Jordy Rose
55442abee6
Don't warn about unreachable code if the block starts with __builtin_unreachable().
...
The next step is to warn if a block labeled unreachable is, in fact, reachable. Somewhat related to PR810.
llvm-svn: 109487
2010-07-27 03:39:53 +00:00
Jordy Rose
b052e8f436
Groundwork for C string length tracking. Currently only handles the length of constant string literals, which is not too helpful, and only calls to strlen() are checked.
...
llvm-svn: 109480
2010-07-27 01:37:31 +00:00
Tom Care
cba9f517ac
Added an path-sensitive unreachable code checker to the experimental analyzer checks.
...
- Created a new class to do post-analysis
- Updated several test cases with unreachable code to expect a warning
- Added some general tests
llvm-svn: 109286
2010-07-23 23:04:53 +00:00
Zhongxing Xu
5e6ef6d957
Add FILE* leak check to StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 109225
2010-07-23 14:14:59 +00:00
Zhongxing Xu
f0c133fe88
This patch adds support for tmpfile in StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 109106
2010-07-22 14:01:01 +00:00
Zhongxing Xu
cf144c6322
fix test case.
...
llvm-svn: 108671
2010-07-19 02:06:14 +00:00
Zhongxing Xu
ec5623570e
Add double close check to StreamChecker. Patch by Lei Zhang.
...
llvm-svn: 108669
2010-07-19 01:52:29 +00:00
Ted Kremenek
b32964d02d
Fix '<rdar://problem/8202272> __imag passed non-complex should not crash' by removing a bogus assertion.
...
llvm-svn: 108602
2010-07-17 01:28:55 +00:00
Ted Kremenek
8b9fd890e3
Fix APFloat assertion failure in IdempotentOperationChecker resulting in having
...
an APFloat with different "float semantics" than the compared float literal.
llvm-svn: 108590
2010-07-17 00:40:32 +00:00
Tom Care
826e6b4023
Improved false positive rate for the idempotent operations checker and moved it into the default path-sensitive analysis options.
...
- Added checks for static local variables, self assigned parameters, and truncating/extending self assignments
- Removed command line option (now default with --analyze)
- Updated test cases to pass with idempotent operation warnings
llvm-svn: 108550
2010-07-16 20:41:41 +00:00
Chris Lattner
33919e7450
fix PR7280 by making the warning on code like this:
...
int test1() {
return;
}
default to an error.
llvm-svn: 108108
2010-07-11 23:34:02 +00:00
Jordy Rose
d5d2e50f3e
Cleanup in CStringChecker. Now properly bifurcates the state for zero/nonzero sizes.
...
llvm-svn: 107935
2010-07-08 23:57:29 +00:00
Jordy Rose
65136fb669
Add memcmp() and bcmp() to CStringChecker. These check for valid access to the buffer arguments and have a special-case for when the buffer arguments are known to be the same address, or when the size is zero.
...
llvm-svn: 107761
2010-07-07 08:15:01 +00:00
Jordy Rose
33c829a6fd
Cleanup on CStringChecker and its associated tests. Also check for null arguments...which are allowed if the access length is 0!
...
llvm-svn: 107759
2010-07-07 07:48:06 +00:00
Chris Lattner
3956106543
implement PR7569, warning about assignment to null, which
...
people seem to write when they want a deterministic trap.
Suggest instead that they use a volatile pointer or
__builtin_trap.
llvm-svn: 107756
2010-07-07 06:14:23 +00:00
Tom Care
49f1e908b2
Fix idempotent operations test command line arguments.
...
llvm-svn: 107735
2010-07-06 23:47:26 +00:00
Jordy Rose
134a236a14
Add a new path-sensitive checker for functions in <string.h>, for both null-terminated strings and memory blocks. Currently only checks memcpy(), memmove(), and bcopy(), but this is intended to be expanded soon.
...
llvm-svn: 107722
2010-07-06 23:11:01 +00:00
Tom Care
3ff08a8e76
Added a path-sensitive idempotent operation checker (-analyzer-idempotent-operation). Finds idempotent and/or tautological operations in a path sensitive context, flagging operations that have no effect or a predictable effect.
...
Example:
{
int a = 1;
int b = 5;
int c = b / a; // a is 1 on all paths
}
- New IdempotentOperationChecker class
- Moved recursive Stmt functions in r107675 to IdempotentOperationChecker
- Minor refactoring of SVal to allow checking for any integer
- Added command line option for check
- Added basic test cases
llvm-svn: 107706
2010-07-06 21:43:29 +00:00
Jordy Rose
4c0a919732
Oops, tabs --> spaces in test.
...
llvm-svn: 107634
2010-07-06 02:42:09 +00:00
Jordy Rose
40c5c24c06
Improve NULL-checking for CFRetain/CFRelease. We now remember that the argument was non-NULL, and we report where the null assumption came from (like AttrNonNullChecker already did).
...
llvm-svn: 107633
2010-07-06 02:34:42 +00:00
Jordy Rose
0704a7fe43
Support sizeof for VLA expressions (sizeof(someVLA)). sizeof(int[n]) still unimplemented. A VLA region's sizeof value matches its extent.
...
llvm-svn: 107611
2010-07-05 04:42:43 +00:00
Jordy Rose
e6b999bf9a
Track extents for VLAs.
...
llvm-svn: 107603
2010-07-05 00:50:15 +00:00
Jordy Rose
674bd55f02
Add a new symbol type, SymbolExtent, to represent the extents of memory regions that may not be known at compile-time (such as those created by malloc). This replaces the old setExtent/getExtent API on Store, which used the GRState's GDM to store SVals.
...
Also adds a getKnownValue() method to SValuator, which gets the integer value of an SVal if it is known to only have one possible value. There are more places in the code that could be using this, but in general we want to be dealing entirely in SVals, so its usefulness is limited.
The only visible functionality change is that extents are now honored for any DeclRegion, such as fields and Objective-C ivars, rather than just variables. This shows up in bounds-checking and cast-size-checking.
llvm-svn: 107577
2010-07-04 00:00:41 +00:00
Ted Kremenek
bd862711fd
Fix PR 7475 by enhancing the static analyzer to also invalidate bindings for non-static global variables
...
when calling a function/method whose impact on global variables we cannot accurately estimate.
This change introduces two new MemSpaceRegions that divide up the memory space of globals, and causes
RegionStore and BasicStore to consult a binding to the NonStaticGlobalsMemSpaceRegion when lazily
determining the value of a global.
llvm-svn: 107423
2010-07-01 20:16:50 +00:00
Argyrios Kyrtzidis
639ffb0c07
Fix rdar://8139785 "implement warning on dead expression in comma operator"
...
As a bonus, fix the warning for || and && operators; it was emitted even if one of the operands had side effects, e.g:
x || test_logical_foo1();
emitted a bogus "expression result unused" for 'x'.
llvm-svn: 107274
2010-06-30 10:53:14 +00:00
Jordy Rose
dc48471861
Pointers casted as integers still count as locations to SimpleSValuator, so don't crash if we do a funny thing like ((int)ptr)&1. Fixes PR7527.
...
llvm-svn: 107236
2010-06-30 01:35:20 +00:00
Jordy Rose
61176897ba
Pointer comparisons (and pointer-pointer subtraction). Basically filling in SimpleSValuator::EvalBinOpLL().
...
llvm-svn: 106992
2010-06-28 08:26:15 +00:00
Jordy Rose
7f8ea4d677
Implicitly compare symbolic expressions to zero when they're being used as constraints. Part of PR7491.
...
llvm-svn: 106972
2010-06-27 01:20:56 +00:00
Jordy Rose
c3bcc36a0b
When a constant size array is casted to another type, its length should be scaled as well.
...
llvm-svn: 106911
2010-06-25 23:23:04 +00:00
Ted Kremenek
da42d523cf
Add dead stores C++ test case that was previously asserting due to an
...
invalid source range for CXXNewExpr.
llvm-svn: 106904
2010-06-25 22:48:52 +00:00
Ted Kremenek
76abf19ea6
Fix -analyze-display-progress (once again), this time with an additional regression test.
...
llvm-svn: 106883
2010-06-25 20:59:24 +00:00
Benjamin Kramer
9aa0d39443
A bug I've introduced in STDIN handling surfaced a few broken tests, fix them.
...
Lexer/hexfloat.cpp is now XFAIL'd, I'd appreciate if someone could look into it.
llvm-svn: 106840
2010-06-25 12:48:07 +00:00
Zhongxing Xu
facf8a8e74
Add check for illegal whence argument of fseek.
...
llvm-svn: 106742
2010-06-24 13:36:41 +00:00
Benjamin Kramer
322ab26387
Don't depend on system headers in clang -cc1 tests.
...
The constant was copied from clang's limits.h.
llvm-svn: 106732
2010-06-24 11:06:12 +00:00
Daniel Dunbar
b016d6c3d8
Revert "Tweak tests to hopefully fix include of limits.h on win32.", tweak fails on linux.
...
llvm-svn: 106661
2010-06-23 18:31:33 +00:00
Daniel Dunbar
08748457b9
Tweak tests to hopefully fix include of limits.h on win32.
...
llvm-svn: 106639
2010-06-23 18:06:20 +00:00
Ted Kremenek
2a33a0deef
Correctly construct an ElementRegion for alloca() + pointer arithmetic. Fixes analyzer
...
crash reported in PR 7450.
llvm-svn: 106609
2010-06-22 23:58:31 +00:00
Jordy Rose
79404afc1c
When folding additive operations, convert the values to the same type. When assuming relationships, convert the integers to the same type as the symbol, at least for now.
...
llvm-svn: 106458
2010-06-21 20:15:15 +00:00
Jordy Rose
3d85888d4e
If a nonnull argument evaluates to UnknownVal, don't warn (and don't crash).
...
llvm-svn: 106456
2010-06-21 20:08:28 +00:00
Jordy Rose
895c899142
Adds analyzer support for idempotent and tautological binary operations such as "a*0" and "a+0". This is not very powerful, but does make the analyzer look a little smarter than it actually is.
...
llvm-svn: 106402
2010-06-20 04:56:29 +00:00
Jordy Rose
2dd9b02cc8
Casting to void* or any other pointer-to-sizeless type (e.g. function pointers) causes a divide-by-zero error. Simple fix: check if the pointee type size is 0 and bail out early if it is.
...
llvm-svn: 106401
2010-06-20 04:30:57 +00:00
Jordy Rose
c0fe8429f2
Fold additive constants, and support comparsions of the form $sym+const1 <> const2
...
llvm-svn: 106339
2010-06-18 22:49:11 +00:00
Zhongxing Xu
e96a9132b8
Add null stream check for more APIs.
...
llvm-svn: 106274
2010-06-18 02:47:46 +00:00
Ted Kremenek
5df037e808
Tweak stack address checker to report multiple cases where globals may reference stack memory.
...
Also refactor the diagnostics so that we print out the kind of stack memory returned.
llvm-svn: 106210
2010-06-17 04:21:37 +00:00
Ted Kremenek
17504bea33
Rework StackAddrLeakChecker to find stores of stack memory addresses to global variables
...
by inspecting the Store bindings instead of iterating over all the global variables
in a translation unit. By looking at the store directly, we avoid cases where we cannot
directly load from the global variable, such as an array (which can result in an assertion failure)
and it also catches cases where we store stack addresses to non-scalar globals.
Also, but not iterating over all the globals in the translation unit, we maintain cache
locality, and the complexity of the checker becomes restricted to the complexity of the
analyzed function, and doesn't scale with the size of the translation unit.
This fixes PR 7383.
llvm-svn: 106184
2010-06-17 00:24:44 +00:00
Zhongxing Xu
0fa7cddbab
Add StreamChecker. This checker models and checks stream manipulation functions.
...
This is the start.
llvm-svn: 106082
2010-06-16 05:38:05 +00:00
Ted Kremenek
4c721bf892
Change AnalysisConsumer to analyze functions created by instantiantiating a macro. Fixes PR 7361.
...
llvm-svn: 105984
2010-06-15 00:55:40 +00:00
Zhongxing Xu
1225aacacf
Merge StackAddrLeakChecker and ReturnStackAddressChecker.
...
llvm-svn: 105687
2010-06-09 06:08:24 +00:00
Zhongxing Xu
4200be5e76
Directly compare the StackFrameContext. This greatly simplifies logic and
...
improves generality. Thanks Ted.
llvm-svn: 105686
2010-06-09 05:50:38 +00:00
Zhongxing Xu
87e7fc5dc2
Add a checker check if a global variable holds a local variable's address after
...
the function call is left where the local variable is declared.
llvm-svn: 105602
2010-06-08 10:00:00 +00:00