| Age | Commit message (Collapse) | Author |
|---|
|
(1) libAnalysis is a generic analysis library that can be used by
Sema. It defines the CFG, basic dataflow analysis primitives, and
inexpensive flow-sensitive analyses (e.g. LiveVariables).
(2) libChecker contains the guts of the static analyzer, incuding the
path-sensitive analysis engine and domain-specific checks.
Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.
This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker. More changes pending. :)
This change also exposed a layering violation between AnalysisContext
and MemRegion. BlockInvocationContext shouldn't explicitly know about
BlockDataRegions. For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet). We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
"ASTContext::getTypeSize() / 8". Replace [u]int64_t variables with CharUnits
ones as appropriate.
Also rename RawType, fromRaw(), and getRaw() in CharUnits to QuantityType,
fromQuantity(), and getQuantity() for clarity.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93153 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
CXXObjectRegion to represent it.
In Environment, lookup a literal expression before make up a value for it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93047 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@92675 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91572 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
attribute: the object type.
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91535 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
captured block variables that are passed by reference
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91348 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
are outside the current stack frame. Fixes <rdar://problem/7462324>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.
This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects. Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object. In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90503 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegion.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90499 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
that all MemRegions iterated over are VarRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90430 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90267 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
VarRegions for "captured" variables for a block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89927 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'BlockDataRegion' to distinguish between the code associated with a
block (which is represented by 'BlockTextRegion') and an instance of a
block, which includes both code and data. 'BlockDataRegion' has an
associated LocationContext, which can be used to eventually model the
lifetime of a block object once LocationContexts can represent scopes
(and iterations around a loop, etc.).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89900 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
precursor to having basic static analysis support for blocks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89828 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
region, so that arithmetic within a memory chunk is allowed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86652 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
getBaseRegion will be used in another method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86649 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointers. Most logic cares first about whether or not a region is
symbolic, and second if represents code. This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.
For RegionStoreManager, the value for SelfRegion is just lazily created.
For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.
As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79694 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
index 0. This will be used for refinements to InvalidateRegion and CastRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77481 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76381 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76380 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ValueManager::makeArrayIndex()/convertArrayIndex() methods. This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75884 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and implementing operator<< support for llvm::raw_ostream.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75560 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbol used for the region (makes it easier to read for nested regions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75550 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
convention and style similar to other elements in Clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75548 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to hopefully resolve template lookup ambiguities on some compilers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75253 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
structures passed-by-value as function arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74729 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
directly consulting if a VarDecl is an implicit or actual parameter, a global,
etc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74716 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This will simplify the logic of StoreManagers that want to specially reason
about the values of parameters.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74715 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74709 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is simple enough, but then I thought it would be nice to make PrintingPolicy
get a LangOptions so that various things can key off "bool" and "C++" independently.
This spiraled out of control. There are many fixme's, but I think things are slightly
better than they were before.
One thing that can be improved: CFG should probably have an ASTContext pointer in it,
which would simplify its clients.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74493 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Change implementation of MemRegion::hasStackStorage()/hasHeapStorage() to use
'getMemorySpace()'. This avoids a double traversal up the region hierarchy
and is simpler.
- Add MemRegion::hasHeapOrStackStorage() as a slightly more efficient
alternative to 'hasStackStorage() || hasHeapStorage()'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73977 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73973 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
trait-based MemRegion creation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73941 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73940 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Embed a reference to MemRegionManager objects in MemSpaceRegion objects
- Use this embedded reference for MemRegion objects to access ASTContext objects without external help
- Use this access to ASTContext to simplify 'isBoundable' (no ASTContext& argument required)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73935 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
trait-based MemRegion creation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73927 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the new trait-based construction of MemRegion objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73926 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
new generalized region-construction code.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73921 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
member template functions and traits. The idea is to allow MemRegionManager to
construct subclasses of MemRegion that aren't declared in MemRegion.h (e.g.,
checker-specific regions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73917 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be unique.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73482 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RValueType => ObjectType
LValueType => LocationType
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71304 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
future we would create ElementRegion directly on top of typeless regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71075 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ElementRegion. I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.
This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager. Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
'Line 159: Uninitialized or undefined return value returned to caller.'
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.
Zhongxing: When you get a chance, could you review this? I could have
easily screwed up something basic in RegionStoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70830 91177308-0d34-0410-b5e6-96231b3b80d8
|
