Cross Reference: /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
e600d4be7d01661ab7601f9ef9c4d3236c377385	09-Jul-2013	Anna Zaks <ganna@apple.com>	[analyzer] Fixup for r185609: actually do suppress warnings coming out of std::list. list is the name of a class, not a namespace. Change the test as well - the previous version did not test properly. Fixes radar://14317928. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185898 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8b625a3f7764959d0a2ac3cd860ce1e168e0fc9b	04-Jul-2013	Anna Zaks <ganna@apple.com>	[analyzer] Suppress reports reported in std::list The motivation is to suppresses false use-after-free reports that occur when calling std::list::pop_front() or std::list::pop_back() twice. The analyzer does not reason about the internal invariants of the list implementation, so just do not report any of warnings in std::list. Fixes radar://14317928. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185609 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
7f79b78351af03a392ee16d8ec557d47746c33c6	04-Jul-2013	Anna Zaks <ganna@apple.com>	[analyzer] Make sure that inlined defensive checks work on div by zero. This suppresses a false positive in std::hash_map. Fixes radar://14255587. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185608 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
17828ca5857d5d9cadfffd339f888de58182c8f1	14-May-2013	David Blaikie <dblaikie@gmail.com>	Provide operator<< for stream output of DeclarationNames ASTDumper was already trying to do this & instead got an implicit bool conversion by surprise (thus printing out 0 or 1 instead of the name of the declaration). To avoid that issue & simplify call sites, simply make it the normal/expected operator<<(raw_ostream&, ...) overload & simplify all the existing call sites. (bonus: this function doesn't need to be a member or friend, it's just using public API in DeclarationName) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181832 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
265448963a856bebdd0ae5abf67210054f44c64b	10-May-2013	Anna Zaks <ganna@apple.com>	[analyzer] Do not check if sys/queue.h file is a system header. In most cases it is, by just looking at the name. Also, this check prevents the heuristic from working in strange user settings. radar://13839692 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181615 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
636478e288b88396d860f6b01b48b47953e3d5e9	07-May-2013	Anna Zaks <ganna@apple.com>	[analyzer] Fix a crash triggered by printing a note on a default argument Instead, use the location of the call to print the note. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181337 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
2faee99ab67105e834d11df7db80a78a3e3ed37b	03-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Check the stack frame when looking for a var's initialization. FindLastStoreBRVisitor is responsible for finding where a particular region gets its value; if the region is a VarRegion, it's possible that value was assigned at initialization, i.e. at its DeclStmt. However, if a function is called recursively, the same DeclStmt may be evaluated multiple times in multiple stack frames. FindLastStoreBRVisitor was not taking this into account and just picking the first one it saw. <rdar://problem/13787723> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180997 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
dcd6224911e234ab3657b7d0b79a2add1ae4fdd8	03-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Fix trackNullOrUndef when tracking args that have nil receivers. There were actually two bugs here: - if we decided to look for an interesting lvalue or call expression, we wouldn't go find its node if we also knew we were at a (different) call. - if we looked through one message send with a nil receiver, we thought we were still looking at an argument to the original call. Put together, this kept us from being able to track the right values, which means sub-par diagnostics and worse false-positive suppression. Noticed by inspection. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180996 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1	20-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic Introduce a new helper function, which computes the first symbolic region in the base region chain. The corresponding symbol has been used for assuming that a pointer is null. Now, it will also be used for checking if it is null. This ensures that we are tracking a null pointer correctly in the BugReporter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
62fba4f08af16ff17b5cbe8816061349504317e4	18-Apr-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] Refine 'nil receiver' diagnostics to mention the name of the method not called. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179776 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
86f1745be24c834175e7a8a51b12f9a0063d532e	18-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Tweak getDerefExpr more to track DeclRefExprs to references. In the committed example, we now see a note that tells us when the pointer was assumed to be null. This is the only case in which getDerefExpr returned null (failed to get the dereferenced expr) throughout our regression tests. (There were multiple occurrences of this one.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179736 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
1e1d011874340f33b807ac90609424f90f72488a	18-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Improve dereferenced expression tracking for MemberExpr with a dot and non-reference base git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179734 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
441625e6c7f8bf58e62a284ae1f855dafde31ec2	18-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Gain more precision retrieving the right SVal by specifying the type of the expression. Thanks to Jordan for suggesting the fix. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179732 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
5b90ae7ba05a10a81f107ec1635deb1bd7292936	18-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Allow TrackConstraintBRVisitor to work when the value it’s tracking is not live in the last node of the path We always register the visitor on a node in which the value we are tracking is live and constrained. However, the visitation can restart at a node, later on the path, in which the value is under constrained because it is no longer live. Previously, we just silently stopped tracking in that case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179731 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
82dd4396fcd2517d06382b7170f393d1b6351c7f	16-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Add more specialized error messages for corner cases as per Jordan's code review for r179396 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179571 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8713e1a5c3f6658d54061e176b5baa9fadf14675	12-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Print a diagnostic note even if the region cannot be printed. There are few cases where we can track the region, but cannot print the note, which makes the testing limited. (Though, I’ve tested this manually by making all regions non-printable.) Even though the applicability is limited now, the enhancement will be more relevant as we start tracking more regions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179396 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9e2f5977a180ae927d05e844c65b8a7873be48a4	12-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer]Print field region even when the base region is not printable git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382	09-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
ea7b481aa8298f1e59c4cfb64e53b38f86dec92d	06-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Remove another redundancy from trackNullOrUndef git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178934 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4b69feb6d90eb120d04f5d54f6b28cc295a46098	06-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Fix null tracking for the given test case, by using the proper state and removing redundant code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178933 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
610f79cbab4d752349b5c81a94682a6a82b102e7	05-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Show path diagnostic for C++ initializers Also had to modify the PostInitializer ProgramLocation to contain the field region. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178826 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
702077f14100f2d7acdb12ad49b53e64efc37d72	03-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Allow tracknullOrUndef look through the ternary operator even when condition is unknown Improvement of r178684 and r178685. Jordan has pointed out that I should not rely on the value of the condition to know which expression branch has been taken. It will not work in cases the branch condition is an unknown value (ex: we do not track the constraints for floats). The better way of doing this would be to find out if the current node is the right or left successor of the node that has the ternary operator as a terminator (which is how this is done in other places, like ConditionBRVisitor). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178701 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cabc3fddae63f5eb3bd44bdecce7a3fbd69421a9	03-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] make peelOffOuterExpr in BugReporterVisitors recursively peel off select Exprs git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178685 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
c1bef5671e682de5a573c7c6b66871b36de0ec61	03-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Properly handle the ternary operator in trackNullOrUndefValue 1) Look for the node where the condition expression is live when checking if it is constrained to true or false. 2) Fix a bug in ProgramState::isNull, which was masking the problem. When the expression is not a symbol (,which is the case when it is Unknown) return unconstrained value, instead of value constrained to “false”! (Thankfully other callers of isNull have not been effected by the bug.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178684 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a12643622ad3b85972dfdd80fe9006a3e8d8fb80	02-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Allow suppressing diagnostics reported within the 'std' namespace This is controlled by the 'suppress-c++-stdlib' analyzer-config flag. It is currently off by default. This is more suppression than we'd like to do, since obviously there can be user-caused issues within 'std', but it gives us the option to wield a large hammer to suppress false positives the user likely can't work around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178513 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
84e8a960ad76b3c7ca550b4cc92a1b90ed16d5c1	29-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan’s review of r178309 - do not register an extra visitor for nil receiver We can check if the receiver is nil in the node that corresponds to the StmtPoint of the message send. At that point, the receiver is guaranteed to be live. We will find at least one unreclaimed node due to my previous commit (look for StmtPoint instead of PostStmt) and the fact that the nil receiver nodes are tagged. + a couple of extra tests. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178381 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4de4715ad02aa8c9437a9e0e2854a0ccc71a3188	29-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Look for a StmtPoint node instead of PostStmt in trackNullOrUndefValue. trackNullOrUndefValue tries to find the first node that matches the statement it is tracking. Since we collect PostStmt nodes (in node reclamation), none of those might be on the current path, so relax the search to look for any StmtPoint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178380 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
aabb4c5eacca6d78ef778f33ec5cd4c755d71a39	29-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Apply the suppression rules to the nil receiver only if the value participates in the computation of the nil we warn about. We should only suppress a bug report if the IDCed or null returned nil value is directly related to the value we are warning about. This was not the case for nil receivers - we would suppress a bug report that had an IDCed nil receiver on the path regardless of how it’s related to the warning. 1) Thread EnableNullFPSuppression parameter through the visitors to differentiate between tracking the value which is directly responsible for the bug and other values that visitors are tracking (ex: general tracking of nil receivers). 2) in trackNullOrUndef specifically address the case when a value of the message send is nil due to the receiver being nil. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178309 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4a49df3be929d442535d6721ab8a2bbc8a7cd528	27-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Ensure that the node NilReceiverBRVisitor is looking for is not reclaimed The visitor should look for the PreStmt node as the receiver is nil in the PreStmt and this is the node. Also, tag the nil receiver nodes with a special tag for consistency. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178152 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
1533833e21ae5b3f5f39b168b3fbac109ee77008	27-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Make sure IDC works for ‘NSContainer value/key is nil’ checks. Register the nil tracking visitors with the region and refactor trackNullOrUndefValue a bit. Also adds the cast and paren stripping before checking if the value is an OpaqueValueExpr or ExprWithCleanups. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178093 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
85a92cfa52ddf4c45fe2baca4d7fea0bdc5ed103	19-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace uses of assume() with isNull() in BR visitors. Also, replace a std::string with a SmallString. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177352 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
f510f5cd57fa9b7ea6f6e103c65c0df95a55d986	16-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] BugReporterVisitors: handle the case where a ternary operator is wrapped in a cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177205 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
f8ba81e8bbc4d0d424c3b4c3581a9467e972c4de	16-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan’s review of r177138 (a micro optimization) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177204 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6a15f39a6bfd7a30085c5fa8f67d0b64b74b132a	15-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look through ExprWhenCleanups when trying to track a NULL. Silences a few false positives in LLVM. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177186 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
810169e7a1f858a787d2db050deebaee7e10c97f	15-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Refactor checks in IDC visitor for consistency and speed git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177138 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
dc9c160dede7e2f5cc11755db6aaa57e7fccbcec	15-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Teach trackNullOrUndef to look through ternary operators Allows the suppression visitors trigger more often. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177137 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a4bb4f6ca8dd31ad96cb9526a5abe1273f18ff40	14-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Change the way in which IDC Visitor decides to kick in and make sure it attaches in the given edge case In the test case below, the value V is not constrained to 0 in ErrorNode but it is in node N. So we used to fail to register the Suppression visitor. We also need to change the way we determine that the Visitor should kick in because the node N belongs to the ExplodedGraph and might not be on the BugReporter path that the visitor sees. Instead of trying to match the node, turn on the visitor when we see the last node in which the symbol is ‘0’. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177121 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6022c4e17c0d2ad9c43ef6bc830d394b670a4705	13-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] BugReporter - more precise tracking of C++ references When BugReporter tracks C++ references involved in a null pointer violation, we want to differentiate between a null reference and a reference to a null pointer. In the first case, we want to track the region for the reference location; in the second, we want to track the null pointer. In addition, the core creates CXXTempObjectRegion to represent the location of the C++ reference, so teach FindLastStoreBRVisitor about it. This helps null pointer suppression to kick in. (Patch by Anna and Jordan.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176969 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
77b72231a0316509cc939b052be35fafce606567	11-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look for calls along with lvalue nodes in trackNullOrUndefValue. r176737 fixed bugreporter::trackNullOrUndefValue to find nodes for an lvalue even if the rvalue node had already been collected. This commit extends that to call statement nodes as well, so that if a call is contained within implicit casts we can still track the return value. No test case because node reclamation is extremely finicky (dependent on how the AST and CFG are built, and then on our current reclamation rules, and /then/ on how many nodes were generated by the analyzer core and the current set of checkers). I consider this a low-risk change, though, and it will only happen in cases of reclamation when the rvalue node isn't available. <rdar://problem/13340764> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176829 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0415998dd77986630efe8f1aed633519cc41e1f3	09-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Make Suppress IDC checker aware that it might not start from the same node it was registered at The visitor used to assume that the value it’s tracking is null in the first node it examines. This is not true. If we are registering the Suppress Inlined Defensive checks visitor while traversing in another visitor (such as FindlastStoreVisitor). When we restart with the IDC visitor, the invariance of the visitor does not hold since the symbol we are tracking no longer exists at that point. I had to pass the ErrorNode when creating the IDC visitor, because, in some cases, node N is neither the error node nor will be visible along the path (we had not finalized the path at that point and are dealing with ExplodedGraph.) We should revisit the other visitors which might not be aware that they might get nodes, which are later in path than the trigger point. This suppresses a number of inline defensive checks in JavaScriptCore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176756 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0183768813658d419e3124b576744b03ec8e9b55	09-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look for lvalue nodes when tracking a null pointer. r176010 introduced the notion of "interesting" lvalue expressions, whose nodes are guaranteed never to be reclaimed by the ExplodedGraph. This was used in bugreporter::trackNullOrUndefValue to find the region that contains the null or undef value being tracked. However, the /rvalue/ nodes (i.e. the loads from these lvalues that produce a null or undef value) /are/ still being reclaimed, and if we couldn't find the node for the rvalue, we just give up. This patch changes that so that we look for the node for either the rvalue or the lvalue -- preferring the former, since it lets us fall back to value-only tracking in cases where we can't get a region, but allowing the latter as well. <rdar://problem/13342842> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176737 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8c84707fd0fbe9f6f7d17fadd5a9fe162dff8445	09-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't rely on finding the correct return statement for suppression. Previously, ReturnVisitor waited to suppress a null return path until it had found the inlined "return" statement. Now, it checks up front whether the return value was NULL, and suppresses the warning right away if so. We still have to wait until generating the path notes to invalidate the bug report, or counter-suppression will never be triggered. (Counter-suppression happens while generating path notes, but the generation won't happen for reports already marked invalid.) This isn't actually an issue today because we never reclaim nodes for top-level statements (like return statements), but it could be an issue some day in the future. (But, no expected behavioral change and no new test case.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176736 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
713e07591995d761f65c7132289dce003a29870f	06-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] IDC: Add config option; perform the idc check on first “null node” rather than last “non-null”. The second modification does not lead to any visible result, but, theoretically, is what we should have been looking at to begin with since we are checking if the node was assumed to be null in an inlined function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176576 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cc5dbdae70c6eb2423921f52a35ba4686d2969cf	02-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Simple inline defensive checks suppression Inlining brought a few "null pointer use" false positives, which occur because the callee defensively checks if a pointer is NULL, whereas the caller knows that the pointer cannot be NULL in the context of the given call. This is a first attempt to silence these warnings by tracking the symbolic value along the execution path in the BugReporter. The new visitor finds the node in which the symbol was first constrained to NULL. If the node belongs to a function on the active stack, the warning is reported, otherwise, it is suppressed. There are several areas for follow up work, for example: - How do we differentiate the cases where the first check is followed by another one, which does happen on the active stack? Also, this only silences a fraction of null pointer use warnings. For example, it does not do anything for the cases where NULL was assigned inside a callee. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9abf1b4577b75ffcc46afbdfb55de334f68f05c0	01-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Suppress paths involving a reference whose rvalue is null. Most map types have an operator[] that inserts a new element if the key isn't found, then returns a reference to the value slot so that you can assign into it. However, if the value type is a pointer, it will be initialized to null. This is usually no problem. However, if the user /knows/ the map contains a value for a particular key, they may just use it immediately: // From ClangSACheckersEmitter.cpp recordGroupMap[group]->Checkers In this case the analyzer reports a null dereference on the path where the key is not in the map, even though the user knows that path is impossible here. They could silence the warning by adding an assertion, but that means splitting up the expression and introducing a local variable. (Note that the analyzer has no way of knowing that recordGroupMap[group] will return the same reference if called twice in a row!) We already have logic that says a null dereference has a high chance of being a false positive if the null came from an inlined function. This patch simply extends that to references whose rvalues are null as well, silencing several false positives in LLVM. <rdar://problem/13239854> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176371 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6f4160828db75f36b22a204da202723c592644f3	27-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Teach FindLastStoreBRVisitor to understand stores of the same value. Consider this case: int p = 0; p = getPointerThatMayBeNull(); p = 1; If we inline 'getPointerThatMayBeNull', we might know that the value of 'p' is NULL, and thus emit a null pointer dereference report. However, we usually want to suppress such warnings as error paths, and we do so by using FindLastStoreBRVisitor to see where the NULL came from. In this case, though, because 'p' was NULL both before and after the assignment, the visitor would decide that the "last store" was the initialization, not the re-assignment. This commit changes FindLastStoreBRVisitor to consider all PostStore nodes that assign to this region. This still won't catches changes made directly by checkers if they re-assign the same value, but it does handle the common case in user-written code and will trigger ReturnVisitor's suppression machinery as expected. <rdar://problem/13299738> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176201 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
deb8f5d533b7bcd962976ecdbc1464fe754b6de0	27-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] If a struct has a partial lazy binding, its fields aren't Undef. This is essentially the same problem as r174031: a lazy binding for the first field of a struct may stomp on an existing default binding for the entire struct. Because of the way RegionStore is set up, we can't help but lose the top-level binding, but then we need to make sure that accessing one of the other fields doesn't come back as Undefined. In this case, RegionStore is now correctly detecting that the lazy binding we have isn't the right type, but then failing to follow through on the implications of that: we don't know anything about the other fields in the aggregate. This fix adds a test when searching for other kinds of default values to see if there's a lazy binding we rejected, and if so returns a symbolic value instead of Undefined. The long-term fix for this is probably a new Store model; see <rdar://problem/12701038>. Fixes <rdar://problem/13292559>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176144 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4238f41d484729aca260140fbbc53a68769bf60a	26-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] Use 'MemRegion::printPretty()' instead of assuming the region is a VarRegion. Fixes PR15358 and <rdar://problem/13295437>. Along the way, shorten path diagnostics that say "Variable 'x'" to just be "'x'". By the context, it is obvious that we have a variable, and so this just consumes text space. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176115 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6c5038cf8486d92ae53bf4513141bd40a5ae0734	25-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] Relax assumption in FindLastStoreBRVisitor that the thing we are looking for is always a VarRegion. This was triggering assertion failures when analyzing the LLVM codebase. This is fallout from r175988. I've got delta chewing away on a test case, but I wanted the fix to go in now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176011 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4e9c0854382d37325771b50f6cf899a75119fa24	25-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] add the notion of an "interesting" lvalue expression for ExplodedNode pruning. r175988 modified the ExplodedGraph trimming algorithm to retain all nodes for "lvalue" expressions. This patch refines that notion to only "interesting" expressions that would be used for diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176010 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
43b82b823a6113fdbee54243b280db9c55ef72cb	24-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] tracking stores/constraints now works for ObjC ivars or struct fields. This required more changes than I originally expected: - ObjCIvarRegion implements "canPrintPretty" et al - DereferenceChecker indicates the null pointer source is an ivar - bugreporter::trackNullOrUndefValue() uses an alternate algorithm to compute the location region to track by scouring the ExplodedGraph. This allows us to get the actual MemRegion for variables, ivars, fields, etc. We only hand construct a VarRegion for C++ references. - ExplodedGraph no longer drops nodes for expressions that are marked 'lvalue'. This is to facilitate the logic in the previous bullet. This may lead to a slight increase in size in the ExplodedGraph, which I have not measured, but it is likely not to be a big deal. I have validated each of the changed plist output. Fixes <rdar://problem/12114812> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0dd15d78fb0c99faa5df724139ba4c16a9a345c6	24-Feb-2013	Ted Kremenek <kremenek@apple.com>	Add "KnownSVal" to represent SVals that cannot be UnknownSVal. This provides a few sundry cleanups, and allows us to provide a compile-time check for a case that was a runtime assertion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175987 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
7a95de68c093991047ed8d339479ccad51b88663	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace ProgramPoint llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
5846720f08a6b225484bfe663599c2b057a99bc8	05-Feb-2013	Ted Kremenek <kremenek@apple.com>	Change subexpressions to be visited in the CFG from left-to-right. This is a more natural order of evaluation, and it is very important for visualization in the static analyzer. Within Xcode, the arrows will not jump from right to left, which looks very visually jarring. It also provides a more natural location for dataflow-based diagnostics. Along the way, we found a case in the analyzer diagnostics where we needed to indicate that a variable was "captured" by a block. -fsyntax-only timings on sqlite3.c show no visible performance change, although this is just one test case. Fixes <rdar://problem/13016513> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174447 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
86ff12c8a8a356ca284ca7687749216fbfd74519	30-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Move report false positive suppression to report visitors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173956 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
dede2fd56d053a114a65ba72583981ce7aab27da	26-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] bugreporter::getDerefExpr now takes a Stmt, not an ExplodedNode. This allows it to be used in places where the interesting statement doesn't match up with the current node. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173546 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
7ee8906295d56ceb84b8b3da502cdc8770509868	26-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename PruneNullReturnPaths to SuppressNullReturnPaths. "Prune" is the term for eliminating pieces of a path that are not relevant to the user. "Suppress" means don't show that path at all. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173544 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f	12-Jan-2013	Dmitri Gribenko <gribozavr@gmail.com>	Remove useless 'llvm::' qualifier from names like StringRef and others that are brought into 'clang' namespace by clang/Basic/LLVM.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
87aa2fbc75a897e7c4a4082374aaba3f50db6f0f	21-Dec-2012	Roman Divacky <rdivacky@freebsd.org>	Remove duplicate includes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170903 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a93d0f280693b8418bc88cf7a8c93325f7fcf4c6	01-Dec-2012	Benjamin Kramer <benny.kra@googlemail.com>	Include pruning and general cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169095 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6a329ee7567cf3267ffab2bc755ea8c773d967e7	29-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] New option to not suppress null return paths if an argument is null. Our one basic suppression heuristic is to assume that functions do not usually return NULL. However, when one of the arguments is NULL it is suddenly much more likely that NULL is a valid return value. In this case, we don't suppress the report here, but we do attach /another/ visitor to go find out if this NULL argument also comes from an inlined function's error path. This new behavior, controlled by the 'avoid-suppressing-null-argument-paths' analyzer-config option, is turned off by default. Turning it on produced two false positives and no new true positives when running over LLVM/Clang. This is one of the possible refinements to our suppression heuristics. <rdar://problem/12350829> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166941 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
09f7bf14d25bdc55cb715bc8d40600906848a409	29-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use the CallEnter node to get a value for tracked null arguments. Additionally, don't collect PostStore nodes -- they are often used in path diagnostics. Previously, we tried to track null arguments in the same way as any other null values, but in many cases the necessary nodes had already been collected (a memory optimization in ExplodedGraph). Now, we fall back to using the value of the argument at the time of the call, which may not always match the actual contents of the region, but often will. This is a precursor to improving our suppression heuristic. <rdar://problem/12350829> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166940 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b85cce094887ab5cf1c47acfe306e2fb1d3cfbb1	26-Oct-2012	Ted Kremenek <kremenek@apple.com>	TrackConstraintBRVisitor and ConditionBRVisitor can emit similar path notes for cases where a value may be assumed to be null, etc. Instead of having redundant diagnostics, do a pass over the generated PathDiagnostic pieces and remove notes from TrackConstraintBRVisitor that are already covered by ConditionBRVisitor, whose notes tend to be better. Fixes <rdar://problem/12252783> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166728 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b9d4e5e3bb235f1149e99d3c833ff7cb3474c9f1	22-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Suppress bugs whose paths go through the return of a null pointer. This is a heuristic intended to greatly reduce the number of false positives resulting from inlining, particularly inlining of generic, defensive C++ methods that live in header files. The suppression is triggered in the cases where we ask to track where a null pointer came from, and it turns out that the source of the null pointer was an inlined function call. This change brings the number of bug reports in LLVM from ~1500 down to around ~300, a much more manageable number. Yes, some true positives may be hidden as well, but from what I looked at the vast majority of silenced reports are false positives, and many of the true issues found by the analyzer are still reported. I'm hoping to improve this heuristic further by adding some exceptions next week (cases in which a bug should still be reported). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164449 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
53221da865144db0ba6bd89ab30bcf81de0fe5d2	22-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Track a null value back through FindLastStoreBRVisitor. Also, tidy up the other tracking visitors so that they mark the right things as interesting and don't do extra work. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164448 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6686b6694a7998623550ff6529f2f53bfee94328	22-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look through OpaqueValueExprs when tracking a nil value. This allows us to show /why/ a particular object is nil, even when it is wrapped in an OpaqueValueExpr. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164445 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
85e99373835fe1b4cec624bc48dc8dfe14c2a783	22-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Better path notes for null pointers passed as arguments. Rather than saying "Null pointer value stored to 'foo'", we now say "Passing null pointer value via Nth parameter 'foo'", which is much better. The note is also now on the argument expression as well, rather than the entire call. This paves the way for continuing to track arguments back to their sources. <rdar://problem/12211490> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164444 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
991bcb4370fe849603346ebbddc8dd47bc29d235	22-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Check that an ObjCIvarRefExpr's base is non-null even as an lvalue. Like with struct fields, we want to catch cases like this early, so that we can produce better diagnostics and path notes: PointObj p = nil; int px = &p->_x; // should warn here *px = 1; git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164442 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
522fc21f3adc647817edc8017e6928a64c96899b	13-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Teach UndefOrNullArgVisitor to track parent regions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163748 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
22505ef15e32db31a4f834a387cf73a913bc8f66	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Fix bug in BugReporter::RemoveUneededCalls() where "prunable" PathDiagnosticEventPieces were always pruned. Instead, they are suppose to only be pruned if the entire call gets pruned. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163460 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
c47dc1b9734ea9bebb281499d58d22c2647713a9	07-Sep-2012	Ted Kremenek <kremenek@apple.com>	Fix bug in ConditionBRVisitor where for C++ (and not C) we were not ignoring implicit pointer-to-boolean conversions in condition expressions. This would result in inconsistent diagnostic emission between C and C++. A consequence of this is now ConditionBRVisitor and TrackConstraintBRVisitor may emit redundant diagnostics, for example: "Assuming pointer value is null" (TrackConstraintBRVisitor) "Assuming 'p' is null" (ConditionBRVisitor) We need to reconcile the two, and perhaps prefer one over the other in some cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163372 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9b925ac059089dfe74e3b8fa5effe519fb9ee885	06-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Enhance the member expr tracking to account for references. As per Jordan's suggestion. (Came out of code review for r163261.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163269 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
d91696e8680bbe89df1076fded1bc54104526060	06-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] NullOrUndef diagnostics: track symbols binded to regions. If a region is binded to a symbolic value, we should track the symbol. (The code I changed was not previously exercised by the regression tests.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163261 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0caa2d47b84337e942b3f6652adfafe4ae506cfe	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename AnalyzerOptions 'EagerlyAssume' to 'eagerlyAssumeBinOpBifurcation'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162930 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
28694c1fe44082970cd53ca7ffef25f668e4c545	30-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fixup 162863. Thanks Jordan. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162875 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
80de487e03dd0f44e4572e2122ebc1aa6a3961f5	29-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Improved diagnostic pruning for calls initializing values. This heuristic addresses the case when a pointer (or ref) is passed to a function, which initializes the variable (or sets it to something other than '0'). On the branch where the inlined function does not set the value, we report use of undefined value (or NULL pointer dereference). The access happens in the caller and the path through the callee would get pruned away with regular path pruning. To solve this issue, we previously disabled diagnostic pruning completely on undefined and null pointer dereference checks, which entailed very verbose diagnostics in most cases. Furthermore, not all of the undef value checks had the diagnostic pruning disabled. This patch implements the following heuristic: if we pass a pointer (or ref) to the region (on which the error is reported) into a function and it's value is either undef or 'NULL' (and is a pointer), do not prune the function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a1f81bb0e55749a1414b1b5124bb83b9052ff2ac	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename addTrackNullOrUndefValueVisitor to trackNullOrUndefValue. This helper function (in the clang::ento::bugreporter namespace) may add more than one visitor, but conceptually it's tracking a single use of a null or undefined value and should do so as best it can. Also, the BugReport parameter has been made a reference to underscore that it is non-optional. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162720 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
166b7bd43551964d65bcf4918f51a167b8374e2a	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Refactor FindLastStoreBRVisitor to not find the store ahead of time. As Anna pointed out to me offline, it's a little silly to walk backwards through the graph to find the store site when BugReporter will do the exact same walk as part of path diagnostic generation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162719 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
7aba1171b32265b2206f3fa8f8886953051b58f5	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] If the last store into a region came from a function, step into it. Previously, if we were tracking stores to a variable 'x', and came across this: x = foo(); ...we would simply emit a note here and stop. Now, we'll step into 'foo' and continue tracking the returned value from there. <rdar://problem/12114689> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162718 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
364b9f95fa47b0ca7f1cc694195f7a9953652f81	27-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look through casts when trying to track a null pointer dereference. Also, add comments to addTrackNullOrUndefValueVisitor. Thanks for the review, Anna! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162695 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
3682f1ea9c7fddc7dcbc590891158ba40f7fca16	25-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use the common evalBind infrastructure for initializers. This allows checkers (like the MallocChecker) to process the effects of the bind. Previously, using a memory-allocating function (like strdup()) in an initializer would result in a leak warning. This does bend the expectations of checkBind a bit; since there is no assignment expression, the statement being used is the initializer value. In most cases this shouldn't matter because we'll use a PostInitializer program point (rather than PostStmt) for any checker-generated nodes, though we /will/ generate a PostStore node referencing the internal statement. (In theory this could have funny effects if someone actually does an assignment within an initializer; in practice, that seems like it would be very rare.) <rdar://problem/12171711> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162637 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
23df2437a47ff129d2923ae325d42e79682a7f14	24-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] If we dereference a NULL that came from a function, show the return. More generally, any time we try to track where a null value came from, we should show if it came from a function. This usually isn't necessary if the value is symbolic, but if the value is just a constant we previously just ignored its origin entirely. Now, we'll step into the function and recursively add a visitor to the returned expression. <rdar://problem/12114609> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162563 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
e6cd0548fd8f52bcda917add482770fa418c619b	16-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Look through all casts when trying to track constraints. Previously, we were losing path notes (in both text and plist form) because the interesting DeclRefExpr was buried in a cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161999 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
685379965c1b105ce89cf4f6c60810932b7f4d0d	04-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] When a symbol is null, we should track its constraints. Because of this, we would previously emit NO path notes when a parameter is constrained to null (because there are no stores). Now we show where we made the assumption, which is much more useful. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161280 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b0e1badc2a9b8275b48dfb15c6907a282b949b02	04-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Flatten path diagnostics for text output like we do for HTML. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161279 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
20165e796c16311a83911db74c04d797e93471b2	04-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] FindLastStoreBRVisitor was not actually finding stores. The visitor walks back through the ExplodedGraph as expected, but it wasn't actually keeping track of when a value was assigned. This meant that it only worked when the value was assigned when the variable was defined. Tests in the next commit (dependent on another change). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161276 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
11abcecc8c919673237cf37384290a1ef1943976	02-May-2012	Ted Kremenek <kremenek@apple.com>	Refine analyzer diagnostics by adding an expression "cone-of-influence" to reverse track interesting values through interesting expressions. This allows us to map from interesting values in a caller to interesting values in a caller, thus recovering some precision in diagnostics lost from IPA. Fixes <rdar://problem/11327497> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155971 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
907344e4977ac704f248d82ef235b88be08584d5	05-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Change warding in a path diagnostic: "No method actually called because receiver is nil" -> "No method is called because receiver is nil" git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154077 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
76aadc346c3a4c363238a1e1232f324c3355d9e0	09-Mar-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions. Essentially, a bug centers around a story for various symbols and regions. We should only include the path diagnostic events that relate to those symbols and regions. The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which can be modified at BugReport creation or by BugReporterVisitors. This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as having desired behavior. The only regression is a missing null check diagnostic for the return value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix, and I have added a FIXME to the test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
c89f4b05721f53cfbaf32fc0c4919a4616e68440	29-Feb-2012	Ted Kremenek <kremenek@apple.com>	[analyzer diagnostics] start prototyping stripping PathDiagnostics of unnecessary cruft caused by path inlining. This introduces a concept of a "prunable" PathDiagnosticEvent. Currently this is a flag, but we may evolve the concept to make this more dynamically inferred. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151663 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
2042fc1f36d471f437023e8899f0c4fadded2341	24-Feb-2012	Ted Kremenek <kremenek@apple.com>	Reapply r151317, but when computing the PathDiagnostic profile and size keep into account the nested structure. Also fix a problem with how inlining impacted Plist diagnostics, and adjust some ranges in the Plist output due to richer information. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151346 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
68fbb3ee8ae374b6505885e907af92b30eef707f	24-Feb-2012	Chad Rosier <mcrosier@apple.com>	Revert r151317 - Rework PathDiagnostics creation.. - to appease buildbots. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151338 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4970ef8e3527ac356c3e9fde0710561fcb63e424	24-Feb-2012	Ted Kremenek <kremenek@apple.com>	Rework PathDiagnostic creation so that call stacks are captured by a nested PathDiagnosticCallPiece. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151317 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
5a0917d1367115d5fddfe7551f8634759217b54b	16-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Diagnostics: Ensure that the default end of diagnostic path piece can always be generated. The default end of diagnostic path piece was failing to generate on a BlockEdge that was outgoing from a basic block without a terminator, resulting in a very simple diagnostic being rendered (ex: no path highlighting or custom visitors). Reuse another function, which is essentially doing the same thing and correct it not to fail when a block has no terminator. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150659 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a59d20b135bfde058a5a69045bab5ec4e2553f74	07-Feb-2012	Benjamin Kramer <benny.kra@googlemail.com>	Print NamedDecls directly to a raw_ostream where possible. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149982 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
a6215b93c45ee5931536b57d10b987747143313b	07-Feb-2012	Ted Kremenek <kremenek@apple.com>	Create PathDiagnosticCallEnter and PathDiagnosticCallExit, to remark calls in PathDiagnostics from other events. This will have potential uses later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149960 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b9201d2d138dca631cdc43f8e57d9e9e6248c25c	07-Feb-2012	Ted Kremenek <kremenek@apple.com>	Quote name of function in path diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149958 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0cf3d471546251b12bdceff360f66c079c40526c	07-Feb-2012	Ted Kremenek <kremenek@apple.com>	Add basic BugReporter support for CallEnter/CallExit. WIP. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149939 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
f7ccbad5d9949e7ddd1cbef43d482553b811e026	05-Feb-2012	Dylan Noblesmith <nobled@dreamwidth.org>	Basic: import SmallString<> into clang namespace (I was going to fix the TODO about DenseMap too, but that would break self-host right now. See PR11922.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149799 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8fe83e1df954d72c0f4ffc15d20a5222ec151c21	04-Feb-2012	Benjamin Kramer <benny.kra@googlemail.com>	Move a method from IdentifierTable.h out of line and remove the SmallString include. Fix all the transitive include users. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149783 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
d2e7090f97042ba8272f4f27ac243d8bf4151ecd	25-Jan-2012	Ted Kremenek <kremenek@apple.com>	Post open source analyzer build checker-259. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148988 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
5eca482fe895ea57bc82410222e6426c09e63284	06-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt,LocationContext) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
d1247c5002ee511e6f6c3c26214221c391d437cd	04-Jan-2012	Ted Kremenek <kremenek@apple.com>	Extend ConditionBRVisitor to handle condition variable assignments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147526 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
6ae325737c2ef7ce60ac6650a96bd489ef6e7ebe	20-Dec-2011	Ted Kremenek <kremenek@apple.com>	Fix inversion of static analyzer path diagnostics for path conditions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146993 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b8989f27f116ff2400e92a52c067a69846119eb5	14-Oct-2011	Benjamin Kramer <benny.kra@googlemail.com>	Change operator<< for raw_ostream and NamedDecl to take a reference instead of a pointer. Passing a pointer was a bad idea as it collides with the overload for void*. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141971 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
b459cf34c4df1a1317a9bda1e1e2cc32364e62cf	01-Oct-2011	Anna Zaks <ganna@apple.com>	Address PR10616. The crash has already been fixed by Ted in r140725, so just refactor to use existing API + test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140932 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
f79d90e570c514c1ac280ab45b0c6b3d660af7a0	28-Sep-2011	Ted Kremenek <kremenek@apple.com>	Check for empty predecessors for walking them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140725 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
1531bb0c69d9afff6a6434e4cadf345eb628b287	20-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Use more create methods in the PathDiagnostic, cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140130 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
0cd59482abd8aec9ed1eaad11f5fe9c1e42639f6	16-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 5 of ?): - Get rid of PathDiagnosticLocation(SourceRange r,..) constructor by providing a bunch of create methods. - The PathDiagnosticLocation(SourceLocation L,..), which is used by crate methods, will eventually become private. - Test difference is in the case when the report starts at the beginning of the function. We used to represent that point as a range of the very first token in the first statement. Now, it's just a single location representing the first character of the first statement. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139932 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4fdf97bf51d2a156cec3232efd6dae110aa02aa0	15-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?): - Fix a fixme and move the logic of creating a PathDiagnosticLocation corresponding to a ProgramPoint into a PathDiagnosticLocation constructor. - Rename PathDiagnosticLocation::create to differentiate from the added constructor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139825 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
220ac8c175cb1bf9b18d82eefe036995d7a2164d	15-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?): - Modify all PathDiagnosticLocation constructors that take Stmt to also requre LocationContext. - Add a constructor which should be used in case there is no valid statement/location (it will grab the location of the enclosing function). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139763 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
7a756463ffe90f9a06c8cc8c190f22a5e4366c25	12-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Fix a failure encountered while analyzing bind (radar://10105448). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139509 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
23f395ee1bf4e4aa76b310d896a951799eaca94a	20-Aug-2011	Anna Zaks <ganna@apple.com>	Static Analyzer Diagnostics: Move the responsibility for generating the endOfPath diagnostic piece from BugReport to BugReporterVisitor. Switch CFRefCount to use visitors in order to generate the endOfPath piece. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138184 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
50bbc165b063155cc23c360deb7b865502e068e2	20-Aug-2011	Anna Zaks <ganna@apple.com>	Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void) API in favor of addVisitor(BugReporterVisitor). 1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well. 2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor. 3) Modify all the checkers to use the new API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138126 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
8e6431adab313e283a992698f6fc7afe62420999	19-Aug-2011	Anna Zaks <ganna@apple.com>	Static Analyzer Diagnostics: Move custom diagnostic visitors from BugReporterContext to BugReport. One API change: I added BugReporter as an additional parameter to the BugReporterVisitor::VisitNode() method to allow visitors register other visitors with the report on the fly (while processing a node). This functionality is used by NilReceiverVisitor, which registers TrackNullOrUndefValue when the receiver is null. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138001 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
3b9e8e40dab1295de4f14d9cf8d24c22422a42d2	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Enhance ConditionVisitor to handle arbitrary ValueDecls in binary expressions, and also handle inverting the order of comparison when the named decl appears on the RHS. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137714 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
4ee7c9cedc015bc161fa290aa558356b9bcf1bfa	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] fix operation inversion calculation in ConditionVisitor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137708 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
681bc114b51c1198cdec9a165c7d3230abb8f427	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Enhance ConditionVisitor to understand eagerly evaluated (simple) binary conditions, and teach it to only focus on constraint changes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137705 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9c378f705405d37f49795d5e915989de774fe11f	13-Aug-2011	Ted Kremenek <kremenek@apple.com>	Cleanup various declarations of 'Stmt' to be 'Stmt ', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9697934650354bed2e509d8e7e44f21a1fb00f76	12-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
993124ecdd44ec1430a3b7f01b22f65bbaadb586	06-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Start sketching out a new BugReporterVisitor that inspects branches and other expressions to generate interesting path events in diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137012 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
882998923889a2fcce9b49696506c499e22cf38f	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs. The motivation of this large change is to drastically simplify the logic in ExprEngine going forward. Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings will be called frequently; this can also be improved over time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
9b663716449b618ba0390b1dbebc54fa8e971124	10-Feb-2011	Ted Kremenek <kremenek@apple.com>	Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3	08-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core. Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration. Yet another library to avoid cyclic dependencies between Core and Checkers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp