[cfe-commits] r47626 - in /cfe/trunk: Analysis/GRExprEngine.cpp Analysis/GRSimpleVals.cpp include/clang/Analysis/PathSensitive/GRExprEngine.h include/clang/Basic/DiagnosticKinds.def
Ted Kremenek
kremenek at apple.com
Tue Feb 26 13:31:18 PST 2008
Author: kremenek
Date: Tue Feb 26 15:31:18 2008
New Revision: 47626
URL: http://llvm.org/viewvc/llvm-project?rev=47626&view=rev
Log:
Removed static analysis-specific diagnostics from DiagnosticKinds.def.
Use custom diagnostics for static analysis checkers. Added warnings
for dereferencing uninitialized values and divide-by-zeroes.
Modified:
cfe/trunk/Analysis/GRExprEngine.cpp
cfe/trunk/Analysis/GRSimpleVals.cpp
cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
cfe/trunk/include/clang/Basic/DiagnosticKinds.def
Modified: cfe/trunk/Analysis/GRExprEngine.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRExprEngine.cpp?rev=47626&r1=47625&r2=47626&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRExprEngine.cpp (original)
+++ cfe/trunk/Analysis/GRExprEngine.cpp Tue Feb 26 15:31:18 2008
@@ -1545,7 +1545,8 @@
GraphPrintCheckerState->isExplicitNullDeref(N) ||
GraphPrintCheckerState->isUninitDeref(N) ||
GraphPrintCheckerState->isUninitStore(N) ||
- GraphPrintCheckerState->isUninitControlFlow(N))
+ GraphPrintCheckerState->isUninitControlFlow(N) ||
+ GraphPrintCheckerState->isBadDivide(N))
return "color=\"red\",style=\"filled\"";
return "";
@@ -1586,6 +1587,9 @@
else if (GraphPrintCheckerState->isUninitStore(N)) {
Out << "\\|Store to Uninitialized LVal.";
}
+ else if (GraphPrintCheckerState->isBadDivide(N)) {
+ Out << "\\|Divide-by zero or uninitialized value.";
+ }
break;
}
Modified: cfe/trunk/Analysis/GRSimpleVals.cpp
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/Analysis/GRSimpleVals.cpp?rev=47626&r1=47625&r2=47626&view=diff
==============================================================================
--- cfe/trunk/Analysis/GRSimpleVals.cpp (original)
+++ cfe/trunk/Analysis/GRSimpleVals.cpp Tue Feb 26 15:31:18 2008
@@ -19,6 +19,27 @@
using namespace clang;
namespace clang {
+
+template <typename ITERATOR>
+static void EmitWarning(Diagnostic& Diag, SourceManager& SrcMgr,
+ ITERATOR I, ITERATOR E, const char* msg) {
+
+ bool isFirst;
+ unsigned ErrorDiag;
+
+ for (; I != E; ++I) {
+
+ if (isFirst) {
+ isFirst = false;
+ ErrorDiag = Diag.getCustomDiagID(Diagnostic::Warning, msg);
+ }
+
+ const PostStmt& L = cast<PostStmt>((*I)->getLocation());
+ Expr* Exp = cast<Expr>(L.getStmt());
+
+ Diag.Report(FullSourceLoc(Exp->getExprLoc(), SrcMgr), ErrorDiag);
+ }
+}
unsigned RunGRSimpleVals(CFG& cfg, FunctionDecl& FD, ASTContext& Ctx,
Diagnostic& Diag, bool Visualize) {
@@ -32,18 +53,29 @@
CheckerState->setTransferFunctions(GRSV);
// Execute the worklist algorithm.
- Engine.ExecuteWorkList(10000);
+ Engine.ExecuteWorkList(20000);
- // Look for explicit-Null dereferences and warn about them.
- for (GRExprEngine::null_iterator I=CheckerState->null_begin(),
- E=CheckerState->null_end(); I!=E; ++I) {
-
- const PostStmt& L = cast<PostStmt>((*I)->getLocation());
- Expr* Exp = cast<Expr>(L.getStmt());
-
- Diag.Report(FullSourceLoc(Exp->getExprLoc(), Ctx.getSourceManager()),
- diag::chkr_null_deref_after_check);
- }
+ SourceManager& SrcMgr = Ctx.getSourceManager();
+
+ EmitWarning(Diag, SrcMgr,
+ CheckerState->null_derefs_begin(),
+ CheckerState->null_derefs_end(),
+ "NULL pointer is dereferenced after it is checked for NULL.");
+
+ EmitWarning(Diag, SrcMgr,
+ CheckerState->uninit_derefs_begin(),
+ CheckerState->uninit_derefs_end(),
+ "Dereference of uninitialized value.");
+
+ EmitWarning(Diag, SrcMgr,
+ CheckerState->uninit_derefs_begin(),
+ CheckerState->uninit_derefs_end(),
+ "Dereference of uninitialized value.");
+
+ EmitWarning(Diag, SrcMgr,
+ CheckerState->bad_divides_begin(),
+ CheckerState->bad_divides_end(),
+ "Division by zero/uninitialized value.");
#ifndef NDEBUG
if (Visualize) CheckerState->ViewGraph();
Modified: cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h?rev=47626&r1=47625&r2=47626&view=diff
==============================================================================
--- cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h (original)
+++ cfe/trunk/include/clang/Analysis/PathSensitive/GRExprEngine.h Tue Feb 26 15:31:18 2008
@@ -117,7 +117,7 @@
typedef llvm::SmallPtrSet<NodeTy*,5> UninitStoresTy;
typedef llvm::SmallPtrSet<NodeTy*,5> BadDerefTy;
- typedef llvm::SmallPtrSet<NodeTy*,5> DivZerosTy;
+ typedef llvm::SmallPtrSet<NodeTy*,5> BadDividesTy;
/// UninitStores - Sinks in the ExplodedGraph that result from
/// making a store to an uninitialized lvalue.
@@ -137,7 +137,7 @@
/// BadDivides - Nodes in the ExplodedGraph that result from evaluating
/// a divide-by-zero or divide-by-uninitialized.
- DivZerosTy BadDivides;
+ BadDividesTy BadDivides;
bool StateCleaned;
@@ -198,9 +198,17 @@
return N->isSink() && BadDivides.count(const_cast<NodeTy*>(N)) != 0;
}
- typedef BadDerefTy::iterator null_iterator;
- null_iterator null_begin() { return ExplicitNullDeref.begin(); }
- null_iterator null_end() { return ExplicitNullDeref.end(); }
+ typedef BadDerefTy::iterator null_deref_iterator;
+ null_deref_iterator null_derefs_begin() { return ExplicitNullDeref.begin(); }
+ null_deref_iterator null_derefs_end() { return ExplicitNullDeref.end(); }
+
+ typedef BadDerefTy::iterator uninit_deref_iterator;
+ uninit_deref_iterator uninit_derefs_begin() { return UninitDeref.begin(); }
+ uninit_deref_iterator uninit_derefs_end() { return UninitDeref.end(); }
+
+ typedef BadDividesTy::iterator bad_divide_iterator;
+ bad_divide_iterator bad_divides_begin() { return BadDivides.begin(); }
+ bad_divide_iterator bad_divides_end() { return BadDivides.end(); }
/// ProcessStmt - Called by GRCoreEngine. Used to generate new successor
/// nodes by processing the 'effects' of a block-level statement.
Modified: cfe/trunk/include/clang/Basic/DiagnosticKinds.def
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Basic/DiagnosticKinds.def?rev=47626&r1=47625&r2=47626&view=diff
==============================================================================
--- cfe/trunk/include/clang/Basic/DiagnosticKinds.def (original)
+++ cfe/trunk/include/clang/Basic/DiagnosticKinds.def Tue Feb 26 15:31:18 2008
@@ -966,11 +966,4 @@
DIAG(ext_return_has_expr, EXTENSION,
"void function '%0' should not return a value")
-//===----------------------------------------------------------------------===//
-// Static Analysis Warnings (Bug-Finding)
-//===----------------------------------------------------------------------===//
-
-DIAG(chkr_null_deref_after_check, ERROR,
- "NULL pointer is dereferenced after it is checked for NULL.")
-
#undef DIAG
More information about the cfe-commits
mailing list