unique_ptr-ify PathDiagnosticPiece ownership

llvm-svn: 216751

[Analyzer] fix for PR19102

Newly-created unconsumed instance is now assumed escaped if an invoked constructor has an argument of a pointer-to-record type.

llvm-svn: 214909

[C++11] Use 'nullptr'. StaticAnalyzer edition.

llvm-svn: 209642

Updated the attribute tablegen emitter for variadic arguments to emit a range accessor in addition to the iterators. Updated code using iterators to use range-based for loops.

llvm-svn: 207837

[analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.

Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD,
NetBSD, and OpenBSD in a similar fashion to O_CREAT for op

[analyzer] Handle the M_ZERO and __GFP_ZERO flags in kernel mallocs.

Add M_ZERO awareness to malloc() static analysis in Clang for FreeBSD,
NetBSD, and OpenBSD in a similar fashion to O_CREAT for open(2).
These systems have a three-argument malloc() in the kernel where the
third argument contains flags; the M_ZERO flag will zero-initialize the
allocated buffer.

This should reduce the number of false positives when running static
analysis on BSD kernels.

Additionally, add kmalloc() (Linux kernel malloc()) and treat __GFP_ZERO
like M_ZERO on Linux.

Future work involves a better method of checking for named flags without
hardcoding values.

Patch by Conrad Meyer, with minor modifications by me.

llvm-svn: 204832

show more ...

[C++11] Add 'override' keyword to virtual methods that override their base class.

llvm-svn: 203999

[C++11] Replacing DeclBase iterators specific_attr_begin() and specific_attr_end() with iterator_range specific_attrs(). Updating all of the usages of the iterators with range-based for loops.

llvm-

[C++11] Replacing DeclBase iterators specific_attr_begin() and specific_attr_end() with iterator_range specific_attrs(). Updating all of the usages of the iterators with range-based for loops.

llvm-svn: 203474

show more ...

Replace OwningPtr with std::unique_ptr.

This compiles cleanly with lldb/lld/clang-tools-extra/llvm.

llvm-svn: 203279

[C++11] Replace llvm::tie with std::tie.

llvm-svn: 202639

[analyzer] Improved checker naming in CFG dump.

This implements FIXME from Checker.cpp (FIXME: We want to return the package + name of the checker here.) and replaces hardcoded checker names with th

[analyzer] Improved checker naming in CFG dump.

This implements FIXME from Checker.cpp (FIXME: We want to return the package + name of the checker here.) and replaces hardcoded checker names with the new ones obtained via getCheckName().getName().

llvm-svn: 201525

show more ...

Expose the name of the checker producing each diagnostic message.

Summary:
In clang-tidy we'd like to know the name of the checker producing each
diagnostic message. PathDiagnostic has BugType and C

Expose the name of the checker producing each diagnostic message.

Summary:
In clang-tidy we'd like to know the name of the checker producing each
diagnostic message. PathDiagnostic has BugType and Category fields, which are
both arbitrary human-readable strings, but we need to know the exact name of the
checker in the form that can be used in the CheckersControlList option to
enable/disable the specific checker.

This patch adds the CheckName field to the CheckerBase class, and sets it in
the CheckerManager::registerChecker() method, which gets them from the
CheckerRegistry.

Checkers that implement multiple checks have to store the names of each check
in the respective registerXXXChecker method.

Reviewers: jordan_rose, krememek

Reviewed By: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D2557

llvm-svn: 201186

show more ...

[analyzer] Future-proof MallocChecker CFG dumping.

Now we'll get a warning if we miss a case. Refinement of r199800.

llvm-svn: 199868

[analyzer] The patch prevents the analyzer from crashing during CFG dump.

llvm-svn: 199800

[analyzer] BlockCall shouldn't really be an AnyFunctionCall.

Per discussion with Anna a /long/ time ago, it was way too easy to misuse
BlockCall: because it inherited from AnyFunctionCall (through S

[analyzer] BlockCall shouldn't really be an AnyFunctionCall.

Per discussion with Anna a /long/ time ago, it was way too easy to misuse
BlockCall: because it inherited from AnyFunctionCall (through SimpleCall),
getDecl() was constrained to return a FunctionDecl, and you had to call
getBlockDecl() instead. This goes against the whole point of CallEvent
(to abstract over different ways to invoke bodies of code).

Now, BlockCall just inherits directly from CallEvent. There's a bit of
duplication in getting things out of the origin expression (which is still
known to be a CallExpr), but nothing significant.

llvm-svn: 199321

show more ...

[analyzer] Warn about double-delete in C++ at the second delete...

...rather somewhere in the destructor when we try to access something and
realize the object has already been deleted. This is nece

[analyzer] Warn about double-delete in C++ at the second delete...

...rather somewhere in the destructor when we try to access something and
realize the object has already been deleted. This is necessary because
the destructor is processed before the 'delete' itself.

Patch by Karthik Bhat!

llvm-svn: 198779

show more ...

[analyzer] Pointers escape into +[NSValue valueWithPointer:]...

...even though the argument is declared "const void *", because this is
just a way to pass pointers around as objects. (Though NSData

[analyzer] Pointers escape into +[NSValue valueWithPointer:]...

...even though the argument is declared "const void *", because this is
just a way to pass pointers around as objects. (Though NSData is often
a better one.)

PR18262

llvm-svn: 198710

show more ...

Only mark dump() function definitions 'used' in debug builds

This has the dual effect of (1) enabling more dead-stripping in release builds
and (2) ensuring that debug helper functions aren't stripp

Only mark dump() function definitions 'used' in debug builds

This has the dual effect of (1) enabling more dead-stripping in release builds
and (2) ensuring that debug helper functions aren't stripped away in debug
builds, as they're intended to be called from the debugger.

Note that the attribute is applied to definitions rather than declarations in
headers going forward because it's now conditional on NDEBUG:

/// \brief Mark debug helper function definitions like dump() that should not be
/// stripped from debug builds.

Requires corresponding macro added in LLVM r198456.

llvm-svn: 198489

show more ...

Fixed a FIXME; created a print method for Selectors that accepts a raw_ostream, and started using it in places it made sense.

No functional changes intended, just API cleanliness.

llvm-svn: 198428

Correct a user-visible static analyzer message typo

llvm-svn: 196062

Remove 'DistinctSpellings' support from Attr.td and change its only user to
look at the attribute spelling instead. The 'ownership_*' attributes should
probably be split into separate *Attr classes,

Remove 'DistinctSpellings' support from Attr.td and change its only user to
look at the attribute spelling instead. The 'ownership_*' attributes should
probably be split into separate *Attr classes, but that's more than I wanted to
do here.

llvm-svn: 195805

show more ...

[analyzer] Handle destructors for the argument to C++ 'delete'.

Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destruc

[analyzer] Handle destructors for the argument to C++ 'delete'.

Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.

This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.

Patch by Karthik Bhat!

llvm-svn: 191381

show more ...

New message for cases when ownership is taken:
"+method_name: cannot take ownership of memory allocated by 'new'."
instead of the old
"Memory allocated by 'new' should be deallocated by 'delete', not

New message for cases when ownership is taken:
"+method_name: cannot take ownership of memory allocated by 'new'."
instead of the old
"Memory allocated by 'new' should be deallocated by 'delete', not +method_name"

llvm-svn: 190800

show more ...

[analyzer] If realloc fails on an escaped region, that region doesn't leak.

When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the realloc

[analyzer] If realloc fails on an escaped region, that region doesn't leak.

When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.

Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.

PR16730

llvm-svn: 188468

show more ...

Add 'static' and 'const' qualifiers to some arrays of strings.

llvm-svn: 186314

Use SmallVectorImpl instead of SmallVector for iterators and references to avoid specifying the vector size unnecessarily.

llvm-svn: 185610