summaryrefslogtreecommitdiffstats
path: root/test/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* [analyzer] Fix a false alarm in SelfInitChecker (radar://11235991).Anna Zaks2012-04-161-4/+57
| | | | | | Along with it, fix a couple of other corner cases and add more tests. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154866 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Fixup for a test case.Anna Zaks2012-04-161-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154864 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix tests that weren't actually verifying anything.David Blaikie2012-04-151-1/+1
| | | | | | | | | | | | | | Passing -verify to clang without -cc1 or -Xclang silently passes (with a printed warning, but lit doesn't care about that). This change adds -cc1 or, as is necessary in one case, -Xclang to fix this so that these tests are actually verifying as intended. I'd like to change the driver so this kind of mistake could not be made, but I'm not entirely sure how. Further, since the driver only warns about unknown flags in general, we could have similar bugs with a misspellings of arguments that would be nice to find. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154776 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] PCH deserialization optimization.Anna Zaks2012-04-122-0/+37
| | | | | | | | | | | | | | | | We should not deserialize unused declarations from the PCH file. Achieve this by storing the top level declarations during parsing (HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call graph only for those. Tested the patch on a sample ObjC file that uses PCH. With the patch, the analyzes is 17.5% faster and clang consumes 40% less memory. Got about 10% overall build/analyzes time decrease on a large Objective C project. A bit of CallGraph refactoring/cleanup as well.. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Test case for r154451 (redefining system functions).Anna Zaks2012-04-121-0/+17
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154624 91177308-0d34-0410-b5e6-96231b3b80d8
* Include lambda capture init expressions in CFG.Ted Kremenek2012-04-121-0/+20
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154611 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Another dynamic_cast false positive/negative.Anna Zaks2012-04-111-0/+7
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154543 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Better test cases for explaining where tracking types ofAnna Zaks2012-04-111-5/+35
| | | | | | | | symbolic regions would help. Thanks to Richard Smith. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154541 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] dynamic_cast: Better model cast from a reference.Anna Zaks2012-04-101-2/+10
| | | | | | | Generate a sink when the dynamic_cast from a reference fails to represent a thrown exception. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154438 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add support for C++ dynamic_cast.Anna Zaks2012-04-101-0/+185
| | | | | | Simulate the C++ dynamic_cast in the analyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
* Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that ↵Ted Kremenek2012-04-064-26/+28
| | | | | | | | | | | | | | | | | | when we generate a new ExplodedNode we use the same Expr* as the one being currently visited. This is preparation for transitioning to having ProgramPoints refer to CFGStmts. This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact, as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but it will look a lot cleaner when were start using CFGStmt* in the appropriate places. As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed. I have audited these, and they look reasonable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Check that the arguments to NSOrderedSet creation methods are ↵Jordy Rose2012-04-061-0/+8
| | | | | | | | valid ObjC objects. Patch by Sean McBride! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154194 91177308-0d34-0410-b5e6-96231b3b80d8
* Added a new attribute, objc_root_class, which informs the compiler when a ↵Patrick Beard2012-04-0617-30/+30
| | | | | | | | | | root class is intentionally declared. The warning this inhibits, -Wobjc-root-class, is opt-in for now. However, all clang unit tests that would trigger the warning have been updated to use -Wno-objc-root-class. <rdar://problem/7446698> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154187 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer]Fix false positive: pointer might escape through CG*WithData.Anna Zaks2012-04-061-0/+18
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154156 91177308-0d34-0410-b5e6-96231b3b80d8
* Handle symbolicating a reference in an initializer expression that we don't ↵Ted Kremenek2012-04-051-0/+10
| | | | | | understand. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154084 91177308-0d34-0410-b5e6-96231b3b80d8
* Teach ObjCContainersChecker that the array passed to CFArrayGetValueAtIndex ↵Ted Kremenek2012-04-051-0/+4
| | | | | | might not be a symbolic value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154083 91177308-0d34-0410-b5e6-96231b3b80d8
* Do not crash in the callgraph construction when encountering deleted ↵Ted Kremenek2012-04-051-0/+5
| | | | | | function definitions. Fixes <rdar://problem/11178609>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154081 91177308-0d34-0410-b5e6-96231b3b80d8
* Enable warn_impcast_literal_float_to_integer by default.David Blaikie2012-04-051-2/+2
| | | | | | | | | | | | | | | | | This diagnostic seems to be production ready, it's just an oversight that it wasn't turned on by default. The test changes are a bit of a mixed bag. Some tests that seemed like they clearly didn't need to use this behavior have been modified not to use it. Others that I couldn't be sure about, I added the necessary expected-warnings to. It's possible the diagnostic message could be improved to make it clearer that this warning can be suppressed by using a value that won't lose precision when converted to the target type (but can still be a floating point literal, such as "bool b = 1.0;"). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154068 91177308-0d34-0410-b5e6-96231b3b80d8
* Look through chains of 'x = y = z' when employing silencing heuristics in ↵Ted Kremenek2012-04-041-0/+22
| | | | | | | | the DeadStoresChecker. Fixes <rdar://problem/11185138>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154040 91177308-0d34-0410-b5e6-96231b3b80d8
* Include the "issue context" (e.g. function or method) where a static ↵Ted Kremenek2012-04-044-1/+74
| | | | | | | | analyzer issue occurred in the plist output. Fixes <rdar://problem/11004527> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154030 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Record the basic blocks covered by the analyzes run.Anna Zaks2012-04-031-0/+1
| | | | | | | | Store this info inside the function summary generated for all analyzed functions. This is useful for coverage stats and can be helpful for analyzer state space search strategies. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix another false positive in RegionStore involving doing loads from ↵Ted Kremenek2012-04-031-0/+16
| | | | | | | | | symbolic offsets. We still don't properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings either. Fixes <rdar://problem/11127008>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.Anna Zaks2012-03-303-0/+39
| | | | | | | | Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add a malloc cpp test file.Anna Zaks2012-03-291-0/+16
| | | | | | | Includes a test from a reported false positive fixed in some earlier commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153702 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Enable retry exhausted without inlining by default.Anna Zaks2012-03-281-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153591 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add an option to re-analyze a dead-end path without inlining.Anna Zaks2012-03-271-0/+94
| | | | | | | | | | | | | | | | | | | | | The analyzer gives up path exploration under certain conditions. For example, when the same basic block has been visited more than 4 times. With inlining turned on, this could lead to decrease in code coverage. Specifically, if we give up inside the inlined function, the rest of parent's basic blocks will not get analyzed. This commit introduces an option to enable re-run along the failed path, in which we do not inline the last inlined call site. This is done by enqueueing the node before the processing of the inlined call site with a special policy encoded in the state. The policy tells us not to inline the call site along the path. This lead to ~10% increase in the number of paths analyzed. Even though we expected a much greater coverage improvement. The option is turned off by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8
* Change RetainCountChecker to eagerly "escape" retained objects when they areTed Kremenek2012-03-272-1/+29
| | | | | | | | | | | | assigned to a struct. This is fallout from inlining results, which expose far more patterns where people stuff CF objects into structs and pass them around (and we can reason about it). The problem is that we don't have a general way to detect when values have escaped, so as an intermediate step we need to eagerly prune out such tracking. Fixes <rdar://problem/11104566>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153489 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Malloc: Allow a pointer to escape through OSAtomicEnqueue.Anna Zaks2012-03-261-0/+11
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153453 91177308-0d34-0410-b5e6-96231b3b80d8
* Avoid applying retain/release effects twice in RetainCountChecker when a ↵Ted Kremenek2012-03-232-2/+33
| | | | | | function call was inlined (i.e., we do not need to apply summaries in such cases). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix static analyzer crash on code taking the address of a field. Fixes PR ↵Ted Kremenek2012-03-221-0/+16
| | | | | | 11146. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153283 91177308-0d34-0410-b5e6-96231b3b80d8
* "Teach" RetainCountChecker about dispatch_set_context, which can indirectly ↵Ted Kremenek2012-03-221-0/+17
| | | | | | free its argument later. Fixes <rdar://problem/11059275>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153244 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Malloc: drop symbols captured by blocks.Anna Zaks2012-03-221-1/+10
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153232 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Malloc: Utter the name of the leaked variable.Anna Zaks2012-03-214-42/+227
| | | | | | | | | | | | | | | Specifically, we use the last store of the leaked symbol in the leak diagnostic. (No support for struct fields since the malloc checker doesn't track those yet.) + Infrastructure to track the regions used in store evaluations. This approach is more precise than iterating the store to obtain the region bound to the symbol, which is used in RetainCount checker. The region corresponds to what is uttered in the code in the last store and we do not rely on the store implementation to support this functionality. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Re-enable the test disabled by r152969.Anna Zaks2012-03-211-1/+1
| | | | | | (The fix was committed in r152982.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153210 91177308-0d34-0410-b5e6-96231b3b80d8
* Add test case for <rdar://problem/10553686>, which illustrates RetainCount ↵Ted Kremenek2012-03-201-0/+26
| | | | | | checker working with inlined C++ template functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153069 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Mark a failed-realloc's result as an interesting symbol between ↵Jordy Rose2012-03-181-226/+350
| | | | | | | | | | | the realloc call and the null check, so we get nicer path notes. Fixes a regression introduced by the diagnostic pruning added in r152361. This is accomplished by calling markInteresting /during/ path diagnostic generation, and as such relies on deterministic ordering of BugReporterVisitors -- namely, that BugReporterVisitors are run in /reverse/ order from how they are added. (Right now that's a consequence of storing visitors in an ImmutableList, where new items are added to the front.) It's a little hacky, but it works for now. I think this is the best we can do without storing the relation between the old and new symbols, and that would be a hit whether or not there ends up being an error. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153010 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Don't claim an object was returned with +1 retain count before ↵Jordy Rose2012-03-171-0/+6
| | | | | | | | | counting autoreleases. Fixes PR10376. (Also, 80-column violations.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152976 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Add test case from PR10794 for using 'new' with Obj-C objects.Jordy Rose2012-03-171-0/+6
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152975 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] This test is breaking windows bots, make it darwin-specific.Anna Zaks2012-03-171-1/+1
| | | | | | | (The plist output does not match the one we expect, specifically we do not detect that the interesting symbol is returned by a call.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152969 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Shorten the stack hint diagnostic.Anna Zaks2012-03-161-10/+11
| | | | | | | Do not display the standard "Returning from 'foo'", when a stack hint is available. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Create symbol-aware stack hints (building upon r152837).Anna Zaks2012-03-161-62/+860
| | | | | | | | | | | | | | | | | | The symbol-aware stack hint combines the checker-provided message with the information about how the symbol was passed to the callee: as a parameter or a return value. For malloc, the generated messages look like this : "Returning from 'foo'; released memory via 1st parameter" "Returning from 'foo'; allocated memory via 1st parameter" "Returning from 'foo'; allocated memory returned" "Returning from 'foo'; reallocation of 1st parameter failed" (We are yet to handle cases when the symbol is a field in a struct or an array element.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
* Fix analyzer crash on analyzing 'catch' with no condition variable.Ted Kremenek2012-03-161-0/+23
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152900 91177308-0d34-0410-b5e6-96231b3b80d8
* Add test case for <rdar://problem/8808566>, which is now fixed by inlining ↵Ted Kremenek2012-03-161-0/+43
| | | | | | support. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152894 91177308-0d34-0410-b5e6-96231b3b80d8
* Include full plist output in FileCheck test.Ted Kremenek2012-03-151-3/+5
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152859 91177308-0d34-0410-b5e6-96231b3b80d8
* Include full plist output in FileCheck test.Ted Kremenek2012-03-151-1470/+1476
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152858 91177308-0d34-0410-b5e6-96231b3b80d8
* Do not truncate expected plist output in FileCheck test.Ted Kremenek2012-03-151-1/+1
| | | | git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152857 91177308-0d34-0410-b5e6-96231b3b80d8
* [analyzer] Allow checkers to supply call stack diagnostic hints for theAnna Zaks2012-03-151-979/+1520
| | | | | | | | | | | | | | | | | | | | | | | | | BugVisitor DiagnosticPieces. When checkers create a DiagnosticPieceEvent, they can supply an extra string, which will be concatenated with the call exit message for every call on the stack between the diagnostic event and the final bug report. (This is a simple version, which could be/will be further enhanced.) For example, this is used in Malloc checker to produce the ", which allocated memory" in the following example: static char *malloc_wrapper() { // 2. Entered call from 'use' return malloc(12); // 3. Memory is allocated } void use() { char *v; v = malloc_wrapper(); // 1. Calling 'malloc_wrappers' // 4. Returning from 'malloc_wrapper', which allocated memory } // 5. Memory is never released; potential memory leak git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
* Reapply r152745 (reverted in 152765) now that compiler-rt is fixed.David Blaikie2012-03-151-1/+1
| | | | | | | | | | | | | | | | | Original commit message: Provide -Wnull-conversion separately from -Wconversion. Like GCC, provide a NULL conversion to non-pointer conversion as a separate flag, on by default. GCC's flag is "conversion-null" which we provide for cross compatibility, but in the interests of consistency (with -Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called -Wnull-conversion. Patch by Lubos Lunak. Review feedback by myself, Chandler Carruth, and Chad Rosier. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152774 91177308-0d34-0410-b5e6-96231b3b80d8
* Revert r152745 as it's breaking the internal buildbots.Chad Rosier2012-03-151-1/+1
| | | | | | | | Abbreviated commit message: Provide -Wnull-conversion separately from -Wconversion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152765 91177308-0d34-0410-b5e6-96231b3b80d8
* Provide -Wnull-conversion separately from -Wconversion.David Blaikie2012-03-141-1/+1
| | | | | | | | | | | | | Like GCC, provide a NULL conversion to non-pointer conversion as a separate flag, on by default. GCC's flag is "conversion-null" which we provide for cross compatibility, but in the interests of consistency (with -Wint-conversion, -Wbool-conversion, etc) the canonical Clang flag is called -Wnull-conversion. Patch by Lubos Lunak. Review feedback by myself, Chandler Carruth, and Chad Rosier. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152745 91177308-0d34-0410-b5e6-96231b3b80d8
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-12 02:47:20 +0000