Cross Reference: PathSensitive

xref: /external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/

• Home
• History
• Annotate
• only in /external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/

History log of /external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/

Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ef8225444452a1486bd721f3285301fe84643b00	21-Jul-2014	Stephen Hines <srhines@google.com>	Update Clang for rebase to r212749. This also fixes a small issue with arm_neon.h not being generated always. Includes a cherry-pick of: r213450 - fixes mac-specific header issue r213126 - removes a default -Bsymbolic on Android Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d allEvent.h heckerContext.h xplodedGraph.h
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89	29-May-2014	Stephen Hines <srhines@google.com>	Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83 asicValueFactory.h lockCounter.h allEvent.h heckerContext.h onstraintManager.h oreEngine.h xplodedGraph.h xprEngine.h emRegion.h rogramState.h rogramStateTrait.h ValBuilder.h Vals.h tore.h ubEngine.h ymbolManager.h orkList.h
651f13cea278ec967336033dd032faef0e9fc2ec	24-Apr-2014	Stephen Hines <srhines@google.com>	Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82 PSIntType.h nalysisManager.h lockCounter.h allEvent.h oreEngine.h xplodedGraph.h xprEngine.h emRegion.h rogramState.h rogramStateTrait.h ValBuilder.h tore.h ymbolManager.h
3eb52bb5d791630f926ff2226dae25012315ad9a	20-Nov-2013	Bill Wendling <isanbard@gmail.com>	Merging r195174: ------------------------------------------------------------------------ r195174 | zaks | 2013-11-19 16:11:42 -0800 (Tue, 19 Nov 2013) | 1 line [analyzer] Fix an infinite recursion in region invalidation by adding block count to the BlockDataRegion. ------------------------------------------------------------------------ git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_34@195228 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h ValBuilder.h
b7a747b0c271faeeb8d0f886f0e691eb25f637d9	17-Nov-2013	Anton Yartsev <anton.yartsev@gmail.com>	[analyzer] Better modeling of memcpy by the CStringChecker (PR16731). New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape. In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like char *f() { void *x = malloc(47); char *a; memcpy(&a, &x, sizeof a); return a; } git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h rogramState.h
9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f	28-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make inlining decisions based on the callee being variadic. ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8	25-Sep-2013	Anton Yartsev <anton.yartsev@gmail.com>	[analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h emRegion.h rogramState.h tore.h ubEngine.h
36d558d85653315edb389677e995ec9ccdbfbf3d	03-Sep-2013	Jordan Rose <jordan_rose@apple.com>	Add an implicit dtor CFG node just before C++ 'delete' expressions. This paves the way for adding support for modeling the destructor of a region before it is deleted. The statement "delete <expr>" now generates this series of CFG elements: 1. <expr> 2. [B1.1]->~Foo() (Implicit destructor) 3. delete [B1.1] Patch by Karthik Bhat! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189828 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
d207f55cd58054aab77edca35b3e7f645738dfe2	19-Aug-2013	Pavel Labath <labath@google.com>	[analyzer] Fix inefficiency in dead symbol removal Summary: ScanReachableSymbols uses a "visited" set to avoid scanning the same object twice. However, it did not use the optimization for LazyCompoundVal objects, which resulted in exponential complexity for long chains of temporary objects. Adding this resulted in a decrease of analysis time from >3h to 3 seconds for some files. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1398 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188677 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
cacdbc97d11d2bbde00a63dace6ac26f4b12ed88	19-Aug-2013	Craig Topper <craig.topper@gmail.com>	Fix indentation. No functional change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188652 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
76b5dd48c9dbf2ed3e5830060ea55b81b7d1cca0	26-Jul-2013	Pavel Labath <labath@google.com>	[analyzer] Fix FP warnings when binding a temporary to a local static variable Summary: When binding a temporary object to a static local variable, the analyzer would complain about a dangling reference even though the temporary's lifetime should be extended past the end of the function. This commit tries to detect these cases and construct them in a global memory region instead of a local one. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1133 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187196 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
78c2ec43284537f65bbd95b0628271a140ba0ec4	12-Jul-2013	Anna Zaks <ganna@apple.com>	[analyzer] Treat nullPtrType as a location type. Fixes PR16584 (radar://14415223). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186172 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
ff8e04e678faddb9f1c876f8a850943be57471d3	21-Jun-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Fix stale comment in CallEvent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184510 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
7f1fd2f182717d5ce6cde60398128910c90f98be	29-May-2013	Anna Zaks <ganna@apple.com>	[analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation This gives slightly better precision, specifically, in cases where a non-typed region represents the array or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
d95b70175646829c26344d5f0bda1ec3009f2a5b	17-May-2013	Anna Zaks <ganna@apple.com>	[analyzer] Add an option to use the last location in the main source file as the report location. Previously, we’ve used the last location of the analyzer issue path as the location of the report. This might not provide the best user experience, when one analyzer a source file and the issue appears in the header. Introduce an option to use the last location of the path that is in the main source file as the report location. New option can be enabled with -analyzer-config report-in-main-source-file=true. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182058 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
7247c88d1e41514a41085f83ebf03dd5220e054a	15-May-2013	David Blaikie <dblaikie@gmail.com>	Use only explicit bool conversion operator The most common (non-buggy) case are where such objects are used as return expressions in bool-returning functions or as boolean function arguments. In those cases I've used (& added if necessary) a named function to provide the equivalent (or sometimes negative, depending on convenient wording) test. DiagnosticBuilder kept its implicit conversion operator owing to the prevalent use of it in return statements. One bug was found in ExprConstant.cpp involving a comparison of two PointerUnions (PointerUnion did not previously have an operator==, so instead both operands were converted to bool & then compared). A test is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix (adding operator== to PointerUnion in LLVM). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181869 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
00ffb8079b14cade816d8f668675e853e613dee0	06-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove now-unused bindCompoundLiteral helper function. The one user has been changed to use getLValue on the compound literal expression and then use the normal bindLoc to assign a value. No need to special case this in the StoreManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
4b75085f5669efc6407c662b5686361624c3ff2f	02-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't try to evaluate MaterializeTemporaryExpr as a constant. ...and don't consider '0' to be a null pointer constant if it's the initializer for a float! Apparently null pointer constant evaluation looks through both MaterializeTemporaryExpr and ImplicitCastExpr, so we have to be more careful about types in the callers. For RegionStore this just means giving up a little more; for ExprEngine this means handling the MaterializeTemporaryExpr case explicitly. Follow-up to r180894. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180944 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
e2b1246a24e8babf2f58c93713fba16b8edb8e2d	02-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Consolidate constant evaluation logic in SValBuilder. Previously, this was scattered across Environment (literal expressions), ExprEngine (default arguments), and RegionStore (global constants). The former special-cased several kinds of simple constant expressions, while the latter two deferred to the AST's constant evaluator. Now, these are all unified as SValBuilder::getConstantVal(). To keep Environment fast, the special cases for simple constant expressions have been left in, but the main benefits are that (a) unusual constants like ObjCStringLiterals now work as default arguments and global constant initializers, and (b) we're not duplicating code between ExprEngine and RegionStore. This actually caught a bug in our test suite, which is awesome: we stop tracking allocated memory if it's passed as an argument along with some kind of callback, but not if the callback is 0. We were testing this in a case where the callback parameter had a default value, but that value was 0. After this change, the analyzer now (correctly) flags that as a leak! <rdar://problem/13773117> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
0f8579274a010f360a371b53101859d9d6052314	24-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Refactor BugReport::getLocation and PathDiagnosticLocation::createEndOfPath for greater code reuse The 2 functions were computing the same location using different logic (each one had edge case bugs that the other one did not). Refactor them to rely on the same logic. The location of the warning reported in text/command line output format will now match that of the plist file. There is one change in the plist output as well. When reporting an error on a BinaryOperator, we use the location of the operator instead of the beginning of the BinaryOperator expression. This matches our output on command line and looks better in most cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180165 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
8ef064d53fb33b5a8f8743bcbb0a2fd5c3e97be1	20-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Ensure BugReporterTracking works on regions with pointer arithmetic Introduce a new helper function, which computes the first symbolic region in the base region chain. The corresponding symbol has been used for assuming that a pointer is null. Now, it will also be used for checking if it is null. This ensures that we are tracking a null pointer correctly in the BugReporter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179916 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h Vals.h
716859df842e5a56e816d820d8326ead152dd9e4	20-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Flip printPretty and printPrettyAsExpr as per suggestion from Jordan (r179572) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179915 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
a9ad400e7a937e80dddb1b8a6f4c00eddbcb59e0	16-Apr-2013	Ted Kremenek <kremenek@apple.com>	Remove unused "getConfig()" method. A new way is to have high-level APIs that access the configuration table without clients reasoning about the string table. The string table is an implementation detail. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179625 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
07d8470effc0b0364801adddb6ff92bd22334402	16-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Add pretty printing to CXXBaseObjectRegion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179573 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
79d0cceb8847bfe6dc9da8eb2ea2f3c6bb73b813	16-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Address code review for r179395 Mostly refactoring + handle the nested fields by printing the innermost field only. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179572 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
9e2f5977a180ae927d05e844c65b8a7873be48a4	12-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer]Print field region even when the base region is not printable git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
4de561f470be0cffeff5a92a286e9d6bf9bd8cff	11-Apr-2013	Ryan Govostes <rzg@apple.com>	[analyzer] Factor common code from {SymSym,SymInt,IntSym}Expr to BinarySymExpr git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179269 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
a5796f87229b4aeebca71fa6ee1790ae7a5a0382	09-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace isIntegerType() with isIntegerOrEnumerationType(). Previously, the analyzer used isIntegerType() everywhere, which uses the C definition of "integer". The C++ predicate with the same behavior is isIntegerOrUnscopedEnumerationType(). However, the analyzer is /really/ using this to ask if it's some sort of "integrally representable" type, i.e. it should include C++11 scoped enumerations as well. hasIntegerRepresentation() sounds like the right predicate, but that includes vectors, which the analyzer represents by its elements. This commit audits all uses of isIntegerType() and replaces them with the general isIntegerOrEnumerationType(), except in some specific cases where it makes sense to exclude scoped enumerations, or any enumerations. These cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>() plus BuiltinType::isInteger(). isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and include/clang/StaticAnalysis. :-) Fixes real assertion failures. PR15703 / <rdar://problem/12350701> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h rogramState.h ValBuilder.h
658a28479dd775f6ff2c07fa5699a7ea01e04127	02-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h rogramState.h Vals.h tore.h
c9092bb5eb67d859122abb69a0ef61e9249500cd	02-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Cache whether a function is generally inlineable. Certain properties of a function can determine ahead of time whether or not the function is inlineable, such as its kind, its signature, or its location. We can cache this value in the FunctionSummaries map to avoid rechecking these static properties for every call. Note that the analyzer may still decide not to inline a specific call to a function because of the particular dynamic properties of the call along the current path. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178515 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
992acb2269171b6ef68694d71a36f6b7408d8e82	02-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use inline storage in the FunctionSummary DenseMap. The summaries lasted for the lifetime of the map anyway; no reason to include an extra allocation. Also, use SmallBitVector instead of BitVector to track the visited basic blocks -- most functions will have less than 64 basic blocks -- and use bitfields for the other fields to reduce the size of the structure. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178514 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
0f5c5c60e9806d13f0907cd99d7204ffab0e08f7	29-Mar-2013	Ted Kremenek <kremenek@apple.com>	Add static analyzer support for conditionally executing static initializers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178318 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
41988f331a74a72cf243a2a68ffb56418e9a174e	29-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works for const pointers passed as a top level parameter into a function. We need to differentiate the const pointers escape from regular escape since the content pointed by const pointer will not change; if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers. This should suppress several false positives reported by the NewDelete checker on llvm codebase. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h tore.h ubEngine.h
94cf910ac2d1719c1dfc163bbec3953f12efdf6f	28-Mar-2013	Rafael Espindola <rafael.espindola@gmail.com>	These are all simple pointer wrappers. Pass them by value. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178247 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
e81fdb1fdde48d3fa18df56c5797f6b0bc5dfc4a	27-Mar-2013	Rafael Espindola <rafael.espindola@gmail.com>	Cleanup clang's specializations of simplify_type. Now that the basic implementation in llvm has been fixed, simplify the specializations in clang. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178173 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
8a660eb1084294a903f6dcc00bf2fa4e3bc92cfc	26-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Change inlining policy to inline small functions when reanalyzing ObjC methods as top level. This allows us to better reason about(inline) small wrapper functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178063 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
4708b3dde86b06f40927ae9cf30a2de83949a8f2	23-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Teach constraint managers about unsigned comparisons. In C, comparisons between signed and unsigned numbers are always done in unsigned-space. Thus, we should know that "i >= 0U" is always true, even if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0' is signed. Part of <rdar://problem/13239003> (false positives related to std::vector) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177806 91177308-0d34-0410-b5e6-96231b3b80d8 PSIntType.h
0f3a34fb7fea37ebfbcba8b400ccb697b9559b49	22-Mar-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Break cycles (optionally) when trimming an ExplodedGraph." The algorithm used here was ridiculously slow when a potential back-edge pointed to a node that already had a lot of successors. The previous commit makes this feature unnecessary anyway. This reverts r177468 / f4cf6b10f863b9bc716a09b2b2a8c497dcc6aa9b. Conflicts: lib/StaticAnalyzer/Core/BugReporter.cpp git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177765 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66	20-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Invalidate regions indirectly accessible through const pointers. In this case, the value of 'x' may be changed after the call to indirectAccess: struct Wrapper { int *ptr; }; void indirectAccess(const Wrapper &w); void test() { int x = 42; Wrapper w = { x }; clang_analyzer_eval(x == 42); // TRUE indirectAccess(w); clang_analyzer_eval(x == 42); // UNKNOWN } This is important for modelling return-by-value objects in C++, to show that the contents of the struct are escaping in the return copy-constructor. <rdar://problem/13239826> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
f4cf6b10f863b9bc716a09b2b2a8c497dcc6aa9b	20-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Break cycles (optionally) when trimming an ExplodedGraph. Having a trimmed graph with no cycles (a DAG) is much more convenient for trying to find shortest paths, which is exactly what BugReporter needs to do. Part of the performance work for <rdar://problem/13433687>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177468 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
a8d937e4bdd39cdf503f77454e9dc4c9c730a9f7	16-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Model trivial copy/move assignment operators with a bind as well. r175234 allowed the analyzer to model trivial copy/move constructors as an aggregate bind. This commit extends that to trivial assignment operators as well. Like the last commit, one of the motivating factors here is not warning when the right-hand object is partially-initialized, which can have legitimate uses. <rdar://problem/13405162> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177220 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
c9963132736782d0c9178c744b3e2307cfb98a08	16-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Eliminate InterExplodedGraphMap class and NodeBackMap typedef. ...in favor of this typedef: typedef llvm::DenseMap<const ExplodedNode *, const ExplodedNode *> InterExplodedGraphMap; Use this everywhere the previous class and typedef were used. Took the opportunity to ArrayRef-ize ExplodedGraph::trim while I'm at it. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177215 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h xprEngine.h
962fbc46664f2486d6805549130fa6b310de6d60	07-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Clean up a few doc comments for ProgramState and CallEvent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176600 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h rogramState.h
41f3f3a4792f46787632fdb94f952f6b3ce3f4ae	05-Mar-2013	Jordan Rose <jordan_rose@apple.com>	Silence a number of static analyzer warnings with assertions and such. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176469 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
cc5dbdae70c6eb2423921f52a35ba4686d2969cf	02-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Simple inline defensive checks suppression Inlining brought a few "null pointer use" false positives, which occur because the callee defensively checks if a pointer is NULL, whereas the caller knows that the pointer cannot be NULL in the context of the given call. This is a first attempt to silence these warnings by tracking the symbolic value along the execution path in the BugReporter. The new visitor finds the node in which the symbol was first constrained to NULL. If the node belongs to a function on the active stack, the warning is reported, otherwise, it is suppressed. There are several areas for follow up work, for example: - How do we differentiate the cases where the first check is followed by another one, which does happen on the active stack? Also, this only silences a fraction of null pointer use warnings. For example, it does not do anything for the cases where NULL was assigned inside a callee. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
a19dc41bd408732d407d0152f67b389f7333db25	28-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Mark the root SVal class as isPodLike. Pure optimization, no functionality change. Probably does not make much of a difference, but it's free. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176229 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
42f2309f739549bead6e5a6c34fd1be4d087998f	25-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's code review of r175857. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176043 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
4e9c0854382d37325771b50f6cf899a75119fa24	25-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] add the notion of an "interesting" lvalue expression for ExplodedNode pruning. r175988 modified the ExplodedGraph trimming algorithm to retain all nodes for "lvalue" expressions. This patch refines that notion to only "interesting" expressions that would be used for diagnostics. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176010 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
43b82b823a6113fdbee54243b280db9c55ef72cb	24-Feb-2013	Ted Kremenek <kremenek@apple.com>	[analyzer] tracking stores/constraints now works for ObjC ivars or struct fields. This required more changes than I originally expected: - ObjCIvarRegion implements "canPrintPretty" et al - DereferenceChecker indicates the null pointer source is an ivar - bugreporter::trackNullOrUndefValue() uses an alternate algorithm to compute the location region to track by scouring the ExplodedGraph. This allows us to get the actual MemRegion for variables, ivars, fields, etc. We only hand construct a VarRegion for C++ references. - ExplodedGraph no longer drops nodes for expressions that are marked 'lvalue'. This is to facilitate the logic in the previous bullet. This may lead to a slight increase in size in the ExplodedGraph, which I have not measured, but it is likely not to be a big deal. I have validated each of the changed plist output. Fixes <rdar://problem/12114812> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
0dd15d78fb0c99faa5df724139ba4c16a9a345c6	24-Feb-2013	Ted Kremenek <kremenek@apple.com>	Add "KnownSVal" to represent SVals that cannot be UnknownSVal. This provides a few sundry cleanups, and allows us to provide a compile-time check for a case that was a runtime assertion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175987 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
8dadf15224f1a8df96793e5fc4e0b0e38a5ffbe4	22-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Place all inlining policy checks into one palce Previously, we had the decisions about inlining spread out over multiple functions. In addition to the refactor, this commit ensures that we will always inline BodyFarm functions as long as the Decl is available. This fixes false positives due to those functions not being inlined when no or minimal inlining is enabled such (as shallow mode). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175857 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
5e5440ba9c135f523f72e7e7c5da59d390d697c5	22-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make sure a materialized temporary matches its bindings. This is a follow-up to r175830, which made sure a temporary object region created for, say, a struct rvalue matched up with the initial bindings being stored into it. This does the same for the case in which the AST actually tells us that we need to create a temporary via a MaterializeObjectExpr. I've unified the two code paths and moved a static helper function onto ExprEngine. This also caused a bit of test churn, causing us to go back to describing temporary regions without a 'const' qualifier. This seems acceptable; it's our behavior from a few months ago. <rdar://problem/13265460> (part 2) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175854 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
7a95de68c093991047ed8d339479ccad51b88663	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace ProgramPoint llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h xplodedGraph.h
4411b423e91da0a2c879b70c0222aeba35f72044	21-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Record whether a base object region represents a virtual base. This allows MemRegion and MemRegionManager to avoid asking over and over again whether an class is a virtual base or a non-virtual base. Minor optimization/cleanup; no functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175716 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h tore.h
66874fb18afbffb8b2ca05576851a64534be3352	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Use None rather than Optional<T>() where possible. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175705 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
464011827c5f9047caaba7e245556d66a65a15b6	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Doxycomment SVal's getAs/castAs. Also document TypeLoc's operations similarly, since it's a good idea. Post-commit CR feedback from Anna Zaks regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175694 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h rogramState.h Vals.h
3bc7b6bef968a18aa69af6594d192897d329692a	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Rename SVal::isType functions to SVal::isKind Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175676 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h emRegion.h rogramState.h Vals.h
9ef9b8540a608a93efaaae1d26d94e8087c30b55	19-Feb-2013	David Blaikie <dblaikie@gmail.com>	Use LLVM_DELETED_FUNCTION rather than '// do not implement' comments. Also removes some redundant DNI comments on function declarations already using the macro. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175465 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a	15-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...after a host of optimizations related to the use of LazyCompoundVals (our implementation of aggregate binds). Originally applied in r173951. Reverted in r174069 because it was causing hangs. Re-applied in r174212. Reverted in r174265 because it was /still/ causing hangs. If this needs to be reverted again it will be punted to far in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175234 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
adecec39481f925701e63d7fe3b8bf02dd7ddf01	09-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Move DefaultBool so that all checkers can share it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174782 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
5846720f08a6b225484bfe663599c2b057a99bc8	05-Feb-2013	Ted Kremenek <kremenek@apple.com>	Change subexpressions to be visited in the CFG from left-to-right. This is a more natural order of evaluation, and it is very important for visualization in the static analyzer. Within Xcode, the arrows will not jump from right to left, which looks very visually jarring. It also provides a more natural location for dataflow-based diagnostics. Along the way, we found a case in the analyzer diagnostics where we needed to indicate that a variable was "captured" by a block. -fsyntax-only timings on sqlite3.c show no visible performance change, although this is just one test case. Fixes <rdar://problem/13016513> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174447 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
2a3fe34b4a2a1b6ceab8838b896435378ae0e692	02-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...again. The problem has not been fixed and our internal buildbot is still getting hangs. This reverts r174212, originally applied in r173951, then reverted in r174069. Will not re-apply until the entire project analyzes successfully on my local machine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174265 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
5500fc193af4b786bbbbee6ece743f523448e90b	01-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." With the optimization in the previous commit, this should be safe again. Originally applied in r173951, then reverted in r174069. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174212 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
978aeac1a90020b2a0ae6c7eb7fe65aa8226f74a	01-Feb-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Reuse a LazyCompoundVal if its type matches the new region. This allows us to keep from chaining LazyCompoundVals in cases like this: CGRect r = CGRectMake(0, 0, 640, 480); CGRect r2 = r; CGRect r3 = r2; Previously we only made this optimization if the struct did not begin with an aggregate member, to make sure that we weren't picking up an LCV for the first field of the struct. But since LazyCompoundVals are typed, we can make that inference directly by comparing types. This is a pure optimization; the test changes are to guard against possible future regressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174211 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
33e83b6cf776875be5716d214710717a898325c0	31-Jan-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." It's causing hangs on our internal analyzer buildbot. Will restore after investigating. This reverts r173951 / baa7ca1142990e1ad6d4e9d2c73adb749ff50789. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174069 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
baa7ca1142990e1ad6d4e9d2c73adb749ff50789	30-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Model trivial copy/move ctors with an aggregate bind. This is faster for the analyzer to process than inlining the constructor and performing a member-wise copy, and it also solves the problem of warning when a partially-initialized POD struct is copied. Before: CGPoint p; p.x = 0; CGPoint p2 = p; <-- assigned value is garbage or undefined After: CGPoint p; p.x = 0; CGPoint p2 = p; // no-warning This matches our behavior in C, where we don't see a field-by-field copy. <rdar://problem/12305288> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173951 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
bfa9ab8183e2fdc74f8633d758cb0c6201314320	25-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Replace "-analyzer-ipa" with "-analyzer-config ipa". The idea is to eventually place all analyzer options under "analyzer-config". In addition, this lays the ground for introduction of a high-level analyzer mode option, which will influence the default setting for IPAMode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173385 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
64eb070234bc4cd4fd2debf3a91c6e2d8f0d32d8	16-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: parameter rename. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172595 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
bdc691f1d61765dd806d5ae3b75ae004f676a7c9	14-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add ProgramStatePartialTrait<const void *>. This should fix cast-away-const warnings reported by David Greene. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172446 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h rogramStateTrait.h
469e73035c745f39edf7fe882edb09c06559e581	14-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Fix cast-away-const warning by using const_cast. Patch by David Greene, modified by me. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172445 91177308-0d34-0410-b5e6-96231b3b80d8 rogramStateTrait.h
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f	12-Jan-2013	Dmitri Gribenko <gribozavr@gmail.com>	Remove useless 'llvm::' qualifier from names like StringRef and others that are brought into 'clang' namespace by clang/Basic/LLVM.h git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h oreEngine.h Vals.h ymbolManager.h
9946fc735d7285f2195f89635370f534afd9877e	12-Jan-2013	Dmitri Gribenko <gribozavr@gmail.com>	Add missing includes and forward declarations so that headers don't depend on other headers included before them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172320 91177308-0d34-0410-b5e6-96231b3b80d8 rogramStateTrait.h aintManager.h orkList.h
344c77aac25e5d960aced3f45fbaa09853383f6d	03-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Rename callback EndPath -> EndFunction This better reflects when callback is called and what the checkers are relying on. (Both names meant the same pre-IPA.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171432 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
30f102b2782d08eb3ea61dd20a2ff7326a15fe1e	21-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't perform an expensive assertion in release builds. Unfortunately, we don't seem to have a standard way to do this. I'm using the __OPTIMIZE__ GNU extension that Clang also defines, but that doesn't help MSVC. I suppose we could remove the check entirely, but it's useful for developing new constraint managers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170915 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
1655bcd052a67a3050fc55df8ecce57342352e68	21-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's nitpicks as per code review of r170625. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h rogramState.h
bf53dfac8195835028bd6347433f7dbebcc29fc1	20-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add the pointer escaped callback. Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape. Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h rogramState.h tore.h ubEngine.h
7959671d456c916706a5f61af609d8f1fc95decf	17-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Implement "do not inline large functions many times" performance heuristic After inlining a function with more than 13 basic blocks 32 times, we are not going to inline it anymore. The idea is that inlining large functions leads to drastic performance implications. Since the function has already been inlined, we know that we've analyzed it in many contexts. The following metrics are used: - Large function is a function with more than 13 basic blocks (we should switch to another metric, like cyclomatic complexity) - We consider that we've inlined a function many times if it's been inlined 32 times. This number is configurable with -analyzer-config max-times-inline-large=xx This heuristic addresses a performance regression introduced with inlining on one benchmark. The analyzer on this benchmark became 60 times slower with inlining turned on. The heuristic allows us to analyze it in 24% of the time. The performance improvements on the other benchmarks I've tested with are much lower - under 10%, which is expected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170361 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
75f31c4862643ab09479c979fabf754e7ffe1460	07-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Optimization heuristic: do not reanalyze every ObjC method as top level. This heuristic is already turned on for non-ObjC methods (inlining-mode=noredundancy). If a method has been previously analyzed, while being inlined inside of another method, do not reanalyze it as top level. This commit applies it to ObjCMethods as well. The main caveat here is that to catch the retain release errors, we are still going to reanalyze all the ObjC methods but without inlining turned on. Gives 21% performance increase on one heavy ObjC benchmark, which suffered large performance regressions due to ObjC inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169639 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
5204d9e2fe0ea4e4b9c85087e355021c93221764	07-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove possible pessimizations from r169563. Thanks for reminding me about copy-elision, David. Passing references here doesn't help when we could get move construction in C++11. If we really cared, we'd use std::swap to steal the reference from the temporary arg, but it's probably not /that/ critical outside of Profile anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169570 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h xplodedGraph.h
0a6e09f67c719c318856be19d57e19972101f62c	07-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Avoid ProgramStateRef copy constructors. Suggested by David Blaikie. ExplodedNode, CallEvent, and CheckerContext all hang onto their ProgramState, so the accessors can return a reference to the internal state rather than preemptively copying it. This helps avoid temporary ProgramStateRefs, though local variables will still (correctly) do an extra retain and release. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169563 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h heckerContext.h xplodedGraph.h
9428723d6730f4fd257e15b78d24991ae95bbd84	06-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove unused fields from ExprEngine. 'currStmt', 'CleanedState', and 'EntryNode' were being set, but only ever used locally. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169529 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
fbe4d36f1f83ca12b532e0a946cbffcdb54f904c	06-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Speed up ExplodedNode::Profile by avoiding copy constructors. ProgramStateRef::Retain isn't free! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169525 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
7affe151f5689b2d3547b8947c4099532c78a021	06-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove bindExprAndLocation, which does extra work for no gain. This feature was probably intended to improve diagnostics, but was currently only used when dumping the Environment. It shows what location a given value was loaded from, e.g. when evaluating an LValueToRValue cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169522 91177308-0d34-0410-b5e6-96231b3b80d8 nvironment.h rogramState.h
e3ce2c10c3f6ae7b26700d758de909deab190d42	06-Dec-2012	Ted Kremenek <kremenek@apple.com>	Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator. This is a nice conceptual cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
24570c4c258545f8310e4bc96503a5668982cf67	06-Dec-2012	Ted Kremenek <kremenek@apple.com>	Pull logic to map from VarDecl* to captured region using a helper function. WIP. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169479 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
30a2e16f6c27f888dd11eba6bbbae1e980078fcb	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort #include lines for all files under include/... This is a simpler sort, entirely automatic with the help of llvm/utils/sort_includes.py -- no manual edits here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169238 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h onstraintManager.h oreEngine.h xplodedGraph.h xprEngine.h unctionSummary.h emRegion.h rogramState.h ValBuilder.h Vals.h tore.h ymbolManager.h
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h
9852f58f50b4fc20914fbce5b4454135a42343f4	01-Dec-2012	Benjamin Kramer <benny.kra@googlemail.com>	Don't include Type.h in DeclarationName.h. Recursively prune some includes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169094 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
683b70c70dc47532af1215e4b1566de9d47a3be5	30-Nov-2012	Chandler Carruth <chandlerc@gmail.com>	Update to reflect the change of macro name in r168993. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168994 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
dcd42fbb418cf662c136cb035e235a44b58ad91e	30-Nov-2012	Jordan Rose <jordan_rose@apple.com>	Use the new LLVM_LVALUE_FUNCTION to ban two getAs() calls on rvalues. If 'x' is a temporary, x.getAs<Foo>() may not be safe if the result is supposed to persist (if its address is stored somewhere). Since getAs() can return a null value, the result is almost always stored into a variable, which of course is not safe when the original value dies. This has caused several bugs with GCC's "Temporaries May Vanish Sooner Than You Expect" optimization; in C++11 builds, at least, we'll be able to catch these problems now. I would suggest applying these to other getAs() and get*As() methods (castAs is "better" because sometimes the result is used directly, which means the temporary will still be live), but these two have both caused trouble in the analyzer in the past. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168967 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
a4317709127e3b63c44a34f9fa1c3f8abe6a77a3	29-Nov-2012	Ted Kremenek <kremenek@apple.com>	Change SValBuilder::getConditionType() to return BoolTy in C++. Fixes <rdar://problem/12772656>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168846 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
48a7345a0bffcb01290447c73c6f17680d80f02f	17-Nov-2012	Benjamin Kramer <benny.kra@googlemail.com>	Remove copy ctor that provides no value over the default. It's also simpler to just copy the words than mangling bits like this ctor did. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168258 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
84c484545c5906ba55143e212b4a5275ab55889f	15-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Mark symbol values as dead in the environment. This allows us to properly remove dead bindings at the end of the top-level stack frame, using the ReturnStmt, if there is one, to keep the return value live. This in turn removes the need for a check::EndPath callback in leak checkers. This does cause some changes in the path notes for leak checkers. Previously, a leak would be reported at the location of the closing brace in a function. Now, it gets reported at the last statement. This matches the way leaks are currently reported for inlined functions, but is less than ideal for both. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168066 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
964490c0a8bd3398dc85d224a167ca9c35a36c85	07-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add some examples for the common REGISTER_*_WITH_PROGRAMSTATEs. No functionality change (doc comments only). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167523 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
d1ad5e5d6c895f809ada5b420060b2ec0b48567b	06-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Remove isWithinInlined. It's been replaced with inTopFrame(). Thanks Jordan. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167438 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
40d8551890bc8454c4e0a28c9072c9c1d1dd588a	05-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.h As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167385 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h rogramStateTrait.h
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb	03-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Run remove dead on end of path. This will simplify checkers that need to register for leaks. Currently, they have to register for both: check dead and check end of path. I've modified the SymbolReaper to consider everything on the stack dead if the input StackLocationContext is 0. (This is a bit disruptive, so I'd like to flash out all the issues asap.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ymbolManager.h
fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fec	03-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] add LocationContext::inTopFrame() helper. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167351 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
b355be838a22a511d078504b2277f70aea52ca85	03-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: Remove Pred from NodeBuilderContext. Node builders should manage the nodes, not the context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167350 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
2f3017f9cbd3774f690c979410bfec38423d03af	03-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add some convenience accessors to CallEvent, and use them. These are CallEvent-equivalents of helpers already accessible in CheckerContext, as part of making it easier for new checkers to be written using CallEvent rather than raw CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167338 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h heckerContext.h
d624607d4196e4b37d235daa14699bcb3c1012a6	03-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] isCLibraryFunction: check that the function is at TU-scope. Also, Decls already carry a pointer to the ASTContext, so there's no need to pass an extra argument to the predicate. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167337 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
466224fd068a0a0084968a7f521a690a51c3b226	02-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Convert some of the harder cases over to ProgramStateTrait macros. Add FIXMEs for the traits visible from multiple translation units. Currently the macros hide their key types in an anonymous namespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167277 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h aintManager.h
166d502d5367ceacd1313a33cac43b1048b8524d	02-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list). Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h rogramStateTrait.h
785950e59424dca7ce0081bebf13c0acd2c4fff6	02-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename 'EmitReport' to 'emitReport'. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167275 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
3cdd84318a3ae43fa31da849f1a6d3eeb8a39d2d	01-Nov-2012	NAKAMURA Takumi <geek4civic@gmail.com>	clang/include/clang/StaticAnalyzer/Core/PathSensitive/ConstraintManager.h: Appease msvc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167199 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
baf764092c76d74fb1528cfd62540ae7dc01efbd	01-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Optimize assumeDual by assuming constraint managers are consistent. Specifically, if adding a constraint makes the current system infeasible, assume the constraint is false, instead of attempting to add its negation. In +Asserts builds we will still assert that at least one state is feasible. Patch by Ryan Govostes! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167195 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
ec8d420d4fa57fc6b5a5a2b1446742e976a7ba00	01-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename ConditionTruthVal::isTrue to isConstrainedTrue. (and the same for isFalse) No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167186 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
c45bb4dcb648cd8b5250492afe7df254e4157aaa	31-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Let ConstraintManager subclasses provide a more efficient checkNull. Previously, every call to a ConstraintManager's isNull would do a full assumeDual to test feasibility. Now, ConstraintManagers can override checkNull if they have a cheaper way to do the same thing. RangeConstraintManager can do this in less than half the work. <rdar://problem/12608209> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167138 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
360b29c52a4c10f9d4c031d84d962ed2a4d58263	30-Oct-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix a bug in REGISTER_MAP_WITH_PROGRAMSTATE The ImmutableMap should not be the key into the GDM map as there could be several entries with the same map type. Thanks, Jordan. This complicates the usage of the macro a bit. When we want to retrieve the whole map, we need to use another name. Currently, I set it to be Name ## Ty as in "type of the map we are storing in the ProgramState". git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167000 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
ac150f2619efcadbf23acd6e86695b5412723eb1	30-Oct-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rename REGISTER_MAP_WITH_GDM ->REGISTER_MAP_WITH_PROGRAMSTATE git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166999 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
5ac1df3e15f91ed663826faec7efe2462c18d98c	29-Oct-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add checker helpers to CheckerContext. - Adding Immutable Map to GDM and getIdentifierInfo helper method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166975 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
4d9e497a2b1eab3b1214848216050c64fc3acfd6	24-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace -analyzer-no-eagerly-trim-egraph with graph-trim-interval. After every 1000 CFGElements processed, the ExplodedGraph trims out nodes that satisfy a number of criteria for being "boring" (single predecessor, single successor, and more). Rather than controlling this with a cc1 option, which can only disable this behavior, we now have an analyzer-config option, 'graph-trim-interval', which can change this interval from 1000 to something else. Setting the value to 0 disables reclamation. The next commit relies on this behavior to actually test anything. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166528 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
d4ce811ae08398e357c8ce3e707ba5f2aa0041a5	17-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] When binding to a ParenExpr, bind to its inner expression instead. This actually looks through several kinds of expression, such as OpaqueValueExpr and ExprWithCleanups. The idea is that binding and lookup should be consistent, and so if the environment needs to be modified later, the code doing the modification will not have to manually look through these "transparent" expressions to find the real binding to change. This is necessary for proper updating of struct rvalues as described in the previous commit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166121 91177308-0d34-0410-b5e6-96231b3b80d8 nvironment.h
e5a934d3c840872d58724383a83443ed38f1d831	13-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove the "direct bindings only" Environment lookup. This was only used by OSAtomicChecker and makes it more difficult to update values for expressions that the environment may look through instead (it's not the same as IgnoreParens). With this gone, we can have bindExpr bind to the inner expression that getSVal will find. Groundwork for <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165866 91177308-0d34-0410-b5e6-96231b3b80d8 nvironment.h rogramState.h
b43d87b0646aa04951056c7e0d1ab9a58eb09f66	12-Oct-2012	Sean Silva <silvas@purdue.edu>	Remove pointless classof()'s. Updates to llvm/Support/Casting.h have rendered these classof()'s irrelevant. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165770 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h emRegion.h Vals.h ymbolManager.h
aa66b08d2d8bbf05bae8c68f58724f754ab57b35	03-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Push evalDynamicCast and evalDerivedToBase up to Store. These functions are store-agnostic, and would benefit from information in DynamicTypeInfo but gain nothing from the store type. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165078 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
622b6fb0a1d280c16e135c7e427b79cafffbde1f	01-Oct-2012	Ted Kremenek <kremenek@apple.com>	Have AnalyzerOptions::getBooleanOption() stick the matching config string in the config table so that it can be dumped as part of the config dumper. Add a test to show that these options are sticking and can be cross-checked using FileCheck. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164954 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
ca5d78d0bc3010164f2f9682967d64d7e305a167	01-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make ProgramStateManager's SubEngine parameter optional. It is possible and valid to have a state manager and associated objects without having a SubEngine or checkers. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164947 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h rogramState.h
2e4457a006fa2beaa87d909b743aa8f09fbf9ec6	30-Sep-2012	Bob Wilson <bob.wilson@apple.com>	Whitespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164900 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
732cdf383f9030ff2b9fb28dfbdae2285ded80c6	26-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove unnecessary ASTContext& parameter from SymExpr::getType(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h ymbolManager.h
afbb66262948732dc0f9617ffd80768c7145e0c7	26-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove 'const' version of getBasicVals(), which is useless. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164643 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h rogramState.h
8cd3f1505f7c8b71cb77aeb8027e6059eb8b6289	24-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Remove unused. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164542 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
ddc0c4814788dda4ef224cd4d22d07154a6ede49	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Simplify getRuntimeDefinition() back to taking no arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
a43df9539644bf1c258e12710cd69d79b0b078cd	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Implement faux-body-synthesis of well-known functions in the static analyzer when their implementations are unavailable. Start by simulating dispatch_sync(). This change is largely a bunch of plumbing around something very simple. We use AnalysisDeclContext to conjure up a fake function body (using the current ASTContext) when one does not exist. This is controlled under the analyzer-config option "faux-bodies", which is off by default. The plumbing in this patch is largely to pass the necessary machinery around. CallEvent needs the AnalysisDeclContextManager to get the function definition, as one may get conjured up lazily. BugReporter and PathDiagnosticLocation needed to be relaxed to handle invalid locations, as the conjured body has no real source locations. We do some primitive recovery in diagnostic generation to generate some reasonable locations (for arrows and events), but it can be improved. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
be2fa7ebf01259b63dc52fe46c8d101c18e72269	18-Sep-2012	Craig Topper <craig.topper@gmail.com>	Mark unimplemented copy constructors and copy assignment operators with LLVM_DELETED_FUNCTION. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164102 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0	17-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Teach the analyzer about implicit initialization of statics in ObjCMethods. Extend FunctionTextRegion to represent ObjC methods as well as functions. Note, it is not clear what type ObjCMethod region should return. Since the type of the FunctionText region is not currently used, defer solving this issue. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164046 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
f56faa01936b9cf909623d7f06e3c2569ca4a78e	15-Sep-2012	Dmitri Gribenko <gribozavr@gmail.com>	Use LLVM_DELETED_FUNCTION in place of 'DO NOT IMPLEMENT' comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163983 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h oreEngine.h
5f7c0add1ea1d8e1d2f920d77fd1a7b6160c2d93	13-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Don't reimplement an existing function. Thanks Jordan. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163762 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
4ef19205b6912316296db74a9073ad6fa60e4cca	13-Sep-2012	Ted Kremenek <kremenek@apple.com>	Refactor logic in ExprEngine for detecting 'noreturn' methods in NSException to a helper object in libAnalysis that can also be used by Sema. Not sure if the predicate name 'isImplicitNoReturn' is the best one, but we can massage that later. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163759 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
16e6a7cb41319459ded69b4d47f405c1035dd347	13-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not report use of undef on "return foo();" when the return type is void. Fixes a false positive found by analyzing LLVM code base. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
522fc21f3adc647817edc8017e6928a64c96899b	13-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Teach UndefOrNullArgVisitor to track parent regions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163748 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
00b4f64ecb26b031c1f4888f39be6c706156356a	11-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Member function calls that use qualified names are non-virtual. C++11 [expr.call]p1: ...If the selected function is non-virtual, or if the id-expression in the class member access expression is a qualified-id, that function is called. Otherwise, its final overrider in the dynamic type of the object expression is called. <rdar://problem/12255556> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163577 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2	11-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not count calls to small functions when computing stack depth. We only want to count how many substantial functions we inlined. This is an improvement to r163558. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163571 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
ce15cce38c34ae73348457da73c52df81cde3588	09-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove dead method ProgramState::MarshalState(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163479 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove ProgramState::getSymVal(). It was being misused by Checkers, with at least one subtle bug in MacOSXKeyChainAPIChecker where the calling the method was a substitute for assuming a symbolic value was null (which is not the case). We still keep ConstraintManager::getSymVal(), but we use that as an optimization in SValBuilder and ProgramState::getSVal() to constant-fold SVals. This is only if the ConstraintManager can provide us with that information, which is no longer a requirement. As part of this, introduce a default implementation of ConstraintManager::getSymVal() which returns null. For Checkers, introduce ConstraintManager::isNull(), which queries the state to see if the symbolic value is constrained to be a null value. It does this without assuming it has been implicitly constant folded. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h rogramState.h
526b4a63cd567393fd43af837ac9d0f35fc267f7	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Add default implementation of ConstraintManager::getSymVal() and a doxygen comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163426 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
ace64b5f6a338111084bf4a7c9b7488a9965ef4e	08-Sep-2012	Ted Kremenek <kremenek@apple.com>	Remove ConstraintManager:isEqual(). It is no longer used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163425 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
200fa2e70d52ae6d620e81cd45536071fdde70c0	06-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't attempt to devirtualize calls to base class destructors. CXXDestructorCall now has a flag for when it is a base destructor call. Other kinds of destructor calls (locals, fields, temporaries, and 'delete') all behave as "whole-object" destructors and do not behave differently from one another (specifically, in these cases we /should/ try to devirtualize a call to a virtual destructor). This was causing crashes in both our internal buildbot, the crash still being tracked in PR13765, and some of the crashes being tracked in PR13763, due to a assertion failure. (The behavior under -Asserts happened to be correct anyway.) Adding this knowledge also allows our DynamicTypePropagation checker to do a bit less work; the special rules about virtual method calls during a destructor only require extra handling during base destructors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163348 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h xprEngine.h
6ebea89be233eaba5e29de8cf3524ad150c860bb	05-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Be more forgiving about calling methods on struct rvalues. The problem is that the value of 'this' in a C++ member function call should always be a region (or NULL). However, if the object is an rvalue, it has no associated region (only a conjured symbol or LazyCompoundVal). For now, we handle this in two ways: 1) Actually respect MaterializeTemporaryExpr. Before, it was relying on CXXConstructExpr to create temporary regions for all struct values. Now it just does the right thing: if the value is not in a temporary region, create one. 2) Have CallEvent recognize the case where its 'this' pointer is a non-region, and just return UnknownVal to keep from confusing clients. The long-term problem is being tracked internally in <rdar://problem/12137950>, but this makes many test cases pass. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163220 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
fd11957f02da689480618d5fc642ef14164e9cdc	05-Sep-2012	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Treat all struct values as regions (even rvalues)." This turned out to have many implications, but what eventually seemed to make it unworkable was the fact that we can get struct values (as LazyCompoundVals) from other places besides return-by-value function calls; that is, we weren't actually able to "treat all struct values as regions" consistently across the entire analyzer core. Hopefully we'll be able to come up with an alternate solution soon. This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163218 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h Vals.h
91ab900a939e95d965e18299b66928fdbe2aa38d	01-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Disallow creation of int vals with explicit bit width / signedness. All clients of BasicValueFactory should be using QualTypes instead, and indeed it seems they are. This caught the (fortunately harmless) bug fixed in the previous commit. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163069 91177308-0d34-0410-b5e6-96231b3b80d8 PSIntType.h asicValueFactory.h ValBuilder.h
02df4f0aef142f00d4637cd851e54da2a123ca8e	01-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Treat all struct values as regions (even rvalues). This allows us to correctly symbolicate the fields of structs returned by value, as well as get the proper 'this' value for when methods are called on structs returned by value. This does require a moderately ugly hack in the StoreManager: if we assign a "struct value" to a struct region, that now appears as a Loc value being bound to a region of struct type. We handle this by simply "dereferencing" the struct value region, which should create a LazyCompoundVal. This should fix recent crashes analyzing LLVM and on our internal buildbot. <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163066 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h Vals.h
5699f62df144545702b91e91836a63db4e5f2627	01-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Always derive a CallEvent's return type from its origin expr. Previously, we preferred to get a result type by looking at the callee's declared result type. This allowed us to handlereferences, which are represented in the AST as lvalues of their pointee type. (That is, a call to a function returning 'int &' has type 'int' and value kind 'lvalue'.) However, this results in us preferring the original type of a function over a casted type. This is a problem when a function pointer is casted to another type, because the conjured result value will have the wrong type. AdjustedReturnValueChecker is supposed to handle this, but still doesn't handle the case where there is no "original function" at all, i.e. where the callee is unknown. Now, we instead look at the call expression's value kind (lvalue, xvalue, or prvalue), and adjust the expr's type accordingly. This will have no effect when the function is inlined, and will conjure the value that will actually be used when it is not. This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately, the cases where it would still be useful are where we need to cast the result of an inlined function or a checker-evaluated function, and in these cases we don't know what we're casting /from/ by the time we can do post- call checks. In light of that, remove AdjustedReturnValueChecker, which was already not checking quite a few calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163065 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
987695a5ddd78beca784d4e503ffbc2dc879181a	31-Aug-2012	Ted Kremenek <kremenek@apple.com>	Move AnalyzerOptions.h into 'Core' StaticAnalyzer sub-library. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162977 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
fbcb3f11fc90e9f00e6074e9b118b8dc11ca604c	31-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Refactor the logic that determines if a functions should be reanalyzed. The policy on what to reanalyze should be in AnalysisConsumer with the rest of visitation order logic. There is no reason why ExprEngine needs to pass the Visited set to CoreEngine, it can populate it itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162957 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h
dc601f4a9f69315521abddbca04d4652deee5fdb	31-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fixup for r162935 as per Jordan's review. Thanks for catching this! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162949 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
05fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3	30-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not propagate the [super init] could be nil assumption from callee to caller. radar://12109638 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162935 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
3b8a04004afa46057a9af4afbd086be71d619793	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'VisualizeEGUbi' and 'VisualizeEGDot' to 'visualizeExplodedGraphWithUbigGraph' and 'visualizeExplodedGraphWithGraphViz' respectively. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162931 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
0caa2d47b84337e942b3f6652adfafe4ae506cfe	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename AnalyzerOptions 'EagerlyAssume' to 'eagerlyAssumeBinOpBifurcation'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162930 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
255d4d4226b24036ceb11228fbb74286e58620f7	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Store const& to AnalyzerOptions in AnalysisManager instead of copying individual flags. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162929 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h heckerContext.h
5705a40c7ec62f1a903bf26e1e6a7f91b5b98ba3	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Move AnalyzerOptions.h to include/clang/StaticAnalyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162928 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
7b73e0832b20af1f43601a3d19e76d02d9f4dce5	29-Aug-2012	Ted Kremenek <kremenek@apple.com>	Add new -cc1 driver option -analyzer-config, which allows one to specify a comma separated collection of key:value pairs (which are strings). This allows a general way to provide analyzer configuration data from the command line. No clients yet. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162827 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h heckerContext.h
6062334cc388bce69fb3978c4ecb26c6485a5c2b	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename CallEvent::mayBeInlined to CallEvent::isCallStmt. The two callers are using this in order to be conservative, so let's just clarify the information that's actually being provided here. This is not related to inlining decisions in any way. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162717 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
3682f1ea9c7fddc7dcbc590891158ba40f7fca16	25-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use the common evalBind infrastructure for initializers. This allows checkers (like the MallocChecker) to process the effects of the bind. Previously, using a memory-allocating function (like strdup()) in an initializer would result in a leak warning. This does bend the expectations of checkBind a bit; since there is no assignment expression, the statement being used is the initializer value. In most cases this shouldn't matter because we'll use a PostInitializer program point (rather than PostStmt) for any checker-generated nodes, though we /will/ generate a PostStore node referencing the internal statement. (In theory this could have funny effects if someone actually does an assignment within an initializer; in practice, that seems like it would be very rare.) <rdar://problem/12171711> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162637 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
df5faf5e7ae6823d0af0b801c4ac26d47f2cee97	25-Aug-2012	Chad Rosier <mcrosier@apple.com>	[ms-inline asm] As part of a larger refactoring, rename AsmStmt to GCCAsmStmt. No functional change intended. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162632 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
53b890ba226e8c84a157ab5e757b93666cc6859d	24-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] More fixups/rewording based on Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162597 91177308-0d34-0410-b5e6-96231b3b80d8 ynamicTypeInfo.h rogramState.h
81e6cfddcbb32eb9bbbee5c3f5156fc19ca7e774	24-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's review comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162579 91177308-0d34-0410-b5e6-96231b3b80d8 ynamicTypeInfo.h
e54778d77d4f2b2d006bdb7e16f49271e1e9d13d	24-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Move DynamicTypeInfo out of the ProgramState.h (I am not sure if we should move the setters and getters as well and make them into static methods..) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162528 91177308-0d34-0410-b5e6-96231b3b80d8 ynamicTypeInfo.h rogramState.h
5a90193ad825656d4a03099cd5e9c928d1782b5e	24-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Make analyzer less aggressive when dealing with [self init]. With inlining, retain count checker starts tracking 'self' through the init methods. The analyser results were too noisy if the developer did not follow 'self = [super init]' pattern (which is common especially in older code bases) - we reported self init anti-pattern AND possible use-after-free. This patch teaches the retain count checker to assume that [super init] does not fail when it's not consumed by another expression. This silences the retain count warning that warns about possibility of use-after-free when init fails, while preserving all the other checking on 'self'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162508 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
70517ca5c07c4b41ff8662b94ee22047b0299f8c	23-Aug-2012	Dmitri Gribenko <gribozavr@gmail.com>	Fix a bunch of -Wdocumentation warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162452 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h heckerContext.h
ad0fe03b897f9486191e75c8d90c3ffa9b4fd6a5	23-Aug-2012	Ted Kremenek <kremenek@apple.com>	Fix an assortment of doxygen comment issues found by -Wdocumentation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162412 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
1becab2120142b1be87d684a68d3bea98f5abfb5	22-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add more comments to CallEvent and RuntimeDefinition. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162399 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h rogramState.h
e3f3825bd82f84f2a1ae0a02274a33298bb720b3	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Remove BasicConstraintManager. It hasn't been in active service for a while. As part of this change, I discovered that a few of our tests were not testing the RangeConstraintManager. Luckily all of those passed when I moved them over to use that constraint manager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162384 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
56a46b51df691f857f7120aaf2d4deeff0b014de	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to 'killBinding()'. The name is more specific, and one just forwarded to the other. Add some doxygen comments along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
66c486f275531df6362b3511fc3af6563561801b	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'currentX' to 'currX' throughout analyzer and libAnalysis. Also rename 'getCurrentBlockCounter()' to 'blockCount()'. This ripples a bunch of code simplifications; mostly aesthetic, but makes the code a bit tighter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xprEngine.h
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'getConjuredSymbol*' to 'conjureSymbol*'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h ymbolManager.h
32a549a64922af0903bdb777613ae7ae4490b70f	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and all forwarding methods. This functionality is already covered by bindLoc(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
5be88dc79d2768d67371103b6535fb8c4a6f27a1	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and add doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
1833d284346b9fa11aae4e6aa07381347c04745c	20-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add comments to ExplodedNode::NodeGroup. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162216 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
fa06f0464a04bb7fce1fcfb3780d151bb029e00c	20-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Replace boolean IsSink parameters with 'generateSink' methods. Generating a sink is significantly different behavior from generating a normal node, and a simple boolean parameter can be rather opaque. Per offline discussion with Anna, adding new generation methods is the clearest way to communicate intent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162215 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
46e778145c56cd9b42cb399795a294b29cb78b62	18-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use PointerUnion to implement ExplodedNode::NodeGroup. We shouldn't be reinventing our own wheels. This also paves the way for marking different kinds of sinks. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162154 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
8ecf59afbab1dbf184dc4c0c47e7213cbd32ba0a	17-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make BlockDataRegions typed, so that they have DynamicTypeInfo. Fixes <rdar://problem/12119814> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162123 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
c4bac8e376b98d633bb00ee5f510d5e58449753c	16-Aug-2012	Ted Kremenek <kremenek@apple.com>	Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time. This fixes several issues: - removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer, but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer was used by itself. - emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings, as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine). As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped, just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now the tests have higher fidelity with what users will see. There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph) once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue) for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular consumer expects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162028 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
09647f28d7955d0c948ebbbb376a46844056f11a	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Doxygen comments in ObjCMethodCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161917 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
0ad36baedc516005cb6ea97d96327517ebfe5138	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Correctly devirtualize virtual method calls in destructors. C++11 [class.cdtor]p4: When a virtual function is called directly or indirectly from a constructor or from a destructor, including during the construction or destruction of the class’s non-static data members, and the object to which the call applies is the object under construction or destruction, the function called is the final overrider in the constructor's or destructor's class and not one overriding it in a more-derived class. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
5375d82d1d096ddd8879d8e6641a8f042b0d1d43	14-Aug-2012	Aaron Ballman <aaron@aaronballman.com>	Changing an enumeration to a const int to fix MSVC compiler warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161877 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
42c72c258e08ca79c9267346b4badcddd8fcd001	14-Aug-2012	Benjamin Kramer <benny.kra@googlemail.com>	Do NOT use inline functions with LLVM_ATTRIBUTE_USED. The function will be emitted into every single TU including the header! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161872 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
955cd444f445bcdbade1cdd3926254c8ee7890d8	14-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add getStackFrame() to CheckerContext and ExplodedNode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161819 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h xplodedGraph.h
645baeed6800f952e9ad1d5666e01080385531a2	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall. While there is now some duplication between SimpleCall and the CXXInstanceCall sub-hierarchy, this is much better than copy-and-pasting the devirtualization logic shared by both instance methods and destructors. An unfortunate side effect is that there is no longer a single CallEvent type that corresponds to "calls written as CallExprs". For the most part this is a good thing, but the checker callback eval::Call still takes a CallExpr rather than a CallEvent (since we're not sure if we want to allow checkers to evaluate other kinds of calls). A mistake here will be caught by a cast<> in CheckerManager::runCheckersForEvalCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161809 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h xprEngine.h
b11a3ada9a22e146c6edd33bcc6301e221fedd7a	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts. ...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class. This allows us to enforce the invariant that a CXXBaseObjectRegion can always provide an offset for its base region if its base region has a known class type, by only allowing virtual bases and direct non-virtual bases to form CXXBaseObjectRegions. This does mean some slight problems for our modeling of dynamic_cast, which needs to be resolved by finding a path from the current region to the class we're trying to cast to. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h Vals.h
f9c29088a8f64d4af2423fb7b556419597c996df	11-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove unused StoreManager::CastResult class. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161715 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9	10-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Track if a region can be a subclass in the dynamic type info. When object is allocated with alloc or init, we assume it cannot be a subclass (currently used only for bifurcation purposes). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
3f558af01643787d209a133215b0abec81b5fe30	10-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases when we don't need to split. In some cases we know that a method cannot have a different implementation in a subclass: - the class is declared in the main file (private) - all the method declarations (including the ones coming from super classes) are in the main file. This can be improved further, but might be enough for the heuristic. (When we are too aggressive splitting the state, efficiency suffers. When we fail to split the state coverage might suffer.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161681 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
824e07ac8f5c9efdddb4254de0203b9675b1ef0b	10-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Cache the "concrete offset base" for regions with symbolic offsets. This makes it faster to access and invalidate bindings with symbolic offsets by only computing this information once. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161635 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
bf74b568182bcfbe711b6a4f74293d007b8d5f00	10-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Devirtualize StoreManager::evalDerivedToBase(SVal, CastExpr) This was triggering -Woverloaded-virtual, but there's really no reason for the cast version to be virtual anyway. It just calls through to the QualType entry point. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161631 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
2c5f8d79ed128892fa548a3308a938a3a53fbb5e	09-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] A CXXBaseObjectRegion should correspond to a DIRECT base. An ASTContext's RecordLayoutInfo can only be used to look up offsets of direct base classes, and we need the offset to make non-symbolic bindings in RegionStore. This change makes sure that we have one layer of CXXBaseObjectRegion for each base we are casting through. This was causing crashes on an internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161621 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
d4fe57f7f7a8793227effc1274d70ec44cee9a4f	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rename the function to better reflect what it actually does. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161617 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
5960f4aeac9760198c80e05d70d8dadb1db0ff0e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Improve readability of the dyn. dispatch bifurcation patch r161552. As per Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161603 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
fc05decf08feefd2ffe8cc250219aee6eab3119c	09-Aug-2012	Anna Zaks <ganna@apple.com>	Unbreak the build. Declaring "const Decl *Decl" is not a good idea. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161567 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
e90d3f847dcce76237078b67db8895eb7a24189e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Bifurcate the path with dynamic dispatch. This is an initial (unoptimized) version. We split the path when inlining ObjC instance methods. On one branch we always assume that the type information for the given memory region is precise. On the other we assume that we don't have the exact type info. It is important to check since the class could be subclassed and the method can be overridden. If we always inline we can loose coverage. Had to refactor some of the call eval functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h xprEngine.h
919e8a1c6698bfa6848571d366430126bced727d	08-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Clean up the printing of FieldRegions for leaks. Unfortunately, generalized region printing is very difficult: - ElementRegions are used both for casting and as actual elements. - Accessing values through a pointer means going through an intermediate SymbolRegionValue; symbolic regions are untyped. - Referring to implicitly-defined variables like 'this' and 'self' could be very confusing if they come from another stack frame. We fall back to simply not printing the region name if we can't be sure it will print well. This will allow us to improve in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161512 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
e0d24eb1060a213ec9820dc02c45f26b2d5b348b	08-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets. RegionStore currently uses a (Region, Offset) pair to describe the locations of memory bindings. However, this representation breaks down when we have regions like 'array[index]', where 'index' is unknown. We used to store this as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC). Furthermore, ProgramState::scanReachableSymbols depended on the existence of a sub-region map, but RegionStore's implementation doesn't provide for such a thing. Moving the store-traversing logic of scanReachableSymbols into the StoreManager allows us to eliminate the notion of SubRegionMap altogether. This fixes some particularly awkward broken test cases, now in array-struct-region.c. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h rogramState.h tore.h
c7ecc43c33a21b82c49664910b19fcc1f555aa51	07-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a checker to manage dynamic type propagation. Instead of sprinkling dynamic type info propagation throughout ExprEngine, the added checker would add the more precise type information on known APIs (Ex: ObjC alloc, new) and propagate the type info in other cases (ex: ObjC init method, casts (the second is not implemented yet)). Add handling of ObjC alloc, new and init to the checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h rogramState.h
9da59a67a27a4d3fc9d59552f07808a32f85e9d3	04-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Track null/uninitialized C++ objects used in method calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161278 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
148fee988e32efcad45ecf7b3bf714880c657dda	03-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] ObjC Inlining: Start tracking dynamic type info in the GDM In the following code, find the type of the symbolic receiver by following it and updating the dynamic type info in the state when we cast the symbol from id to MyClass *. MyClass *a = [[self alloc] init]; return 5/[a testSelf]; git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161264 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
e1ce783708b65eaa832ffad03d239264046dd0eb	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Turn -cfg-add-initializers on by default, and remove the flag. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161060 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
ef15831780b705475e7b237ac16418e9b53cb7a6	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Let CallEvent decide what goes in an inital stack frame. This removes explicit checks for 'this' and 'self' from Store::enterStackFrame. It also removes getCXXThisRegion() as a virtual method on all CallEvents; it's now only implemented in the parts of the hierarchy where it is relevant. Finally, it removes the option to ask for the ParmVarDecls attached to the definition of an inlined function, saving a recomputation of the result of getRuntimeDefinition(). No visible functionality change! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161017 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
57c033621dacd8720ac9ff65a09025f14f70e22f	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Perform post-call checks for all inlined calls. Previously, we were only checking the origin expressions of inlined calls. Checkers using the generic postCall and older postObjCMessage callbacks were ignored. Now that we have CallEventManager, it is much easier to create a CallEvent generically when exiting an inlined function, which we can then use for post-call checks. No test case because we don't (yet) have any checkers that depend on this behavior (which is why it hadn't been fixed before now). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161005 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
2d18419a7c8f9a2975d4ed74a202de6467308ad1	30-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Very simple ObjC instance method inlining - Retrieves the type of the object/receiver from the state. - Binds self during stack setup. - Only explores the path on which the method is inlined (no bifurcation to explore the path on which the method is not inlined). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h rogramState.h
e13056a8bb532ddfdc07952a13169aa422bacd3b	30-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add -analyzer-ipa=dynamic option for inlining dynamically dispatched methods. Disabled by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160988 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
d563d3fb73879df7147b8a5302c3bf0e1402ba18	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Only allow CallEvents to be created by CallEventManager. This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h xprEngine.h
a989aebecde3d2fd374b894e894a950b0bd9cf67	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove declaration of refactored evalObjCMessage method. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160985 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
972a3680bdd95f2e9d6316b391f1c47513dc78cc	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Introduce a CallEventManager to keep a pool of CallEvents. This allows us to get around the C++ "virtual constructor" problem when we'd like to create a CallEvent from an ExplodedNode, an inlined StackFrameContext, or another CallEvent. The solution has three parts: - CallEventManager uses a BumpPtrAllocator to allocate CallEvent-sized memory blocks. It also keeps a cache of freed CallEvents for reuse. - CallEvents all have protected copy constructors, along with cloneTo() methods that use placement new to copy into CallEventManager-managed memory, vtables intact. - CallEvents owned by CallEventManager are now wrapped in an IntrusiveRefCntPtr. Going forwards, it's probably a good idea to create ALL CallEvents through the CallEventManager, so that we don't accidentally try to reclaim a stack-allocated CallEvent. All of this machinery is currently unused but will be put into use shortly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160983 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h rogramState.h
6fbe0317aa38dbac22a29f7519c52db838aa1990	27-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's and Fariborz's review of r160768. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160883 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
7c99aa385178c630e29f671299cdd9c104f1c885	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] CallEvent is no longer a value object. After discussion, the type-based dispatch was decided to be bad for maintenance and made it very easy for subtle bugs to creep in. Instead, we'll just be very careful when we do have to allocate these on the heap. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160817 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8 allEvent.h alls.h
3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle C++ member initializers and destructors. This uses CFG to tell if a constructor call is for a member, and uses the member's region appropriately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
888c90ac0ef6baf7d47e86cf5cc4715707d223b1	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle base class initializers and destructors. Most of the logic here is fairly simple; the interesting thing is that we now distinguish complete constructors from base or delegate constructors. We also make sure to cast to the base class before evaluating a constructor or destructor, since non-virtual base classes may behave differently. This includes some refactoring of VisitCXXConstructExpr and VisitCXXDestructor in order to keep ExprEngine.cpp as clean as possible (leaving the details for ExprEngineCXX.cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160806 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
9dc5167e4017ef4c8b327abb6f72225eec2e0f19	26-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Inline ObjC class methods. - Some cleanup(the TODOs) will be done after ObjC method inlining is complete. - Simplified CallEvent::getDefinition not to require ISDynamicDispatch parameter. - Also addressed Jordan's comments from r160530. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160768 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h xprEngine.h
a2ad394dad8c90fb0374756a331d4a141f4a227d	26-Jul-2012	Ted Kremenek <kremenek@apple.com>	Remove the ability to stash arbitrary pointers into UndefinedVal (no longer needed). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160764 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
829846b5002d7f8d6a54b9c58c3ecf7cac56d2cc	25-Jul-2012	Ted Kremenek <kremenek@apple.com>	Remove ExprEngine::MarkBranch(), as it is no longer needed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160761 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
e81ce256b62717dd846bd19aecc4115a0dcd4995	20-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Refactor VisitObjCMessage and VisitCallExpr to rely on the same implementation for call evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160530 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
7dfbfb1835198bf0cb4b0caaa5d9f3c6301f9920	19-Jul-2012	Richard Smith <richard-llvm@metafoo.co.uk>	Silence GCC warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160485 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
8919e688dc610d1f632a4d43f7f1489f67255476	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall. As pointed out by Anna, we only differentiate between explicit message sends This also adds support for ObjCSubscriptExprs, which are basically the same as properties in many ways. We were already checking these, but not emitting nice messages for them. This depends on the llvm::PointerIntPair change in r160456. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
4b3918e9534e46f9ac067c6e0018f94613292efa	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename addExtraInvalidatedRegions to get...Regions Per Anna's comment that "add..." sounds like a method that modifies the receiver, rather than its argument. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160460 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
b7a23e05d1d8f07f2a6edce5c88c728fe894c2c7	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make CallEvent a value object. We will need to be able to easily reconstruct a CallEvent from an ExplodedNode for diagnostic purposes, and that's exactly what factory functions are for. CallEvent objects are small enough (four pointers and a SourceLocation) that returning them through the stack is fairly cheap. Clients who just need to use existing CallEvents can continue to do so using const references. This uses the same sort of "kind-field-dispatch" as SVal, though most of the nastiness is contained in the DISPATCH and DISPATCH_ARG macros at the end of the file. (We can't use a template for this because member-pointers to base class methods don't call derived-class methods even when casting to the derived class. We can't use variadic macros because they're a C99 feature.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160459 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
4ccc4cc5d4e7c5c436d5f45065d3639cfc7c6e48	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove obsolete ObjCPropRef SVal kind. ObjC properties are handled through their semantic form of ObjCMessageExprs and their wrapper PseudoObjectExprs, and have been for quite a while. The syntactic ObjCPropertyRefExprs do not appear in the CFG and are not visited by ExprEngine. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160458 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
7ff8f5e9b1b8d87a64853735fc4218a6a9f70652	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove unused ExprEngine::VisitCXXTemporaryObjectExpr. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160457 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
7373ead8719ceedd21c108419159ea74b02b2461	18-Jul-2012	Benjamin Kramer <benny.kra@googlemail.com>	Remove trivial destructor from SVal. This enables the faster SmallVector in clang and also allows clang's unused variable warnings to be more effective. Fix the two instances that popped up. The RetainCountChecker change actually changes functionality, it would be nice if someone from the StaticAnalyzer folks could look at it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160444 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
19e88c02889017753747e64606d9b1ad0041f11a	17-Jul-2012	Alexey Samsonov <samsonov@google.com>	Fixup for r160345 - uintptr_t is not always unsigned git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160349 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
e4ed215ccf35d4407916cd0223de26f87ccbb055	17-Jul-2012	Galina Kistanova <gkistanova@gmail.com>	Fixed few warnings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160345 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
c36b30c92c78b95fd29fb5d9d6214d737b3bcb02	12-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline virtual calls unless we can devirtualize properly. Previously we were using the static type of the base object to inline methods, whether virtual or non-virtual. Now, we try to see if the base object has a known type, and if so ask for its implementation of the method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160094 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
0ffbfd1a7f80f9a3c07317cb8f44c562f2ba1ba5	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add debug.DumpCalls, which prints out any CallEvents it sees. This is probably not so useful yet because it is not path-sensitive, though it does try to show inlining with indentation. This also adds a dump() method to CallEvent, which should be useful for debugging. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160030 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h rogramState.h tore.h
8d276d38c258dfc572586daf6c0e8f8fce249c0e	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a CXXDestructorCall CallEvent. While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160020 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
28038f33aa2db4833881fea757a1f0daf85ac02b	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints. These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
ee158bc29bc12ce544996f7cdfde14aba63acf4d	09-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] When inlining, make sure we use the definition decl. This was a regression introduced during the CallEvent changes; a call to FunctionDecl::hasBody was also being used to replace the decl found by lookup with the actual definition. To keep from making this mistake again (particularly if/when we start inlining Objective-C methods), this commit adds a "getDefinition()" method to CallEvent, which should do the right thing under any circumstances. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
0e020adcb69e91826f4ee14a0c1d381f7b624a34	07-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add comments to Calls.h. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159867 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
478851c3ed6bd784e7377dffd8e57b200c1b9ba9	04-Jul-2012	Benjamin Kramer <benny.kra@googlemail.com>	Drop the ASTContext.h include from Stmt.h and fix up transitive users. This required moving the ctors for IntegerLiteral and FloatingLiteral out of line which shouldn't change anything as they are usually called through Create methods that are already out of line. ASTContext::Deallocate has been a nop for a long time, drop it from ASTVector and make it independent from ASTContext.h Pass the StorageAllocator directly to AccessedEntity so it doesn't need to have a definition of ASTContext around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159718 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h ValBuilder.h
fdaa33818cf9bad8d092136e73bd2e489cb821ba	04-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] For now, don't inline non-static member overloaded operators. Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
70cbf3cc09eb21db1108396d30a414ea66d842cc	03-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation. This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
840c9842ed8b3a2b1276519a80f89e7d409fc148	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	Revert "Remove unused member (& consequently unused parameter) in SA's Call code." ...and instead add an accessor. We're not using this today, but it's something that should probably stay in the source for potential clients, and it doesn't cost a lot. (ObjCPropertyAccess is only created on the stack, and right now there's only ever one alive at a time.) This reverts r159581 / commit 8e674e1da34a131faa7d43dc3fcbd6e49120edbe. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159595 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
8e674e1da34a131faa7d43dc3fcbd6e49120edbe	02-Jul-2012	David Blaikie <dblaikie@gmail.com>	Remove unused member (& consequently unused parameter) in SA's Call code. This member became unused in r159559. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159581 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h
69f87c956b3ac2b80124fd9604af012e1061473a	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use CallEvent for inlining and call default-evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159560 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h xprEngine.h
de507eaf3cb54d3cb234dc14499c10ab3373d15f	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends. The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall argument, which can represent an explicit message send (ObjCMessageSend) or an implicit message generated by a property access (ObjCPropertyAccess). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159559 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h bjCMessage.h
cde8cdbd6a662c636164465ad309b5f17ff01064	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends. Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper around the existing ObjCMessage abstraction (over message sends and property accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses ObjCMessageSend and ObjCPropertyAccess. In addition to removing yet another wrapper object, this should make it easy to add a ObjCSubscriptAccess call event soon. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159558 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h xprEngine.h bjCMessage.h
85d7e01cf639b257d70f8a129709a2d7594d7b22	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Move the last bits of CallOrObjCMessage over to CallEvent. This involved refactoring some common pointer-escapes code onto CallEvent, then having MallocChecker use those callbacks for whether or not to consider a pointer's /ownership/ as escaping. This still needs to be pinned down, and probably we want to make the new argumentsMayEscape() function a little more discerning (content invalidation vs. ownership/metadata invalidation), but this is a good improvement. As a bonus, also remove CallOrObjCMessage from the source completely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159557 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h bjCMessage.h
740d490593e0de8732a697c9f77b90ddd463863b	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8 alls.h xprEngine.h rogramState.h tore.h ubEngine.h
8d0f528afd9fcb9ebb8ccb4b8a529a05375b628e	29-Jun-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a test that we are, in fact, doing a DFS on the ExplodedGraph. Previously: ...the comment said DFS... ...the WorkList being instantiated said BFS... ...and the implementation was actually DFS... ...due to an unintentional change in 2010... ...and everything kept working anyway. This fixes our std::deque implementation of BFS, but switches back to a SmallVector-based implementation of DFS. We should probably still investigate the ramifications of DFS vs. BFS, especially for large functions (and especially when we hit our block path limit), since this might completely change our memory use. It can also mask some bugs and reveal others depending on when we halt analysis. But at least we will not have this kind of little mistake creep in again. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159397 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
ee681111c713f300884550b1503713ade3b32374	25-Jun-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Be careful about implicitly-declared operator new/delete. (PR13090) The implicit global allocation functions do not have valid source locations, but we still want to treat them as being "system header" functions for the purposes of how they affect program state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159160 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2	23-Jun-2012	Ted Kremenek <kremenek@apple.com>	Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ValBuilder.h
16ae9de07730832945204877d752db7f1c070962	22-Jun-2012	James Dennett <jdennett@google.com>	Documentation cleanup: making \param docs match the code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158982 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
2df3a7a58b37d87ebf9e5e9251d56d1f8506f8b6	20-Jun-2012	Anna Zaks <ganna@apple.com>	[analyzer] Remove dead code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158849 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
8cd64b4c5553fa6284d248336cb7c82dc960a394	11-Jun-2012	Chad Rosier <mcrosier@apple.com>	Etch out the code path for MS-style inline assembly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158325 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
e17fdb2d5dbf0ffefd417587003eebbe5baf5984	07-Jun-2012	Anna Zaks <ganna@apple.com>	[analyzer] Anti-aliasing: different heap allocations do not alias Add a concept of symbolic memory region belonging to heap memory space. When comparing symbolic regions allocated on the heap, assume that they do not alias. Use symbolic heap region to suppress a common false positive pattern in the malloc checker, in code that relies on malloc not returning the memory aliased to other malloc allocations, stack. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h ValBuilder.h
36397dc6c1bf1513a3bac4eabe9209e5b2295a55	06-Jun-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Provide debug descriptions for all memory space regions. Patch by Guillem Marpons! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158106 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
facde171ae4b8926622a1bffa833732a06f1875b	06-Jun-2012	Benjamin Kramer <benny.kra@googlemail.com>	Remove unused private member variables found by clang's new -Wunused-private-field. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158086 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
c0e71a15bce9bb8c0d4ec1c42fab70c03140f9e0	02-Jun-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rely on canBeInlined utility instead of checking CallExpr explicitly. This will make it easier to add inlining support to more expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157870 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
7fa9b4f258636d89342eda28f21a986c8ac353b1	01-Jun-2012	Ted Kremenek <kremenek@apple.com>	static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ymbolManager.h
009072fd2223c823032b804c64ca7b4c7c3badc4	28-May-2012	Benjamin Kramer <benny.kra@googlemail.com>	Fix suspicous isIntegerType() check, found by PVS Studio (PR12357). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157593 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
1831bd29572b6a7243da73d9606209190c0217de	27-May-2012	Benjamin Kramer <benny.kra@googlemail.com>	Pass ProgramStateRef by reference. Retain + Release on a ref counted pointer is cheap, but not free (it adds a function call in this case). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157534 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
591b5f53c0e11d87401b4804bb1be1a53f95c619	19-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] For locations, use isGLValue() instead of isLValue(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157088 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
1d8db493f86761df9470254a2ad572fc6abf1bf6	08-May-2012	Jordy Rose <jediknil@belkadan.com>	[analyzer] Rework both constraint managers to handle mixed-type comparisons. This involves keeping track of three separate types: the symbol type, the adjustment type, and the comparison type. For example, in "$x + 5 > 0ULL", if the type of $x is 'signed char', the adjustment type is 'int' and the comparison type is 'unsigned long long'. Most of the time these three types will be the same, but we should still do the right thing when the comparison value is out of range, and wraparound should be calculated in the adjustment type. This also re-disables an out-of-bounds test; we were extracting the symbol from non-additive SymIntExprs, but then throwing away the integer. Sorry for the large patch; both the basic and range constraint managers needed to be updated together, since they share code in SimpleConstraintManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156361 91177308-0d34-0410-b5e6-96231b3b80d8 PSIntType.h
d3b6d99cd57522b15dcec0eb771a97d9599d4db2	08-May-2012	Jordy Rose <jediknil@belkadan.com>	[analyzer] Add an abstraction for the bit width and signedness of an APSInt. No functionality change. There are more parts of the analyzer that could use the convenience of APSIntType, particularly the constraint engine, but that needs a fair amount of rewriting to handle mixed-type constraints anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156360 91177308-0d34-0410-b5e6-96231b3b80d8 PSIntType.h asicValueFactory.h
85d87df66a50a15a1957f7213802000b451a8ec9	04-May-2012	Ted Kremenek <kremenek@apple.com>	Explicitly model capturing variables for blocks in the static analyzer. Fixes <rdar://problem/11125868>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
aca0ac58d2ae80d764e3832456667d7322445e0c	04-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Allow pointers escape through calls containing callback args. (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
baeaa9ad120f60b1c5b6f1a84286b507dbe2b55d	03-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a complexity bound on history tracking. (Currently, this is only relevant for tainted data.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156050 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
914edfbb07c34d8cad8d0451193b4f9dd02a2d5a	02-May-2012	David Blaikie <dblaikie@gmail.com>	Fix some doxycomments using \class instead of \brief. Patches by Csaba Raduly (rcsaba@gmail.com) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156027 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h ymbolManager.h
e2241cbb0455a60ba27d6c4b9d601ffef3ed103f	01-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Construct a SymExpr even when the constraint solver cannot reason about the expression. This essentially keeps more history about how symbolic values were constructed. As an optimization, previous to this commit, we only kept the history if one of the symbols was tainted, but it's valuable keep the history around for other purposes as well: it allows us to avoid constructing conjured symbols. Specifically, we need to identify the value of ptr as ElementRegion (result of pointer arithmetic) in the following code. However, before this commit '(2-x)' evaluated to Unknown value, and as the result, 'p + (2-x)' evaluated to Unknown value as well. int *p = malloc(sizeof(int)); ptr = p + (2-x); This change brings 2% slowdown on sqlite. Fixes radar://11329382. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155944 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
d200187bd27f9ad68699693a6e57f9ee3ff260fa	28-Apr-2012	Jordy Rose <jediknil@belkadan.com>	[analyzer] Remove references to idx::TranslationUnit. Index is dead, cross-TU inlining never panned out. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155751 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
577f14a34457032523e59dbbbacb88ca2cd4db57	27-Apr-2012	Ted Kremenek <kremenek@apple.com>	Use a deque instead of an ImmutableList in AnalysisConsumer to preserve the file order that functions are visited. Should fix the buildbots. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155693 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
cb0a5039c243f5b0c178e70f424adac334e5789b	27-Apr-2012	Ted Kremenek <kremenek@apple.com>	Change FunctionSummary.h's definition of SetOfDecls to be an ImmutableList instead of a mutable SmallPtrSet. While iterating over LocalTUDecls, there were cases where we could modify LocalTUDecls, which could result in invalidating an iterator and an analyzer crash. Along the way, switch some uses of std::queue to std::dequeue, which should be slightly more efficient. Unfortunately, this is a difficult case to create a test case for. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155680 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
0b3ade86a1c60cf0c7b56aa238aff458eb7f5974	20-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Run remove dead bindings right before leaving a function. This is needed to ensure that we always report issues in the correct function. For example, leaks are identified when we call remove dead bindings. In order to make sure we report a callee's leak in the callee, we have to run the operation in the callee's context. This change required quite a bit of infrastructure work since: - We used to only run remove dead bindings before a given statement; here we need to run it after the last statement in the function. For this, we added additional Program Point and special mode in the SymbolReaper to remove all symbols in context lower than the current one. - The call exit operation turned into a sequence of nodes, which are now guarded by CallExitBegin and CallExitEnd nodes for clarity and convenience. (Sorry for the long diff.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ymbolManager.h
39b73411313b1204601755e8c4813853f30b9a33	20-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Remove unused method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155243 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
5a878b2cabb940bf3c1ac420a52cac305765e3e2	20-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Constify git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155242 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
ffce11b95aad43cae18ac8700c026f0d6f62dfa2	16-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] +comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154865 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
87e154c09bbb060a0620bc988d7723bee64fb79c	13-Apr-2012	Douglas Gregor <dgregor@apple.com>	Remove the unused, unmaintained, incomplete 'Index' library. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154672 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
6a86082f3a06a2dcceaaf63f78a0e52d64bcbaa3	13-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] PCH deserialization optimization. We should not deserialize unused declarations from the PCH file. Achieve this by storing the top level declarations during parsing (HandleTopLevelDecl ASTConsumer callback) and analyzing/building a call graph only for those. Tested the patch on a sample ObjC file that uses PCH. With the patch, the analyzes is 17.5% faster and clang consumes 40% less memory. Got about 10% overall build/analyzes time decrease on a large Objective C project. A bit of CallGraph refactoring/cleanup as well.. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154625 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h unctionSummary.h
e19f86edab8fb3c2c1e99e0e9815b6058504df9b	10-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add support for C++ dynamic_cast. Simulate the C++ dynamic_cast in the analyzer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
4335a48214dcbb258e08c8867c45648e25edb2ec	10-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] + comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154433 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
bd613137499b1d4c3b63dccd0aa21f6add243f4f	07-Apr-2012	Ted Kremenek <kremenek@apple.com>	Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that when we generate a new ExplodedNode we use the same Expr* as the one being currently visited. This is preparation for transitioning to having ProgramPoints refer to CFGStmts. This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact, as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but it will look a lot cleaner when were start using CFGStmt* in the appropriate places. As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed. I have audited these, and they look reasonable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
7947bb127629faff4897f04e579d80fd0d7f97f0	06-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer]Fix false positive: pointer might escape through CG*WithData. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154156 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
cd863466b97cee866370bc6ff75370628ab01d37	05-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a coverage calculation to FunctionSummaries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154076 91177308-0d34-0410-b5e6-96231b3b80d8 unctionSummary.h
e62f048960645b79363408fdead53fec2a063c52	03-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Record the basic blocks covered by the analyzes run. Store this info inside the function summary generated for all analyzed functions. This is useful for coverage stats and can be helpful for analyzer state space search strategies. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h oreEngine.h xprEngine.h unctionSummary.h
3bbd8cd831788c506f2980293eb3c7e1b3ca2501	30-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not inline functions which previously reached max block count. This is an optimization for "retry without inlining" option. Here, if we failed to inline a function due to reaching the basic block max count, we are going to store this information and not try to inline it again in the translation unit. This can be viewed as a function summary. On sqlite, with this optimization, we are 30% faster then before and cover 10% more basic blocks (partially because the number of times we reach timeout is decreased by 20%). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153730 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h xprEngine.h
b47dbcbc12430fdf3e5a5b9f59cdec5480e89e75	28-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Enable retry exhausted without inlining by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153591 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
253955ca25c7e7049963b5db613c0cd15d66e4f8	28-Mar-2012	Anna Zaks <ganna@apple.com>	[analyser] Stats checker: do not mark a node as exhausted if we will retry without inlining. (+ other minor cleanups) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153581 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
5903a373db3d27794c90b25687e0dd6adb0e497d	27-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add an option to re-analyze a dead-end path without inlining. The analyzer gives up path exploration under certain conditions. For example, when the same basic block has been visited more than 4 times. With inlining turned on, this could lead to decrease in code coverage. Specifically, if we give up inside the inlined function, the rest of parent's basic blocks will not get analyzed. This commit introduces an option to enable re-run along the failed path, in which we do not inline the last inlined call site. This is done by enqueueing the node before the processing of the inlined call site with a special policy encoded in the state. The policy tells us not to inline the call site along the path. This lead to ~10% increase in the number of paths analyzed. Even though we expected a much greater coverage improvement. The option is turned off by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h oreEngine.h xplodedGraph.h xprEngine.h rogramStateTrait.h
14d83810b14a558b4d3671c75b6d0f5608898d9e	27-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix a typo. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153533 91177308-0d34-0410-b5e6-96231b3b80d8 aintManager.h
514f2c9dcb9e04b52929c5b141a6fe88bd68b33f	23-Mar-2012	Ted Kremenek <kremenek@apple.com>	Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19	21-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Malloc: Utter the name of the leaked variable. Specifically, we use the last store of the leaked symbol in the leak diagnostic. (No support for struct fields since the malloc checker doesn't track those yet.) + Infrastructure to track the regions used in store evaluations. This approach is more precise than iterating the store to obtain the region bound to the symbol, which is used in RetainCount checker. The region corresponds to what is uttered in the code in the last store and we do not rely on the store implementation to support this functionality. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h xprEngine.h emRegion.h
27b867ea1c9cb4b40f9b817c303d6df3ee753da9	21-Mar-2012	Anna Zaks <ganna@apple.com>	[analyser] Factor out FindUniqueBinding from RetainCount checker. So that others could use it as well. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153211 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
d7b83148ac0a537f5ec9be9d87bbec62b75435f4	15-Mar-2012	Jordy Rose <jediknil@belkadan.com>	[analyzer] Remove AggExprVisitor, a dead class that assisted in visiting C++ expressions with a "base object", because the CFG is now linearized. The only use of AggExprVisitor was in #if 0 code (the analyzer's incomplete C++ support), so there is no actual behavioral change anyway. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152856 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
e5049d29f74183d88a332ce4868e84a9c12893f0	14-Mar-2012	Erik Verbruggen <erikjv@me.com>	[Analyser] Removes more recursive visitations in ExprEngine that are no longer needed as the CFG is fully linearized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152720 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
4e4d08403ca5cfd4d558fa2936215d3a4e5a528d	11-Mar-2012	David Blaikie <dblaikie@gmail.com>	Unify naming of LangOptions variable/get function across the Clang stack (Lex to AST). The member variable is always "LangOpts" and the member function is always "getLangOpts". Reviewed by Chris Lattner git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152536 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h heckerContext.h
337e4dbc6859589b8878146a88bebf754e916702	10-Mar-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] fix regression in analyzer of NOT actually aborting on Stmts it doesn't understand. We registered as aborted, but didn't treat such cases as sinks in the ExplodedGraph. Along the way, add basic support for CXXCatchStmt, expanding the set of code we actually analyze (hopefully correctly). Fixes: <rdar://problem/10892489> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152468 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ValBuilder.h
3fd5f370a28552976c52e76c3035d79012d78dda	09-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add support for NoRedundancy inlining mode. We do not reanalyze a function, which has already been analyzed as an inlined callee. As per PRELIMINARY testing, this gives over 50% run time reduction on some benchmarks without decreasing of the number of bugs found. Turning the mode on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152440 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h oreEngine.h xprEngine.h
aa49a7d70e58dac2aeb40664ba16d2ea571b8c95	09-Mar-2012	Daniel Dunbar <daniel@zuster.org>	[AST/etc] Mark {getSourceRange(),getStartLoc(),getEndLoc()} as LLVM_READONLY. - The theory here is that we have these functions sprinkled in all over the place. This should allow the optimizer to at least realize it can still do load CSE across these calls. - I blindly marked all instances as such, even though the optimizer can infer this attribute in some instances (some of the inline ones) as that was easier and also, when given the choice between thinking and not thinking, I prefer the latter. You might think this is mere frivolity, but actually this is good for a .7 - 1.1% speedup on 403.gcc/combine.c, JSC/Interpreter.cpp, OGF/NSBezierPath-OAExtensions.m. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152426 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
66253352131e3e7a22b3bfd0e180607aa2bfb988	09-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rework inlining related command line options. - Remove -analyzer-inline-call. - Add -analyzer-ipa=[none|inlining] - Add -analyzer-inlining-mode to allow experimentation for different performance tuning methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152351 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
1a45a5ff5d495cb6cd9a3d4d06317af79c0f634d	06-Mar-2012	Ted Kremenek <kremenek@apple.com>	Add static analyzer support for new NSArray/NSDictionary/NSNumber literals. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152139 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
a81d3d434e6581ff354eaf5b2a3c25c75771a792	04-Mar-2012	Erik Verbruggen <erikjv@me.com>	Remove a recursive visitation in ExprEngine that is no longer needed because the CFG is fully linearized. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152007 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
8235f9c9c8b3d1737d1c6bd57f7ba3f616b92392	02-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Bound the size of the functions being inlined + provide command line options for inlining tuning. This adds the option for stack depth bound as well as function size bound. + minor doxygenification git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
ca23eb212c78ac5bc62d0881635579dbe7095639	29-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Malloc: A pointer might escape through CFContainers APIs, funopen, setvbuf. Teach the checker and the engine about these APIs to resolve malloc false positives. As I am adding more of these APIs, it is clear that all this should be factored out into a separate callback (for example, region escapes). Malloc, KeyChainAPI and RetainRelease checkers could all use it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
4c62b557e269a27515dfca1f754ae936c8fdb824	28-Feb-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] teach analyzer about ObjC literals, thus trimming out a false positive with the malloc() checker involving comparing literal addresses to nil. Fixes <rdar://problem/10579586> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151602 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
e739a29c62c67eaec0af5c4d5c75f9e8f11228bd	28-Feb-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Don't generate an explicit ExplodedNode for StringLiterals; have the SVal lazily generated from Environment::getSVal(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151589 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
c93dc7889644293e318e19d82830ea2acc45b678	20-Feb-2012	Dylan Noblesmith <nobled@dreamwidth.org>	Basic: import IntrusiveRefCntPtr<> into clang namespace The class name is long enough without the llvm:: added. Also bring in RefCountedBase and RefCountedBaseVPTR. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150958 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState_Fwd.h
b673a41c92aa276f2e37164d0747be1cfb0c402b	18-Feb-2012	Ted Kremenek <kremenek@apple.com>	Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150888 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
3133f79cf451e6302dd05262b4bb53a3e4fd6300	18-Feb-2012	Ted Kremenek <kremenek@apple.com>	Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h ValBuilder.h tore.h ymbolManager.h
2ac58b7c09938bb28c51c7cd2deada609b75f94c	16-Feb-2012	Ted Kremenek <kremenek@apple.com>	Revert "Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change." git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150722 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
437ee81e54f39c2363d5fe0ea155604c28adc615	16-Feb-2012	Ted Kremenek <kremenek@apple.com>	Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150720 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
626719bd2c09e27fe7c182724a812d27f59e3819	16-Feb-2012	Ted Kremenek <kremenek@apple.com>	Minor cleanup to node data structures in ExplodedGraph. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150719 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
66c40400e7d6272b0cd675ada18dd62c1f0362c7	14-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Make Malloc Checker optimistic in presence of inlining. (In response of Ted's review of r150112.) This moves the logic which checked if a symbol escapes through a parameter to invalidateRegionCallback (instead of post CallExpr visit.) To accommodate the change, added a CallOrObjCMessage parameter to checkRegionChanges callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ubEngine.h
c8bb3befcad8cd8fc9556bc265289b07dc3c94c8	13-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Malloc checker: rework realloc handling: 1) Support the case when realloc fails to reduce False Positives. (We essentially need to restore the state of the pointer being reallocated.) 2) Realloc behaves differently under special conditions (from pointer is null, size is 0). When detecting these cases, we should consider under-constrained states (size might or might not be 0). The old version handled this in a very hacky way. The code did not differentiate between definite and possible (no consideration for under-constrained states). Further, after processing each special case, the realloc processing function did not return but chained to the next special case processing. So you could end up in an execution in which you first see the states in which size is 0 and realloc ~ free(), followed by the states corresponding to size is not 0 followed by the evaluation of the regular realloc behavior. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150402 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
57300760964904cc022a175643342f29f46b7e6b	07-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Allow each CString check to be enabled/disabled separately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149947 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
6f42b62b6194f53bcbc349f5d17388e1936535d7	05-Feb-2012	Dylan Noblesmith <nobled@dreamwidth.org>	Basic: import OwningPtr<> into clang namespace git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h oreEngine.h rogramState.h
e00575f12cf280621ef0ed4d69e909bdfc9fef62	31-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149407 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
a5888f61be9f8d76e9b48a453dbced50523bd2e0	31-Jan-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Reapply r149311 which I reverted by mistake. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. # Please enter the commit message for your changes. Lines starting git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149339 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h rogramState.h rogramState_Fwd.h
b9b0f6fb6e113b5e6be3ed9754c4bf01186a17bf	31-Jan-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Revert r149311 which failed to compile. Original log: Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149336 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h rogramState.h rogramState_Fwd.h
841c96a885789afea9d32d1d842033768c6d2b19	31-Jan-2012	Ted Kremenek <kremenek@apple.com>	Minor refactor within ExplodedGraph::reclaimRecentlyAllocatedNodes(). No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149320 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
72e93068c9f2a2f05f5932cdd917c0d2961f11d9	31-Jan-2012	Ted Kremenek <kremenek@apple.com>	Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory improvement, and a simplification of the logic for managing ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149311 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h rogramState.h rogramState_Fwd.h
23111dcd66ee242bb5caf1ecab01bd930ee42c4c	31-Jan-2012	Ted Kremenek <kremenek@apple.com>	Convert more uses of 'const ProgramState *' to 'ProgramStateRef' (and related cleanups). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149310 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
af5f550de34525b27f0ff31dafce792caf8158b6	30-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h rogramStateTrait.h
c35fb7d67d515659ad2325b4f6ec97c9fe64fb63	28-Jan-2012	Benjamin Kramer <benny.kra@googlemail.com>	StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers that don't care about the language don't have to pull in all the headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149178 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h emRegion.h ValBuilder.h tore.h
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h heckerContext.h onstraintManager.h oreEngine.h nvironment.h xplodedGraph.h xprEngine.h bjCMessage.h rogramState.h rogramState_Fwd.h ValBuilder.h Vals.h tore.h ubEngine.h
bac341346f3c8e713a8f165120fd54b500ee3189	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Rework flushing of diagnostics to PathDiagnosticConsumer. Now all the reports are batched up before being flushed to the underlying consumer implementation. This allows us to unique reports across analyses to multiple functions (which shows up with inlining). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148997 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
9d0064e802e81d0833e8ccab8978b17c0bac3625	25-Jan-2012	Ted Kremenek <kremenek@apple.com>	Reduce peak memory usage of the static analyzer on sqlite3 (when using inlining) by 30%. This is accomplished by periodically reclaiming nodes in the graph. This was an optimization done before the CFG was linearized, but the CFG linearization destroyed that optimization since each freshly created node couldn't be reclaimed and we only looked at a window of nodes created between each ProcessStmt. This optimization can be reclaimed my merely expanding the window to N number of nodes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148888 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
f75823f3d4dc84630a9d814479140145e62accf3	23-Jan-2012	Bill Wendling <isanbard@gmail.com>	Remove extraneous ';'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148739 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
be97b7edb112520d764c24e8b9a159cdc692bcb6	20-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Skip casts when determining taint dependencies + pretty printing. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
461af1e502c9bd88330bbf17d449a7593fc0d624	20-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a utility method that allows to find the macro name used at the given location. This could be useful when checkers' logic depends on whether a function is called with a given macro argument. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148516 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
3352ea914644edb2b56e999c94319ce915d68707	20-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Cleanup of Symbol dump methods. This solves a the issue of crashing gdb when dumping a symbol; + consistent vitualization. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148515 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
9b0c749a20d0f7d0e63441d76baa15def3f37fdb	18-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Taint: add taint propagation rules for string and memory copy functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
0849ade4bb3e90c2fc0ce01ccd330f76f91da732	12-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h tore.h
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e	12-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Rename Store::Retrieve() -> getBinding(). + all the other Retrieve..() methods + a comment for ElementRegion. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h rogramState.h tore.h
9f03b62036a7abc0a227b17f4a49b9eefced9450	07-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add basic format string vulnerability checking. We already have a more conservative check in the compiler (if the format string is not a literal, we warn). Still adding it here for completeness and since this check is stronger - only triggered if the format string is tainted. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
3070e13dca5bbefa32acb80ce4a7b217a6220983	07-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove CallEnterNodeBuilder and simplify ExprEngine::processCallEnter(). This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147705 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
894212e9510299abb203801e014fec76b7926a05	07-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove CallExitNodeBuilder, and have ExprEngine::processCallExit() do the work manually. This is a nice simplification. Along the way, fix Exprengine::processCallExit() to also perform the postStmt callback for checkers for CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147697 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
5eca482fe895ea57bc82410222e6426c09e63284	06-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h nvironment.h xprEngine.h bjCMessage.h rogramState.h ymbolManager.h
eb31a76d1cdaaf8874c549dc6bd964ff270d3822	05-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h emRegion.h bjCMessage.h rogramState.h tore.h
4617e2843e711136746865d7d6d27c7cead21f2b	22-Dec-2011	Eli Friedman <eli.friedman@gmail.com>	Delete stray semicolon. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147140 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
2cbe791d3e9b26f30196c4852da75d9ad67b4ad9	20-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Do not invalidate arguments when the parameter's type is a pointer to const. (radar://10595327) The regions corresponding to the pointer and reference arguments to a function get invalidated by the calls since a function call can possibly modify the pointed to data. With this change, we are not going to invalidate the data if the argument is a pointer to const. This change makes the analyzer more optimistic in reporting errors. (Support for C, C++ and Obj C) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147002 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
99ba9e3bd70671f3441fb974895f226a83ce0e66	20-Dec-2011	David Blaikie <dblaikie@gmail.com>	Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h oreEngine.h xplodedGraph.h emRegion.h rogramState.h ValBuilder.h tore.h ubEngine.h ymbolManager.h
777d706547ebc751d998134774d9d5388fff8e02	17-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor: Simplify & assert. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146792 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
28fd98d66dab4569316de2b5881d91b534a42461	14-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor refactor to addTaint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146535 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
6d6a83c3754b449ac24cb83bc6d3a50b10535061	11-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer]Fixup r146336. Forgot to commit the Header files. Rename generateUnknownVal -> makeGenericVal. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146337 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h ymbolManager.h
432a4558b8161c362efc319f8a38e074e74da201	09-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Fix inconsistency on when SValBuilder assumes that 2 types are equivalent. + A taint test which tests bitwise operations and which was triggering an assertion due to presence of the integer to integer cast. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146240 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
5fc7def35ee858791e591d005b4ae343632ca931	08-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] If memory region is tainted mark data as tainted. + random comments git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146199 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Propagate taint through MemRegions. SVal can be not only a symbol, but a MemRegion. Add support for such cases. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
a91efb14cbf6af999dee02d9b611a57c7b52e209	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add comments related to symbol_iterator git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145987 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it for finding dependent symbols for taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h ymbolManager.h
aace9ef279be3dadd53b481aee568bd7701178b4	07-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Propagate taint through NonLoc to NonLoc casts. - Created a new SymExpr type - SymbolCast. - SymbolCast is created when we don't know how to simplify a NonLoc to NonLoc casts. - A bit of code refactoring: introduced dispatchCast to have better code reuse, remove a goto. - Updated the test case to showcase the new taint flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h Vals.h ymbolManager.h
eca4e6e58170129cbdf105b2cfdb9ac2be61858e	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Mark ConstraintManager::canReasonAbout as protected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145857 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
5344baa704f42b22d9df25c24ffbbf6b4716603b	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Unify SymbolVal and SymExprVal under a single SymbolVal class. We are going into the direction of handling SymbolData and other SymExpr uniformly, so it makes less sense to keep two different SVal classes. For example, the checkers would have to take an extra step to reason about each type separately. The classes have the same members, we were just using the SVal kind field for easy differentiation in 3 switch statements. The switch statements look more ugly now, but we can make the code more readable in other ways, for example, moving some code into separate functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145833 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
76462f00854171d2aa3ebc34f9aac1c60021b0ea	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove all uses of ConstraintManager::canResonAbout() from ExprEngine. Teach SimpleConstraintManager::assumeSymRel() to propagate constraints to symbolic expressions. + One extra warning (real bug) is now generated due to enhanced assumeSymRel(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145832 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
3cdf584e068056540769dab56cad333e95a89750	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] First step toward removing ConstraintManager::canReasonAbout() from the ExprEngine. ExprEngine should not care if the constraint solver can reason about something or not. The solver should be able to handle all the SymExprs. To do this, the solver should be able to keep track of not only the SymbolData but of all SymExprs. This is why we change SymbolRef to be an alias of SymExpr*. When encountering an expression it cannot simplify, the solver should just add the constraints to it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145831 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h ymbolManager.h
d0167853f46cc78787b06255a44f9dcedd04a8ec	05-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add ability to do a simple ProgramState dump() without requiring CFG. Adding more ugly code; the evnvironment printing should be moved to envirnment at some point. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145828 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
b805c8ff133ef0c62df032fa711d6b13c5afd7f4	01-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor checkers to use helper function for getting callee Decl and name. We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145576 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
426a16d4e5efe7efefe76c405207fb170cabad9f	28-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Minor cleanup of SValBuilder: Comments + code reuse. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145274 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
0d339d06f8721d14befd6311bd306ac485772188	18-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Do not conjure a symbol when we need to propagate taint. When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation. With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted. Also added some comments and asserts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
64595fad45abbaa75778609196b9223bf6f2ece3	17-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add a helper method. Naming could be improved.. But we should first rename the classes in the SVal hierarchy. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144927 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
eeea7c44a6986752fedee1ef1bcef855db373872	17-Nov-2011	Anna Zaks <ganna@apple.com>	[analysis] Constify CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144871 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
8687397a0f5e4c31632959d907f9d9b38d793b1c	17-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Put CheckerConext::getCalleeName out of line. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144870 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
ceac1d6e0521161adf7ac9834b1a7ad79d73fea4	16-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Adding basic building blocks for taint propagation. TaintTag.h will contain definitions of different taint kinds and their properties. TaintManager will be responsible for implementing taint specific operations, storing taint. ProgramState will provide API to add/remove taint. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h aintManager.h aintTag.h
fc06f988da35df75e623e0c1c4e4db4d36c0b43b	16-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Cleanup (NULL -> 0, no doxygen in cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144822 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
c24b4f6ae3507aa501c2dafdff62c1059f8922ad	16-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Assert if we ever get an over constrained state. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144821 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h
0e12ebfd3ef9ad5d894466c6e4910ac5e6041034	16-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Factor getCalleeName to the checker context. many checkers are trying to get a name of the callee when visiting a CallExpr, so provide a convenience API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144820 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
6800ba622e4edf287801ac69c42c61e7e294b06b	01-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Make sink attribute part of the node profile. This prevents caching out on nodes with different sink flag. (This is a cleaner fix for radar://10376675). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143517 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
2d950b15b2b2b650b102ecf0c6b50b45e0cb6a8a	01-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Fix PR11282 - an assert in markAsSink This is another fallout from the refactoring. We were calling MarkAsSink on a cached out node. (Fixes radar://10376675) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143516 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xplodedGraph.h
cdcc653642d4ac9255c574fabe74a48149e06733	01-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] BranchNodeBuilder should not generate autotransitions. This fixes radar://10367606 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143514 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h orkList.h
a2a860306e3697fcf7a12c5ba59551ca60578968	01-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] CheckerContext::getPredecessor() cleanup Remove unnecessary calls to CheckerContext::getPredecessor() + Comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143513 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
6706e9783fc18cb32810404b599bf88aeaa389dc	01-Nov-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove the CheckerContext's destructor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143512 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
df95d146c13cf02e106b32b01d147577d6d6b5a1	27-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Optimize by not generating empty transitions in CheckerContext Go not generate a new transition by addTransition methods if nothing changed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143091 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
4d2ae4a70336dc2aa11389b34946be152bb454c9	27-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Move enqueueEndOfFunction into CoreEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143090 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
dd7ddf2b2296f95e7591ca3f9791f0eb9a15ee42	27-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Make CoreEngine responsible for enqueueing Stmt Nodes. Enqueue the nodes generated as the result of processing a statement inside the Core Engine. This makes sure ExpEngine does not access CoreEngine's private members and is more concise. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143089 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
39ac1876f6f9a1a8e0070f0df61036c7ba05202b	26-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add getLocationContext to CheckerContext CheckerContext::getPredecessor is only used to get to the LocationContext half of the times. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143061 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
48468dfeb3ccf099ed51ff5dcb8ae0fe783692fd	26-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove EmitBasicReport form CheckerContext. The path sensitive checkers should use EmitBasicReport, which provides the node information. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143060 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
0bd6b110e908892d4b5c8671a9f435a1d72ad16a	26-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Rename generateNode -> addTransition in CheckerContext Also document addTransition methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
1d08123ae7ba455fff8c61fb546521ef95496f08	26-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove forward declarations of GenericNodeBuilder git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143058 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h ubEngine.h
c03a39e16762627b421247b12a2658be630a3300	26-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] GenericNodeBuilder -> NodeBuilder. Remove GenericNodeBuilder and use a class inherited from NodeBuilder instead. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143057 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
6a93bd526c5136ee5a26871e829cf5a8548a1c6a	25-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove getEngine() form CheckerContext A step toward making sure that diagnostics report should only be generated though the CheckerContext and not though BugReporter or ExprEngine directly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142947 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
063e0887ad65d666d23ee3178436ad6507abbd1b	25-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Simplify CheckerContext Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition. Remove addTransition method since it's the same as generateNode. Maybe we should rename generateNode to genTransition (since a transition is always automatically generated)? git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
2e9264a17bacc7dc228d5f93caaeb98dfb23d508	25-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove unused headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142945 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
af498a28797c075c48d7e943df5f5a8e78ed8eb0	25-Oct-2011	Anna Zaks <ganna@apple.com>	[analyze] Convert EndOfPath callback to use CheckerContext Get rid of the EndOfPathBuilder completely. Use the generic NodeBuilder to generate nodes. Enqueue the end of path frontier explicitly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
aa0aeb1cbe117db68d35700cb3a34aace0f99b99	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Node builders cleanup + comments Renamed PureNodeBuilder->StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h
cca79db2ea94f71fb088f4b0f104cef8bedf8ff2	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove the old StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142848 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xplodedGraph.h ubEngine.h
056c4b46335a3bd2612414735d5749ee159c0165	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Completely remove the global Builder object. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142847 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Convert ExprEngine::visit() to use short lived builders. This commit removes the major functional dependency on the ExprEngine::Builder member variable. In some cases the code became more verbose. Particularly, we call takeNodes() and addNodes() to move responsibility for the nodes from one builder to another. This will get simplified later on. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142831 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xprEngine.h ubEngine.h
d231d0130a95336610ab9a42eaeb2cdac19992f3	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Convert VisitDeclStmt to use local node builder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142830 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
6b6152ba96c164a292cc0b8d8b1d4cecbec27a60	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Convert more functions (ex:evalBind()) to iterative builders git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142829 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
8ad8c546372fe602708cb7ceeaf0ebbb866735c6	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Convert VisitUnaryOperator to use short lived Node builders To convert iteratively, we take the nodes the local builder will process from the from the global builder and add the generated nodes after the short lived builder is done. PureStmtNodeBuilder is the one we should eventually use everywhere. Added Stmt index and Builder context as ExprEngine globals. To avoid passing them around. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142828 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h
8ff5c41f2bde7ebbe568b4c15e59f14b8befae66	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Use a temporary builder in CheckerContext. First step toward removing the global Stmt builder. Added several transitional methods (like takeNodes/addNodes). + Stop early if the set of exploded nodes for the next iteration is empty. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142827 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
1aae01a8308d2f8e31adab3f4d7ac35543aac680	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Pass external Dst set to NodeBuilder This moves the responsibility for storing the output node set from the builder to the clients. The builder is just responsible for transforming an input set into the output set: {SrcSet/SrcNode} -> {Frontier}. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142826 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xplodedGraph.h xprEngine.h ubEngine.h
1d26f48dc2eea1c07431ca1519d7034a21b9bcff	24-Oct-2011	Ted Kremenek <kremenek@apple.com>	Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h heckerContext.h xprEngine.h emRegion.h
b1b5daf30d2597e066936772bd206500232d7d65	23-Oct-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove LocationContext creation methods from AnalysisManager, and change clients to use AnalysisContext instead. WIP to remove/reduce ExprEngine's usage of AnalysisManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142739 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h xprEngine.h
c9003c89c7aead1686aba89c8e3ddcea1f2bec54	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Move predecessor into the NodeBuilder context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142454 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
4e82d3cf6fd4c907265e3fa3aac0a835c35dc759	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Make NodeBuilder and Pred node loosely coupled NodeBuilder should not assume it's dealing with a single predecessor. Remove predecessor getters. Modify the BranchNodeBuilder to not be responsible for doing auto-transitions (which depend on a predecessor). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142453 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h ubEngine.h
3152b3cb5b6a2f797d0972c81a5eb3fd69c0d620	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove StmtNodeBuilder from CheckerContext It now only depends on a generic NodeBuilder instead. As part of this change, make the generic node builder results finalized by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142452 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
319a9184d5ca9f77622b45ae15c08f6b9ce01621	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Subclassing StmtBuilder from the NodeBuilder git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142451 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
67d9fbac82922ef5b6c9ba5ac4a07e80f9960292	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove dead code. ExprEngineBuilders is not used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142450 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngineBuilders.h
9a1e3ab97c48a0381cce449b833c56997048a6d1	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove redundant method + whitespace. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142449 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
cd656cab3fa3dd4b0c974c6ae1c0e60880b18c22	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Modularize builder use in processBranch. Take advantage of the new builders for branch processing. As part of this change pass generic NodeBuilder (instead of BranchNodeBuilder) to the BranchCondition callback and remove the unused methods form BranchBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142448 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
ad62deeb70e97da6bd514dd390ea1ce6af6ad81d	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Pull Pred out of NodeBuilderContext. Each builder will have a different one, so it doesn't make sense to keep it in the context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142447 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xprEngine.h ubEngine.h
8c90aadce33152b03e3d1d5c7e9c468c7b939c96	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Rely only on NodeBuilder inside CheckerContext. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142446 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
d0b080664bc6514793351a2e2a87ce67214f5306	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove redundant assignment operator. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142445 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h
a19f4af7a94835ce4693bfe12d6270754e79eb56	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] NodeBuilder Refactoring: Subclass BranchNodeBuilder from NodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142444 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xplodedGraph.h xprEngine.h ubEngine.h
f05aac8472d8ed081a361a218fd14d59ddc91b85	19-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Node Builder refactoring: Introduce a simple Node Builder responsible for generating the node frontier. Currently we have a bunch of different node builders which provide some common functionality but are difficult to refactor. Each builder generates nodes of different kinds and calculates the frontier nodes, which should be propagated to the next step (after the builder dies). Introduce a new NodeBuilder which provides very basic node generation facilities but takes care of the second problem. The idea is that all the other builders will eventually use it. Use this builder in CheckerContext instead of StmtNodeBuilder (the way the frontier is propagated to the StmtBuilder is a hack and will be removed later on). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142443 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
71fdf469a3b6d7d557b0bfba36e8659f4966c565	11-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove an unused member variable. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141690 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
15e24065a4a8b6b9d58e138969f8f6ac7495d837	08-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove dead code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141432 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
a5937bbfd19e61d651a58b0f0ffeef68457902a5	08-Oct-2011	Ted Kremenek <kremenek@apple.com>	Remove AnalysisContext::getLiveVariables(), and introduce a templatized mechanism to lazily create analyses that are attached to AnalysisContext objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141425 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h xplodedGraph.h
3f5e8d87dbf449d8b39fe96068415428594d370e	07-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Previously, we were passing to CheckerContext enough info to construct ProgramPoint and it would pass it to NodeBuilder, which in turn would construct the ProgramPoint. Simplify it by just passing the ProgramPoint to CheckerContext. The ProgramPoint can only change if a checker tags it, in which case, we create a copy with the given tag. (A step closer to making CheckerContext work with all node builders, not only StmtNodeBuilder.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141417 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
390909c89c98ab1807e15e033a72e975f866fb23	06-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove the dependency on CheckerContext::getStmt() as well as the method itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141262 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
4eff823b8e015e003d05953c386d685ee6bb6235	06-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove the last dependency on CheckerContext::getNodeBuilder() as well as the method itself. Checkers should not directly access NodeBuilder, nodes can be created by calling the CheckerContext's generateNode() methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141249 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
cbb7add8d7e3f868a6695a601e45fc13257bd9f5	05-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Removing more references to CheckerContext::getNodeBuilder(): ask CheckerContext to generate the nodes. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141136 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
50f3cade2a87bda005ae08d42b51c5b960b07779	05-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Refactor node generation to use less code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141133 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
5d0ea6d62e076c776ddad028c4eb615783be1323	04-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141112 91177308-0d34-0410-b5e6-96231b3b80d8 lockCounter.h heckerContext.h
8ba721428af297e540fb40b176eeeea0ee010c1f	04-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove unused methods, add comments to others. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141098 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
1e9775d36de8edbc665c0f0bf4dae1400e3d2112	03-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] In UndefBranchChecker, use a node generator which does not create an edge/branching. (ExprEngine should be in charge of generating edges. The checkers should examine the condition and generate PostCondition node if needed.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141034 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
d30952838421ddfb9f7e346b2ba8213889a5f789	30-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add -analyzer-purge option which can take on multiple values, remove -analyzer-purge=none. (Small refactor as well: move the work of constructing AnalysisManager from the callers to the class itself.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140838 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
ef3643fbbbf66247c5e205497fae0f46e240c143	26-Sep-2011	David Blaikie <dblaikie@gmail.com>	Rename PathDiagnosticClient to PathDiagnosticConsumer as per issue 5397 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140492 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
d6471f7c1921c7802804ce3ff6fe9768310f72b9	26-Sep-2011	David Blaikie <dblaikie@gmail.com>	Rename Diagnostic to DiagnosticsEngine as per issue 5397 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140478 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
5f625712f622f6e57de17b6f7eec242956b993ee	22-Sep-2011	Anna Zaks <ganna@apple.com>	ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts). Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140323 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h
cf8742e471a712d551d9a348c85050427dce0b4a	20-Sep-2011	Anna Zaks <ganna@apple.com>	[analyzer] Add a convinience method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140092 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
a81fffe678107d49a9f1c03d80adf85f18a9867f	12-Sep-2011	Anna Zaks <ganna@apple.com>	Doxygen comments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139508 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
d1e5a89226da79f7e6f43d40facc46abda9e5245	02-Sep-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Remove TransferFuncs.h, then deal with the fallout. And with that, TransferFuncs is gone! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139003 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h ransferFuncs.h
17a38e2636a8b1ce473fc6504c4b16cb09db29f4	02-Sep-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine. Remove TransferFuncs from ExprEngine and AnalysisConsumer. Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138998 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h xprEngine.h
f5e39ece75b18c9ce19351929d4879ad9731e7f5	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Header cleanup to decrease coupling (and recompilation). No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138729 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h oreEngine.h nvironment.h xprEngine.h
dbd658e139b3e0bf084f75feaea8d844af9e319f	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState. Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging. This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138728 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h rogramState.h ubEngine.h ransferFuncs.h
93bd5ca766c4d7906878f4ffe76ce1b2080e540b	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Remove the ProgramState argument from ExprEngine::evalBind; we were ignoring it anyway. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138720 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
e38dd95dddb8f1b38469c8d0e28aa1c660489324	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Migrate argument invalidation from CFRefCount to ExprEngine. This is a common path for function and C++ method calls, Objective-C messages and property accesses, and C++ construct-exprs. As support, add message receiver accessors to ObjCMessage and CallOrObjCMessage. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138718 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h bjCMessage.h
537716ad8dd10f984b6cfe6985afade1185c5e3c	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation. Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well. Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h bjCMessage.h rogramState.h tore.h ubEngine.h
782f63ecd124f9384f988dc7e0cf4ae1540c15f6	26-Aug-2011	Jeffrey Yasskin <jyasskin@google.com>	Handle CXXTempObjectRegion in StackAddrEscapeChecker. Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now that it doesn't crash, and extract the stack-block test into another file since it errors, and that prevents the analyzer from running. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138613 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
294396b9f2a2f4ffee6b7ed5e61211fde50b6554	23-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Migrate the handling of retain-count-related RetEffects and ArgEffects from CFRefCount to RetainReleaseChecker. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138309 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
500abad7edfcc2409b18dd616cdbc28a094926f5	21-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138220 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
f8b5aae41e46f94fe90ed5f1ee98f36f0aa59dc9	20-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Handle reads of ObjCPropertyRefExprs implicitly in Environment. No need to bind an explicit value and create a new node. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138196 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
6c7511db998817e64f2e124013e7d7c9a430c580	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] add ExprEngine::getEagerlyAssumedTags() to allow externally querying of "eagerly assumed" expressions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137704 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
ae160f880d183ab938fd7ce3b891694ae2f569c0	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Add missing header files. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137676 91177308-0d34-0410-b5e6-96231b3b80d8 rogramState.h rogramStateTrait.h
18c66fdc3c4008d335885695fe36fb5353c5f672	16-Aug-2011	Ted Kremenek <kremenek@apple.com>	Rename GRState to ProgramState, and cleanup some code formatting along the way. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h heckerContext.h onstraintManager.h oreEngine.h nvironment.h xplodedGraph.h xprEngine.h xprEngineBuilders.h RState.h RStateTrait.h bjCMessage.h ValBuilder.h Vals.h tore.h ubEngine.h ymbolManager.h ransferFuncs.h
9c378f705405d37f49795d5e915989de774fe11f	13-Aug-2011	Ted Kremenek <kremenek@apple.com>	Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h lockCounter.h heckerContext.h onstraintManager.h oreEngine.h nvironment.h xplodedGraph.h xprEngine.h xprEngineBuilders.h RState.h RStateTrait.h emRegion.h ValBuilder.h Vals.h tore.h toreRef.h ubEngine.h ymbolManager.h ransferFuncs.h orkList.h
ca804539d908d3a0e8c72a0df5f1f571d29490bb	13-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*. Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior. For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h xprEngine.h
096aef9597b263b4cd6a0feaacf9e7214fa9c75a	12-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in time. One is cleanup, the other is me being OCD about enum group nesting. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137517 91177308-0d34-0410-b5e6-96231b3b80d8 emRegion.h
9697934650354bed2e509d8e7e44f21a1fb00f76	12-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't. Patch by Olaf Krzikalla! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h emRegion.h ValBuilder.h tore.h ymbolManager.h
cb9657cfba92d5a3009e1b37109e03258c20d327	12-Aug-2011	Bill Wendling <isanbard@gmail.com>	Remove extra semicolons. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137409 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
579ad7ac56f7940cc543b7216ee1b1a7de1ed712	12-Aug-2011	Anna Zaks <ganna@apple.com>	Optimizations for Dependent Symbol tracking (as per Ted's code review for r137309): 1) Change SymbolDependTy map to keep pointers as data. And other small tweaks like making the DenseMap smaller 64->16 elements; remove removeSymbolDependencies() as it will probably not be used. 2) Do not mark dependents live more then once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137401 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
89f920940de4b414616cabb310c37fa84ed2476a	11-Aug-2011	Anna Zaks <ganna@apple.com>	Analyzer Core: Adding support for user-defined symbol dependencies. (For example, the allocated resource symbol only needs to be freed if no error has been returned by the allocator, so a checker might want to make the lifespan of the error code symbol depend on the allocated resource symbol.) Note, by default, the map that holds the dependencies will get destroyed along with the SymbolManager at the end of function exploration. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137309 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
75eeeb173cd3f6425247d3686c19e49117834fc3	11-Aug-2011	Anna Zaks <ganna@apple.com>	Make SymbolManager comments doxygen friendly. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137290 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
0e89061a399bae32f0eca5b85658ad66a58c504d	11-Aug-2011	Anna Zaks <ganna@apple.com>	Cleanup: remove CleanedSate member and GetState() wrapper from StmtNodeBuilder, not needed as of r137273. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137284 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h oreEngine.h
db5e8cd095d1ffdd18f5620ad2348b5f386bebe3	11-Aug-2011	Anna Zaks <ganna@apple.com>	Cleanup: remove GetState() wrapper from ExprEngine, not needed as of r137273. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137279 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
6bd528b9d703fdea51053719d9c53504a61a6bd7	11-Aug-2011	Anna Zaks <ganna@apple.com>	Analyzer Core: In checkDeadSymbols checker callback, provide the state in which the symbols are not yet deleted so that checkers could inspect them. Since we are now always creating a transition in ProcessStmt(), remove the logic for adding a transition when none was generated. TODO: the extra transitions will have to be removed; more cleanups; a checker that tests teh new fucntionality. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137273 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h
bea2753da897ede723e70bcd17023d050b0603d0	06-Aug-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when determining if symbols derived from regions are still live. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137005 91177308-0d34-0410-b5e6-96231b3b80d8 nvironment.h tore.h ymbolManager.h
3f10e32b15e54f507aed90cb72d73c7acaa500bb	06-Aug-2011	Anna Zaks <ganna@apple.com>	Static Analyzer: Add a convinience API. Add comment. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137000 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h ymbolManager.h
70a34da7a767bda69958d8f659de9f87b03de747	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove recursive visitation in ExprEngine::VisitObjCForCollectionStmt because it isn't needed anymore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136519 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
4410a935e8d8ee3c903b858bbf74ca24fce629b5	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove explicit argument processing from ExprEngine::VisitObjCMessage() since it is no longer needed. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136518 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
882998923889a2fcce9b49696506c499e22cf38f	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs. The motivation of this large change is to drastically simplify the logic in ExprEngine going forward. Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings will be called frequently; this can also be improved over time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8 ymbolManager.h
fde18c53548769748b7a2fc59f5281fdec848686	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] add accessor to StoreRef. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136417 91177308-0d34-0410-b5e6-96231b3b80d8 toreRef.h
fa7a95c62aa573a30d87c215b320b0086ed08bdc	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136416 91177308-0d34-0410-b5e6-96231b3b80d8 tore.h
eea72a925f294225391ecec876a342771c09b635	29-Jul-2011	Ted Kremenek <kremenek@apple.com>	[analyzer] fix handling of MaterializeTemporaryExpr by binding the result value to the proper expression. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136412 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
d47d3b0cfeb7e8564ff77f48130fe63282b6d127	23-Jul-2011	Chris Lattner <sabre@nondot.org>	clean up forward declarations of raw_ostream to use the new LLVM.h patch by Jon Mulder! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135851 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h emRegion.h Vals.h ymbolManager.h
4fed22cdd8bb7d98127853ebb3f42be66bf2ce59	21-Jul-2011	Ted Kremenek <kremenek@apple.com>	Move AnalysisManager constructor out of line. No functionality change (yet). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135667 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
bc5cb8a5fe2b88f917d47ceb58b53696a121e57e	21-Jul-2011	Ted Kremenek <kremenek@apple.com>	Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135666 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
8cc488fefb2fb04bc8d5398da29f0182f97934cf	20-Jul-2011	Chris Lattner <sabre@nondot.org>	add raw_ostream and Twine to LLVM.h, eliminating a ton of llvm:: qualifications. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135577 91177308-0d34-0410-b5e6-96231b3b80d8 onstraintManager.h RState.h emRegion.h Vals.h tore.h ymbolManager.h
686775deca8b8685eb90801495880e3abdd844c2	20-Jul-2011	Chris Lattner <sabre@nondot.org>	now that we have a centralized place to do so, add some using declarations for some common llvm types: stringref and smallvector. This cleans up the codebase quite a bit. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135576 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h nvironment.h xplodedGraph.h Vals.h tore.h
165622faa4a472ff94352dee534e2adeaac9c824	15-Jul-2011	Ted Kremenek <kremenek@apple.com>	Add 'Contains()' method to GRStateTrait for ImmutableList. Patch by Rui Paulo. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135241 91177308-0d34-0410-b5e6-96231b3b80d8 RStateTrait.h
e5cfd52a3a5d4bb46f77323fa8fa0b973fcde7bc	26-May-2011	Ted Kremenek <kremenek@apple.com>	static analyzer: when conservatively evaluating functions, don't invalidate the values of globals when the called function is strlen. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132100 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h bjCMessage.h
5e9ebb3c0fb554d9285aa99c470abdf283272bd9	21-May-2011	Douglas Gregor <dgregor@apple.com>	A few more is(Un)signedIntegerType/is(Un)signedOrEnumerationType cleanups. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131793 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h ValBuilder.h
35bdbf40624beba3fc00cb72ab444659939c1a6b	02-May-2011	Ted Kremenek <kremenek@apple.com>	Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h RState.h tore.h ubEngine.h
6b4f567109d76ce1f1de289554e35f2a7bbeff6b	27-Apr-2011	Ted Kremenek <kremenek@apple.com>	Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130292 91177308-0d34-0410-b5e6-96231b3b80d8 nvironment.h RState.h
fc8f0e14ad142ed811e90fbd9a30e419e301c717	15-Apr-2011	Chris Lattner <sabre@nondot.org>	fix a bunch of comment typos found by codespell. Patch by Luis Felipe Strano Moraes! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h emRegion.h
235c02f79e0ece9463490aa87eaaa02bad300dac	12-Apr-2011	Ted Kremenek <kremenek@apple.com>	Teach GRState::getSValAsScalarOrLoc() about C++ references. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129329 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h
9fec9b1fbd32e71ce8acb701165fd6649b3d8285	12-Apr-2011	Ted Kremenek <kremenek@apple.com>	C++ static analysis: also invalidate fields of objects that are the callees in C++ method calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129308 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
d40066b0fb883839a9100e5455e33190b9b8abac	05-Apr-2011	Ted Kremenek <kremenek@apple.com>	Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes: 1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt. 2) Update ExprEngine (the static analyzer) to understand (1), so not to regress. 3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method. 4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases. The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer contained control-flow. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128858 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
8083414ee7cc8f5c807ed6a4e120fb4e0ab50ff8	03-Apr-2011	Ted Kremenek <kremenek@apple.com>	static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge. Patch by Lei Zhang! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128784 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
2bfa3019b8fb35931ca4927feaf25d39161b423e	02-Apr-2011	Zhongxing Xu <xuzhongxing@gmail.com>	Remove a redundant method. We have a const version. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h
422ab7a49a9a4252dbc6350e49d7a5708337b9c7	02-Apr-2011	Ted Kremenek <kremenek@apple.com>	Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128761 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h xprEngine.h
66750fa464ace9f8c41666c8585ec71a248c1cca	02-Apr-2011	Ted Kremenek <kremenek@apple.com>	static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128760 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
b277159055933e610bbc80262b600d3ad7e0595c	30-Mar-2011	Ted Kremenek <kremenek@apple.com>	Begin reworking static analyzer support for C++ method calls. The current logic was divorced from how we process ordinary function calls, had a tremendous about of redundancy, and relied strictly on inlining behavior (which was incomplete) to provide semantics instead of falling back to the conservative analysis we use for C functions. This is a significant step into making C++ analyzer support more useful. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128557 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
f4e3cfbe8abd124be6341ef5d714819b4fbd9082	11-Mar-2011	Peter Collingbourne <peter@pcc.me.uk>	Add support for the OpenCL vec_step operator, by generalising and extending the existing support for sizeof and alignof. Original patch by Guy Benyei. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127475 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
cf333339615da345c2ed6e873d94a501810d9f3f	09-Mar-2011	Ted Kremenek <kremenek@apple.com>	static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127288 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h ValBuilder.h tore.h toreRef.h
85f3d76c0ecfdefcf83ea44a57b7a16119c8a045	02-Mar-2011	John McCall <rjmccall@apple.com>	Move some of the logic about classifying Objective-C methods into conventional categories into Basic and AST. Update the self-init checker to use this logic; CFRefCountChecker is complicated enough that I didn't want to touch it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126817 91177308-0d34-0410-b5e6-96231b3b80d8 bjCMessage.h
3c0349e87cdbd7316d06d2411d86ee1086e717a5	01-Mar-2011	Ted Kremenek <kremenek@apple.com>	In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements. - Also, consoldiate getDtorKind() and getKind() into one "kind". - Add empty getDestructorDecl() method to CFGImplicitDtor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126738 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
25a792b0361d80337c75a14320f5be1b210066dc	01-Mar-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126734 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c	01-Mar-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Rename CheckerV2 -> Checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h RState.h
d26a475068535834bbebd87f429ec773d6227e41	01-Mar-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Remove Checker V1. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126725 91177308-0d34-0410-b5e6-96231b3b80d8 hecker.h heckerVisitor.def heckerVisitor.h
eb48bd1dd4168ab206a330bf523659170291a6a0	01-Mar-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Remove checker V1 registration and running from ExprEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126724 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
9f8862aa64300ef97b8fe85034ee93bbc03e3b7b	01-Mar-2011	Zhanyong Wan <wan@google.com>	Improves the coding style in SValBuilder. This patch: - renames evalCastNL and evalCastL to evalCastFromNonLoc and evalCastFromLoc (avoid abbreviations that aren't well known). - makes all function parameter names start with a lower case letter for consistency and distinction from member variables. - avoids abbreviations in function parameter names. Reviewed by kremenek@apple.com. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126722 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
d3bf3c0287a057eafe4b5d5588ebbb29f40ab6e1	28-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Introduce SVal::getAsVarDecl(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126627 91177308-0d34-0410-b5e6-96231b3b80d8 Vals.h
8be5b3aced37e1c7728741c60d47011f11649a58	24-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Migrate ArrayBoundChecker to CheckerV2. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126371 91177308-0d34-0410-b5e6-96231b3b80d8 heckerContext.h
f178ac8b68b29e44867777232ba8fee59edc4037	23-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Refactor EndOfFunctionNodeBuilder. -Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a checker tag and not require the checkers to pass a tag. -For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since there are actual calls that assume the second parameter is ExplodedNode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126332 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h
769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5	22-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Start moving the path-sensitive checkers to CheckerV2. -Migrate ObjCSelfInitChecker to CheckerV2. In the process remove the 'preCallSelfFlags' field from the checker class and use GRState for storing that info. -Get ExprEngine to start delegating checker running to CheckerManager. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126229 91177308-0d34-0410-b5e6-96231b3b80d8 xprEngine.h
6bcb48dc67e417e0ecce803f28d13bbea2ee0243	22-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Separate CheckerContext into its own include file. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126228 91177308-0d34-0410-b5e6-96231b3b80d8 hecker.h heckerContext.h
9fc8fdd79c5ecf30833ccc0dd5e14be7aa884470	22-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Fix GRStatePartialTrait<bool> and introduce GRStatePartialTrait<unsigned>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126227 91177308-0d34-0410-b5e6-96231b3b80d8 RStateTrait.h
09fe4a55248bd28a950ec4ba19900e5892be42f6	19-Feb-2011	Ted Kremenek <kremenek@apple.com>	Change 'StoreRef' back to 'Store' in GRState, shrinking the size of GRState back by one pointer. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126020 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h
370e6e984cc32167228b66eaf9610c010da0d794	19-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Fix crash when analyzing C++ code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126013 91177308-0d34-0410-b5e6-96231b3b80d8 ValBuilder.h
77a4d5687c2cb3199c689892c9d040a94ff270af	19-Feb-2011	Ted Kremenek <kremenek@apple.com>	Add 'StoreRef' smart pointer to allow more fine-grain memory lifetime control of Store objects. This yields a minor memory reduction (for larger functions) on Sqlite at the cost of slightly higher memory usage on some functions because of the increased size of GRState (which can be optimized). I expect the real memory savings from this enhancement will come when we aggressively canabilize more of the ExplodedGraph. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126012 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h tore.h
f4699d14b03d805ad9ccaa6288836ac2a8612925	18-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Fix a crash when analyzing C++ code. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125958 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h
ad8dcf4a9df0e24051dc31bf9e6f3cd138a34298	17-Feb-2011	Chris Lattner <sabre@nondot.org>	Step #1/N of implementing support for __label__: split labels into LabelDecl and LabelStmt. There is a 1-1 correspondence between the two, but this simplifies a bunch of code by itself. This is because labels are the only place where we previously had references to random other statements, causing grief for AST serialization and other stuff. This does cause one regression (attr(unused) doesn't silence unused label warnings) which I'll address next. This does fix some minor bugs: 1. "The only valid attribute " diagnostic was capitalized. 2. Various diagnostics printed as ''labelname'' instead of 'labelname' 3. This reduces duplication of label checking between functions and blocks. Review appreciated, particularly for the cindex and template bits. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125733 91177308-0d34-0410-b5e6-96231b3b80d8 oreEngine.h ValBuilder.h Vals.h
7dfc9420babe83e236a47e752f8723bd06070d9d	16-Feb-2011	Zhanyong Wan <wan@google.com>	Makes most methods in SVals.h conform to the naming guide. Reviewed by kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8 asicValueFactory.h RState.h ValBuilder.h Vals.h
43dee220252ef0b42c5f8a3bb1eca97f84f2565f	14-Feb-2011	Argyrios Kyrtzidis <akyrtzi@gmail.com>	[analyzer] Overhauling of the checker registration mechanism. -Checkers will be defined in the tablegen file 'Checkers.td'. -Apart from checkers, we can define checker "packages" that will contain a collection of checkers. -Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g: Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker: -analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit -Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and register them with the CheckerManager which will be the entry point for all checker-related functionality. Currently only the self-initialization checker takes advantage of the new mechanism. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125503 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h
7502c1d3ce8bb97bcc4f7bebef507040bd93b26f	13-Feb-2011	John McCall <rjmccall@apple.com>	Give some convenient idiomatic accessors to Stmt::child_range and Stmt::const_child_range, then make a bunch of places use them instead of the individual iterator accessors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125450 91177308-0d34-0410-b5e6-96231b3b80d8 heckerHelpers.h
b715a7cef11664c1c47cfc3dcc503aadc58b6cac	12-Feb-2011	Ted Kremenek <kremenek@apple.com>	Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125427 91177308-0d34-0410-b5e6-96231b3b80d8 RStateTrait.h
2534528c22260211a073e192c38d0db84c70c327	11-Feb-2011	Ted Kremenek <kremenek@apple.com>	Rename 'InvalidateRegions()' to 'invalidateRegions()'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h tore.h
a9d5c30635729f076d77b4eb8d2f413b04301a89	11-Feb-2011	Ted Kremenek <kremenek@apple.com>	Allow the 'Eng' entry in GRStateManager to be a (possibly null) pointer instead of a reference. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125362 91177308-0d34-0410-b5e6-96231b3b80d8 RState.h
e40b69de464bc695afcaf7ef9602ad727d77b981	10-Feb-2011	Ted Kremenek <kremenek@apple.com>	static analyzer: Make GRStates reference counted, with reference counts managed by ExplodedNodes. This reduces memory usage of the analyzer on sqlite by another 5%. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125260 91177308-0d34-0410-b5e6-96231b3b80d8 xplodedGraph.h RState.h
9b663716449b618ba0390b1dbebc54fa8e971124	10-Feb-2011	Ted Kremenek <kremenek@apple.com>	Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'. This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8 nalysisManager.h asicValueFactory.h lockCounter.h hecker.h heckerHelpers.h heckerVisitor.def heckerVisitor.h onstraintManager.h oreEngine.h nvironment.h xplodedGraph.h xprEngine.h xprEngineBuilders.h RState.h RStateTrait.h emRegion.h bjCMessage.h ValBuilder.h Vals.h tore.h ubEngine.h ummaryManager.h ymbolManager.h ransferFuncs.h orkList.h