| Age | Commit message (Collapse) | Author |
|---|
|
of bool to keep it clear that we are reasoning about an unsigned integer with a single bit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84607 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
touched by StoreManager::InvalidateRegion().
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84223 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84081 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Make all Base value the last argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84071 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83949 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83935 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83934 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
successor and predecessor vectors, etc.
Speedup: when doing 'clang-cc -analyze -dump-cfg' (without actual printing, just
CFG building) on the amalgamated SQLite source (all of SQLite in one source
file), runtime reduced by 9%.
This fixes: <rdar://problem/7250745>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83899 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83884 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83612 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
templated class. Hopefully this will please the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83452 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT).
This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83439 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
adding assert
This fix required a few changes:
SimpleSValuator:
- Eagerly replace a symbolic value with its constant value in EvalBinOpNN
when it is constrained to a constant. This allows us to better constant fold
values along a path.
- Handle trivial case of '<', '>' comparison of pointers when the two pointers
are exactly the same.
RegionStoreManager:
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83358 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
concrete types. Use unqualified desugaring for getAs<> and sundry.
Fix a few users to either not desugar or use qualified desugar, as seemed
appropriate. Removed Type's qualified desugar method, as it was easy
to accidentally use instead of QualType's.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83116 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure
The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions. This required a
rewrite of this method using a worklist.
As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument. This tag is used to
differentiate two different symbols created at the same location.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82920 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and unsigned integer values for symbolic values. This is an intermediate solution (i.e. hack) until we support extension/truncation of symbolic integers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82737 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
have the iterators and operator[] handle the traversal of statements, as they
are stored in reverse order. Tests show this has no real performance impact, but
it does simply the CFG construction logic and will make it slightly easier to
change the allocation strategy for CFGBlocks (as we have fewer copies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82702 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82299 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when running the analyzer on real projects. We'll keep the change to
AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code
correctly in both GC and non-GC modes, although this may emit two
diagnostics for each bug in some cases (a better solution will come
later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82201 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82198 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
now down by a 'Checker' and not build into GRExprEngine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82017 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to a noreturn or panic function
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81803 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.
Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81579 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
local node information.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81433 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81061 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80873 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Also fix a checker context bug: the Dst set is not always empty initially.
Because in GRExprEngine::CheckerVisit(), *CurrSet is used repeatedly.
So we removed the Dst.empty() condition in ~CheckerContext() when deciding
whether to do autotransision.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80786 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
motivated from Shark profiles that shows that 'markLive' was very
heavy when using --analyzer-store=region. On my benchmark file, this
reduces the analysis time for --analyzer-store=region from 19.5s to
13.5s and for --analyzer-store=basic from 5.3s to 3.5s. For the
benchmark file, this is a reduction of about 30% analysis time for
both analysis modes (a huge win).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80765 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointers. Most logic cares first about whether or not a region is
symbolic, and second if represents code. This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80294 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80293 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80237 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80236 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80226 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
greatly simplifying the logic of the analyzer in many places. We now only distinguish between block-level expressions and subexpressions in Environment::RemoveDeadBindings and GRState pretty-printing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80194 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80026 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80018 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Now AnalysisManager is the only place we can get CodeDecl.
This leads to an API change: GRState::bindExpr() now takes the CFG argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79980 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79973 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the condition. This eliminates a source of bugs where the client doesn't
correctly reason about undefined or unknown values. This fixes PR 4759.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79952 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SVal. This allows us to use the C++ type system to distinguish between SVals
that are potentially unknown/undefined and those that are not.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79951 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
AnalysisContext should never change. Along the way, propagate some constness
around.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79701 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79700 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.
For RegionStoreManager, the value for SelfRegion is just lazily created.
For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.
As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79694 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to untie the ExplodedGraph from a specific Decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79588 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79502 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and other core analysis logic will be untied to a particular Decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79420 91177308-0d34-0410-b5e6-96231b3b80d8
|
