[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.

llvm-svn: 133154

I will not commit without building first.
I will not commit without building first.
I will not commit without building first...

llvm-svn: 133150

[analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy.

llvm-svn: 133149

- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.

This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.

This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!

llvm-svn: 133046

[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.

llvm-svn: 133044

llvm-svn: 132956

[analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.

llvm-svn: 132955

llvm-svn: 132618

[analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.

llvm-svn: 132617

llvm-svn: 132614

llvm-svn: 132608

llvm-svn: 132607

llvm-svn: 132605

Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.

llvm-svn: 130758

Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors.  This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.

llvm-svn: 130711

Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().

llvm-svn: 130708

Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.

llvm-svn: 130425

Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.

This fixes Bugzilla #9806.

llvm-svn: 130422

llvm-svn: 130398

Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.

llvm-svn: 130161

Luis Felipe Strano Moraes!

llvm-svn: 129559

This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. 

llvm-svn: 129364

Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.

llvm-svn: 129215

Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.

llvm-svn: 128677

llvm-svn: 126726

llvm-svn: 126350

llvm-svn: 126188

llvm-svn: 126187

llvm-svn: 125777

llvm-svn: 125724

   CStringChecker
   ChrootChecker
   MallocChecker
   PthreadLockChecker
   StreamChecker
   UnreachableCodeChecker

MallocChecker creates implicit dependencies between checkers and needs to be handled differently.

llvm-svn: 125598

llvm-svn: 125395

Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.

This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

llvm-svn: 125251

[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.h

llvm-svn: 125122

with a lower-case letter.  No functionality change.

llvm-svn: 123211

layout.  :)

Rename the 'EntoSA' directories to 'StaticAnalyzer'.

Internally we will still use the 'ento' namespace
for the analyzer engine (unless there are further
sabre rattlings...).

llvm-svn: 122514

update Makefile.

llvm-svn: 122493

llvm-svn: 122492

llvm-svn: 122424

llvm-svn: 122423