mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-05-13 20:06:05 +00:00
Code Issues Projects Releases Wiki Activity
41,177 Commits 1,258 Branches 288 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
Ted Kremenek
5668972630 End paths when calling a function marked "noreturn." 
llvm-svn: 47690
 2008-02-27 20:43:44 +00:00
Ted Kremenek
fef05fae67 Small tweaks to the transfer function for DeclStmt: do not mark external global 
variables as uninitialized, and only "initialize" static function variables.

llvm-svn: 47683
 2008-02-27 19:21:33 +00:00
Ted Kremenek
cbb21b61c8 Small fix to VisitLVal: this method can be called on Block-Level expressions. 
In such cases, handle them just like Visit().

llvm-svn: 47665
 2008-02-27 07:04:16 +00:00
Ted Kremenek
1c64daba5b When analyzing a function, eagerly create symbolic values for all 
globals/parameters at the beginning of the analysis.

llvm-svn: 47664
 2008-02-27 06:47:26 +00:00
Ted Kremenek
c025841dd4 Header file cleanups: reduce number of includes; move ValueState.h into include directory tree. 
llvm-svn: 47661
 2008-02-27 06:07:00 +00:00
Ted Kremenek
947528f000 Similar bug fix to r47650; when processing CallExprs if we did not generate an 
ExplodedNode for the Callee subexpression we would not evaluate the CallExpr
transfer function.

llvm-svn: 47651
 2008-02-27 00:46:25 +00:00
Ted Kremenek
76a2e985c3 Fixed bug in the core transfer function logic for CallExprs where we would 
sometimes skip evaluating all the arguments when some arguments would not
create new ExplodedNodes.

llvm-svn: 47650
 2008-02-27 00:44:11 +00:00
Ted Kremenek
6217dffec3 Fix bug when processing '?' operator: invalidate the old "Uninitialized" value of the block-level expression for ?. 
llvm-svn: 47645
 2008-02-26 23:37:01 +00:00
Ted Kremenek
dea8c07899 Don't emit divide-by-zero errors when we divide by an unknown (not 
uninitialized) value. At this point we're just too imprecise.

llvm-svn: 47636
 2008-02-26 22:27:51 +00:00
Ted Kremenek
e9f30d3288 Removed static analysis-specific diagnostics from DiagnosticKinds.def. 
Use custom diagnostics for static analysis checkers.  Added warnings
for dereferencing uninitialized values and divide-by-zeroes.

llvm-svn: 47626
 2008-02-26 21:31:18 +00:00
Ted Kremenek
bc54390803 Small fixes to shore up overhauling of transfer function logic for '&&' and '||. 
llvm-svn: 47620
 2008-02-26 19:40:44 +00:00
Ted Kremenek
9b69ed398b optimization: no longer create ExplodedNodes for IntegerLiteral and 
CharacterLiteral expressions.

llvm-svn: 47617
 2008-02-26 19:17:09 +00:00
Ted Kremenek
f3a4b9617e Major cleanup of the transfer function logic for '&&', '||', and '?'. We 
now store in the state essentially which branch we took.  This removes
a bunch of bogus assumptions (and likely bugs), reduces the complexity of
the implementation, and facilitates more optimizations.

llvm-svn: 47613
 2008-02-26 19:05:15 +00:00
Ted Kremenek
ce3563445c Fixed inverted condition. 
llvm-svn: 47590
 2008-02-26 03:44:25 +00:00
Ted Kremenek
06b671097d Added lazy "symbolication" of parameter variables and global variables. 
Added recording of divide-by-zero and divide-by-uninitialized nodes.

llvm-svn: 47586
 2008-02-26 02:15:56 +00:00
Ted Kremenek
733f810600 Added FIXME. 
llvm-svn: 47578
 2008-02-26 00:20:52 +00:00
Ted Kremenek
3a6fd9c177 Better handling of calls to functions via function pointers. 
llvm-svn: 47562
 2008-02-25 21:16:03 +00:00
Ted Kremenek
3866746569 Expanded transfer function support for divide-by-zero checking to include 
"remainder-by-zero" checking (operator '%').

llvm-svn: 47549
 2008-02-25 18:42:54 +00:00
Ted Kremenek
6f92e2294a Added transfer function support for checking for divide-by-zero errors. 
llvm-svn: 47547
 2008-02-25 17:51:31 +00:00
Ted Kremenek
cb507025d4 Added "assumption" logic for lval::FuncVal and lval::GotoLabel, and simplified 
assumption logic for lval::DeclVal.

llvm-svn: 47466
 2008-02-22 00:54:56 +00:00
Ted Kremenek
51017b5432 Bug fix: For transfer function for unary "!", compare the subexpression value 
against '0' of the same bit-width.

llvm-svn: 47465
 2008-02-22 00:42:36 +00:00
Ted Kremenek
9f1ed12bc4 Added transfer function support for dispatching to functions we don't know 
about.  The default logic is to invalidate the values of all values
passed-by-reference.

llvm-svn: 47456
 2008-02-21 19:46:04 +00:00
Ted Kremenek
7328fa6ec8 Regression fix: Handle pointer arithmetic in unary ++/--. 
llvm-svn: 47449
 2008-02-21 19:29:23 +00:00
Ted Kremenek
7f8ebb73af Removed bogus assertions regard LValues binding to UnknownVal; they can 
do so implicitly.

llvm-svn: 47447
 2008-02-21 19:15:37 +00:00
Ted Kremenek
b1e3218125 FIX: Promote the correct operand. 
llvm-svn: 47445
 2008-02-21 18:46:24 +00:00
Ted Kremenek
7e4861b3c1 Simplified and generalized transfer function logic for casts, allowing 
the transfer function to be invoked without an Expr* for the Cast operation.

Added implicit promotions to the transfer function logic for compound
assignments.

llvm-svn: 47444
 2008-02-21 18:43:30 +00:00
Ted Kremenek
d2332f9625 Added transfer function support for sizeof(void) 
llvm-svn: 47443
 2008-02-21 18:15:29 +00:00
Ted Kremenek
7f0639b039 Major cleanup of path-sensitive analysis engine and the current analysis 
based on constant. prop. and limited symbolics.

- Renamed class: RValue -> RVal, LValue -> LVal, etc.
- Minor method renamings and interface cleanups.
- Tightened the RVal "type system" so that UninitializedVal and UnknownVal
  cannot be cast to LVal or NonLVal.  This forces these corner cases values
  to be explicitly handled early before being dispatched to plug-in transfer
  function logic.
- Major cleanup in the transfer function logic for binary and unary operators.
  Still fixing some regressions, but we now explicitly handle Uninitialized
  and Unknown values in a more rigorous way.

llvm-svn: 47441
 2008-02-21 18:02:17 +00:00
Ted Kremenek
34e83b80fd Implemented transfer function logic for unary '+' 
llvm-svn: 47357
 2008-02-20 04:12:31 +00:00
Ted Kremenek
b597bb9c4a Placed transfer function logic for dereferences in its own method, while at 
the same time clearing up some logic of how the unary '*' operator is processed.

llvm-svn: 47356
 2008-02-20 04:02:35 +00:00
Ted Kremenek
9c08512656 Added special handling for UninitializedVals for the transfer function logic 
for pointer dereferences.

llvm-svn: 47340
 2008-02-19 20:53:06 +00:00
Ted Kremenek
9fd2531b5e Fixed transfer function for casts to always evaluate the effects of the 
cast's subexpression even if the cast itself has no effect.

llvm-svn: 47335
 2008-02-19 18:52:54 +00:00
Ted Kremenek
fe0b5740ce Added transfer function support for casting to "void". 
llvm-svn: 47333
 2008-02-19 18:47:04 +00:00
Ted Kremenek
8b51dc2754 Added back explicit state/node creation when visiting IntegerLiterals and 
CharacterLiterals.  This may not be a permanent solution; it doesn't cost that
much, however, to create a few additional states, and solves a whole bunch
of edge cases when handling ?, ||, and &&.

llvm-svn: 47299
 2008-02-19 02:01:16 +00:00
Ted Kremenek
e0188e6ad7 Added boilerplate transfer function support for CallExprs. 
llvm-svn: 47298
 2008-02-19 01:44:53 +00:00
Ted Kremenek
58cc30b64b Added FIXME for properly handling local arrays using symbolic LValues. 
For now we just treat their values as "Unknown."

llvm-svn: 47294
 2008-02-19 00:29:51 +00:00
Ted Kremenek
0f7130adc4 --grsimple now reports the number of nodes in the ExplodedGraph for 
an analyzed function.

GRExprEngine now records stores to "uninitialized lvalues" (which are sinks in
the ExplodedGraph).

llvm-svn: 47293
 2008-02-19 00:22:37 +00:00
Ted Kremenek
346169fa3d Added more assertions and checks in transfer function logic to check for 
UninitializedVals and UnknownVals.

llvm-svn: 47288
 2008-02-18 22:57:02 +00:00
Ted Kremenek
6698cb8aa3 Refactored code for transfer functions for binary operators involving two LValues. 
Fixed bug in transfer functions for sizeof(*); we were incorrectly evaluating to
a value of the wrong type.

Fixed bug in transfer functions for compound assignments where we did not properly
handle assignments involving dereferences of symbolic values.

llvm-svn: 47190
 2008-02-15 23:15:23 +00:00
Ted Kremenek
8db4b110c3 Added transfer function support for conditional branches with a NULL condition (e.g., "for(;;)"). 
Fixed bug in transfer function for compound assignment operators when both operands where variables but had a non-pointer type (we fired an assertion).

llvm-svn: 47184
 2008-02-15 22:29:00 +00:00
Ted Kremenek
e81734b01c Simplified transfer function logic for ++/-- operators. 
Added more boilerplate transfer function support for pointer arithmetic.
Added more pretty-printing support for symbolic constraints.
Added transfer function support for handling enum values.
Minor pointer types cleanup in ExplodedGraphImpl.

llvm-svn: 47183
 2008-02-15 22:09:30 +00:00
Eli Friedman
783a5c262b Remove unnecessary references to VariableArrayType from Analysis. 
llvm-svn: 47157
 2008-02-15 12:28:27 +00:00
Ted Kremenek
bc0ba39a1e Added boilerplate transfer function support for pointer arithmetic operations. 
llvm-svn: 47147
 2008-02-15 00:52:26 +00:00
Ted Kremenek
5b70a22656 When visualizing ExplodedNodes created by GRExprEngine, color nodes with 
null-dereferences or bad control-flow red.

llvm-svn: 47140
 2008-02-14 22:54:53 +00:00
Ted Kremenek
d3122cb83c Renamed GRConstants => GRSimpleVals. 
Moved driver logic for --grsimple to GRSimpleVals.cpp.

llvm-svn: 47137
 2008-02-14 22:36:46 +00:00
Ted Kremenek
bd8957b6b2 #include cleanups in GRExprEngine.cpp/GRExprEngine.h. Moved GRExprEngine to 
clang namespace.

llvm-svn: 47136
 2008-02-14 22:16:04 +00:00
Ted Kremenek
64de207c52 Partitioned definition/implementation of GRExperEngine into .h and .cpp. 
Still some cleanup to do, but this initial checkin compiles and runs correctly.

llvm-svn: 47135
 2008-02-14 22:13:12 +00:00
Ted Kremenek
cf7cf8e8b0 Migrated transfer functions for binary operators for simple value tracking 
from RValues to GRTransferFuncs/GRSimpleVals.

llvm-svn: 47131
 2008-02-14 19:37:24 +00:00
Ted Kremenek
4bad8f7ad6 Migrated transfer functions for unary "~" and "-" to GRTransferFuncs/GRSimpleVals. 
llvm-svn: 47126
 2008-02-14 18:40:24 +00:00
Ted Kremenek
3ca942969e Started partitioning of transfer function logic (and thus the policy behind 
these operations) into GRTransferFuncs and its subclasses.  Originally all
of this logic was handled by the class RValue, but in reality different
analyses will want more flexibility on how they evaluate different values.

Transfer functions migrated so far: "Cast"

llvm-svn: 47125
 2008-02-14 18:28:23 +00:00