e2b1246a24e8babf2f58c93713fba16b8edb8e2d |
|
02-May-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Consolidate constant evaluation logic in SValBuilder. Previously, this was scattered across Environment (literal expressions), ExprEngine (default arguments), and RegionStore (global constants). The former special-cased several kinds of simple constant expressions, while the latter two deferred to the AST's constant evaluator. Now, these are all unified as SValBuilder::getConstantVal(). To keep Environment fast, the special cases for simple constant expressions have been left in, but the main benefits are that (a) unusual constants like ObjCStringLiterals now work as default arguments and global constant initializers, and (b) we're not duplicating code between ExprEngine and RegionStore. This actually caught a bug in our test suite, which is awesome: we stop tracking allocated memory if it's passed as an argument along with some kind of callback, but not if the callback is 0. We were testing this in a case where the callback parameter had a default value, but that value was 0. After this change, the analyzer now (correctly) flags that as a leak! <rdar://problem/13773117> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
658a28479dd775f6ff2c07fa5699a7ea01e04127 |
|
02-Apr-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
b98c6fe8877b809d4da3020692c9b38f972b92cf |
|
06-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer]Revert part of r161511; suppresses leak false positives in C++ This is a "quick fix". The underlining issue is that when a const pointer to a struct is passed into a function, we do not invalidate the pointer fields. This results in false positives that are common in C++ (since copy constructors are prevalent). (Silences two llvm false positives.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174468 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
63bc186d6ac0b44ba4ec6fccb5f471b05c79b666 |
|
15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Report leaks at the closing brace of a function body. This fixes a few cases where we'd emit path notes like this: +---+ 1| v p = malloc(len); ^ |2 +---+ In general this should make path notes more consistent and more correct, especially in cases where the leak happens on the false branch of an if that jumps directly to the end of the function. There are a couple places where the leak is reported farther away from the cause; these are usually cases where there are several levels of nested braces before the end of the function. This still matches our current behavior for when there /is/ a statement after all the braces, though. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
5a1ffe98b04120846a15f7105905b5f363b08635 |
|
06-Sep-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Always include destructors in the analysis CFG. While destructors will continue to not be inlined (unless the analyzer config option 'c++-inlining' is set to 'destructors'), leaving them out of the CFG is an incomplete model of the behavior of an object, and can cause false positive warnings (like PR13751, now working). Destructors for temporaries are still not on by default, since (a) we haven't actually checked this code to be sure it's fully correct (in particular, we probably need to be very careful with regard to lifetime-extension when a temporary is bound to a reference, C++11 [class.temporary]p5), and (b) ExprEngine doesn't actually do anything when it sees a temporary destructor in the CFG -- not even invalidate the object region. To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which controlled all implicit destructors, has been removed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
cdc3a89d5de90b2299c56f4a46c3de590c5184d1 |
|
24-Aug-2012 |
Ted Kremenek <kremenek@apple.com> |
Fix analyzer tests. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162588 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
f132ba8e571298ceda306c4484e031f990b347da |
|
05-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] One more pointer escape test. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156214 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
aca0ac58d2ae80d764e3832456667d7322445e0c |
|
04-May-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Allow pointers escape through calls containing callback args. (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|
4b81e742c8d23600e4244d69f20322e3535e3d86 |
|
30-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add a malloc cpp test file. Includes a test from a reported false positive fixed in some earlier commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153702 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/test/Analysis/malloc.cpp
|