llvm-svn: 149009

using CFArrayCreate & family.

Specifically, CFArrayCreate's input should be:
'A C array of the pointer-sized values to be in the new array.'

(radar://10717339)

llvm-svn: 149008

Rework flushing of diagnostics to PathDiagnosticConsumer.  Now all the reports are batched up before being flushed
to the underlying consumer implementation.  This allows us to unique reports across analyses to multiple functions (which
shows up with inlining).

llvm-svn: 148997

llvm-svn: 148988

This is accomplished by periodically reclaiming nodes in the graph.  This was an optimization
done before the CFG was linearized, but the CFG linearization destroyed that optimization since each
freshly created node couldn't be reclaimed and we only looked at a window of nodes created between
each ProcessStmt.  This optimization can be reclaimed my merely expanding the window to N number of nodes.

llvm-svn: 148888

llvm-svn: 148844

[analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type.

llvm-svn: 148631

Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).

llvm-svn: 148626

llvm-svn: 148577

llvm-svn: 148566

Reenable DeadStoresChecker under --analyze, and move the IdempotentOperationsChecker to the 'experimental' category.  Fixes <rdar://problem/10146347>.

llvm-svn: 148533

Implement checker that looks for calls to mktemps and friends that have fewer than 6 Xs.  Implements <rdar://problem/6336672>.

llvm-svn: 148531

multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.

llvm-svn: 148525

llvm-svn: 148518

printing.

llvm-svn: 148517

at the given location. 

This could be useful when checkers' logic depends on whether a function
is called with a given macro argument.

llvm-svn: 148516

TaintPropagationRule::process().

Also remove the "should be a pointer argument" warning - should be
handled elsewhere.

llvm-svn: 148372

size (Ex: in malloc, memcpy, strncpy..)

(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)

llvm-svn: 148371

functions.

llvm-svn: 148370

Remove unreachable code in Clang. (replace with llvm_unreachable where appropriate or when GCC requires it)

llvm-svn: 148292

This allows -Wswitch-enum to find switches that need updating when these enums are modified.

llvm-svn: 148281

taint propagation functions.

llvm-svn: 148266

- Add atomic-to/from-nonatomic cast types
- Emit atomic operations for arithmetic on atomic types
- Emit non-atomic stores for initialisation of atomic types, but atomic stores and loads for every other store / load
- Add a __atomic_init() intrinsic which does a non-atomic store to an _Atomic() type.  This is needed for the corresponding C11 stdatomic.h function.
- Enables the relevant __has_feature() checks.  The feature isn't 100% complete yet, but it's done enough that we want people testing it.

Still to do:

- Make the arithmetic operations on atomic types (e.g. Atomic(int) foo = 1; foo++;) use the correct LLVM intrinsic if one exists, not a loop with a cmpxchg.
- Add a signal fence builtin
- Properly set the fenv state in atomic operations on floating point values
- Correctly handle things like _Atomic(_Complex double) which are too large for an atomic cmpxchg on some platforms (this requires working out what 'correctly' means in this context)
- Fix the many remaining corner cases

llvm-svn: 148242

llvm-svn: 148229

data.

llvm-svn: 148176

radar://10686991

llvm-svn: 148081

llvm-svn: 148080

looking up value at a CodeTextRegion even when the type is not provided.

llvm-svn: 148079

llvm-svn: 148078

[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth.  The analyzer can now accurately simulate factorial for limited depths.

llvm-svn: 148036

+ all the other Retrieve..() methods + a comment for ElementRegion.

llvm-svn: 148011

To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.

Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.

llvm-svn: 148010

the common *alloc functions as well as a few tiny wibbles (adds a note
to CWE/CERT advisory numbers in the bug output, and fixes a couple
80-column-wide violations.)"

Patch by Austin Seipp!

llvm-svn: 147931

Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls.
My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders
and re-evaluating how C++ calls are handled in the CFG.  The hope is to turn inlining "on-by-default" as soon as possible
with a core set of things working well, and then expand over time.

llvm-svn: 147904

llvm-svn: 147854

llvm-svn: 147744

A patch by Dmitri Gribenko!

The attached patch fixes a use-after-free in AnalysisConsumer::HandleTranslationUnit.  The problem is that
BugReporter's destructor runs after AnalysisManager has been already
deleted.  The fix introduces a scope to force correct destruction
order.

A crash happens only when reports have been added in AnalysisConsumer::HandleTranslationUnit's BugReporter. We don't have such checkers in clang so no test.

llvm-svn: 147732

We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.

llvm-svn: 147714

This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later.

llvm-svn: 147705

llvm-svn: 147698