| #
1e809b4c |
| 09-Mar-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the p
[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.
The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.
This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.
llvm-svn: 152361
show more ...
|
| #
330de22f |
| 06-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Remove now-unused constant. No functionality change.
llvm-svn: 152080
|
| #
0accc6ae |
| 06-Mar-2012 |
Jordy Rose <jediknil@belkadan.com> |
[analyzer] Fix unnecessary dyn_cast_or_null. No functionality change.
llvm-svn: 152078
|
| #
12a8b90a |
| 05-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc should assume that ownership is transfered when
calling an ObjC method ending with 'NoCopy'.
llvm-svn: 152037
|
| #
8dc53af5 |
| 01-Mar-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix a regression introduced in malloc with
attributes, introduced in r151188.
+ the test to catch it.
Thanks to Ahmed Charles for pointing this out.
llvm-svn: 151840
|
| #
e0c03cab |
| 29-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: A pointer might escape through CFContainers APIs,
funopen, setvbuf.
Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of the
[analyzer] Malloc: A pointer might escape through CFContainers APIs,
funopen, setvbuf.
Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.
llvm-svn: 151737
show more ...
|
| #
06a77fc1 |
| 28-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix Malloc False Positive (PR 12100)
When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.
[analyzer] Fix Malloc False Positive (PR 12100)
When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.
llvm-svn: 151608
show more ...
|
| #
43ffba26 |
| 27-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Leaks should be uniqued by the allocation point in the
closest function context.
This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226
llvm-svn: 15
[analyzer] Leaks should be uniqued by the allocation point in the
closest function context.
This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226
llvm-svn: 151592
show more ...
|
| #
7ac344a4 |
| 24-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: reason about the ObjC messages and C++.
Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently,
[analyzer] Malloc: reason about the ObjC messages and C++.
Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').
For now, always assume that regions escape when passed to C++ methods.
llvm-svn: 151410
show more ...
|
| #
df901a44 |
| 23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: unique leak reports by allocation site.
When we find two leak reports with the same allocation site, report only
one of them.
Provide a helper method to BugReporter to facilitate
[analyzer] Malloc: unique leak reports by allocation site.
When we find two leak reports with the same allocation site, report only
one of them.
Provide a helper method to BugReporter to facilitate this.
llvm-svn: 151287
show more ...
|
| #
07de9c12 |
| 23-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
[analyzer] Invalidate the region passed to pthread_setspecific() call.
Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.
(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)
Teach the Malloc Checker, which treats all system calls as safe about
the API.
llvm-svn: 151220
show more ...
|
| #
40a7eb38 |
| 22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc cleanup:
- We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.
- Refactor to reduce LOC:
[analyzer] Malloc cleanup:
- We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.
- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).
llvm-svn: 151188
show more ...
|
| #
199e8e58 |
| 22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: mark 'strdup' and 'strndup' as allocators.
llvm-svn: 151124
|
| #
4ca45b1d |
| 22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc: fix another false positive.
, when we return a symbol reachable to the malloced one via pointer
arithmetic.
llvm-svn: 151121
|
| #
1526881e |
| 20-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Malloc aware of inter-procedural execution + basic
tests.
llvm-svn: 150993
|
| #
e56167e8 |
| 17-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Fix another false positive in the Malloc Checker, by making
it aware of CString APIs that return the input parameter.
Malloc Checker needs to know how the 'strcpy' function is
evaluated.
[analyzer] Fix another false positive in the Malloc Checker, by making
it aware of CString APIs that return the input parameter.
Malloc Checker needs to know how the 'strcpy' function is
evaluated. Introduce the dependency on CStringChecker for that.
CStringChecker knows all about these APIs.
Addresses radar://10864450
llvm-svn: 150846
show more ...
|
| #
546c49c3 |
| 16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Clean up bug naming:
- Rename the category "Logic Error" -> "Memory Error".
- Shorten all the messages.
llvm-svn: 150733
|
| #
9eb7bc82 |
| 16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Make the diagnostic visitor handle the case
of failing realloc. + Minor cleanups.
llvm-svn: 150732
|
| #
d32ead82 |
| 16-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: Give up when a pointer escapes into a struct.
We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be c
[analyzer] Malloc Checker: Give up when a pointer escapes into a struct.
We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be conservative here
and give up when a pointer escapes into a struct.
llvm-svn: 150658
show more ...
|
| #
d1ff1cbe |
| 15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc checker: make a bit safer.
llvm-svn: 150556
|
| #
ac06814d |
| 15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: add support for reallocf, which always frees
the passed in pointer on failure.
llvm-svn: 150533
|
| #
d5157485 |
| 15-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: add support for valloc + minor code
hardening.
llvm-svn: 150532
|
| #
3d34834b |
| 14-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)
This moves the logic which checked if a symbol escapes through a
parameter to invalidateR
[analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)
This moves the logic which checked if a symbol escapes through a
parameter to invalidateRegionCallback (instead of post CallExpr visit.)
To accommodate the change, added a CallOrObjCMessage parameter to
checkRegionChanges callback.
llvm-svn: 150513
show more ...
|
| #
ad01ef5f |
| 14-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.
If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed,
[analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.
If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed, which would lead us to
missing a memory leak warning.
Also added new test cases, which we can handle now.
Plus minor cleanups.
llvm-svn: 150446
show more ...
|
| #
8fd0f2a6 |
| 13-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Malloc Checker: realloc: correct the way we are handing the
case when size is 0.
llvm-svn: 150412
|