| Age | Commit message (Collapse) | Author |
|---|
|
a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.
This fixes Bugzilla #9806.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130422 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130398 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch authored by Sohail Somani.
Provide parsing and AST support for Windows structured exception handling.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130366 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch authored by John Wiegley.
These are array type traits used for parsing code that employs certain
features of the Embarcadero C++ compiler: __array_rank(T) and
__array_extent(T, Dim).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130351 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.
Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130303 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
direct lookup to values bound to expressions, without
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130292 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
bounds. Requires LLVM svn r129582.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130161 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch authored by David Abrahams.
These two expression traits (__is_lvalue_expr, __is_rvalue_expr) are used for
parsing code that employs certain features of the Embarcadero C++ compiler.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130122 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130068 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130003 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointers. Fixes PR9746.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129741 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129567 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Luis Felipe Strano Moraes!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
As an extension, generic selection support has been added for all
supported languages. The syntax is the same as for C1X.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129554 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
draft standard (N3291).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129541 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
declared in protocols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129395 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
active block on the worklist
impacts the results of the check.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129394 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
0-index of a symbolic region. In many cases that isn't really the base offset.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129366 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129364 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'new' expression.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129349 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
'++' pointer arithmetic.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129348 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129333 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
for __unknown_anytype resolution to destructively modify the AST. So that's
what it does now, which significantly simplifies some of the implementation.
Normal member calls work pretty cleanly now, and I added support for
propagating unknown-ness through &.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129331 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in C++ method calls.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129308 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129269 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129265 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
represents a dynamic cast where we know that the result is always null.
For example:
struct A {
virtual ~A();
};
struct B final : A { };
struct C { };
bool f(B* b) {
return dynamic_cast<C*>(b);
}
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129256 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129215 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
inlining support isn't complete, and needs
to be reworked to model CallEnter/CallExit (just like all other calls). For now, treat constructors mostly
like other function calls, making the analysis of C++ code just a little more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129166 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The idea is that you can create a VarDecl with an unknown type, or a
FunctionDecl with an unknown return type, and it will still be valid to
access that object as long as you explicitly cast it at every use. I'm
still going back and forth about how I want to test this effectively, but
I wanted to go ahead and provide a skeletal implementation for the LLDB
folks' benefit and because it also improves some diagnostic goodness for
placeholder expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129065 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be sure to consume the argument index that actually had the attribute
rather than always the first. rdar://problem/9234108
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128998 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
Also, brings the security syntax checker more inline with coding standards.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128916 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
numerous CFG and UninitializedValues analysis changes:
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128858 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128785 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
Patch by Lei Zhang!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128784 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128783 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
didn't know how to handle a specific Expr type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128761 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a given CFGBlock was analyzed too many times.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128760 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128679 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128677 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128670 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
wouldn't always be the final node, thus causing the state to continue propagating. Instead,
recover some path-sensitivity by conjuring a symbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128612 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128611 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
logic was divorced
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128557 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128512 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
packages, and which packages/checkers are hidden.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128511 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
commit r128474.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128475 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128340 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128310 91177308-0d34-0410-b5e6-96231b3b80d8
|
