| Age | Commit message (Collapse) | Author |
|---|
|
Store this info inside the function summary generated for all analyzed
functions. This is useful for coverage stats and can be helpful for
analyzer state space search strategies.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbolic offsets. We still don't
properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings
either. Fixes <rdar://problem/11127008>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
that has already been inlined. Unfortunately I have no test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153900 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
layer of inderection with std::list
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153847 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Fixes a false positive (radar://11152419). The current solution of
adding the info into 3 places is quite ugly. Pending a generic pointer
escapes callback.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
count.
This is an optimization for "retry without inlining" option. Here, if we
failed to inline a function due to reaching the basic block max count,
we are going to store this information and not try to inline it
again in the translation unit. This can be viewed as a function summary.
On sqlite, with this optimization, we are 30% faster then before and
cover 10% more basic blocks (partially because the number of times we
reach timeout is decreased by 20%).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153591 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
retry without inlining.
(+ other minor cleanups)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153581 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153568 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The analyzer gives up path exploration under certain conditions. For
example, when the same basic block has been visited more than 4 times.
With inlining turned on, this could lead to decrease in code coverage.
Specifically, if we give up inside the inlined function, the rest of
parent's basic blocks will not get analyzed.
This commit introduces an option to enable re-run along the failed path,
in which we do not inline the last inlined call site. This is done by
enqueueing the node before the processing of the inlined call site
with a special policy encoded in the state. The policy tells us not to
inline the call site along the path.
This lead to ~10% increase in the number of paths analyzed. Even though
we expected a much greater coverage improvement.
The option is turned off by default for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the report configuration while walking the path.
This required adding a change count token to BugReport, but also allowed us to ditch ImmutableList as the BugReporterVisitor data type.
Also, remove the hack from MallocChecker, now that visitors appear in the opposite order. This is not exactly a fix, but the common case -- custom diagnostics after generic ones -- is now the default behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153369 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
function call was inlined (i.e., we do not need to apply summaries in such cases).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
11146.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153283 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153281 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153280 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Specifically, we use the last store of the leaked symbol in the leak diagnostic.
(No support for struct fields since the malloc checker doesn't track those
yet.)
+ Infrastructure to track the regions used in store evaluations.
This approach is more precise than iterating the store to
obtain the region bound to the symbol, which is used in RetainCount
checker. The region corresponds to what is uttered in the code in the
last store and we do not rely on the store implementation to support
this functionality.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
So that others could use it as well. No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153211 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152982 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Do not display the standard "Returning from 'foo'", when a stack hint is
available.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The symbol-aware stack hint combines the checker-provided message
with the information about how the symbol was passed to the callee: as
a parameter or a return value.
For malloc, the generated messages look like this :
"Returning from 'foo'; released memory via 1st parameter"
"Returning from 'foo'; allocated memory via 1st parameter"
"Returning from 'foo'; allocated memory returned"
"Returning from 'foo'; reallocation of 1st parameter failed"
(We are yet to handle cases when the symbol is a field in a struct or
an array element.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152961 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
number of steps in the work list.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152960 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152900 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
well.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152868 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
expressions with a "base object", because the CFG is now linearized.
The only use of AggExprVisitor was in #if 0 code (the analyzer's incomplete C++ support), so there is no actual behavioral change anyway.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152856 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
BugVisitor DiagnosticPieces.
When checkers create a DiagnosticPieceEvent, they can supply an extra
string, which will be concatenated with the call exit message for every
call on the stack between the diagnostic event and the final bug report.
(This is a simple version, which could be/will be further enhanced.)
For example, this is used in Malloc checker to produce the ",
which allocated memory" in the following example:
static char *malloc_wrapper() { // 2. Entered call from 'use'
return malloc(12); // 3. Memory is allocated
}
void use() {
char *v;
v = malloc_wrapper(); // 1. Calling 'malloc_wrappers'
// 4. Returning from 'malloc_wrapper', which allocated memory
} // 5. Memory is never released; potential
memory leak
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(Why are we keeping all of this code around anyway? Say the word and I'll
start swinging the delete hammer.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152749 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in the callee.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152734 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
MaterializeTemporaryExpr.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152730 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
longer needed as the CFG is fully linearized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152720 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152677 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
respectively.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152676 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
multiple files.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152586 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152584 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(Lex to AST).
The member variable is always "LangOpts" and the member function is always "getLangOpts".
Reviewed by Chris Lattner
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152536 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
track whether the referenced declaration comes from an enclosing
local context. I'm amenable to suggestions about the exact meaning
of this bit.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152491 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
doesn't understand. We registered
as aborted, but didn't treat such cases as sinks in the ExplodedGraph.
Along the way, add basic support for CXXCatchStmt, expanding the set of code we actually analyze (hopefully correctly).
Fixes: <rdar://problem/10892489>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152468 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We do not reanalyze a function, which has already been analyzed as an
inlined callee. As per PRELIMINARY testing, this gives over
50% run time reduction on some benchmarks without decreasing of the
number of bugs found.
Turning the mode on by default.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152440 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.
The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.
This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Remove -analyzer-inline-call.
- Add -analyzer-ipa=[none|inlining]
- Add -analyzer-inlining-mode to allow experimentation for
different performance tuning methods.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152351 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis to make the AST representation testable. They are represented by a
new UserDefinedLiteral AST node, which is a sugared CallExpr. All semantic
properties, including full CodeGen support, are achieved for free by this
representation.
UserDefinedLiterals can never be dependent, so no custom instantiation
behavior is required. They are mangled as if they were direct calls to the
underlying literal operator. This matches g++'s apparent behavior (but not its
actual mangling, which is broken for literal-operator-ids).
User-defined *string* literals are now fully-operational, but the semantic
analysis is quite hacky and needs more work. No other forms of user-defined
literal are created yet, but the AST support for them is present.
This patch committed after midnight because we had already hit the quota for
new kinds of literal yesterday.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152211 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152139 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the callee, and add an edge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152086 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152083 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
memory doesn't alias symbolic memory. This is a heuristic/hack, but works well in practice. Fixes <rdar://problem/10978247>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152065 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the CFG is fully linearized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152007 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when visiting a CallEnter.
Fixes <rdar://problem/10967815>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151938 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
command line options for inlining tuning.
This adds the option for stack depth bound as well as function size
bound.
+ minor doxygenification
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
diagnostics in calls into macro pieces.
Also fix handling of macros within calls in the HTMLDiagnostics.
This also adds a test case for r151774.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151872 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
special to do with it, since destructors are represented explicitly in the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151856 91177308-0d34-0410-b5e6-96231b3b80d8
|
