| Age | Commit message (Collapse) | Author |
|---|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
as well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77875 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
manipulate the entire GRState, not just the Store.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77870 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'void*' (or 'const void*') as an identity transformation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77860 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.
The root of the change is in StoreManager::CastRegion(). Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region. This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.
Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object. This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).
Other related changes that cascaded from this one (as tests were
failing in RegionStore):
- Revamped RegionStoreManager::InvalidateRegion() to completely remove
all bindings and default values from a region and all subregions.
Now invalidated fields are not bound directly to new symbolic
values; instead the base region has a "default" symbol value from
which "derived symbols" can be created. The main advantage of this
approach is that it allows us to invalidate a region hierarchy and
then lazily instantiate new values no matter how deep the hierarchy
went (i.e., regardless of the number of field accesses,
e.g. x->f->y->z->...). The previous approach did not do this.
- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
incorporate live symbols and live regions that do not have direct
bindings but also have "default values" used for lazy instantiation.
The changes to 'InvalidateRegion' revealed that these were necessary
in order to achieve lazy instantiation of values in the region store
with those bindings being removed too early.
- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
a serious bug in 'getSubRegionMap()' where not all region -> subregion
relationships involved in actually bindings (explicit and implicit)
were being recorded. This has been fixed by using a worklist algorithm
to iteratively fill in the region map.
- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
layering of ElementRegions.
- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
being marked live if the symbol they were derived from was also live.
This fix was critical for getting lazy instantiation in RegionStore
to work.
- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
to use SymbolManager::canSymbolicate() to decide whether or not a
symbol should be symbolicated.
- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
moved to 'test/Analysis/misc-ps.m'.
- Tweaked some pretty-printing of MemRegions, and implemented
'ElementRegion::getRawOffset()' for use with the CastRegion changes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77782 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
not work quite right with the changes I'm about to commit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77779 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77651 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77589 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Move all components creation code into AnalysisConsumer::DigestAnalyzerOptions().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77585 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77577 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
AnalysisContext.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77563 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsRecordType() -> Type::getAs<RecordType>()
Type::getAsPointerType() -> Type::getAs<PointerType>()
Type::getAsBlockPointerType() -> Type::getAs<BlockPointerType>()
Type::getAsLValueReferenceType() -> Type::getAs<LValueReferenceType>()
Type::getAsRValueReferenceType() -> Type::getAs<RValueReferenceType>()
Type::getAsMemberPointerType() -> Type::getAs<MemberPointerType>()
Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
Type::getAsTagType() -> Type::getAs<TagType>()
And remove Type::getAsReferenceType(), etc.
This change is similar to one I made a couple weeks ago, but that was partly
reverted pending some additional design discussion. With Doug's pending smart
pointer changes for Types, it seemed natural to take this approach.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77510 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
we don't care about ElementRegions layered on top of a base region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77484 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.
These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77483 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
index 0. This will be used for refinements to InvalidateRegion and CastRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77481 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77479 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77447 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
could cause false positives if any the subexpressions had side-effects. These
initializers weren't evaluated because the StoreManager would need to handle
them, but that's an orthogonal problem of whether or not the StoreManager can
handle the binding.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77361 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
was created but not added to the destination NodeSet. This fixes PR 4630.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77353 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
valid SourceLocation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
calls to noreturn function pointers when CFG building.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77089 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77012 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
if the DeclRefExpr is a float, not just either argument.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76998 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76955 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
TryEvaluateBool instead of using a raw 'int'. This avoids any
confusion of how 'int' converts to bool, and makes the resultant code
easier to read.
Condense a bunch of 'addSuccessor()' calls in 'if ... else' to use the
ternary operator instead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76947 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76940 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76924 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76911 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76905 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76901 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This implements <rdar://problem/6336718> and checks for CERT secure coding
advisory FLP30-C.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76900 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Root is the main function or 0.
- ExternalCallingNode has edges to all external functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76876 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- change the DenseMap used in callgraph to std::map, since DenseMap cannot
be used with mapped_iterator and friends.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76874 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
--- Reverse-merging r76831 into '.':
U include/clang/Analysis/PathSensitive/GRExprEngine.h
U lib/Analysis/GRExprEngine.cpp
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
counter.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76833 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76831 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76814 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Educate GRExprEngine::VisitGraph() about 'PreStmt'.
Mark the constructor of 'PostStmt' to be explicit, preventing implicit
conversions and the selection of the wrong 'generateNode' method in
GRStmtNodeBuilder.
Constify a bunch of arguments, which falls out of the changes to ProgramPoint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'Checker' interface. An updated test case illustrates that after calling a
function with the 'nonnull' attribute we now register the fact that the passed
pointer must be non-null. This retention of information was not possible with
the previously used GRSimpleAPICheck interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76797 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76795 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Add a 'previsit' stage (that dispatches to registered Checkers) when evaluating the effects of CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76794 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76792 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BugReporter API. No real functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76760 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead preferring to use the a region's actual type when creating
symbols and using the QualType passed to Retrieve for implicit
casting. This preprocessor logic is temporary; eventually we will
either remove region casts or keep them.
Temporarily toggle (via preprocessor directives) that SymbolicRegions
with heap storage are not undefined, but instead should be
symbolicated. If we want to model that a SymbolicRegion is
uninitialized, we can explicitly model that by binding UndefinedVal to
that region. It turns out that we want to treat most heap objects as
being defined, not the other way around.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76720 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'cast type' of a region to invalidate its binding. This only occurs
when using RegionStoreManager, as it records the cast type. I'm
currently considering removing the notion of a cast type (see
comments in code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76719 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
poisoning changes to DenseMap. We were using an iterator after it had been
invalidated by an insertion into the DenseMap.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76677 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76641 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76546 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76531 91177308-0d34-0410-b5e6-96231b3b80d8
|
