| Age | Commit message (Collapse) | Author |
|---|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77875 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
manipulate the entire GRState, not just the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77870 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
created by AnalysisConsumer would be released by an instance of AnalysisManager
and then reused by later instances of AnalysisManager. Ownership of the
PathDiagnosticClient now belongs (for now) in AnalysisConsumer.
We also need this layering (for now) because the HTMLDiagnostiClient requires
that the entire translation unit be processed before emitting diagnostics. This
is done in its destructor (which should also be fixed, but that is another
issue).
This fixes PR 4653.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77648 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Move all components creation code into AnalysisConsumer::DigestAnalyzerOptions().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77585 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
AnalysisContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77563 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.
These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77483 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
index 0. This will be used for refinements to InvalidateRegion and CastRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77481 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77446 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77356 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
was created but not added to the destination NodeSet. This fixes PR 4630.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77353 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77249 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76924 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
--- Reverse-merging r76831 into '.':
U include/clang/Analysis/PathSensitive/GRExprEngine.h
U lib/Analysis/GRExprEngine.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76831 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Educate GRExprEngine::VisitGraph() about 'PreStmt'.
Mark the constructor of 'PostStmt' to be explicit, preventing implicit
conversions and the selection of the wrong 'generateNode' method in
GRStmtNodeBuilder.
Constify a bunch of arguments, which falls out of the changes to ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76800 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76798 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Add a 'previsit' stage (that dispatches to registered Checkers) when evaluating the effects of CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76794 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
interface to plug in domain-specific checker logic than the current
GRSimpleAPICheck interface. The new 'Checker' interface can actually generate
new nodes, allowing it to modify the state and refine the analysis (which
GRSimpleAPIChecks could not).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76793 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76792 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76790 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BugReporter API. No real functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76760 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76641 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
where the true or false CFGBlock* for a branch could be NULL. This will handle
the case where we can determine during CFG construction that a branch is
infeasible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76450 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76380 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
until Doug Gregor's Type smart pointer code lands (or more discussion occurs).
These methods just call the new Type::getAs<XXX> methods, so we still have
reduced implementation redundancy. Having explicit getAsXXXType() methods makes
it easier to set breakpoints in the debugger.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76193 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This method is intended to eventually replace the individual
Type::getAsXXXType<> methods.
The motivation behind this change is twofold:
1) Reduce redundant implementations of Type::getAsXXXType() methods. Most of
them are basically copy-and-paste.
2) By centralizing the implementation of the getAs<Type> logic we can more
smoothly move over to Doug Gregor's proposed canonical type smart pointer
scheme.
Along with this patch:
a) Removed 'Type::getAsPointerType()'; now clients use getAs<PointerType>.
b) Removed 'Type::getAsBlockPointerTypE()'; now clients use getAs<BlockPointerType>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76098 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ValueManager::makeArrayIndex()/convertArrayIndex() methods. This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75884 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(1) Moved the SValuator object from GRExprEngine to ValueManager. This
allows ValueManager to use the SValuator when creating SVals.
(2) Added ValueManager::makeArrayIndex() and
ValueManager::convertToArrayIndex(), two SVal creation methods
that will help RegionStoreManager always have a consistent set of
SVals with the same integer size and type when reasoning about
array indices.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75882 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
needs more finesse when handling the invalidation of pointers. Pointers that were invalidated as integers could later cause problems for clients using them as pointers. It is easier for us to model a symbolic value as a pointer rather than modeling a non-symbolic value as a pointer.
This patch causes:
- StoreManager::InvalidateRegion() to not used the casted type of a region if
it would cause a pointer type to be invalidated as a non-pointer type.
- Pushes RegionStore::RetrieveElement() further by handling retrievals from
symbolic arrays that have been invalidated. This uses the new SymbolDerived
construct that was recently introduced.
The result is that the failing test in misc-ps-region-store-x86_64.m now passes.
Both misc-ps-region-store-x86_64.m and misc-ps-region-store-i386.m contain a
test case that motivated this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SymbolDerived allows us to model symbolic values that are related to other
symbols via a region hierarchy. For example, SymbolDerived can be used to model
individual values of a symbolic array.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75728 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
I don't love the name, however it simplifies the code and is a worthwhile change. If/when we come up with a better name, we can do a search/replace.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75650 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
invalidate the region correctly. It uses the cast-to type to invalidate
the region when available. To avoid invalid cast-to type like 'void*' or 'id',
region store now only records non-generic casts of regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75580 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and implementing operator<< support for llvm::raw_ostream.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75560 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
convention and style similar to other elements in Clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75548 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The idea is to segregate Objective-C "object" pointers from general C pointers (utilizing the recently added ObjCObjectPointerType). The fun starts in Sema::GetTypeForDeclarator(), where "SomeInterface *" is now represented by a single AST node (rather than a PointerType whose Pointee is an ObjCInterfaceType). Since a significant amount of code assumed ObjC object pointers where based on C pointers/structs, this patch is very tedious. It should also explain why it is hard to accomplish this in smaller, self-contained patches.
This patch does most of the "heavy lifting" related to moving from PointerType->ObjCObjectPointerType. It doesn't include all potential "cleanups". The good news is additional cleanups can be done later (some are noted in the code). This patch is so large that I didn't want to include any changes that are purely aesthetic.
By making the ObjC types truly built-in, they are much easier to work with (and require fewer "hacks"). For example, there is no need for ASTContext::isObjCIdStructType() or ASTContext::isObjCClassStructType()! We believe this change (and the follow-up cleanups) will pay dividends over time.
Given the amount of code change, I do expect some fallout from this change (though it does pass all of the clang tests). If you notice any problems, please let us know asap! Thanks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75314 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to hopefully resolve template lookup ambiguities on some compilers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75253 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75209 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
T) should return a 'Loc' when 'T' is a pointer
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75062 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74870 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
using '-analyzer-store=basic-new-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74865 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(its superclass). This will allow us to experiment with using the new CastRegion
with BasicStoreManager, and gradually phase out the old implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74816 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74815 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74812 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74788 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74786 91177308-0d34-0410-b5e6-96231b3b80d8
|
