| #
634c12d2 |
| 15-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
llvm-svn: 133046
show more ...
|
| #
0e9fb28e |
| 15-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
llvm-svn:
[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
llvm-svn: 133044
show more ...
|
| #
45d8c12b |
| 14-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change large if body to early return. No functionality change.
llvm-svn: 132956
|
| #
d3592896 |
| 14-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.
llvm-svn: 132955
|
| #
fb5e8c28 |
| 04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Change an indent-if to an early return. No functionality change.
llvm-svn: 132618
|
| #
097c5397 |
| 04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
llvm-s
[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.
llvm-svn: 132617
show more ...
|
| #
64ae92e5 |
| 04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove extra assignment that actually lost a few of the assumptions.
llvm-svn: 132614
|
| #
4451cd45 |
| 04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix comment for (still-disabled) evalStrncpy
llvm-svn: 132608
|
| #
63b84be6 |
| 04-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix handling of "copy zero bytes" for memcpy and friends.
llvm-svn: 132607
|
| #
aee7fb9e |
| 03-Jun-2011 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)
llvm-svn: 132605
|
| #
5066858b |
| 03-May-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
llvm-svn:
Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.
llvm-svn: 130758
show more ...
|
| #
aa181174 |
| 02-May-2011 |
Ted Kremenek <kremenek@apple.com> |
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage referen
Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.
llvm-svn: 130711
show more ...
|
| #
0b510279 |
| 02-May-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().
llvm-svn: 130708
|
| #
18470e32 |
| 28-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.
llvm-svn: 130425
|
| #
ed2cc6cc |
| 28-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later be
Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.
This fixes Bugzilla #9806.
llvm-svn: 130422
show more ...
|
| #
4af23c81 |
| 28-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements strcasecmp() checker in Static Analyzer.
llvm-svn: 130398
|
| #
e553e404 |
| 25-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.
llvm-svn: 130161
|
| #
57540c5b |
| 15-Apr-2011 |
Chris Lattner <sabre@nondot.org> |
fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!
llvm-svn: 129559
|
| #
f3539ad5 |
| 12-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
l
This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.
llvm-svn: 129364
show more ...
|
| #
467dbd5f |
| 09-Apr-2011 |
Lenny Maiorani <lenny@colorado.edu> |
strcat() and strncat() model additions to CStringChecker.
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the
strcat() and strncat() model additions to CStringChecker.
Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.
llvm-svn: 129215
show more ...
|
|
Revision tags: llvmorg-2.9.0 |
|
| #
79d74141 |
| 31-Mar-2011 |
Lenny Maiorani <lenny@colorado.edu> |
Adding Static Analyzer checker for mempcpy().
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and n
Adding Static Analyzer checker for mempcpy().
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
llvm-svn: 128677
show more ...
|
|
Revision tags: llvmorg-2.9.0-rc3, llvmorg-2.9.0-rc2, llvmorg-2.9.0-rc1 |
|
| #
6a5674ff |
| 01-Mar-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Rename CheckerV2 -> Checker.
llvm-svn: 126726
|
| #
c26f15db |
| 24-Feb-2011 |
Argyrios Kyrtzidis <akyrtzi@gmail.com> |
[analyzer] Migrate CStringChecker to CheckerV2.
llvm-svn: 126350
|
| #
fb1a79af |
| 22-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add CStringChecker support for strncpy. Patch by Lenny Maiorani!
llvm-svn: 126188
|
| #
280a01fa |
| 22-Feb-2011 |
Ted Kremenek <kremenek@apple.com> |
Add CStringChecker support for strnlen. Patch by Lenny Maiorani!
llvm-svn: 126187
|