Fixes a number of issues:
- Global variables are not used for communication
- Trait should be defined on a graph, not on a node
- Defining the trait on a graph allows us to use a correct allocator,
no longer crashing while printing trimmed graphs
Differential Revision: https://reviews.llvm.org/D52183
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@342413 91177308-0d34-0410-b5e6-96231b3b80d8
Since I plan to add a number of new flags, it made sense to encapsulate
them in a new struct, in order not to pollute FindUninitializedFields's
constructor with new boolean options with super long names.
This revision practically reverts D50508, since FindUninitializedFields
now accesses the pedantic flag anyways.
Differential Revision: https://reviews.llvm.org/D51679
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@342219 91177308-0d34-0410-b5e6-96231b3b80d8
Some of the comments are incorrect, imprecise, or simply nonexistent.
Since I have a better grasp on how the analyzer works, it makes sense
to update most of them in a single swoop.
I tried not to flood the code with comments too much, this amount
feels just right to me.
Differential Revision: https://reviews.llvm.org/D51417
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@342215 91177308-0d34-0410-b5e6-96231b3b80d8
This patch adds support for the following operations in the iterator checkers: assign, clear, insert, insert_after, emplace, emplace_after, erase and erase_after. This affects mismatched iterator checks ("this" and parameter must match) and invalidation checks (according to the standard).
Differential Revision: https://reviews.llvm.org/D32904
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341794 91177308-0d34-0410-b5e6-96231b3b80d8
This patch adds support for the following operations in the iterator checkers: push_back, push_front, emplace_back, emplace_front, pop_back and pop_front. This affects iterator range checks (range is extended after push and emplace and reduced after pop operations) and invalidation checks (according to the standard).
Differential Revision: https://reviews.llvm.org/D32902
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341793 91177308-0d34-0410-b5e6-96231b3b80d8
Extension of the mismatched iterator checker for constructors taking range of first..last (first and last must be iterators of the same container) and also for comparisons of iterators of different containers (one does not compare iterators of different containers, since the set of iterators is partially ordered, there are no relations between iterators of different containers, except that they are always non-equal).
Differential Revision: https://reviews.llvm.org/D32860
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341792 91177308-0d34-0410-b5e6-96231b3b80d8
If a container is moved by its move assignment operator, according to the standard all their iterators except the past-end iterators remain valid but refer to the new container. This patch introduces support for this case in the iterator checkers.
Differential Revision: https://reviews.llvm.org/D32859
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341791 91177308-0d34-0410-b5e6-96231b3b80d8
The "derived" symbols indicate children fields of a larger symbol.
As parents do not have pointers to their children, the garbage
collection algorithm the analyzer currently uses adds such symbols into
a "postponed" category, and then keeps running through the worklist
until the fixed point is reached.
The current patch rectifies that by instead using a helper map which
stores pointers from parents to children, so that no fixed point
calculation is necessary.
The current patch yields ~5% improvement in running time on sqlite.
Differential Revision: https://reviews.llvm.org/D51397
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341722 91177308-0d34-0410-b5e6-96231b3b80d8
This reverts commit 03d183b6b94eda27ce66a4f9b87a00b0a148cf9e.
Temporary revert until the tests are fixed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341626 91177308-0d34-0410-b5e6-96231b3b80d8
A node is considered to be trivial if it only has one successor, one
predecessor, and a state equal to the predecessor.
Can drastically (> 2x) reduce the size of the generated exploded
graph.
Differential Revision: https://reviews.llvm.org/D51665
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@341616 91177308-0d34-0410-b5e6-96231b3b80d8
Introduce a new MemRegion sub-class, CXXDerivedObjectRegion, which is
the opposite of CXXBaseObjectRegion, to represent such casts. Such region is
a bit weird because it is by design bigger than its super-region.
But it's not harmful when it is put on top of a SymbolicRegion
that has unknown extent anyway.
Offset computation for CXXDerivedObjectRegion and proper modeling of casts
still remains to be implemented.
Differential Revision: https://reviews.llvm.org/D51191
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@340984 91177308-0d34-0410-b5e6-96231b3b80d8
The analyzer doesn't make use of them anyway and they seem to have
pretty weird AST from time to time, so let's just skip them for now.
Fixes a crash reported as pr37769.
Differential Revision: https://reviews.llvm.org/D50855
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@340977 91177308-0d34-0410-b5e6-96231b3b80d8
Summary:
With this patch, the SMT backend is almost completely detached from the CSA.
Unfortunate consequence is that we missed the `ConditionTruthVal` from the CSA and had to use `Optional<bool>`.
The Z3 solver implementation is still in the same file as the `Z3ConstraintManager`, in `lib/StaticAnalyzer/Core/Z3ConstraintManager.cpp` though, but except for that, the SMT API can be moved to anywhere in the codebase.
Reviewers: NoQ, george.karpenkov
Reviewed By: george.karpenkov
Subscribers: xazax.hun, szepet, a.sidorin, Szelethus
Differential Revision: https://reviews.llvm.org/D50772
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@340534 91177308-0d34-0410-b5e6-96231b3b80d8
George Karpenkov