#
13df0362 |
| 25-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.
llvm-svn: 177849
|
#
6c2af439 |
| 13-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
[analyzer] fixed the logic changed by r176949
llvm-svn: 176956
|
#
59ed15b0 |
| 13-Mar-2013 |
Anton Yartsev <anton.yartsev@gmail.com> |
Refactoring: + Individual Report* method for each bug type + Comment improved: missing non-trivial alloca() case annotated + 'range' parameter of ReportBadFree() capitalized + 'SymbolRef Sym = State-
Refactoring: + Individual Report* method for each bug type + Comment improved: missing non-trivial alloca() case annotated + 'range' parameter of ReportBadFree() capitalized + 'SymbolRef Sym = State->getSVal(A, C.getLocationContext()).getAsSymbol();' shorten to 'SymbolRef Sym = C.getSVal(A).getAsSymbol();'
llvm-svn: 176949
show more ...
|
#
613f3c00 |
| 09-Mar-2013 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Be more consistent about Objective-C methods that free memory.
Previously, MallocChecker's pointer escape check and its post-call state update for Objective-C method calls had a fair amou
[analyzer] Be more consistent about Objective-C methods that free memory.
Previously, MallocChecker's pointer escape check and its post-call state update for Objective-C method calls had a fair amount duplicated logic and not-entirely-consistent checks. This commit restructures all this to be more consistent and possibly allow us to be more aggressive in warning about double-frees.
New policy (applies to system header methods only): (1) If this is a method we know about, model it as taking/holding ownership of the passed-in buffer. (1a) ...unless there's a "freeWhenDone:" parameter with a zero (NO) value. (2) If there's a "freeWhenDone:" parameter (but it's not a method we know about), treat the buffer as escaping if the value is non-zero (YES) and non-escaping if it's zero (NO). (3) If the first selector piece ends with "NoCopy" (but it's not a method we know about and there's no "freeWhenDone:" parameter), treat the buffer as escaping.
The reason that (2) and (3) don't explicitly model the ownership transfer is because we can't be sure that they will actually free the memory using free(), and we wouldn't want to emit a spurious "mismatched allocator" warning (coming in Anton's upcoming patch). In the future, we may have an idea of a "generic deallocation", i.e. we assume that the deallocator is correct but still continue tracking the region so that we can warn about double-frees.
Patch by Anton Yartsev, with modifications from me.
llvm-svn: 176744
show more ...
|
#
87396b9b |
| 21-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace ProgramPoint llvm::cast support to be well-defined.
See r175462 for another example/more details.
llvm-svn: 175812
|
#
05785d16 |
| 20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.
llvm-svn: 175679
|
#
2fdacbc5 |
| 20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace SVal llvm::cast support to be well-defined.
See r175462 for another example/more details.
llvm-svn: 175594
|
#
c89ad07d |
| 07-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Report bugs when freeing memory with offset pointer
The malloc checker will now catch the case when a previously malloc'ed region is freed, but the pointer passed to free does not point t
[analyzer] Report bugs when freeing memory with offset pointer
The malloc checker will now catch the case when a previously malloc'ed region is freed, but the pointer passed to free does not point to the start of the allocated memory. For example:
int *p1 = malloc(sizeof(int)); p1++; free(p1); // warn
From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry in the list of potential checkers.
A patch by Branden Archer!
llvm-svn: 174678
show more ...
|
#
acdc13cb |
| 07-Feb-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add pointer escape type param to checkPointerEscape callback
The checkPointerEscape callback previously did not specify how a pointer escaped. This change includes an enum which describes
[analyzer] Add pointer escape type param to checkPointerEscape callback
The checkPointerEscape callback previously did not specify how a pointer escaped. This change includes an enum which describes the different ways a pointer may escape. This enum is passed to the checkPointerEscape callback when a pointer escapes. If the escape is due to a function call, the call is passed. This changes previous behavior where the call is passed as NULL if the escape was due to indirectly invalidating the region the pointer referenced.
A patch by Branden Archer!
llvm-svn: 174677
show more ...
|
#
f857950d |
| 12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'llvm::' qualifier from names like StringRef and others that are brought into 'clang' namespace by clang/Basic/LLVM.h
llvm-svn: 172323
|
#
a043d0ce |
| 08-Jan-2013 |
Anna Zaks <ganna@apple.com> |
[analyzer] Include the bug uniqueing location in the issue_hash.
The issue here is that if we have 2 leaks reported at the same line for which we cannot print the corresponding region info, they wil
[analyzer] Include the bug uniqueing location in the issue_hash.
The issue here is that if we have 2 leaks reported at the same line for which we cannot print the corresponding region info, they will get treated as the same by issue_hash+description. We need to AUGMENT the issue_hash with the allocation info to differentiate the two issues.
Add the "hash" (offset from the beginning of a function) representing allocation site to solve the issue.
We might want to generalize solution in the future when we decide to track more than just the 2 locations from the diagnostics.
llvm-svn: 171825
show more ...
|
#
7505b5a6 |
| 04-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Tighten code. No functionality change.
llvm-svn: 171501
|
#
6fcefb53 |
| 03-Jan-2013 |
Ted Kremenek <kremenek@apple.com> |
Make MallocChecker debug output useful.
llvm-svn: 171439
|
Revision tags: llvmorg-3.2.0 |
|
#
dc15415d |
| 20-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add the pointer escaped callback.
Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape.
Converted the Malloc chec
[analyzer] Add the pointer escaped callback.
Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape.
Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next.
llvm-svn: 170625
show more ...
|
#
a7b1c47c |
| 11-Dec-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't generate a summary for "freeWhenDone" if method is inlined.
Fixes a false positive that occurs if a user writes their own initWithBytesNoCopy:freeWhenDone wrapper.
llvm-svn: 169795
|
#
bcf90532 |
| 06-Dec-2012 |
Ted Kremenek <kremenek@apple.com> |
Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator.
This is a nice conceptual cleanup.
llvm-svn: 169480
|
Revision tags: llvmorg-3.2.0-rc3 |
|
#
3a02247d |
| 04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort all of Clang's files under 'lib', and fix up the broken headers uncovered.
This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/util
Sort all of Clang's files under 'lib', and fix up the broken headers uncovered.
This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files.
I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers.
llvm-svn: 169237
show more ...
|
#
ea70eb30 |
| 01-Dec-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.
Required to pull some functions out of line, but this shouldn't have a perf impact.
Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.
Required to pull some functions out of line, but this shouldn't have a perf impact. No functionality change.
llvm-svn: 169092
show more ...
|
Revision tags: llvmorg-3.2.0-rc2 |
|
#
ba4c85e5 |
| 22-Nov-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Make helpers static/anonymous.
llvm-svn: 168500
|
#
f1f26140 |
| 15-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.
Also, don't bother to stop tracking symbols in the return value, either. They are now properly considered live during checkD
[analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.
Also, don't bother to stop tracking symbols in the return value, either. They are now properly considered live during checkDeadSymbols.
llvm-svn: 168067
show more ...
|
Revision tags: llvmorg-3.2.0-rc1 |
|
#
a14c1d09 |
| 13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Address Jordan's code review for r167813.
This simplifies logic, fixes a bug, and adds a test case. Thanks Jordan!
llvm-svn: 167868
|
#
67291b90 |
| 13-Nov-2012 |
Anna Zaks <ganna@apple.com> |
Fix a Malloc Checker FP by tracking return values from initWithCharacter and other functions.
When these functions return null, the pointer is not freed by them/ownership is not transfered. So we sh
Fix a Malloc Checker FP by tracking return values from initWithCharacter and other functions.
When these functions return null, the pointer is not freed by them/ownership is not transfered. So we should allow the user to free the pointer by calling another function when the return value is NULL.
llvm-svn: 167813
show more ...
|
#
0c153cb2 |
| 02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).
Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.
This doesn't get rid of /all/ explicit uses
[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).
Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.
This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them.
llvm-svn: 167276
show more ...
|
#
e10d5a76 |
| 02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename 'EmitReport' to 'emitReport'.
No functionality change.
llvm-svn: 167275
|
#
40bb1249 |
| 01-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Fix typo in r167186.
llvm-svn: 167189
|