#
632e3b7e |
| 06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via i
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context.
This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up).
llvm-svn: 147688
show more ...
|
#
7c96b7db |
| 11-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is no
[analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about.
In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)
This patch also contains 2 small bug fixes: - swap the order of operators inside SValBuilder::makeGenericVal. - handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.
llvm-svn: 146343
show more ...
|
#
ee1a4353 |
| 06-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it for finding dependent symbols for taint.
llvm-svn: 145986
|
#
c6aa531a |
| 01-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor checkers to use helper function for getting callee Decl and name.
We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helpe
[analyzer] Refactor checkers to use helper function for getting callee Decl and name.
We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext.
llvm-svn: 145576
show more ...
|
Revision tags: llvmorg-3.0.0, llvmorg-3.0.0-rc4, llvmorg-3.0.0-rc3, llvmorg-3.0.0-rc2 |
|
#
c9abbe2b |
| 26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add getLocationContext to CheckerContext
CheckerContext::getPredecessor is only used to get to the LocationContext half of the times.
llvm-svn: 143061
|
#
da4c8d68 |
| 26-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Rename generateNode -> addTransition in CheckerContext
Also document addTransition methods.
llvm-svn: 143059
|
#
b473816b |
| 25-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Simplify CheckerContext
Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should
[analyzer] Simplify CheckerContext
Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)?
llvm-svn: 142946
show more ...
|
Revision tags: llvmorg-3.0.0-rc1 |
|
#
b89514a9 |
| 14-Oct-2011 |
Benjamin Kramer <benny.kra@googlemail.com> |
Change operator<< for raw_ostream and NamedDecl to take a reference instead of a pointer.
Passing a pointer was a bad idea as it collides with the overload for void*.
llvm-svn: 141971
|
#
cc925210 |
| 11-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a typo.
llvm-svn: 141678
|
#
23d7ba35 |
| 04-Oct-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context.
llvm-svn: 141112
|
#
1fad6631 |
| 27-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.
Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.
Finally, this all
[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.
Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.
Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).
llvm-svn: 138716
show more ...
|
#
f86615ca |
| 19-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*).
1) Create a header file to expose the predefined visitors. And move the pa
Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*).
1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well.
2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor.
3) Modify all the checkers to use the new API.
llvm-svn: 138126
show more ...
|
#
3a6bdf8f |
| 17-Aug-2011 |
Anna Zaks <ganna@apple.com> |
Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds defaul
Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.
llvm-svn: 137894
show more ...
|
#
001fd5b4 |
| 15-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Rename GRState to ProgramState, and cleanup some code formatting along the way.
llvm-svn: 137665
|
#
5ef32dbf |
| 12-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
|
#
add45b78 |
| 12-Aug-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in time. One is cleanup, the other is me being OCD about enum group nesting.
llvm-svn: 137517
|
#
8df44b26 |
| 12-Aug-2011 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't.
Patch by Olaf Krzikalla!
llvm-svn: 137498
|
#
0e62c1cc |
| 23-Jul-2011 |
Chris Lattner <sabre@nondot.org> |
remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports them into the clang namespace.
llvm-svn: 135852
|
#
b41f7c55 |
| 20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Finish size argument checking for strncat (and strncpy).
llvm-svn: 133472
|
#
789adbb3 |
| 20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Replace stream-built error message with constant string. No functionality change.
llvm-svn: 133410
|
#
328deeed |
| 20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives,
[analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)
llvm-svn: 133408
show more ...
|
#
dceb0cf3 |
| 20-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
l
[analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.
llvm-svn: 133406
show more ...
|
#
c0263708 |
| 16-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early retu
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
llvm-svn: 133154
show more ...
|
#
0585a618 |
| 16-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix trivial errors in previous commit.
I will not commit without building first. I will not commit without building first. I will not commit without building first...
llvm-svn: 133150
|
#
455bd58d |
| 16-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy.
llvm-svn: 133149
|