| Age | Commit message (Collapse) | Author |
|---|
|
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
veneer on top of getRegionValueSymbolVal().
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91471 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Remove isPod() from DenseMapInfo, splitting it out to its own
isPodLike type trait. This is a generally useful type trait for
more than just DenseMap, and we really care about whether something
acts like a pod, not whether it really is a pod.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91422 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
warnings for C++ objects (whose constructors/destructors have possible side-effects).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91412 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
now, don't construct CFGs that contain C++ try/catch statements, and
have GRExprEngine abort a path if it encounters a C++ construct it
doesn't understand (which is mostly everything at this point).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91389 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
captured block variables that are passed by reference
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91348 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91258 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91216 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
no extra safety anyway.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91207 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91155 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
are outside the current stack frame. Fixes <rdar://problem/7462324>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91107 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91100 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91085 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90993 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90968 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Otherwise, even when real evaluation occurs, the previous fake auto
transitions would still be in the destination set, causing fake state
bifurcation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90967 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead of the ElementRegion obtained from casts.
Test cast: the leak cannot occur bacause the true branch cannot be taken.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90964 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90953 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
repeatedly.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90952 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
by the test case in PR 5627. Essentially we shouldn't clear the
ExplodedNodeSet where we deposit newly constructed nodes if that set
is the 'Dst' set passed in. It is not okay to clear that set because
it may already contain nodes.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90931 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90847 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.
This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects. Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object. In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90809 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
handler to this interface.
GRExprEngine::CheckerEvalCall() will return true if one of the checkers has
processed the node. In the future this might return void when we have some
default checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90755 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90585 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
about BlockDecls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90584 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90583 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90582 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
addTransition() to compare the correct state values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90552 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BlockDataRegion*, giving us choice in our degree of context-sensitivity.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90516 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BlockInvocationContext to represent the invocation of a block.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90506 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90503 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MemRegion.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90499 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStoreManager::RemoveDeadBindings(): only the VarRegions for variables marked with the '__block' annotation should have their lifetime extended by a BlockDataRegion.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90462 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch by Lei Zhang!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90444 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90443 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90431 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
that all MemRegions iterated over are VarRegions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90430 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90424 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
multiple regions as once. After adopting this in the CFRefCount::EvalCall(), we see a reduction in analysis time of 1.5% when analyzing all of SQLite3.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90405 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
variables annotated with '__block'. This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90364 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
we don't need to use the DoneEvaluation hack when check for
ObjCMessageExpr.
PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.
Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90296 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90267 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
recursive logic in the methods of ScanReachableSymbols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90245 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90137 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90086 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90084 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analyzer over Postgresql.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90060 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90034 91177308-0d34-0410-b5e6-96231b3b80d8
|
