aboutsummaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer/Checkers/CStringChecker.cpp
AgeCommit message (Collapse)Author
2011-07-23remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner
LLVM.h imports them into the clang namespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-20[analyzer] Finish size argument checking for strncat (and strncpy).Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133472 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-20[analyzer] Replace stream-built error message with constant string. No ↵Jordy Rose
functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133410 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-20[analyzer] Re-enable checking for strncpy, along with a new validation of ↵Jordy Rose
the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133408 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-20[analyzer] Eliminate "byte string function" from CStringChecker's ↵Jordy Rose
diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133406 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-16[analyzer] Clean up modeling of strcmp, including cases where a string ↵Jordy Rose
literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133154 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-16[analyzer] Fix trivial errors in previous commit.Jordy Rose
I will not commit without building first. I will not commit without building first. I will not commit without building first... git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133150 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-16[analyzer] Cleanup: mainly 80-char violations and preferring ↵Jordy Rose
SValBuilder::getComparisonType() to just referencing IntTy. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133149 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-15[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():Jordy Rose
- (bounded copies) Be more conservative about how much is being copied. - (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it. - (stpcpy) Fix the conjured return value at the end to actually be returned. This requires these supporting changes: - C string metadata symbols are still live even when buried in a SymExpr. - "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.) - The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager. This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133046 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-15[analyzer] If a C string length is UnknownVal, clear any existing length ↵Jordy Rose
binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133044 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-14[analyzer] Change large if body to early return. No functionality change.Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132956 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-14[analyzer] Fix modeling of strnlen to be more conservative. Move tests we ↵Jordy Rose
can't properly model (yet?) to string-fail.c. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132955 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-04[analyzer] Change an indent-if to an early return. No functionality change.Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132618 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-04[analyzer] Don't crash when copying an unknown number of bytes with ↵Jordy Rose
memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132617 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-04[analyzer] Remove extra assignment that actually lost a few of the assumptions.Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132614 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-04[analyzer] Fix comment for (still-disabled) evalStrncpyJordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132608 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-04[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8
2011-06-03[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)Jordy Rose
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132605 91177308-0d34-0410-b5e6-96231b3b80d8
2011-05-03Removing strncpy() checking in CString checker for now. Some significant ↵Lenny Maiorani
changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130758 91177308-0d34-0410-b5e6-96231b3b80d8
2011-05-02Augment retain/release checker to not warn about tracked objects passed as ↵Ted Kremenek
arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
2011-05-02Implements strncasecmp() checker and simplifies some of the logic around ↵Lenny Maiorani
creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130708 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-28Use StringRef::substr() and unbounded StringRef::compare() instead of ↵Lenny Maiorani
bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130425 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-28Eliminates an assert in the strncpy/strncat checker caused by not validating ↵Lenny Maiorani
a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced. This fixes Bugzilla #9806. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130422 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-28Implements strcasecmp() checker in Static Analyzer.Lenny Maiorani
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130398 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-25Implements the strncmp() checker just like the strcmp() checker, but with ↵Lenny Maiorani
bounds. Requires LLVM svn r129582. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130161 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-15fix a bunch of comment typos found by codespell. Patch byChris Lattner
Luis Felipe Strano Moraes! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-12This patch adds modeling of strcmp() to the CString checker. Validates ↵Lenny Maiorani
inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129364 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-09strcat() and strncat() model additions to CStringChecker.Lenny Maiorani
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129215 91177308-0d34-0410-b5e6-96231b3b80d8
2011-03-31Adding Static Analyzer checker for mempcpy().Lenny Maiorani
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128677 91177308-0d34-0410-b5e6-96231b3b80d8
2011-03-01[analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-24[analyzer] Migrate CStringChecker to CheckerV2.Argyrios Kyrtzidis
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126350 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-22Add CStringChecker support for strncpy. Patch by Lenny Maiorani!Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126188 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-22Add CStringChecker support for strnlen. Patch by Lenny Maiorani!Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126187 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-17[analyzer] Pass CheckerManager to the registration functions.Argyrios Kyrtzidis
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125777 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-17simplify a bit.Chris Lattner
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125724 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-15[analyzer] Use the new registration mechanism on some of the experimental ↵Argyrios Kyrtzidis
checks. These are: CStringChecker ChrootChecker MallocChecker PthreadLockChecker StreamChecker UnreachableCodeChecker MallocChecker creates implicit dependencies between checkers and needs to be handled differently. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125598 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-11Rename 'InvalidateRegions()' to 'invalidateRegions()'.Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-10Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek
'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-08[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> ↵Argyrios Kyrtzidis
lib/StaticAnalyzer/Checkers/ExperimentalChecks.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125122 91177308-0d34-0410-b5e6-96231b3b80d8
2011-01-11Rename misc. methods in GRSubEngine to startTed Kremenek
with a lower-case letter. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123211 91177308-0d34-0410-b5e6-96231b3b80d8
2010-12-23Chris Lattner has strong opinions about directoryTed Kremenek
layout. :) Rename the 'EntoSA' directories to 'StaticAnalyzer'. Internally we will still use the 'ento' namespace for the analyzer engine (unless there are further sabre rattlings...). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122514 91177308-0d34-0410-b5e6-96231b3b80d8
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-06-23 06:16:03 +0000