| Age | Commit message (Collapse) | Author |
|---|
|
per code review for r137523).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137633 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
enclosing function parameter, skip it to avoid false positives.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.
Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137523 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
time. One is cleanup, the other is me being OCD about enum group nesting.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137517 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.
Make AllocationState internal to the MacOSKeychainAPIChecker class.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137514 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
separate TypedRegions that implement getValueType() from those that don't.
Patch by Olaf Krzikalla!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
state so that we could clear the state on evalDeadSymbols; also track the return value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137003 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
getAsPointeeMemoryRegion so that it could be reused.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136952 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
exploring the transition on which a call to allocator function failed (to be able to find errors in examples like ErrorCodesFromDifferentAPISDoNotInterfere).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136930 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
allocator/deallocator API pairs. Add the allocator function ID to the checker state. Better comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136889 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136852 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136849 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be the common root package.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136835 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
checker that may be useful for security auditing. This checker is currently too noisy to be on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136804 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
returned noErr. (+ minor cleanup)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136694 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136659 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136581 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.
Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
properly be removed from the state.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136418 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SourceManager and FullSourceLoc.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135969 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
LLVM.h imports
them into the clang namespace.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135518 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pthread and XNU locks. Patch by Rui Paulo!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135515 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
API. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135349 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
llvm::OwningPtr<BugType> vars (the new convention). No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135255 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
single llvm::OwningPtr<BugType> (the new convention). No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135250 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fixes rdar://9714064
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134292 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given
const int& r = 1.0;
The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value.
IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133521 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133472 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133410 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133408 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133406 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133154 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
I will not commit without building first.
I will not commit without building first.
I will not commit without building first...
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133150 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
SValBuilder::getComparisonType() to just referencing IntTy.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133149 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.
Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133103 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133046 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133044 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
C++. Its external name is now unix.experimental.CString.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132958 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132956 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
can't properly model (yet?) to string-fail.c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132955 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132618 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132617 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132614 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132608 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132605 91177308-0d34-0410-b5e6-96231b3b80d8
|
