summaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer
Commit message (Collapse)AuthorAgeFilesLines
* [c++20] Add CXXRewrittenBinaryOperator to represent a comparisonRichard Smith2019-10-191-0/+1
| | | | | | | | operator that is rewritten as a call to multiple other operators. No functionality change yet: nothing creates these expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375305 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix FieldRegion dumps.Artem Dergachev2019-10-181-1/+1
| | | | | | | | | The '->' thing has always been confusing; the actual operation '->' translates to a pointer dereference together with adding a FieldRegion, but FieldRegion on its own doesn't imply an additional pointer dereference. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375281 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Drop the logic for collapsing the state if it's same as in preds.Artem Dergachev2019-10-181-10/+1
| | | | | | | | | | One of the first attempts to reduce the size of the exploded graph dumps was to skip the state dump as long as the state is the same as in all of the predecessor nodes. With all the new facilities in place (node joining, diff dumps), this feature doesn't do much, and when it does, it's more harmful than useful. Let's remove it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375280 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix hidden node traversal in exploded graph dumps.Artem Dergachev2019-10-181-11/+5
| | | | | | | | | The joined nodes now actually have the same state. That was intended from the start but the original implementation turned out to be buggy. Differential Revision: https://reviews.llvm.org/D69150 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375278 91177308-0d34-0410-b5e6-96231b3b80d8
* [OPENMP50]Add support for master taskloop simd.Alexey Bataev2019-10-181-0/+1
| | | | | | Added trsing/semantics/codegen for combined construct master taskloop simd. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375255 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Assign truly stable identifiers to exploded nodes.Artem Dergachev2019-10-173-21/+14
| | | | | | | | | | | ExplodedGraph nodes will now have a numeric identifier stored in them which will keep track of the order in which the nodes were created and it will be fully deterministic both accross runs and across machines. This is extremely useful for debugging as it allows reliably setting conditional breakpoints by node IDs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@375186 91177308-0d34-0410-b5e6-96231b3b80d8
* [Concepts] Concept Specialization ExpressionsSaar Raz2019-10-151-0/+1
| | | | | | | | | | | | Part of C++20 Concepts implementation effort. Added Concept Specialization Expressions that are created when a concept is refe$ D41217 on Phabricator. (recommit after fixing failing Parser test on windows) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374903 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert 374882 "[Concepts] Concept Specialization Expressions"Nico Weber2019-10-151-1/+0
| | | | | | | | | | This reverts commit ec87b003823d63f3342cf648f55a134c1522e612. The test fails on Windows, see e.g. http://lab.llvm.org:8011/builders/clang-x64-windows-msvc/builds/11533/steps/stage%201%20check/logs/stdio Also revert follow-up r374893. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374899 91177308-0d34-0410-b5e6-96231b3b80d8
* [Concepts] Concept Specialization ExpressionsSaar Raz2019-10-151-0/+1
| | | | | | | | | Part of C++20 Concepts implementation effort. Added Concept Specialization Expressions that are created when a concept is referenced with arguments, and tests thereof. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374882 91177308-0d34-0410-b5e6-96231b3b80d8
* [OPENMP50]Add support for 'parallel master taskloop' construct.Alexey Bataev2019-10-141-0/+1
| | | | | | | | | Added parsing/sema/codegen support for 'parallel master taskloop' constructs. Some of the clauses, like 'grainsize', 'num_tasks', 'final' and 'priority' are not supported in full, only constant expressions can be used currently in these clauses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374791 91177308-0d34-0410-b5e6-96231b3b80d8
* BlockInCriticalSectionChecker - silence static analyzer dyn_cast null ↵Simon Pilgrim2019-10-131-1/+1
| | | | | | | | dereference warning. NFCI. The static analyzer is warning about a potential null dereference, but we should be able to use cast<> directly and if not assert will fire for us. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374717 91177308-0d34-0410-b5e6-96231b3b80d8
* [OPENMP50]Support for 'master taskloop' directive.Alexey Bataev2019-10-101-0/+1
| | | | | | Added full support for master taskloop directive. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@374437 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert "[analyzer] A speculative attempt to avoid gcc-7 crashes..."Artem Dergachev2019-09-261-5/+2
| | | | | | | This reverts commit r372940 which was an overreaction to a flaky buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@373005 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] A speculative attempt to avoid gcc-7 crashes caused by r372942.Artem Dergachev2019-09-261-2/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372945 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Avoid small vectors of non-default-constructibles.Artem Dergachev2019-09-261-1/+1
| | | | | | | Unconfuses certain compilers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372942 91177308-0d34-0410-b5e6-96231b3b80d8
* [NFCI] Return PathSensitiveBugReport where appropriateAlex Langford2019-09-232-7/+10
| | | | | | | | | | Some compilers have trouble converting unique_ptr<PathSensitiveBugReport> to unique_ptr<BugReport> causing some functions to fail to compile. Changing the return type of the functions that fail to compile does not appear to have any issues. I ran into this issue building with clang 3.8 on Ubuntu 16.04. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372668 91177308-0d34-0410-b5e6-96231b3b80d8
* Move classes into anonymous namespaces. NFC.Benjamin Kramer2019-09-221-2/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372495 91177308-0d34-0410-b5e6-96231b3b80d8
* Attempt to fix a windows buildbot failureKristof Umann2019-09-211-2/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372462 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix a documentation errorKristof Umann2019-09-201-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372419 91177308-0d34-0410-b5e6-96231b3b80d8
* Reland '[analyzer][MallocChecker][NFC] Document and reorganize some functions'Kristof Umann2019-09-201-463/+720
| | | | | | Differential Revision: https://reviews.llvm.org/D54823 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372414 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] PR43102: Fix an assertion and an out-of-bounds error for ↵Kristof Umann2019-09-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | diagnostic location construction Summary: https://bugs.llvm.org/show_bug.cgi?id=43102 In today's edition of "Is this any better now that it isn't crashing?", I'd like to show you a very interesting test case with loop widening. Looking at the included test case, it's immediately obvious that this is not only a false positive, but also a very bad bug report in general. We can see how the analyzer mistakenly invalidated `b`, instead of its pointee, resulting in it reporting a null pointer dereference error. Not only that, the point at which this change of value is noted at is at the loop, rather then at the method call. It turns out that `FindLastStoreVisitor` works correctly, rather the supplied explodedgraph is faulty, because `BlockEdge` really is the `ProgramPoint` where this happens. {F9855739} So it's fair to say that this needs improving on multiple fronts. In any case, at least the crash is gone. Full ExplodedGraph: {F9855743} Reviewers: NoQ, xazax.hun, baloghadamsoftware, Charusso, dcoughlin, rnkovacs, TWeaver Subscribers: JesperAntonsson, uabelho, Ka-Ka, bjope, whisperity, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, gamesh411, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D66716 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@372269 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer][NFC] Fix inconsistent references to checkers as "checks"Kristof Umann2019-09-1221-92/+86
| | | | | | | | | | | | | | Traditionally, clang-tidy uses the term check, and the analyzer uses checker, but in the very early years, this wasn't the case, and code originating from the early 2010's still incorrectly refer to checkers as checks. This patch attempts to hunt down most of these, aiming to refer to checkers as checkers, but preserve references to callback functions (like checkPreCall) as checks. Differential Revision: https://reviews.llvm.org/D67140 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371760 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Move PathDiagnostic classes to libAnalysis.Artem Dergachev2019-09-1115-1229/+13
| | | | | | | | | | | | At this point the PathDiagnostic, PathDiagnosticLocation, PathDiagnosticPiece structures no longer rely on anything specific to Static Analyzer, so we can move them out of it for everybody to use. PathDiagnosticConsumers are still to be handed off. Differential Revision: https://reviews.llvm.org/D67419 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371661 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Move resetDiagnosticLocationToMainFile() to BugReporter.Artem Dergachev2019-09-112-65/+66
| | | | | | | | | | This method of PathDiagnostic is a part of Static Analyzer's particular path diagnostic construction scheme. As such, it doesn't belong to the PathDiagnostic class, but to the Analyzer. Differential Revision: https://reviews.llvm.org/D67418 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371660 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Move getStmt() and createEndOfPath() out of PathDiagnostic.Artem Dergachev2019-09-1117-178/+172
| | | | | | | | | | These static functions deal with ExplodedNodes which is something we don't want the PathDiagnostic interface to know anything about, as it's planned to be moved out of libStaticAnalyzerCore. Differential Revision: https://reviews.llvm.org/D67382 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371659 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Re-implement stack hints as a side map in BugReport.Artem Dergachev2019-09-118-110/+104
| | | | | | | | | | That's one of the few random entities in the PathDiagnostic interface that are specific to the Static Analyzer. By moving them out we could let everybody use path diagnostics without linking against Static Analyzer. Differential Revision: https://reviews.llvm.org/D67381 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371658 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Simplify bug report equivalence classes to not be ilists.Artem Dergachev2019-09-092-12/+11
| | | | | | | | Use a vector of unique pointers instead. Differential Revision: https://reviews.llvm.org/D67024 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371451 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NFC: Introduce sub-classes for path-sensitive and basic reports.Artem Dergachev2019-09-0971-393/+493
| | | | | | | | | | | | | Checkers are now required to specify whether they're creating a path-sensitive report or a path-insensitive report by constructing an object of the respective type. This makes BugReporter more independent from the rest of the Static Analyzer because all Analyzer-specific code is now in sub-classes. Differential Revision: https://reviews.llvm.org/D66572 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371450 91177308-0d34-0410-b5e6-96231b3b80d8
* Move prop-sink branch to monorepo.Gabor Borsik2019-09-081-29/+65
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371342 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add minimal support for fix-it hints.Artem Dergachev2019-09-065-61/+174
| | | | | | | | | | | | | | | | | | | | | | | | | | Allow attaching fixit hints to Static Analyzer BugReports. Fixits are attached either to the bug report itself or to its notes (path-sensitive event notes or path-insensitive extra notes). Add support for fixits in text output (including the default text output that goes without notes, as long as the fixit "belongs" to the warning). Add support for fixits in the plist output mode. Implement a fixit for the path-insensitive DeadStores checker. Only dead initialization warning is currently covered. Implement a fixit for the path-sensitive VirtualCall checker when the virtual method is not pure virtual (in this case the "fix" is to suppress the warning by qualifying the call). Both fixits are under an off-by-default flag for now, because they require more careful testing. Differential Revision: https://reviews.llvm.org/D65182 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371257 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] pr43179: Make CallDescription defensive against C variadic functions.Artem Dergachev2019-09-062-3/+7
| | | | | | | | | | | | | | | | | | | | | Most functions that our checkers react upon are not C-style variadic functions, and therefore they have as many actual arguments as they have formal parameters. However, it's not impossible to define a variadic function with the same name. This will crash any checker that relies on CallDescription to check the number of arguments but silently assumes that the number of parameters is the same. Change CallDescription to check both the number of arguments and the number of parameters by default. If we're intentionally trying to match variadic functions, allow specifying arguments and parameters separately (possibly omitting any of them). For now we only have one CallDescription which would make use of those, namely __builtin_va_start itself. Differential Revision: https://reviews.llvm.org/D67019 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@371256 91177308-0d34-0410-b5e6-96231b3b80d8
* Unbreak the build after r370798Benjamin Kramer2019-09-031-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370807 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] NonNullParamChecker and CStringChecker parameter number in ↵Kristof Umann2019-09-032-24/+35
| | | | | | | | | | | | | | | | | | | | checker message There are some functions which can't be given a null pointer as parameter either because it has a nonnull attribute or it is declared to have undefined behavior (e.g. strcmp()). Sometimes it is hard to determine from the checker message which parameter is null at the invocation, so now this information is included in the message. This commit fixes https://bugs.llvm.org/show_bug.cgi?id=39358 Reviewed By: NoQ, Szelethus, whisperity Patch by Tibor Brunner! Differential Revision: https://reviews.llvm.org/D66333 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370798 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add a checker option to detect nested dead storesKristof Umann2019-09-031-9/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables the users to specify an optional flag which would warn for more dead stores. Previously it ignored if the dead store happened e.g. in an if condition. if ((X = generate())) { // dead store to X } This patch introduces the `WarnForDeadNestedAssignments` option to the checker, which is `false` by default - so this change would not affect any previous users. I have updated the code, tests and the docs as well. If I missed something, tell me. I also ran the analysis on Clang which generated 14 more reports compared to the unmodified version. All of them seemed reasonable for me. Related previous patches: rGf224820b45c6847b91071da8d7ade59f373b96f3 Reviewers: NoQ, krememek, Szelethus, baloghadamsoftware Reviewed By: Szelethus Patch by Balázs Benics! Differential Revision: https://reviews.llvm.org/D66733 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370767 91177308-0d34-0410-b5e6-96231b3b80d8
* [Analyzer] Iterator Checkers - Make range errors and invalidated access fatalAdam Balogh2019-08-291-8/+6
| | | | | | | | | | | | | | | | Range errors (dereferencing or incrementing the past-the-end iterator or decrementing the iterator of the first element of the range) and access of invalidated iterators lead to undefined behavior. There is no point to continue the analysis after such an error on the same execution path, but terminate it by a sink node (fatal error). This also improves the performance and helps avoiding double reports (e.g. in case of nested iterators). Differential Revision: https://reviews.llvm.org/D62893 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370314 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix analyzer warnings on analyzer.Artem Dergachev2019-08-2817-61/+77
| | | | | | | | | Write tests for the actual crash that was found. Write comments and refactor code around 17 style bugs and suppress 3 false positives. Differential Revision: https://reviews.llvm.org/D66847 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370246 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] pr43036: Fix support for operator 'sizeof...'.Artem Dergachev2019-08-281-0/+1
| | | | | | | | | It was known to be a compile-time constant so it wasn't evaluated during symbolic execution, but it wasn't evaluated as a compile-time constant either. Differential Revision: https://reviews.llvm.org/D66565 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370245 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Trust global initializers when analyzing main().Artem Dergachev2019-08-281-16/+58
| | | | | | | | | | | | | | | | | If the global variable has an initializer, we'll ignore it because we're usually not analyzing the program from the beginning, which means that the global variable may have changed before we start our analysis. However when we're analyzing main() as the top-level function, we can rely on global initializers to still be valid. At least in C; in C++ we have global constructors that can still break this logic. This patch allows the Static Analyzer to load constant initializers from global variables if the top-level function of the current analysis is main(). Differential Revision: https://reviews.llvm.org/D65361 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370244 91177308-0d34-0410-b5e6-96231b3b80d8
* Update the SARIF exporter to SARIF 2.1Joe Ranieri2019-08-271-43/+42
| | | | | | | | | | | This updates the SARIF exporter to produce SARIF 2.1 output. The bulk of the diffs come from two changes to SARIF: * https://github.com/oasis-tcs/sarif-spec/issues/309 * https://github.com/oasis-tcs/sarif-spec/issues/179 Differential Revision: https://reviews.llvm.org/D65211 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370068 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix a SARIF exporter crash with macro expansionsJoe Ranieri2019-08-271-4/+6
| | | | | | | Differential Revision: https://reviews.llvm.org/D65209 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370061 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix text range end columns in SARIF to be exclusiveJoe Ranieri2019-08-271-3/+9
| | | | | | | | | According to the SARIF specification, "a text region does not include the character specified by endColumn". Differential Revision: https://reviews.llvm.org/D65206 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@370060 91177308-0d34-0410-b5e6-96231b3b80d8
* Do a sweep of symbol internalization. NFC.Benjamin Kramer2019-08-231-4/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369803 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Avoid unnecessary enum range check on LValueToRValue castsKristof Umann2019-08-231-0/+16
| | | | | | | | | | | | | | | | Summary: EnumCastOutOfRangeChecker should not perform enum range checks on LValueToRValue casts, since this type of cast does not actually change the underlying type. Performing the unnecessary check actually triggered an assertion failure deeper in EnumCastOutOfRange for certain input (which is captured in the accompanying test code). Reviewers: #clang, Szelethus, gamesh411, NoQ Reviewed By: Szelethus, gamesh411, NoQ Subscribers: NoQ, gamesh411, xazax.hun, baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, donat.nagy, dkrupp, Charusso, bjope, cfe-commits Tags: #clang Differential Revision: https://reviews.llvm.org/D66014 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369760 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] CastValueChecker: Correctly model results of based-to-derived casts.Artem Dergachev2019-08-231-9/+27
| | | | | | | | | | Our SVal hierarchy doesn't allow modeling pointer casts as no-op. The pointer type is instead encoded into the pointer object. Defer to our usual pointer casting facility, SValBuilder::evalBinOp(). Fixes a crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369729 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] CastValueChecker: Provide DynamicTypeMap with pointer types only.Artem Dergachev2019-08-232-28/+26
| | | | | | | | | The idea to drop this requirement is good, but for now every other user of DynamicTypeInfo expects pointer types. Fixes a crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369728 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] CastValueChecker: Avoid modeling casts between objects.Artem Dergachev2019-08-231-2/+7
| | | | | | | | | Our method only works correctly when casting a pointer to a pointer or a reference to a reference. Fixes a crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369727 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] DynamicTypeInfo: Avoid putting null regions into dynamic typemap.Artem Dergachev2019-08-231-0/+3
| | | | | | Fixes a crash. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369726 91177308-0d34-0410-b5e6-96231b3b80d8
* Remove an unused function, suppress -Wunused-function warning.Haojian Wu2019-08-221-6/+0
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369629 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] CastValueChecker: Model isa(), isa_and_nonnull()Csaba Dabis2019-08-221-5/+100
| | | | | | | | | | Summary: - Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D66423 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369615 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Don't track the condition of foreach loopsKristof Umann2019-08-221-0/+5
| | | | | | | | | As discussed on the mailing list, notes originating from the tracking of foreach loop conditions are always meaningless. Differential Revision: https://reviews.llvm.org/D66131 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@369613 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status