| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously we were assuming that we'd never ask for the sub-region bindings
of a bitfield, since a bitfield cannot have subregions. However,
unification of code paths has made that assumption invalid. While we could
take advantage of this by just checking for the single possible binding,
it's probably better to do the right thing, so that if/when we someday
support unions we'll do the right thing there, too.
This fixes a handful of false positives in analyzing LLVM.
<rdar://problem/13325522>
llvm-svn: 176388
|
|
In C++, rvalues that need to have their address taken (for example, to be
passed to a function by const reference) will be wrapped in a
MaterializeTemporaryExpr, which lets CodeGen know to create a temporary
region to store this value. However, MaterializeTemporaryExprs are /not/
created when a method is called on an rvalue struct, even though the 'this'
pointer needs a valid value. CodeGen works around this by creating a
temporary region anyway; now, so does the analyzer.
The analyzer also does this when accessing a field of a struct rvalue.
This is a little unfortunate, since the rest of the struct will soon be
thrown away, but it does make things consistent with the rest of the
analyzer.
This allows us to bring back the assumption that all known 'this' values
are Locs. This is a revised version of r164828-9, reverted in r164876-7.
<rdar://problem/12137950>
llvm-svn: 166120
|
|
an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
This reverts r164441 / 9be016dcd1ca3986873a7b66bd4bc027309ceb59.
llvm-svn: 164958
|
|
accessing fields"
This reverts commit 6f61df3e7256413dcb99afb9673f4206e3c4992c.
llvm-svn: 164877
|
|
Struct rvalues are represented in the analyzer by CompoundVals,
LazyCompoundVals, or plain ConjuredSymbols -- none of which have associated
regions. If the entire structure is going to persist, this is not a
problem -- either the rvalue will be assigned to an existing region, or
a MaterializeTemporaryExpr will be present to create a temporary region.
However, if we just need a field from the struct, we need to create the
temporary region ourselves.
This is inspired by the way CodeGen handles calls to temporaries;
support for that in the analyzer is coming next.
Part of <rdar://problem/12137950>
llvm-svn: 164828
|
|
We want to catch cases like this early, so that we can produce better
diagnostics and path notes:
Point *p = 0;
int *px = &p->x; // should warn here
*px = 1;
llvm-svn: 164441
|
|
llvm-svn: 162588
|
|
be the common root package.
llvm-svn: 136835
|
|
driver. Also remove associated tests. Sorry for the messy commits; this is the result of a botched Git merge.
llvm-svn: 136422
|
|
misnomer award.
llvm-svn: 126676
|
|
have any checkers associated with it anymore.
llvm-svn: 126440
|
|
llvm-svn: 124822
|
|
llvm-svn: 95348
|
|
- This is designed to make it obvious that %clang_cc1 is a "test variable"
which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
can be useful to redefine what gets run as 'clang -cc1' (for example, to set
a default target).
llvm-svn: 91446
|
|
llvm-svn: 91272
|
|
llvm-svn: 90071
|
|
option enables new "internal" checks that will eventually be turned on
by default but still require broader testing.
llvm-svn: 88671
|
|
- 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious.
llvm-svn: 86430
|
|
OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.
llvm-svn: 77509
|
|
and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.
llvm-svn: 75209
|
|
using '-analyzer-store=basic-new-cast'.
llvm-svn: 74865
|
|
llvm-svn: 73851
|
|
pointee type is scalar type, create element region regardless with the sizes
of types.
llvm-svn: 71360
|
|
RegionStore.
This CastRegion() performs casts according to the kind of the region being
cast instead of the type that is cast to.
llvm-svn: 71058
|
|
llvm-svn: 70834
|
|
- Don't layer TypedViewRegions on top of any region except
SymbolicRegions and AllocaRegions. This follows from my offline
discussion within Zhongxing about how TypedViewRegions really only
represent memory getting re-appropriated for a new purpose.
Fallout from this change:
- Move test case from xfail_rdar_6440393.m to misc-ps-64.m
(it now passes).
- test/Analysis/fields.c now fails for region store (crash).
Marking XFAIL.
- test/Analysis/rdar-6441136-region.c now fails (only runs with region store).
Marking XFAIL.
Diagnosis: The analyzer now correctly identifies an early out-of-bounds memory
access then the one flagged:
rdar-6541136-region.c:17:3: warning: Load or store into an out-of-bound memory position.
*p = 1;
^~
Changing the line:
char *p = (void*) &wonky[1];
to
char *p = (void*) &wonky[0];
(which should delay the buffer overrun) causes region store to crash, probably
because it expects a TypedViewRegion.
- test/Analysis/casts.c (region store) now fails (crash).
Marking XFAIL.
llvm-svn: 70565
|
|
Tests and drivers updated, still need to shuffle dirs.
llvm-svn: 67602
|
|
- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
-analyzer-output=...
-analyzer-store=...
-analyzer-constraints=...
instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
interface
- Updated test cases to conform to new driver options
llvm-svn: 64737
|
|
llvm-svn: 62798
|
|
individual checker options.
llvm-svn: 62634
|
|
"Visit" when processing the base for "x->f" field accesses.
llvm-svn: 57754
|
