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140911 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| e4c6675cccbaac991843def43072687bca50d989 |
30-Sep-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when analyzing C++ code involving constant enums and switch statements (<rdar://problem/10202899>).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140844 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 0658879cc98e8cb918e2f349a59c901f74f0de11 |
30-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug in RetainReleaseChecker diagnostics. It gives more precise error message on the modified test case (and prevents duplicate diagnostics when we purge at block granularity).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140840 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| d30952838421ddfb9f7e346b2ba8213889a5f789 |
30-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add -analyzer-purge option which can take on multiple values, remove -analyzer-purge=none. (Small refactor as well: move the work of constructing AnalysisManager from the callers to the class itself.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140838 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 7e5f112ca7410af93c7cdc07cf3a9dae15214300 |
28-Sep-2011 |
Anna Zaks <ganna@apple.com> |
Fix a crash in MallocOverflowSecurityChecker. Patch by Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140648 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-overflow.cpp
|
| 6479c664f0ea191e72224578b655d8846f919bef |
27-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Remove target triple from the malloc overflow test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140635 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-overflow.c
|
| 09ca9ef5f92cf4375a19bf7a80d571779c9f370f |
21-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a bug where PathDiagnosticLocation did not generate a valid range and add asserts to check validity of locations early on. Ignore invalid ranges in PathDiagnosticPiece (they could be added by checker writers).
Addresses radar://10124836 and radar://radar10102244.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140218 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 0cd59482abd8aec9ed1eaad11f5fe9c1e42639f6 |
16-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 5 of ?):
- Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods.
- The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private.
- Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139932 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| f2b4e6652f15ed3b9492216badc9688ba7ccfe38 |
15-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 4 of ?):
- The closing brace is always a single location, not a range.
- The test case previously had a location key 57:1 followed by a range [57:1 - 57:1].
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139832 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| 4d353eb8af7324c0ee3736c736668f6c9b162ee0 |
14-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] After CFG has been linearized, we can have a situation where an ExpoledNode has an invalid SourceLocation (which has no correspondence in the source code). This commit is the first step to solve this problem.
- It adds LocationContext to the PathDiagnosticLocation object and uses it to lookup the enclosing statement with a valid location.
- So far, the LocationContext is only available when the object is constructed from the ExplodedNode.
- Already found some subtle bugs(in plist-output-alternate.m) where the intermediate diagnostic steps were not previously shown.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139703 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| 773d847fbe93479f7499e2076c9d8d99870c5fb0 |
12-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simplify the test, use generic/more descriptive names.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139516 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
|
| 7a756463ffe90f9a06c8cc8c190f22a5e4366c25 |
12-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a failure encountered while analyzing bind (radar://10105448).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139509 91177308-0d34-0410-b5e6-96231b3b80d8
ndef-buffers.c
|
| f7afe4abd29062b1761e06ec22d2e4216c22519e |
12-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a new failure encountered while building Adium exposed as a result of r138196(radar://10087620). ObjectiveC property of type int has a value of type ObjCPropRef, which is a Loc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139507 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
|
| 0047ed1f73b40b4b76ec190052a8deadb00734c2 |
12-Sep-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Test for -analyze-function on ObjectiveC to accompany r139439.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139506 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzeOneFunction.m
|
| 822eeb581097aeecf0f71c7bde0dc454b242f9ee |
05-Sep-2011 |
Benjamin Kramer <benny.kra@googlemail.com> |
Stop cluttering the test directory with temporary files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139114 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| 17a38e2636a8b1ce473fc6504c4b16cb09db29f4 |
02-Sep-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine.
Remove TransferFuncs from ExprEngine and AnalysisConsumer.
Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138998 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
SPanel.m
SString.m
SWindow.m
R2599.m
fref_PR2519.c
ead-stores.m
elegates.m
dempotent-operations.m
bjc-arc.m
list-output-alternate.m
r_2542_rdar_6793404.m
roperties.m
dar-6562655.m
efcnt_naming.m
etain-release-gc-only.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
etain-release-region-store.m
etain-release.m
etain-release.mm
|
| d56763fd33321cb3d0f17804abecb379cea78c01 |
01-Sep-2011 |
Zhongxing Xu <xuzhongxing@foxmail.com> |
If size was equal to 0, either NULL or a pointer suitable to be passed to
free() is returned by realloc(). Most code expect NULL.
And we only need to transfer one final ProgramState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 8b6eb7ce4f6a7124babd4d7f6f4bb4bb5f6daddf |
29-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement on the previous commit.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138762 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 5c96f862b7789594b11db74416af12e379a299b9 |
29-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Fix bug 10797: Crash: "cast<Ty>() argument of incompatible type!" assert when analyzing ICU.
Patch by Jean-Daniel Dupas. Thanks for spotting and fixing!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138757 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 05a4652fe679939b4641f967bdf900fce3cb56c3 |
27-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Add test case for handling of __bridge_transfer that previously resulted in a 'stack address' warning (that was fixed in r138616). Fixes <rdar://problem/10018376>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138710 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
|
| 782f63ecd124f9384f988dc7e0cf4ae1540c15f6 |
26-Aug-2011 |
Jeffrey Yasskin <jyasskin@google.com> |
Handle CXXTempObjectRegion in StackAddrEscapeChecker.
Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now
that it doesn't crash, and extract the stack-block test into another file since
it errors, and that prevents the analyzer from running.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138613 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
tack-block-returned.cpp
|
| 98401114e1c6dd3a3271820d16781d792555e40e |
24-Aug-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] MacOSKeychainAPIChecker: Provide reacher diagnostic trace by pointing to the allocation site when reporting a leak.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138479 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI-diagnostic-visitor.m
|
| 6cf0ed062fb7ff3def3b627bab8ca275a549579e |
24-Aug-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138417 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 540dda6f2e4982b3eab0300c804345f5b6104c11 |
23-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)
incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.
Fixes <rdar://problem/10008112>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138372 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound-notwork.c
utofbound.c
|
| 7bbd166c0e7644e56257537fc16082bf270f8dfb |
23-Aug-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138296 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| e62e87bdb14ec0237819a3b66f6a30105a8f5a0c |
20-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Move handling of hardcoded noreturn ("panic") methods from CFRefCount to NoReturnFunctionChecker. No functionality change intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138210 91177308-0d34-0410-b5e6-96231b3b80d8
FRetainRelease_NSAssertionHandler.m
|
| 647a75160df6d53d26724038b3bfe0d836513f58 |
18-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Add a test for checking that custom diagnostic visitors are working.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137970 91177308-0d34-0410-b5e6-96231b3b80d8
efault-diagnostic-visitors.c
|
| 5bd04952d4ae7ca894f583583208f0cec4735a90 |
16-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] teach ExprEngine about loads from static C++ class fields. Fixes <rdar://problem/9948787>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137760 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| b1a1950291c1385008af7d33b56fdb881a9b9ee5 |
16-Aug-2011 |
Anna Zaks <ganna@apple.com> |
MacOSKeychainAPIChecker: Turn it on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137740 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| f0c7fe56891d9d329e45d968a3ac2437f78f4bfa |
16-Aug-2011 |
Anna Zaks <ganna@apple.com> |
MacOSKeychainAPIChecker: Do not report double allocation if first allocation returned an error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137720 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| f7ce52b0995efd65d51a3359939c09022a23e04c |
13-Aug-2011 |
Anna Zaks <ganna@apple.com> |
MacOSKeychainAPIChecker: Test all APIs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137549 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 79c9c75737cb22fd74d186999eccc10672eef8c0 |
13-Aug-2011 |
Anna Zaks <ganna@apple.com> |
MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 703ffb11eff7bc6e8532bdbe54045e19a7732253 |
12-Aug-2011 |
Anna Zaks <ganna@apple.com> |
MacOSKeychainAPIChecker:
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.
Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137523 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| ddddd48da72bc29d1c3f388ed91ea5549328129e |
12-Aug-2011 |
NAKAMURA Takumi <geek4civic@gmail.com> |
De-Unicode-ify.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137430 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| 7d11c3f691674177bc7308c0fc6c82cb745bed0b |
06-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] add more buffer overflow tests to show we handle sizeof(VLA) in obstruse ways...
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137007 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| ca0b57e07cfa029d4a6a061260727625bd833fd4 |
05-Aug-2011 |
Anna Zaks <ganna@apple.com> |
KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136952 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 62a811d171fd16cb45b4617be40d10aec8578c07 |
05-Aug-2011 |
Anna Zaks <ganna@apple.com> |
KeychainAPI checker: forgot to commit the test with r136930. This should fix the bot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136938 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 03826aaf95018e3b29f94a10ca5616c0fc9bbee5 |
04-Aug-2011 |
Anna Zaks <ganna@apple.com> |
KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136851 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| 033a07e5fca459ed184369cfee7c90d82367a93a |
04-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] rename all experimental checker packages to have 'experimental' be the common root package.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136835 91177308-0d34-0410-b5e6-96231b3b80d8
FRetainRelease_NSAssertionHandler.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
dditive-folding-range-constraints.c
dditive-folding.c
rray-struct-region.c
rray-struct.c
string.c
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
hroot.c
oncrete-address.c
onstant-folding.c
ead-stores.m
lementtype.c
xercise-ps.c
ields.c
ree.c
unc.c
terators.cpp
eychainAPI.m
alloc-overflow.c
alloc.c
isc-ps-64.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps-region-store.mm
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
perator-calls.cpp
ut-of-bounds.c
utofbound.c
verride-werror.c
list-output-alternate.m
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
threadlock.c
tr-arith.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6562655.m
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
eference.cpp
egion-1.m
ecurity-syntax-checks-no-emit.c
ecurity-syntax-checks.m
elf-init.m
izeofpointer.c
tream.c
tring-fail.c
tring.c
ndef-buffers.c
nreachable-code-path.c
|
| 17f7bdddd11a2dc5b4be248f756e14b1ebfe207b |
03-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136804 91177308-0d34-0410-b5e6-96231b3b80d8
alloc-overflow.c
|
| e68b5f1fa73f8404c5d6859a3d8a139fb1da7bbb |
02-Aug-2011 |
Anna Zaks <ganna@apple.com> |
KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136694 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| f57be289b6040c6c92c026844a70b4f8eaba34f3 |
02-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136659 91177308-0d34-0410-b5e6-96231b3b80d8
eychainAPI.m
|
| a4c7a4314ffbe402091695874e93d9b0a79c8099 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Really remove FlatStoreManager and BasicStoreManager, this time from the driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136422 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
ead-stores.cpp
elegates.m
xercise-ps.c
ields.c
unc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-ranges.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
dar-6442306-1.m
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-path-notes-gc.m
etain-release-path-notes.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
ninit-vals.m
nix-fns.c
ariadic-method-types.m
|
| fc5b21df5f0ac84ac74fabccdf84592e09a83a55 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove flat store tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136421 91177308-0d34-0410-b5e6-96231b3b80d8
lat-store.c
isc-ps-flat-store.c
|
| 882998923889a2fcce9b49696506c499e22cf38f |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
nitializers-cfg-output.cpp
ut-of-bounds.c
list-output-alternate.m
etain-release.m
tack-addr-ps.c
emp-obj-dtors-cfg-output.cpp
|
| eea72a925f294225391ecec876a342771c09b635 |
29-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to
the proper expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136412 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| eee3ef177a171c06f826c331e7a9e256d01eaeb0 |
24-Jul-2011 |
Fariborz Jahanian <fjahanian@apple.com> |
objc: clang should warn if redeclaration of methods
declared in protocol in the class qualified by the
protocol have type conflicts. To reduce amount of
noise, this is done when class is implemented.
// rdar://9352731
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135890 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 6c2c250db1e2d0138bbfaadbbec3118db7e8a8c9 |
22-Jul-2011 |
John McCall <rjmccall@apple.com> |
In Objective-C, pull arbitrary attributes from overridden
methods, including indirectly overridden methods like those
declared in protocols and categories. There are mismatches
that we would like to diagnose but aren't yet, but this
is fine for now.
I looked at approaches that avoided doing this lookup
unless we needed it, but the infer-related-result-type
checks were doing it anyway, so I left it with the same
fast-path check for no previous declartions of that
selector.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135743 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| dcb1d5d681d857eb7f534dec1f2b3d5a9f81d1f1 |
19-Jul-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analysis] Add checks for double-locking and lock order reversal bugs for
pthread and XNU locks. Patch by Rui Paulo!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135515 91177308-0d34-0410-b5e6-96231b3b80d8
threadlock.c
|
| 797a7be0de6fbedaa85082b07ec9ce0674f30773 |
16-Jul-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Per discussions with the Cocoa team, extend CF naming conventions to extend to camel case functions instead of just title case functions. Fixes <rdar://problem/9732321>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135350 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| deefaf6eac47046f60b059d519585c42618a5291 |
16-Jul-2011 |
Jordy Rose <jediknil@belkadan.com> |
Update retain-release.m to match updated warnings from r135310
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135317 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5b5402bbdadcf7d8e4aa83a803b6f33b03458c24 |
16-Jul-2011 |
Jordy Rose <jediknil@belkadan.com> |
Add tests for CFRefReport's path notes, and fix a few typos and non-standard terminology ('+0 retain counts') caught by the tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135310 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-path-notes-gc.m
etain-release-path-notes.m
|
| 8f08426e6f54ed20b959018f24dbea106a00b4ad |
15-Jul-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] GNU __null is a pointer-sized integer, not a pointer. Fixes PR10372.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135294 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| 786dcd9dca76e3780fdb9642c0db33ed13db1187 |
06-Jul-2011 |
Douglas Gregor <dgregor@apple.com> |
Teach the static analyzer's interpretation of Cocoa conventions to
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134493 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 0fa6bf7f021880e625dab018a25877fb0164d038 |
28-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] strnlen isn't a builtin, don't test for it
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133994 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| eda368791b21aafaf87012c8552dc5181c0ff7a1 |
27-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133937 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.m
ninit-vals.m
|
| 8912aaedb413b15f6dd1d8997d80e1d505f7d52f |
20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Finish size argument checking for strncat (and strncpy).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133472 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 5e5f15062bcf4b62fda9062b453178f8b9bd0c2d |
20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133408 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 9e49d9fbdc861c25c2480233147dee07f5fa9660 |
20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133406 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
tring.c
|
| adc42d412d747391dbcee234610f00b0f087cf7b |
16-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133154 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| f85e193739c953358c865005855253af4f68a497 |
16-Jun-2011 |
John McCall <rjmccall@apple.com> |
Automatic Reference Counting.
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.
Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133103 91177308-0d34-0410-b5e6-96231b3b80d8
bjc-arc.m
r4209.m
|
| d5af0e17b00ab2ee6a8c1f352bb9eeb1cc5b2d07 |
15-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133046 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 467f7c8ba2b3c3b65065d05323696ded5d8a93a9 |
14-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132958 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
tring-fail.c
tring.c
|
| 793bff3fb7ca2a31e81aa7f4f3f21f921459010b |
14-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132955 91177308-0d34-0410-b5e6-96231b3b80d8
tring-fail.c
tring.c
|
| 4c4efee6d3113f20b41efaeec08934332d2ea40e |
13-Jun-2011 |
Douglas Gregor <dgregor@apple.com> |
Eliminate the -f[no]objc-infer-related-result-type flags; there's no
reason to allow the user to control these semantics through a flag.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132919 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
etain-release-gc-only.m
etain-release.m
etain-release.mm
ninit-ps-rdar6145427.m
ariadic-method-types.m
|
| ac73ea8c12772fd0dcec71b83c193a2837de7f8b |
10-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132840 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 7fead31dbee1a1349d360eff7b56dc6571449443 |
09-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Ignore parentheses around block-level expressions when computing liveness. Fixes the other half of PR8962.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132769 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 22043b5ad4278cba814608f0368813acfcf24b67 |
09-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Look through __extension__ expressions in a GRState's Environment. Fixes PR8962.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132762 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| 3f8bb2fa289c956a66613b0f09e3df5e25d27c66 |
04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132617 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| 22d27178bf795145439b9588e260ccceab79a088 |
04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59 |
04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132605 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| f13654600b6c567b2f05902cfa2e86b23ddcbd4b |
26-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Tighen analyzer diagnostics w.r.t ObjC/CF leaks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132130 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| e5cfd52a3a5d4bb46f77323fa8fa0b973fcde7bc |
26-May-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132100 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.c
|
| d1e015eb441910937c74d489970322a3a3491a67 |
25-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach analyzer about cf_returns_not_retained for C functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132049 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
|
| d368d71169cd87ef8ff95388be80a044fa35112f |
25-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Enhance retain/release checker to flag warnings when functions returning CG types do not follow the Core Foundation naming conventions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132048 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
etain-release.m
|
| 29c9e62f412c9db3ee238db2472390685a6303f3 |
24-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Add explicit CFG support for ignoring static_asserts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132001 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-cxx0x.cpp
|
| ce30688b8aa0effd70a7a69a4d1e3d6a2a86efcd |
21-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in static analyzer's handling of prefix '--' operator. It was being treated as postfix '--' in C mode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131770 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| c46d6410947b18ac4c52cff4d0f8021b10a57c1e |
20-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore not to symbolic array values whose indices it cannot reason about.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131702 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 6e744db7c294f357e7e0af628275331f3a6c1b6b |
19-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach static analyzer to analyze Objective-C methods in category implementations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131614 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| bc869de349227707a07ccc783344d255cf37ec16 |
10-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Elide __label__ declarations from the CFG. This resolves a crash in CFGRecStmtDeclVisitor (crash in static analyzer).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131141 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 094ea0afcfa79eb0c4a2c35a059491be3ab954a9 |
03-May-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130758 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 9ca2851de4cc62ddd8466312603fe41bdac10eb5 |
02-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak the retain/release checker to not stop tracking retained objects when calling C++ methods. This is a temporary solution to prune false positives until we have a general story using annotations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130726 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.mm
|
| 35bdbf40624beba3fc00cb72ab444659939c1a6b |
02-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
etain-release.mm
|
| 454fd2d3a1b6d0ef225c5d3927c1ad3b97510d1a |
02-May-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130708 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| a2a3da6503bb0738f91bb46863b586b37de47367 |
30-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Move the SelfInit checker to the 'cocoa.experimental' package.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130598 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| b94dd9e76b3f86d9b6e4e38cf0b5da07ada82993 |
30-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Adjust test/Analysis/retain-release.m to also test the retain/release checker in Objective-C++ mode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130559 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| bd1d16a1792cd6ea5ede9869e18d781e3fc1a8c3 |
28-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements strcasecmp() checker in Static Analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130398 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 4d8d803b06804defe25346871c7beb6096540c4a |
27-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130303 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 6b4f567109d76ce1f1de289554e35f2a7bbeff6b |
27-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130292 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomic_mac.cpp
|
| 8a285ae6fc4926cc4e419025eec63e2d6696e13f |
26-Apr-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Emit a -Wnull-dereference warning for "*null" not just "*null = something". Addresses rdar://9269271.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130207 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
onstant-folding.c
lat-store.c
isc-ps.m
tring.c
|
| 357f6ee9f1f6f8e5027377cb3e5907c62c4fe3df |
26-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130161 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| e970c60dadaf22019743724bac879dbefbc4f5e3 |
22-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer support for C++'0X nullptr. Patch by Jim Goodnow II.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130003 91177308-0d34-0410-b5e6-96231b3b80d8
ullptr.cpp
|
| f05982b5f8f69a1d618c3bd844ab6efd3a6e2953 |
19-Apr-2011 |
Anders Carlsson <andersca@mac.com> |
Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129741 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| b403d6d746239095a2c7bac958c924d92434e2b4 |
18-Apr-2011 |
Richard Smith <richard-llvm@metafoo.co.uk> |
Fix PR9741. The implicit declarations created for range-based for loops weren't being added to the DeclContext (nor were they being marked as implicit). Also, the declarations were being emitted in the wrong order when building the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129700 91177308-0d34-0410-b5e6-96231b3b80d8
R9741.cpp
|
| fc8f0e14ad142ed811e90fbd9a30e419e301c717 |
15-Apr-2011 |
Chris Lattner <sabre@nondot.org> |
fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
dempotent-operations.c
isc-ps-eager-assume.m
tring.c
|
| 9281efe614741f3742ebf8196a703f6c923c6ff0 |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129395 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| 82cfc6849204b07e80f8ac71e33247f7df760032 |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129366 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| 318dd92ad834857ea5bb91de288c1eb56cdbec1a |
12-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129364 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 9d5d308c9be367ec41cc6a89f215d45f675b4617 |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: invalidate by-ref arguments passed to constructors in a 'new' expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129349 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 3bab50b802f402b7020aeb3ba6cec90bb149678c |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in SimpleSValBuilder where '--' pointer arithmetic was treated like '++' pointer arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129348 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| bf1a66764a12f6cceb6ba8b349d4b74996e3786b |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager::invalidateRegions: treat classes the same as structs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129333 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 235c02f79e0ece9463490aa87eaaa02bad300dac |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach GRState::getSValAsScalarOrLoc() about C++ references.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129329 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 9fec9b1fbd32e71ce8acb701165fd6649b3d8285 |
12-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129308 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 067bbd0e11c71a33b51832532e836971be697699 |
09-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
strcat() and strncat() model additions to CStringChecker.
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129215 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 5fe98728dca1f3a7a378ce1a21984a0f8a0c0b8b |
09-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Start overhauling static analyzer support for C++ constructors. The inlining support isn't complete, and needs
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129166 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 98b8f16a0b056919f24206a8a3ca86f9ea75fa34 |
06-Apr-2011 |
John McCall <rjmccall@apple.com> |
When updating the retain summary based on {cf,ns}_consumed attributes,
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128998 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 9cb677e3d8bffc665fd2a62e65b0f2f5e659a61d |
05-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
Also, brings the security syntax checker more inline with coding standards.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128916 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| d40066b0fb883839a9100e5455e33190b9b8abac |
05-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128858 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 1659acb9f93bab0c3e56d0c0f504d2ba41d6403e |
05-Apr-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Change test/Analysis/idempotent-operations.c to output the .plist file in the test output directory.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128849 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 45fa623886dfb6a23b3cfd6d8764e05884382180 |
03-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128783 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 422ab7a49a9a4252dbc6350e49d7a5708337b9c7 |
02-Apr-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128761 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.cpp
|
| 5b67a82a2621c148694ff0f0352aa949b363934c |
01-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128679 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| b8b875be7b2d177d755641c6212111859372d611 |
31-Mar-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Adding Static Analyzer checker for mempcpy().
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128677 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| 94ae8fd470471134114599ccfc2301da05719212 |
31-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
recover some path-sensitivity by conjuring a symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128612 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 41c5f498b2d10fab683f1c5685ff79c90a737d24 |
31-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128611 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| b277159055933e610bbc80262b600d3ad7e0595c |
30-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128557 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
nline.c
isc-ps-region-store.cpp
|
| 65b427f96821b7ba0646a40979059573faf25040 |
26-Mar-2011 |
Anders Carlsson <andersca@mac.com> |
Don't add a symbolic region for 'this' if the member function is static.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128340 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 5188507b9a1b09ec95c14ffadf0e832f2b47aa8a |
24-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Rework checker "packages" and groups to be more hierarchical.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128187 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
heckNSError.m
issingDealloc.m
SString.m
bjCRetSigs.m
R2978.m
dditive-folding.c
rray-struct-region.c
string.c
onstant-folding.c
ree.c
terators.cpp
alloc.c
isc-ps-region-store.m
isc-ps.m
o-outofbounds.c
ut-of-bounds.c
utofbound.c
dar-6541136-region.c
etain-release-gc-only.m
etain-release.m
ecurity-syntax-checks-no-emit.c
ecurity-syntax-checks.m
elf-init.m
tring.c
ndef-buffers.c
nix-fns.c
nreachable-code-path.c
nused-ivars.m
ariadic-method-types.m
|
| f3f929386254a53c398fa884848738113a73ca23 |
17-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127798 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| 928c415d5dde89b7c01e41f0dfa8a782cbfa8e7d |
17-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127797 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| 613744181322b9680a4b3d59cce87d7e5e572c99 |
17-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
invalidating the entire binding. Fixes PR 9455.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127796 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| d5fde2106af8e78cc1b97d6369ad0de5d0875491 |
16-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127719 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| cf995d357759221f0a3b9fcd9315b004a4aa38ad |
15-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove bogus assertion in IdempotentOperationsChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127687 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.m
|
| f3f5379f6da7f8f141a53e2945871a5aa5431e02 |
15-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove old UninitializedValues analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127656 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
ninit-vals.c
|
| 6fb5c1facaf36795a8c1050cd901e0e829ac1a64 |
14-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.
Also add a test case showing that we correctly report multiple warnings for the same message expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127605 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| 4597b7b28e3a71f3c4f0ee3a3bd6a34423e6f885 |
13-Mar-2011 |
Anders Carlsson <andersca@mac.com> |
Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.
Ted or Argiris, I'd appreciate a review!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127572 91177308-0d34-0410-b5e6-96231b3b80d8
ariadic-method-types.m
|
| e9cd9c0016f103fd45d41d136d5d1084aa42eb75 |
13-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix CFG assertion failure reported in PR 9467. This was due to recent changes in optimizing CFGs for switch statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127563 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 603ea78728e57815fe859665b648837c5cff6c37 |
13-Mar-2011 |
Jakob Stoklund Olesen <stoklund@2pi.dk> |
XFAIL this on windows where <vector> contains surprises.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127559 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
|
| 9ede3076012c45cb5d2dcfdaf943279be0b3cd5c |
12-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak test to hopefully appease FreeBSD buildbot.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127533 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| e56d349c905fbd448d651591e7e73ade71ff9e6f |
12-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove stray output file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127532 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.plist
|
| ade3195a201e16e989e9f93a568fb1806519077c |
12-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127531 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
nalyzer-stats.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
dempotent-operations.plist
isc-ps-region-store.m
isc-ps.m
ull-deref-ps.c
dar-6540084.m
ninit-vals-ps-region.m
nreachable-code-path.c
|
| dd54de85cd98b85a79857723bcf3d7d95073a2a0 |
12-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.
This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127525 91177308-0d34-0410-b5e6-96231b3b80d8
terators.cpp
|
| cf333339615da345c2ed6e873d94a501810d9f3f |
09-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127288 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| b62bdce3e981ea4f357126bc391be1cbc1efa4df |
08-Mar-2011 |
Anders Carlsson <andersca@mac.com> |
Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127268 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| e224ba7e3e604113aa160c379293bcb6425e8f36 |
07-Mar-2011 |
Carl Norum <carl.norum@apple.com> |
Fix tests to account for new warning "expected ';' at end of declaration list". Sorry, folks!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127188 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| e71f3d587844110d836c82250830b27b1651afdb |
02-Mar-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach CFGBuilder to prune trivially unreachable case statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126797 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| c4d2c9074be6eb2091086eddd6c8f052f3b245c8 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove '-analyzer-check-objc-mem' flag, the nominee for best misnomer award.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126676 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
FRetainRelease_NSAssertionHandler.m
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
R7218.c
dditive-folding-range-constraints.c
dditive-folding.c
nalyzer-stats.c
rray-struct-region.c
rray-struct.c
ase-init.cpp
locks.m
string.c
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
hroot.c
omplex.c
oncrete-address.c
onstant-folding.c
xx-crashes.cpp
ead-stores.c
ead-stores.cpp
erived-to-base.cpp
tor.cpp
lementtype.c
xercise-ps.c
ields.c
lat-store.c
ree.c
unc.c
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
nitializer.cpp
nline.c
nline2.c
nline3.c
nline4.c
value.cpp
alloc.c
ethod-arg-decay.m
ethod-call.cpp
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-flat-store.c
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps-region-store.mm
isc-ps.m
ew.cpp
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
perator-calls.cpp
ut-of-bounds.c
utofbound.c
verride-werror.c
list-output-alternate.m
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
eference.cpp
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
elf-init.m
tack-addr-ps.c
tackaddrleak.c
tream.c
tring.c
ndef-buffers.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.m
ninit-vals-ps.c
ninit-vals.m
nions-region.m
nix-fns.c
nreachable-code-path.c
|
| 872b8d1e81095b84c856153998fa2a6041f52d80 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Move test/SemaObjC/method-arg-decay.m -> test/Analysis/method-arg-decay.m
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126675 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-arg-decay.m
|
| d655ab28fdf7c940d3f79f8f287954d7f76e0977 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Run the ExprEngine depending on the CheckerManager having path-sensitive checkers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126674 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
GColorSpace.c
elegates.m
roperties.m
|
| 344500e3b78b95e2d911f45a64c5364d346ba799 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] The current UninitializedValuesChecker will go away, remove '-warn-uninit-values'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126673 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
ninit-vals.c
|
| b3d74da3e1620c9a7a378afb5f244e4987e6713e |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.
They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126659 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
string.c
omplex.c
onstant-folding.c
tor.cpp
lat-store.c
dempotent-operations-limited-loops.c
nline.c
isc-ps-basic-store.m
isc-ps-region-store.cpp
verride-werror.c
list-output-alternate.m
etain-release-region-store.m
tring.c
nreachable-code-path.c
|
| d84f422ebfde2145bce79a8fa823e3393b392994 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analzyer] Migrate CallAndMessageChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126626 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
dar-6600344-nil-receiver-undefined-struct-ret.m
ninit-msg-expr.m
ninit-ps-rdar6145427.m
|
| bd90076671c8012244bb7e3fd84b6789e47cb199 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate AttrNonNullChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126623 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 7f649d749f18b3499456d7ae6a69f3bbd7cf7cdc |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ReturnUndefChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126619 91177308-0d34-0410-b5e6-96231b3b80d8
R7218.c
isc-ps-ranges.m
|
| 267aa5c93b1eecc1d6f2c65ed2ba1fe840a9d0fd |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126617 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
ndef-buffers.c
|
| cc05d511b26ac6dc80fcbcc78ac305d2755aa0b9 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UndefBranchChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126616 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 265c674f634e99e5df1135d764e21365351372da |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126615 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 180e03f9761aa55b5adca430706595e1bbb79c4d |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate UndefResultChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126614 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
ninit-vals-ps-region.m
ninit-vals-ps.c
|
| 3267d9563f8265bfce967b3801273a7c53b91346 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate NoReturnFunctionChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126613 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
etain-release.m
|
| a676d501a001657892c483bd4d651650e168f337 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Move the DeadStores checker out of the 'core' package.
-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126612 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
nalyzer-stats.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
dar-6540084.m
nreachable-code-path.c
|
| 103487088211c13ff3ae66f265130c56fb6be025 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate BuiltinFunctionChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126611 91177308-0d34-0410-b5e6-96231b3b80d8
ree.c
utofbound.c
tack-addr-ps.c
tackaddrleak.c
|
| f029366e3028b1002cd16a88b07bab5bffc73339 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate OSAtomicChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126610 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 05357018b2e5e66559ad0ce2147dc1db9af42b9d |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.
Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126609 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| 58f2e7c3c3860e410fa3d8252862ef10be7cdc70 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126608 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-stats.c
|
| 6dd4dffe1090e820e9b5b25eee8ad3907a1aa679 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove '-analyzer-experimental-checks' flag.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126607 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
rray-struct-region.c
string.c
onstant-folding.c
alloc.c
perator-calls.cpp
utofbound.c
ndef-buffers.c
|
| 312dbec867f6b8d6b86fd562c53352cd4db27468 |
28-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate MallocChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126606 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
ree.c
alloc.c
isc-ps.m
o-outofbounds.c
|
| abea951c34876a5374d0e3678c7989b225c5c895 |
28-Feb-2011 |
Anders Carlsson <andersca@mac.com> |
Add -fcxx-exceptions to all tests that use C++ exceptions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126599 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
ead-stores.cpp
|
| b8d545ca06761ce779eb14326af7b2dfeb1196fc |
25-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Update test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126523 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
tackaddrleak.c
|
| 65d39251ff57b8e33cf6d3a7fcc6aa1c6f8cdc68 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126440 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
nalyzer-stats.c
rray-struct-region.c
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
onditional-op-missing-lhs.c
onstant-folding.c
ead-stores.c
ead-stores.cpp
ead-stores.m
elegates.m
lementtype.c
xercise-ps.c
ields.c
ree.c
unc.c
alloc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps-region-store.mm
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret-region.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
perator-calls.cpp
utofbound.c
verride-werror.c
list-output-alternate.m
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
eference.cpp
egion-1.m
ndef-buffers.c
|
| 0d6b0c00823410c8d532fc15e40c9b62ae43a08b |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate CastSizeChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126438 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 38c8fe705ec4a8efa8992b99ab6d264fff14ca36 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Allow passing a list of comma separated checker names to -analyzer-checker, e.g:
-analyzer-checker=cocoa,unix
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126372 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
isc-ps-region-store.m
isc-ps.m
tr-arith.c
etain-release.m
tring.c
nix-fns.c
nreachable-code-path.c
|
| 8be5b3aced37e1c7728741c60d47011f11649a58 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ArrayBoundChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126371 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
utofbound.c
dar-6541136-region.c
|
| 69355798abdbe5e78d1185af7d4600b9355b5814 |
24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate ReturnPointerRangeChecker to CheckerV2.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126369 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| f226d18f0f49394cec460699f4268e32bd0ce833 |
24-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix tiny error in CFG construction for BinaryConditionalOperators, making sure the branch always has two successors. Also teach Environment::getSVal() about OpaqueValueExprs.
This fixes a crash reported in PR9287, and also fixes a false positive involving the value of such ternary
expressions not properly getting propagated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126362 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 21206d5e3167d5e8066c005c1773afc80ff50ae6 |
24-Feb-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Implement a warning for known shift overflows on constant shift
expressions. Consider the code:
int64_t i = 10 << 30;
This compiles fine, but most developers expect it to produce the value
for 10 gigs, not -2 gigs. This is actually undefined behavior because
the LHS is a signed integer type.
The warning is currently gated behind -Wshift-overflow.
There is a special case where only the sign bit is overridden that gets
a custom error message and is by default ignored. This case is much less
likely to cause observed buggy behavior, it's just undefined behavior
according to the spec. This warning can be enabled with
-Wshift-sign-overflow.
Original patch by Oleg Slezberg, with style tweaks and some correctness
fixes by me.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126342 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
|
| 0ef473f75426f0a95635d0a9dd567d27b07dbd5b |
22-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add CStringChecker support for strncpy. Patch by Lenny Maiorani!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126188 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| be4242ce039f0542ea0dd5f234aa0ee698f90c53 |
22-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add CStringChecker support for strnlen. Patch by Lenny Maiorani!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126187 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 6b12da9f89b7863e6fc995312355b94197b75657 |
21-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix a CFGBuilder bug exposed on convoluted control-flow in the Linux kernel.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126149 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| e41721e7dfabcc15cb50be9075a4153f1ad648ea |
19-Feb-2011 |
Anders Carlsson <andersca@mac.com> |
Pass -fexceptions to all tests that use try/catch/throw.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126037 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
ead-stores.cpp
|
| b14175a5371a6c71f3b2dbe4e7aa14803ac38c54 |
19-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when analyzing C++ code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126025 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 15e310a3b970b64a84cb30f0005bc396b4d978cb |
19-Feb-2011 |
John McCall <rjmccall@apple.com> |
Warn about code that uses variables and functions with internal linkage
without defining them. This should be an error, but I'm paranoid about
"uses" that end up not actually requiring a definition. I'll revisit later.
Also, teach IR generation to not set internal linkage on variable
declarations, just for safety's sake. Doing so produces an invalid module
if the variable is not ultimately defined.
Also, fix several places in the test suite where we were using internal
functions without definitions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126016 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
isc-ps-64.m
|
| 370e6e984cc32167228b66eaf9610c010da0d794 |
19-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when analyzing C++ code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126013 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 7ff07dce18a7c693fe1a15bd7b790d8de9d21e92 |
19-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when analyzing C++ code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126007 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| b76fdf69df5f35c3af9ebe3afc72b0d3c9bf76e7 |
19-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Disable a test until inlining CXXConstructExprs is fully investigated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126006 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| 4f20de1f20ff7175433b2cc23ff4ad16778c56e1 |
18-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when analyzing C++ code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125963 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| f4699d14b03d805ad9ccaa6288836ac2a8612925 |
18-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix a crash when analyzing C++ code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125958 91177308-0d34-0410-b5e6-96231b3b80d8
xx-crashes.cpp
|
| 2d67b90a21c9c1093e6598809c2cbc832919cfe6 |
17-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism for the debugging info "checks".
The relative checker package is 'debug':
'-dump-live-variables' is replaced by '-analyzer-checker=debug.DumpLiveVars'
'-cfg-view' is replaced by '-analyzer-checker=debug.ViewCFG'
'-cfg-dump' is replaced by '-analyzer-checker=debug.DumpCFG'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125780 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
tors-in-dtor-cfg-output.cpp
nitializers-cfg-output.cpp
emp-obj-dtors-cfg-output.cpp
|
| 7dd445ec20e704846cfbdb132e56539280d71311 |
17-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on the non-path-sensitive-checkers:
DeadStoresChecker
ObjCMethSigsChecker
ObjCUnusedIvarsChecker
SizeofPointerChecker
ObjCDeallocChecker
SecuritySyntaxChecker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125779 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
SWindow.m
bjCRetSigs.m
R2978.m
nalyzer-stats.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
dar-6540084.m
ecurity-syntax-checks-no-emit.c
ecurity-syntax-checks.m
izeofpointer.c
nreachable-code-path.c
nused-ivars.m
|
| 35001ca261f895817916b468379b696d6d45959d |
17-Feb-2011 |
Chandler Carruth <chandlerc@gmail.com> |
Enhance the array bounds checking to work for several other constructs,
especially C++ code, and generally expand the test coverage.
Logic adapted from a patch by Kaelyn Uhrain <rikka@google.com> and
another Googler.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125775 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 56ca35d396d8692c384c785f9aeebcf22563fe1e |
17-Feb-2011 |
John McCall <rjmccall@apple.com> |
Change the representation of GNU ?: expressions to use a different expression
class and to bind the shared value using OpaqueValueExpr. This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait; or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.
Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.
This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here. In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.
I've tried to update the analyzer to deal with this in at least some
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125744 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| a0125d8520f65aca581378c235384e7affefa1fc |
16-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add trivial buffer overflow checking in Sema.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125640 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| 0b1ba6227c67d5e04b589ed8a08afa2345a40666 |
16-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on the apple checkers:
NilArgChecker
CFNumberCreateChecker
NSAutoreleasePoolChecker
CFRetainReleaseChecker
ClassReleaseChecker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125636 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
SString.m
etain-release-gc-only.m
etain-release.m
|
| 23ade507cecd24b03f5e4b5ebaea48eb38060262 |
15-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on some of the experimental internal checkers:
CastToStructChecker
FixedAddressChecker
PointerArithChecker
PointerSubChecker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125612 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
isc-ps-region-store.m
isc-ps.m
tr-arith.c
|
| c9f2e0f286500c7e747849b3aa9c0e67a4dc90d7 |
15-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on the IdempotentOperationChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125611 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
dempotent-operations-limited-loops.c
dempotent-operations.c
dempotent-operations.cpp
dempotent-operations.m
isc-ps-region-store.m
isc-ps.m
ull-deref-ps.c
ninit-vals-ps-region.m
|
| a0decc9a2481f938e1675b4f7bbd58761a882a36 |
15-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on some of the experimental checks. These are:
CStringChecker
ChrootChecker
MallocChecker
PthreadLockChecker
StreamChecker
UnreachableCodeChecker
MallocChecker creates implicit dependencies between checkers and needs to be handled differently.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125598 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
rray-struct-region.c
string.c
hroot.c
onstant-folding.c
alloc.c
tream.c
tring.c
nreachable-code-path.c
|
| 027a6abdd6cedc0b8203da72eed6d15c796dce9d |
15-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Use the new registration mechanism on some of the internal checks. These are:
StackAddrLeakChecker
ObjCAtSyncChecker
UnixAPIChecker
MacOSXAPIChecker
The rest have/create implicit dependencies between checkers and need to be handled differently.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125559 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
tack-addr-ps.c
tackaddrleak.c
nix-fns.c
|
| 43dee220252ef0b42c5f8a3bb1eca97f84f2565f |
14-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Overhauling of the checker registration mechanism.
-Checkers will be defined in the tablegen file 'Checkers.td'.
-Apart from checkers, we can define checker "packages" that will contain a collection of checkers.
-Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g:
Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker:
-analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit
-Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and
register them with the CheckerManager which will be the entry point for all checker-related functionality.
Currently only the self-initialization checker takes advantage of the new mechanism.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125503 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| e8350c6996170e324b31cd188d002fe5f40f54f7 |
14-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix edge case where we don't cull warnings in IdempotentOperationsChecker due to incomplete analysis of loops.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125495 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations-limited-loops.c
|
| b8b07b171041561eb28024d5b4d07227c971c0f9 |
14-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Handle 'UsingDirective' in CFGRecStmtDeclVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125491 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 020c374273ab6099acbed747a7f27aebf8f0af1d |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach the IdempotentOperations checker to ignore property setters.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125443 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.m
|
| b715a7cef11664c1c47cfc3dcc503aadc58b6cac |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125427 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| f9eb0aed2c5625827f0a212e740b8a5cce5e35e8 |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6888289>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125424 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret-region.m
|
| 148849a74781ed16c6e6f30366f9aaf1f67b1cb1 |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Also invalidate instance variables of a receiver in a message expression, just as we do with parameters.
Fixes <rdar://problem/8725041>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125422 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.m
|
| f4e532b5a1683a9f6c842f361c7415bf3474315f |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Don't emit a dead store for '++' operations unless it occurs with a return statement. We've never seen any other cases that were real bugs.
Fixes <rdar://problem/6962292>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125419 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
ead-stores.cpp
|
| 848ec83483ca4ba52ed72c7e29ebc330f8c87252 |
12-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125415 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
nreachable-code-path.c
|
| ac518ecd5204116eb976c8d77ccf2dd2c7352148 |
11-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 8646.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125401 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b7ff4c684264f9877837f75dc6e22c4a5dde0e55 |
08-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
analyzer, retain/release checker: Remove hack where objects passed in message to 'self' are no longer tracked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125130 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 0ca1040a964e6375561cc8e90d9b20ebcd6bffa8 |
05-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix a false positive of the 'self' initialization checker.
A common pattern in classes with multiple initializers is to put the
subclass's common initialization bits into a static function that receives
the value of 'self', e.g:
if (!(self = [super init]))
return nil;
if (!(self = _commonInit(self)))
return nil;
It was reported that 'self' was not set to the result of [super init].
Until we can use inter-procedural analysis, in such a call, transfer the
ObjCSelfInitChecker flags associated with 'self' to the result of the call.
Fixes rdar://8937441 & http://llvm.org/PR9094
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124940 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| c2e20d0c42cf085940c9a9cb495a7116d1b0eb07 |
03-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix a crash until we can handle temporary struct objects properly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124822 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| bf5c3acae3d6ed253048b1ec6a1e2a7ab5d65fad |
01-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add test case for dead stores checker to not flag dead assignments to 'self' within a nested assignment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124681 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| 0e2dc3a1159806c8303b0979be1ce1526cc64ed3 |
01-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Warn for "if ((a == b))" where the equality expression is needlessly wrapped inside parentheses.
It's highly likely that the user intended an assignment used as condition.
Addresses rdar://8848646.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124668 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 11fe175346242744bd9cb4040f3c84e243934134 |
27-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Wire up attributes 'ns_consumed' and 'cf_consumed' in the static analyzer's ObjC retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124386 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 9319b56154cfd9e3c781e54d2ee1c10c5858efed |
27-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Fix crash when handling dot syntax on 'super'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124376 91177308-0d34-0410-b5e6-96231b3b80d8
roperties.m
|
| 12b9434d5bf801e24242b1f6fd04899f8a7fa92c |
27-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Hook up attribute ns_consumes_self in the ObjC retain/release checker in the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124360 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| bd5a94e263137dc3ce7c100485626bae025cf58e |
26-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Enable the self-init checker under command-line option '-analyzer-check-objc-self-init' which by default
is enabled by the driver for '--analyze'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124266 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| 4717f163eb3578f5bada399dd6ced1c62847bfe4 |
26-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Improve the diagnostic for the self-init checker. Suggestion by Ted!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124263 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| eaf969bf4b657f0c4577f38a39f8c4ef1d9272fc |
26-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Do the self-init check only on NSObject subclasses. Patch by Jean-Daniel Dupas!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124249 91177308-0d34-0410-b5e6-96231b3b80d8
elf-init.m
|
| f6a19fb92556e040db2d6a7b35b504ba7ebca3bf |
25-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Don't try and symbolicate unions; we don't reason
about them yet. Fixes crash reported in PR 9049.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124228 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 937596fc25bba3ac7519e9ffff3e4fab2c97863e |
25-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Tweak wording of static analyzer diagnostic
for a block capturing the value of an uninitialized
variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124212 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| d6b8de0e7b01196bd2bee207feb81bc409a5baf9 |
25-Jan-2011 |
John McCall <rjmccall@apple.com> |
Change the wording of the bad-decl-for-attribute warning and error
to make it clear that we're talking about the declarations and not the types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124175 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c7ad38168d329d778e884a8b6400bcbed8dc85ee |
25-Jan-2011 |
John McCall <rjmccall@apple.com> |
Add the ns_consumes_self, ns_consumed, cf_consumed, and ns_returns_autoreleased
attributes for the benefit of the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124174 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 14429b918bd2f4cb52abc75546a7fe37142054ca |
25-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Handle the dot syntax for properties in the ExprEngine.
We translate property accesses to obj-c messages by simulating "loads" or "stores" to properties
using a pseudo-location SVal kind (ObjCPropRef).
Checkers can now reason about obj-c messages for both explicit message expressions and implicit
messages due to property accesses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124161 91177308-0d34-0410-b5e6-96231b3b80d8
roperties.m
|
| 14cc9451de4a9539bf79e4e5d63248c2377426db |
20-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Enhance AnalysisConsumer to also visit functions
and methods defined within 'namespace X { ... }'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123921 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| d4f482aa4d77ed2fa6dfbe60ff33599419680818 |
14-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore::EnterStackFrame() to handle
the case where the called function has fewer
formal arguments than actual arguments. This
fixes a crash in the analyzer when doing
function call inlining.
Patch by Zhenbo Xu!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123458 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| 56b1f71156db11b9c8234ca621c29213a73218e0 |
13-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Remove warning in dead stores checker for
dead stores within nested assignments. I have
never seen an actual bug found by this specific
warning, and it can lead to many false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123394 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| e17da65c5773e0285b22e33d1431b13fbcd8942c |
13-Jan-2011 |
Zhongxing Xu <xuzhongxing@gmail.com> |
CXXBaseObjectRegion is like FieldRegion. Need to blast through it when
getting the base region. This makes the RemoveDeadBindings() correct.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123375 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
|
| d074441e027471a914cbb909a7aad1d43224950f |
13-Jan-2011 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Support inlining base initializers. We still haven't got it completely right,
since the bindings are purged after they are set up. Need to investigate
RemoveDeadBindings algorithm.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123374 91177308-0d34-0410-b5e6-96231b3b80d8
ase-init.cpp
|
| 093236020718e92c8a192145def28150ed637aaf |
13-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Fix a corner case in RegionStore where we assign
a struct value to a symbolic index into array.
RegionStore can't actually reason about this,
so we were getting bogus warnings about loading
uninitialized values from the array. The solution
is invalidate the entire array when we cannot
represent the binding explicitly.
Fixes <rdar://problem/8848957>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123368 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| d7a31ba6db617e38bb064df0ab09dbd41cdfed18 |
11-Jan-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Introduce ObjCSelfInitChecker, which checks initialization methods to verify that they assign 'self' to the
result of an initialization call (e.g. [super init], or [self initWith..]) before using any instance variable or
returning 'self'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123264 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
elf-init.m
|
| 27c54e57c4a012dcdf2b40cf985b70d0b9caa69e |
11-Jan-2011 |
Ted Kremenek <kremenek@apple.com> |
Rework ExprEngine::processCFGBlockEntrance()
to use a node builder. This paves the way
for Checkers to interpose (via a "visit" method)
at the entrance to blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123217 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| f9d3cbbe07afa05c2414c7120d7141409e5a3663 |
10-Jan-2011 |
Zhongxing Xu <xuzhongxing@gmail.com> |
In C++, assignment and compound assignment operators return an lvalue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123158 91177308-0d34-0410-b5e6-96231b3b80d8
value.cpp
|
| 112c3307aaa9ae9ee6ff5c2b4f6a53b1ea3c6f19 |
04-Jan-2011 |
Fariborz Jahanian <fjahanian@apple.com> |
Fold -fobjc-nonfragile-abi2 into -fobjc-nonfragile-abi.
// rdar://8818375
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122831 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| a6b0b96e5376cd9cf182a3e240e0537feed43cde |
24-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Add basic support for pointer arithmetic in
SimpleSValBuilder. This clears up some
false positives emitted by ArrayBoundCheckerV2
due to the lack of support for pointer arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122546 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| 15a467e9e8e9bee54c9d03305b4009e530c6ba4a |
23-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
It's amazing what you find when you actually
set the RUN line correctly in a test file!
Mark a bunch of tests for ArrayBoundCheckerV2
as FIXME's, as our current lack of pointer
arithmetic handling causes these to be all
false positives/negatives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122471 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| c478a1425c055e517169220ea1c1efd857e65f52 |
23-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Add WIP prototype of a new buffer overflow
checker based on using raw (symbolic) byte offsets
from a base region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122469 91177308-0d34-0410-b5e6-96231b3b80d8
ut-of-bounds.c
|
| 250704bc525361e8612ea01f245a41a1193c13f0 |
22-Dec-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
If the unary operator is prefix and an lvalue (in C++), bind
the location (l-value) to it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122396 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 05e539175d9bac678fca8e77665e88b685729850 |
22-Dec-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
After inlining the CXXConstructExpr, bind the temporary object region to it.
This change is necessary when the variable is a const reference and we need
the l-value of the construct expr. After that, when binding the variable,
recover the lazy compound value when the variable is not a reference.
In Environment, use the value of a no-op cast expression when it has one.
Otherwise, blast-through it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122388 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| f45fbad13ee1f143a2cb6e806fefe22b48f68940 |
19-Dec-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
If the initializer is an rvalue and the variable is a const reference,
create a temporary object for it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122161 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 5eef59ee77456640a2d03bb90fc717d5a43e175d |
17-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix assertion failure in cocoa::deriveNamingConvention()
when the selector is the string 'mutable'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122046 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| af86b0c160bc998bdde2f35d526ca819d7b3a1f2 |
17-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Revise Cocoa conventions detection: 'copy' and 'mutableCopy'
only indicates the create rule if it starts
at the beginning of the method name, not
within the method name.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122036 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
etain-release.m
|
| 1bc80af703ceff3e92797f33c41634d327bf067a |
16-Dec-2010 |
John McCall <rjmccall@apple.com> |
Do lvalue-to-rvalue conversions on the LHS of a shift operator.
Fixes rdar://problem/8776586.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@121992 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
dempotent-operations.c
|
| 892697dd2287caf7c29aaaa82909b0e90b8b63fe |
16-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Start migration of static analyzer to using the
implicit lvalue-to-rvalue casts that John McCall
recently introduced. This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish. It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).
The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST. The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.
Some highlights of this patch include:
- CFG no longer requires an lvalue bit for
CFGElements
- StackFrameContext doesn't need an 'asLValue'
flag
- The "VisitLValue" path from GRExprEngine has
been eliminated.
Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@121960 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
dempotent-operations.c
ethod-call.cpp
isc-ps-region-store.cpp
eference.cpp
|
| 83300e884d0cfb78a2e8f889b65a77e6781456fe |
03-Dec-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case for r120795.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120796 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 26e10bea3d2e9d2979194890e51b98ecea165a96 |
30-Nov-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Follow through references to catch returned stack addresses, local blocks, label addresses or references to temporaries, e.g:
const int& g2() {
int s1;
int &s2 = s1; // expected-note {{binding reference variable 's2' here}}
return s2; // expected-warning {{reference to stack memory associated with local variable 's1' returned}}
}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120483 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| d976ca4fcacdd965446bcfbe8cb03b4ee67cd827 |
30-Nov-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Revert r120331 since it causes spurious warnings and a possible assertion hit when self-host.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120351 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| 8b2f01b56209f4bb7331292225c5300753880044 |
29-Nov-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Emit warnings if we are returning a reference to a local temporary.
The issue was brought to our attention by Matthieu Monrocq.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120331 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| 4fd56816e0925c04f2c92e75399f5c9018d5d6fb |
26-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Regionstore: support derived-to-base cast by creating a CXXBaseObjectRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120173 91177308-0d34-0410-b5e6-96231b3b80d8
erived-to-base.cpp
|
| 0e38d5d6775a26f8f39df353e34b0dc14c2d6cfc |
25-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
handle CXXFunctionalCastExpr in visitLValue and Environment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120143 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| 32303020d0f1a21cbcab65ae0c69a4218dc8f0fb |
24-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When getting CXXThisRegion from CXXMethodDecl, use the qualifiers. This is
to be consistent with the type of 'this' expr in the method.
此行及以下内容将会被忽略--
M test/Analysis/method-call.cpp
M include/clang/Checker/PathSensitive/GRExprEngine.h
M lib/Checker/GRCXXExprEngine.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120094 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| 99cae5b67b9711ca260e5b364a878a1a91183632 |
22-Nov-2010 |
Zhanyong Wan <wan@google.com> |
Fix PR8419. Reviewed by kremenek and xuzhongxing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119960 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| b13453bd8a91f331d0910ca95ad52aa41b52f648 |
20-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Handle CFGAutomaticObjDtor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119897 91177308-0d34-0410-b5e6-96231b3b80d8
tor.cpp
|
| b12fbc216f77bd309f8c416834b341ff43325aab |
16-Nov-2010 |
Ted Kremenek <kremenek@apple.com> |
Static analyzer: Catch calls to malloc() with
allocation sizes of 0 bytes.
Fixes PR 2899.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119364 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 9dc84c9455df2a77195147d0210c915dc1775a88 |
16-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Handle member initializer in C++ ctor.
- Add a new Kind of ProgramPoint: PostInitializer.
- Still use GRStmtNodeBuilder. But special handling PostInitializer in
GRStmtNodeBuilder::GenerateAutoTransition().
- Someday we should clean up the interface of GRStmtNodeBuilder.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119335 91177308-0d34-0410-b5e6-96231b3b80d8
nitializer.cpp
|
| e4ae4dc87fa57e3062077514964b6d75bfa1fed1 |
15-Nov-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove invalid assertion from CFG builder. When building the CFG pieces for a ternary '?' expression,
it is possible for the confluence block to only have a single predecessor due to calls to 'noreturn'
functions. Fixes assertion failure reported in PR 8619.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119284 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 948163b4986dfb5060c0dbd2e5910431640e56d1 |
15-Nov-2010 |
Ted Kremenek <kremenek@apple.com> |
Relax assertion in SValuator so that we don't crash when analyzing a call via a function pointer that
casts the return value to something completely different. While we need better reasoning here,
we should definately not crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119177 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 249c9458e2cc5b671634baefe8517d7598883a20 |
14-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Revert r118991.
Elidable CXXConstructExpr should inhibit calling destructor for temporary
that is copied, not the one created. This is because eliding copy constructor
means that the object that was to be copied will be constructed directly in
memory the copy would be constructed in.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119044 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 9a4084dc06dc1b0033c461013bee3bae74be0555 |
13-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Do not add implicit dtors for CXXBindTemporaryExpr with elidable
CXXConstructExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118991 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 29836f9e4750f1ccb72c24f661c20686507f0063 |
12-Nov-2010 |
Ted Kremenek <kremenek@apple.com> |
RegionStore/BasicStore: do not return UndefinedVal for accesses to concrete addresses; instead return UnknownVal. This
leads it up to checkers (e.g., DereferenceChecker) to guard against illegal accesses (e.g., null dereferences).
Fixes PR 5272 and <rdar://problem/6839683>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118852 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| bb0ba0bca7896e76f8ce9b709ee881cc505e4d5e |
09-Nov-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach AttrNonNullChecker about transparent unions. Fixes crash reported in <rdar://problem/8642434>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118473 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 96ede778620c7296a332eb1bba7cc6a19141bd7c |
03-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
fix test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118166 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 8599e7677e067fd01d3b2ee4c0875747d367fd8e |
03-Nov-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating destructors for temporary objects. Two cases I know of, that are not handled properly:
1. For statement: const C& c = C(0) ?: C(1) destructors generated for condition will not differ from those generated for case without prolonged lifetime of temporary,
2. There will be no destructor for constant reference member bound to temporary at the exit from constructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118158 91177308-0d34-0410-b5e6-96231b3b80d8
emp-obj-dtors-cfg-output.cpp
|
| 73a48ad77c04987730a2469ef334a752dff94894 |
02-Nov-2010 |
Douglas Gregor <dgregor@apple.com> |
Make my test case test what it meant to
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117974 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| 90d26a4afdbf6d917a5241ef3b316e1c8337c9b8 |
02-Nov-2010 |
Douglas Gregor <dgregor@apple.com> |
Teach the CStringChecker and PthreadLockChecker about non-identifier
declaration names, from Jim Goodnow II!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117970 91177308-0d34-0410-b5e6-96231b3b80d8
perator-calls.cpp
|
| 7ce351db56fbce162a3b650518ce05b5c61ebf36 |
01-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Now initializer of C++ record type is visited as block-level expr.
Let the destination of AggExprVisitor be an explicit MemRegion.
Reenable the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117908 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| 81bc7d07b701042371a5723b6f394cd2482ed7be |
01-Nov-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make all CXXConstructExpr's block-level expressions. This is required by
method inlining. Temporarily fail a test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117907 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
nitializers-cfg-output.cpp
ethod-call.cpp
|
| 739830d278b0a174edc59edcfedaecec53d36e3f |
31-Oct-2010 |
Zhanyong Wan <wan@google.com> |
Make Clang static analyzer skip function template definitions. This fixes Clang PR 8426, 8427, & 8433. Reviewed by Ted Kremenek and Doug Gregor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117853 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 74faec22ec84c54bcbd82cb6c48b72cb466b945f |
29-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't flag idempotent '+' or '-' warnings for pointer arithmetic (typically false positives).
Fixes <rdar://problem/8601243>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117635 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| cf38af20ebf829c9808245ab0ed323b08600fbc9 |
28-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/8356342>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117525 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| ed50a8a7a8b5fbb5d365b39c81ec389e19e4360e |
28-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't warn about unamed bitfield ivars in the ObjCUnusedIvarsChecker. Fixes <rdar://problem/8481311>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117521 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| a1898ddd5d0e46330898930b9185b628b5cede63 |
27-Oct-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr
containing a DoStmt, and the LHS doesn't create a new block, then we should
return RBlock. Otherwise we'll incorrectly return NULL.
Also relax an assertion in VisitWhileStmt(). Reset 'Block' when it is finished.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117436 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| c1143e598d6f2d8da045888298a9893a84e678df |
26-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix lazy symbolication bug in RegionStore involving fields of global variables. When invalidated, the entire
globals memory space gets assigned a symbolic value, but that value was not being used for lazy symbolication
of fields of globals. This could result in cases where bogus null dereferences were being reported.
Fixes PR 8440.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117336 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 646c3c3beaf71fc64453d766dff22024dd5e0409 |
26-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak null dereference checker to give better diagnostics for null dereferences resulting from array accesses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117334 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
list-output-alternate.m
|
| 0d4f7671882a4e902f12504b46eb486dfbf58515 |
25-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Add check for UnknownVals for mutexes in ObjCAtSyncChecker. Fixes crash reported in PR 8458.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117300 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 8c5e5d6d8a316af5a9842169f541cac49717887d |
25-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generation of destructors for member constant size arrays.
There's only one destructor call generated for each not empty array (at least for now this should be enough).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117252 91177308-0d34-0410-b5e6-96231b3b80d8
tors-in-dtor-cfg-output.cpp
|
| b1c52870b8c2feaa7cd112295368bec53af490a0 |
25-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generation of destructors for constant size arrays.
There's only one destructor call generated for each not empty array (at least for now this should be enough).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117251 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 2127eccbe15fd3b1b29aa53ccedd2e0f55ad27f9 |
23-Oct-2010 |
Anders Carlsson <andersca@mac.com> |
Warn if a variable marked with the "unused" attribute is used. Patch by Darin Adler!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117184 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6442306-1.m
|
| f50595df931bde89e3acd3ec18e4c7e41aa80852 |
23-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix a horrible bug in all dataflow analyses that use CFGRecStmtVisitor (including live variables analysis).
We shouldn't recurse into CompoundStmts since they are already inlined in the CFG. This could result in
bogus dead stores warnings (among other things).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117162 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| 1adee4b62016e7db899019b1d5a63c30bd61af06 |
21-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak the ObjCAtSyncChecker to assume that a mutex is non-nil after checking that it is
nil. Otherwise we can get false paths where a second @synchronized using the mutex
can have a bogus warning. Fixes <rdar://problem/8578650>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117016 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 6648e5d387b5402eae6a597bd46709ac445b4156 |
19-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
"Fix" bogus idempotent operations warning due to loop unrolling not unrolling enough loops to show that an invariant
doesn't hold. This fix is to increase the loop unrolling count to 4, which experiments show doesn't typically impact
analysis time. The real fix is to modify the IdempotentOperationsChecker to suppress warnings where an analysis point
could be preceded by a point where we gave up due to loop unrolling.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@116769 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations-limited-loops.c
|
| abf517c523985f20bb6458e0aa1afad434de3244 |
16-Oct-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak retain/release checker diagnostics to specify a leak occurs because an object is not referenced later in the path,
not that it isn't referenced later in the code. Fixes <rdar://problem/8527839>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@116636 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| 1c9e6b1bad53486efd12564f76e960efd0d9dd61 |
10-Oct-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add experimental chroot check which checks improper use of chroot(). Patch by
Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@116163 91177308-0d34-0410-b5e6-96231b3b80d8
hroot.c
|
| 4895b9cf34b26b20e674a88fa8104489e1d06812 |
07-Oct-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
UnreachableCodeChecker cleanup and improvements
- Fixed some iterator style issues
- Don't process blocks that have been visited already
- Fixed a case where a unreachable block cycle was not reported
- Minor test case changes
- Added one test case from flow-sensitive version of the check. More coming.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115861 91177308-0d34-0410-b5e6-96231b3b80d8
nreachable-code-path.c
|
| 7c625d8ffc20b92fff9e1690cd2484fcb6498183 |
05-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added support for base and member destructors in destructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115592 91177308-0d34-0410-b5e6-96231b3b80d8
tors-in-dtor-cfg-output.cpp
|
| 82bc3fd823d85ee3ef9a641c0975b6ad25f55047 |
04-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added support for C++ initializers in CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115493 91177308-0d34-0410-b5e6-96231b3b80d8
nitializers-cfg-output.cpp
|
| 0e97bcbee9d5f7735edecbccfb5031a2f065f286 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating CFGAutomaticObjDtors for exception variable in catch statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115266 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 47575f1f775f5f250be4f395fa694a7274a65f33 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating CFGAutomaticObjDtors for init statement, condition variable and implicit scope in for statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115265 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 8ae6058cecba902c0069c24bdc9c26d475559291 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
dded generating CFGAutomaticObjDtors for condition variable and implicit scopes in switch statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115264 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 05adedcb5e199e377e35f576288caf5ceed40136 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in while and do statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115262 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 04e046cbf7153fc261d730d460f081322d5c42f6 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in if statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115256 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| fcb72ac985c26372315fabc08d43d6f66ff906b4 |
01-Oct-2010 |
Marcin Swiderski <marcin.sfider@gmail.com> |
Added:
- Adding LocalScope for CompoundStmt,
- Adding CFGAutomaticObjDtors for end of scope, return, goto, break, continue,
- Regression tests for above cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115252 91177308-0d34-0410-b5e6-96231b3b80d8
uto-obj-dtors-cfg-output.cpp
|
| 61238746aac026c5d644bdce4fc54b534b677c2f |
30-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak nil receiver checker to not warning about 64-bit return values.
Fixes: <rdar://problem/7513117>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115113 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 1b2ad2fd9e2d5352144481aa1fd995d333d9adc9 |
20-Sep-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Revert r114316, -Wunused-value enabled by default was intended.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114318 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
isc-ps.m
|
| 6dff2288a8054bdbc97217568e5831bcce809db8 |
19-Sep-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Make -Wunused-value off by default, matching GCC. Fixes rdar://7126194.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114316 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
isc-ps.m
|
| 8f3b834471b158d65d490e3458fa16ba659ec105 |
15-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Relax assertion in CFG builder when processing ForStmts. This fixes an assertion failure
on code containing GNU statement expressions reported in PR 8141.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113953 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 02282acd7a42d06a3178e3102d34a585bd82dd9f |
15-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Disallow the use of UnknownVal as the index for ElementRegions. UnknownVals can be used as
the index when the value evaluation isn't powerful enough. By creating ElementRegions with
UnknownVals as the index, this gives the false impression that they are the same element, when
they really aren't. This becomes really problematic when deriving symbols from these regions
(e.g., those representing the initial value of the index), since two different indices will
get the same symbol for their binding.
This fixes an issue with the idempotent operations checker that would cause two indices that
are clearly not the same to make it appear as if they always had the same value.
Fixes <rdar://problem/8431728>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113920 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 555c77a27672186242019b38edac498ac9579b19 |
15-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't divide-by-zero in RegionStoreManager::getSizeInElements() when getting the size of a VLA. We don't track VLA extents yet,
but we should at least not crash. Fixes <rdar://problem/8424269>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113888 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 44f8ef13a3af125eecd408d0fad79a4a1eda5366 |
14-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix CFGBuilder crash reported in PR 8141.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113826 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 0853c7f840ee8e23c8271572e73ebab3d26b8fd5 |
10-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Polish diagnostics for null dereferences via ObjC ivar accesses. Finishes up <rdar://problem/6352035>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113612 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 4f6aa77fda986a9ecd453460ef3ec797bedaaa7d |
10-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6351970> rule request: warn if @synchronized mutex can be nil
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113573 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 52d861ce41ce84d8389495ea78d97bcc962ac5ba |
10-Sep-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Added AnalyzerStatsChecker, a path sensitive check that reports visitation statistics about analysis. Running clang with the -analyzer-stats flag will emit warnings containing the information. We can then run a postanalysis script to take this data and give useful information about how much the analyzer missed in a project.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113568 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzer-stats.c
|
| 818b433a943653b329df56bdaa1b18385603d2bd |
10-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Clean up obtuse wording of checker diagnostic of using an uninitialized value in a function call.
Fixes: <rdar://problem/8409480> “warning: Pass-by-value argument in function call is undefined” message can be improved
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113554 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
isc-ps.m
ull-deref-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
|
| 61f52bd3c524268e25b48a1ed3730aedd6cc8374 |
09-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Use FindReportInEquivalenceClass to identify all the nodes used for the trimmed graph (in BugReporter). This fixes a problem where a leak that happened to occur on both an exit() path and a non-exit() path was getting reported with the exit() path (which users don't care about).
This fixes:
<rdar://problem/8331641> leak reports should not show paths that end with exit() (but ones that don't end with exit())
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113524 91177308-0d34-0410-b5e6-96231b3b80d8
list-output-alternate.m
|
| 96ebad66c451d79c9f57b1edb31efaeeb23b9a01 |
09-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename GRState::getSVal() -> getRawSVal() and getSimplifiedSVal() -> getSVal().
The end result is now we eagarly constant-fold symbols in the analyzer that are perfectly constrained
to be a constant value. This allows us to recover some path-sensitivity in some cases by lowering
the required level of reasoning power needed to evaluate some expressions.
The net win from this change is that the false positive in PR 8015 is fixed, and we also
find more idempotent operations bugs.
We do, however, regress with the BugReporterVisitors, which need to be modified to understand
this constant folding (and look past it). This causes some diagnostic regressions in plist-output.m
which will get addressed in a future patch. plist-output.m is now marked XFAIL, while
plist-output-alternate.m now tests that the plist output is working, but with the suboptimal
diagnostics. This second test file will eventually be removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113477 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
isc-ps-region-store.m
list-output-alternate.m
list-output.m
|
| 977a58a8fd16bccfbc11b5c4c70b869fded9f8b9 |
09-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Include test case for <rdar://problem/5880430>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113458 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 8205c1a5c623a418f06789f222183ed5040ff4c9 |
08-Sep-2010 |
John McCall <rjmccall@apple.com> |
Put the tautological-comparison-of-unsigned-against-zero warnings in
-Wtautological-compare instead of -Wsign-compare, which also implies turning
them on by default.
Restoration of r112877.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113334 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
ull-deref-ps.c
|
| c79f767941fdfedb02d20296a042ad951a593890 |
08-Sep-2010 |
Daniel Dunbar <daniel@zuster.org> |
tests: Use -ffreestanding when including stdint.h, to avoid platform dependencies.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113301 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
|
| 02b49bb23273f3488a47f8abadf0ec7a98429d1f |
07-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix null pointer dereference in StreamChecker::Fseek (reported in PR 8081) and simplify surrounding checking logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113282 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| 84c24ed29e0bb37fc06a584e0df5bdfbe49efc8f |
07-Sep-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Re-enabled truncation/extension checking in IdempotentOperationChecker and added a test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113269 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 58f9e13e87e57236fee4b914eea9be6f92a1c345 |
05-Sep-2010 |
Chris Lattner <sabre@nondot.org> |
make clang print types as "const int *" instead of "int const*",
which is should have done from the beginning. As usual, the most
fun with this sort of change is updating all the testcases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113090 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
xercise-ps.c
ninit-vals.c
|
| 5d1d7ae120c2c8e6cba5d2a712b33500a5aecc10 |
03-Sep-2010 |
Anders Carlsson <andersca@mac.com> |
Get rid of the "functions declared 'noreturn' should have a 'void' result type" warning.
The rationale behind this is that it is normal for callback functions to have a non-void return type
and it should still be possible to mark them noreturn. (JavaScriptCore is a good example of this).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112918 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 40bfbbc8a56bb1cff136c8cd44ced7e673f21a5e |
03-Sep-2010 |
John McCall <rjmccall@apple.com> |
sabre points out that the timing here is pretty pessimal; I'll retry the
experiment in a few days.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112882 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
ull-deref-ps.c
|
| 51b0a52cc42d5c76ad96cde924c2130e36b46dca |
03-Sep-2010 |
John McCall <rjmccall@apple.com> |
Experimentally move the tautological comparison warnings from -Wsign-compare
to -Wtautological-compare. This implies that they're now on by default.
If this causes chaos, I'll figure something else out.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112877 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
ull-deref-ps.c
|
| 6610e7ee74ba1e7c4d8d113b71d1f20ae3a37a43 |
02-Sep-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Tweak test case. 'int' would introduce out-of-bound issues. We focus on array
index constraints in this case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112794 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 79d73044b7d0adfbd18ee34285395e1d5135f662 |
02-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
For GRExprEngine::EvalBind() (and called visitors), unifiy StoreE and AssignE. Now StoreE (const Stmt*) represents the expression where the store took place, which is the assignment expression if it takes place in an assignment. This removes some conceptual dissidence as well as removes an extra parameter from the Checker::PreVisitBind() visitor. It also improves ranges and source location information in analyzer diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112789 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| ab9f13e73d951accb5a028783032ce8a695e8048 |
02-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Add yet another test case for PR 8015, showing how reasoning over symbolic indices should exactly resolve over multiple index possibilities (and thus suppress the false positive in the test).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112770 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 19c74a05c44c9e9966961975992ee1555d556d45 |
02-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Add another test case for PR 8015, here with the array index being within a valid range and not just a single constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112769 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 41be967969b060d7192411665138de539d59d93b |
02-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work). This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112766 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 1e4a32acfad6a9f4cf555fdbc5c6c44c558b9fcb |
02-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't assert in the analyzer when analyze code does a byte load from a function's address. Fixes PR 8052.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112761 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| f69cf18aa240b038dfd89f249e63f4cc6e1c5f65 |
01-Sep-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't assert in CastSizeChecker when the casted-to pointee is an incomplete type. Fixes PR 8050.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112738 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| a427f1d8f0848997029d1bdc0c5c137f982f775d |
31-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Explicitly handle CXXOperatorCallExpr when building CFGs. We should treat it the same as CallExprs.
Fixes: <rdar://problem/8375510> [Boost] CFGBuilder crash in Boost.Graph
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112618 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 5722b148e886dd08ef7ee49f033ebe4fd21b1b5e |
31-Aug-2010 |
Douglas Gregor <dgregor@apple.com> |
Revert my lame attempt at appeasing the CFGBuilder
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112580 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 35fe7eeb1284ed786ed647b34fa01fc18646b3c7 |
31-Aug-2010 |
Douglas Gregor <dgregor@apple.com> |
Teach the CFGBuilder not do die on CXXBindTemporaryExpr, CXXOperatorCallExpr. Fixes a Boost.Graph crasher.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112578 91177308-0d34-0410-b5e6-96231b3b80d8
emporaries.cpp
|
| 6216dc0c5b9071b4c10f78718a64ca916c00a384 |
30-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Adjusted the semantics of assign checking in IdempotentOperationChecker
- Fixed a regression where assigning '0' would be reported
- Changed the way self assignments are filtered to allow constant testing
- Added a test case for assign ops
- Fixed one test case where a function pointer was not considered constant
- Fixed test cases relating to 0 assignment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112501 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
dempotent-operations.c
isc-ps-region-store.m
isc-ps.m
|
| 9edd4d0f73b81baaa7153982bf716949a5b1b926 |
28-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Added checking of (x == x) and (x != x) to IdempotentOperationChecker and updated test cases flagged by it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112313 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
ull-deref-ps.c
|
| 6d0e6ce200aa06b06f0e9b493ed365bbe2982cee |
28-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Enabled relaxed LiveVariables analysis in the path-sensitive engine to increase the coverage of bugs. Primarily affects IdempotentOperationChecker.
- Migrated a temporarily separated test back to its original file (bug has been fixed, null-deref-ps-temp.c -> null-deref-ps.c)
- Changed SymbolManager to use relaxed LiveVariables
- Updated several test cases that the IdempotentOperationChecker class now flags
- Added test case to test relaxed LiveVariables use by the IdempotentOperationChecker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112312 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
dempotent-operations.c
isc-ps-region-store.m
isc-ps.m
ull-deref-ps-temp.c
ull-deref-ps.c
|
| 34feff654c6304e0a59ceb1376989d28dbc956ff |
27-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix horrible GRExprEngine bug where switch statements with no 'case:' statements would cause the path to get prematurely aborted. Fixes <rdar://problem/8360854>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112233 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 967fea6cd9ae60ea31d27d440967990d2c705729 |
26-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Improved the handling of blocks and block variables in PseudoConstantAnalysis
- Removed the assumption that __block vars are all non-constant
- Simplified some repetitive code in RunAnalysis
- Added block walking support
- Code/comments cleanup
- Separated out test for block pseudoconstants
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@112098 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| ef52bcb606c73950139a775af61495f63fbc3603 |
24-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Improvements to IdempotentOperationChecker and its use of PseudoConstantAnalysis
- Added wasReferenced function to PseudoConstantAnalysis to determine if a variable was ever referenced in a function (outside of a self-assignment)
- BlockDeclRefExpr referenced variables are now explicitly added to the non-constant list
- Remove unnecessary ignore of implicit casts
- Generalized parameter self-assign detection to detect deliberate self-assigns of variables to avoid unused variable warnings
- Updated test cases with deliberate self-assignments
- Fixed bug with C++ references and pseudoconstants
- Added test case for C++ references and pseudoconstants
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111965 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
dempotent-operations.c
dempotent-operations.cpp
dar-6541136-region.c
dar-6541136.c
|
| 823894110e6f161a29450dbdea44ab987cfe16bb |
23-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Modified pseudoconstant test case to make it a bit clearer and fix a missing line
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111833 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| db34ab70961ca4b24b600eb47053d7af304659f5 |
23-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Several small changes to PseudoConstantAnalysis and the way IdempotentOperationChecker uses it.
- Psuedo -> Pseudo (doh...)
- C++ reference support
- Added pseudoconstant test case for __block vars
- Separated out static local checking from pseudoconstant analysis and generalized to non-local checking
- Added missing test cases for storage false positives
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111832 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 59b6dca7e5160d6f2aff42b1cf077d1cbd64e330 |
20-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
Handle nested compound values in BindArray for multidimensional arrays. Fixes PR7945.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111602 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
|
| 58f281f7d54976f23ed4fa23a10ff1ab9c7037fe |
19-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Add warning for functions/blocks that have attribute 'noreturn' but return a non-void result. (<rdar://problem/7562925>)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111492 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 245adabd97c8c770c13935a9075f2243cc6f1d57 |
18-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Added psuedo-constant analysis and integrated it into the false positive reduction stage in IdempotentOperationChecker.
- Renamed IdempotentOperationChecker::isConstant to isConstantOrPseudoConstant to better reflect the function
- Changed IdempotentOperationChecker::PreVisitBinaryOperator to only run 'CanVary' once on undefined assumptions
- Created new PsuedoConstantAnalysis class and added it to AnalysisContext
- Changed IdempotentOperationChecker to exploit the new analysis
- Updated tests with psuedo-constants
- Added check to IdempotentOperationChecker to see if a Decl is const qualified
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111426 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
dempotent-operations.c
ull-deref-ps.c
|
| 334c19566104d3333cf662f0017088a18eddfa81 |
17-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix horrible CFG bug caused by a series of NullStmts appearing at the beginning of a do...while loop. This would cause
the body of the DoStmt to be disconnected from the preceding code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111283 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 50e8ac2369951d200e0d3849465d481f20fbdb62 |
16-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Added basic psuedoconstant checking in IdempotentOperationChecker and fixed some test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111190 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| e64f311c11a8751867c2538807054f4817c1f5cb |
16-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
Model the effects of strcpy() and stpcpy() in CStringChecker. Other changes:
- Fix memcpy() and friends to actually invalidate the destination buffer.
- Emit a different message for out-of-bounds buffer accesses if the buffer is being written to.
- When conjuring symbols, let ValueManager figure out the type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111120 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
tring.c
|
| e701117b21356d3c60133315b5bdd50232ec6cca |
16-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
- Allow making ElementRegions with complex offsets (expressions or symbols) for the purpose of bounds-checking.
- Rewrite GRState::AssumeInBound to actually do that checking, and to use the normal constraint path.
- Remove ConstraintManager::AssumeInBound.
- Teach RegionStore and FlatStore to ignore those regions for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111116 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| a5261549754fab80e30e893d8fa706bfb31e430a |
14-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
Update CStringChecker to take advantage of the new metadata symbols and region change callback. Now does basic tracking of string length for general regions. Currently this is still only used for modeling strlen().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111081 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| 8556cc44af71f6147e1a821489b56f35acadea3f |
14-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
Add a test for alloca region extents.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@111079 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| a7a8a450d908b34fa5f569f2e694ebd4b61aae2f |
13-Aug-2010 |
Tom Care <tom.care@uqconnect.edu.au> |
Improved IdempotentOperationChecker false positives and false negatives.
- Unfinished analysis may still report valid warnings if the path was completely analyzed
- New 'CanVary' heuristic to recursively determine if a subexpression has a varying element
- Updated test cases, including one known bug
- Exposed GRCoreEngine through GRExprEngine
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110970 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
dempotent-operations.c
ull-deref-ps-temp.c
ull-deref-ps.c
|
| a277e7764bbe2752f900bf595654f9ad433f3961 |
09-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
Allow EvalBinOpNN to handle expressions of the form $a+$b if $b can be reduced to a constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110592 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 1fafd1d96419f587763d1b81332d8f476aeace2e |
07-Aug-2010 |
Tom Care <tcare@apple.com> |
Removed IdempotentOperationChecker from default analysis and returned back to a flag (-analyzer-check-idempotent-operations)
- Added IdempotentOperationChecker to experimental analyses for testing purposes
- Updated test cases to explictly call the checker
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110482 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
ninit-vals-ps-region.m
|
| a87b1eb7f1ef233cd8739ea6052f3375751376e2 |
06-Aug-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110408 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| b6a4026de13909c2b145166ae0b7d96cf1948f64 |
06-Aug-2010 |
Jordy Rose <jediknil@belkadan.com> |
When checking if a buffer access is valid, first make sure the buffer has a valid Loc. Fixes PR7830.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110390 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| 0600918d1418c2eac2c96491637946206009c4de |
05-Aug-2010 |
Tom Care <tcare@apple.com> |
Fixed logic error in UnreachableCodeChecker's marking algorithm that would sometimes allow for multiple sequential statements to be flagged.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110353 91177308-0d34-0410-b5e6-96231b3b80d8
nreachable-code-path.c
|
| 4019c4f692e7b8b2d7a7b6a377c78337596052e4 |
05-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Correctly handle 'Class<...>' when examining Cocoa conventions in the static analyzer. Fixes a crash reported in <rdar://problem/8272168>. Patch by Henry Mason!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110289 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 68957a919084ab8bbd1f01d534db1d6f31d0f459 |
04-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach SemaChecking::CheckReturnStackAddr about ImplicitCastExprs that convert values to an lvalue. This allows us to warn (again) about returning references to stack variables. (fixes PR 7812).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110242 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.cpp
|
| 074ae35bb156bd379cb9bc0b1b85d76e164a1776 |
02-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix idempotent operations false positive caused by ivars not being invalidated in function
calls when the enclosing object had retain/release state. Fixes <rdar://problem/8261992>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110068 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| 80776387c299a40f32dc95246bef0098bee8d6dc |
02-Aug-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/8258814>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110058 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 7caf9b369cba6edaf6eac25121cbc65ee938f14d |
02-Aug-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Improve flat store: MemRegion::getAsOffset() computes a region's offset within
the top-level object. FlatStore now can bind and retrieve element and field
regions.
PR7297 is fixed by flat store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@110020 91177308-0d34-0410-b5e6-96231b3b80d8
lat-store.c
|
| b60a77e453d32db0ab1914d28e175c2defc0eb65 |
01-Aug-2010 |
John McCall <rjmccall@apple.com> |
Only run the jump-checker if there's a branch-protected scope *and* there's
a switch or goto somewhere in the function. Indirect gotos trigger the
jump-checker regardless, because the conditions there are slightly more
elaborate and it's too marginal a case to be worth optimizing.
Turns off the jump-checker in a lot of cases in C++. rdar://problem/7702918
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109962 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| dd0e490c24aeade2c59ca4cae171199f6af9f02e |
31-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
After a lengthy design discussion, add support for "ownership attributes" for malloc/free checking. Patch by Andrew McGregor!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109939 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| d85770b4ef71cf9168deb9a73f6a97d5cff1db29 |
30-Jul-2010 |
Tom Care <tcare@apple.com> |
Test case for PR7763.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109895 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| 23b736e159e72f0237a888a6d4f7319d7e9e8867 |
29-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Move new test (that requires RegionStore) into its own file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109736 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct-region.c
rray-struct.c
|
| 167cc379756e525bdf5b6b722fd78d415ed0eb2c |
29-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Use a LazyCompoundVal to handle initialization with a string literal, rather than copying each character.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109734 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 741b9be084a61b4d5eb9b626f7f75949cfda3b11 |
29-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach GRExprEngine::VisitLValue() about FloatingLiteral, ImaginaryLiteral, and CharacterLiteral. Fixes an assertion failure reported in PR 7675.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109719 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 281e9dc6ba6ff10bf910b0fc8898dff2a429f156 |
29-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Augment RegionStore::BindStruct() to bind symbolicated struct values. This fixes a false path issue reported in <rdar://problem/8243408> and also spurs another cause where the idempotent operations checker fires.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109710 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
ninit-vals-ps-region.m
|
| 7bce3a122296eba0e74f401c188e55c71935132f |
28-Jul-2010 |
Tom Care <tcare@apple.com> |
Added some false positive checking to UnreachableCodeChecker
- Allowed reporting of dead macros
- Added path walking function to search for false positives in conditional statements
- Updated some affected tests
- Added some false positive test cases
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109561 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
string.c
onstant-folding.c
tring.c
nreachable-code-path.c
|
| 3e5637f8a1c5b3cc3fa9d4e33a5763883ea97fc6 |
27-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Finesse 'idempotent operations' analyzer issues to include the opcode of the binary operator for clearer error reporting. Also remove the 'Idempotent operation' prefix in messages; it's redundant since the bug type is the same.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109527 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
ead-stores.c
dempotent-operations.c
isc-ps.m
ull-deref-ps.c
dar-6541136-region.c
dar-6541136.c
|
| 5e04bdde8e74d991feffe9cf95d731f7e473dbb7 |
27-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Don't warn about unreachable code if the block starts with __builtin_unreachable().
The next step is to warn if a block labeled unreachable is, in fact, reachable. Somewhat related to PR810.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109487 91177308-0d34-0410-b5e6-96231b3b80d8
nreachable-code-path.c
|
| 19c5dd120e42b1ba0642309a185c70f4a41aadbd |
27-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Groundwork for C string length tracking. Currently only handles the length of constant string literals, which is not too helpful, and only calls to strlen() are checked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109480 91177308-0d34-0410-b5e6-96231b3b80d8
tring.c
|
| c4b5bd89e1ef611c7a31b767763030acc45274c8 |
24-Jul-2010 |
Tom Care <tcare@apple.com> |
Added an path-sensitive unreachable code checker to the experimental analyzer checks.
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109286 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
string.c
alloc.c
nreachable-code-path.c
|
| 766c20130dc6b960be420483a168c82a66b5bb7b |
23-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add FILE* leak check to StreamChecker. Patch by Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109225 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| 47dc37f1efa6942366dd61c4acb0c874049dd1e0 |
22-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This patch adds support for tmpfile in StreamChecker. Patch by Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@109106 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| c6a36ff1d5769feb95841d934ae85159e23b9def |
19-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
fix test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108671 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| 9843ba9be3560f7b283a6b5a927e4620cfce897d |
19-Jul-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add double close check to StreamChecker. Patch by Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108669 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| cb07788e20f63ee61862af1c5ee711d9f4c5bf0e |
17-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix '<rdar://problem/8202272> __imag passed non-complex should not crash' by removing a bogus assertion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108602 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 453293109e670824d84e94c0c2891737e3261f1f |
17-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix APFloat assertion failure in IdempotentOperationChecker resulting in having
an APFloat with different "float semantics" than the compared float literal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108590 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| df4ca423ec7d9b62842e112d1b824faa08b64810 |
16-Jul-2010 |
Tom Care <tcare@apple.com> |
Improved false positive rate for the idempotent operations checker and moved it into the default path-sensitive analysis options.
- Added checks for static local variables, self assigned parameters, and truncating/extending self assignments
- Removed command line option (now default with --analyze)
- Updated test cases to pass with idempotent operation warnings
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108550 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
ead-stores.c
dempotent-operations.c
isc-ps.m
ull-deref-ps.c
dar-6541136-region.c
dar-6541136.c
|
| 184aa4e6ded190bfb3bbe207040467f8d7e28a04 |
12-Jul-2010 |
Chris Lattner <sabre@nondot.org> |
fix PR7280 by making the warning on code like this:
int test1() {
return;
}
default to an error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@108108 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| d325ffb9cbd26b6a3f219d115191d9a00b6dea8c |
09-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Cleanup in CStringChecker. Now properly bifurcates the state for zero/nonzero sizes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107935 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| bc56d1f6e2288aea9546b2380c71288939d688ca |
07-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Add memcmp() and bcmp() to CStringChecker. These check for valid access to the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107761 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| a6b808c6ba57723b997da2ef7a4a8cf48fbc2ba8 |
07-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Cleanup on CStringChecker and its associated tests. Also check for null arguments...which are allowed if the access length is 0!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107759 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| 8b5dec3002bd3e17061a8bf1fc35ba82912ec768 |
07-Jul-2010 |
Chris Lattner <sabre@nondot.org> |
implement PR7569, warning about assignment to null, which
people seem to write when they want a deterministic trap.
Suggest instead that they use a volatile pointer or
__builtin_trap.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107756 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 925198d693a0cf874452adcc2a8de1cb3d86992e |
07-Jul-2010 |
Tom Care <tcare@apple.com> |
Fix idempotent operations test command line arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107735 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| ccbf7eebc8425429e8fd9f9124770f86a74864eb |
07-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Add a new path-sensitive checker for functions in <string.h>, for both null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107722 91177308-0d34-0410-b5e6-96231b3b80d8
string.c
|
| db2fa8a7eb67b1e8f32a590b8e000e1259cff91a |
06-Jul-2010 |
Tom Care <tcare@apple.com> |
Added a path-sensitive idempotent operation checker (-analyzer-idempotent-operation). Finds idempotent and/or tautological operations in a path sensitive context, flagging operations that have no effect or a predictable effect.
Example:
{
int a = 1;
int b = 5;
int c = b / a; // a is 1 on all paths
}
- New IdempotentOperationChecker class
- Moved recursive Stmt functions in r107675 to IdempotentOperationChecker
- Minor refactoring of SVal to allow checking for any integer
- Added command line option for check
- Added basic test cases
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107706 91177308-0d34-0410-b5e6-96231b3b80d8
dempotent-operations.c
|
| b829d72294b029ef1aff54052cae9890400071be |
06-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Oops, tabs --> spaces in test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107634 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 61fb55c87909bd749a367f7c12b302e39aa3e392 |
06-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Improve NULL-checking for CFRetain/CFRelease. We now remember that the argument was non-NULL, and we report where the null assumption came from (like AttrNonNullChecker already did).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107633 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| b7e3aabf8f0fe4210d6a0aaec8a2b5770cab9186 |
05-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Support sizeof for VLA expressions (sizeof(someVLA)). sizeof(int[n]) still unimplemented. A VLA region's sizeof value matches its extent.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107611 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 52e04c537633377fb14cfa4fa3c95e3e510fc942 |
05-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Track extents for VLAs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107603 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 32f2656b90900ac04c4b50e87c16749d0ceb9ef2 |
04-Jul-2010 |
Jordy Rose <jediknil@belkadan.com> |
Add a new symbol type, SymbolExtent, to represent the extents of memory regions that may not be known at compile-time (such as those created by malloc). This replaces the old setExtent/getExtent API on Store, which used the GRState's GDM to store SVals.
Also adds a getKnownValue() method to SValuator, which gets the integer value of an SVal if it is known to only have one possible value. There are more places in the code that could be using this, but in general we want to be dealing entirely in SVals, so its usefulness is limited.
The only visible functionality change is that extents are now honored for any DeclRegion, such as fields and Objective-C ivars, rather than just variables. This shows up in bounds-checking and cast-size-checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107577 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
utofbound.c
dar-6442306-1.m
|
| dcee3ce97fc76f20ce8f5a7451071e3dec537073 |
01-Jul-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 7475 by enhancing the static analyzer to also invalidate bindings for non-static global variables
when calling a function/method whose impact on global variables we cannot accurately estimate.
This change introduces two new MemSpaceRegions that divide up the memory space of globals, and causes
RegionStore and BasicStore to consult a binding to the NonStaticGlobalsMemSpaceRegion when lazily
determining the value of a global.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107423 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 25973455aed1cdc9c40b208c792b5db4f8f1297d |
30-Jun-2010 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Fix rdar://8139785 "implement warning on dead expression in comma operator"
As a bonus, fix the warning for || and && operators; it was emitted even if one of the operands had side effects, e.g:
x || test_logical_foo1();
emitted a bogus "expression result unused" for 'x'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107274 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| a274148a5cf85f758e469d5785fb72736f93f58b |
30-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@107236 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| eac4a00e1d93aa963903031ed76425c231f0f0b9 |
28-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Pointer comparisons (and pointer-pointer subtraction). Basically filling in SimpleSValuator::EvalBinOpLL().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106992 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
tr-arith.c
|
| 5ca129c2558a13d7d4b2b76fee8404bc07466ce9 |
27-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Implicitly compare symbolic expressions to zero when they're being used as constraints. Part of PR7491.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106972 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 4d912b24b393fe6b7422e5502f3a330cbdc5c6b7 |
26-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
When a constant size array is casted to another type, its length should be scaled as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106911 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
utofbound.c
|
| a006342c8650738c7e3547a1a0a70334608c5db6 |
26-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Add dead stores C++ test case that was previously asserting due to an
invalid source range for CXXNewExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106904 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| c4a1437c15da43eb8d2601cdce13161ef41a4389 |
25-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix -analyze-display-progress (once again), this time with an additional regression test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106883 91177308-0d34-0410-b5e6-96231b3b80d8
nalyze_display_progress.c
|
| 0b495cdb1939f8b9e8a470e138dba5204872c38c |
25-Jun-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
A bug I've introduced in STDIN handling surfaced a few broken tests, fix them.
Lexer/hexfloat.cpp is now XFAIL'd, I'd appreciate if someone could look into it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106840 91177308-0d34-0410-b5e6-96231b3b80d8
dar-7168531.m
|
| 0c2e8c87f18e861cb48965784e20b9292fb70b60 |
24-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add check for illegal whence argument of fseek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106742 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| 7197d40a649e1304805850c516e0d2fb8a2a7664 |
24-Jun-2010 |
Benjamin Kramer <benny.kra@googlemail.com> |
Don't depend on system headers in clang -cc1 tests.
The constant was copied from clang's limits.h.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106732 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.c
|
| 1860dc48144d56a155a966efde6f93e4bf09d28a |
23-Jun-2010 |
Daniel Dunbar <daniel@zuster.org> |
Revert "Tweak tests to hopefully fix include of limits.h on win32.", tweak fails on linux.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106661 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.c
|
| e9b539257895f10dd361799729ac02c47efa2825 |
23-Jun-2010 |
Daniel Dunbar <daniel@zuster.org> |
Tweak tests to hopefully fix include of limits.h on win32.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106639 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.c
|
| 3f8612b46949a73729ef0e0d985cc8cce1ec096f |
23-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Correctly construct an ElementRegion for alloca() + pointer arithmetic. Fixes analyzer
crash reported in PR 7450.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106609 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| b4954a4175b36d912bdfc43834d09754faddd855 |
21-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
When folding additive operations, convert the values to the same type. When assuming relationships, convert the integers to the same type as the symbol, at least for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106458 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding.c
|
| 9a126850968b0aa25f7c6f214e7309e33f2d800a |
21-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106456 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 43fdb7f3b46059d4af11a702af35bc8e5d0f678a |
20-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Adds analyzer support for idempotent and tautological binary operations such as "a*0" and "a+0". This is not very powerful, but does make the analyzer look a little smarter than it actually is.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106402 91177308-0d34-0410-b5e6-96231b3b80d8
onstant-folding.c
|
| c580f2e189810ae655c889536644470575bc551a |
20-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106401 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| ba0f61cf5363f80e3241dc754235dfb246afe320 |
19-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Fold additive constants, and support comparsions of the form $sym+const1 <> const2
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106339 91177308-0d34-0410-b5e6-96231b3b80d8
dditive-folding-range-constraints.c
dditive-folding.c
|
| 23d90f90413ff1efd7e4410d28ae2cab99af1fdb |
18-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add null stream check for more APIs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106274 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| a8166156a6414ddd6a68514dc4f48e95d2259977 |
17-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak stack address checker to report multiple cases where globals may reference stack memory.
Also refactor the diagnostics so that we print out the kind of stack memory returned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106210 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
tackaddrleak.c
|
| 551bd1f9191af0eecdc29764e34e01803c73ae31 |
17-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Rework StackAddrLeakChecker to find stores of stack memory addresses to global variables
by inspecting the Store bindings instead of iterating over all the global variables
in a translation unit. By looking at the store directly, we avoid cases where we cannot
directly load from the global variable, such as an array (which can result in an assertion failure)
and it also catches cases where we store stack addresses to non-scalar globals.
Also, but not iterating over all the globals in the translation unit, we maintain cache
locality, and the complexity of the checker becomes restricted to the complexity of the
analyzed function, and doesn't scale with the size of the translation unit.
This fixes PR 7383.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106184 91177308-0d34-0410-b5e6-96231b3b80d8
tackaddrleak.c
|
| c196095fa0b83d10b2c20fccfcb8198ee66451aa |
16-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add StreamChecker. This checker models and checks stream manipulation functions.
This is the start.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@106082 91177308-0d34-0410-b5e6-96231b3b80d8
tream.c
|
| fcd783d583d270b7ec1ec3e0fcf83cd93d30e381 |
15-Jun-2010 |
Ted Kremenek <kremenek@apple.com> |
Change AnalysisConsumer to analyze functions created by instantiantiating a macro. Fixes PR 7361.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105984 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 9b1468311d625ac8920adda5440ce8ffb1a5a5d2 |
09-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Merge StackAddrLeakChecker and ReturnStackAddressChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105687 91177308-0d34-0410-b5e6-96231b3b80d8
tackaddrleak.c
|
| 2c46458d4cd96a3a33e8810e95e692d8e2e05ff3 |
09-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Directly compare the StackFrameContext. This greatly simplifies logic and
improves generality. Thanks Ted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105686 91177308-0d34-0410-b5e6-96231b3b80d8
tackaddrleak.c
|
| 1622a547971cee50e386b4cdfe62ed1fcee1036d |
08-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a checker check if a global variable holds a local variable's address after
the function call is left where the local variable is declared.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105602 91177308-0d34-0410-b5e6-96231b3b80d8
tackaddrleak.c
|
| 43859f66cdc360ab093cdde67401a7640a4bc05c |
07-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Catch free()s on non-regions and regions known to be not from malloc(), by checking the symbol type and memory space.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105547 91177308-0d34-0410-b5e6-96231b3b80d8
ree.c
|
| 5d55376106f1aeabfab0bcd7e0167db904409a06 |
04-Jun-2010 |
Jordy Rose <jediknil@belkadan.com> |
Assignments to reference variables shouldn't kill the variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105452 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| fc61d94fbdbcd2b423976e21f24d423fcd442486 |
03-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
CFG: add all LHS of assingments as lvalue. This improves support for C++ reference. Patch by Jordy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105383 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| a5ce966d1a23d84aa5e849cf0ed62494e736ea6a |
01-Jun-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for calloc() in MallocChecker. Patch by Jordy Rose, with my
modification.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105264 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
utofbound.c
ndef-buffers.c
|
| a709b87de4644c05d7787f9fb246d2b4dc38bf51 |
31-May-2010 |
Ted Kremenek <kremenek@apple.com> |
After conversations with Zhongxing Xu and Jordy Rose, refine the logic in
RegionStoreManager::RetrieveElement() that handles indexing into a larger scalar
object to only consult the direct binding of a super region if it is a scalar.
This isn't perfect yet, and a big FIXME is attached to the code. This causes
the test case for PR 7218 now to pass.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105195 91177308-0d34-0410-b5e6-96231b3b80d8
R7218.c
|
| 42c67bfedb0b3a998d46d3868208bdd9a4da520a |
29-May-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Revert r105097. Thinking about a better fix.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105099 91177308-0d34-0410-b5e6-96231b3b80d8
R7218.c
|
| bdfa85fd5351d24bc42ce21a97d2fb8486df22b1 |
29-May-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix PR7218. Patch by Jordy Rose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@105097 91177308-0d34-0410-b5e6-96231b3b80d8
R7218.c
|
| 32f901092daa4a53c7e012408c1f59d73ba29ff5 |
27-May-2010 |
Ted Kremenek <kremenek@apple.com> |
Discard qualifiers for ElementRegions so that a 'const' doesn't change the lookup semantics
in the symbol store. We may wish to push this down into the StoreManager itself.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@104788 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| f0af777aff72b58333edcf258e30998e865bdef3 |
26-May-2010 |
Ted Kremenek <kremenek@apple.com> |
Predefine the '__clang_analyzer__' macro when using '-analyze'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@104742 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| ab28099e3bd4859585ccb316f9f571c8c6b035fd |
25-May-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
CastSizeChecker checks when casting a malloc'ed symbolic region to type T,
whether the size of the symbolic region is a multiple of the size of T.
Fixes PR6123 and PR7217.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@104584 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| d775c66b3a1ea17e770cf8fbf4ae37c667c1e043 |
21-May-2010 |
Ted Kremenek <kremenek@apple.com> |
Update retain-release checker to understand changes to how 'super' is represented
in the ASTs. Fixes <rdar://problem/8015556>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@104389 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 3f64a0e3be2c9408f8256bd3aa9f0ce9e268982c |
21-May-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in CFG construction for 'break' statements appearing in statement expressions
within the increment code of a for loop.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@104375 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| fadebbafe622752c3c6565b53ce8cd42bbbbd90c |
13-May-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't add a null successor to a CFGBlock when the contents of an @synchronized statement is empty.
Fixes <rdar://problem/7979430>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@103717 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 1c625f25055331bf76ab5479a8060d2b0f61e8b8 |
06-May-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Turn -analyzer-inline-call on for C functions. This also fixed a bug that
after inlining post-call checking shouldn't be done.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@103161 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
nline2.c
nline3.c
nline4.c
|
| 7b99d12b4ca67fccdf5090761ba257732e954e75 |
06-May-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make -analyzer-inline-call not a separate analysis. Instead it's a boolean
flag now, and can be used with other analyses. Only turned it on for C++
methods for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@103160 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
|
| ed8afacb8118b71bcfa8017059e51da325e7691b |
30-Apr-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refactor the AnalysisConsumer to analyze functions after the whole
translation unit is parsed. This enables us to inline some calls when still
analyzing one function at a time.
Actions are classified into Function, CXXMethod, ObjCMethod,
ObjCImplementation.
This does not hurt performance much. The analysis time for sqlite3.c:
before:
real 17m52.440s
user 17m49.460s
sys 0m2.010s
after:
real 18m0.500s
user 17m56.900s
sys 0m2.330s
DisplayProgress option is broken now. -inine-call action is removed. It
will be reenabled in another form, perhaps as an indenpendant option.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@102689 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
nline2.c
nline3.c
nline4.c
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 862b24f8e9b1a3b332399591e48b303f57f01d0a |
29-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix CFG crasher involving statement expressions reported in PR 6938.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@102576 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 48fb32230541a434ae79064085101d3ea84fb14e |
21-Apr-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
The second check point in the old test case was invalid.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101983 91177308-0d34-0410-b5e6-96231b3b80d8
ew.cpp
|
| 40ab43b29bff9a240e5281e5952f59ddee623fca |
20-Apr-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101878 91177308-0d34-0410-b5e6-96231b3b80d8
ethod-call.cpp
ew.cpp
|
| d617b85d12169ccb4bdf281836a281d0c173ba6a |
16-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Static analyzer: Don't crash when casting a symbolic region address to a float. Fixes PR 6854.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101499 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 1b49d762e9658b6b6d1b677dca005324a7b1126d |
15-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 6844, a regression caused by the introduction of llvm_unreachable for the default
case in GRExprEngine::Visit (in r101129). Instead, enumerate all Stmt cases and have
no 'default' case in the switch statement. When we encounter a Stmt we don't handle,
we should explicitly add it to the switch statement.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@101378 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 115c1b9cc758d15f38e1d2ad4cf07b1cacfb3115 |
11-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix CFG bug where bases of member expressions were not always evaluated in a lvalue context. Fixes <rdar://problem/7813989>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100966 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| d4eea8362605807327735727a9098abe1eb23b19 |
09-Apr-2010 |
Douglas Gregor <dgregor@apple.com> |
Improve diagnostics when we fail to convert from a source type to a
destination type for initialization, assignment, parameter-passing,
etc. The main issue fixed here is that we used rather confusing
wording for diagnostics such as
t.c:2:9: warning: initializing 'char const [2]' discards qualifiers,
expected 'char *' [-pedantic]
char *name = __func__;
^ ~~~~~~~~
We're not initializing a 'char const [2]', we're initializing a 'char
*' with an expression of type 'char const [2]'. Similar problems
existed for other diagnostics in this area, so I've normalized them all
with more precise descriptive text to say what we're
initializing/converting/assigning/etc. from and to. The warning for
the code above is now:
t.c:2:9: warning: initializing 'char *' from an expression of type
'char const [2]' discards qualifiers [-pedantic]
char *name = __func__;
^ ~~~~~~~~
Fixes <rdar://problem/7447179>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100832 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
verride-werror.c
|
| 99d9838b256ded8e59f85c93647ba5ec060b7145 |
08-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer check for calls to 'pthread_once()' where the control-flow has
automatic storage. This matches the corresponding check for 'dispatch_once()'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100803 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 53eee7ba970d21ff15bbd4334164037a3b4cc4b8 |
07-Apr-2010 |
Chris Lattner <sabre@nondot.org> |
Instead of counting totally diagnostics, split the count into a count
of errors and warnings. This allows us to emit something like this:
2 warnings and 1 error generated.
instead of:
3 diagnostics generated.
This also stops counting 'notes' because they are just follow-on information
about the previous diag, not a diagnostic in themselves.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100675 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 974d97b251aaf5a735af83367cd3a930f3eb4333 |
07-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in StoreManager::CastRegion() when the base region is a type with 0 size.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100594 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 68b9a599dda7c422a417dfdc330adb5a880eb0e5 |
07-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach MemRegion::getBaseRegion() about ObjCIvarRegions. We want to treat
them the same way as fields. This fixes a regression in RegionStore::RemoveDeadbindings()
that emerged from going to the cluster-based analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100570 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 7b73b92870aa6271ac3d0a91eca83f6dde68c904 |
05-Apr-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Always assume block-level expressions in the caller are alive when analyzing
the callee.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100429 91177308-0d34-0410-b5e6-96231b3b80d8
nline4.c
|
| 9618b858e2b4f79aa2b8b0291e9c833cee0435f8 |
01-Apr-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use the element type to compute the array size when the base region is a VarRegion.
Patch by Jordy Rose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100099 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
utofbound.c
|
| 75a2d944fc4a398d226c32169fbe8efe8befd9c4 |
01-Apr-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix a bug (PR 6699) in RegionStore::RemoveDeadBindings() where
array values with a non-zero offset would get prematurely pruned from the store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@100067 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| 4552ff080062cacc4b57906e6f2f09e9d796b6a4 |
30-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
RegionStore: specially handle loads from integer global variables declared 'const'.
Fixes a false positive reported in PR 6288.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99922 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8891c4277a2e5b729214165414dcfe929b06e9b0 |
30-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Change the analyzer to recognize (but ignore) assignments to isa. Fixes PR 6302.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99904 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8822f7cda557ffa755c16b5c978dada23c37d6be |
27-Mar-2010 |
Fariborz Jahanian <fjahanian@apple.com> |
Improve diagnostics on incomplete implementation
of objc classes; including which methods
need be implemented and where they come from.
WIP.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99724 91177308-0d34-0410-b5e6-96231b3b80d8
R3991.m
r4209.m
|
| cfd8ea930a119dc8a1e9a343d2a5cfe142b3d964 |
26-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix NoReturnFunctionChecker to properly look at a function's type
when determining if it returns. Fixes <rdar://problem/7796563>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99663 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 452b84ded735d7e7de6d099953ab959a4c9910f0 |
23-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak null dereference diagnostics to give clearer diagnostics when
a null dereference results from a field access.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99236 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
ull-deref-ps.c
list-output.m
|
| 12182a0344c11970f307bc79eeb102633561b680 |
22-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Improve the diagnostics for the UndefinedAssignmentChecker when an
uninitialized value is used in the LHS of a compound assignment.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99221 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.m
|
| 86d07a11f164a5dc488842dc932c8fc587b35d4f |
19-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/7770737>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98979 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8133716fc5cf705308c36aa6b0e7e4be2ac2ccdc |
18-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Refactor argument checking in CallAndMessageChecker to be the same
for both CallExprs and ObjCMessageExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98800 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
ninit-vals-ps-region.m
|
| 091b588f09401f2ec20cabffe57d9e09962970ab |
18-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Detect pass-by-value arguments that are structs that contain
uninitialized data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98796 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| ebd42f40803396d63bc59b77285d088cca61f53f |
18-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
Tweak dead stores checker to not emit a warning when initialization
a scalar variable with a scalar parameter. This is a
form of defensive programming. If the variable is unused,
it will be caused by -Wunused-variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98795 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| c8023788ace75cf0a0417b9b88e643ceebae91e2 |
10-Mar-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add use-after-free check to MallocChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98136 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 2cfe28b6a061e72c6c8726d7ecb879093a1ab7a3 |
10-Mar-2010 |
Ted Kremenek <kremenek@apple.com> |
When computing in AnalysisContext the variables referenced
by a block, also look at the contained blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@98111 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 57d3b76761bdba265769deb497afa784935602be |
04-Mar-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When profiling Environment, also profile with AnalysisContext*, bacause
we now may have identical states with different analysis context.
Set the right AnalysisContext in state when entering and leaving a callee.
With both of the above changes, we can pass the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97724 91177308-0d34-0410-b5e6-96231b3b80d8
nline3.c
|
| 97ccfa599c0479a4ea9b4df9291c564d5afd80e3 |
03-Mar-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add comments to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97619 91177308-0d34-0410-b5e6-96231b3b80d8
nline2.c
|
| 15f6b42b68d296cabf117752094693afe813dffb |
02-Mar-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Register all parameters even if they didn't occur in the function body.
We may query their liveness because they are added to store when passing
argument values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97562 91177308-0d34-0410-b5e6-96231b3b80d8
nline2.c
|
| 06079d1d1eb04e8d3d874311aafd605c8ec3cafc |
27-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for inlining call analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97300 91177308-0d34-0410-b5e6-96231b3b80d8
nline.c
|
| e3972a902d4a6f61fb21df092da2cace2b16cb3e |
25-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Enhance the unused ivar checker to not consider an ivar to be accidentally unused
when it is explicitly marked as unused via __attribute__((unused)).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97104 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| fc89323210a5f3f53808f7d801705d6b8c0a4224 |
25-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Remove test case dependancy on platform headers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97088 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 381d1bf0eeabccac1ba64909cad73d2ee963897b |
25-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add UnixAPIChecker, a meta checker to include various precondition checks for calls
to various unix/posix functions, e.g. 'open()'.
As a first check, check that when 'open()' is passed 'O_CREAT' that it has
a third argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97086 91177308-0d34-0410-b5e6-96231b3b80d8
nix-fns.c
|
| 891322002b5f5886d812f6e8df12174fb2d8e73b |
23-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Dead emit dead store warnings when assigning nil to an ObjC object
pointer (for defensive programming). This matches the behavior with
assigning NULL to a regular pointer. Fixes <rdar://problem/7631278>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96985 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| 786cc72ecaadafbe339edc548afa9daf891c4278 |
23-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/7242010>, which appears to have been fixed
in the recent changes to RegionStore::InvalidateRegions(). Note that we
are still not yet modeling 'memcpy()' explicitly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96902 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 6041111f3749e76a1712ec58dd17449bd3177ddd |
18-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Recognize attributes ns_returns_not_retained and cf_returns_not_retained
in the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96539 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 6418825fb8934128e847d17b0d0a171dcca32e9b |
16-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case showing that a recursive block that captures a block pointer that
isn't marked '__block' is bad.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96357 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 94fd0b8c88db9b1cd99457d3cd8cd333341dd39c |
16-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add simpler checker to check if variables captured by a block are uninitialized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96341 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 181cc3df6e0046a154a8a174d551d57af4561998 |
14-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix pr6293. If ptr is NULL, no operation is preformed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96154 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 24c37ad067320e9d40978d97a73e4bca0f0eae54 |
13-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Enhance RegionStore::InvalidateRegions() to correctly invalidate bindings
by scanning through the values of LazyCompoundVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@96067 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8ec4aac6d3dee698e4cb7b9f540d962e4ccab468 |
09-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix lookup of fields from lazy bindings to check if the region is
NULL, not the store, to determine if a lookup succeeded. The store
can be null if it contained no bindings. This fixes a false positive
reported to me by a user of the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95679 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 36d02e0984fcb7bdae37df7659603075c2a4c113 |
08-Feb-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for binding and retrieving VarRegions in flat store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95529 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-flat-store.c
|
| 81861abe9cd1669ca46e13866f77f7ece8c4c85f |
06-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Also teach RegionStore::RetrieveVar() to handle 'static' pointers that are implicitly initialized to NULL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95479 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 4dc1566a80648a74a19409c425809fa6a1683bef |
06-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in RegionStore (from BasicStore) where static variables were not treated as being implicitly initialized to 0 (and instead were getting symbolicated).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95478 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 85248734f404fbb9b2f88ecd5296761a8578def6 |
06-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore::InvalidateRegions() to also invalidate static variables referenced by blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95459 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| cada305b86cdcfe4f8ceb7007736522a98c0f403 |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add test case showing the analyzer invalidates '__block' variables when the block is passed as an argument to an ObjC method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95366 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 565e465c6d0093f1bf8414b2cabdc842022385a9 |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-checker-cfref' to '-analyzer-check-objc-mem'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95348 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
locks.m
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
ead-stores.cpp
elegates.m
lementtype.c
xercise-ps.c
ields.c
unc.c
alloc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.cpp
isc-ps-region-store.m
isc-ps-region-store.mm
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
utofbound.c
verride-werror.c
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
eference.cpp
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.m
nions-region.m
|
| 7909fc8833e734aac521d7d6945bd823d75150ac |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-warn-objc-missing-dealloc' to '-analyzer-check-objc-missing-dealloc'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95347 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
R2978.m
|
| fa15be4cf95b7ed2d1df583497b16a6f897cf789 |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-warn-objc-methodsigs' to '-analyzer-check-objc-methodsigs'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95346 91177308-0d34-0410-b5e6-96231b3b80d8
bjCRetSigs.m
|
| 2ade536f6815bf6ff128333520232c3b0e701146 |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-warn-objc-unused-ivars' to '-analyzer-check-objc-unused-ivars'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95345 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| cd9902bfb79c5c67559360514951714bdafac36e |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-warn-dead-stores' to '-analyzer-check-dead-stores'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95343 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
dar-6540084.m
|
| fb3f893bc58071e548c97a3d667c8ab9b0c38cfb |
05-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Rename -cc1 option '-warn-security-syntactic' to '-analyzer-check-security-syntactic'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95342 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks-no-emit.c
ecurity-syntax-checks.m
|
| 68ebd83120dfcfc7625ba0e47c9395ed32b20997 |
04-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Add assorted test cases from PR 4172.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95297 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 95a011204fec58cc5dbc4f4a9830a8f0435c4b72 |
04-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Specially handle casts to 'void' in AdjustedReturnValueChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95287 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 40c37e1a624c27f987458a3234f615d929e9d813 |
04-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: handle casts of a function to a function pointer with
a different return type. While we don't emit any errors (yet), at
least we avoid cases where we might crash because of an assertion
failure later on (when the return type differs from what is expected).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95268 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 5b290658c5af4cc186fe556311db2bfbb316c00a |
03-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in RegionStore due to recent changes in
RegionStoreManager::InvalidateRegions() by adjusting the worklist to
iterate over BindingKeys instead of MemRegions. We also only need to
do the actual invalidation work on base regions, and for non-base
regions just blow away their bindings.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95200 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| f68170481d4c36e1e930ee9a3bce58e2ae5a95cb |
02-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Explicitly check for casts to double or complex types instead of possibly asserting in SValuator.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95128 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 61e8e1b84292e882553a47edec830a79606c78f4 |
02-Feb-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in GRExprEngine::VisitSizeOfAlignOfExpr() where we do not add
'Pred' to 'Dst' for cases we currently don't handle. This fixes
<rdar://problem/7593875>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95048 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| fee90811c665893bc27a9bfa8b116548afe1b89b |
27-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach RegionStore to handle initialization of incomplete arrays in structures using a compound value. Fixes <rdar://problem/7515938>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94622 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 46171917dc87caf0c7a741a7301f36db2e20b132 |
23-Jan-2010 |
Mike Stump <mrs@apple.com> |
Insulate these from changes to the default for -Wunreachable-code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94326 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
ead-stores.c
ead-stores.cpp
isc-ps.m
|
| 45eb40641ff3804d4c47ce7f6ec4782633d04ddf |
19-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93874 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 3ed04d37573c566205d965d2e91d54ccae898d0a |
18-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add support for computing size in elements for symbolic regions obtained from
malloc().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93722 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 425c7ed03b5c7d4263f592416338642b6d99f3ba |
18-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for pr6069.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93708 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 88c8bc83808588fdb97924144ca9fb5f27dfc9a6 |
15-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Don't suggest the developer use 'arc4random' instead of 'rand' when that function is not available. Fixes PR 6012.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93508 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks-no-emit.c
|
| c213b48206c55ca0eb1387cfa1651de504f147d1 |
15-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Teach BugReporter to "escape" the occurance of '%' characters in diagnostic messages when emitted results to the standard Diagnostics output. Fixes PR 6033.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93507 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 33ec2f8bc5a19c3b026d80299394989a4f8b3a3d |
14-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Simplify test case. This test case also applies to PR 6013.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93444 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 74618dec963b43f6442c1780ea7795de707a1cef |
14-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Associate test case with Bugzilla PR.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93440 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 7b81e8fe6f8576340af7899c1828f1af0781d775 |
14-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix pr6035.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93422 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 7ef655a78863c0a7550bfe51174b9c340ab1dce0 |
12-Jan-2010 |
Chris Lattner <sabre@nondot.org> |
implement PR6004, warning about divide and remainder by zero.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93256 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 951b334069f77c0af424e5ea15b75f4ee17b4583 |
11-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enhance ScanReachableSymbols::scan(). Now another OSAtomic test case passes.
The old test case has a little mistake.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93148 91177308-0d34-0410-b5e6-96231b3b80d8
SString-failed-cases.m
SString.m
|
| 604848a49d2a9c0985225bbe3a39fca223e961bb |
11-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enhance SVals::getAsRegion: get the region that is converted to an integer.
This with previous patch fixes a OSAtomic test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93146 91177308-0d34-0410-b5e6-96231b3b80d8
SString-failed-cases.m
SString.m
|
| c50e6df965ff264952d8d5805d151f89c89af302 |
11-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Switch RegionStore over to using <BaseRegion+raw offset> to store
value bindings. Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key". This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93137 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 36fcde0ae10b88494d870dc4d39b4bd6681890e0 |
10-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Make sure this test case tests analyzing both x86_64 and i386 archs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93133 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 3cd8bd4226dc39dbeb729edab42afaf440a02ef2 |
10-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Enhance test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93101 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 4a749b957f28292e8412b7c13b01ca4baeb78d24 |
09-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix overzealous assertion in GRExprEngine::VisitLValue(). A
CallExpr/ObjCMessageExpr can be visited in an "lvalue" context if it
returns a struct temporary. Currently the analyzer doesn't reason
about struct temporary returned by function calls, but we shouldn't
crash here either.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93081 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| e030358cc06e1cbce3c2e00ca67c946f9164b2a8 |
09-Jan-2010 |
Chris Lattner <sabre@nondot.org> |
add a bunch of missing prototypes to tests
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93072 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
R2599.m
asts.c
ead-stores.c
isc-ps-region-store.m
isc-ps.m
dar-6442306-1.m
etain-release-basic-store.m
etain-release-region-store.m
etain-release.m
ninit-vals-ps-region.c
|
| 7960ec30d794da5de6cd017c728e1151f7b101b9 |
09-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix broken diagnostic when returning the address of a stack-allocated array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93071 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| bc37b8dd9914e02580f531fa6e5e72be34d9675e |
09-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When binding an rvalue to a reference, create a temporary object. Use
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93047 91177308-0d34-0410-b5e6-96231b3b80d8
eference.cpp
|
| 48569f9562740ac1f4b175cb17ce3d49035402c4 |
08-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Fix handling in GRExprEngine of 'default' branch in switch statements
when the default case is winnowed down to be infeasible. When all
cases were ruled out (and the analysis state for the default case
would be infeasible) we would still consider the default case
possible. This fixes PR 5969.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93017 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-ranges.m
|
| 6607aca723992d364f2de15f5d739aae8c2a6469 |
05-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Move test case to a more appropriate file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92725 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
isc-ps.m
|
| 0d1847d79eab28f0b1572d28ffb3d2eea07d1775 |
05-Jan-2010 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92724 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| de0d26310191215a6d1d189dc419f87af18ce6be |
05-Jan-2010 |
Ted Kremenek <kremenek@apple.com> |
Make static analysis support for C++ 'this' expression context-sensitive. Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92675 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| b94b81a9ab46c99b00c7ad28c5e1e212c63fc9ac |
31-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Let constraint manager inform checkers that some assumption logic has happend.
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92342 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| dd8b44101281c894026c7070da6e826c542ea87b |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add analyzer test case for 'ForStmt' with condition variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92120 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 4ec010a6ccf4db2ab2ef9e68942642d50f7f193c |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
CFG tweak: in a WhileStmt, the condition variable initializer is evaluated every time the condition is checked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92111 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 4c508a12cedcf2896412a3700c1b2a35bf339828 |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Teach GRExprEngine to handle the initialization of the condition variable of a WhileStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92106 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| cafefbe180bacd2c02c87ae1193f83fc6798cdfc |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 4358.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92103 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| fcfb503c280ed8c66d428fed911b2846c0f434fc |
24-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Teach GRExprEngine to handle the initialization of the condition variable of a SwitchStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92102 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 61dfbecd8e6181b2ba42ffb5feede27a2bab3b8a |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add CFG support for the condition variable that can appear in IfStmts in C++ mode.
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91987 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 604d939ac15d1398761df313679673d30bb10f27 |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Suppress dead store warnings involving objects initialized with CXXExprTemporaries.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91986 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| 5bbc8e76408af22a0c706a4199c684bf5f5a5cb3 |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 5857. When casting from a symbolic region to an integer back to a pointer value, we were not correctly layering the correct ElementRegion on the original SymbolicRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91981 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 077a40df258beb46cb746af61da115e9718a6aff |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Also treat the type of the subexpression as a pointer in GRExprEngine::VisitCast when the expression is handled as an lvalue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91969 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 949bdb43bf370b23a79a37b017e0a0566c0d66e0 |
23-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add basic support for analyzing CastExprs as lvalues.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91952 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 38ac4f504bf8ed514520b5a82be538bdb0860687 |
22-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add transfer functions support for visiting an Objective-C message expression as an lvalue when the return type is a C++ reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91926 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.mm
|
| 910e4080986045cc2036f8d1f55398acc7fbb257 |
19-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use the FunctionDecl's result type to know exactly if it returns a reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91751 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 53287518f69b8f06f82a6cdbd13e4e3a13b58186 |
18-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91710 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| d87682ed3c3e5d748d13a5c4f1cbb267aa756b31 |
17-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add failing test case for C++ static analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91578 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.cpp
|
| 772494c3b8f0c7c80484d0fef5b20cf4e445a8e2 |
16-Dec-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Add abort() as a builtin. This has two effects: one, we warn for incorrect
declarations of abort(), and two, we mark it noreturn. Missing the latter
shows up in one of the "embarassing" tests (from the thread on llvmdev
"detailed comparison of generated code size for LLVM and other compilers").
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91515 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 852274d4257134906995cb252fb3dfd2d71deae8 |
16-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add (initial?) static analyzer support for handling C++ references.
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| a5728872c7702ddd09537c95bc3cbd20e1f2fb09 |
15-Dec-2009 |
Daniel Dunbar <daniel@zuster.org> |
Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.
- This is designed to make it obvious that %clang_cc1 is a "test variable"
which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
can be useful to redefine what gets run as 'clang -cc1' (for example, to set
a default target).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91446 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString-failed-cases.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
rray-struct.c
locks.m
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
elegates.m
lementtype.c
xercise-ps.c
ields.c
unc.c
alloc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
utofbound.c
verride-werror.c
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
ecurity-syntax-checks.m
izeofpointer.c
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.c
ninit-vals.m
nions-region.m
nused-ivars.m
|
| 43f19e3136a9610eeba3cdef9f9af70d93df2f7e |
15-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Until we can make the dead stores checker smarter, dont' emit dead store warnings for C++ objects (whose constructors/destructors have possible side-effects).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91412 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| 5348f94abd0e9d3945da8d059b55b156967e8ff9 |
14-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91348 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| ef74f4c6dcd59b3af1de9d8f613c1caf3e6cb63d |
14-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Replace clang-cc with clang -cc1.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91272 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString-failed-cases.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
rray-struct.c
locks.m
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
elegates.m
lementtype.c
xercise-ps.c
ields.c
unc.c
alloc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
utofbound.c
verride-werror.c
list-output.m
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
ecurity-syntax-checks.m
izeofpointer.c
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.c
ninit-vals.m
nions-region.m
nused-ivars.m
|
| d9c84c8381261530b16512d2aac146de8271ea1e |
12-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add initial support for realloc() in MallocChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91216 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 2b87ae45e129b941d0a4d221c9d4842385a119bd |
11-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame. Fixes <rdar://problem/7462324>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91107 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 6bcd5a04db4eb9d51e7f92a4edc418737a5aeefd |
10-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix null dereference in OSAtomicChecker and special case SymbolicRegions. We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90993 91177308-0d34-0410-b5e6-96231b3b80d8
SString-failed-cases.m
SString.m
|
| 2f4a6b25a7409f6f05e8a5e6864de21a337c8958 |
09-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
OSAtomic simulation: use the original region as the location to load from,
instead of the ElementRegion obtained from casts.
Test cast: the leak cannot occur bacause the true branch cannot be taken.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90964 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| bcb02fc690a2f9a6991b440181f70a0875e5c965 |
09-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add notes to a test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90947 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| 17f4da8f150f6b9dfb571cebd6299b06948e5385 |
09-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a horrid bug in GRExprEngine::CheckerVisit() that was identified
by the test case in PR 5627. Essentially we shouldn't clear the
ExplodedNodeSet where we deposit newly constructed nodes if that set
is the 'Dst' set passed in. It is not okay to clear that set because
it may already contain nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90931 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| e605efddac331ef846911b55978ec4ca2f5eba68 |
06-Dec-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for mktemp. Patch by Lei Zhang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90706 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 9f303beca8a71368e34f53dd14eed7a3b51331ca |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another blocks test case illustrating how parameters passed-by-reference in block invocations are invalidated (just like function calls).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90466 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 2ffbfd96a3f1c2e55c0e950d941fbb4dbcd137b9 |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add value invalidation logic for block-captured variables. Conceptually invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90431 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 74635d8cd3c367890735dc4af2c2825a7e4b434c |
03-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a heuristic to the dead stores checker to prune dead stores for variables annotated with '__block'. This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90364 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 9a0459c0f59a09ac7287ca1f49083fc6b31e4142 |
02-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Added dead-stores test cases that involve the use of blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90277 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 2b56b9cf7429919e1df011d8d6bee2e04f5bc22c |
01-Dec-2009 |
Ted Kremenek <kremenek@apple.com> |
Add new test case file that focuses on testing analyzer support for blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90274 91177308-0d34-0410-b5e6-96231b3b80d8
locks.m
|
| 8a90ac0e85e8c5758b585fe486ee7db01c53fb98 |
29-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Normalize options to use '-FOO' instead of '--FOO'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90071 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
asts.c
asts.m
fref_PR2519.c
oncrete-address.c
ields.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
isc-ps.m
list-output.m
dar-6442306-1.m
|
| a1c57168d55514e7c35930769dccdb631d90283d |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Improve diagnostics in ReturnStackAddressChecker for returning a stack-allocated block. Implements the rest of <rdar://problem/7387385>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89940 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 3a9763491c41fe140a8777e0a71e046c56c9cbdb |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case that shows that dead stores checking now works in the presence of blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89939 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 38cc6bca5c172e2888c86fb0bef6883db0692cf6 |
26-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a PostVisitBlockExpr() method to RetainReleaseChecker to query for
the set of variables "captured" by a block. Until the analysis gets
more sophisticated, for now we stop the retain count tracking of any
objects (transitively) referenced by these variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89929 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 772250ca0b15f9ba74e5cb97773815d3d3beffa4 |
25-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add really basic support for blocks in the retain/release checker. For now, anytime we pass a tracked object to a block call we stop tracking it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89831 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 7e08dca61835c8f0cd99c9f4d364e2adcc339a0b |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Convert test case to FileCheck to test the behavior of the nil-receiver checker when the code is targetted for either Tiger or Leopard.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89810 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| f81330c741e0f70b227f113d2e5a84948d1a5752 |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
For the nil-receiver checker, take into account the behavioral changes that got introduced in Mac OS X 10.5 and later, notably return values of double, float, etc., will not be garbage. Fixes <rdar://problem/6829160>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89809 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| fee96e043108b6e24e7d4c5464bf89ac970a7f81 |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Cleanups and fixes to the nil-receiver checker, some of it fallout the
initial transition of the nil-receiver checker to the Checker
interface as done in r89745. Some important changes include:
1) We consolidate the BugType object used for nil receiver bug
reports, and don't include the type of the returned value in the
BugType (which would be wrong if a nil receiver bug was reported more
than once)
2) Added a new (temporary) flag to CheckerContext: DoneEvauating.
This is used by GRExprEngine when evaluating message expressions to
not continue evaluating the message expression if this flag is set.
This flag is currently set by the nil receiver checker. This is an
intermediate solution to allow the nil-receiver checker to properly
work as a plug-in outside of GRExprEngine. Basically, this flag
indicates that the entire message expression has been evaluated, not
just a precondition (which is what the nil-receiver checker does).
This flag *should not* be repurposed for general use, but just to pull
more things out of GRExprEngine that already in there as we devise a
better interface in the Checker class.
3) Cleaned up the logic in the nil-receiver checker, making the
control-flow a lot easier to read.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89804 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
dar-6600344-nil-receiver-undefined-struct-ret.m
|
| e576af2754bfa309bb10a518bbc17c81b9e0723f |
24-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance null dereference diagnostics by indicating what variable (if any) was dereferenced. Addresses <rdar://problem/7039161>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89726 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
list-output.m
|
| 616cf051d45b9e5294da36aaa40b09d79a9eddc4 |
23-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Tweak UndefBranchChecker to register the most nested "undefined" expression with bugreporter::registerTrackNullOrUndefValue instead of the condition itself.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89682 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 04765ac135e0c4e6b78651c2a287d80a32b2b8b9 |
23-Nov-2009 |
Fariborz Jahanian <fjahanian@apple.com> |
Make 'SEL' pointer to a builtin type and not an
objective-c pointer type. This was a serious mishap and
luckily, Ted's test caught that (and patch fixes the test case).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89680 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| 998c133a3b1cd0c34c52907f3ec2798e0dde7e0e |
23-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Cleanup title/description of "undefined branch" BugType and add some test cases for this check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89679 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 93fab7c94008d9e2b1e4ce15784544c6710945fe |
22-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Change CheckDeadStores to use Expr::isNullPointerConstant, which will correctly determine whether an expression is a null pointer constant.
Patch by Kovarththanan Rajaratnam!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89621 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 13dcd00615de5c4279d97bdf63cd5f0a14fd9dcc |
21-Nov-2009 |
Fariborz Jahanian <fjahanian@apple.com> |
This patch implements objective-c's 'SEL' type as a built-in
type and fixes a long-standing code gen. crash reported in
at least two PRs and a radar. (radar 7405040 and pr5025).
There are couple of remaining issues that I would like for
Ted. and Doug to look at:
Ted, please look at failure in Analysis/MissingDealloc.m.
I have temporarily added an expected-warning to make the
test pass. This tests has a declaration of 'SEL' type which
may not co-exist with the new changes.
Doug, please look at a FIXME in PCHWriter.cpp/PCHReader.cpp.
I think the changes which I have ifdef'ed out are correct. They
need be considered for in a few Indexer/PCH test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89561 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| 7c5c965b876c4c698d22b1e38b6b0b2534036110 |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add RegionStore test case that shows that floating point values are also implicitly tracked for undefined values. (test case for <rdar://problem/6811085>).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89538 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8ea06e95c396aa56a24cc9325d7ac6b27422adcf |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another test case to show the precision of RegionStore over
BasicStore. In this example, BasicStore would lose information about
the pointer in path after '*path++', causing the analyzer to falsely
flag a null dereference. This addresses <rdar://problem/7191542>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89533 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| c79d7d49c5ec42e8bb6ac34350ebb5bc24ca663d |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker also handled undefined receivers in message expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89524 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-msg-expr.m
ninit-ps-rdar6145427.m
|
| 64fa85855638d69e56ed1b2fad7ed65deb3ecdfd |
21-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
More checker refactoring. Passing undefined values in a message expression is now handled by UndefinedArgChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89519 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 50e837b3cbc9315b6808daabb96c5c7cccf11ea7 |
20-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add simple static analyzer checker to check for sending 'release', 'retain', etc. directly to a class. Fixes <rdar://problem/7252064>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89449 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| b221e4fb46f6e35b0721399ed2734daadbcc1f00 |
20-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Unused ivar checker: ivars referenced by lexically nested functions should not be flagged as unused. Fixes <rdar://problem/7254495>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89448 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| 7f50c177dc0431ffd456887846815c7f613d57f2 |
20-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Really fix test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89430 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 5bff70b79cbbb7f5ae15496808a47fcb5a84d225 |
20-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89429 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 71a5e2841d7a6f3f77230970a7d15bd2cb9e118e |
20-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix null dereference in NSAutoreleasePoolChecker when analyzing messages sent to blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89413 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 027e2667315f265a85c6241f26e8a514db219b3f |
19-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when using --analyzer-store=region when handling initializers with nested arrays/structs whose values are not explicitly specified. Fixes <rdar://problem/7403269>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89384 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 53e8484581ca358c3a2ccd8ea39c136c6e85d606 |
19-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Switch -f{builtin,math-errno,rtti} and -analyzer-purge-dead to -...no... variants instead of using llvm::cl::init(true) arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89315 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| d8aefab741a788ba308468df0c66c9dafb4c8530 |
17-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Drop unnecessary #include.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89154 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| ca74ae733619b91413f86f06965089f6abc8d100 |
17-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Use -fblocks and -fobjc-nonfragile-abi when that is what is being tested, instead of forcing the triple.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89072 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| 4985e3ec81679955e51d537d1186e243f9389d7a |
17-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add PreVisitReturn to Malloc checker. Now we can recognize returned memory
block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89071 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 23afaad895486d4a9ea672f497b63ebc4c588955 |
17-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Don't #include <stdio.h> when tests don't need it, or use clang instead of clang-cc when they do.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89070 91177308-0d34-0410-b5e6-96231b3b80d8
bjCRetSigs.m
|
| 243fde9f549a8f5f000c4baccb572dd0b7266a41 |
17-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add EvalEndPath interface to Checker. Now we can check memory leaked at the
end of the path. Need to unify interfaces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89063 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 48cebf2bb14ab9ca561adf30e9f7a949a08dde0e |
17-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add newline at the end of the file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89052 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| c6ea5d4f6e3049617e829e428f78f3d63da2cf52 |
17-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test to verify that the analyzer plist output is what we expect.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89029 91177308-0d34-0410-b5e6-96231b3b80d8
list-output.m
|
| 63e963cdffca9530f920dbab58b9b4eecb2a582c |
16-Nov-2009 |
Fariborz Jahanian <fjahanian@apple.com> |
Handle case of missing '@end' in implementation context
gracefully, on par with gcc, by: Issuing a warning,
doing final sematinc check of its definitions and generating
its meta-data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88934 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
R3991.m
isc-ps.m
r4209.m
egion-1.m
|
| 2f0055275755807395cbd94e636347ae53fb1f03 |
14-Nov-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Fix a couple of tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88756 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| c360775fb7ed8352ca26f08c0270d21a6cb19e7f |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove test case's dependency on header file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88685 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| c764d4b5b78607d189eb5299ceb6d1640c99df45 |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add two new test cases for the Malloc/Free checker. Both have to do with
storing malloc'ed memory to global storage.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88684 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| ba93087ebd43c0f7b3e980dc9e49a9313d9c9f01 |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case that shows a leak we don't catch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88683 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| 8382cf57b722f130f1a6b45380639871c07271c1 |
13-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Add clang-cc option "--analyzer-experimental-internal-checks". This
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88671 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
R3991.m
rray-struct.c
asts.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.cpp
ead-stores.m
elegates.m
lementtype.c
xercise-ps.c
ields.c
unc.c
alloc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-ranges.m
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps-region.c
ull-deref-ps.c
utofbound.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6540084.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
egion-1.m
|
| fc7ac8f0b9ffd83b9e7329926e9e184586b49138 |
13-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Malloc checker basically works now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@87094 91177308-0d34-0410-b5e6-96231b3b80d8
alloc.c
|
| ab6d6229cd7659ee49974d0116fe8bca06d7d128 |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Split buffer overflow test case into two test cases, removing out logic that was commented out.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86845 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136-region.c
|
| d694485f9d6e3ea7b458df8241dfffd38f62aca8 |
11-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add undefined array subscript checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86837 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 58e689fead1490611bcd114fb707bfc08a12049e |
11-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Reimplement out-of-bound array access checker with the new checker interface.
Now only one test case is XFAIL'ed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86834 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
utofbound.c
dar-6541136-region.c
|
| de7d8007567374654aa146569de98cd7423dc57b |
11-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
CastToStructChecker: use 'isStructureType()' instead of 'isRecordType()' to determine if a pointer is casted to a struct pointer. This fixes an observed false positive when a value is casted to a union.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86813 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 79234ca446858707fa311cd0dfea85519ba3bbd5 |
10-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for PointerSubChecker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86657 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| adca27102ff733c7d42fcbbc2c7e134a7fc026f9 |
10-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Refine PointerSubChecker: compare the base region instead of the original
region, so that arithmetic within a memory chunk is allowed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86652 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| e4da0eb77cc645ca73c9d070dc952997f0ee2c25 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86541 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| ede7eb251778cd64e76cd09ea941b0f4064d38a1 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add check for pointer arithmetic on non-array variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86538 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| bd842e3f5b83f4fb962c1a421df18aaa919be5ca |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add check for obsolete function call of getpw().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86537 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 4f3dc698a1bbeea16155e51dfc7d0f69ff689598 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add checker for CWE-588: Attempt to Access Child of a Non-structure Pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86529 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
isc-ps-region-store.m
|
| b10a7c235f82c6eb074be097c9ae7ee51fccc9c6 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add checker for CWE-587: Assignment of a Fixed Address to a Pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86523 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 3ce2dc358ea951c384fa27bcf2ba4a222c2c0511 |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add checker for CWE-469: Use of Pointer Subtraction to Determine Size. This
checker does not build sink nodes. Because svaluator computes an unknown value
for the subtraction now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86517 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| c24e9f3a5782096d0bdd9e8aa9f80955a3b60bbd |
09-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a test case for CWE-467, and simplify the wording of the warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86504 91177308-0d34-0410-b5e6-96231b3b80d8
izeofpointer.c
|
| 4fcfde4d5c8f25e40720972a5543d538a0dcb220 |
08-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Eliminate &&s in tests.
- 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86430 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
ead-stores.cpp
elegates.m
xercise-ps.c
ields.c
unc.c
isc-ps-64.m
isc-ps-ranges.m
isc-ps-region-store.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
tr-arith.c
dar-6442306-1.m
dar-6562655.m
dar-6600344-nil-receiver-undefined-struct-ret.m
dar-7168531.m
efcnt_naming.m
egion-1.m
etain-release-gc-only.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
ninit-vals.m
|
| 680523a91dd3351389667c8de17121ba7ae82673 |
07-Nov-2009 |
John McCall <rjmccall@apple.com> |
Implement -Wconversion. Off by default, in the non-gcc group. There's
significant work left to be done to reduce the false-positive rate here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86326 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 7344c878a73418cfade56e0c2281ac7324a609b2 |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
testing: Merge PR3135.c into misc-ps-region-store.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86286 91177308-0d34-0410-b5e6-96231b3b80d8
R3135.c
isc-ps-region-store.m
|
| 6f516f50e53b621613d281ef186c76c5160d9d35 |
06-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Sentence-case bug type, and pull tests from region-only-test.c into misc-ps-region.store.m (removing an extra unneeded test file). Also add a bunch of FIXME comments for future enhancements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86282 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
egion-only-test.c
|
| afb32f721a416e7a96f0fa3f05a9a363a67507dc |
06-Nov-2009 |
Nuno Lopes <nunoplopes@sapo.pt> |
add test case for PR3135 which was already fixed
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86273 91177308-0d34-0410-b5e6-96231b3b80d8
R3135.c
|
| ceeb02db9ad4232ea248a44192180d5bc7fe2653 |
06-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a checker for CWE-466: Return of Pointer Value Outside of Expected Range.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86252 91177308-0d34-0410-b5e6-96231b3b80d8
egion-only-test.c
|
| ae78447ef124fcbc6bef14f73a67586420c0196a |
05-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Tweak wording and classifications of analyzer diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86127 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b107c4b7efb907d75620cd3c17f82fe27dc5b745 |
04-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Catch uses of undefined values when they are used in assignment, thus catching such bugs closer to the source.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86003 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| 5206f0b913d1a11744c9436c83b24f8daa21152c |
03-Nov-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Pull VLA size checker into its own files.
Split it to two checkers, one for undefined size,
the other for zero size, so that we don't need to query the size
when emitting the bug report.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85895 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 54cb7ccc769a5e81a13812e08c21daf52a781262 |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6250216> Warn against using -[NSAutoreleasePool release] in GC mode
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85887 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| d73902121a93c3135cf53e2d724361cec1037d7e |
03-Nov-2009 |
Daniel Dunbar <daniel@zuster.org> |
Switch XFAIL format to match LLVM.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85880 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 002174f7d60761931f4ec958ca384212a42bb655 |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: CGBitmapContextCreateWithData() returns an owned object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85867 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 882a51e497c7cf3c21530c51c5b6f44ff2560226 |
03-Nov-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Add special handling of CGBitmapContextCreateWithData().
Fixes: <rdar://problem/7358899>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85864 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5bbe789e1084996179bf4b103768d73cbd4446c8 |
30-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Handle loading of field values from LazyCompoundVals in GRExprEngine::VisitMemberExpr().
This fixes the crash reported in PR 5316.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85578 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 3f214b35cac948f8bb68542814379858e984c745 |
29-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix accidental use of CheckSVal instead of CheckLocation, and add a
small test case to show we handle dereferences of undefined values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85492 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 01756192fe41f07b36498ab5ead5653d6dae16fe |
29-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix an insidious bug in RegionStore::RemoveDeadBindings() pointed out
by Zhongxing Xu. RemoveDeadBindings() would falsely prune
SymbolicRegions from the store that wrapped derived symbols whose
liveness could only be determined after scanning the store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85484 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| d864e1a425c90ae126eb40617b005006797db6fc |
29-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/7342806>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85462 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| e8ec699167a7c3a2872feefd03e0ea2fabb980e0 |
28-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Unused ivars checker: also check methods in categories that are defined in the same translation unit. Fixes <rdar://problem/6260004>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85442 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| a65c387e6cc7df4507f60dfc0744bbdc91825333 |
27-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test cases for <rdar://problem/7332673>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85191 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| ab22ee9ede5532f35c64b8eaccb4210f3f16397d |
20-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
RegionStore: Use the *default* binding (instead of the *direct* binding) of an Objective-C object
region when doing lazy value retrieval of an ivar.
This fixes: <rdar://problem/7312221>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84584 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| e9731832ec3b995defba821ec24343d74d004f9f |
20-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: allow 'new', 'copy', 'alloc', 'init' prefix to start before '_' when determining Cocoa fundamental rule.
Fixes: <rdar://problem/7265711>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84569 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
etain-release.m
|
| 9b02034b6461000f8355c9c91118adaf644cbc8a |
17-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix another static analyzer crash due to a corner case in "folding" symbolic values that are constrained to be a constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84320 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b5deae519b1f86d514427c412d9f8873d93c909c |
16-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix static analyzer crash due to recently add symbolic-value constant folding. The issue was falsely
converting the constant value of the LHS of a '<<'/'>>' operation to the same APSInt value of the
RHS.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84269 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 473e16745a6f3370ba3ab6fe70bff43b1c8b2ab9 |
16-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84223 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| 47dcd06e113c5a3b6621166acdb163734a1cfa33 |
16-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a few passing test cases for finding leaks of retained objects stored to arrays (<rdar://problem/7283470>).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84221 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| 6fe2b7a3da783395379b12c75e4e7608809f9062 |
16-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Use simpler utility method for creating class method summaries. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84210 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 45f7c27942a520ed902ae0f419465fcb8a4f61bf |
15-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Per an astute observation from Zhongxing Xu, remove a "special case" logic in
RegionStoreManager::Retrieve() that was intended to handle conflated uses of pointers as integers.
It turns out this isn't needed, and resulted in inconsistent behavior when creating symbolic values on the following test case in 'tests/Analysis/misc-ps.m':
typedef struct _BStruct { void *grue; } BStruct;
void testB_aux(void *ptr);
void testB(BStruct *b) {
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
testB_aux(__gruep__);
}
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
if (~0 != __gruev__) {}
}
}
When the code was analyzed with '-arch x86_64', the value assigned to '__gruev__' be would be a
symbolic integer, but for '-arch i386' the value assigned to '__gruev__' would be a symbolic region
(a blob of memory). With this change the value created is always a symbolic integer.
Since the code being removed was added to support analysis of code calling
OSAtomicCompareAndSwapXXX(), I also modified 'test/Analysis/NSString.m' to analyze the code in both
'-arch i386' and '-arch x86_64', and also added some complementary test cases to test the presence
of leaks when using OSAtomicCompareAndSwap32Barrier()/OSAtomicCompareAndSwap64Barrier() instead of
just their absence. This code change reveals that previously both RegionStore and BasicStore were
handling these cases wrong, and would never cause the analyzer to emit a leak in these cases (false
negatives). Now RegionStore gets it right, but BasicStore still gets it wrong (and hence it has been
disabled temporarily for this test case).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84163 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 18e7a3d403d4271408aceb406d0e50110832f5d8 |
14-Oct-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add comments to test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84078 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 159c53dd832269cb95652eb77112420ae06bb19a |
14-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/7257223>, and XFAIL this test until it passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84070 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| 008636ab8acbcc58954c7173f9563aefa510b252 |
14-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Recognize that calls to
'CVPixelBufferCreateWithPlanarBytes()' and
'CVPixelBufferCreateWithBytes' (Core Video API) can indirectly release
a pixel buffer object via a callback.
This fixes <rdar://problem/7283567>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84064 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 6240cf190a660507777558660994cc566839c1a1 |
14-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: retained objects passed to pthread_create (as
the data argument) should not be tracked further until we support full IPA.
(fixes <rdar://problem/7299394>)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84047 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| f66d5cd8926541099def3cb187d56eff60d3be99 |
13-Oct-2009 |
John McCall <rjmccall@apple.com> |
Turn -Wparentheses on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83993 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| b1d042212fbb3f6a08864b703b7bdf0dca58fd9c |
06-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash introduced by r83358 where a symbol could be eagerly
evaluated to an APSInt with a different bitwidth than the other
operand in a binary expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83368 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| cd8f6ac9b613e1fe962ebf9c87d822ce765275e6 |
06-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7275774> Static analyzer warns about NULL pointer when
adding assert
This fix required a few changes:
SimpleSValuator:
- Eagerly replace a symbolic value with its constant value in EvalBinOpNN
when it is constrained to a constant. This allows us to better constant fold
values along a path.
- Handle trivial case of '<', '>' comparison of pointers when the two pointers
are exactly the same.
RegionStoreManager:
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83358 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| bb206fdd9d4465fee4336e6a12d7e936add17389 |
01-Oct-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix bad grammar in static analyzer diagnostic. Reported by Robert Purves!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83204 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 95efe0f7fb2ff2d83f9e6f97d707a79370034d73 |
29-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7261075> [RegionStore] crash when handling load: '*((unsigned int *)"????")'
This issue was originally reported via personal email by Thomas Clement!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83069 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 9e17cc6abb5d55bd776d379b20d5b476bcc46c71 |
29-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix really insidious bug in RegionStoreManager::RemoveDeadBindings()
identified with a false positive reported by Thomas Clement. This
involved doing another rewrite of
RegionStoreManager::RemoveDeadBindings(), which phrases the entire
problem of scanning for dead regions as a graph exploration problem.
It is more methodic than the previous implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83053 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| a5971b3b18ee00f799c646644c7c04014b88fdcd |
29-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Reapply most of r82939, but add a guard that FieldRegions and friends
are only specially treated by RegionStore::InvalidateRegion() when
their super region is also invalidated. When this isn't the case,
conjure a new symbol for a FieldRegion. Thanks to Zhongxing Xu and
Daniel Dunbar for pointing out this issue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83043 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| f8add9b5f51540e9e734e6a82c5d54c362be822a |
29-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove test case's dependency on platform headers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83030 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 8780679b02bea5ab6360f3f8ebf3b221aaeda93f |
27-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix:
<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure
The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions. This required a
rewrite of this method using a worklist.
As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument. This tag is used to
differentiate two different symbols created at the same location.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82920 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 022a1253c021aaa03fa7d65b04f237da9613f8fd |
26-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Added test case for <rdar://problem/7152418>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82866 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 80417471b01ab2726cd04773b2ab700ce564073c |
25-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/7249327> by allowing silent conversions between signed and unsigned integer values for symbolic values. This is an intermediate solution (i.e. hack) until we support extension/truncation of symbolic integers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82737 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 35dcad8aeef4fc499ab4f057cf40a5da3cc0ee45 |
24-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in RegionStoreManager::Bind() by using 'getAs<PointerType>()' instead of 'cast<PointerType>()' (to handle pointer typedefs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82686 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 0954cdec4b13f1b3fd4c8711e02ded914968000b |
24-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7249340> [RegionStore] model stores to symbolic parameter regions
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82680 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 112ba7e57e23c2310479fd6bb116d9570fc2b77d |
24-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Shorten the static analyzer diagnostic for 'use of garbage value'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82672 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
ninit-vals-ps.c
|
| 657406dd407a3f17c594205d65fec049cf1304dd |
23-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4988 by removing an invalid assertion (a function can be referenced in
GRExprEngine::VisitDeclRefExpr without 'asLValue' being true).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82598 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| cf54959eae25fb3050f41833f0eab91042fb1269 |
22-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7242006> [RegionStore] compound literal assignment with floats not honored
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82575 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
isc-ps.m
|
| cc969fd8360e315a0244a1192ddaedcd751fc7a7 |
22-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7242015> [RegionStore] variable passed-by-reference (via integer) to function call not invalidated
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82523 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| c32b24452ebb537934b20b7133a3a0cbce447666 |
22-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6829164>, which was implicitly fixed in r79694.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82495 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 69181a863c9a87ea84e96157191f855043b86cfb |
22-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Provide intermediate solution to handling assignments to structs via an
integer pointer. For now just invalidate the fields of the struct.
This addresses: <rdar://problem/7185607> [RegionStore] support invalidation of bit fields using integer assignment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82492 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| e0a58073b76fc016325a35152533b8468df2bf4a |
19-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Re-introduce diagnostic caching in BugReporter that was originally added in
r82198 and then reverted. This is an intermediate solution, as diagnostic
caching should not rely on static variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82301 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 7f473c546602de69b35f0c657619c2ffe8e4136a |
18-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Revert most of r82198, which was causing a large number of crashes
when running the analyzer on real projects. We'll keep the change to
AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code
correctly in both GC and non-GC modes, although this may emit two
diagnostics for each bug in some cases (a better solution will come
later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82201 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 6a19832d08f00ac78c0a69c4fbe38b04a55b75cc |
18-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce caching of diagnostics in BugReporter. This provides extra
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82198 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 7c039bf4d87ea475a287374b4cd88ce4d73f3d12 |
16-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Have divide-by-zero checker not handled undefined denominators. This is handled by the generic checking for undefined operands for BinaryOperators.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82019 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
ninit-vals-ps.c
|
| e2b5744f9a8a08129f1d51e99410a3f3cdda0c91 |
15-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Add static analyzer transfer function support for __builtin_offsetof.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81820 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
etain-release.m
|
| 5b9bd2137ebef350af803c634e3fdf5d74678100 |
12-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce "DefinedOrUnknownSVal" into the SVal class hierarchy, providing a way
to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.
Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81579 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
ninit-vals-ps.c
|
| cfcd7fd0de701c5ce05e96de1ed2d0bf8c7035d9 |
09-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/7185647> [RegionStore] 'self' cannot be NULL upon entry to a method
Here we implement this as a precondition within GRExprEngine, even though it is
related to how BasicStoreManager and RegionStoreManager model 'self'
differently. Putting this as a high-level precondition is more general, which is
why it isn't in RegionStore.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81378 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 1eb4433ac451dc16f4133a88af2d002ac26c58ef |
09-Sep-2009 |
Mike Stump <mrs@apple.com> |
Remove tabs, and whitespace cleanups.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
fref_rdar6080742.c
|
| 2465047c6f5b9a865f63ae1402fccb95abab9e28 |
02-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng
Patch by Geoff Keating!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80752 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| cc58eae181b11f284e8fa50ca951feb2af5fcad8 |
01-Sep-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case from <rdar://problem/7184450>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80700 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c761f40467a76c5bba819324ddc489c214c5a5da |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Add uninitialized values test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80388 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| a834fb43fddcf611ad248722fff1aa5b19807bed |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: [CIContext createCGImage...] and friends returned CF
objects that are not automatically garbage collected. This fixes
<rdar://problem/7174400>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80387 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 65a81a92eba8dace6f2381f83f9dfcbf7b848ab7 |
28-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6337132> CWE-273: Failure to Check Whether Privileges
Were Dropped Successfully
Patch by Geoff Keating!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80313 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| ab2f43cfe7272d77374d8dec8f9df625bf525468 |
26-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in BasicStoreManager caused by implicitly casting loaded values and trying to load/store from arrays. RegionStoreManager already properly handles these cases well; we just need to gracefully not handle this case in BasicStoreManager. This fixes PR 4781.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80051 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| bcf62a9f5b9baf4b02fce08144465e6b306af543 |
26-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Handle pointer arithmetic in RegionStoreManager involving Objective-C pointers
when using the non-fragile Objective-C ABI. This fixes <rdar://problem/7168531>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80047 91177308-0d34-0410-b5e6-96231b3b80d8
dar-7168531.m
|
| 1894dce96476dbe58c0e60d47f8987cbeb3d3869 |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash reported in <rdar://problem/7124210> by "back-porting" some of the
implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80026 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| ac50213ec509063151bc1a9c6b7d71561896cdd5 |
25-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 4759.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79954 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| ac02f20424d35121f66c7271b1a8538df8149188 |
20-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Treat NSObject method '-awakeAfterUsingCoder:'
just as if it behaved like an init function. This fixes <rdar://problem/7129086>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79515 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| caac0899b528102b88a7d49d3324d7b39d2ae88d |
20-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Make this test case more portable by removing its dependency on system header files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79511 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| c484381467789938b06872bb1b270db1b6ec164c |
20-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Special case handling of CFAttributedStringSetAttribute,
fixing <rdar://problem/7152619>. Along the way, merge test cases in
'test/Analysis/rdar-6539791.c' into 'test/Analysis/retain-release.m'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79499 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6539791.c
etain-release.m
|
| 35ffcf3c2a054ee124fe8d47152c5d1bcdf86261 |
07-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7075531> static analyzer wrongly detects unused ivars used in blocks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78409 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| 566a6faa54235590ab8d7d177dfac08586f545b0 |
07-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a few more false positives involving RegionStore and unions, but this time
with array accesses. In the process, refactor some common logic in
RetrieveElement() and RetrieveField() into RetrieveFieldOrElementCommon().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78349 91177308-0d34-0410-b5e6-96231b3b80d8
nions-region.m
|
| d4e5a606c9c64e24c05e5f4610796087e911fb9c |
06-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a couple false positive "uninitialized value" warnings with RegionStore
involving reasoning about unions (which we don't handle yet).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78342 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
nions-region.m
|
| addc931273b4b534648ef9fbc6d54065c745ce9d |
06-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78290 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| 4ed459851eef142f2059af7ae487484e8a14fc67 |
05-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a bug in RegionStoreSubRegionManager::add() where multiple subregions wouldn't correctly get registered in the SubRegion map.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78162 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| bfc8168e77abd451af76ae8c01dfa346ffe87dd9 |
05-Aug-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78150 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 8eec7c00e6e8e7243776d89c3897a48d354aecbf |
04-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Adjust test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78028 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 48775d5bf05120adb2a953bbcd626405bf666b22 |
04-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a pass-by-value test for the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78018 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 28ba10ce2ad9b03ec33db3790a519d64a2e16b6a |
04-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case testing field sensitivity. Reduced from <rdar://problem/7114618>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78008 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 968f0a6fe860b7df42d5ea1ab87a55c757507c1c |
03-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Handle disgusting corner case where a byte is loaded from the address of a function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78000 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 9a108eb88f93c524dfa5fb2c3fea3896b1eb6525 |
02-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in StoreManager::CastRegion() to always treat casts to
'void*' (or 'const void*') as an identity transformation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77860 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 19e1f0ba5cec738ce6cebe3fe0e1edc782206494 |
01-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
This is a fairly large patch, which resulted from a cascade of changes
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-xfail.m
isc-ps.m
|
| 39abcdf1c7dfc4fd2bda57416812672830400c9e |
01-Aug-2009 |
Ted Kremenek <kremenek@apple.com> |
Temporarily disable out-of-bounds checking. The current checking logic will not work quite right with the changes I'm about to commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77779 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
dar-6541136-region.c
|
| 9668b1f6c87bd8d9af87e29900508a52584404ef |
31-Jul-2009 |
Anders Carlsson <andersca@mac.com> |
Add casts to avoid a bunch of unused expr warnings. (They aren't reported right now due to a bug that I intend to fix). Ted, please review.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77630 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
asts.c
egion-only-test.c
|
| f7a0cf426eddae76e1a71dd2295631a2cf0560af |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove 'StoreManager::OldCastRegion()', TypedViewRegion (which only
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
ead-stores.cpp
elegates.m
xercise-ps.c
ields.c
unc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-ranges.m
isc-ps-xfail.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds.c
ull-deref-ps.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
dar-6442306-1.m
dar-6539791.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
ninit-vals.m
|
| 6075e005c63ab6b99b3a71f3bfebed3720ead1a4 |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add an XFAILed test case that currently crashes for RegionStore. This case will
be moved to misc-ps.m when it passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77486 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-xfail.m
|
| 0aeaf5a1a55dbc04c633cae4fb8bad2a33b01d62 |
29-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another analyzer test case involving an OSAtomic function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77485 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| f3bfa21565b8145afe9b4886770257e890b0b68d |
28-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4631. The compound initializers of unions were not being evaluated, which
could cause false positives if any the subexpressions had side-effects. These
initializers weren't evaluated because the StoreManager would need to handle
them, but that's an orthogonal problem of whether or not the StoreManager can
handle the binding.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77361 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| bb977228e642e0d12365862a3838dd5005ef783b |
28-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in attribute 'nonnull' checking when a transition node
was created but not added to the destination NodeSet. This fixes PR 4630.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77353 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| efcbb1544109f0d07fda0c5f008c844f719e0ad6 |
24-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement: <rdar://problem/6335715> rule request: gets() buffer overflow
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76905 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 8baf86d34399a727ce0518512b5c491b3ca6b107 |
23-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Refine checking and diagnostics for use of floating point variable as a counter.
This implements <rdar://problem/6336718> and checks for CERT secure coding
advisory FLP30-C.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76900 91177308-0d34-0410-b5e6-96231b3b80d8
ecurity-syntax-checks.m
|
| 0979d80615df97c675423de631c1b884819f4712 |
23-Jul-2009 |
Mike Stump <mrs@apple.com> |
Improve CFG support for C++ throw expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76814 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.cpp
|
| f0549e2b5c73d65ce96fc37c9030577997fe19d4 |
23-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76813 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| c26a8b06e255bc7a8eb3f5df22e32b62a3dbf4c0 |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Migrate the path-sensitive checking of 'nonnull' arguments over to the new
'Checker' interface. An updated test case illustrates that after calling a
function with the 'nonnull' attribute we now register the fact that the passed
pointer must be non-null. This retention of information was not possible with
the previously used GRSimpleAPICheck interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76797 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 0b331e369695eef0ef7ce162602df4c2ace4412f |
22-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a crasher in StoreManager::InvalidateRegion() caused by using the
'cast type' of a region to invalidate its binding. This only occurs
when using RegionStoreManager, as it records the cast type. I'm
currently considering removing the notion of a cast type (see
comments in code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76719 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| ae87ce71010f3e2d7043d5c69c14ce70b3770551 |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove stale comment and fix RUN line.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76656 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 8b31826a4b703ad21916b2f88e28d003e289a9ff |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 4596, which is already fixed due to Steve Naroff's overhaul of the Objective-C type system, but isn't in a checker build yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76648 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 32c3fa4195762ba93f0b7114ab36c0941bc34432 |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4594 by refactoring almost all casting logic from GRExprEngine::VisitCast
to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76641 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 655a63dbea2a9e70f40a451fd3c4d60ba28699c4 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76626 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| a5495eadc816b29954e22df55aa9a9d6bb41429c |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76625 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| b8a087ed8738c15762d670d40a5a12419f6fc202 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76624 91177308-0d34-0410-b5e6-96231b3b80d8
egion-1.m
|
| 6fed58ebb73a4b62280ac6e1f604904af972353a |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76623 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6442306-1.m
|
| 006105d5a8c6565018e4e2a25860d4a7f4c7f4a6 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76621 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 3a3c624dab31398373e80411fcf6d1d85c262010 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76620 91177308-0d34-0410-b5e6-96231b3b80d8
R3991.m
|
| 08631d1ea0ef44cceb3d6a9c7a54d6a84fbbe4fe |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76619 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 6581c30170192bca95c783f04c43393de3dc77e4 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76617 91177308-0d34-0410-b5e6-96231b3b80d8
r4209.m
|
| c237429caf31562b3c5944d9b767fa5426d63502 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76616 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| 28b2227e6c73ce999c04ca27b070c8b19b087041 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76614 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6540084.m
|
| dff6ba0025356dfb4f82a48afd89bcdd631566ef |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76613 91177308-0d34-0410-b5e6-96231b3b80d8
xercise-ps.c
|
| 431e4d33ffad874ad471385d73a3e1b4238447e9 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76611 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| 339d52a8ddcb345275ec48c7bab849a8943fa9f5 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76610 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 044ca3f1ea1159525ceeb12dd46e85e6ec083ba4 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76609 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6562655.m
|
| 4393b3f0f84cb768bc9736a428949ea41f54ce6f |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76608 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 959922647e5061fc20f983d0e85e3f7fb8421457 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76607 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| e448611736b0bcf76c0bdb5d8b1083eb75d41779 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76606 91177308-0d34-0410-b5e6-96231b3b80d8
SPanel.m
|
| fd28a619da3dda5f9b897abbb469cf699098e965 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Prep for new warnings about control flow falling off the ends of
functions that return a value. I was going to buffer the whole lot
up, but it should be easier to review if I check them in
incrementally. Most of the forth coming changes either add a return
value, or make it impossible to return, or alter the return type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76605 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
|
| 22cd6581188bbbc6bedaca64ab171b1187a1c06a |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Wire up CFG improvements for __builtin_choose_expr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76531 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 8f9893a2beeacd5149bd2d3d4c6e130516915068 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Wire up CFG improvements for do { } while () when the condition is known.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76530 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| fefb9f7009702befaf715e7a8debc9505c3c8634 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Wire up for statement CFG improvements for conditionals that are known.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76529 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 5f20363dc8ea094b3f6139f52084beb10d6fcd85 |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Wire up CFG improvements for while when the condition is known.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76522 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| e5af3ce53ec58995b09381ba645ab2117a46647b |
21-Jul-2009 |
Mike Stump <mrs@apple.com> |
Add yet more analysis for CFGs involving conditionals that are actually constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76500 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 25c545788da6e3a725206cfa378b9b83a7da6024 |
21-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhanced IsReinterpreted() (RegionStore.cpp) to reason about higher-order
pointers.
Enhanced RegionStoreManager::Retrieve() to handle automatic casts when the
loaded value is different from the requested value. This should be refined over
time, but essentially we should always symbolicate locations as locations, and
convert them to non-locations on demand.
These changes now cause 'misc-ps.m' to pass again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76497 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| ba02486ef05786847f0f465162d9bb461e142e48 |
20-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76484 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 293769a1f281b8994195eb9985b31e1ed0c1c8b3 |
20-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add XFAILED test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76469 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 63b9cfe8f2aaec53710b59e565bb8d5afb558b40 |
18-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in StoreManager::NewCastRegion() when handling casts from 'id' (or whatever) to a BlockPointerType.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76288 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 386af0a224d8943f0c818d66fabc56642a458c8c |
18-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for bug fix in r76262.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76283 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| cd7bf230a77c550115e4a78ee371fc49a7563692 |
17-Jul-2009 |
Mike Stump <mrs@apple.com> |
Make noreturn functions alter the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76133 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 71ef5d61dfef99acb1b242327dbcdf4ddb66d4d5 |
17-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case to use '__has_feature' macro.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76129 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 465373946b5ae84f7c3d890cc25cb23fd88dd650 |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Move RegionStoreManager over to using new
ValueManager::makeArrayIndex()/convertArrayIndex() methods. This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75884 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| fde2efe96e00c5d03e7caaf0c1e67d7b011d9d0c |
16-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/7062158> by having BasicStoreManager model values for 'static' global variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75844 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| a6275a534da701f37d19a068e6361e5f10f983a1 |
15-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
More test cases revealed that the logic in StoreManager::InvalidateRegion() needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
|
| 0c106995d52738c4cc0e25edffd6ae2ffaea817d |
15-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Split out 'test2' into an i386 and x86_64 file, illustrating how the
test behavior differs between architectures. When this is no longer
the case, these tests will be merged.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75708 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store-i386.m
isc-ps-region-store-x86_64.m
isc-ps-region-store.m
|
| b4aa4845b02c691b12e67731d05f42bceea786b1 |
15-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
This test currently only passes for 32-bit archs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75698 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 60fbe8f79838bff41fe9f5ed506ea9bc89d5d1df |
14-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance RegionStoreManager to handle 'Retrieve's from SymbolicRegions. We do this by silently wrapping the region with an ElementRegion. This fixes the failures in misc-ps-region-store.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75679 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 79b4f7d37530a1c41df26b6ac3a159f7cd6388d6 |
14-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add basic checking for passing NULL to CFRetain/CFRelease, since those functions
are not explicitly marked as not accepting NULL pointers. This check illustrates
how we need more refactoring in the custom-check logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75570 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 54ca9b1d45fbfb0b3eeab581e0d10403cc922e62 |
13-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance SimpleSValuator::EvalBinOpNN to recognize the trivial case
where we are comparing a symbolic value against itself, regardless of
the nature of that symbolic value.
This enhancement identified a case where RegionStoreManager is not
correctly symbolicating the values of the pointees of parameters. The
failing test is now in 'test/Analysis/misc-ps-region-store.m', with
that test file now (temporarily) marked XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75521 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-basic-store.m
isc-ps-region-store.m
isc-ps.m
|
| 43d74a5a8e1b6880e6c9813930ce59ab6cadfbf1 |
11-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Handle insidious corner case exposed by RegionStoreManager when handling void* values that are bound
to symbolic regions and then treated like integers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75356 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| e07c57947599aa30e96b64626f96ce6c059783c4 |
11-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
remove duplicated test cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75329 91177308-0d34-0410-b5e6-96231b3b80d8
fail-no-outofbounds.c
|
| 7d7c4395df80fbf431396509c54ffb3e02884041 |
11-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
This test passes with RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75318 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6562655.m
|
| 6f0b2ef5e1739e58197ae8d21ea1757efc2d41dc |
11-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes with RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75316 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6600344-nil-receiver-undefined-struct-ret.m
|
| 88bd3406013a491fd628610be2d74f9063cfdb05 |
11-Jul-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Fix silly mistake I made applying patch to fix test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75303 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| cad9fefaca4d81abd33e3ce0814e09689c557bdd |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename test file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75297 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds-basicstore.c
o-outofbounds.c
|
| 2f08991af8034810edebb859bf36b0a0a3e87174 |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager also passes this test file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75296 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds-basicstore.c
|
| 988dc7efbc39de30dc1b2ffbdcd491515ccee06e |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
RegionStoreManager now correctly passes this test file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75295 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 31ef2b61191c7dc05f5ae085a25b2caf76a7ae2d |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Test case in test/Analysis/xfail_regionstore_wine_crash.c no longer fails, so
move this case to 'test/Analysis/misc-ps.m' to test with both BasicStoreManager
and RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75294 91177308-0d34-0410-b5e6-96231b3b80d8
asicstore_wine_crash.c
isc-ps.m
fail_regionstore_wine_crash.c
|
| 8d344ae81aeae1f2e4f21eddd1021acdca85abd7 |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Revert r75281 and simply remove the assertion in NewCastRegion that
CodeTextRegions can only be casted to FunctionPointer or BlockPointerTypes. This
simply isn't true. We can handle bogus operations on CodeTextRegions (e.g, an
array access) elsewhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75285 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 3f9811b46abcbb34c76d0e742dd31f899312d2bf |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash in StoreManager::NewCastRegion regarding handling casts to void*,
void**, void***, etc. Such casts should just pass the region through.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75281 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| cb52d28946367cec72ce6225a175939e234353b5 |
10-Jul-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Misc fixes to fix tests on OpenBSD, per email to cfe-commits. Patches
by Jonathan Gray and Krister Walfridsson.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75268 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| c037eac3bda3c636c961aab6377beea3242e81e4 |
10-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Switch BasicStoreManager to use the new CastRegion implementation by default,
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75209 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
asicstore_wine_crash.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
elegates.m
xercise-ps.c
ields.c
unc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-ranges.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds-basicstore.c
ull-deref-ps.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
dar-6442306-1.m
dar-6539791.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
ninit-vals.m
|
| 599788806ada4be1d635304104165500d6f9668d |
09-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/7034511> ValueManager::makeIntVal(uint64_t X, QualType T) should return a 'Loc' when 'T' is a pointer
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75062 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 169077dde4d91270a7495793f1e00b22aa0bc7ca |
07-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
NewCastRegion: Handle casts *from* pointers to incomplete structs to other types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74884 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 411af40d038947b6d2a8ad9549c85c1c4c52d15a |
07-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
StoreManager::NewCastRegion:
- Refactor logic that creates ElementRegions into a help method 'MakeElementRegion'.
- Fix crash due to not handling StringRegions. Casts of StringRegions now
result in a new ElementRegion layered on the original StringRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74867 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| e1cea75e70d76f55157749a7bcad319050492945 |
06-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74865 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
R2599.m
R3991.m
rray-struct.c
asicstore_wine_crash.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
oncrete-address.c
ead-stores.c
elegates.m
xercise-ps.c
ields.c
unc.c
isc-ps-64.m
isc-ps-basic-store.m
isc-ps-ranges.m
isc-ps.m
il-receiver-undefined-larger-than-voidptr-ret.m
o-exit-cfg.c
o-outofbounds-basicstore.c
ull-deref-ps.c
verride-werror.c
r4209.m
r_2542_rdar_6793404.m
r_4164.c
dar-6442306-1.m
dar-6539791.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
efcnt_naming.m
egion-1.m
etain-release-basic-store.m
etain-release-gc-only.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps.c
ninit-vals.m
|
| 6d4b76d93cbc5ad05af4cd2815c86febbfd5e798 |
06-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/7033733>. The CF_RETURNS_RETAINED attribute should work if the return type on an Objective-C method is a CF type reference, not just an Objective-C object reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74841 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c5771fd4a8371ff408000884fce22529fa49208a |
03-Jul-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add test case for r74407.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74761 91177308-0d34-0410-b5e6-96231b3b80d8
oncrete-address.c
|
| ed47fc67b8eeabacbbbdf853ba45f4900619904b |
03-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a horrible CFG bug reported in <rdar://problem/7027684>. The wrong successor
block would get hooked up in some cases when processing empty compound
statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74743 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| dc147262b1ea0636cf8e7152f19303042dffdbed |
03-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance RegionStore to lazily symbolicate fields and array elements for
structures passed-by-value as function arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74729 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| dac5bd4f15681062c2e11538d59197f9952c0703 |
02-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Temporarily disable RegionStore for stack-addr-ps.c, as a new test case reveals
a case where RegionStore doesn't create symbolic values for the fields of
structs that are passed-by-value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74662 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 921109ab9c4a114da4588566bc56c09443ea2339 |
02-Jul-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a FIXME to RegionStore, do some minor code cleanup, and get RegionStore to
pass misc-ps.m. Currently RegionStore/BasicStore don't do any special reasoning
about clang-style vectors, so we should return UnknownVal (in all cases) when
accessing their values via an array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74660 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 7abe019c2840e3890993c879c65acde9ea316166 |
30-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When retrieving element region, if its super region has binding, return
unknown for it.
Mark the super region of a live region as live, if the live region is pointed
to by a live pointer variable.
These fixes xfail_regionstore_wine_crash.c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74524 91177308-0d34-0410-b5e6-96231b3b80d8
fail_regionstore_wine_crash.c
|
| a03f157f154d0013e9c3eee261062959371aa868 |
29-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Invalidate the alloca region by setting its default value to conjured symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74419 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 49e2e99442f32305b011d1450801462621b8dccc |
28-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Now this test case passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74410 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 6bd8a521aa0ed803b8f1b0aea8ea61460285fa0b |
28-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Invalidate a field of struct type by setting its default value to conjured
symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74408 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 6c07bdba93b095b66e2c8c82dd5ed458fa8285ea |
26-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Introduce a new concept to the static analyzer: SValuator.
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.
We now have one implementation of SValuator: SimpleSValuator.
SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.
As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
bjCProperties.m
rray-struct.c
omplex.c
ead-stores.c
lementtype.c
xercise-ps.c
unc.c
ull-deref-ps.c
utofbound.c
tr-arith.c
egion-only-test.c
tack-addr-ps.c
ninit-msg-expr.m
ninit-vals-ps-region.c
|
| 5414a5c0add7a7a9343a1be0bda962ce8dc35449 |
21-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Return UnknownVal for pointer arithmetic on struct fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73851 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| 45257c37a4e9a8f915661e0f964aec375909eb4c |
19-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
A further step of r73690: associate the cast-to type with the created symbol,
because the type of the symbol is used to create the default range. We need the
sign to be consistent.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73756 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 005f07b874ae559047f6189e2f770739695f6779 |
19-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
If the SymbolicRegion was cast to another type, use that type to create the
ElementRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73754 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 59c03ff2a686baa88a2e69c7f6fdf1a36b716190 |
18-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Modify test case comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73691 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 88c675f001e046b7264e2a2d4174dacf3781ce5f |
18-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When casting region, if we do not create an element region, record the cast-to
type.
When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73690 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| fdd8b8ebf60bf98118731d7fc12c9c96e7f2d95a |
16-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Add IOKit test cases for retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73549 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 143b2fc6fd3945c250b333383749010c2c8e3a4c |
16-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Use canonical type for building ElementRegion. Otherwise ElementRegions cannot
be unique.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73482 91177308-0d34-0410-b5e6-96231b3b80d8
lementtype.c
|
| 78d5b5e738c81b596f20205437120d5f3d7c5d9e |
16-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Do not invalidate unboundable regions in GRSimpleVals::EvalCall().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73474 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
|
| 3f6978a3fefc16f203afbc64697fe04af329cf2b |
11-Jun-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Bind the mistakenly generated nonloc::SymbolVal to struct correctly. See the
comments for added test case for details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73189 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 547d495a7d11d67639c68774a7011dfa8c36e347 |
06-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix:
<rdar://problem/6948053> False positive: object substitution during -init* methods warns about returning +0 when using -fobjc-gc-only
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72971 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| b9d8db86ab1d9c95c09083d8e9792414ae9fcd6d |
06-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance attribute cf_returns_retained to also work (in the analyzer)
for non-Objctive-C pointer types. This implicitly documents that the
return type is a CF object reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72968 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 0b308ad34ffb29e508b681b155696f8f999532bb |
04-Jun-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Clean up builtin lists, add a few new builtins. (I re-sorted the
string.h builtins to be in the same order as the list in the C99
standard.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72882 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 56db7e8074e4144ec6ae35a87c3680cfbb3a18ca |
03-Jun-2009 |
Ted Kremenek <kremenek@apple.com> |
Add more retain-checker tests for GC mode when using NSMakeCollectable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72799 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 767d649c5353ca19c5a1e181783240a0994bb20a |
21-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add special cases to retain checker for 'create' methods in QCView, QCRenderer, and CIContext (Apple APIs).
This fixes:
<rdar://problem/6902710> clang: false positives w/QC and CoreImage methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72187 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 918441255162c1a1c77c13752aaa1a3c43ac2ab9 |
20-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Treat AllocaRegion as SymbolicRegion in RegionStore::Retrieve().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72166 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 2acc3992b61e71d30653bf19be2479a78e4cd7a1 |
20-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add comments to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72165 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 262fd03ee934bebfbbfaabc14744427dd2e7a231 |
20-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
* API change: we need to pass GRState to GRExprEngine::EvalBinOp() because
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72164 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| c219a1579c200c62d925653336e72d9d2f6c4cb7 |
19-May-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Remove the -arch option from clang-cc: for all practical purposes, it's
redundant with -triple.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72108 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| ba67f6aa95733aaa9d79c82a8802e67b84e5d8e5 |
19-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4230: Don't flag leaks of NSAutoreleasePools until we know that we aren' at the top-most scope of autorelease pools.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72065 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 759f25237864f3a3cc23eb01f0c0ce6edcc9342d |
16-May-2009 |
Eli Friedman <eli.friedman@gmail.com> |
PR3009: Get rid of bogus warning for scalar compound literals.
This patch isn't quite ideal in that it eliminates the warning for
constructs like "int a = {1};", where the braces are in fact redundant.
However, that would have required a bunch of refactoring, and it's
much less likely to cause confusion compared to redundant nested braces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71939 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| fae664ac57991485a6235c2e27eaf089d5f54846 |
16-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6893565> False positive: don't flag leaks for return types that cannot be determined to be CF types
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71921 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 7db16041263f39df6deb1145b5c039dfd8da6af0 |
15-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when deriving the enclosing summary of a method whose first selector slot has a null IdentifierInfo*. This happens when analyzing Growl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71857 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 304376651e85a6f84055ffa0b42517f8631e7f6b |
14-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6859457> [NSData dataWithBytesNoCopy] does not return a retained object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71797 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5dc53c9c2328b5bea5422005b04960c18afd83ad |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add some basic type checking for attributes ns_returns_retained and
cf_returns_retained. Currently this attribute can now be applied to any
Objective-C method or C function that returns a pointer or Objective-C object
type.
Modify the tablegen definition of diagnostic 'warn_attribute_wrong_decl_type' to
expect that the diagnostics infrastructure will add quotes around the attribute
name when appropriate. Alonq with this change, I modified the places where this
warning is issued to passed the attribute's IdentifierInfo* instead of having a
hard-coded C constant string.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71718 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 0c31317a8d031227d6f1726e555f3e1bb044af17 |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance diagnostics value tracking logic for null dereferences and uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71700 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
ninit-vals-ps.c
|
| 70b6a83b833c40f320d0ed2310cbcdf2be4cece0 |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crasher reported in PR 4209 caused by an invalid summary
generation when EvalObjCMessageExpr() did not resolve the
ObjCInterfaceDecl* for a receiver when the receiver's symbolic value
wasn't being explicitly tracked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71685 91177308-0d34-0410-b5e6-96231b3b80d8
r4209.m
|
| 2033a95c9b2692441ce0de790f0d8bbe01722c7f |
13-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crasher in CFRefCount.cpp reported by Nikita Zhuk due to recently added autorelease tracking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71647 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 78a35a3900b39702ffb9835702a1329f8d3e04b3 |
12-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6320065> false positive - init method returns an object owned by caller
Now 'init' methods are treated by the retain/release checker as
claiming their receiver and allocating a new object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71579 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 264e93799c891c03d60cf0b09a032b0a9935d3b5 |
12-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add logic for invalidating array region to CFRefCount.cpp. When invalidating
array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.
Also fix some 80 columns violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71548 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 6738b731a6f6621ae920391906132a9cdc09185f |
12-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6877235> Classes typedef-ed to CF objects should get the same treatment as CF objects
This was accomplished by having 'isTypeRef' recursively walk the typedef stack.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71538 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| ebd5a2dc1a3743fed9157379d89e5eb26293c9d6 |
11-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression reported in <rdar://problem/6866843>. The analyzer should extend the lifetime of an object stored to a container.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71452 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| a0cc00dfb19897873cba1a1ff29e09a7f6ef9562 |
11-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6257780>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71444 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 95d3b90b57985361c7bac17c92daa96ee93895ed |
11-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a bug found by Thomas Clement where 'return [[[NSString alloc] init] autorelease]' would emit a false 'too many overreleases' error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71432 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 82f2be584e43b2e38583fa0bee7cba85612b98a1 |
10-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add special warning about returning a retained object where a GC'ed object is expected.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71397 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| e8720ce787d83ffd0de19d82e35dba61e61d9648 |
10-May-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Flag a warning for non-owned objects returned
where an owned one is expected. Also add preliminary checking for
returning a positive retain count object in GC mode where an owned GC
object is expected.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71388 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| eaedfeab9eab0d003859aab138784f2c59531408 |
10-May-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer:
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71383 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
etain-release.m
|
| 5bf3287765d14b5c6666bd00d0a141b0a6c97a20 |
09-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
When casting VarRegion, if the var type is aggregate type and the cast-to
pointee type is scalar type, create element region regardless with the sizes
of types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71360 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| 5e8008e8094c115ae0faacc7a3a56fe5aae0d7b9 |
09-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add comments to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71356 91177308-0d34-0410-b5e6-96231b3b80d8
fail_regionstore_wine_crash.c
|
| 8c6096e374203b1c79d85ca03ddebbc1d486c9fe |
09-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add back test cases for ns_returns_retained and cf_returns_retained.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71312 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 6b62ec90d498eb512f2e231547b05d485814a146 |
09-May-2009 |
Ted Kremenek <kremenek@apple.com> |
It lives! The retain/release checker now tracks objects that are sent
'autorelease'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71307 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 9f8f026fc1cd1aa2942a2850a037398415128f8a |
09-May-2009 |
Fariborz Jahanian <fjahanian@apple.com> |
We want to diagnose sending message to a forward class
and we also want to tell which message is actually
being sent.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71296 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6540084.m
|
| 008fc73ac971e5d30c8710e37e1f5f8a843052f1 |
08-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove experimental ownership attributes from Clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71216 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 2572eda55285cd61e7e8523d4404ed33f4d33d9b |
08-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Region store: when casting VarRegions, if the cast-to pointee type is
incomplete, do not compute its size and return the original region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71213 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136-region.c
|
| fb1e3310da7e3886c8057a5f009d2cdf30d8804f |
08-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Replace the heuristic isSmallerThan with ASTContext::getTypeSize().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71206 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
dar-6541136-region.c
|
| 25258f8bfb36e230cc4d42cabb74f4a77ecc64e8 |
08-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6845148>. Signed integers compared against pointers should
implicitly be changed to unsigned values in GRSimpleVals.cpp. This can happen
when the comparison involves logic in specialized transfer functions (e.g.,
OSAtomicCompareAndSwap).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71200 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-64.m
|
| 7704a33fb398a4352a18bd3fcb18218d3dc5cc60 |
07-May-2009 |
Ted Kremenek <kremenek@apple.com> |
More attribute renaming:
- Rename 'ns_returns_owned' -> 'ns_returns_retained'.
- Rename 'cf_returns_owned' -> 'cf_returns_retained'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71182 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 2c4036eda90fad6d219d9f3fadbd9288fa197e89 |
07-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6848739>. When using -analyze, -Werror has no effect.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71172 91177308-0d34-0410-b5e6-96231b3b80d8
verride-werror.c
|
| 4253051c16d0c2a5ae13af3d22383b61071ecb4c |
06-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer regression reported in PR 4164:
- Update the old StoreManager::CastRegion to strip off 'ElementRegions' when
casting to void* (Zhongxing: please validate)
- Pass-by-reference argument invalidation logic in CFRefCount.cpp:
- Strip ElementRegions when the ElementRegion is just a 'raw data' view
on top of the underlying typed region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71094 91177308-0d34-0410-b5e6-96231b3b80d8
r_4164.c
|
| 41fd01809e67eb1bd24b4ea2d8047078104249e6 |
06-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Improve RegionStoreManager::getSizeInElements()
- add a static function getTypeWidth(), which computes the width of a type
with the help of TargetInfo.
- no-outofbounds.c now passes for region store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71080 91177308-0d34-0410-b5e6-96231b3b80d8
fail-no-outofbounds.c
|
| ccb161603c3c280c378e6701986e9f3646898277 |
06-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Implement a heuristic type size comparison method for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71074 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136-region.c
|
| 889805931bdffe5eaf770bb9f926f738ccd18c0f |
06-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Make StoreManager::CastRegion() virtual and implement a new CastRegion() for
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71058 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
dar-6541136-region.c
|
| 69aa08072decc20094bd1f75f4f9842e9bd357ad |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement attribute 'ns_autorelease'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70990 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 4222f21c98e6fdd559f8beb1332663767c64b71e |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance ownership attribute tests with functions that use the attributes!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70984 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| e351aa10dab6eb8b9b502166c7035dc7b0e723e0 |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement attribute 'cf_returns_owned' (mirrors 'ns_returns_owned').
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70952 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| d331dd7fa43f547197efcd757e4a7b477c29fd6e |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename ownership attributes:
ns_ownership_returns -> ns_returns_owned
ns_ownership_retain -> ns_retains
ns_ownership_release -> ns_releases
cf_ownership_retain -> cf_retains
cf_ownership_release -> cf_releases
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70949 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 6a08469ebe3e15262733841a9c29e2e563d78ba5 |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename attribute 'ns_ownership_returns' to 'ns_returns_ownership'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70941 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| d99b345a1ae77c746ef025e6a050908d69e2c543 |
05-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove experimental attribute 'ns_ownership_make_collectable.'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70940 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 75494ffb4ed3964fa22fb9ab15fddecedbc9fe10 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename attributes 'objc_ownership...' to 'ns_ownership...'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70897 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 65d80fd4acfe65400b7ad594042adc08e972c405 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix false positive null dereference by unifying code paths in GRSimpleVals for
'==' and '!=' (some code in the '!=' was not replicated in the '==' code,
causing some constraints to get lost).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70885 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 31c215e62031b14e85c2f695c261817c044b465b |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename attributes:
'objc_ownership_cfretain' -> 'cf_ownership_retain'
'objc_ownership_cfrelease' -> 'cf_ownership_release'
Motivation: Core Foundation objects can be used in isolation from Objective-C,
and this forces users to reason about the separate semantics of CF objects. More
Sema support pending.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70884 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 1308f573d7a9840713879deb3c02b219197cd827 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70883 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 1c6a3cc88177c67498fccdf14cfdf09959214e41 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Remove support for ObjCMethodDecl attributes that appear between the
return type and the selector. This is inconsistent with C functions
(where such attributes would be placed on the return type, not the the
FunctionDecl), and is inconsistent with what people are use to seeing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70878 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 0b9ad89d0d4ba79cde726753169f83a72dc3d994 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Rename no-outofbounds.c to xfail-no-outofbounds.c and split off that
test into a separate file to monitor the fact that BasicStoreManager
passes the test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70859 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds-basicstore.c
o-outofbounds.c
fail-no-outofbounds.c
|
| b5b848e046e1899a3ebab4ca3822ae97eef36b1e |
04-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
array indexes are unsigned integers of the same width as pointer.
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70844 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
|
| 8d3d13e234e4236e9ace7fa753c5946307504cdb |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Test now passes. I'll hold off merging it with the BasicStore test until we know this is a stable change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70837 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136-region.c
|
| 20bd746306ecdc61125800d53ff7e07321704064 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
BasicStore: 'ElementRegion' is the new 'TypedViewRegion'.
StoreManager: Handle casts from one element region to another.
Update test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70836 91177308-0d34-0410-b5e6-96231b3b80d8
o-outofbounds.c
fail_regionstore_bogus_array_bounds_failure.c
fail_regionstore_wine_crash.c
|
| 9aa829bddbe6dc2e41aff5b26483dd3370381293 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
This test no longer fails.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70834 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| fd6b4f3de2ef7bb7b9b33dd252078c53ada43977 |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Handle 'long x = 0; char *y = (char *) x;' by layering an
'ElementRegion' on top of the VarRegion for 'x'. This causes the test
case xfail_wine_crash.c to now pass for BasicStoreManager. It doesn't
crash for RegionStoreManager either, but reports a bogus unintialized
value warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70832 91177308-0d34-0410-b5e6-96231b3b80d8
asicstore_wine_crash.c
fail_regionstore_wine_crash.c
fail_wine_crash.c
|
| f936f4568700d799e7d92eecef67b0e2b822ae7e |
04-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Per conversations with Zhongxing, add an 'element type' to
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70830 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
isc-ps.m
|
| 96682554198b20764c1b8cbb3f77e4c3dd76d42b |
03-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add RegionStore test that illustrates a bogus array-out-of-bounds error.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70795 91177308-0d34-0410-b5e6-96231b3b80d8
fail_regionstore_bogus_array_bounds_failure.c
|
| 953e8abf9be9c3f7e17b3d972b933b241093b691 |
03-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add failing test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70791 91177308-0d34-0410-b5e6-96231b3b80d8
fail_wine_crash.c
|
| 92511433cc78021dca5f340136be1bbd72388191 |
03-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6850275> CF objects returned from methods with "new" or "copy" in their name should be treated as owned
For methods that follow the "fundamental rule" and return Core
Foundation objects, treat those objects as owned by the caller.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70665 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 3e001f393d112a50e13c9a8f9a4c0d97f3f51cf4 |
03-May-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
region store: make Retrieve() can retrieve embedded array correctly. Also
simplify the retrieve logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70651 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| b3b0b3624e462c2940f65b86e773bfc300005203 |
02-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add CFG support for @synchronized. This fixes <rdar://problem/6848820>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70620 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 935022a9aebb32459fd56ccfb1e1cfb9c0a5176c |
02-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another null pointer check test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70614 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 956a37dd8360054247b9b10615697e80bdda8741 |
02-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another test case found due to an analyzer regression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70600 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b33f3ad379f497c5fc6d0ada618745dd46d0e717 |
01-May-2009 |
Fariborz Jahanian <fjahanian@apple.com> |
Check for method type conflict between declaration in
class/protocol and implementation which could be
an imm. implementation or down in the inheritance
hierarchy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70568 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| a8607d13c8df25a8c10d46db016d26f9e327418d |
01-May-2009 |
Ted Kremenek <kremenek@apple.com> |
StoreManager::CastRegion:
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70565 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
ields.c
isc-ps-64.m
dar-6541136-region.c
fail_rdar_6440393.m
|
| 98104728aa36ba6e5cebfa265ece57127091b906 |
01-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add function prototype for OSAtomicCompareAndSwap32Barrier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70559 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 14b74ccd4e20049fc86e9a41ed87830e9d87434a |
01-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix run line in failing test case (it was missing the '%s' for the
file name, thus causing the test case to hang).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70558 91177308-0d34-0410-b5e6-96231b3b80d8
fail_rdar_6440393.m
|
| 1bc440b9224247fd30541b747fd213e586e8da9e |
01-May-2009 |
Ted Kremenek <kremenek@apple.com> |
Add failing static analyzer case (this crashes).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70532 91177308-0d34-0410-b5e6-96231b3b80d8
fail_rdar_6440393.m
|
| 2cd1293ad32dd5db3f3fcead9720cc2676c088e6 |
30-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Hook up attributes 'objc_ownership_retain' and
'objc_ownership_release' to the effects on receivers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70507 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 72c9dcd9dbc1ee65d7863d1ea04c2cc928007cc9 |
30-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Allow attributes 'objc_ownership_retain' and 'objc_ownership_release' to be
applied to ObjCMethodDecls, not just parameters. This allows one to specific
side-effects on the receiver of a message expression. No checker support yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70505 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| b27d1174673d457e2ee7906c14a92bba35242cea |
30-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Hook up Sema support for attributes on Objective-C method declarations that
appear between the return type and the selector. This is a separate code path
from regular attribute processing, as we only want to (a) accept only a specific
set of attributes in this place and (b) want to distinguish to clients the
context in which an attribute was added to an ObjCMethodDecl.
Currently, the attribute 'objc_ownership_returns' is the only attribute that
uses this new feature. Shortly I will add a warning for 'objc_ownership_returns'
to be placed at the end of a method declaration.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70504 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 77755a57c9e85418626ac64c0d38975d5fa9aded |
30-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add parsing support in an Objective-C method declaration for attributes between
the return type and selector. Haven't hooked this up to Sema yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70501 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 2c0ccd045514ae4dc951fb45b7c29216ba109bf7 |
30-Apr-2009 |
Steve Naroff <snaroff@apple.com> |
Warn about invalid return statements by default.
This fixes <rdar://problem/6839489> 10A345: Clang does not warm about mismatched returns (void return from a bool function)
Will implement -Wreturn-type, -Wno-return-type in another commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70492 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| a883355a6fe8d72b8899efb65a7d7645a51afc3b |
30-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: When determining whether an analyzed method can return
an owned object, consult its summary instead of inspecting the selector. This
picks up annotations, and is just more general.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70429 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| c887d13b07d72c8e67d1a73a82d3167e866f50e5 |
29-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Hoist code for bug reports above transfer function logic
(those diffs are just code moving) and move the logic for "return of owned
object" leak reporting to EvalReturnStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70399 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| a3f4540eba16e23e4589e032260ddff06f363e82 |
29-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for transfer function logic for OSCompareAndSwap32Barrier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70383 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 5c86b1982e5d11e71f4810eebfb143e3824c75a8 |
29-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
SymbolicRegions may also be live roots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70380 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps-region.c
|
| b1080ed5016db4466fbe69d771c05672de39ec3e |
29-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Added comments to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70374 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 622310792eb2504c8431ca5ea74477af11b95677 |
29-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70359 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| 2fc3259293282a428f71520805720ecc9e50af9f |
29-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
XFAIL the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70356 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| fde52c92b1a4973fa95322f1992a1388d3d94766 |
29-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add regression test case provided by <rdar://problem/6833332>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70350 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| bf20dbdec6ab7d02e96fac937ad57b2b95c0675c |
29-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement ownership attribute 'objc_ownership_make_collectable'. This allows one
to add 'CFMakeCollectable' semantics to a method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70336 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| c613f4e37558ed392351e08cc1cb52157075c661 |
28-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Improve retain/release test cases for ownership attributes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70327 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| c58e785c33b5d9d1f8c21760de9cf1f1bc5d983c |
28-Apr-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70294 91177308-0d34-0410-b5e6-96231b3b80d8
asts.c
|
| c6a59e4bf225c7f8152faca72897321f0f6cabd1 |
27-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add two new checker-specific attributes: 'objc_ownership_release' and
'objc_ownership_cfrelease'. These are the 'release' equivalents of
'objc_ownership_retain' and 'objc_ownership_cfretain' respectively.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70235 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| e798e7c5a107ff5262005431817409a855a67922 |
27-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Track objects in GC mode returned by 'alloc', 'new', etc. methods. These are
treated as "not owned" objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70232 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| 4064de959853503d9b87065adac1b277fff8af20 |
27-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add new checker-specific attribute 'objc_ownership_cfretain'. This is the same
as 'objc_ownership_cfretain' except that the method acts like a CFRetain instead
of a [... retain] (important in GC modes). Checker support is wired up, but
currently only for Objective-C message expressions (not function calls).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70218 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
etain-release.m
|
| 4da0427a20f31db9b6934b280d49ab264236b34c |
25-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Hook up attribute 'objc_ownership_retain' to the analyzer. This attribute allows
users to specify that a method's argument is visibly retained (reference count
incremented).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70008 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| de9a81b92e9098daa8ca19df138e4807b4d8afe8 |
25-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add new checker-specific attribute 'objc_ownership_retain'. This isn't hooked up
to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function increments the reference count of a passed
object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70005 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 8650f088ce375ac8dcc00c8c7afa99df36f6b097 |
25-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Hook up __attribute__((objc_ownership_returns)) to the retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70002 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 0fc169e864aef7fc9a782e60b222a360f406704a |
25-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add new checker-specific attribute 'objc_ownership_returns'. This isn't hooked
up to the checker yet, but essentially it allows a user to specify that an
Objective-C method or C function returns an owned an Objective-C object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70001 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 8ee885bae5e8b187a73f3d4671b1619969e5e080 |
24-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix the same false positive reported in PR 2542 and <rdar://problem/6793409>
involving an NSAnimation object delegating its release to a delegate method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69992 91177308-0d34-0410-b5e6-96231b3b80d8
r_2542_rdar_6793404.m
|
| de4d5339e0811c8c8226aee8e00dc9a25bd5ebcf |
24-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker:
- Fix summary lookup for class methods to now use the (optional)
ObjCInterfaceDecl associated with a message expression. This removes a
long-standing FIXME.
- Partial fix for <rdar://problem/6062730> by stop tracking objects that
are passed to [NSObject performSelector]. These methods are often used
for delegates, which the analyzer doesn't reason about well yet.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69982 91177308-0d34-0410-b5e6-96231b3b80d8
elegates.m
|
| 97d095f4e53d97cd7a7eca4c69df6e9ee3878098 |
24-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Further cleanups to isTrackedObjectType().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69929 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| f9df1362f0f2768ddab01fbf8d60c4808e641162 |
23-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Don't call isTrackedObject() with the canonical type.
This was preventing the checker from tracking return objects referenced by 'id'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69922 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
etain-release.m
|
| 829bf507946a3db93400ff8b096adb88e6bc994d |
23-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Temporarily remove expected warnings.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69917 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
etain-release.m
|
| e87450e5a398543b85205b3255d4c36204c00182 |
23-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Per discussions with Ken Ferry and Paul Marks (<rdar://problem/6815234>) greatly
extend the number of objects tracked by the retain/release checker by assuming
that all class and instance methods should follow Cocoa object "getter" and
"alloc/new" conventions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69908 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
etain-release.m
|
| b3cfd58c9b13325d994e5f9b5065e6a22d91911d |
23-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 4033: the analyzer shouldn't crash on computed gotos involving symbolic
target addresses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69900 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 868210e64ee979670424fd160b85744b8281b310 |
22-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash reported in PR 3991. The analyzer doesn't reason about ObjCKVCExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69754 91177308-0d34-0410-b5e6-96231b3b80d8
R3991.m
|
| af48fdd35633f53c74e982ba7922ca7b2051c1f5 |
22-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6777209> false Dereference of null pointer in loop: pointer increment/decrement preserves non-nullness
When the StoreManager doesn't reason well about pointer-arithmetic, propagate
the non-nullness constraint on a pointer value when performing pointer
arithmetic uisng ++/--.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69741 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 09f1419dab422787353965fdfeb88de1398de0b4 |
21-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Added over-release test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@69703 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 58fe03bc8083b92b606c31431feb361c45266cc2 |
12-Apr-2009 |
Chris Lattner <sabre@nondot.org> |
Fix rdar://6771034: don't warn on use of forward declared protocol in protocol
list of another protocol definition. This warning is very noisy and GCC doesn't
produce it so existing code doesn't expect it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68894 91177308-0d34-0410-b5e6-96231b3b80d8
egion-1.m
|
| b3bf76fb2442093ad871f1adeda608e881b9dee6 |
11-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add analyzer support for objc_atomicCompareAndSwap()
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68849 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 1670e403c48f3af4fceff3f6773a0e1cfc6c4eb3 |
11-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement analyzer support for OSCompareAndSwap. This required pushing "tagged"
ProgramPoints all the way through to GRCoreEngine.
NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68845 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 3a0fd13778cbe38ff20b467345a468eefb7072d2 |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Split failing test case from misc-ps.m to misc-ps-ranges.m (which tests
functionality specific to RangeConstraintManager).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68759 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-ranges.m
isc-ps.m
|
| 52e5602056e4cade24cbcca57767e94e1d430b03 |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6776949> Branch condition evaluates to an uninitialized value (argc is guaranteed to be >= 1)
The analyzer now adds the precondition that the first argument of 'main' is > 0.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68757 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b725232b46e92f3e36b03a32a6fc75748c312122 |
10-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Implement attribute "analyzer_noreturn" (<rdar://problem/6777003>). This allows
clients of the analyzer to designate custom assertion routines as "noreturn"
functions from the analyzer's perspective but not the compiler's.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68746 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| fe630b943e25bb794c46b9aede836c26fad9b590 |
09-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine: Don't try to reason about the size of 'void' for the return type
of messages sent to nil.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68683 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 748dd20b55f64bc7e398a3f2210136581531fc7a |
09-Apr-2009 |
Daniel Dunbar <daniel@zuster.org> |
Force triple for these tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68651 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| da9ae6088b9543134a6561a412b79530e290408d |
08-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance analyzer reasoning about sending messages to nil. A nil receiver returns 0 for scalars of size <= sizeof(void*).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68629 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| 899b3de7bc32434fc406f35255cc828ba8372b3d |
08-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
New static analyzer check by Nikita Zhuk!
"The attached patch generates warnings of cases where an ObjC message is sent to
a nil object and the size of return type of that message is larger than the size
of void pointer. This may result in undefined return values as described in PR
2718. The patch also includes test cases."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68585 91177308-0d34-0410-b5e6-96231b3b80d8
il-receiver-undefined-larger-than-voidptr-ret.m
|
| e82e13ad4ee707d71e320946887f47f45b303e07 |
07-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68505 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 99d026939024471a9e43267593d2ddff9f61ce46 |
03-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: don't track NSPanel until we have better reasoning about
the subtle ownership issues of such objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68397 91177308-0d34-0410-b5e6-96231b3b80d8
SPanel.m
|
| ef77d54a493a18d8e2dae772230987e5c01bfb04 |
02-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a few more analyzer test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68326 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| b8adaf905342129a62c989739d113a7cec7c5ff3 |
02-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Update expected warning in test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68276 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| b930d7adb7cb7642c9c49b39df04ebd5cbfa713a |
01-Apr-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix: <rdar://problem/6740387>. Sending nil to an object that returns a struct
should only be an error if that value is consumed. This fix was largely
accomplished by moving 'isConsumedExpr' back to ParentMap.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68195 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6600344-nil-receiver-undefined-struct-ret.m
|
| 28433ff063fe5ba5eac486d4bfcfa9e210097772 |
31-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68084 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| f3929daf7f2223913e226686cd4078a73849057c |
30-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another uninitialized values test case illustrating that the CFG correctly
handles declarations with multiple variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68046 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| 2a8d6b0852c47e43dac5c1679b4609b752234ed7 |
28-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in pointer comparison with NULL (e.g., 0 != ptr). This fixes
<rdar://problem/6732151>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67954 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| d7d5f0223bd30dfd618762349c6209dd1d5ea3e6 |
24-Mar-2009 |
Daniel Dunbar <daniel@zuster.org> |
Rename clang to clang-cc.
Tests and drivers updated, still need to shuffle dirs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67602 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2599.m
R2978.m
rray-struct.c
asts.m
fref_PR2519.c
fref_rdar6080742.c
omplex.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.m
xercise-ps.c
ields.c
unc.c
isc-ps-basic-store.m
isc-ps-eager-assume.m
isc-ps-region-store.m
isc-ps.m
o-exit-cfg.c
ull-deref-ps.c
utofbound.c
tr-arith.c
dar-6442306-1.m
dar-6539791.c
dar-6540084.m
dar-6541136-region.c
dar-6541136.c
dar-6562655.m
dar-6582778-basic-store.c
dar-6600344-nil-receiver-undefined-struct-ret.m
efcnt_naming.m
egion-1.m
egion-only-test.c
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.c
ninit-vals.m
nused-ivars.m
|
| 632d1ece2715b1c8a0c99e1b8b487f4c148c89d5 |
23-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
A test case to test that -warn-dead-stores does not emit a warning for stores to variables marked with '#pragma unused'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67570 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 68ac94a8d7c7a967ace59c565736d07e80de77e7 |
23-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: Provide temporary workaround for false positive reported by
<rdar://problem/6704930> involving SimpleConstraintManager not reasoning well
about symbolic constraint values involving arithmetic operators.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67534 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 693de5d7feb92c096431c98ea6ee637494bfe6fb |
23-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
analyzer: Fix embarrassing regression in BasicStore when invalidating struct
values passed-by-reference to unknown functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67519 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| c505d4f1568796f29ec9f1c57d861b54a088da1f |
19-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test cases for PR 3820.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67327 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 72374594c5d9ade02451bc85cf9dfa5b0ea106e7 |
19-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 3836 by eagerly assuming symbolic constraints returned by unary '!'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67260 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| ec099f1f9d1384cec624944744a9fe92df4b389b |
18-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash reported in <rdar://problem/6695527>. We now have
SVal::GetRValueSymbolVal do the checking if we can symbolicate a type instead of
having BasicStoreManager do it (which wasn't always doing the check
consistently). Having this check in SVal::GetRValueSymbolVal keeps the check in
one centralized place.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67245 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| c57bc595cf7d4e3a5219d30fc20653d595e16ffe |
18-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67154 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 8be2a67620b6be5f2c15dc44099e71b2c8e59ef7 |
13-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 3677 [retain checker]: custom 'allocWithZone' methods should be allowed
to return an owning pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66934 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 6ae8a3600656c478d27f25639bed765f4fe71732 |
13-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a hack in the analyzer to recover some path-sensitivity at branch
conditions. Currently the analyzer does not reason well about
promotions/truncations of symbolic values, so at branch conditions when we see:
if (condition)
and condition is something like a 'short' or 'char', essentially ignore the
promotion to 'int' so that we track constraints on the original symbolic value.
We only ignore the casts if the underlying type has the same or fewer bits as
the converted type.
This fixes:
<rdar://problem/6619921>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66899 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| 610e81d6b7248ce4be4be2252b03a5d4052c9835 |
13-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix failure reported by Sebastian of test/Analysis/ptr-arith.c when the target
is 64-bit. I used his suggestion of doing a direct bitwidth/signedness
conversion of the 'offset' instead of just changing the sign. For more
information, see:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2009-March/004587.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66892 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| e6fbdf538bc50122876639e08a1401e2bc9555ba |
12-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash when using TypedViewRegions and ObjCQualifiedIdTypes (TypedViewRegion::getLValueType() was not implemented).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66830 91177308-0d34-0410-b5e6-96231b3b80d8
egion-1.m
|
| 50f4f469024928670f2d634c445686d00eeb89b7 |
12-Mar-2009 |
Daniel Dunbar <daniel@zuster.org> |
Add Diagnostic files for Frontend and move a couple errors over.
- Notably, clang now exits with an error if it can't find a
file. This flushed out a bug in the CGColorSpace.c test case. :)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66789 91177308-0d34-0410-b5e6-96231b3b80d8
GColorSpace.c
|
| e8cba00b40ce8a31e8d2ee6f3ca8243cd1e37719 |
12-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add comments to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66760 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 344d4c8726e5fb7dfac42eeaef2c0df02d2059b0 |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix StmtIterator bug reported in PR 3780 where a VLA within a DeclGroup would
not be consulted for its size expression when operator* was called in the
StmtIterator (this resulted in an assertion failure).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66679 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 3c4b37980ad5582409fa9a99ac29da8ab59f1ed0 |
11-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
This test case checks if we get the right rvalue type of a TypedViewRegion.
The ElementRegion's type depends on the array region's rvalue type. If it was
a pointer type, we would get a loc::SymbolVal for '*p'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66656 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| 2b1dc179197955bfa79583b13bedb1dc8bcdf25d |
11-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Fix crash when LHS of pointer arithmetic is not ElementRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66649 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| fa6228d61499e4f6c490afeb636e36d8ae00b5ee |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 3780: In one code path in BasicValueFactory::getValue() we would not
return an unsigned integer for a null pointer value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66630 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 7de20fe9aac00705dd943690563db66fa4b35b5b |
11-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
SimpleConstraintManager doesn't reason about bitwise-constraints on symbolic
values. Indicating this in 'canReasonAbout' allows GRExprEngine to recover
path-sensitivity in some cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66628 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 25d01badc5c37d3c8b7b9a41001f9c7e2cabda05 |
09-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Allow allocations to fail by returning nil.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66487 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| cd57fcec52c48c781700653cf7c39143110b2b1d |
09-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6659160>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66483 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5c42f9ba44094eb1a05f8d36c5479645ffbb3c7b |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix another GRExprEngine::VisitCast regression: handle casts of void* to function pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66211 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
|
| c530291ada4085f962cfbab7a1732a45e992688c |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in GRExprEngine::VisitCast: Do not wrap symbolic function pointers with TypedViewRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66187 91177308-0d34-0410-b5e6-96231b3b80d8
asts.m
|
| 9f45d28d06e52bd051ff70994a6cd09b2eb1bed5 |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case: objects stored to self.ivar are not tracked.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66168 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| f684d56828c3917a6a4f1037e22cb0c37e5665c2 |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Retrofit some basic tracking of ivars (for the current object) into BasicStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66166 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
isc-ps.m
|
| f27893a1a17dbde417dc7bccbbd25992c33215f9 |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Test case: When using RegionStore with the retain/release checker, stop tracking objects assigned to self's ivar.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66139 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-region-store.m
|
| aad45e0e0fef78af16849714047d877bb4473de8 |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for RegionStore's tracking of the ivars of 'self'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66136 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| efcfcc0e27ade4e0bb6626824f2bdc0a01bab32b |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine: Polish up handling of casting integer constants to pointers and back.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66127 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 3aa7ecd53f8e4965188fbbf33a82380c798f309c |
05-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
For now, do not track NSWindow objects and it's subclasses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66107 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
|
| d104a09d30ec35cb67931051d5d0c1ff2ee2d697 |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
Add prototype support for invalidating fields for structures passed-by-reference
to unknown functions. Most of this logic should be eventually moved to
RegionStore and be made lazy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@66094 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-region-store.m
|
| 1f7de6630a990cdb98ae5453506f5b4642b56c24 |
04-Mar-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes using RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65988 91177308-0d34-0410-b5e6-96231b3b80d8
FRetainRelease_NSAssertionHandler.m
|
| e184b1e4e06c059a8360fae4c9b5ea00fd62014d |
03-Mar-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for pointer arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65907 91177308-0d34-0410-b5e6-96231b3b80d8
tr-arith.c
|
| ed8a93d17b8936dc7978cdc37f3f00fc49d24f71 |
01-Mar-2009 |
Douglas Gregor <dgregor@apple.com> |
Fix PR3509 by providing correct starting locations for initializer lists
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65777 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| 48af2a9c1ed3259512f2d1431720add1fbe8fb5f |
25-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add experimental logic in GRExprEngine::EvalEagerlyAssume() to handle
expressions of the form: 'short x = (y != 10);' While we handle 'int x = (y !=
10)' lazily, the cast to another integer type currently loses the symbolic
constraint. Eager evaluation of the constraint causes the paths to bifurcate and
eagerly evaluate 'y != 10' to a constant of 1 or 0. This should address
<rdar://problem/6619921> until we have a better (more lazy approach) for
handling promotions/truncations of symbolic integer values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65480 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-eager-assume.m
|
| 265a305997c63a28d87ddd370958db083f98bc1a |
24-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6611677>: Add basic transfer function support in the static
analyzer for array subscript expressions involving bases that are vectors. This
solution is probably a hack: it gets the lvalue of the vector instead of an
rvalue like all other types. This should be reviewed (big FIXME in
GRExprEngine).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65366 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 89e202d6a42eb42f3d6025c4d6e4b885bee84e0a |
23-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: For now don't track the retain count of NSWindow objects (opt for false negatives).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65304 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
|
| f0dff4c00eeda61ecd25c9098a6b69d83828605d |
23-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
More retain/release naming convention tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65303 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| d3d4f57f3562490ca825a387332d9fabc6281307 |
23-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for PR 2599.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65299 91177308-0d34-0410-b5e6-96231b3b80d8
R2599.m
|
| b80976c752ad3469c54ecd10d5ba5847fd48d7a8 |
21-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Improved naming convention heuristics in the retain/release checker to better
handle method names that contain 'new', 'copy', etc., but those words might be
the substring of larger words such as 'newsgroup' and 'photocopy' that do not
indicate the allocation of objects. This should address the issues discussed in
<rdar://problem/6552389>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65224 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 0bdf17888d6f08d04083414e32ee732c0695a4e9 |
20-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6562655>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65085 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6562655.m
|
| 79f7f8ab9a8c741e29ea9e648d05f774de49cd9b |
19-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case to include a leak that occurs at the place of allocation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65048 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 3450a55f403f4b55120d4d5403ac4ebfab3a55d0 |
19-Feb-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65036 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 98f1e1c56f977ccafb3cda35ec95844fcfa740dd |
19-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case for 'nil receiver returns undefined struct value' check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65004 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6600344-nil-receiver-undefined-struct-ret.m
|
| b2b14d772aea2c5b96df22a120cfcd7f8039697a |
18-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add a few more GC-only test cases for the retain/release checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64960 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| e1d77c32c13b3f42886406975bbda83cae770cba |
18-Feb-2009 |
Eli Friedman <eli.friedman@gmail.com> |
Fix test: config.h is not guaranteed to exist at the location in
question. Use __builtin_alloca instead, which is guaranteed to mean the right
thing without any includes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64868 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 9457a800f1fea4db4bb595c77de277609913b1b3 |
18-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Update several tests to explicitly use BasicConstraintManager as well as to use RangeConstraintManager with RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64854 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
rray-struct.c
fref_PR2519.c
fref_rdar6080742.c
omplex.c
ead-stores.c
|
| 4b2d0dde8889a25b8e2a6c7dc67e69def28a49d1 |
17-Feb-2009 |
Daniel Dunbar <daniel@zuster.org> |
Eliminate dependency on where test is run from.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64837 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 16de4c716290a198054bf67c93f3a266d269b2d1 |
17-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Convert tabs to spaces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64799 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
|
| 3092dd6b2c01d7d1721a29c865ac729cd8f9ea3c |
17-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance tests to exercise more combinations of using the RangeConstraintManager with the RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64788 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
isc-ps.m
|
| 61a3778c81c8d3e91f19479b300336f23ac991d4 |
17-Feb-2009 |
Ben Laurie <benl@google.com> |
Don't include alloca.h if it doesn't exist.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64771 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| be1fe1eb12a1cb91c8e3a9fcc2db4dfe989def6c |
17-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Static Analyzer driver/options (partial) cleanup:
- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
-analyzer-output=...
-analyzer-store=...
-analyzer-constraints=...
instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
interface
- Updated test cases to conform to new driver options
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64737 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
rray-struct.c
fref_PR2519.c
fref_rdar6080742.c
omplex.c
xercise-ps.c
ields.c
unc.c
isc-ps-basic-store.m
isc-ps-region-store.m
isc-ps.m
o-exit-cfg.c
ull-deref-ps.c
utofbound.c
dar-6442306-1.m
dar-6539791.c
dar-6541136-region.c
dar-6541136.c
dar-6582778-basic-store.c
efcnt_naming.m
egion-only-test.c
etain-release-basic-store.m
etain-release-gc-only.m
etain-release-region-store.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.m
|
| 9800dadea77ad62450fc37268eb9778be2f86d06 |
16-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Test passes with -analyzer-range-contraints.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64663 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| a3d1eb85853eae7b719f679b40923826b5e4b7df |
14-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine: Handle empty statement expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64541 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 5216ad7e095873f19e535ad1efba91973f05d8e8 |
14-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Added GRStateManager::scanReachableSymbols(), a method which scans the reachable
symbols from an SVal.
- Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark
live all the symbols reachable from a live block-level expression.
- Fixed a bug in the retain/release checker where it did not stop tracking
symbols that 'escaped' via compound literals being assigned to something the
BasicStoreManager didn't reason about.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64534 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6582778-basic-store.c
|
| a316e7b735b12ce6b34961a9dcfaae34f4b08d29 |
14-Feb-2009 |
Douglas Gregor <dgregor@apple.com> |
Extend builtin "attribute" syntax to include a notation for
printf-like functions, both builtin functions and those in the
C library. The function-call checker now queries this attribute do
determine if we have a printf-like function, rather than scanning
through the list of "known functions IDs". However, there are 5
functions they are not yet "builtins", so the function-call checker
handles them specifically still:
- fprintf and vfprintf: the builtins mechanism cannot (yet)
express FILE* arguments, so these can't be encoded.
- NSLog: the builtins mechanism cannot (yet) express NSString*
arguments, so this (and NSLogv) can't be encoded.
- asprintf and vasprintf: these aren't part of the C99 standard
library, so we really shouldn't be defining them as builtins in
the general case (and we don't seem to have the machinery to make
them builtins only on certain targets and depending on whether
extensions are enabled).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64512 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
ninit-vals.c
|
| 3e41d60eb627dc227c770f1c1c87d06909cf05fd |
14-Feb-2009 |
Douglas Gregor <dgregor@apple.com> |
Implicitly declare certain C library functions (malloc, strcpy, memmove,
etc.) when we perform name lookup on them. This ensures that we
produce the correct signature for these functions, which has two
practical impacts:
1) When we're supporting the "implicit function declaration" feature
of C99, these functions will be implicitly declared with the right
signature rather than as a function returning "int" with no
prototype. See PR3541 for the reason why this is important (hint:
GCC always predeclares these functions).
2) If users attempt to redeclare one of these library functions with
an incompatible signature, we produce a hard error.
This patch does a little bit of work to give reasonable error
messages. For example, when we hit case #1 we complain that we're
implicitly declaring this function with a specific signature, and then
we give a note that asks the user to include the appropriate header
(e.g., "please include <stdlib.h> or explicitly declare 'malloc'"). In
case #2, we show the type of the implicit builtin that was incorrectly
declared, so the user can see the problem. We could do better here:
for example, when displaying this latter error message we say
something like:
'strcpy' was implicitly declared here with type 'char *(char *, char
const *)'
but we should really print out a fake code line showing the
declaration, like this:
'strcpy' was implicitly declared here as:
char *strcpy(char *, char const *)
This would also be good for printing built-in candidates with C++
operator overloading.
The set of C library functions supported by this patch includes all
functions from the C99 specification's <stdlib.h> and <string.h> that
(a) are predefined by GCC and (b) have signatures that could cause
codegen issues if they are treated as functions with no prototype
returning and int. Future work could extend this set of functions to
other C library functions that we know about.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64504 91177308-0d34-0410-b5e6-96231b3b80d8
xercise-ps.c
|
| dd06e092305c9061bb270f07e0fc6d6946bbc2ad |
13-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add test case illustrating special handling of 'SenTestCase' subclasses for the missing -dealloc check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64494 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| 7a1018148233afb3a580fdeb13567c946693bc38 |
13-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64417 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| 183c6f2db89ae7f79003978b4d80c51ff76f6deb |
11-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add another test case for the MissingDealloc checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64257 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| d3098ee64c069a3eff4d2d0a5d655d968c7b5dd2 |
09-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 2514: Do not flag dead initializations for variables initialized to a constant global variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64149 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| ddf7e994b55ed2f161e22dfab8db14997e22c01c |
08-Feb-2009 |
Sebastian Redl <sebastian.redl@getdesigned.at> |
Make the test cases failing due to exact diagnostic matching XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64080 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| 043254a9d267d48f1289c3274fad0a17f97c435d |
07-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Update test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64045 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| bcd2f76edbd1bcf966183444d5d1afcc1edc050d |
06-Feb-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Put the region store specific test in a separate file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63930 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
egion-only-test.c
|
| a48f7378a05095595d0f6a9c11fc8141e7a5ea61 |
06-Feb-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Create ElementRegion when the base is SymbolicRegion. This is like what we do
for FieldRegion. This enables us to track more values.
Simplify SymbolicRegion::getRValueType(). We assume the symbol always has
pointer type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63928 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| a92206ea578983f86fbf1246702955a10056dff8 |
05-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Add 'AppendValue' to the list of magic CF function names that cause a tracked object to escape. Fixes <rdar://problem/6560661>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63891 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6539791.c
|
| cf118d41f7930a18dce97416ef7834a62642f587 |
05-Feb-2009 |
Ted Kremenek <kremenek@apple.com> |
Overhaul BugReporter interface and implementation. The new interface cleans up
the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.
The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.
Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63796 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
GColorSpace.c
SPanel.m
SString.m
SWindow.m
efcnt_naming.m
etain-release.m
|
| bf98c99600017bfcdde2a7966c47a6beb15a96dc |
30-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix horrible non-termination bug in LiveVariables. The issue was that
the liveness state of block-level expressions could oscillate because
of two issues:
- The initial value before a merge was not always set to "Top"
- The set of live block-level expressions is a union, not an intersection
This fixes <rdar://problem/650084>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63421 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6540084.m
|
| 2612903c0b83af6c2b0268797dff340174eef55f |
30-Jan-2009 |
Nuno Lopes <nunoplopes@sapo.pt> |
fix RUN line
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63392 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136.c
|
| 282f7534c13671d9644169990496252bd317a224 |
30-Jan-2009 |
Nuno Lopes <nunoplopes@sapo.pt> |
enable test as it works
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63391 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| 14553abd17d303b0b310b3ab1523eb0d30d8121c |
30-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix a couple bugs:
- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
ASTContext for the size (in bits) of 'int'. While it worked, it was a
conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
type "ConstantArray", and handles the case when uses use ordinary variables
as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
"array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63347 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6541136-region.c
dar-6541136.c
|
| 6818928f39603e8c97f04ec0c3f467084e22ac85 |
29-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: When generating summaries for CF/CG functions, allow arguments to "escape" if they are passed to a function containing the terms "InsertValue", "SetValue", or "AddValue". This fixes <rdar://problem/6539791>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63341 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6539791.c
|
| abf439731bc4f56df2df9e54d6c242e2c633f5ca |
28-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Always generate an "autorelease" summary for an "autorelease" message, and have the summary processing logic treat it as a no-op in GC mode. This change is motivated to encode more of the semantics in the summaries themselves for eventual better diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63241 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release-gc-only.m
|
| a7ecc3788df207f1c1ef925447f41aff5e91c7a3 |
28-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Add autorelease test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63237 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 23b8eaa83659dcae7f4be1618988094c5f2bd176 |
28-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker: Improve diagnostics to indicate that CF objects are not automatically garbage collected.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63187 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| d76d47eb5f5afffcf25fe8c42521867ccad4073b |
27-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix bug in BasicStore::getLValueElement where if the base of an array subscript expression was an ElementRegion we stacked another ElementRegion on top of that.
This fixes PR 3422.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63110 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 8318304afdfe4d6d689681a73424c73615e95859 |
24-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix crash ElementRegion::getRValueType() when the RvalueType of the ArrayRegion is a typedef and not (directly) a pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62909 91177308-0d34-0410-b5e6-96231b3b80d8
xercise-ps.c
|
| 3148eb4a75f70f2636075c364d03104223f004d3 |
24-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
More hacking on static analyzer diagnostics. When emitting summary diagnostics the code paths for diagnostics involving paths or single locations are now unified. This patch also constifies many arguments/methods that are touched by this logic, leading to a nice overall code cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62903 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
etain-release.m
|
| 562c4d90418996c927f43e89250570d9967d6ecc |
23-Jan-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Implement retrieval of the default value of element and field regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62847 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| b61f49cb3cd6ec8c9b17b48173370b3ce16f79b0 |
23-Jan-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a test case for init expr of array and struct type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62845 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 2e84257c699cd8e98462021b4848e76967ac831d |
23-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
For now, return UnknownVal() in RegionStore::getElementsSize() for AnonTypedRegions. It wasn't really doing the right thing and was crashing on rdar-6442306-1.m. This fix causes all path-sensitive test cases to pass with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62816 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
dar-6442306-1.m
|
| 6fd8f914d399035e1417d9e548d3a8d598195370 |
23-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Add RegionStore support for the implicit object region that 'self' references. This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62814 91177308-0d34-0410-b5e6-96231b3b80d8
bjCProperties.m
efcnt_naming.m
|
| 872e25cfd9069ef20616630f33cecf2e96e62a26 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62805 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.m
|
| 31c2c20a2976c1adc9a9b7c7c7096a31cf382040 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62804 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-ps-rdar6145427.m
|
| 16aaf4c760a86cb16887416332a3abe0f2d249e4 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62803 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-msg-expr.m
|
| b78284a0ee1de9bb2006de6d220c0c925c28be6c |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62802 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 19e8744c4886d338404cf4b8e2f1c15684793cc3 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Enhance test case to test RegionStore with -checker-cfref.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62801 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 27584825ebefcc8fd12a2407fd5c407aa592aac7 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62800 91177308-0d34-0410-b5e6-96231b3b80d8
o-exit-cfg.c
|
| f1456aa04005cc97ff8bc655e32cbfe73fc73875 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62799 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
|
| 04b1de1f73ec8cad2a5e0a6a4c3c3f8b9b1b09a2 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62798 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| 62bca24df24ea66c185e3b622e9451174c3139ca |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62796 91177308-0d34-0410-b5e6-96231b3b80d8
xercise-ps.c
|
| 9945781a1f59269188403752be3028d3d248c46b |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test case now passes with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62795 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
|
| f9e96843e8a0afd0d5f58ba224fb8d57cba8effa |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Test more array logic in outofbound.c
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62782 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| a7ac9444b4b82de868fac9710a56807898a90b02 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix RegionStore::getLValueElement() to handle the case when the base region is not an ElementRegion (also do some cleanups of its core logic).
This gets array-struct.c to work with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62781 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
utofbound.c
|
| f536ca311af4ca68df94fa6597790a354ccfbb01 |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
These test cases now pass with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62773 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
SPanel.m
SString.m
SWindow.m
|
| 2dabd42df78e8d379ed0eebbf8d4a7aac86a9b6f |
22-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
The 'misc-ps.m' test case now passes with RegionStore. One case needed to be split out into 'misc-ps-basic-store.m' and 'misc-ps-region-store.m' because the behavior was different between the two store models (RegionStore flags an additional valid bug).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62772 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps-basic-store.m
isc-ps-region-store.m
isc-ps.m
|
| bb6c8fdae70aa1dd4df499bdf711fbfcb2e67548 |
21-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes using -analyzer-store-region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62670 91177308-0d34-0410-b5e6-96231b3b80d8
GColorSpace.c
|
| b87f66ce2d5bbda0a71e725673a120cc7fc6bf34 |
21-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes using -analyzer-store-region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62669 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
|
| 0964a06d5cc1dc36ac5f8c89ba47ec0a47c08bb1 |
21-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Get RegionStore to work with the retain/release checker and its test cases.
Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62667 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
fref_PR2519.c
fref_rdar6080742.c
etain-release-basic-store.m
etain-release-region-store.m
etain-release.m
|
| d427023c334fe03105d9359711a3df4d6f23b344 |
21-Jan-2009 |
Daniel Dunbar <daniel@zuster.org> |
Add -analyze action to run static analyzer, instead of inferring from
individual checker options.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62634 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
FNumber.c
FRetainRelease_NSAssertionHandler.m
GColorSpace.c
heckNSError.m
issingDealloc.m
SPanel.m
SString.m
SWindow.m
oReturn.m
bjCProperties.m
bjCRetSigs.m
R2978.m
rray-struct.c
fref_PR2519.c
fref_rdar6080742.c
omplex.c
onditional-op-missing-lhs.c
ead-stores.c
ead-stores.m
xercise-ps.c
ields.c
unc.c
isc-ps.m
o-exit-cfg.c
ull-deref-ps.c
utofbound.c
dar-6442306-1.m
efcnt_naming.m
etain-release.m
tack-addr-ps.c
ninit-msg-expr.m
ninit-ps-rdar6145427.m
ninit-vals-ps-region.c
ninit-vals-ps.c
ninit-vals.c
ninit-vals.m
nused-ivars.m
|
| d24d25533b021ce0b68213b25754284121b52995 |
20-Jan-2009 |
Daniel Dunbar <daniel@zuster.org> |
Make test independent of stdint.h
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62565 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
|
| 7f5fce7200fdbf03f7d70134a57271e584fcb766 |
20-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Dead stores checker: Fix <rdar://problem/6506065> by being more selective when say that a store is dead even though the computed value is used in the enclosing expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62552 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 72afb3739da0da02158242ae41a50cfe0bea78b4 |
17-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer crash found when scanning Wine sources where the analyzer used old logic to determine the value of a switch 'case' label.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62395 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 99890659385f052412d479e8569b10069ac2b12b |
16-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Fix PR 3337 [retain/release checker]: Handle FunctionDecl's declared using typedefs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62331 91177308-0d34-0410-b5e6-96231b3b80d8
etain-release.m
|
| 5834ed6999980d90bd125dd1c8f9301e9d48f40c |
13-Jan-2009 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add KillStruct to region store.
- put the killed region in the kill set.
- set its default value to unknown.
- removes all bindings for its subregions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62138 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| e3a46b08f879771b9445c2a3cb717bf843f48f07 |
13-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This test now passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62132 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| e1c2a675e0c089e1f53cbd55d2197a8beaa852ae |
13-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
static analyzer: Handle casts from arrays to integers. This fixes PR 3297.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62130 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 1261938ec42b0a1b82bec5fe901b7fc02a23d9a1 |
12-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
retain/release checker:
- Refactor a bunch of logic in the retain/release checker, making it more
condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework
retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62106 91177308-0d34-0410-b5e6-96231b3b80d8
FDate.m
FDateGC.m
FString.c
etain-release.m
|
| 3b58786f85aaa173e122f6eaff0b6efa233d59a2 |
09-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
Dead stores checker: Don't flag dead stores for self-assignments (common escape hatch for 'unused variable' warnings).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62010 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 234a4c286e197f7ca9207d60433d40c802484333 |
07-Jan-2009 |
Ted Kremenek <kremenek@apple.com> |
This commit reflects changes to the retain/release checker motivated by my
recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).
Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:
1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.
2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61837 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| ff944a8c481d6c0f1ad2633e4be9bf8b1dd2a09f |
22-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add an option to make 'RemoveDeadBindings' a configurable behavior. This enables
us to measure the effect of this optimization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61319 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 4193eca10ce0cc8b2dae887e935a43b26f492b5b |
20-Dec-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Lazy bingding for region-store manager.
* Now Bind() methods take and return GRState* because binding could
also alter GDM.
* No variables are initialized except those declared with initial
values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61274 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
ninit-vals-ps-region.c
|
| 784606f796fa00427aab2f55c8e1025376450a17 |
19-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case for suppressing leak warnings for reference-counted objects passed by-reference to an unknown function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61227 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 2fb78a70536274426302415b6fc54a1074788e91 |
17-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
CF-retain/release checker:
- Fix regression reported in <rdar://problem/6452745>. After a null check, null references to resources should not have a retain count. This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61155 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 90b3236cbea10044c38ea40585dce8150236f1ca |
17-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix <rdar://problem/6451816>:
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
had a regression in the "symbolication" of variable values passed-by-reference
to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
blasting through the layer of AnonTypedRegions when symbolicating the value of
the variable. This logic may get moved elsewhere. Note that this change
affects only -checker-cfref and not -checker-simple; eventually this logic
should get pulled out of CFRefCount.cpp into a more common place. All users
use -checker-cfref by default, and -checker-simple should probably just be
removed.
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
a test case for this regression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61147 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| 55f7bcbda37964d3c0e8928d0e50a6e1692b7dce |
15-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix regression in handling sizeof(void) in the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61039 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 6eddeb153415049c7b62de4b45385a759a6906c6 |
13-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
MemRegion:
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60995 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
rray-struct.c
dar-6442306-1.m
tack-addr-ps.c
|
| cfec1db63f9d4a1cda3f970d2cebeba8333a69ea |
13-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Temporarily XFAIL these tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60991 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
utofbound.c
tack-addr-ps.c
|
| abb042f33ea8e6107a7dc8efc51d2ace329f9f48 |
13-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
A series of cleanups/fixes motivated by <rdar://problem/6442306>:
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60990 91177308-0d34-0410-b5e6-96231b3b80d8
dar-6442306-1.m
|
| 159d2487e6b49f0aa64c44aef96bc9d643929931 |
09-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
[static analyzer] Extend VLA size checking to look for undefined sizes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60734 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 8322d6a4fcf34755a8378e4320c5e211366c71f8 |
09-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add zero-sized VLA check test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60731 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 26b58cd65f5ae7b90d786b472a0ba527b14637e3 |
08-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Incorporate MissingDealloc_IBOutlet.m test case into MissingDealloc.m
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60722 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
issingDealloc_IBOutlet.m
|
| 63de73635611b4cdc57eff94b36e9525b363281a |
08-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Incorporate MissingDeallc_SEL.m test case into MissingDealloc.m
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60721 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
issingDealloc_SEL.m
|
| e0bb804cee03c3de04112e04554907502d87acd8 |
08-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add test case for <rdar://problem/6380411>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60720 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc.m
|
| 567c8df3646208e0a5816c57191ca36930f50ed3 |
06-Dec-2008 |
Fariborz Jahanian <fjahanian@apple.com> |
Patch to diagnose a variety of misuse of property
attributes. Example would be, readonly, assign or
assign, copy, etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60620 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| ae0ee03fd9d36446ee70e502fdaf5ed5acec269f |
05-Dec-2008 |
Chris Lattner <sabre@nondot.org> |
instead of forcing blocks on by default, make them default to off, but let
specific targets default them to on. Default blocks to on on 10.6 and later.
Add a -fblocks option that allows the user to override the target's default.
Use -fblocks in the various testcases that use blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60563 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| a317e90f4c4aeb871359c3b8c3420f1ddab97d5c |
04-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add 'expected-warning' to make test case pass.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60548 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 1e10011aa27d322d1290fc04d2372bf8719c645b |
04-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add another static analyzer test case involving attribute(nonnull).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60547 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| a96ac060debe3b83caa5c4ddba0c44a44b4499fe |
04-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add another test case for attribute(nonnull) checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60544 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 42268463fb151b80fecd2e85ce375df0acfbbcb2 |
04-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Revise bogus comment I just committed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60522 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| f117facb5ade615965bdd76a870659fe1f62f302 |
04-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
Add comment to test case for documentation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60521 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
|
| d7ff4874cbb99b5a8a92121af18792204b210dbb |
03-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
BasicConstraintManager:
- Fix nonsensical logic in AssumeSymGE. When comparing 'sym >= constant' and the
constant is the maximum integer value, add the constraint that 'sym ==
constant' when the path is deemed feasible. All other cases are feasible.
- Improve AssumeSymGT. When comparing 'sym > constant' and constant is the
maximum integer value we know the path is infeasible.
- Add test case for this enhancement to AssumeSymGT.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60490 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 73abd133aeda75971212176b1b4f7f251976d7cf |
03-Dec-2008 |
Ted Kremenek <kremenek@apple.com> |
BasicConstraintManager:
- Fix nonsensical logic in AssumeSymLE. When comparing 'sym <= constant' and the
constant is the minimum integer value, add the constraint that 'sym ==
constant' when the path is deemed feasible. All other cases are feasible.
- Improve AssumeSymLT to address <rdar://problem/6407949>. When comparing
'sym < constant' and constant is the minimum integer value we know the
path is infeasible.
- Add test case for <rdar://problem/6407949>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60489 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 34a83474c89ba23481a8cfcde33693ae17487b8f |
30-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
remove a test case that causes compiler warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60282 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 27cae9e327eac1352e5159cba7feb72080ce1232 |
30-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for initializing array with string literal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60281 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| a8a6ef82ce903de65aee554f3d6c1c175de7da2f |
26-Nov-2008 |
Nuno Lopes <nunoplopes@sapo.pt> |
add missing RUN lines
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60107 91177308-0d34-0410-b5e6-96231b3b80d8
GColorSpace.c
|
| 6669db9d80d77d10f101aa9f8e488bbd2d98f76c |
25-Nov-2008 |
Fariborz Jahanian <fjahanian@apple.com> |
Patch to allow over-riding of readonly property to
a writable property in one of its category.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60035 91177308-0d34-0410-b5e6-96231b3b80d8
bjCProperties.m
|
| 661fc39abc5338e9dccd2f64467cac8bbe25c46a |
25-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add documentation for test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@60002 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 33d7cbfc0aa25dcc5d4470f39b374a1b9473a190 |
25-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add no-warning to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59995 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 4b89e034a7778669c4f0888d66afef4cc03fb064 |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Strings are NULL terminated. So the region size should plus one.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59943 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 20f0178a232029bea7f34adecb6e5bdd6fada483 |
24-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for out-of-bound memory access checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59931 91177308-0d34-0410-b5e6-96231b3b80d8
utofbound.c
|
| 0947b4e6c778ca94bbd0a56548de0b6b5ff1dfc9 |
24-Nov-2008 |
Chris Lattner <sabre@nondot.org> |
Rewrite FindDiagnostics to be more strict about the formatting of the
expected-foo strings. Now the only allowed characters between
expected-error and {{ is whitespace.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59925 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| ea06544bea29ba9def49ea061def1df9e100af25 |
23-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Improve test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59902 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 7c686661d65c63f6f518ca81830dd61bd64bfe1f |
21-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add checker test case: warn about returning an uninitialized value to the caller.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59765 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| 9f49055456049bdff41f61231553d29573fac184 |
21-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Enable test file for 'region store' in addition to basic store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59762 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| e8e4d8c9cb29de6aad77163bd8a59066985a43b9 |
20-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Split region store specific test cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59683 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps-region.c
ninit-vals-ps.c
|
| 89e8a07af3e24ae0f843b80906422d711f73de0a |
19-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for path-sensitive uninit-val detection involving struct field.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59620 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| 617ff31664d7aaaf391272da30d3ae65d0426df7 |
18-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test cast for struct array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59522 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 87d3ef08d892df8264bd51adb6ddd4a22422cd29 |
17-Nov-2008 |
Steve Naroff <snaroff@apple.com> |
Fix <rdar://problem/6333904> [sema] message lookup on super is incorrect
Missing special lookup rule in Sema::ActOnInstanceMessage().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59467 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| 512cdb57a045e9b889112a0c6ce724b173442763 |
16-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Re-enable array-struct test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59396 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 973e72a8ddbf1645ce8da4d22c60babbdb9b5f79 |
15-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add a test case for compound assignments that lazily symbolicate the value of the LHS when the computation type is an integer of more bits.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59352 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 82bd99f4db2454cc6e1b7bfaac6db25cb3444ddc |
13-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
- Revert r59229 and r59232: AllocRegion should be immutable.
- Temporarily disabled test Analysis/array-struct.c for region store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59245 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 26134a1b596b9763a6975f15bf296a580b141114 |
13-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for unsigned array index.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59239 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| fb75b2583eb82dc42cb8e5bd3c1eda1c661eb76d |
13-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for incomplete struct pointer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59236 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| b670133b9e9fd7bce078674d782dad9d7c320f9d |
13-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add a test case for alloca().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59233 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 062e2f9a0ecccfdb6c8be8d797b66abca8dfbfbc |
13-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine/CFRefCount/GRSimpleVals: We don't do any special handling (yet) of vector types. Add explicit checks that when we process integers that they really are scalars.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59225 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 76dba7b67a36b2d6311e4ad4714df5dbd39dbebe |
13-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
GRExprEngine::VisitInitListExpr:
- Don't crash on vector types.
- Handle typedefs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59220 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 12b49d9293b3bc730c127ac3645c70f581c9caf7 |
11-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add && to test command.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59014 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| fe81bc215e823e57b5a6dfb92fe0363c9bd07c46 |
10-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add region store model to path-sensitive testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58983 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 31483b48c75e2bd544964102f67809b46603c683 |
07-Nov-2008 |
Anders Carlsson <andersca@mac.com> |
include alloca.h instead of malloc.h. If this doesn't work for everyone we can just declare alloca directly in the file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58853 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 7b2d21e3710781fa223d8200b59c841771ff73d3 |
07-Nov-2008 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Append the test runs with '&&'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58851 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| ff6ec3903630fa3b97477cf3474b55170eab0164 |
07-Nov-2008 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
Bring in 'alloca' for the Analysis/stack-addr-ps.c test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58849 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 2eff0f9e4fe5b7e130dae5edd51cbadad4b348e1 |
05-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add a test case for CFMakeCollectable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58772 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| 04b90bc00fc6ce8bc6c559e56220ceb77cdbccf6 |
02-Nov-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add function side-effect test cast.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58565 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| c979a9b066d998d73fb3a5ae293b7bbf78576e47 |
02-Nov-2008 |
Ted Kremenek <kremenek@apple.com> |
Add 'alloca' test case for return-of-stack-address checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58554 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| df2aa1efbb940aa7bf5ef49235e1d7aff0d52128 |
31-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test code for array initialization.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58502 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| beb62c5836450dcdda53dca85399273acdf7104d |
31-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added missing 'expected-warning'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58481 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| fab6f220cdbcd7269d8f6e19988774efe0a49983 |
31-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhance compound literal test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58480 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 64cc62d502eca5728de8d9aa431d7e76ce438467 |
31-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add missing "expected warning".
Add compound literal with empty initializer (just to test the analyzer handles it).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58470 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| ccb55e3d0c173ed86ab440d9bf41c06fdddd39ef |
31-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add method that will be invoked using the dot-syntax just to test that the missing -dealloc checker handles it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58467 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| d4a07988c8ba6b214e8d93c3a4048357484ba771 |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Improve compound literal test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58447 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 997c1552acd4cf8745f6895a6ac3d0fbc3451326 |
30-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Patch by Nikita Zhuk: test case for fix for false positive reported in PR2978.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58432 91177308-0d34-0410-b5e6-96231b3b80d8
R2978.m
|
| c532f633a94f3d91b4435c8ed84dc3ef7bcf2afa |
27-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add 'expected-warning' for braces around scalar initializer
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58280 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 194aade5a0378afd1e669305fa3dc284eb4f5ec8 |
27-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added compound literal test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58279 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 92429ddd879d22bb4d18e142ef0ff82d455f9be8 |
27-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for SCA region store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58235 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
|
| 234a7d2bf50ba55496433f896577838407119e1a |
27-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test for SCA region store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58234 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 5b2316a8b695589f8e91baf1df06c1082ac94b6d |
25-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Do not crash when performing VisitLValue on union types.
This fixes PR 2948.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58148 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 2e971208f48a06b2880a28ba16389f3a0d4213df |
25-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add StringLiteral test code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58136 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| f4b3548ac5ba2f82f347fb4312adcff4da3fa592 |
24-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
This test no longer is marked XFAIL.
Enhance test to include a case where a tracked object escapes because it is stored to a local ivar through a method dispatch to 'self.'
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58109 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 72e1682bbdfd497ce838d648bb2cb6047c015f6f |
24-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add random array and struct test code for SCA.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58085 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| f74675b5bba77a9db94eac5d3431785e6432a312 |
23-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Temporarily mark this test XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58024 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 3ad2cc89ab6302ef5bda1a1550d405a15df2b013 |
23-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Warn about potentially leaked objects that are returned from methods whose names do not follow the Cocoa Memory Management guidelines.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@58012 91177308-0d34-0410-b5e6-96231b3b80d8
efcnt_naming.m
|
| 64e859a36634dfc848634d22aa428a48f82487d3 |
22-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhance reference-count checker to correctly identify CG "release" functions. This fixes <rdar://problem/6303488>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57997 91177308-0d34-0410-b5e6-96231b3b80d8
GColorSpace.c
|
| c498848ebcf22a9de23143b342f28b6d4f515436 |
22-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for FuncDecl and function pointer variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57979 91177308-0d34-0410-b5e6-96231b3b80d8
unc.c
|
| c13b6e251afb9530bbcc8c6f26dc4266f4f0c93b |
21-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Further improve path-sensitivity with divide-by-zero checking by assuming that a denominator cannot be zero even when the result of an '/' or '%' expression is unknown.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57855 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 9253b0f3d70b49f216e86447494ec0ff2315b31a |
21-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case inspired by <rdar://6268365>: recover path-sensitivity after compound assignment when the result of the assignment is not known.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57852 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 6dfe2f544a5e601bd5ac1a7e31af17ec3bf1fe01 |
19-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Add support in GRExprEngine for UnaryOperator::AlignOf. This fixes one crash report in PR 2796.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57777 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| 5c456fe4d354dab9e8a1309aefe828ea7b6d6f26 |
18-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Use "VisitLValue" when processing the base for "x.f" field accesses, and "Visit" when processing the base for "x->f" field accesses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57754 91177308-0d34-0410-b5e6-96231b3b80d8
ields.c
|
| dacd67a377f6f3d4bfd754d69b0a070e4a61baab |
18-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
This test now passes again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57742 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 63ffb78cf4bd0aa8fa149740637cea6c1e08b969 |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Test now passes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57718 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| b6b81d1047aeec4f15b90ca1b9d4d7fcff154f7d |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
"Implement" GRExprEngine::VisitLValue for ObjCPropertyRefExpr. This is only a bandid; we need to properly handle properties by using locv/nonloc objects and specially handling property assignments in the transfer function for BinaryOperator.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57693 91177308-0d34-0410-b5e6-96231b3b80d8
bjCProperties.m
|
| ef8b28e9459e729b7bd8c826d204621b039611fa |
17-Oct-2008 |
Zhongxing Xu <xuzhongxing@gmail.com> |
Add test case for array and struct variable lvalue evaluation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57670 91177308-0d34-0410-b5e6-96231b3b80d8
rray-struct.c
|
| 3397e467f5f20fb0c54fc1a30f99c2559661938a |
17-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Mark these tests XFAIL. We need to add back assumption logic when doing array and field accesses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57658 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
ull-deref-ps.c
|
| 380277e46ec1d2d9abedcddf357ceea935cbe576 |
15-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhance dead store checker to not flag preincrements to dead variables where the preincrement is a subexpression, e.g. foo(++x); This can cause false negatives, but will remove a whole class of false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57554 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| cc9ac41ac06d9511fbc8ad2914ef6bd6f99aa247 |
02-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhance NSError** checking with analogous checking for CFErrorRef*.
Expand checking to include functions, not just methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56938 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| 9f67edeff2c2bccdf3ff86a15bcbb16daa512b41 |
01-Oct-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56915 91177308-0d34-0410-b5e6-96231b3b80d8
isc-ps.m
|
| d2025e26738c3017af6685e342a3a746cdf8249f |
27-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add more control-flow to test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56707 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 610a09e409bea151a42dd907768f1e0c4b103f1f |
27-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add CFG support for implicit-control flow for VLA size expressions within an SizeOfAlignOfTypeExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56706 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 84fa6b90abf73e8cc539c9947ed5a6286f588569 |
26-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Examine VLA size expressions when computing liveness information.
Fixes <rdar://problem/6248086>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56645 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| cafd9089a4745414eedb93d0b543d9d22c6b55ae |
24-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Updated test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56548 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| d1f5ff717dc019a01cae2d8d4bfe941a5eb6f67b |
23-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56493 91177308-0d34-0410-b5e6-96231b3b80d8
o-exit-cfg.c
|
| fb8a7fd7741e84b3fa1d5e18a42e223c8efc9d5e |
19-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Test case for transfer function logic of const casts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56369 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.m
|
| 0a41e5a03a2753e736dece6fc6847e6de2dedec1 |
19-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed logic error in BasicConstraintManager pointed out by Zhongxing Xu.
For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.
For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.
Updated test case exercising this logic: we only prune paths if the values are
unsigned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56354 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 1cd920a1cb2aa4ccc9b098f645563627ea820d1a |
19-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case for PR 2600: proper use of NSError**
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56332 91177308-0d34-0410-b5e6-96231b3b80d8
heckNSError.m
|
| 91985ae8c8eae9f489ce0d08360ebf2a3ca5da47 |
18-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Added CFNumberCreate test case to illustrate a 32-bit/64-bit arch issue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56295 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
|
| f6e5ec45950df60555ee96c62b728b485394e34e |
18-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Add path-sensitivity test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56294 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| e2b00834749b685f8023c3984632d775c1550da3 |
17-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix copy-paste error in test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56261 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 8c3e7fbae6f61f87000f1edd59bb2379abf3d7e0 |
17-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Minor pass-sensitivity improvement:
if we know that 'len != 0' and know that 'i == 0' then we know that
'i < len' must evaluate to true and cannot evaluate to false
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56260 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| b497ebdce35c708e902db2d49183925a612b4914 |
04-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case for the dead stores checker that was originally an FP reported in PR 2763.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55801 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 7fb43c17eb2b4102f40a80a355629aacd70589ad |
01-Sep-2008 |
Ted Kremenek <kremenek@apple.com> |
Tidy up sema processing of attribute "nonull":
- warn about nonnull being applied to functions with no pointer arguments
- continue processing argument list in the attribute when we encounter a non-pointer parameter being marked as nonnull
- when no argument list is specified, only mark pointers as nonnull. This fixes PR 2732 and radar 6188814.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55610 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| dd463b8db0b07d2fdb99ffc7a7eb28eeb449c5d4 |
16-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhance null-dereference checker test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54834 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 595c7ab8a482069a2c72bd979912283b3a705723 |
13-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54717 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-ps-rdar6145427.m
|
| efe88f5776b42ec2defb8ba29269a6c3683e9485 |
07-Aug-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhanced test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54436 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 4489fe10fa073eb326e2c8906db170f009050911 |
05-Aug-2008 |
Daniel Dunbar <daniel@zuster.org> |
Add EXTWARN Diagnostic class.
- Like EXTENSION but always generates a warning (even without
-pedantic).
- Updated ptr -> int, int -> ptr, and incompatible cast warnings to
be EXTWARN.
- Other EXTENSION level diagnostics should be audited for upgrade.
- Updated several test cases to fix code which produced unanticipated
warnings.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54335 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
ead-stores.c
ull-deref-ps.c
|
| 22bda887aacd0e591978541a799aa43835652ec9 |
31-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Enhanced path-sensitive return-of-stack-address check to print out the name of the variable whose address was returned.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54253 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
tack-addr-ps.c
|
| f19f911916c462e3f56ffb5d382ba839790db74a |
25-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Remove '.' in expected warning
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54051 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| fc7ff5540412f8003024e1b4940fb8408dff2ca6 |
25-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Don't emit 'dead initialization' warnings for variables marked 'unused'.
This fixes PR 2573: http://llvm.org/bugs/show_bug.cgi?id=2573
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54009 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 17a61db7da06eec137f48bfb40369ec2a39c4fdc |
24-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Correctly handle NSAssertionHandle -handleFailureInMethod:object:file:lineNumber:description:
This fixes: http://llvm.org/bugs/show_bug.cgi?id=2593
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53993 91177308-0d34-0410-b5e6-96231b3b80d8
FRetainRelease_NSAssertionHandler.m
|
| f071e1837309c63dfc26d0e3f2a1a29a214a6c12 |
24-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Don't issue a missing +dealloc warning for classes that just contain SEL ivars.
This fixes PR 2592: http://llvm.org/bugs/show_bug.cgi?id=2592
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53987 91177308-0d34-0410-b5e6-96231b3b80d8
BOutlet.m
issingDealloc_SEL.m
|
| 08e4b669da68c59df2e04d0eedd183c0a2f1d5aa |
24-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Rename test case file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53984 91177308-0d34-0410-b5e6-96231b3b80d8
issingDealloc_IBOutlet.m
|
| b0f36323d9d8392075274b95816e2241f99ddb0d |
24-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Issue dead store warnings for preincrements involved in a subexpression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53983 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 8b00b6e80dbeb04dd919699f7818344dd4cbaad9 |
24-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added dead stores test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53966 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 2cfac226b028e5a2165af077268f70cd2ab4b1a8 |
23-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Further refine dead store checking to distinguish between dead stores and dead increments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53960 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| cc87ba2b950cfef2ef43019627330975a7daf73a |
23-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Properly skip IBOutlets when checking for unused ivars.
Refine the error message of unused ivars.
Added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53957 91177308-0d34-0410-b5e6-96231b3b80d8
nused-ivars.m
|
| 584def7364f51e35bfcaf5c3c64673096533adda |
22-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added path-sensitive checking for null pointer values passed to function arguments marked nonnull.
This implements <rdar://problem/6069935>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53891 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| c083b0dbdb64cb2f3bf0c19a6f3bba72c2a78378 |
18-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53770 91177308-0d34-0410-b5e6-96231b3b80d8
fref_rdar6080742.c
|
| f4ebf42b06994a14a218898ce9a6c3f3bfbc7a57 |
16-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
For the MissingDealloc check, don't treat IBOutlet ivars as being needed to be released
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53647 91177308-0d34-0410-b5e6-96231b3b80d8
BOutlet.m
|
| f9c2a5d1b49b60962b613a1dfffa23831ca298a2 |
15-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Distinguish between dead stores and dead initializations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53628 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
|
| f7f3c20a5d4c5bd1857a6cea1f001bb775401e96 |
15-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Provide an "Analysis Scope" for Analyses so checks can either be run on code declarations (bodies) or Objective-C @implementation blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53584 91177308-0d34-0410-b5e6-96231b3b80d8
bjCRetSigs.m
|
| 0d8019e55c0f465bafc11b04aed691de95b9131d |
12-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Add new check: -check-objc-methodsigs. This check scans methods in
ObjCImplementationDecls and sees if a ancestor class defines a method with the
same selector but with a different type signature. Right now it just compares
return types, and mainly looks at differences in primitive values. The checking
will be expanded in the future.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53482 91177308-0d34-0410-b5e6-96231b3b80d8
bjCRetSigs.m
|
| 66e855fb8ae1da1eccf24fa6c7ddfec4f1b5fcc5 |
09-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Add test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53335 91177308-0d34-0410-b5e6-96231b3b80d8
fref_PR2519.c
|
| 560624a84ee2227bc6a41194513921af5d79e742 |
04-Jul-2008 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
'&&' commands together so that the test status reflects the results of all the commands, otherwise the test status will be the result of only the last command.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53135 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| 489f7b64199b054128452c903cf18bb3daa71444 |
04-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
'&&' clang commands together so that the test status reflects the results of all three clang executions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53132 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 03648657c7327175f0e6349fb7a83115a0562d9d |
04-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix a bug in the dead stores checker reported in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-July/002157.html
Essentially the observer mechanism in LiveVariables was observing block-level
expressions multiple times, leading to a case where the dead store checker could
see a value as dead when it was really live.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53115 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.m
|
| aeca9637ce88da7f2ee7c0edba3d34f14a2c3015 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Skip the "-dealloc" check if a ObjC class contains no ivars.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53100 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| db09a4dee28a4515438af60f2d2b4a83e4965c31 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added static analysis check to see if a subclass of NSObject implements -dealloc, and whether or not that implementation calls [super dealloc].
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53075 91177308-0d34-0410-b5e6-96231b3b80d8
SPanel.m
SString.m
|
| 90a929e240db04a464ee84ff1a746c6f826d5c25 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Update test case with new clang arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53056 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
|
| e81da5080ce0d5f10baf6b34f599101a569bb2e6 |
03-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Update test case: simply running "clang -checker-simple" doesn't invoke the dead store checker anymore. We need "-warn-dead-stores" as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53055 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 141d8a059ba08f95d44ce3067a7209a04aa7bf87 |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix typo in test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53024 91177308-0d34-0410-b5e6-96231b3b80d8
SPanel.m
|
| f4381fddf152a63e1ac97185293c47ec0ac2f1a6 |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added AnalysisConsumer, a meta-level ASTConsumer class to drive various
analyses. This potentially is the primordial origins of a Clang-equivalent
"PassManager".
The new AnalysisConsumer interface allows multiple analyses to be run from a
single invocation of Clang.
Migrated the logic of "-warn-dead-stores" and "-warn-uninit-values" to use the
new AnalysisConsumer interface. The new interface results in a significant code
reduction to incorporate an analysis into the Driver.
Updated a test case to (correctly) acknowledge that it contains a dead store
(this check wasn't being performed because it was previously masked by
-warn-uninit-values).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52996 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
|
| 91d1a14be8eabe235fcf27b070bc9c568d5e1e63 |
02-Jul-2008 |
Ted Kremenek <kremenek@apple.com> |
Added reference count checker test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52993 91177308-0d34-0410-b5e6-96231b3b80d8
SPanel.m
|
| 04bc87683acacce119967dfa5f7c35b4ecef012a |
27-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Added a simple static analysis check to look for improper uses of CFCreateNumber.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52799 91177308-0d34-0410-b5e6-96231b3b80d8
FNumber.c
|
| 553cf18cd44769a7624fc942493f076498527529 |
25-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
CF ref checker:
Tracked objects now have their type information tracked with them.
Enhanced summaries for ObjC methods to include the type information of the receiver.
Used the enhanced summaries to support the idiom that NSWindow owns itself (it sends a release message to itself upon close).
Added some comments.
Did some cleanups with the checker logic using operator overloading (reduced redundant code which I was concerned about being the source of bugs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52741 91177308-0d34-0410-b5e6-96231b3b80d8
SWindow.m
|
| a73447013c919d43f40c05451f5e4b662c043d6d |
23-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
The CF retain/release checker now assumes that allocations do not fail. Eventually we will add a flag to the driver to enable allocation failures (documented as a FIXME).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52632 91177308-0d34-0410-b5e6-96231b3b80d8
FDate.m
|
| 39a1884968170f7ca948a236ebc5d510c0c45af5 |
21-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Include stdint.h instead of stdio.h.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52578 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
|
| 5bce1b0f57b9bc2c2012291e351c27baf8610f21 |
21-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Test the dead-store checker using both -warn-dead-stores and -checker-simple.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52568 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 1a654b60ef40e84f3943cdb581795c4d4dae1e45 |
20-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Modified the dead stores checker to...
1) Check if a dead store appears as a subexpression. For such cases, we emit
a verbose diagnostic so that users aren't confused. This addresses:
<rdar://problem/5968508> checker gives misleading report for dead store in loop
2) Don't emit a dead store warning when assigning a null value to a pointer.
This is a common form of defensive programming. We may wish to make
this an option to the the checker one day.
This addresses the feature request in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52555 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| b8e26e63d9dcc09351d75677721c6c9ff7045b54 |
19-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Introduce initial transfer function support for __imag__ and __real__. We don't
have complex RValues yet, so this logic is only fully implemented when __imag__
and __real__ are used on non-complex types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52501 91177308-0d34-0410-b5e6-96231b3b80d8
omplex.c
|
| d54ae2a8ea965e73e6bb1e09d5ba070fd900b061 |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Move test case "uninit-msg-expr.m" from Analysis-Apple to Analysis (now works on all platforms).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52362 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-msg-expr.m
|
| 32dc95e1ae09c740a08c364feaffd8c73821fe15 |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Moved test case NoReturn.m from Analysis-Apple to Analysis (now works on all platforms).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52359 91177308-0d34-0410-b5e6-96231b3b80d8
oReturn.m
|
| 859be3b1e7f0cf02a3f9677e80ee69749d1c4d7b |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Move NSString.m test case from Analysis-Apple to Analysis. The test case now works on all platforms.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52354 91177308-0d34-0410-b5e6-96231b3b80d8
SString.m
|
| 4b5484acebc2783be187f44d9f15632875ecb47c |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Update test case to use -pedantic (makes the test case more clear).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52349 91177308-0d34-0410-b5e6-96231b3b80d8
FString.c
|
| dfc996c9d5e33967d9ef65556b76514fbcdcdd2f |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Fix misspelling of "svelte".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52348 91177308-0d34-0410-b5e6-96231b3b80d8
FDate.m
FDateGC.m
FString.c
|
| 7662af466edd22a7bb9042c88986be1e90cd0fa9 |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Move Analysis-Apple/CFString.c to Analysis (the test case now works on all platforms).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52346 91177308-0d34-0410-b5e6-96231b3b80d8
FString.c
|
| 88739bff1d856e7087f9b60bd7c2ec292856ee6b |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Move CFDateGC.m test case from Analysis-Apple to Analysis (it now runs on all platforms).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52344 91177308-0d34-0410-b5e6-96231b3b80d8
FDateGC.m
|
| 2f134c609f3127d8577462bd2d2d2653ed3adae3 |
16-Jun-2008 |
Ted Kremenek <kremenek@apple.com> |
Moved CFDate.m from test/Analysis-Apple to test/Analysis, and added the necessary declarations from Foundation.h to CFDate.m so that the test case can be exercised on all platforms.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52343 91177308-0d34-0410-b5e6-96231b3b80d8
FDate.m
|
| 3eb817e5095d25e7bf4a8df9ed3f9b13bed6f298 |
22-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Improve dead stores diagnostics to include the variable name.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51395 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 5c96c27e7f35e49a36c6ffdc55cdd5de0230f7af |
21-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Fixed bug in the transfer function for dereferences: the loaded value from EvalLoad should bind to the UnaryOperator*, not its subexpression.
Added test case to exercise this fix when checking for uses of uninitialized values.
Patch by Zhongxing Xu!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51377 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| a23157e6b9e2388edebd3d383dd7acfab6a4c0c0 |
06-May-2008 |
Ted Kremenek <kremenek@apple.com> |
Emit dead store warnings for ++ and -- operators.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50679 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 5c454ab13ac53b824209a16ec199135f084ddc8b |
05-May-2008 |
Ted Kremenek <kremenek@apple.com> |
When reporting branch conditions that evaluate to an uninitialized value,
highlight the most nested subexpression that appears most responsible (giving
the user better diagnostic feedback).
Updated test cases to illustrate this feature.
Implements: <rdar://problem/5880443>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50647 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| e866a7c654758cf42b0cc748a481661755ba6144 |
30-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case for the static analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50467 91177308-0d34-0410-b5e6-96231b3b80d8
xercise-ps.c
|
| e2013f5646cb4a09b71e2708fbe9f8df43f5d7d6 |
30-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case to test null dereference checking with lval::ArrayOffset.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50454 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 43ae4b0d2ba2a7de1c3ccb25f22955489999e1fb |
24-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added uninitialized-values (path-sensitive) test case as a regression test
for the fix in r50178 (http://llvm.org/viewvc/llvm-project?rev=50178&view=rev).
This fix was for <rdar://problem/5881148>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50220 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals-ps.c
|
| a548846b471f7ca05ec6038c7d9d3b4d0de777cc |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added lval type (and tracking) for StringLiterals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50109 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 0fe33bc94a822e315585e5cde1964d3c3b9052f9 |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added "nonlval::LValAsInteger" to represent abstract LVals casted to integers, allowing us to track lvals when they are casted back to pointers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50108 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 9704eacf27608cf3549014dd198b0f1148a4a3a0 |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added null dereference test involving arrays.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50084 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 3603d736a71971d38d280f470589d5bed8b244bc |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added missing expected-warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50073 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| b9ab690786f0edfe32798bbf4338cab23e08bc6e |
22-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added null dereference test case looking for null dereferences involving MemberExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50072 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| f87821c086a46411883b385c743996a35cc8e154 |
15-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case illustrating the use of '&'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49735 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 49a2fd2758996b6f674babf19c75b3d01e77e2d4 |
14-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added test case to dead stores checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49647 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| d71ed26dd80cdfebb5bb49000cce538e6c9a90e3 |
11-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Refactored all logic to run the GRSimpleVals and CFRef checker into a common
code path in the clang driver.
Renamed options --grsimple to -checker-simple and -check-cfref to -checker-cfref.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49500 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
tack-addr-ps.c
|
| 2f54af48219e4b633346249f318c3536fe76cf14 |
02-Apr-2008 |
Ted Kremenek <kremenek@apple.com> |
Added path-sensitive null dereference test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49095 91177308-0d34-0410-b5e6-96231b3b80d8
ull-deref-ps.c
|
| 02737ed29d7fff2206f7c7ee958cdf0665e35542 |
31-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Added path-sensitive check for return statements that return the address
of a stack variable. This is the path-sensitive version of a check that
is already done during semantic analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48980 91177308-0d34-0410-b5e6-96231b3b80d8
tack-addr-ps.c
|
| 5fb5c6afbb331b87c638fad42f5b37ed697e5580 |
22-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Changed merge operation for uninitialized values analysis to "intersect" (previous union).
The effect is that if a variable is uninitialized along a branch (but initialized along another), at merge points it is considered uninitialized. Previously we had the opposite behavior. The new behavior is more conservative, and more in line with gcc's behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48689 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| 0fdf06e5eef80ce56ce6499ba662453919b95af1 |
19-Mar-2008 |
Ted Kremenek <kremenek@apple.com> |
Convert tabs to spaces.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48539 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|
| 3907323dd6665c0c4e383435cb145233f4533406 |
30-Nov-2007 |
Anders Carlsson <andersca@mac.com> |
GCC has an extension where the left hand side of the ? : operator can be omitted. Handle this in a few more places.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44462 91177308-0d34-0410-b5e6-96231b3b80d8
onditional-op-missing-lhs.c
|
| f5f20bdf918cedb47fdd33f5b634f4908cdd3f15 |
26-Nov-2007 |
Bill Wendling <isanbard@gmail.com> |
The checking for the delimiters of expected error/warning messages was
looking only for { and } instead of {{ and }}. Changed it to check for
this explicitly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44326 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| ca7aa1f9ca9c4ee4973f161bc0a71c236a0313f6 |
25-Nov-2007 |
Ted Kremenek <kremenek@apple.com> |
Added more test cases for uninitialized values checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44307 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| ff7c538f7c37539bceb99113f7d507cd98daa578 |
24-Nov-2007 |
Ted Kremenek <kremenek@apple.com> |
Fixed bogus culling of uninitialized-values "taint" propagation during assignments.
We accidentally were throttling the propagation of uninitialized state across
assignments (e.g. x = y). Thanks to Anders Carlsson for spotting this problem.
Added test cases to test suite to provide regression testing for the
uninitialized values analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44306 91177308-0d34-0410-b5e6-96231b3b80d8
ninit-vals.c
|
| bfc5e500bfb2febcf2e85588f2f839601b9fc1e0 |
24-Nov-2007 |
Ted Kremenek <kremenek@apple.com> |
Moved dead-stores test cast to a new test suite subdirectory: Analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@44305 91177308-0d34-0410-b5e6-96231b3b80d8
ead-stores.c
|