6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 29-May-2014 Stephen Hines <srhines@google.com> Update Clang for 3.5 rebase (r209713).

651f13cea278ec967336033dd032faef0e9fc2ec 24-Apr-2014 Stephen Hines <srhines@google.com> Updated to Clang 3.5a.

b7a747b0c271faeeb8d0f886f0e691eb25f637d9 17-Nov-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).

New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like

char *f() {
void *x = malloc(47);
char *a;
memcpy(&a, &x, sizeof a);
return a;

da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8 25-Sep-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future.
With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters.

This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker.

cce70c7c5f0f4c1a41658fbed845f8b3a565c99c 15-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Put back DefaultBool's implicit conversion to bool.

DefaultBool is basically just "bool with a default constructor", so it
really should implicitly convert to bool. In fact, it should convert to
bool&, so that it could be passed to functions that take bools by reference.

This time, mark the operator bool& as implicit to promise that it's

7247c88d1e41514a41085f83ebf03dd5220e054a 15-May-2013 David Blaikie <dblaikie@gmail.com> Use only explicit bool conversion operator

The most common (non-buggy) case are where such objects are used as
return expressions in bool-returning functions or as boolean function
arguments. In those cases I've used (& added if necessary) a named
function to provide the equivalent (or sometimes negative, depending on
convenient wording) test.

DiagnosticBuilder kept its implicit conversion operator owing to the
prevalent use of it in return statements.

One bug was found in ExprConstant.cpp involving a comparison of two
PointerUnions (PointerUnion did not previously have an operator==, so
instead both operands were converted to bool & then compared). A test
is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix
(adding operator== to PointerUnion in LLVM).

41988f331a74a72cf243a2a68ffb56418e9a174e 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.

This should suppress several false positives reported by the NewDelete checker on llvm codebase.

adecec39481f925701e63d7fe3b8bf02dd7ddf01 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Move DefaultBool so that all checkers can share it.

233e26acc0ff2a1098f4c813f69286fce840a422 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

cfa88f893915ceb8ae4ce2f17c46c24a4d67502f 12-Jan-2013 Dmitri Gribenko <gribozavr@gmail.com> Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h

344c77aac25e5d960aced3f45fbaa09853383f6d 03-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Rename callback EndPath -> EndFunction

This better reflects when callback is called and what the checkers
are relying on. (Both names meant the same pre-IPA.)

bf53dfac8195835028bd6347433f7dbebcc29fc1 20-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

42e95acef35f4633119be1c1381e88878c966502 13-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove unneeded 'inlineCall' checker callback.

I believe the removed assert in CheckerManager says it best:

InlineCall is a special hacky callback to allow intrusive
evaluation of the call (which simulates inlining). It is
currently only used by OSAtomicChecker and should go away
at some point.

OSAtomicChecker has gone away; inlineCall can now go away as well!

96479da6ad9d921d875e7be29fe1bfa127be8069 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add generic preCall and postCall checks.

de507eaf3cb54d3cb234dc14499c10ab3373d15f 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.

The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall
argument, which can represent an explicit message send (ObjCMessageSend) or an
implicit message generated by a property access (ObjCPropertyAccess).

740d490593e0de8732a697c9f77b90ddd463863b 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a new abstraction over all types of calls: CallEvent

This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.

66c40400e7d6272b0cd675ada18dd62c1f0362c7 14-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)

This moves the logic which checked if a symbol escapes through a
parameter to invalidateRegionCallback (instead of post CallExpr visit.)

To accommodate the change, added a CallOrObjCMessage parameter to
checkRegionChanges callback.

23111dcd66ee242bb5caf1ecab01bd930ee42c4c 31-Jan-2012 Ted Kremenek <kremenek@apple.com> Convert more uses of 'const ProgramState *' to 'ProgramStateRef' (and related cleanups).

99ba9e3bd70671f3441fb974895f226a83ce0e66 20-Dec-2011 David Blaikie <dblaikie@gmail.com> Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch

d699ade396154238d2fa89bb09fdcfb79e5587d2 30-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Add checker callback documentation.

f236b6503a4dbc44c1fccb8756bd57c9d0efdf05 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Make branch for condition callback use CheckerContext

Now, all the path sensitive checkers use CheckerContext!

af498a28797c075c48d7e943df5f5a8e78ed8eb0 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyze] Convert EndOfPath callback to use CheckerContext

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

4e82d3cf6fd4c907265e3fa3aac0a835c35dc759 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Make NodeBuilder and Pred node loosely coupled

NodeBuilder should not assume it's dealing with a single predecessor. Remove predecessor getters. Modify the BranchNodeBuilder to not be responsible for doing auto-transitions (which depend on a predecessor).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142453 91177308-0d34-0410-b5e6-96231b3b80d8
Take advantage of the new builders for branch processing. As part of this change pass generic NodeBuilder (instead of BranchNodeBuilder) to the BranchCondition callback and remove the unused methods form BranchBuilder.

390909c89c98ab1807e15e033a72e975f866fb23 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove the dependency on CheckerContext::getStmt() as well as the method itself.

dff6ef903ff4fcb43b5ea292ecd772e381393b5d 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] OSAtomicChecker implements evalCall in a very invasive way - it essentially simulates inlining of compareAndSwap() by means of setting the NodeBuilder flags and calling ExprEngine directly.

This commit introduces a new callback just for this checker to unblock checker API cleanup.

dbd658e139b3e0bf084f75feaea8d844af9e319f 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState.

Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging.

This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker.

537716ad8dd10f984b6cfe6985afade1185c5e3c 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.

Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.

Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).

321d70fbde6a0d584a05845f605744889193e70b 26-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Increase the number of possible checks for a checker.

18c66fdc3c4008d335885695fe36fb5353c5f672 16-Aug-2011 Ted Kremenek <kremenek@apple.com> Rename GRState to ProgramState, and cleanup some code formatting along the way.

ca804539d908d3a0e8c72a0df5f1f571d29490bb 13-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.

Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8
9be6e7ce5788e50c62d40c59b0bbc2ea423683f7 05-May-2011 Ted Kremenek <kremenek@apple.com> Add Checker callback for running a checker at the end of processing an entire TranslationUnit. Patch by Lei Zhang.

35bdbf40624beba3fc00cb72ab444659939c1a6b 02-May-2011 Ted Kremenek <kremenek@apple.com> Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.

ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Rename CheckerV2 -> Checker.

