Daniel Marjamäki
|
39710f106c
|
Fixed #9693 (Bug hunting: Segmentation fault with --bug-hunting and clangimport.cpp)
|
2020-04-25 10:13:18 +02:00 |
Oliver Stöneberg
|
04bd2bdb74
|
some sanitizer build fixes and cleanups (#2621)
* cleaned up sanitizer build flags
* exprengine.cpp: work around linker error with Clang and UBSAN
|
2020-04-24 21:17:06 +02:00 |
Daniel Marjamäki
|
3042bbdc3d
|
Bug hunting: Handle early returns faster
|
2020-04-24 18:51:54 +02:00 |
Oliver Stöneberg
|
1af959af2c
|
fixed -Wextra-semi-stmt Clang warnings (#2553)
* fixed -Wextra-semi-stmt Clang warnings
* adjusted REDIRECT macro to require a semicolon
* testmathlib.cpp: rolled back accidental change
|
2020-04-21 17:27:51 +02:00 |
Oliver Stöneberg
|
1dd8d4afaf
|
fixes for Clang and clang-tidy 10 (#2588)
* clang_tidy.cmake: added clang-tidy-10 to program list
* fixed -Wrange-loop-construct Clang warnings
* fixed readability-qualified-auto clang-tidy warnings
* .clang-tidy: actually disable clang-analyzer-* warnings
* .clang-tidy: disabled some new warnings introduced with clang-tidy-10
|
2020-04-04 11:44:59 +02:00 |
Paul Fultz II
|
921887a281
|
Use valueFlowGeneric for valueFlowForwardExpression (#2537)
|
2020-02-16 16:02:22 +01:00 |
Paul Fultz II
|
7368a54629
|
Add generic valueflow forward analysis (#2511)
|
2020-02-13 16:27:06 +01:00 |
Daniel Marjamäki
|
1b66820cdb
|
Revert "remove BUG_HUNTING_UNINIT conditionals"
This reverts commit 07a251d783 .
|
2020-02-12 18:54:07 +01:00 |
Daniel Marjamäki
|
07a251d783
|
remove BUG_HUNTING_UNINIT conditionals
|
2020-02-10 21:43:06 +01:00 |
Daniel Marjamäki
|
6a07c2f71a
|
ExprEngine; Check struct member assignment
|
2020-01-21 20:29:13 +01:00 |
Daniel Marjamäki
|
263f80deb8
|
ExprEngine: Add variable value checker
|
2020-01-21 20:19:51 +01:00 |
Daniel Marjamäki
|
4235a29501
|
ExprEngine: Handle variable annotations better
|
2020-01-21 18:55:07 +01:00 |
Daniel Marjamäki
|
a6ab986217
|
ExprEngine; In divbyzero report rhs token because that has better location
|
2020-01-19 09:16:02 +01:00 |
Daniel Marjamäki
|
16981f0813
|
ExprEngine; Fix FP for BailoutValue
|
2020-01-19 09:10:50 +01:00 |
Daniel Marjamäki
|
f7a30fc99f
|
Rename Verification => Bughunting
|
2020-01-18 07:25:57 +01:00 |
Daniel Marjamäki
|
272fbfeb74
|
ExprEngine; Fix Z3 usage for floats
|
2020-01-16 19:35:05 +01:00 |
Daniel Marjamäki
|
bc737be0b5
|
ExprEngine; OLD_Z3 => NEW_Z3
|
2020-01-16 18:59:47 +01:00 |
Daniel Marjamäki
|
76a048a2c1
|
Bug hunting; 'hide' the uninitialized variables checking, I need to focus on division by zero and clang import
|
2020-01-15 21:06:00 +01:00 |
Daniel Marjamäki
|
9507fccfc1
|
ExprEngine: Quick hacks for old Z3 compatibility
|
2020-01-15 19:46:00 +01:00 |
Daniel Marjamäki
|
52d72b6ffc
|
ExprEngine; Fix crash
|
2020-01-15 18:35:55 +01:00 |
Daniel Marjamäki
|
446e7c3c0e
|
ExprEngine; Fix fp in edgevalue
|
2020-01-15 17:51:34 +01:00 |
Daniel Marjamäki
|
c79ec9e956
|
ExprEngine: sizeof()
|
2020-01-15 15:24:36 +01:00 |
Daniel Marjamäki
|
5ac0eb100c
|
Bug hunting; avoid crash when argument is NULL
|
2020-01-15 07:15:47 +01:00 |
Daniel Marjamäki
|
7820b5dbcc
|
Rename 'Verification' to 'Bug hunting'
|
2020-01-14 21:17:07 +01:00 |
Daniel Marjamäki
|
1bad69923c
|
astyle formatting
[ci skip]
|
2020-01-12 13:35:39 +01:00 |
Daniel Marjamäki
|
166402b5cf
|
verificationUninit: Avoid some false positives for 'bailout' values
|
2020-01-12 13:35:09 +01:00 |
Daniel Marjamäki
|
88429382b7
|
Verification; Avoid obvious verificationUninit false positives during bailout
|
2020-01-12 11:53:49 +01:00 |
Daniel Marjamäki
|
7704f6578f
|
Verification; Fix struct member false negative
|
2020-01-12 10:29:03 +01:00 |
Daniel Marjamäki
|
3db6502fba
|
Verification; Dangerous casting of void pointer
|
2020-01-09 21:25:23 +01:00 |
Daniel Marjamäki
|
bf62138237
|
Verification; Remove VERIFY_UNINIT define, the checking is always compiled from now on
|
2020-01-09 20:25:52 +01:00 |
Daniel Marjamäki
|
84b4f0f6ab
|
Verification; Fixed false negative when global variable is changed by function call
|
2020-01-09 18:50:29 +01:00 |
Daniel Marjamäki
|
0e369edd8c
|
Verification; Only warn about uninitialized function arguments if VERIFY_UNINIT is defined
|
2020-01-02 06:16:36 +01:00 |
Daniel Marjamäki
|
e32c01b13c
|
Verification; printing debug output on std::cout
|
2020-01-01 19:57:49 +01:00 |
Daniel Marjamäki
|
f23d880a7e
|
Verification; use <uninit> configuration
|
2020-01-01 14:37:20 +01:00 |
Daniel Marjamäki
|
b44029cdaa
|
Refactoring; CWEs should be clarified
|
2020-01-01 09:09:10 +01:00 |
Daniel Marjamäki
|
28c37bb63f
|
Verification; Clarify error message
|
2020-01-01 08:36:40 +01:00 |
Daniel Marjamäki
|
443e8cfbcf
|
Verification; avoid false positive for known float value
|
2020-01-01 08:33:27 +01:00 |
Daniel Marjamäki
|
d4ec8075a4
|
Verification; Fix false positive in while loops
|
2019-12-31 22:32:16 +01:00 |
Daniel Marjamäki
|
043634be27
|
Verification; Better handling of assignment in while
|
2019-12-31 20:31:31 +01:00 |
Daniel Marjamäki
|
446256a503
|
Verification; assume non-const pointer argument might point at uninitialized data
|
2019-12-31 17:51:58 +01:00 |
Daniel Marjamäki
|
10010eba95
|
Verification; Avoid fp for array declaration
|
2019-12-31 16:50:20 +01:00 |
Daniel Marjamäki
|
f55d72e821
|
Verification; uninitialized local variable
|
2019-12-31 14:57:42 +01:00 |
Daniel Marjamäki
|
48be067dd1
|
Verification; Added --verify-diff option
|
2019-12-31 12:05:08 +01:00 |
Daniel Marjamäki
|
3af3219076
|
Verification; Juliet *_float_* division by zero tests
|
2019-12-31 09:02:06 +01:00 |
Daniel Marjamäki
|
fde86b696d
|
Verification; Use ValueFlow for improved accuracy
|
2019-12-31 05:59:06 +01:00 |
Daniel Marjamäki
|
3ff31b799c
|
Verification: Use separate id for floating point division by zero
|
2019-12-30 19:50:22 +01:00 |
Daniel Marjamäki
|
4b5585e75b
|
Verification; floating point division by zero
|
2019-12-30 19:47:18 +01:00 |
Daniel Marjamäki
|
a60efa6774
|
Verification; Experimental checking for uninit
|
2019-12-30 18:55:16 +01:00 |
Daniel Marjamäki
|
6ea1875a84
|
Verification; Ensure assertions for variable type limits are added
|
2019-12-30 12:53:59 +01:00 |
Daniel Marjamäki
|
29b599b0e5
|
Verification; callbacks in executeCast
|
2019-12-29 19:17:36 +01:00 |
Daniel Marjamäki
|
9723b28385
|
Verification; struct pointer member
|
2019-12-29 18:42:35 +01:00 |
Daniel Marjamäki
|
2710a94b4b
|
Verification; Merged handling of pointers and arrays
|
2019-12-29 16:26:11 +01:00 |
Daniel Marjamäki
|
d16ea3293e
|
Verification; Fix testing
|
2019-12-28 22:09:16 +01:00 |
Daniel Marjamäki
|
ab2e87191f
|
Verification; Avoid crash
|
2019-12-27 20:27:21 +01:00 |
Daniel Marjamäki
|
49ed1a82b4
|
Verification; save report in custom file
|
2019-12-27 19:25:06 +01:00 |
Daniel Marjamäki
|
4b4f7ea60b
|
Verification; Updated report
|
2019-12-27 19:05:22 +01:00 |
Dmitry-Me
|
147cf9319f
|
Restore compilation in gcc-4.6
|
2019-12-27 18:26:44 +03:00 |
Daniel Marjamäki
|
ec4668353d
|
Verification; Determine argument number properly
|
2019-12-26 18:32:59 +01:00 |
Daniel Marjamäki
|
8c652afd6e
|
Verification: Added IntRange::isLessThan and IntRange::isGreaterThan
|
2019-12-26 15:39:08 +01:00 |
Daniel Marjamäki
|
0cd2935dc7
|
Verification; Verify that function call argument values meet annotations
|
2019-12-25 09:23:07 +01:00 |
Daniel Marjamäki
|
f0ac19514b
|
Verification: Handle Cppcheck annotations __cppcheck_low__ and __cppcheck_high__
|
2019-12-24 21:14:14 +01:00 |
Daniel Marjamäki
|
755e2d261c
|
Fixed #9402 (ExprEngine: && and || in condition)
|
2019-12-24 15:52:02 +01:00 |
Daniel Marjamäki
|
747a01f74d
|
Verification; Check function argument values
|
2019-12-23 22:10:43 +01:00 |
Daniel Marjamäki
|
eb551728a5
|
Verification; Avoid FP for known values
|
2019-12-22 21:24:39 +01:00 |
Daniel Marjamäki
|
93f10da981
|
Verification; Detect errors after bailout
|
2019-12-22 21:03:43 +01:00 |
Daniel Marjamäki
|
c3c9559bee
|
Fix Cppcheck warning
|
2019-10-27 18:22:47 +01:00 |
Daniel Marjamäki
|
c899d7becf
|
--verify: Fix false negative in itc
|
2019-10-27 16:47:56 +01:00 |
Daniel Marjamäki
|
83a7987f6f
|
--verify: Fix false negative in itc test suite
|
2019-10-27 16:23:37 +01:00 |
Daniel Marjamäki
|
c56a45840a
|
Verify: Fix false negative in itc
|
2019-10-27 15:35:04 +01:00 |
Daniel Marjamäki
|
37bb19f02c
|
Verify: Fix a false negative in the itc test suite
|
2019-10-25 21:46:02 +02:00 |
Daniel Marjamäki
|
8cfc833381
|
ExprEngine: Better handling of container arguments
|
2019-10-23 22:04:48 +02:00 |
Daniel Marjamäki
|
052c02f8ee
|
ExprEngine: Refactoring
|
2019-10-23 18:42:40 +02:00 |
Daniel Marjamäki
|
bcfc0d32fe
|
ExprEngine: ::
|
2019-10-23 18:23:25 +02:00 |
Daniel Marjamäki
|
7b50b76b89
|
ExprEngine: container value
|
2019-10-23 18:06:10 +02:00 |
Daniel Marjamäki
|
4d218d1b47
|
ExprEngine: Clarify output
|
2019-10-23 16:40:49 +02:00 |
Daniel Marjamäki
|
3699227b12
|
ExprEngine: Throw exception if there is unhandled expression in assignment LHS
|
2019-10-22 18:39:59 +02:00 |
Daniel Marjamäki
|
d98ac017f7
|
ExprEngine: Improved handling of struct member assignments in loops
|
2019-10-14 22:04:12 +02:00 |
Daniel Marjamäki
|
8c5c070d6a
|
ExprEngine: Improved handling of struct member assignments in loop
|
2019-10-14 19:41:32 +02:00 |
Daniel Marjamäki
|
ee280a94fb
|
ExprEngine: New handling of << and >>
|
2019-10-14 17:20:35 +02:00 |
Daniel Marjamäki
|
4e49b14721
|
ExprEngine: << and >> are not handled well, throw exception for now.
|
2019-10-14 11:56:39 +02:00 |
Daniel Marjamäki
|
c7a56529bb
|
ExprEngine: Clarify verificationIntegerOverflow message
|
2019-10-14 11:54:43 +02:00 |
Daniel Marjamäki
|
530d4d2427
|
ExprEngine: Throw exception if we do not handle array well yet
|
2019-10-10 20:29:43 +02:00 |
Daniel Marjamäki
|
c2b514dc45
|
ExprEngine: Throw exception if assignment in loop is not handled
|
2019-10-10 11:12:36 +02:00 |
Daniel Marjamäki
|
5b9bc4918e
|
ExprEngine: Better error output when solver fails
|
2019-10-09 22:16:30 +02:00 |
Daniel Marjamäki
|
63bd182e83
|
ExprEngine: Adapt to z3 handling of bool/int expressions
|
2019-10-09 20:18:17 +02:00 |
Daniel Marjamäki
|
273a1a7402
|
ExprEngine: Fix FP for 'int' overflows
|
2019-10-09 11:24:57 +02:00 |
Daniel Marjamäki
|
ab6354754f
|
ExprEngine: Catch z3::exception and print message
|
2019-10-09 09:42:18 +02:00 |
Daniel Marjamäki
|
b27fe83da4
|
ExprEngine: Handle << and >>
|
2019-10-08 21:38:10 +02:00 |
Daniel Marjamäki
|
3e50150dbf
|
ExprEngine: Fix the checking for integer overflows
|
2019-10-08 20:13:25 +02:00 |
Daniel Marjamäki
|
21774cbdc4
|
ExprEngine: Handle while/for loops
|
2019-10-07 17:45:06 +02:00 |
Daniel Marjamäki
|
d82b1b29ce
|
ExprEngine: Initial handling of switch
|
2019-10-06 19:58:51 +02:00 |
Daniel Marjamäki
|
05aae9569b
|
ExprEngine: Execute false execution path even if there is no else, upon Z3 exception assume that value is in range (safe option)
|
2019-10-06 18:26:40 +02:00 |
Daniel Marjamäki
|
6c0c9ba6d3
|
ExprEngine: Handle 'break' and 'while (0);'
|
2019-10-06 17:43:30 +02:00 |
Daniel Marjamäki
|
dcf8a7213f
|
ExprEngine: ExprData::getConstraintExpr
|
2019-10-06 14:47:50 +02:00 |
Daniel Marjamäki
|
4e525e52ec
|
ExprEngine: Avoid endless recursion for struct members that have struct type
|
2019-10-05 18:29:41 +02:00 |
Daniel Marjamäki
|
e686699294
|
ExprEngine: Fix ExprEngin::IntRange::isIntValueInRange
|
2019-10-05 16:33:40 +02:00 |
Daniel Marjamäki
|
fcccd5f42e
|
ExprEngine: Small tweaks
|
2019-10-04 17:58:18 +02:00 |
Daniel Marjamäki
|
f80d387374
|
ExprEngine: Arrays if-then-else
|
2019-10-03 20:16:06 +02:00 |
Daniel Marjamäki
|
555890fdfa
|
ExprEngine: Removed NullPointerDereference checker for now.
|
2019-10-03 19:24:14 +02:00 |
Daniel Marjamäki
|
b79283306f
|
ExprEngine: Rename Data::conditions => Data::constraints
|
2019-10-03 08:48:05 +02:00 |
Daniel Marjamäki
|
d916379f9f
|
ExprEngine: Better handling of if/else
|
2019-10-02 21:47:00 +02:00 |
Daniel Marjamäki
|
7ab22c7176
|
ExprEngine: Use smt solver Z3
|
2019-10-02 17:59:04 +02:00 |
Daniel Marjamäki
|
1ccc303602
|
ExprEngine: Simplify array value if possible, ensure each array data has a unique name
|
2019-09-29 21:20:57 +02:00 |
Daniel Marjamäki
|
03ff32993e
|
Fixed Cppcheck warning
|
2019-09-29 17:32:26 +02:00 |
Daniel Marjamäki
|
1979b64170
|
ExprEngine: Bailout when for|while|switch is seen
|
2019-09-29 17:28:12 +02:00 |
Daniel Marjamäki
|
40c3e68e07
|
ExprEngine: Add --debug-verify, fixed handling of global arrays
|
2019-09-29 15:00:54 +02:00 |
Daniel Marjamäki
|
60e1cf8b8d
|
ExprEngine: Fix NULL pointer dereference tests
|
2019-09-29 08:26:09 +02:00 |
Daniel Marjamäki
|
3f587bef65
|
ExprEngine: Add some CWE476 (Null pointer dereference) checks
|
2019-09-28 19:28:12 +02:00 |
Daniel Marjamäki
|
1acd78a038
|
ExprEngine: Translate uninitialized values to value ranges
|
2019-09-28 16:16:36 +02:00 |
Daniel Marjamäki
|
2e5d663ae9
|
ExprEngine: Handle void* -> int* casts better
|
2019-09-28 15:40:00 +02:00 |
Daniel Marjamäki
|
f6c0550c41
|
ExprEngine: Do not bailout if function type is not known if the result is not used anyway
|
2019-09-28 11:55:06 +02:00 |
Daniel Marjamäki
|
b2239f04ba
|
ExprEngine: Improve 'division by zero' warning
|
2019-09-28 11:03:20 +02:00 |
Daniel Marjamäki
|
0de3e76b2d
|
ExprEngine: Clarify when analysis is aborted
|
2019-09-28 10:59:28 +02:00 |
Daniel Marjamäki
|
a3cad7fa51
|
Fix Coverity warning CID 1405837; negative bit shift
|
2019-09-28 06:34:51 +02:00 |
Daniel Marjamäki
|
8b8701d078
|
ExprEngine: Cleanup output when variable declaration and initialization is separated
|
2019-09-27 21:03:47 +02:00 |
Daniel Marjamäki
|
398cfc1f5a
|
ExprEngine: Create array value in struct
|
2019-09-27 18:58:49 +02:00 |
Daniel Marjamäki
|
2b4fe66908
|
Try to make Travis happy
|
2019-09-27 16:13:43 +02:00 |
Daniel Marjamäki
|
f7a8075001
|
ExprEngine: Disable integerOverflow check
|
2019-09-27 15:07:56 +02:00 |
Daniel Marjamäki
|
7ea8b69235
|
ExprEngine: Robustness
|
2019-09-27 14:36:33 +02:00 |
Daniel Marjamäki
|
69016e38bc
|
ExprEngine: Add a temporary overflow check
|
2019-09-27 14:20:17 +02:00 |
Daniel Marjamäki
|
8ccbdfe725
|
ExprEngine: Better output
|
2019-09-27 13:30:09 +02:00 |
Daniel Marjamäki
|
71aa9a531a
|
ExprEngine: Create symbolic expression for string arguments
|
2019-09-27 13:12:16 +02:00 |
Daniel Marjamäki
|
350363616c
|
Fix Cppcheck naming convention
|
2019-09-27 08:17:46 +02:00 |
Daniel Marjamäki
|
dffae8f7d9
|
Try to make Travis happy
|
2019-09-26 21:43:29 +02:00 |
Daniel Marjamäki
|
371babc322
|
ExprEngine: Improved handling of structs
|
2019-09-26 21:35:29 +02:00 |
Daniel Marjamäki
|
f47aaed21e
|
ExprEngine: Improve output
|
2019-09-26 21:00:36 +02:00 |
Daniel Marjamäki
|
f1b42fe05c
|
ExprEngine: Extend output
|
2019-09-26 20:49:03 +02:00 |
Daniel Marjamäki
|
2e1cbbeb14
|
ExprEngine: Fix output for StructValue
|
2019-09-26 19:39:30 +02:00 |
Daniel Marjamäki
|
cd816f42eb
|
ExprEngine: fix code for float comparisons
|
2019-09-26 12:13:14 +02:00 |
Daniel Marjamäki
|
d7d22f51b7
|
ExprEngine: Minor output cleanup
|
2019-09-26 10:07:31 +02:00 |
Daniel Marjamäki
|
c5302d20a3
|
ExprEngine: ConditionalValues, output symbolic expressions
|
2019-09-26 10:03:58 +02:00 |
Daniel Marjamäki
|
9e76630a4b
|
ExprEngine: Restructure handling of arrays to handle dynamic buffers better
|
2019-09-25 18:33:21 +02:00 |
Daniel Marjamäki
|
0011fb5a36
|
ExprEngine: Temporary hardcoding for calloc
|
2019-09-24 22:22:16 +02:00 |
Daniel Marjamäki
|
7cf8327b31
|
ExprEngine: Sign extension in truncateValue
|
2019-09-24 20:31:12 +02:00 |
Daniel Marjamäki
|
0471e74489
|
ExprEngine: Handle char literals
|
2019-09-24 20:11:07 +02:00 |
Daniel Marjamäki
|
1769af4a6c
|
ExprEngine: Passing variable address to function
|
2019-09-24 19:53:33 +02:00 |
Daniel Marjamäki
|
ba035074f0
|
ExprEngine: Extended value truncation
|
2019-09-24 13:28:14 +02:00 |
Daniel Marjamäki
|
c1ff3419a6
|
ExprEngine: Value truncation
|
2019-09-23 20:28:12 +02:00 |
Daniel Marjamäki
|
9025b47f82
|
ExprEngine: some handling of NULL pointer
|
2019-09-23 18:10:06 +02:00 |
Daniel Marjamäki
|
28d13e7567
|
ExprEngine: Implement basic float handling
|
2019-09-22 21:14:36 +02:00 |
Daniel Marjamäki
|
6e17853ea9
|
ExprEngine: Guess function call return value
|
2019-09-22 16:40:48 +02:00 |
Daniel Marjamäki
|
5c07cfd2e8
|
ExprEngine: Better handling of pointer aliasing
|
2019-09-22 15:58:55 +02:00 |
Daniel Marjamäki
|
ec4b7c1f4b
|
ExprEngine: Better handling of pointers
|
2019-09-22 10:56:57 +02:00 |
Daniel Marjamäki
|
7d6fd915be
|
ExprEngine: Better handling of compound assignments
|
2019-09-21 21:15:51 +02:00 |
Daniel Marjamäki
|
da91c139d5
|
ExprEngine: Passing array to function, array data might be overwritten
|
2019-09-21 19:34:06 +02:00 |
Daniel Marjamäki
|
b2cab003ff
|
ExprEngine: Fix output for arrays
|
2019-09-21 14:17:16 +02:00 |
Daniel Marjamäki
|
3d0d3ec4c5
|
ExprEngine: handling array initialization with string literal
|
2019-09-21 11:36:34 +02:00 |
Daniel Marjamäki
|
6c59957109
|
ExprEngine: Better handling of conditions
|
2019-09-20 21:27:51 +02:00 |
Daniel Marjamäki
|
8fba2af267
|
Try to make Travis happy
|
2019-09-20 07:04:58 +02:00 |
Daniel Marjamäki
|
6c38b69e11
|
Rename dataIndex to mDataIndex according to our naming conventions
|
2019-09-20 06:12:35 +02:00 |
Daniel Marjamäki
|
5f0f8afc27
|
ExprEngine: Print some 'debug' output
|
2019-09-19 20:18:55 +02:00 |
Daniel Marjamäki
|
745c91106e
|
Removed unused Data::dump
|
2019-09-19 09:16:18 +02:00 |
orbitcowboy
|
b37b0c0f78
|
Running astyle [ci skip]
|
2019-09-19 08:03:29 +02:00 |
amai2012
|
d97c826319
|
Compile fix for VisualStudio
|
2019-09-18 22:07:42 +02:00 |
Daniel Marjamäki
|
b66d701599
|
Fix Cppcheck warnings
|
2019-09-17 22:28:36 +02:00 |
Daniel Marjamäki
|
2d651b09fc
|
ExprEngine: Add new experimental path-sensitive data flow analysis. Initially used for 'verification' but could possibly later be used as a complement in the normal analysis. The code is work-in-progress and hacky!
|
2019-09-17 21:00:59 +02:00 |