| Age | Commit message (Collapse) | Author |
|---|
|
Previously we were assuming that we'd never ask for the sub-region bindings
of a bitfield, since a bitfield cannot have subregions. However,
unification of code paths has made that assumption invalid. While we could
take advantage of this by just checking for the single possible binding,
it's probably better to do the right thing, so that if/when we someday
support unions we'll do the right thing there, too.
This fixes a handful of false positives in analyzing LLVM.
<rdar://problem/13325522>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176388 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
In C++, rvalues that need to have their address taken (for example, to be
passed to a function by const reference) will be wrapped in a
MaterializeTemporaryExpr, which lets CodeGen know to create a temporary
region to store this value. However, MaterializeTemporaryExprs are /not/
created when a method is called on an rvalue struct, even though the 'this'
pointer needs a valid value. CodeGen works around this by creating a
temporary region anyway; now, so does the analyzer.
The analyzer also does this when accessing a field of a struct rvalue.
This is a little unfortunate, since the rest of the struct will soon be
thrown away, but it does make things consistent with the rest of the
analyzer.
This allows us to bring back the assumption that all known 'this' values
are Locs. This is a revised version of r164828-9, reverted in r164876-7.
<rdar://problem/12137950>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166120 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164958 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
accessing fields"
This reverts commit 6f61df3e7256413dcb99afb9673f4206e3c4992c.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164877 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Struct rvalues are represented in the analyzer by CompoundVals,
LazyCompoundVals, or plain ConjuredSymbols -- none of which have associated
regions. If the entire structure is going to persist, this is not a
problem -- either the rvalue will be assigned to an existing region, or
a MaterializeTemporaryExpr will be present to create a temporary region.
However, if we just need a field from the struct, we need to create the
temporary region ourselves.
This is inspired by the way CodeGen handles calls to temporaries;
support for that in the analyzer is coming next.
Part of <rdar://problem/12137950>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164828 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
We want to catch cases like this early, so that we can produce better
diagnostics and path notes:
Point *p = 0;
int *px = &p->x; // should warn here
*px = 1;
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164441 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162588 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
be the common root package.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136835 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136422 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
misnomer award.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126676 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
have any checkers associated with it anymore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126440 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124822 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@95348 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- This is designed to make it obvious that %clang_cc1 is a "test variable"
which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
can be useful to redefine what gets run as 'clang -cc1' (for example, to set
a default target).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91446 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91272 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@90071 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@88671 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@86430 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@77509 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@75209 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
using '-analyzer-store=basic-new-cast'.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@74865 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@73851 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
pointee type is scalar type, create element region regardless with the sizes
of types.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71360 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@71058 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70834 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@70565 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Tests and drivers updated, still need to shuffle dirs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@67602 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
-analyzer-output=...
-analyzer-store=...
-analyzer-constraints=...
instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
interface
- Updated test cases to conform to new driver options
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@64737 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62798 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
individual checker options.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@62634 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
"Visit" when processing the base for "x->f" field accesses.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@57754 91177308-0d34-0410-b5e6-96231b3b80d8
|
