aboutsummaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
AgeCommit message (Collapse)Author
2012-02-09[analyzer] MallocChecker cleanup, more tests.Anna Zaks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150155 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-08[analyzer] MallocChecker: implement pessimistic version of the checker,Anna Zaks
which allows values to escape through unknown calls. Assumes all calls but the malloc family are unknown. Also, catch a use-after-free when a pointer is passed to a function after a call to free (previously, you had to explicitly dereference the pointer value). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150112 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-08[analyzer] Split the MallocChecker into two versions - pessimistic andAnna Zaks
optimistic. TODO: actually implement the pessimistic version of the checker. Ex: it needs to assume that any function that takes a pointer might free it. The optimistic version relies on annotations to tell us which functions can free the pointer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150111 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-08[analyzer] MallocChecker: convert from using evalCall toAnna Zaks
post visit of CallExpr. In general, we should avoid using evalCall as it leads to interference with other checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150086 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-05Basic: import SmallString<> into clang namespaceDylan Noblesmith
(I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149799 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-05Basic: import OwningPtr<> into clang namespaceDylan Noblesmith
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-04Move a method from IdentifierTable.h out of line and remove the SmallString ↵Benjamin Kramer
include. Fix all the transitive include users. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149783 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-04Move various diagnostic operator<< overloads out of line and remove includes ↵Benjamin Kramer
of Diagnostic.h. Fix all the files that depended on transitive includes of Diagnostic.h. With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149781 91177308-0d34-0410-b5e6-96231b3b80d8
2012-01-26Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.Ted Kremenek
At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
2012-01-17Remove unnecessary default cases in switches over enums.David Blaikie
This allows -Wswitch-enum to find switches that need updating when these enums are modified. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148281 91177308-0d34-0410-b5e6-96231b3b80d8
2012-01-06[analyzer] Make the entries in 'Environment' context-sensitive by making ↵Ted Kremenek
entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
2012-01-04[analyzer] Be less pessimistic about invalidation of global variablesAnna Zaks
as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
2012-01-04Fix 80 col violations.Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147566 91177308-0d34-0410-b5e6-96231b3b80d8
2011-12-01[analyzer] Refactor checkers to use helper function for getting callee Decl ↵Anna Zaks
and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145576 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-26[analyzer] Rename generateNode -> addTransition in CheckerContextAnna Zaks
Also document addTransition methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-25[analyzer] Simplify CheckerContextAnna Zaks
Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-25[analyze] Convert EndOfPath callback to use CheckerContextAnna Zaks
Get rid of the EndOfPathBuilder completely. Use the generic NodeBuilder to generate nodes. Enqueue the end of path frontier explicitly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-14Change operator<< for raw_ostream and NamedDecl to take a reference instead ↵Benjamin Kramer
of a pointer. Passing a pointer was a bad idea as it collides with the overload for void*. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141971 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-06[analyzer] Remove the dependency on CheckerContext::getStmt() as well as the ↵Anna Zaks
method itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141262 91177308-0d34-0410-b5e6-96231b3b80d8
2011-10-04[analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers ↵Anna Zaks
can obtain block count directly from the Context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141112 91177308-0d34-0410-b5e6-96231b3b80d8
2011-09-01If size was equal to 0, either NULL or a pointer suitable to be passed to Zhongxing Xu
free() is returned by realloc(). Most code expect NULL. And we only need to transfer one final ProgramState. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
2011-08-17Remove EnhancedBugReport and RangedBugReport - pull all the extra ↵Anna Zaks
functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137894 91177308-0d34-0410-b5e6-96231b3b80d8
2011-08-15Rename GRState to ProgramState, and cleanup some code formatting along the way.Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
2011-08-12Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer ↵Ted Kremenek
and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
2011-07-28[analyzer] fix bug in malloc checker where the tracked symbol would not ↵Ted Kremenek
properly be removed from the state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136418 91177308-0d34-0410-b5e6-96231b3b80d8
2011-07-23remove unneeded llvm:: namespace qualifiers on some core types now that ↵Chris Lattner
LLVM.h imports them into the clang namespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-27More accurately model realloc() when the size argument is 0. realloc() with ↵Lenny Maiorani
a size of 0 is equivalent to free(). The memory region should be marked as free and not used again. Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130303 91177308-0d34-0410-b5e6-96231b3b80d8
2011-04-02Remove a redundant method. We have a const version.Zhongxing Xu
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8
2011-03-01[analyzer] Rename CheckerV2 -> Checker.Argyrios Kyrtzidis
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-28[analyzer] Migrate MallocChecker to CheckerV2.Argyrios Kyrtzidis
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126606 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-23[analyzer] Refactor EndOfFunctionNodeBuilder.Argyrios Kyrtzidis
-Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a checker tag and not require the checkers to pass a tag. -For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since there are actual calls that assume the second parameter is ExplodedNode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126332 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-17simplify a bit.Chris Lattner
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125724 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-10Split 'include/clang/StaticAnalyzer' into ↵Ted Kremenek
'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
2011-02-08[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> ↵Argyrios Kyrtzidis
lib/StaticAnalyzer/Checkers/ExperimentalChecks.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125122 91177308-0d34-0410-b5e6-96231b3b80d8
2011-01-13Remove unnecessary save-and-restore of theTed Kremenek
node builder's 'HasGeneratedNode' field. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123362 91177308-0d34-0410-b5e6-96231b3b80d8
2011-01-11[analyzer] Add 'isLoad' parameter in Checker::visitLocation() to ↵Argyrios Kyrtzidis
conveniently distinguish between loads/stores. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123261 91177308-0d34-0410-b5e6-96231b3b80d8
2011-01-11Rename misc. methods in GRSubEngine to startTed Kremenek
with a lower-case letter. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123211 91177308-0d34-0410-b5e6-96231b3b80d8
2010-12-23Chris Lattner has strong opinions about directoryTed Kremenek
layout. :) Rename the 'EntoSA' directories to 'StaticAnalyzer'. Internally we will still use the 'ento' namespace for the analyzer engine (unless there are further sabre rattlings...). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122514 91177308-0d34-0410-b5e6-96231b3b80d8
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-05-07 17:11:38 +0000