summaryrefslogtreecommitdiff
path: root/test/Analysis
Commit message (Collapse)AuthorAgeFilesLines
...
* [analyzer] Add more simple taint tests.Anna Zaks2011-11-281-2/+17
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145275 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Warn when non pointer arguments are passed to scanf (only when ↵Anna Zaks2011-11-181-0/+5
| | | | | | | | running taint checker). There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144964 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] The compiler warning was disabling the analyzer in this test.Anna Zaks2011-11-181-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144946 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Do not conjure a symbol when we need to propagate taint.Anna Zaks2011-11-171-0/+14
| | | | | | | | | | When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation. With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted. Also added some comments and asserts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8
* Added missing ImplicitCastExpr around conversion operator call.Abramo Bagnara2011-11-162-49/+71
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144850 91177308-0d34-0410-b5e6-96231b3b80d8
* Fixed crash with initializer lists and unnamed bitfields in the RegionStoreJim Goodnow II2011-11-161-0/+17
| | | | | | | | Manager. Added test to ensure proper binding of initialized values. This patch fixes PR11249. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Catch the first taint propagation implied buffer overflow.Anna Zaks2011-11-161-0/+14
| | | | | | | | | | | | | | Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows when the offset is tainted. Previously, we did not report bugs when the state was underconstrained (not enough information about the bound to determine if there is an overflow) to avoid false positives. However, if we know that the buffer offset is tainted - comes in from the user space and can be anything, we should report it as a bug. + The very first example of us catching a taint related bug. This is the only example we can currently handle. More to come... git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144826 91177308-0d34-0410-b5e6-96231b3b80d8
* Use Sema::RequireCompleteType to check for the completeness ofDouglas Gregor2011-11-141-1/+1
| | | | | | | | | | | Objective-C classes. This has two purposes: to consistently provide "forward declaration here" notes when we hit an incomplete type, and to give LLDB a chance to complete the type. RequireCompleteType bits from Sean Callanan! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144573 91177308-0d34-0410-b5e6-96231b3b80d8
* [static analyzer] Tweak RetainCountChecker's diagnostics to correctly ↵Ted Kremenek2011-11-141-1/+0
| | | | | | | | indicate if a message was due to a property access. This can potentially be refactored for other clients, and this is a regression from the refactoring of property acceses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144571 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer;Regionstore] handle loads from StringLiteral elements for ↵Ted Kremenek2011-11-141-0/+9
| | | | | | StringLiterals representing wide strings. Fixes PR 11294. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144563 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] teach AnalysisDeclContext::getSelfDecl() about blocks that ↵Ted Kremenek2011-11-141-0/+13
| | | | | | capture the 'self' variable of the enclosing ObjC method decl. Fixes <rdar://problem/10380300>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144556 91177308-0d34-0410-b5e6-96231b3b80d8
* Change the AST representation of operations on Objective-CJohn McCall2011-11-062-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | property references to use a new PseudoObjectExpr expression which pairs a syntactic form of the expression with a set of semantic expressions implementing it. This should significantly reduce the complexity required elsewhere in the compiler to deal with these kinds of expressions (e.g. IR generation's special l-value kind, the static analyzer's Message abstraction), at the lower cost of specifically dealing with the odd AST structure of these expressions. It should also greatly simplify efforts to implement similar language features in the future, most notably Managed C++'s properties and indexed properties. Most of the effort here is in dealing with the various clients of the AST. I've gone ahead and simplified the ObjC rewriter's use of properties; other clients, like IR-gen and the static analyzer, have all the old complexity *and* all the new complexity, at least temporarily. Many thanks to Ted for writing and advising on the necessary changes to the static analyzer. I've xfailed a small diagnostics regression in the static analyzer at Ted's request. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143867 91177308-0d34-0410-b5e6-96231b3b80d8
* Switch these two tests to use the Clang driver instead of CC1. They wantChandler Carruth2011-11-051-1/+1
| | | | | | | | to do "realistic" includes, and so need the header search logic now in the driver. This in turn requires switching the CC1 options to the actual driver options, and passing -Xclang where there is no analogy. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143805 91177308-0d34-0410-b5e6-96231b3b80d8
* Per discussion with John McCall, don't add OpaqueValueExprs to the CFG.Ted Kremenek2011-11-051-27/+22
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143766 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix PR11282 - an assert in markAsSinkAnna Zaks2011-11-011-0/+14
| | | | | | | | This is another fallout from the refactoring. We were calling MarkAsSink on a cached out node. (Fixes radar://10376675) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143516 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] BranchNodeBuilder should not generate autotransitions.Anna Zaks2011-11-011-0/+10
| | | | | | This fixes radar://10367606 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143514 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] ObjC message sends to nil receivers that return structs are now ↵Ted Kremenek2011-10-282-18/+12
| | | | | | okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143215 91177308-0d34-0410-b5e6-96231b3b80d8
* Add source-level dominators analysis. Patch by Guoping Long!Ted Kremenek2011-10-251-0/+165
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142885 91177308-0d34-0410-b5e6-96231b3b80d8
* Rename AnalysisContext to AnalysisDeclContext. Not only is this name more ↵Ted Kremenek2011-10-241-1/+1
| | | | | | accurate, but it frees up the name AnalysisContext for other uses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
* Add test case for analyzer crash reported in <rdar://problem/10308201> ↵Ted Kremenek2011-10-201-0/+15
| | | | | | (which is already fixed in mainline). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142606 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix the signatures of vfork, __sigsetjmp and sigsetjmp.Rafael Espindola2011-10-191-1/+1
| | | | | | Patch by Dimitry Andric. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142531 91177308-0d34-0410-b5e6-96231b3b80d8
* Update all tests other than Driver/std.cpp to use -std=c++11 rather thanRichard Smith2011-10-133-3/+3
| | | | | | | -std=c++0x. Patch by Ahmed Charles! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141900 91177308-0d34-0410-b5e6-96231b3b80d8
* Add returns_twice to functions that are known to return twice. This implementsRafael Espindola2011-10-121-1/+1
| | | | | | the same behavior of gcc by keeping the attribute out of the function type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141803 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Warn about the use of insecure, deprecated vfork() function ↵Anna Zaks2011-10-111-0/+11
| | | | | | | | PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053). A patch by Graham Lee! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141643 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Teach the static analyzer about CXXForRangeStmt. Patch by Jim ↵Ted Kremenek2011-10-101-0/+23
| | | | | | Goodnow II! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141587 91177308-0d34-0410-b5e6-96231b3b80d8
* Provide basic static analyzer support for CXXTemporaryObjectExpr. Patch by ↵Ted Kremenek2011-10-071-0/+24
| | | | | | Jim Goodnow II. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141433 91177308-0d34-0410-b5e6-96231b3b80d8
* [static analyzer] Fix crash in LiveVariables and Environment::getSVal() when ↵Ted Kremenek2011-10-061-0/+12
| | | | | | analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141312 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix major regression in RetainCountChecker. DefaultSummaries were not being ↵Ted Kremenek2011-10-051-1/+34
| | | | | | used when they were meant to be. Fixes <rdar://problem/10241614>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141250 91177308-0d34-0410-b5e6-96231b3b80d8
* Make -fobjc-nonfragile-abi the -cc1 default, since it's theJohn McCall2011-10-023-3/+3
| | | | | | | | | | | | | | | | | | | | | increasingly prevailing case to the point that new features like ARC don't even support the fragile ABI anymore. This required a little bit of reshuffling with exceptions because a check was assuming that ObjCNonFragileABI was only being set in ObjC mode, and that's actually a bit obnoxious to do. Most, though, it involved a perl script to translate a ton of test cases. Mostly no functionality change for driver users, although there are corner cases with disabling language-specific exceptions that we should handle more correctly now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140957 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix LiveVariables analysis bug with MaterializeTemporaryExpr and fix ↵Ted Kremenek2011-10-021-1/+1
| | | | | | handling in ExprEngine. Fixes <rdar://problem/10201666>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140956 91177308-0d34-0410-b5e6-96231b3b80d8
* Address PR10616. The crash has already been fixed by Ted in r140725, so just ↵Anna Zaks2011-10-011-0/+13
| | | | | | refactor to use existing API + test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140932 91177308-0d34-0410-b5e6-96231b3b80d8
* Tweak the interface for analyzing the CF conventions for a nameJohn McCall2011-10-011-0/+10
| | | | | | | | | | | | | | to take a FunctionDecl* instead of an llvm::StringRef. Eventually we might push more logic in there, like using slightly different conventions for C++ methods. Also, fix a bug where 'copy' and 'create' were being caught in non-camel-cased strings. We want copyFoo and CopyFoo and XCopy but not Xcopy or xcopy. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140911 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix crash when analyzing C++ code involving constant enums and switch ↵Ted Kremenek2011-09-301-0/+26
| | | | | | statements (<rdar://problem/10202899>). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140844 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix a bug in RetainReleaseChecker diagnostics. It gives more ↵Anna Zaks2011-09-301-1/+1
| | | | | | precise error message on the modified test case (and prevents duplicate diagnostics when we purge at block granularity). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140840 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add -analyzer-purge option which can take on multiple values, ↵Anna Zaks2011-09-301-1/+1
| | | | | | remove -analyzer-purge=none. (Small refactor as well: move the work of constructing AnalysisManager from the callers to the class itself.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140838 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix a crash in MallocOverflowSecurityChecker. Patch by Lei Zhang.Anna Zaks2011-09-271-0/+11
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140648 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Remove target triple from the malloc overflow test.Anna Zaks2011-09-271-3/+2
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140635 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix a bug where PathDiagnosticLocation did not generate a valid ↵Anna Zaks2011-09-211-1/+7
| | | | | | | | range and add asserts to check validity of locations early on. Ignore invalid ranges in PathDiagnosticPiece (they could be added by checker writers). Addresses radar://10124836 and radar://radar10102244. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140218 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Refactor: make PathDiagnosticLocation responsible for validation ↵Anna Zaks2011-09-161-1/+1
| | | | | | | | | | of SourceLocations (commit 5 of ?): - Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods. - The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private. - Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139932 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Refactor: make PathDiagnosticLocation responsible for validation ↵Anna Zaks2011-09-151-15/+0
| | | | | | | | | of SourceLocations (commit 4 of ?): - The closing brace is always a single location, not a range. - The test case previously had a location key 57:1 followed by a range [57:1 - 57:1]. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139832 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] After CFG has been linearized, we can have a situation where an ↵Anna Zaks2011-09-141-1/+186
| | | | | | | | | | ExpoledNode has an invalid SourceLocation (which has no correspondence in the source code). This commit is the first step to solve this problem. - It adds LocationContext to the PathDiagnosticLocation object and uses it to lookup the enclosing statement with a valid location. - So far, the LocationContext is only available when the object is constructed from the ExplodedNode. - Already found some subtle bugs(in plist-output-alternate.m) where the intermediate diagnostic steps were not previously shown. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139703 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Simplify the test, use generic/more descriptive names.Anna Zaks2011-09-121-8/+8
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139516 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix a failure encountered while analyzing bind (radar://10105448).Anna Zaks2011-09-121-0/+11
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139509 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fix a new failure encountered while building Adium exposed as a ↵Anna Zaks2011-09-121-0/+20
| | | | | | result of r138196(radar://10087620). ObjectiveC property of type int has a value of type ObjCPropRef, which is a Loc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139507 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Test for -analyze-function on ObjectiveC to accompany r139439.Anna Zaks2011-09-121-0/+56
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139506 91177308-0d34-0410-b5e6-96231b3b80d8
* Stop cluttering the test directory with temporary files.Benjamin Kramer2011-09-051-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139114 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Move the knowledge of whether or not GC is enabled for the ↵Jordy Rose2011-09-0224-35/+35
| | | | | | | | | | | current analysis from CFRefCount to ExprEngine. Remove TransferFuncs from ExprEngine and AnalysisConsumer. Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138998 91177308-0d34-0410-b5e6-96231b3b80d8
* If size was equal to 0, either NULL or a pointer suitable to be passed to Zhongxing Xu2011-09-011-1/+1
| | | | | | | | | free() is returned by realloc(). Most code expect NULL. And we only need to transfer one final ProgramState. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement ↵Anna Zaks2011-08-291-0/+11
| | | | | | on the previous commit.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138762 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix bug 10797: Crash: "cast<Ty>() argument of incompatible type!" assert ↵Anna Zaks2011-08-291-0/+6
| | | | | | | | when analyzing ICU. Patch by Jean-Daniel Dupas. Thanks for spotting and fixing! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138757 91177308-0d34-0410-b5e6-96231b3b80d8
View Lorry Controller Status