| Age | Commit message (Collapse) | Author |
|---|
|
Fixes <rdar://problem/11125868>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156183 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a struct.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156135 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(Since we don't have a generic pointer escape callback, modify
ExprEngineCallAndReturn as well as the malloc checker.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
width of the two to avoid truncation.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156089 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
specifically checks for equality to null.
Enforcing this general practice, which keeps the analyzer less
noisy, in the CString Checker. This change suppresses "Assigned value is
garbage or undefined" warning in the added test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156085 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
shouldn't be converted to the result type. Fixes PR12206 and dupe PR12510.
This was probably the original intent of r133041 (also me, a year ago).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156062 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We need to identify the value of ptr as
ElementRegion (result of pointer arithmetic) in the following code.
However, before this commit '(2-x)' evaluated to Unknown value, and as
the result, 'p + (2-x)' evaluated to Unknown value as well.
int *p = malloc(sizeof(int));
ptr = p + (2-x);
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156052 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The resulting type info is stored in the SymSymExpr, so no reason not to
support construction of expression with different subexpression types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156051 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(Currently, this is only relevant for tainted data.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156050 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The change resulted in multiple issues on the buildbot, so it's not
ready for prime time. Only enable history tracking for tainted
data(which is experimental) for now.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156049 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
reverse track interesting
values through interesting expressions. This allows us to map from interesting values in a caller
to interesting values in a caller, thus recovering some precision in diagnostics lost from IPA.
Fixes <rdar://problem/11327497>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155971 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
warning.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155966 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155964 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155963 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
twice. Fixes <rdar://problem/11212866>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155950 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
reason about the expression.
This essentially keeps more history about how symbolic values were
constructed. As an optimization, previous to this commit, we only kept
the history if one of the symbols was tainted, but it's valuable keep
the history around for other purposes as well: it allows us to avoid
constructing conjured symbols.
Specifically, we need to identify the value of ptr as
ElementRegion (result of pointer arithmetic) in the following code.
However, before this commit '(2-x)' evaluated to Unknown value, and as
the result, 'p + (2-x)' evaluated to Unknown value as well.
int *p = malloc(sizeof(int));
ptr = p + (2-x);
This change brings 2% slowdown on sqlite. Fixes radar://11329382.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155887 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
a sizeof() type is compatible with a pointed type.
Fixes <rdar://problem/11292586>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155864 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior into a reusable
library of any kind.
This change errs on the side of value, making op-> return T* and op* return
T&.
(reviewed by Richard Smith)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155808 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
cross-TU inlining never panned out.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155751 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
file order that functions are visited. Should fix the buildbots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155693 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
instead
of a mutable SmallPtrSet. While iterating over LocalTUDecls, there were cases
where we could modify LocalTUDecls, which could result in invalidating an iterator
and an analyzer crash. Along the way, switch some uses of std::queue to std::dequeue,
which should be slightly more efficient.
Unfortunately, this is a difficult case to create a test case for.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155680 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
default values. Fixes <rdar://problem/11269741>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155615 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155613 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is needed to ensure that we always report issues in the correct
function. For example, leaks are identified when we call remove dead
bindings. In order to make sure we report a callee's leak in the callee,
we have to run the operation in the callee's context.
This change required quite a bit of infrastructure work since:
- We used to only run remove dead bindings before a given statement;
here we need to run it after the last statement in the function. For
this, we added additional Program Point and special mode in the
SymbolReaper to remove all symbols in context lower than the current
one.
- The call exit operation turned into a sequence of nodes, which are
now guarded by CallExitBegin and CallExitEnd nodes for clarity and
convenience.
(Sorry for the long diff.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155082 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
of the callee is valid. Fixes <rdar://problem/11257631>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154896 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Along with it, fix a couple of other corner cases and add more tests.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154866 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
attached. Since we do not support any attributes which appertain to a statement
(yet), testing of this is necessarily quite minimal.
Patch by Alexander Kornienko!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154723 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154672 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We should not deserialize unused declarations from the PCH file. Achieve
this by storing the top level declarations during parsing
(HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call
graph only for those.
Tested the patch on a sample ObjC file that uses PCH. With the patch,
the analyzes is 17.5% faster and clang consumes 40% less memory.
Got about 10% overall build/analyzes time decrease on a large Objective
C project.
A bit of CallGraph refactoring/cleanup as well..
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
As per Jordy's review. Creating a symbol here is more flexible; however
I could not come up with an example where it was needed. (What
constrains can be added on of the symbol constrained to 0?)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154542 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
(Applied changes to CStringAPI, Malloc, and Taint.)
This might almost never happen, but we should not crash even if it does.
This fixes a crash on the internal analyzer buildbot, where postgresql's
configure was redefining memmove (radar://11219852).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154451 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Generate a sink when the dynamic_cast from a reference fails to
represent a thrown exception.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154438 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Simulate the C++ dynamic_cast in the analyzer.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when we generate a new ExplodedNode
we use the same Expr* as the one being currently visited. This is preparation for transitioning to having
ProgramPoints refer to CFGStmts.
This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact,
as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for
the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra
argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but
it will look a lot cleaner when were start using CFGStmt* in the appropriate places.
As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed.
I have audited these, and they look reasonable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
valid ObjC objects.
Patch by Sean McBride!
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154194 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
change,
consolidate some commonly used category strings into global references (more of this can be done, I just did a few).
Fixes <rdar://problem/11191537>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154121 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
understand.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154084 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
might not be a symbolic value.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154083 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
The ASTConsumer does not get deleted with clang --analyze (for
performance reasons), we still want the diagnostics to work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154078 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
"No method actually called because receiver is nil" ->
"No method is called because receiver is nil"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154077 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154075 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
the DeadStoresChecker.
Fixes <rdar://problem/11185138>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154040 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analyzer issue occurred in the plist output.
Fixes <rdar://problem/11004527>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154030 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
diagnostics emitted to the
console, and leave it up to PathDiagnosticConsumer to unique reports with the shortest path.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153987 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Store this info inside the function summary generated for all analyzed
functions. This is useful for coverage stats and can be helpful for
analyzer state space search strategies.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
symbolic offsets. We still don't
properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings
either. Fixes <rdar://problem/11127008>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
that has already been inlined. Unfortunately I have no test case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153900 91177308-0d34-0410-b5e6-96231b3b80d8
|
