aboutsummaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer
AgeCommit message (Collapse)Author
2012-02-27Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h"Argyrios Kyrtzidis
to make it more widely available. Depends on llvm commit r151564 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151566 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-25RetainCountChecker: don't adjust the retain count when analyzing a ↵Ted Kremenek
ReturnStmt unless we are in the top-level call frame. We can do more later, but this makes the checker self-consistent (and fixes a crash). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151426 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24[analyzer] Malloc: reason about the ObjC messages and C++.Anna Zaks
Assume none of the ObjC messages defined in system headers free memory, except for the ones containing 'freeWhenDone' selector. Currently, just assume that the region escapes to the messages with 'freeWhenDone' (ideally, we want to treat it as 'free()'). For now, always assume that regions escape when passed to C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151410 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24[analyzer] Run remove dead bindings before each call.Anna Zaks
This ensures that we report the bugs associated with symbols going out of scope in the correct function context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151369 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24[analyzer] We were silently stopping exploring the path afterAnna Zaks
visiting 'return;' statement! This most likely caused us to skip a bunch of code when analyzing with inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151368 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24Implement a new type trait __is_trivially_constructible(T, Args...)Douglas Gregor
that provides the behavior of the C++11 library trait std::is_trivially_constructible<T, Args...>, which can't be implemented purely as a library. Since __is_trivially_constructible can have zero or more arguments, I needed to add Yet Another Type Trait Expression Class, this one handling arbitrary arguments. The next step will be to migrate UnaryTypeTrait and BinaryTypeTrait over to this new, more general TypeTrait class. Fixes the Clang side of <rdar://problem/10895483> / PR12038. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151352 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24Make PathDiagnosticBuilder sensitive to varying LocationContexts, thus ↵Ted Kremenek
fixing a bug in the inlining diagnostics where the wrong location could be used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151349 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24Reapply r151317, but when computing the PathDiagnostic profile and size keep ↵Ted Kremenek
into account the nested structure. Also fix a problem with how inlining impacted Plist diagnostics, and adjust some ranges in the Plist output due to richer information. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151346 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24Revert r151317 - Rework PathDiagnostics creation.. - to appease buildbots.Chad Rosier
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151338 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-24Rework PathDiagnostic creation so that call stacks are captured by a nested ↵Ted Kremenek
PathDiagnosticCallPiece. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151317 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-23[analyzer] KeyChainAPI: unique the leaks by allocation site.Anna Zaks
(Very similar to the previous change in malloc.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151297 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-23[analyzer] Malloc: unique leak reports by allocation site.Anna Zaks
When we find two leak reports with the same allocation site, report only one of them. Provide a helper method to BugReporter to facilitate this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151287 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-23[analyzer] Invalidate the region passed to pthread_setspecific() call.Anna Zaks
Make this call an exception in ExprEngine::invalidateArguments: 'int pthread_setspecific(ptheread_key k, const void *)' stores a value into thread local storage. The value can later be retrieved with 'void *ptheread_getspecific(pthread_key)'. So even thought the parameter is 'const void *', the region escapes through the call. (Here we just blacklist the call in the ExprEngine's default logic. Another option would be to add a checker which evaluates the call and triggers the call to invalidate regions.) Teach the Malloc Checker, which treats all system calls as safe about the API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-22[analyzer] Malloc cleanup:Anna Zaks
- We should not evaluate strdup in the Malloc Checker, it's the job of CString checker, so just update the RefState to reflect allocated memory. - Refactor to reduce LOC: remove some wrapper auxiliary functions, make all functions return the state and add the transition in one place (instead of in each auxiliary function). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151188 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-22Generate an AST for the conversion from a lambda closure type to aDouglas Gregor
block pointer that returns a block literal which captures (by copy) the lambda closure itself. Some aspects of the block literal are left unspecified, namely the capture variable (which doesn't actually exist) and the body (which will be filled in by IRgen because it can't be written as an AST). Because we're switching to this model, this patch also eliminates tracking the copy-initialization expression for the block capture of the conversion function, since that information is now embedded in the synthesized block literal. -1 side tables FTW. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151131 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-22[analyzer] Malloc checker: mark 'strdup' and 'strndup' as allocators.Anna Zaks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151124 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-22[analyzer] Malloc: fix another false positive.Anna Zaks
, when we return a symbol reachable to the malloced one via pointer arithmetic. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151121 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-22[analyzer] Change naming in bug reports "tainted" -> "untrusted"Anna Zaks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151120 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-21Have ScanReachableSymbols reported reachable regions. Fixes a false ↵Ted Kremenek
positive with nested array literals. <rdar://problem/10686586> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151012 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-21[analyzer] Make KeyChainAPI checker inlining-aware.Anna Zaks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151007 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-20[analyzer] Make Malloc aware of inter-procedural execution + basicAnna Zaks
tests. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150993 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-20[analyzer] Turn on by default the Malloc Checker and a couple of CStringAnna Zaks
checks: - unix.Malloc - Checks for memory leaks, double free, use-after-free. - unix.cstring.NullArg - Checks for null pointers passed as arguments to CString functions + evaluates CString functions. - unix.cstring.BadSizeArg - Checks for common anti-patterns in strncat size argument. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150988 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-20Basic: import IntrusiveRefCntPtr<> into clang namespaceDylan Noblesmith
The class name is long enough without the llvm:: added. Also bring in RefCountedBase and RefCountedBaseVPTR. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150958 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-18Teach analyzer that blocks with no captures are globals. Fixes ↵Ted Kremenek
<rdar://problem/10348049>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150896 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-18Teach analyzer about NSAutoreleasePool -allocWithZone:. Fixes ↵Ted Kremenek
<rdar://problem/10640253>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150892 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-18Adopt ExprEngine and checkers to ObjC property refactoring. Everything was ↵Ted Kremenek
working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150888 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-17Have conjured symbols depend on LocationContext, to add context sensitivity ↵Ted Kremenek
for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-17[analyzer] Fix another false positive in the Malloc Checker, by makingAnna Zaks
it aware of CString APIs that return the input parameter. Malloc Checker needs to know how the 'strcpy' function is evaluated. Introduce the dependency on CStringChecker for that. CStringChecker knows all about these APIs. Addresses radar://10864450 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150846 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-17[analyzer] Generalize function name checking in CString checker.Anna Zaks
(Ex: It was not treating __inline_strcpy as strcpy. Will add tests that rely on this later on.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150845 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16[analyzer] Malloc Checker: Clean up bug naming:Anna Zaks
- Rename the category "Logic Error" -> "Memory Error". - Shorten all the messages. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150733 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16[analyzer] Malloc Checker: Make the diagnostic visitor handle the caseAnna Zaks
of failing realloc. + Minor cleanups. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150732 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Add checker visitation hooks in ExprEngine::Visit() for common no-op ↵Ted Kremenek
expressions. To be used later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150723 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Revert "Move ExplodedNode reclaimation out of ExprEngine and into ↵Ted Kremenek
CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change." git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150722 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also ↵Ted Kremenek
have it based on adding predecessors/successors, not node allocation. No measurable performance change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150720 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Minor cleanup to node data structures in ExplodedGraph. No functionality ↵Ted Kremenek
change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150719 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Revert "Revert "Make CXXNewExpr contain only a single initialier, and not ↵Sebastian Redl
hold the used constructor itself."" This reintroduces commit r150682 with a fix for the Bullet benchmark crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150685 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Revert "Make CXXNewExpr contain only a single initialier, and not hold the ↵Sebastian Redl
used constructor itself." It leads to a compiler crash in the Bullet benchmark. This reverts commit r12014. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150684 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16Make CXXNewExpr contain only a single initialier, and not hold the used ↵Sebastian Redl
constructor itself. Holding the constructor directly makes no sense when list-initialized arrays come into play. The constructor is now held in a CXXConstructExpr, if construction is what is done. The new design can also distinguish properly between list-initialization and direct-initialization, as well as implicit default-initialization constructors and explicit value-initialization constructors. Finally, doing it this way removes redundance from the AST because CXXNewExpr doesn't try to handle both the allocation and the initialization responsibilities. This breaks the static analysis of new expressions. I've filed PR12014 to track this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150682 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16[analyzer] Diagnostics: Ensure that the default end of diagnostic pathAnna Zaks
piece can always be generated. The default end of diagnostic path piece was failing to generate on a BlockEdge that was outgoing from a basic block without a terminator, resulting in a very simple diagnostic being rendered (ex: no path highlighting or custom visitors). Reuse another function, which is essentially doing the same thing and correct it not to fail when a block has no terminator. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150659 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-16[analyzer] Malloc Checker: Give up when a pointer escapes into a struct.Anna Zaks
We are not properly handling the memory regions that escape into struct fields, which led to a bunch of false positives. Be conservative here and give up when a pointer escapes into a struct. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150658 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-15[analyzer] Malloc checker: make a bit safer.Anna Zaks
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150556 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-15Split reinterpret_casts of member pointers out from CK_BitCast; thisJohn McCall
is general goodness because representations of member pointers are not always equivalent across member pointer types on all ABIs (even though this isn't really standard-endorsed). Take advantage of the new information to teach IR-generation how to do these reinterprets in constant initializers. Make sure this works when intermingled with hierarchy conversions (although this is not part of our motivating use case). Doing this in the constant-evaluator would probably have been better, but that would require a *lot* of extra structure in the representation of constant member pointers: you'd really have to track an arbitrary chain of hierarchy conversions and reinterpretations in order to get this right. Ultimately, this seems less complex. I also wasn't quite sure how to extend the constant evaluator to handle foldings that we don't actually want to treat as extended constant expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150551 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-15[analyzer] Malloc Checker: add support for reallocf, which always freesAnna Zaks
the passed in pointer on failure. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150533 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-15[analyzer] Malloc Checker: add support for valloc + minor codeAnna Zaks
hardening. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150532 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14[analyzer] Make Malloc Checker optimistic in presence of inlining.Anna Zaks
(In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14Remove recusive expression visitation in ↵Ted Kremenek
ExprEngine::VisitIncrementDecrementOperator(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150511 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14Remove recursive visitation in ExprEngine for UO_Not, UO_Minus, UO_LNot.Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150509 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14Remove recursive visitation in ExprEngine for UO_Deref, UO_AddrOf, and ↵Ted Kremenek
UO_Extension. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150506 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14Remove ExprEngine recursive visitation of unary UO_Imag operation.Ted Kremenek
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150505 91177308-0d34-0410-b5e6-96231b3b80d8
2012-02-14Further remove some recursive visitiation in ExprEngine that is no longer ↵Ted Kremenek
needed because the CFG is fully linearized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150504 91177308-0d34-0410-b5e6-96231b3b80d8