| Age | Commit message (Collapse) | Author |
|---|
|
nested arrays/structs whose values are not explicitly specified. Fixes <rdar://problem/7403269>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@89384 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the
region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
we can let all Retrieve() methods simply return SVal.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88888 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86932 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
getBaseRegion will be used in another method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86649 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch by Victor Zverovich!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86638 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
ArrayType>()) does not instantiate. Update all callers that used this
unsafe feature to use the appropriate ASTContext::getAs*ArrayType method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86596 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well. This paves the way for adding "checker" visitation in EvalBind().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85983 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
by Zhongxing Xu. RemoveDeadBindings() would falsely prune
SymbolicRegions from the store that wrapped derived symbols whose
liveness could only be determined after scanning the store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@85484 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
an Objective-C object
region when doing lazy value retrieval of an ivar.
This fixes: <rdar://problem/7312221>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84584 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84398 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
nothing) and into RemoveDeadBindings. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the code to standard worklist algorithm. Always add both sub and super
regions of live regions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84323 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
kinds. This means we are visiting all regions 'from super region'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84319 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
touched by StoreManager::InvalidateRegion().
This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84223 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStoreManager::Retrieve() that was intended to handle conflated uses of pointers as integers.
It turns out this isn't needed, and resulted in inconsistent behavior when creating symbolic values on the following test case in 'tests/Analysis/misc-ps.m':
typedef struct _BStruct { void *grue; } BStruct;
void testB_aux(void *ptr);
void testB(BStruct *b) {
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
testB_aux(__gruep__);
}
{
int *__gruep__ = ((int *)&((b)->grue));
int __gruev__ = *__gruep__;
if (~0 != __gruev__) {}
}
}
When the code was analyzed with '-arch x86_64', the value assigned to '__gruev__' be would be a
symbolic integer, but for '-arch i386' the value assigned to '__gruev__' would be a symbolic region
(a blob of memory). With this change the value created is always a symbolic integer.
Since the code being removed was added to support analysis of code calling
OSAtomicCompareAndSwapXXX(), I also modified 'test/Analysis/NSString.m' to analyze the code in both
'-arch i386' and '-arch x86_64', and also added some complementary test cases to test the presence
of leaks when using OSAtomicCompareAndSwap32Barrier()/OSAtomicCompareAndSwap64Barrier() instead of
just their absence. This code change reveals that previously both RegionStore and BasicStore were
handling these cases wrong, and would never cause the analyzer to emit a leak in these cases (false
negatives). Now RegionStore gets it right, but BasicStore still gets it wrong (and hence it has been
disabled temporarily for this test case).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84163 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
* Make all Base value the last argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@84071 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83934 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
default binding for regions. This allows us to simply a lot of code. A
further simplification could be done is that many methods of
regionstore can only work on Store instead of GRState.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83611 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83610 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
adding assert
This fix required a few changes:
SimpleSValuator:
- Eagerly replace a symbolic value with its constant value in EvalBinOpNN
when it is constrained to a constant. This allows us to better constant fold
values along a path.
- Handle trivial case of '<', '>' comparison of pointers when the two pointers
are exactly the same.
RegionStoreManager:
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83358 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
concrete types. Use unqualified desugaring for getAs<> and sundry.
Fix a few users to either not desugar or use qualified desugar, as seemed
appropriate. Removed Type's qualified desugar method, as it was easy
to accidentally use instead of QualType's.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83116 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'*((unsigned int *)"????")'
This issue was originally reported via personal email by Thomas Clement!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83069 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
identified with a false positive reported by Thomas Clement. This
involved doing another rewrite of
RegionStoreManager::RemoveDeadBindings(), which phrases the entire
problem of scanning for dead regions as a graph exploration problem.
It is more methodic than the previous implementation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83053 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
are only specially treated by RegionStore::InvalidateRegion() when
their super region is also invalidated. When this isn't the case,
conjure a new symbol for a FieldRegion. Thanks to Zhongxing Xu and
Daniel Dunbar for pointing out this issue.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83043 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
region has also been invalidated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83040 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStoreManager::InvalidateRegion() by only removing their old
binding, not conjuring a new symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82939 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82924 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure
The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions. This required a
rewrite of this method using a worklist.
As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument. This tag is used to
differentiate two different symbols created at the same location.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82920 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead of 'cast<PointerType>()' (to handle pointer typedefs).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82686 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
parameter regions
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
floats not honored
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82575 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Several of the existing methods were identical to their respective
specializations, and so have been removed entirely. Several more 'leaf'
optimizations were introduced.
The getAsFoo() methods which imposed extra conditions, like
getAsObjCInterfacePointerType(), have been left in place.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
integer pointer. For now just invalidate the fields of the struct.
This addresses: <rdar://problem/7185607> [RegionStore] support invalidation of bit fields using integer assignment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82492 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81346 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81092 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when using the non-fragile Objective-C ABI. This fixes <rdar://problem/7168531>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80047 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80026 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.
For RegionStoreManager, the value for SelfRegion is just lazily created.
For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.
As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79694 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
GRStateManager to create the SelfRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79628 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
of GRStateManager and GRExprEngine, pass the initial location context
to the getInitialState() method.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79228 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
with array accesses. In the process, refactor some common logic in
RetrieveElement() and RetrieveField() into RetrieveFieldOrElementCommon().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78349 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
involving reasoning about unions (which we don't handle yet).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78342 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78305 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
LazyCompoundSVals.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78284 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
are no longer needed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78273 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStore already lazily abstracted the contents of arrays and structs, when
doing an assignment from one array/struct to another we did an explicit
element-wise copy, which resulted in a loss of laziness and huge performance
problem when analyzing many code bases.
Now RegionStoreManager handles such assignments using a new SVal could
'LazyCompoundSVal', which basically means the value of a given struct or array
(a MemRegion*) in a specific state (GRState). When we do a load from a field
whose encompassing struct binds to a LazyCompoundSVal, we essentially do a field
lookup in the original structure. This means we have essentially zero copying of
data for structs/arrays and everything stays lazy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78268 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
region to the worklist used to create the subregion map.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@78228 91177308-0d34-0410-b5e6-96231b3b80d8
|
