| Age | Commit message (Collapse) | Author |
|---|
|
malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT).
This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83439 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
r82198 and then reverted. This is an intermediate solution, as diagnostic
caching should not rely on static variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82301 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when running the analyzer on real projects. We'll keep the change to
AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code
correctly in both GC and non-GC modes, although this may emit two
diagnostics for each bug in some cases (a better solution will come
later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82201 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82198 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81825 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to a noreturn or panic function
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81803 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81783 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.
Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81579 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
local node information.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81433 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ActionGRExprEngine().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81064 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Now AnalysisManager is the only place we can get CodeDecl.
This leads to an API change: GRState::bindExpr() now takes the CFG argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79980 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79973 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79502 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and other core analysis logic will be untied to a particular Decl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79420 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79328 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BugReporter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79327 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
which allows custom checks to register callback creator functions for creating
BugReporterVisitor objects. This allows various checks to include diagnostics
such as 'assuming value is null' with little extra work. Eventually this API
should be refactored to be cleaner and more simple.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79302 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
merge ExplodedGraphImpl and ExplodedGraph.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78291 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and their impl base classes. This can greatly simply some code of the core
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78270 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77447 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
valid SourceLocation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Educate GRExprEngine::VisitGraph() about 'PreStmt'.
Mark the constructor of 'PostStmt' to be explicit, preventing implicit
conversions and the selection of the wrong 'generateNode' method in
GRStmtNodeBuilder.
Constify a bunch of arguments, which falls out of the changes to ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76092 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
subclasses.
Timings showed no significant difference before and after the commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74504 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.
We now have one implementation of SValuator: SimpleSValuator.
SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.
As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74229 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73968 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRState->bindXXX and friends (and constify some arguments along the way).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73740 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
report in a bug equivalence class with the shortest path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71920 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71832 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
loop body when generating 'Looping back to the head of the loop'
diagnostics.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71829 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
PathDiagnosticEventPiece if the BugReport contained no explicit ranges.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71516 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
context when they are used as initialization code for loops.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71480 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
constructor for a single point, not a range.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71477 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
canonicalization locations and use this in both popLocation and rawAddEdge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71470 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Improve -autorelease diagnostics.
- Improve VLA diagnostics.
- Use "short description" for bug when outputting to TextDiagnostics
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71383 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71135 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'BugReporterVisitor'. This simplifies callbacks from BugReporter to BugReports
(via VisitNode). It also lays the foundation for arbitrary visitor "call backs"
that can be registered to a BugReporterContext as a PathDiagnostic is
constructed. These call backs can help operate as separate "experts" that can
work on constructed pieces of a PathDiagnostic for which they possess special
knowledge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71121 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
start of 'do' and '@synchronized' statements.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71038 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
about Exprs that are not consumed and fix where the loop iteration diagnostic
goes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71027 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
control-flow expressions as dead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70887 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
location context. This allows us to postpone the decision of whether
or not a context should add a control-flow piece to the diagnostics
when inspecting its subexpressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70545 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70542 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70417 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Add an (optional) short description for BugReports for clients that want
to distinguish between long and short descriptions for bugs
- Make the bug report for VLA less obscene for Plist diagnostics by using
the short description
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70415 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70286 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
add "Looping back to the head of the loop" diagnostic for loops.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70285 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
can't track down.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70155 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70144 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70105 91177308-0d34-0410-b5e6-96231b3b80d8
|
