| Age | Commit message (Collapse) | Author |
|---|
|
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
So we should use the current program point.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91989 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90028 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the old builder API. This percolated a bunch of changes up to the
Checker class (where CheckLocation has been renamed VisitLocation) and
GRExprEngine. ProgramPoint now has the notion of a "LocationCheck"
point (with PreLoad and PreStore respectively), and a bunch of the old
ProgramPoints that are no longer used have been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86798 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
malloc() traffic when adding successors/predecessors to a node. This was done by introducing BumpVector, which is essentially SmallVector with all memory being BumpPtrAllocated (this can certainly be cleaned up or moved into llvm/ADT).
This change yields a 1.8% speed increase when running the analyzer (with -analyzer-store=region) on a small benchmark file.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83439 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79973 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
of GRStateManager and GRExprEngine, pass the initial location context
to the getInitialState() method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79228 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
which is either a stack frame context of the function or a local scope
context.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79072 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Some Builders need further cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78301 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
merge GRCoreEngineImpl and GRCoreEngine.
Introduce a new interface class GRSubEngine as the subengine of GRCoreEngine.
GRExprEngine subclasses GRSubEngine now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78298 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
merge ExplodedGraphImpl and ExplodedGraph.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78291 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and their impl base classes. This can greatly simply some code of the core
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78270 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Educate GRExprEngine::VisitGraph() about 'PreStmt'.
Mark the constructor of 'PostStmt' to be explicit, preventing implicit
conversions and the selection of the wrong 'generateNode' method in
GRStmtNodeBuilder.
Constify a bunch of arguments, which falls out of the changes to ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76792 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
where the true or false CFGBlock* for a branch could be NULL. This will handle
the case where we can determine during CFG construction that a branch is
infeasible.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76450 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75761 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
now until ready).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71303 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis introspection) when we computed an lvalue. This shouldn't
effect the current analysis results in any way.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71169 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRCoreEngine. This tends to result in shorter paths for pathological cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70585 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ProgramPoints all the way through to GRCoreEngine.
NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@68845 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
PostStmt program point. This allows clients to pass in PostStmtCustom program
points.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@65080 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- one queue (FIFO) to queue up nodes at block entrances
- another queue (LIFO) to queue up other nodes
- The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@61106 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Still need to flesh out some logic.
When processing DeclStmt, use the new interface to StateManager::BindDecl. Conjuring of symbols is now done in VisitDeclStmt.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@59155 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
PostStmtKind was used instead of a PostStoreKind.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57719 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@56245 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@55392 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRCoreEngineImpl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@54714 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
current store implementation is now encapsulated by BasicStore.
These changes prompted some long due constification of ValueState. Much of the
diffs in this patch include adding "const" qualifiers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@53423 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
1) Check if a dead store appears as a subexpression. For such cases, we emit
a verbose diagnostic so that users aren't confused. This addresses:
<rdar://problem/5968508> checker gives misleading report for dead store in loop
2) Don't emit a dead store warning when assigning a null value to a pointer.
This is a common form of defensive programming. We may wish to make
this an option to the the checker one day.
This addresses the feature request in the following email:
http://lists.cs.uiuc.edu/pipermail/cfe-dev/2008-June/001978.html
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52555 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
distinguishes between the cases when we just evaluated the transfer function of a Stmt* (PostStmt) or performed a load (PostLoad). This solves a caching bug observed in a recent bug report.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@52443 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
EvalStore/EvalLoad to handle all loads/stores from symbolic memory, allowing us
to do checks for null dereferences, etc., at any arbitrary load/store (these
were missed checks before). This also resulted in some major cleanups, some
conceptual, and others just in the structure of the code.
This temporarily introduces a regression in the test suite (null-deref-ps.c)
before I add a new LVal type for structure fields.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@50443 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
compiler warning introduced by a recent patch of mine.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49917 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
node cache.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49907 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a node, not the state of the predecessor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49823 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
evaluating transfer functions at the end-of-path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@49561 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
lib dir and move all the libraries into it. This follows the main
llvm tree, and allows the libraries to be built in parallel. The
top level now enforces that all the libs are built before Driver,
but we don't care what order the libs are built in. This speeds
up parallel builds, particularly incremental ones.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@48402 91177308-0d34-0410-b5e6-96231b3b80d8
|
