| Age | Commit message (Collapse) | Author |
|---|
|
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
handling (for C++). No functionality change for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94153 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
CallExprs as those edges help cause a n^2 explosion in the number of
destructor calls. Other consumers, such as static analysis, that
would like to have more a more complete CFG can select the inclusion
of those edges as CFG build time.
This also fixes up the two compilation users of CFGs to be tolerant of
having or not having those edges. All catch code is assumed be to
live if we didn't generate the exceptional edges for CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94074 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
intermediate destination set Tmp4.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93873 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
malloc().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93722 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93506 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93175 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
value bindings. Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key". This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93137 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93047 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92675 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRStateManager. Having these references was an abstraction violation,
as they really should only be known about GRExprEngine.
This change required adding a new 'ProcessAssume' callback in
GRSubEngine. GRExprEngine implements this callback by calling
'EvalAssume' on all registered Checker objects as well as the
registered GRTransferFunc object.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92549 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92342 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92121 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92116 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a SwitchStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92102 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91991 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
mode.
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91987 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91966 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91952 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
expression as an lvalue when the return type is a C++ reference.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91926 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
would have a higher respect for its own code. This is getting old, is this
warning really adding value?
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91779 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91710 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91613 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91572 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
attribute: the object type.
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91535 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91517 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91504 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
veneer on top of getRegionValueSymbolVal().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91471 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91429 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
captured block variables that are passed by reference
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91348 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91216 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
are outside the current stack frame. Fixes <rdar://problem/7462324>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90968 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90887 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.
This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects. Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object. In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
handler to this interface.
GRExprEngine::CheckerEvalCall() will return true if one of the checkers has
processed the node. In the future this might return void when we have some
default checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90755 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90582 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
addTransition() to compare the correct state values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90552 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90551 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
returns state. So simplify the predicate.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90546 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BlockDataRegion*, giving us choice in our degree of context-sensitivity.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90516 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BlockInvocationContext to represent the invocation of a block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90506 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90503 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegion.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90499 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
that all MemRegions iterated over are VarRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90430 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
multiple regions as once. After adopting this in the CFRefCount::EvalCall(), we see a reduction in analysis time of 1.5% when analyzing all of SQLite3.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90405 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
we don't need to use the DoneEvaluation hack when check for
ObjCMessageExpr.
PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.
Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90296 91177308-0d34-0410-b5e6-96231b3b80d8
|
