| e2b1246a24e8babf2f58c93713fba16b8edb8e2d |
|
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate constant evaluation logic in SValBuilder.
Previously, this was scattered across Environment (literal expressions),
ExprEngine (default arguments), and RegionStore (global constants). The
former special-cased several kinds of simple constant expressions, while
the latter two deferred to the AST's constant evaluator.
Now, these are all unified as SValBuilder::getConstantVal(). To keep
Environment fast, the special cases for simple constant expressions have
been left in, but the main benefits are that (a) unusual constants like
ObjCStringLiterals now work as default arguments and global constant
initializers, and (b) we're not duplicating code between ExprEngine and
RegionStore.
This actually caught a bug in our test suite, which is awesome: we stop
tracking allocated memory if it's passed as an argument along with some
kind of callback, but not if the callback is 0. We were testing this in
a case where the callback parameter had a default value, but that value
was 0. After this change, the analyzer now (correctly) flags that as a
leak!
<rdar://problem/13773117>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| 658a28479dd775f6ff2c07fa5699a7ea01e04127 |
|
02-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated
Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore
about processing LazyCompoundVal as a top-level “escaping” value.
This addresses several false positives that get triggered by the NewDelete checker, but the
underlying issue is reproducible with other checkers as well (for example, MallocChecker).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| b98c6fe8877b809d4da3020692c9b38f972b92cf |
|
06-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Revert part of r161511; suppresses leak false positives in C++
This is a "quick fix".
The underlining issue is that when a const pointer to a struct is passed
into a function, we do not invalidate the pointer fields. This results
in false positives that are common in C++ (since copy constructors are
prevalent). (Silences two llvm false positives.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174468 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| 63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 |
|
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Report leaks at the closing brace of a function body.
This fixes a few cases where we'd emit path notes like this:
+---+
1| v
p = malloc(len);
^ |2
+---+
In general this should make path notes more consistent and more correct,
especially in cases where the leak happens on the false branch of an if
that jumps directly to the end of the function. There are a couple places
where the leak is reported farther away from the cause; these are usually
cases where there are several levels of nested braces before the end of
the function. This still matches our current behavior for when there /is/
a statement after all the braces, though.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| 5a1ffe98b04120846a15f7105905b5f363b08635 |
|
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always include destructors in the analysis CFG.
While destructors will continue to not be inlined (unless the analyzer
config option 'c++-inlining' is set to 'destructors'), leaving them out
of the CFG is an incomplete model of the behavior of an object, and
can cause false positive warnings (like PR13751, now working).
Destructors for temporaries are still not on by default, since
(a) we haven't actually checked this code to be sure it's fully correct
(in particular, we probably need to be very careful with regard to
lifetime-extension when a temporary is bound to a reference,
C++11 [class.temporary]p5), and
(b) ExprEngine doesn't actually do anything when it sees a temporary
destructor in the CFG -- not even invalidate the object region.
To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer
config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which
controlled all implicit destructors, has been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| cdc3a89d5de90b2299c56f4a46c3de590c5184d1 |
|
24-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162588 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| f132ba8e571298ceda306c4484e031f990b347da |
|
05-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] One more pointer escape test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156214 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| aca0ac58d2ae80d764e3832456667d7322445e0c |
|
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers escape through calls containing callback args.
(Since we don't have a generic pointer escape callback, modify
ExprEngineCallAndReturn as well as the malloc checker.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
| 4b81e742c8d23600e4244d69f20322e3535e3d86 |
|
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a malloc cpp test file.
Includes a test from a reported false positive fixed in some earlier
commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153702 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|