Commits · 41bbd51c33f6777e22d088363dbd5cd6ec6ce65a · Roger Ferrer / llvm-epi-0.8

Jun 26, 2009

Introduce a new concept to the static analyzer: SValuator. · 1642bdaa

Ted Kremenek authored Jun 26, 2009

GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.

llvm-svn: 74229

1642bdaa

Jun 25, 2009
- Remove uses of std::ostream from libAnalysis. · 799bb6e1
  Ted Kremenek authored Jun 24, 2009
```
llvm-svn: 74136
```
  799bb6e1
Jun 23, 2009
- Move all factory methods from SVal to ValueManager. API cleanup! · 7718ae47
  Zhongxing Xu authored Jun 23, 2009
```
llvm-svn: 73954
```
  7718ae47
- Split ValueManager method definitions into its own source file. · 0808f709
  Zhongxing Xu authored Jun 23, 2009
```
No functionality change.

llvm-svn: 73952
```
  0808f709
- ValueManager::makeNonLoc -> ValueManager::makeIntVal · d09b5205
  Zhongxing Xu authored Jun 23, 2009
```
Clean up code with ValueManager.

llvm-svn: 73951
```
  d09b5205
- Instead of setting the default value of the array region, bind the rest of the · b7cf9595
  Zhongxing Xu authored Jun 23, 2009
```
array elements to 0 explicitly. Create 0 values with the element type.

llvm-svn: 73946
```
  b7cf9595
Jun 19, 2009
- A further step of r73690: associate the cast-to type with the created symbol, · 54fb536b
  Zhongxing Xu authored Jun 19, 2009
```
because the type of the symbol is used to create the default range. We need the
sign to be consistent.

llvm-svn: 73756
```
  54fb536b
- Move clients over from using GRStateManager::BindXXX and friends to · 095f1a98
  Ted Kremenek authored Jun 18, 2009
```
GRState->bindXXX and friends (and constify some arguments along the way).

llvm-svn: 73740
```
  095f1a98
Jun 18, 2009

When casting region, if we do not create an element region, record the cast-to · cea65780

Zhongxing Xu authored Jun 18, 2009

type. 

When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.

llvm-svn: 73690

cea65780

May 12, 2009

Add logic for invalidating array region to CFRefCount.cpp. When invalidating · 08a2ede0

Zhongxing Xu authored May 12, 2009

array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.

Also fix some 80 columns violations.

llvm-svn: 71548

08a2ede0

May 09, 2009

Rename: · 91e2ab49

Zhongxing Xu authored May 09, 2009

  SymbolRegionRValue => SymbolRegionValue
  SymExpr::RegionRValue => SymExpr::RegionValueKind

llvm-svn: 71322

91e2ab49

As discussed with Ted, rename TypedRegion::getObjectType() to · 34d04b3c
Zhongxing Xu authored May 09, 2009
```
TypedRegion::getValueType().

llvm-svn: 71321
```
34d04b3c

rename: MemRegion: · 8038f7b3

Zhongxing Xu authored May 09, 2009

 RValueType => ObjectType
 LValueType => LocationType

No functionality change.

llvm-svn: 71304

8038f7b3

May 04, 2009
- Rename 'makeZeroIndex' to 'makeZeroArrayIndex'. · d795b02b
  Ted Kremenek authored May 04, 2009
```
llvm-svn: 70865
```
  d795b02b
- array indexes are unsigned integers of the same width as pointer. · 6ebde279
  Zhongxing Xu authored May 04, 2009
```
no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.

llvm-svn: 70844
```
  6ebde279
Apr 21, 2009
- Use 'getAs<CodeTextRegion>' instead of 'dyn_cast<CodeTextRegion>' to handle any · 30fb341f
  Ted Kremenek authored Apr 21, 2009
```
layered regions.

llvm-svn: 69686
```
  30fb341f
Apr 20, 2009
- Remove loc::FuncVal. · 30702103
  Zhongxing Xu authored Apr 20, 2009
```
llvm-svn: 69577
```
  30702103
- get a CodeTextRegion when visiting FunctionDecl reference. · ac129431
  Zhongxing Xu authored Apr 20, 2009
```
get FunctionDecl with more general utility method.

llvm-svn: 69570
```
  ac129431
- As we now have ValueManager as the new value factory, we do not need factory · 23e1f456
  Zhongxing Xu authored Apr 20, 2009
```
methods of SVal.

llvm-svn: 69565
```
  23e1f456
Apr 11, 2009

Implement analyzer support for OSCompareAndSwap. This required pushing "tagged" · df24000d

Ted Kremenek authored Apr 11, 2009

ProgramPoints all the way through to GRCoreEngine.

NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.

llvm-svn: 68845

df24000d

Apr 10, 2009
- Move a few more NonLoc static functions to ValueManager. · ffe4ad67
  Ted Kremenek authored Apr 10, 2009
```
llvm-svn: 68800
```
  ffe4ad67
- Add prototype for CodeTextRegion. · 1aced0c9
  Zhongxing Xu authored Apr 10, 2009
```
A CodeTextRegion wraps two kinds of data: FunctionDecl* or SymbolRef. 
The latter comes from the symbolic function pointer that are generated from
function calls or input data.

llvm-svn: 68777
```
  1aced0c9
- Finally nuke loc::SymbolVal. · dadf2505
  Zhongxing Xu authored Apr 10, 2009
```
llvm-svn: 68771
```
  dadf2505
- - Move ownership of MemRegionManager into ValueManager. · f2489ea0
  Ted Kremenek authored Apr 09, 2009
```
- Pull SVal::GetConjuredSymbol() and friends into ValueManager. This greatly
simplifies the calling interface to clients.

llvm-svn: 68731
```
  f2489ea0
Apr 09, 2009
- Remove SVal::MakeZero and replace it with ValueManager::makeZeroVal. · f8cb51c2
  Ted Kremenek authored Apr 09, 2009
```
llvm-svn: 68711
```
  f8cb51c2
- stop using loc::SymbolVal and clean up code with new API. · 7e9c1933
  Zhongxing Xu authored Apr 09, 2009
```
llvm-svn: 68703
```
  7e9c1933
- Add a new method because sometimes the type of the conjured symbol is not the · 9410d7ee
  Zhongxing Xu authored Apr 09, 2009
```
type of the expression where we create the symbol.

llvm-svn: 68692
```
  9410d7ee
- Create a symbolic region instead of a loc::SymbolVal. This is a continued step · cb5d3ced
  Zhongxing Xu authored Apr 09, 2009
```
to eliminate the use of loc::SymbolVal.

llvm-svn: 68685
```
  cb5d3ced
Apr 08, 2009

Enhance analyzer reasoning about sending messages to nil. A nil receiver... · 5451c60f

Ted Kremenek authored Apr 08, 2009

Enhance analyzer reasoning about sending messages to nil.  A nil receiver returns 0 for scalars of size <= sizeof(void*).

llvm-svn: 68629

5451c60f

Apr 03, 2009

This is the first step to gradually remove the use of loc::SymbolVal. Now · ec7e7dfe

Zhongxing Xu authored Apr 03, 2009

when creating symbolic values, we distinguish between location and non-location
values. For location values, we create a symbolic region instead of a
loc::SymbolVal.

llvm-svn: 68373

ec7e7dfe

Mar 30, 2009
- Remove dead code. · 3cd88e5d
  Ted Kremenek authored Mar 30, 2009
```
llvm-svn: 68063
```
  3cd88e5d
Mar 26, 2009

analyzer infrastructure: make a bunch of changes to symbolic expressions that · 3e31c26f

Ted Kremenek authored Mar 26, 2009

Zhongxing and I discussed by email.

Main changes:
- Removed SymIntConstraintVal and SymIntConstraint
- Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr
- Added nonloc::SymExprVal to wrap SymExpr
- SymbolRef is now just a typedef of 'const SymbolData*'
- Bunch of minor code cleanups in how some methods were invoked (no functionality change)

This changes are part of a long-term plan to have full symbolic expression
trees. This will be useful for lazily evaluating complicated expressions.

llvm-svn: 67731

3e31c26f

Mar 25, 2009

This patch adds two more SymbolData subclasses: SymIntExpr and SymSymExpr, for · 24e7eade

Zhongxing Xu authored Mar 25, 2009

representing symbolic expressions like 'x'+3 and 'x'+'y'. The design is
subjected to change later when we fix the class hierarchy of symbolic
expressions.

llvm-svn: 67678

24e7eade

Mar 20, 2009

GRExprEngine: · 6b31533a

Ted Kremenek authored Mar 20, 2009

- Conjure symbols at '--' and '++' unary operations
- Add utility method SVal::GetConjuredSymbolVal() and constify some arguments
  along the way.

llvm-svn: 67395

6b31533a

Mar 18, 2009

Fix crash reported in <rdar://problem/6695527 >. We now have · b36e01d8

Ted Kremenek authored Mar 18, 2009

SVal::GetRValueSymbolVal do the checking if we can symbolicate a type instead of
having BasicStoreManager do it (which wasn't always doing the check
consistently). Having this check in SVal::GetRValueSymbolVal keeps the check in
one centralized place.

llvm-svn: 67245

b36e01d8

Mar 10, 2009
- Remove some now-unneeded calls to llvm::errs().flush(). · 4095d895
  Daniel Dunbar authored Mar 10, 2009
```
llvm-svn: 66555
```
  4095d895
Mar 03, 2009

Rework use of loc::SymbolVal in the retain/release checker to use the new method · c9747dd6

Ted Kremenek authored Mar 03, 2009

SVal::getAsLocSymbol(). This simplifies the code and allows the retain/release
checker to (I believe) also correctly reason about location symbols wrapped in
SymbolicRegions.

Along the way I cleaned up SymbolRef a little, disallowing implicit casts to
'unsigned'.

llvm-svn: 65972

c9747dd6

Fix case where we should use dyn_cast instead of cast. · e3852bd2
Ted Kremenek authored Mar 03, 2009
```
llvm-svn: 65956
```
e3852bd2

Jan 30, 2009

Fix a couple bugs: · 7594e2a5

Ted Kremenek authored Jan 30, 2009

- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
  ASTContext for the size (in bits) of 'int'. While it worked, it was a
  conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
  type "ConstantArray", and handles the case when uses use ordinary variables
  as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
  "array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>

llvm-svn: 63347

7594e2a5

Jan 22, 2009

Static analyzer: Remove a bunch of outdated SymbolData objects and · 74040833

Ted Kremenek authored Jan 22, 2009

their associated APIs.  We no longer need separate SymbolData objects
for fields, variables, etc.  Instead, we now associated symbols with
the "rvalue" of a MemRegion (i.e., the value stored at that region).
Now we only have two kinds of SymbolData objects: SymbolRegionRValue
and SymbolConjured.

This cleanup also makes the distinction between a SymbolicRegion and a
symbolic value that is a location much clearer.  A SymbolicRegion
represents a chunk of symbolic memory, while a symbolic location is
just a "pointer" with different possible values.  Without any specific
knowledge, a symbolic location resolves (i.e., via a dereference) to a
SymbolicRegion.  In the future, when we do better alias reasoning, a
symbolic location can become an alias for another location, thus
merging the constraints on the referred SymbolicRegion with the other
region.

llvm-svn: 62769

74040833