| Age | Commit message (Collapse) | Author |
|---|
|
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91991 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
we don't need to use the DoneEvaluation hack when check for
ObjCMessageExpr.
PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.
Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a BugReporter&. This paves the way for pulling some of the retain/release checker into a "Checker" class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85971 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Some Builders need further cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78301 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and their impl base classes. This can greatly simply some code of the core
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78270 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.
We now have one implementation of SValuator: SimpleSValuator.
SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.
As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Remove the 'isFeasible' flag from all uses of 'Assume'.
- Remove the 'Assume' methods from GRStateManager. Now the only way to
create a new GRState with an assumption is to use the new 'assume' methods
in GRState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73731 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStore needs to know the type of alloca region.
* RegionStoreManager::EvalBinOp() now converts the alloca region to its first
element region, as what is done to symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@72164 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Zhongxing and I discussed by email.
Main changes:
- Removed SymIntConstraintVal and SymIntConstraint
- Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr
- Added nonloc::SymExprVal to wrap SymExpr
- SymbolRef is now just a typedef of 'const SymbolData*'
- Bunch of minor code cleanups in how some methods were invoked (no functionality change)
This changes are part of a long-term plan to have full symbolic expression
trees. This will be useful for lazily evaluating complicated expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67731 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Added a new 'node builder' class called GRStmtNodeBuilderRef (name may
change). This is essentially a smart reference to a GRStmtNodeBuilder object
that keeps track of the current context (predecessor node, GRExprEngine
object, etc.) The idea is to gradually simplify the interface between
GRExprEngine and GRTransferFuncs using this new builder (i.e., passing 1
argument instead of 5). It also handles some of the "auto-transition" for node
creation, simplifying some of the logic in GRExprEngine itself.
- Used GRStmtBuilderRef to replace GRTransferFuncs::EvalStore with
GRTransferFuncs::EvalBind. The new EvalBind method will be used at any
arbitrary places where a binding between a location and value takes place.
Moreover, GRTransferFuncs no longer has the responsibility to request
StoreManager to do the binding; this is now in GRExprEngine::EvalBind. All
GRTransferFuncs::EvalBind does is checker-specific logic (which can be a
no-op).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64525 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.
The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.
Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@63796 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
called "SymbolReaper". Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62722 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
conversions caused by the '!' operator. This required adding some logic to GRSimpleVals to reason about nonloc::LocAsInteger SVals. This code appears to work fine, but it should eventually be cleaned up.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RValues.h/cpp => SVals.h/cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57893 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RVal => SVal
LVal => Loc
NonLVal => NonLoc
lval => loc
nonlval => nonloc
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57671 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Remove ConstNotEq from GRState/GRStateManager (!= tracking uses GDM instead).
- GRStateManager now can book-keep "contexts" (e.g., factory objects) for uses
with data elements stored into the GDM.
- Refactor pretty-printing of states to use GRState::Printer objects
exclusively. This removed a huge amount of pretty-printing logic from
GRExprEngine.
CFRefCount
- Simplified some API calls based on refinements to the GDM api.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54835 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Updated checker state printer interface to allow transfer functions to return an arbitrary number of GRState::Printers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Rename ValueStateManager -> GRStateManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54721 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
unfortunately needed because virtual methods with the same name can be hidden by subclasses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53751 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
method.
Modified the new EvalBinOpNN to generate states instead of nodes. This is a much simpler interface and is what clients will want to do.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53750 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
there as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53743 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
of the methods only return an RVal; we want them to be able to create an arbitrary number of states.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53739 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53423 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- #include ExprObjC.h in many places
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@51703 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Implemented support for better localized leaks in the CF reference count checker.
Now leaks should be flagged close to where they occur.
This should implement the desired functionality in <rdar://problem/5879592>, although the diagnostics still need to be improved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50241 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50233 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Problem:
In the recently refactored VisitDeref (which processes dereferences), we
were incorrectly skipping the node just generated for the subexpression
of the dereference. This was a horrible regression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50176 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
from registered BugTypes. This helps with debugging.
Add detection of NULL values in ref count checker; this suppresses false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49912 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the checker-specific logic of symbolic assumptions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49910 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49826 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
represent possible stores to "Unknown."
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49811 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49804 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to start logically organizing them.
Added initial plug-in transfer function support for Objective-C message expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49752 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
change the state (and thus the GREndPathNodeBuilder automatically contructs a
node).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49563 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Bugs are now reported using a combination of "BugType" (previously
BugDescription) and Bug "BugReport" objects, which are fed to BugReporter (which
generates PathDiagnostics). This provides a far more modular way of registering
bug types and plugging in diagnostics.
GRExprEngine now owns its copy of GRCoreEngine, and is not owned by the
ExplodedGraph.
ExplodedGraph is no longer templated on the "checker", but instead on the state
contained in the nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49453 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48272 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
checker-specific state.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48238 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
object to pretty-print the component of a state that is specific to a checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48237 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48025 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47995 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRStmtNodeBuilder and is now responsible for adding its own nodes to the graph.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47923 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
of the entire checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47920 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRExprEngine::StateTy just becoming ValueState*.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47714 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRSimpleVals performs the following action: invalidate all values passed-by-reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47638 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the transfer function to be invoked without an Expr* for the Cast operation.
Added implicit promotions to the transfer function logic for compound
assignments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47444 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
based on constant. prop. and limited symbolics.
- Renamed class: RValue -> RVal, LValue -> LVal, etc.
- Minor method renamings and interface cleanups.
- Tightened the RVal "type system" so that UninitializedVal and UnknownVal
cannot be cast to LVal or NonLVal. This forces these corner cases values
to be explicitly handled early before being dispatched to plug-in transfer
function logic.
- Major cleanup in the transfer function logic for binary and unary operators.
Still fixing some regressions, but we now explicitly handle Uninitialized
and Unknown values in a more rigorous way.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47441 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@47357 91177308-0d34-0410-b5e6-96231b3b80d8
|
