Anna Zaks [Wed, 16 Nov 2011 19:58:17 +0000 (19:58 +0000)]
[analyzer] Catch the first taint propagation implied buffer overflow.
Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.
+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...
Anna Zaks [Wed, 16 Nov 2011 19:58:10 +0000 (19:58 +0000)]
[analyzer] Adding basic building blocks for taint propagation.
TaintTag.h will contain definitions of different taint kinds and their properties.
TaintManager will be responsible for implementing taint specific operations, storing taint.
ProgramState will provide API to add/remove taint.
Anna Zaks [Wed, 16 Nov 2011 19:57:55 +0000 (19:57 +0000)]
[analyzer] Factor getCalleeName to the checker context.
many checkers are trying to get a name of the callee when visiting
a CallExpr, so provide a convenience API.
Chandler Carruth [Wed, 16 Nov 2011 19:29:07 +0000 (19:29 +0000)]
Stop claiming that Visual Studio 2005 is a viable basis for building
Clang. It isn't any more, and we're not going to twist the code around
to make it work.
Douglas Gregor [Wed, 16 Nov 2011 17:04:00 +0000 (17:04 +0000)]
When building a module from a module map that isn't simply an umbrella
header, create our own in-memory buffer to parse all of the
appropriate headers, and use that to build the module. This isn't
end-to-end testable yet; that's coming next.
Richard Smith [Wed, 16 Nov 2011 07:18:12 +0000 (07:18 +0000)]
Fix PR11385: A pointer constant expression which has been cast via an integer is
not safely derived. Don't allow lvalue-to-rvalue conversions on the result of
dereferencing such a pointer.
[libclang] Indexing API: fill the objc category info for a category implementation and
do not crash if no client container is registered for a declaration context.
Chad Rosier [Tue, 15 Nov 2011 18:57:32 +0000 (18:57 +0000)]
Fix a regression from 143657. The second pass of the warning options should only be emitting
warnings/errors for unknown warning options. getDiagnosticsInGroup returns false if the
diagnostics is found and true otherwise. Thus, if we're reporting and we have a valid
diagnostic, we were actually setting the flag and causing mayhem.
rdar://10444207
Douglas Gregor [Tue, 15 Nov 2011 15:29:30 +0000 (15:29 +0000)]
Teach the CFG builder how to properly destroy temporaries who
lifetimes have been extended via reference binding. The type of the
reference and the type of the temporary are not necessarily the same,
which could cause a crash. Fixes <rdar://problem/10398199>.
[PCH] When serializing an PseudoObjectExpr or AtomicExpr, the serialization code must be set
otherwise it will crash with asserts on or it will be written as null pointer.
[libclang] Indexing API: Pass an implicit ObjCInterfaceDecl (@implementation without @interface)
in a separate indexing callback than its implementation.
Ted Kremenek [Mon, 14 Nov 2011 23:51:37 +0000 (23:51 +0000)]
Fix potential memory leak for clients of clang_getOverriddenCursors(). If the number of overriden cursors is 0, do not allocate an array of CXCursors. This fixes a memory leak in c-index-test, and clients who use this API in a similar way.
Don't track depfiles as result files which need to be cleaned up on failure.
This is a partial revert of r143846. While cleaning up after a crash is
probably a good idea, we were also deleting .d files if the compilation failed
due to invalid input, which is not the desired behavior. The test is XFAIL'd
until the cleanup code can be reworked to do the right thing.
Douglas Gregor [Mon, 14 Nov 2011 22:10:01 +0000 (22:10 +0000)]
Use Sema::RequireCompleteType to check for the completeness of
Objective-C classes. This has two purposes: to consistently provide
"forward declaration here" notes when we hit an incomplete type, and
to give LLDB a chance to complete the type.
Ted Kremenek [Mon, 14 Nov 2011 21:59:21 +0000 (21:59 +0000)]
[static analyzer] Tweak RetainCountChecker's diagnostics to correctly indicate if a message was due to a property access. This can
potentially be refactored for other clients, and this is a regression from the refactoring of property acceses.
Richard Trieu [Mon, 14 Nov 2011 19:39:25 +0000 (19:39 +0000)]
Change the checks in the type aka printing. A confusing case where the string
of the first type is the same as the aka string of the second type, but both
types are different. Update the logic to print an aka for the first type to
show that they are different.
Ted Kremenek [Mon, 14 Nov 2011 19:36:08 +0000 (19:36 +0000)]
[analyzer] teach AnalysisDeclContext::getSelfDecl() about blocks that capture the 'self' variable of the enclosing ObjC method decl. Fixes <rdar://problem/10380300>.
[PCH] When chaining a PCH and serializing HeaderSearch, make sure the HeaderFileInfos
from the primary PCH is deserialized, otherwise we lose info that headers were
already #imported/#included.
Richard Smith [Sat, 12 Nov 2011 22:28:03 +0000 (22:28 +0000)]
Represent an APValue based on a Decl as that Decl, rather than a DeclRefExpr
or MemberExpr which refers to it. As a side-effect, MemberExprs which refer to
static member functions and static data members are now emitted as constant
expressions.
[PCH] When completing an objc forward reference, do not serialize the chain of its categories because
it is going to be rewritten (and the chain will be serialized again), otherwise we may form a cycle in its
categories list when deserializing.
Also introduce ASTMutationListener::CompletedObjCForwardRef to notify that a forward reference
was completed; using Decl's isChangedSinceDeserialization/setChangedSinceDeserialization
is bug inducing and kinda gross, we should phase it out.
Douglas Gregor [Sat, 12 Nov 2011 00:24:49 +0000 (00:24 +0000)]
Tweak the module map file test slightly, by putting one of the headers
into a submodule. Submodules aren't actually supported anywhere else,
but we do parse them, so this verifies that we're at least seeing
through them properly.
Douglas Gregor [Sat, 12 Nov 2011 00:22:19 +0000 (00:22 +0000)]
Implement a minor optimization when loading module maps to satisfy a
module import: don't re-check for a loaded module unless we've
actually loaded a new module map file. Already-loaded module map files
aren't interesting.
Douglas Gregor [Sat, 12 Nov 2011 00:05:07 +0000 (00:05 +0000)]
When searching for a module, speculatively load module maps to see if
the module is described in one of the module maps in a search path or
in a subdirectory off the search path that has the same name as the
module we're looking for.
Douglas Gregor [Fri, 11 Nov 2011 23:20:24 +0000 (23:20 +0000)]
Teach the search for modules to consider modules described by a module
map, so long as they have an umbrella header. This makes it possible
to introduce a module map + umbrella header for a given set of
headers, to turn it into a module.
There are two major deficiencies here: first, we don't go hunting for
module map files when we just see a module import (so we won't know
about the modules described therein). Second, we don't yet have a way
to build modules that don't have umbrella headers, or have incomplete
umbrella headers.
Douglas Gregor [Fri, 11 Nov 2011 22:18:48 +0000 (22:18 +0000)]
Wire up the mapping from header files mentioned in module maps over to
the corresponding (top-level) modules. This isn't actually useful yet,
because we don't yet have a way to build modules out of module maps.
Richard Smith [Fri, 11 Nov 2011 19:29:23 +0000 (19:29 +0000)]
Extend -Wno-bind-to-temporary-copy and -Wno-{unnamed,local}-type-template-args
to disable the corresponding -Wc++98-compat warnings in addition to the C++11
extension warnings, so that people already using these flags can switch to C++11
mode and turn on -Wc++98-compat.
Douglas Gregor [Fri, 11 Nov 2011 19:10:28 +0000 (19:10 +0000)]
Introduce basic support for parsing module map files.
Module map files provide a way to map between headers and modules, so
that we can layer a module system on top of existing headers without
changing those headers at all.
This commit introduces the module map file parser and the module map
that it generates, and wires up the module map file parser so that
we'll automatically find module map files as part of header
search. Note that we don't yet use the information stored in the
module map.
Sean Callanan [Fri, 11 Nov 2011 17:39:52 +0000 (17:39 +0000)]
When importing an ObjCInterfaceDecl, ensure that
superclass information is imported before validating
it. This fixes spurious "incompatible superclasses"
errors in LLDB.
Ted Kremenek [Fri, 11 Nov 2011 15:19:48 +0000 (15:19 +0000)]
Tweak CXLoadedDiagnosticSetImpl::makeString() to include an extra null character, and change the creation of the FixIT's string to again just rely on this string (instead of duplicating it when calling createCXString).