History log of /external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 29-May-2014 Stephen Hines <srhines@google.com> Update Clang for 3.5 rebase (r209713).

Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
651f13cea278ec967336033dd032faef0e9fc2ec 24-Apr-2014 Stephen Hines <srhines@google.com> Updated to Clang 3.5a.

Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
b7a747b0c271faeeb8d0f886f0e691eb25f637d9 17-Nov-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).

New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like

char *f() {
void *x = malloc(47);
char *a;
memcpy(&a, &x, sizeof a);
return a;
}

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8 25-Sep-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future.
With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters.

This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
d207f55cd58054aab77edca35b3e7f645738dfe2 19-Aug-2013 Pavel Labath <labath@google.com> [analyzer] Fix inefficiency in dead symbol removal

Summary:
ScanReachableSymbols uses a "visited" set to avoid scanning the same object
twice. However, it did not use the optimization for LazyCompoundVal objects,
which resulted in exponential complexity for long chains of temporary objects.
Adding this resulted in a decrease of analysis time from >3h to 3 seconds for
some files.

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1398

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
7f1fd2f182717d5ce6cde60398128910c90f98be 29-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation

This gives slightly better precision, specifically, in cases where a non-typed region represents the array
or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
00ffb8079b14cade816d8f668675e853e613dee0 06-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove now-unused bindCompoundLiteral helper function.

The one user has been changed to use getLValue on the compound literal
expression and then use the normal bindLoc to assign a value. No need
to special case this in the StoreManager.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
a5796f87229b4aeebca71fa6ee1790ae7a5a0382 09-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace isIntegerType() with isIntegerOrEnumerationType().

Previously, the analyzer used isIntegerType() everywhere, which uses the C
definition of "integer". The C++ predicate with the same behavior is
isIntegerOrUnscopedEnumerationType().

However, the analyzer is /really/ using this to ask if it's some sort of
"integrally representable" type, i.e. it should include C++11 scoped
enumerations as well. hasIntegerRepresentation() sounds like the right
predicate, but that includes vectors, which the analyzer represents by its
elements.

This commit audits all uses of isIntegerType() and replaces them with the
general isIntegerOrEnumerationType(), except in some specific cases where
it makes sense to exclude scoped enumerations, or any enumerations. These
cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>()
plus BuiltinType::isInteger().

isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and
include/clang/StaticAnalysis. :-)

Fixes real assertion failures. PR15703 / <rdar://problem/12350701>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
658a28479dd775f6ff2c07fa5699a7ea01e04127 02-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated

Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore
about processing LazyCompoundVal as a top-level “escaping” value.

This addresses several false positives that get triggered by the NewDelete checker, but the
underlying issue is reproducible with other checkers as well (for example, MallocChecker).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66 20-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Invalidate regions indirectly accessible through const pointers.

In this case, the value of 'x' may be changed after the call to indirectAccess:

struct Wrapper {
int *ptr;
};

void indirectAccess(const Wrapper &w);

void test() {
int x = 42;
Wrapper w = { x };

clang_analyzer_eval(x == 42); // TRUE
indirectAccess(w);
clang_analyzer_eval(x == 42); // UNKNOWN
}

This is important for modelling return-by-value objects in C++, to show
that the contents of the struct are escaping in the return copy-constructor.

<rdar://problem/13239826>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
962fbc46664f2486d6805549130fa6b310de6d60 07-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Clean up a few doc comments for ProgramState and CallEvent.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176600 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
cc5dbdae70c6eb2423921f52a35ba4686d2969cf 02-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Simple inline defensive checks suppression

Inlining brought a few "null pointer use" false positives, which occur because
the callee defensively checks if a pointer is NULL, whereas the caller knows
that the pointer cannot be NULL in the context of the given call.

This is a first attempt to silence these warnings by tracking the symbolic value
along the execution path in the BugReporter. The new visitor finds the node
in which the symbol was first constrained to NULL. If the node belongs to
a function on the active stack, the warning is reported, otherwise, it is
suppressed.

There are several areas for follow up work, for example:
- How do we differentiate the cases where the first check is followed by
another one, which does happen on the active stack?

Also, this only silences a fraction of null pointer use warnings. For example, it
does not do anything for the cases where NULL was assigned inside a callee.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176402 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
dc84cd5efdd3430efb22546b4ac656aa0540b210 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Include llvm::Optional in clang/Basic/LLVM.h

Post-commit CR feedback from Jordan Rose regarding r175594.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
5251abea41b446c26e3239c8dd6c7edea6fc335d 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace SVal llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
64eb070234bc4cd4fd2debf3a91c6e2d8f0d32d8 16-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Refactor: parameter rename.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172595 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
1655bcd052a67a3050fc55df8ecce57342352e68 21-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's nitpicks as per code review of r170625.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
bf53dfac8195835028bd6347433f7dbebcc29fc1 20-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
7affe151f5689b2d3547b8947c4099532c78a021 06-Dec-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove bindExprAndLocation, which does extra work for no gain.

This feature was probably intended to improve diagnostics, but was currently
only used when dumping the Environment. It shows what location a given value
was loaded from, e.g. when evaluating an LValueToRValue cast.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169522 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
30a2e16f6c27f888dd11eba6bbbae1e980078fcb 04-Dec-2012 Chandler Carruth <chandlerc@gmail.com> Sort #include lines for all files under include/...

This is a simpler sort, entirely automatic with the help of
llvm/utils/sort_includes.py -- no manual edits here.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169238 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
e5a934d3c840872d58724383a83443ed38f1d831 13-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove the "direct bindings only" Environment lookup.

This was only used by OSAtomicChecker and makes it more
difficult to update values for expressions that the environment
may look through instead (it's not the same as IgnoreParens).
With this gone, we can have bindExpr bind to the inner
expression that getSVal will find.

Groundwork for <rdar://problem/12137950>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165866 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
ca5d78d0bc3010164f2f9682967d64d7e305a167 01-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Make ProgramStateManager's SubEngine parameter optional.

It is possible and valid to have a state manager and associated objects
without having a SubEngine or checkers.

Patch by Olaf Krzikalla!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164947 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
afbb66262948732dc0f9617ffd80768c7145e0c7 26-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove 'const' version of getBasicVals(), which is useless.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164643 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
be2fa7ebf01259b63dc52fe46c8d101c18e72269 18-Sep-2012 Craig Topper <craig.topper@gmail.com> Mark unimplemented copy constructors and copy assignment operators with LLVM_DELETED_FUNCTION.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164102 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
ce15cce38c34ae73348457da73c52df81cde3588 09-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove dead method ProgramState::MarshalState().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163479 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9 08-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove ProgramState::getSymVal(). It was being misused by Checkers,
with at least one subtle bug in MacOSXKeyChainAPIChecker where the
calling the method was a substitute for assuming a symbolic value
was null (which is not the case).

We still keep ConstraintManager::getSymVal(), but we use that as
an optimization in SValBuilder and ProgramState::getSVal() to
constant-fold SVals. This is only if the ConstraintManager can
provide us with that information, which is no longer a requirement.
As part of this, introduce a default implementation of
ConstraintManager::getSymVal() which returns null.

For Checkers, introduce ConstraintManager::isNull(), which queries
the state to see if the symbolic value is constrained to be a null
value. It does this without assuming it has been implicitly constant
folded.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
53b890ba226e8c84a157ab5e757b93666cc6859d 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] More fixups/rewording based on Jordan's feedback.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162597 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
e54778d77d4f2b2d006bdb7e16f49271e1e9d13d 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Move DynamicTypeInfo out of the ProgramState.h

(I am not sure if we should move the setters and getters as well and
make them into static methods..)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162528 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
1becab2120142b1be87d684a68d3bea98f5abfb5 22-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Add more comments to CallEvent and RuntimeDefinition.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162399 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
56a46b51df691f857f7120aaf2d4deeff0b014de 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to
'killBinding()'. The name is more specific, and one just forwarded
to the other.

Add some doxygen comments along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
32a549a64922af0903bdb777613ae7ae4490b70f 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and
all forwarding methods.

This functionality is already covered by bindLoc().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
5be88dc79d2768d67371103b6535fb8c4a6f27a1 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and
add doxygen comments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
0ad36baedc516005cb6ea97d96327517ebfe5138 15-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Correctly devirtualize virtual method calls in destructors.

C++11 [class.cdtor]p4: When a virtual function is called directly or
indirectly from a constructor or from a destructor, including during
the construction or destruction of the class’s non-static data members,
and the object to which the call applies is the object under
construction or destruction, the function called is the final overrider
in the constructor's or destructor's class and not one overriding it in
a more-derived class.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9 10-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Track if a region can be a subclass in the dynamic type info.

When object is allocated with alloc or init, we assume it cannot be a
subclass (currently used only for bifurcation purposes).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
d4fe57f7f7a8793227effc1274d70ec44cee9a4f 09-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename the function to better reflect what it actually does.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161617 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
e0d24eb1060a213ec9820dc02c45f26b2d5b348b 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Revamp RegionStore to distinguish regions with symbolic offsets.

RegionStore currently uses a (Region, Offset) pair to describe the locations
of memory bindings. However, this representation breaks down when we have
regions like 'array[index]', where 'index' is unknown. We used to store this
as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC).

Furthermore, ProgramState::scanReachableSymbols depended on the existence of
a sub-region map, but RegionStore's implementation doesn't provide for such
a thing. Moving the store-traversing logic of scanReachableSymbols into the
StoreManager allows us to eliminate the notion of SubRegionMap altogether.

This fixes some particularly awkward broken test cases, now in
array-struct-region.c.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
c7ecc43c33a21b82c49664910b19fcc1f555aa51 07-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Add a checker to manage dynamic type propagation.

Instead of sprinkling dynamic type info propagation throughout
ExprEngine, the added checker would add the more precise type
information on known APIs (Ex: ObjC alloc, new) and propagate
the type info in other cases (ex: ObjC init method, casts (the second is
not implemented yet)).

Add handling of ObjC alloc, new and init to the checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
148fee988e32efcad45ecf7b3bf714880c657dda 03-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] ObjC Inlining: Start tracking dynamic type info in the GDM

In the following code, find the type of the symbolic receiver by
following it and updating the dynamic type info in the state when we
cast the symbol from id to MyClass *.

MyClass *a = [[self alloc] init];
return 5/[a testSelf];

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161264 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
2d18419a7c8f9a2975d4ed74a202de6467308ad1 30-Jul-2012 Anna Zaks <ganna@apple.com> [analyzer] Very simple ObjC instance method inlining

- Retrieves the type of the object/receiver from the state.
- Binds self during stack setup.
- Only explores the path on which the method is inlined (no
bifurcation to explore the path on which the method is not inlined).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
972a3680bdd95f2e9d6316b391f1c47513dc78cc 30-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Introduce a CallEventManager to keep a pool of CallEvents.

This allows us to get around the C++ "virtual constructor" problem
when we'd like to create a CallEvent from an ExplodedNode, an inlined
StackFrameContext, or another CallEvent. The solution has three parts:

- CallEventManager uses a BumpPtrAllocator to allocate CallEvent-sized
memory blocks. It also keeps a cache of freed CallEvents for reuse.
- CallEvents all have protected copy constructors, along with cloneTo()
methods that use placement new to copy into CallEventManager-managed
memory, vtables intact.
- CallEvents owned by CallEventManager are now wrapped in an
IntrusiveRefCntPtr. Going forwards, it's probably a good idea to create
ALL CallEvents through the CallEventManager, so that we don't accidentally
try to reclaim a stack-allocated CallEvent.

All of this machinery is currently unused but will be put into use shortly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160983 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e 26-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle C++ member initializers and destructors.

This uses CFG to tell if a constructor call is for a member, and uses
the member's region appropriately.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Use CallEvent for building inlined stack frames.

In order to accomplish this, we now build the callee's stack frame
as part of the CallEnter node, rather than the subsequent BlockEdge node.
This should not have any effect on perceived behavior or diagnostics.

This makes it safe to re-enable inlining of member overloaded operators.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
740d490593e0de8732a697c9f77b90ddd463863b 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a new abstraction over all types of calls: CallEvent

This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
2df3a7a58b37d87ebf9e5e9251d56d1f8506f8b6 20-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove dead code.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
591b5f53c0e11d87401b4804bb1be1a53f95c619 19-May-2012 Anna Zaks <ganna@apple.com> [analyzer] For locations, use isGLValue() instead of isLValue().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157088 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
4335a48214dcbb258e08c8867c45648e25edb2ec 10-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] + comments

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154433 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
e739a29c62c67eaec0af5c4d5c75f9e8f11228bd 28-Feb-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Don't generate an explicit ExplodedNode for StringLiterals; have the SVal lazily generated from Environment::getSVal().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151589 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
3133f79cf451e6302dd05262b4bb53a3e4fd6300 18-Feb-2012 Ted Kremenek <kremenek@apple.com> Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
6f42b62b6194f53bcbc349f5d17388e1936535d7 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import OwningPtr<> into clang namespace

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
a5888f61be9f8d76e9b48a453dbced50523bd2e0 31-Jan-2012 Argyrios Kyrtzidis <akyrtzi@gmail.com> Reapply r149311 which I reverted by mistake.

Original log:

Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.
# Please enter the commit message for your changes. Lines starting

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149339 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
b9b0f6fb6e113b5e6be3ed9754c4bf01186a17bf 31-Jan-2012 Argyrios Kyrtzidis <akyrtzi@gmail.com> Revert r149311 which failed to compile.

Original log:

Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149336 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
72e93068c9f2a2f05f5932cdd917c0d2961f11d9 31-Jan-2012 Ted Kremenek <kremenek@apple.com> Convert ProgramStateRef to a smart pointer for managing the reference counts of ProgramStates. This leads to a slight memory
improvement, and a simplification of the logic for managing ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149311 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
af5f550de34525b27f0ff31dafce792caf8158b6 30-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
8bef8238181a30e52dea380789a7e2d760eac532 26-Jan-2012 Ted Kremenek <kremenek@apple.com> Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
be97b7edb112520d764c24e8b9a159cdc692bcb6 20-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Skip casts when determining taint dependencies + pretty
printing.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148517 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
0849ade4bb3e90c2fc0ce01ccd330f76f91da732 12-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e 12-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename Store::Retrieve() -> getBinding().

+ all the other Retrieve..() methods + a comment for ElementRegion.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
9f03b62036a7abc0a227b17f4a49b9eefced9450 07-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add basic format string vulnerability checking.

We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
5eca482fe895ea57bc82410222e6426c09e63284 06-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 05-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars

* invalidated by functions defined in system headers:
B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
99ba9e3bd70671f3441fb974895f226a83ce0e66 20-Dec-2011 David Blaikie <dblaikie@gmail.com> Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146959 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
28fd98d66dab4569316de2b5881d91b534a42461 14-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Minor refactor to addTaint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146535 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
dcf06fa1fbb9c018e152629ef3f3fa7b1acffe7a 07-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Propagate taint through MemRegions.
SVal can be not only a symbol, but a MemRegion. Add support for such
cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146006 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
d0167853f46cc78787b06255a44f9dcedd04a8ec 05-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Add ability to do a simple ProgramState dump() without
requiring CFG.

Adding more ugly code; the evnvironment printing should be moved to
envirnment at some point.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145828 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
ceac1d6e0521161adf7ac9834b1a7ad79d73fea4 16-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Adding basic building blocks for taint propagation.
TaintTag.h will contain definitions of different taint kinds and their properties.
TaintManager will be responsible for implementing taint specific operations, storing taint.
ProgramState will provide API to add/remove taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
5f625712f622f6e57de17b6f7eec242956b993ee 22-Sep-2011 Anna Zaks <ganna@apple.com> ST->scanReachableSymbols() is creating a SubRegionMap (SRM) on every call since one SRM is created in each ScanReachableSymbols instance. Creating the object just once and calling only scan inside the loop gives ~ 14% speed up of the StaticAnalyzer run (Release+Asserts).

Pull out the declaration of the ScanReachableSymbols so that it can be used directly. Document ProgramState::scanReachableSymbols() methods.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
dbd658e139b3e0bf084f75feaea8d844af9e319f 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Introduce a new callback for checkers, printState, to be used for debug-printing the contents of a ProgramState.

Unlike the other callbacks, this one is a simple virtual method, since it is only to be used for debugging.

This new callback replaces the old ProgramState::Printer interface, and allows us to move the printing of refcount bindings from CFRefCount to RetainReleaseChecker.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138728 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
537716ad8dd10f984b6cfe6985afade1185c5e3c 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.

Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.

Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h
ae160f880d183ab938fd7ce3b891694ae2f569c0 16-Aug-2011 Ted Kremenek <kremenek@apple.com> Add missing header files.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137676 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/include/clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h