• Home
  • History
  • Annotate
  • only in /external/clang/lib/StaticAnalyzer/Checkers/
History log of /external/clang/lib/StaticAnalyzer/Checkers/
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
ef8225444452a1486bd721f3285301fe84643b00 21-Jul-2014 Stephen Hines <srhines@google.com> Update Clang for rebase to r212749.

This also fixes a small issue with arm_neon.h not being generated always.

Includes a cherry-pick of:
r213450 - fixes mac-specific header issue
r213126 - removes a default -Bsymbolic on Android

Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d
ndroid.mk
asicObjCFoundationChecks.cpp
MakeLists.txt
heckers.td
ereferenceChecker.cpp
etainCountChecker.cpp
estAfterDivZeroChecker.cpp
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 29-May-2014 Stephen Hines <srhines@google.com> Update Clang for 3.5 rebase (r209713).

Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
nalyzerStatsChecker.cpp
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
hrootChecker.cpp
eadStoresChecker.cpp
ynamicTypePropagation.cpp
xprInspectionChecker.cpp
enericTaintChecker.cpp
varInvalidationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
onNullParamChecker.cpp
bjCContainersASTChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
eturnUndefChecker.cpp
electorExtras.h
impleStreamChecker.cpp
treamChecker.cpp
raversalChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
651f13cea278ec967336033dd032faef0e9fc2ec 24-Apr-2014 Stephen Hines <srhines@google.com> Updated to Clang 3.5a.

Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
nalyzerStatsChecker.cpp
ndroid.mk
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
oolAssignmentChecker.cpp
MakeLists.txt
StringChecker.cpp
StringSyntaxChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
heckers.td
hrootChecker.cpp
eadStoresChecker.cpp
ebugCheckers.cpp
ereferenceChecker.cpp
irectIvarAssignment.cpp
ivZeroChecker.cpp
xprInspectionChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
denticalExprChecker.cpp
varInvalidationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
onNullParamChecker.cpp
bjCAtSyncChecker.cpp
bjCContainersASTChecker.cpp
bjCContainersChecker.cpp
bjCMissingSuperCallChecker.cpp
bjCSelfInitChecker.cpp
bjCUnusedIVarsChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
impleStreamChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
229d345dd5a73ef6ba75d1d730ecf96e8dc9ecec 08-Feb-2014 Stephen Hines <srhines@google.com> Update clang for merge to LLVM 3.4.

Update TableGen rules:
- AttrExprArgs
+ AttrIdentifierArg
+ AttrParsedAttrImpl
+ AttrTypeArg

Update config.h files.

Adjust Android.mk for added/removed files:

+ TransProtectedScope.cpp

- DumpXML.cpp

+ Consumed.cpp

+ CodeGenABITypes.cpp

+ SanitizerArgs.cpp

+ AllocationDiagnostics.cpp
- CommonBugCategories.cpp
+ IdenticalExprChecker.cpp

+ CommonBugCategories.cpp
- SymbolManager.cpp
- TextPathDiagnostics.cpp
+ SymbolManager.cpp

Change-Id: I73bea10e7e73e611f678bc5bf9935e26da63be17
ndroid.mk
1fab7c3e3bd97a909a80b1bfea1909c6e7347fc0 12-Feb-2014 Stephen Hines <srhines@google.com> Merge remote-tracking branch 'upstream/release_34' into merge-20140211

Conflicts:
lib/Basic/Targets.cpp
lib/Sema/SemaDeclAttr.cpp

Change-Id: I17ca7161f32007272ee82036d237d051847dd02e
b7a747b0c271faeeb8d0f886f0e691eb25f637d9 17-Nov-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Better modeling of memcpy by the CStringChecker (PR16731).

New rules of invalidation/escape of the source buffer of memcpy: the source buffer contents is invalidated and escape while the source buffer region itself is neither invalidated, nor escape.
In the current modeling of memcpy the information about allocation state of regions, accessible through the source buffer, is not copied to the destination buffer and we can not track the allocation state of those regions anymore. So we invalidate/escape the source buffer indirect regions in anticipation of their being invalidated for real later. This eliminates false-positive leaks reported by the unix.Malloc and alpha.cplusplus.NewDeleteLeaks checkers for the cases like

char *f() {
void *x = malloc(47);
char *a;
memcpy(&a, &x, sizeof a);
return a;
}

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194953 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
6973a27866b176b1cf4e3e3ebcf0196e101b85dd 14-Nov-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Treat MSVC's _wassert as noreturn.

This makes sure the analyzer actually honors assert() in an MSVC project.

Patch by Anders Montonen!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194716 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
91934df3ce399e5938695b939943f92e7ff00483 14-Nov-2013 Benjamin Kramer <benny.kra@googlemail.com> Move classes into anonymous namespaces.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194706 91177308-0d34-0410-b5e6-96231b3b80d8
denticalExprChecker.cpp
6b1a4c83fb661c612c4a872d6c85e7a1aecd044f 08-Nov-2013 Jordan Rose <jordan_rose@apple.com> Revert 'Tweak ContainerNonEmptyMap with "int" instead of "bool"'.

I've added the missing ImutProfileInfo [sic] specialization for bool,
so this patch on r194235 is no longer needed.

This reverts r194244 / 2baea2887dfcf023c8e3560e5d4713c42eed7b6b.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194265 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
2baea2887dfcf023c8e3560e5d4713c42eed7b6b 08-Nov-2013 NAKAMURA Takumi <geek4civic@gmail.com> StaticAnalyzer/Checkers/BasicObjCFoundationChecks.cpp: Tweak ContainerNonEmptyMap with "int" instead of "bool", to appease building since r194235.

In ADT/ImmutableSet, ImutProfileInfo<bool> cannot be matched to ImutProfileInteger.
I didn't have idea it'd the right way if PROFILE_INTEGER_INFO(bool) could be added there.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194244 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
9a7a568821b85cc83b80056268ef0dc32aecea12 08-Nov-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Add IdenticalExprChecker, to find copy-pasted code.

This syntactic checker looks for expressions on both sides of comparison
operators that are structurally the same. As a special case, the
floating-point idiom "x != x" for "isnan(x)" is left alone.

Currently this only checks comparison operators, but in the future we could
extend this to include logical operators or chained if-conditionals.

Checker by Per Viberg!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194236 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
denticalExprChecker.cpp
219103d76a10b35b5a1e8d2b6737cf724a7cfee7 08-Nov-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Track whether an ObjC for-in loop had zero iterations.

An Objective-C for-in loop will have zero iterations if the collection is
empty. Previously, we could only detect this case if the program asked for
the collection's -count /before/ the for-in loop. Now, the analyzer
distinguishes for-in loops that had zero iterations from those with at
least one, and can use this information to constrain the result of calling
-count after the loop.

In order to make this actually useful, teach the checker that methods on
NSArray, NSDictionary, and the other immutable collection classes don't
change the count.

<rdar://problem/14992886>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194235 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
741c5411f491a12cd965c9f5ebdff742eddbdc79 04-Nov-2013 Anna Zaks <ganna@apple.com> [analyzer] Track the count of NSOrderedSet similarly to other fast enumerations.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@194005 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
9cf772554d75f0a370b34a853de9207be3a07890 28-Oct-2013 NAKAMURA Takumi <geek4civic@gmail.com> StaticAnalyzer/Checkers/DynamicTypePropagation.cpp: Fix in comments. 80-col and an utf8 char.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193513 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
d29849e9ab180bbedfb69a58b24d0f7737850f7f 20-Oct-2013 Benjamin Kramer <benny.kra@googlemail.com> Forgot some references to misspelled enums.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193047 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
063820655db8121f0022a7c51458463c7250324c 20-Oct-2013 Benjamin Kramer <benny.kra@googlemail.com> Miscellaneous speling fixes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193046 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
31b71f3097a338315a144067dde5b160c4e44fc9 07-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] ArrayRef-ize BugReporter::EmitBasicReport.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192114 91177308-0d34-0410-b5e6-96231b3b80d8
StringSyntaxChecker.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
bjCContainersASTChecker.cpp
irtualCallChecker.cpp
391165f4b6e90918dd8b97d6970617591821a8d8 07-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: add support for CFAutorelease.

<rdar://problems/13710586&13710643>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@192113 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
edcc199f5861dd8ad1ec3ad1b83512d2a92e515a 04-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace bug category magic strings with shared constants, take 2.

Re-commit r191910 (reverted in r191936) with layering violation fixed, by
moving the bug categories to StaticAnalyzerCore instead of ...Checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191937 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
StringChecker.cpp
heckSizeofPointer.cpp
langSACheckers.h
ommonBugCategories.cpp
10a61586e12fcd94dad877cbcf09cc34aec980d8 04-Oct-2013 Richard Smith <richard-llvm@metafoo.co.uk> Temporarily revert r191910 until the layering violation can be fixed.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191936 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckSizeofPointer.cpp
ommonBugCategories.cpp
4587cace907ed9a68256bdae506fbb8d93ac232c 03-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace bug category magic strings with shared constants.

One small functionality change is to bring the sizeof-pointer checker in
line with the other checkers by making its category be "Logic error"
instead of just "Logic". There should be no other functionality changes.

Patch by Daniel Marjamäki!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191910 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckSizeofPointer.cpp
ommonBugCategories.cpp
d000b852022bcd4fc14029b48d2fa873f63e4032 03-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Add new debug helper clang_analyzer_warnIfReached.

This will emit a warning if a call to clang_analyzer_warnIfReached is
executed, printing REACHABLE. This is a more explicit way to declare
expected reachability than using clang_analyzer_eval or triggering
a bug (divide-by-zero or null dereference), and unlike the former will
work the same in inlined functions and top-level functions. Like the
other debug helpers, it is part of the debug.ExprInspection checker.

Patch by Jared Grubb!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191909 91177308-0d34-0410-b5e6-96231b3b80d8
xprInspectionChecker.cpp
7453624b98817f06d28ed2abe39c98805cfec623 02-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Add missing return after function pointer null check.

Also add some tests that there is actually a message and that the bug is
actually a hard error. This actually behaved correctly before, because:

- addTransition() doesn't actually add a transition if the new state is null;
it assumes you want to propagate the predecessor forward and does nothing.
- generateSink() is called in order to emit a bug report.
- If at least one new node has been generated, the predecessor node is /not/
propagated forward.

But now it's spelled out explicitly.

Found by Richard Mazorodze, who's working on a patch that may require this.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191805 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
81557223ba8d7ef8b0468a6e1dc8fc79f2de46f2 25-Sep-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle destructors for the argument to C++ 'delete'.

Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.

This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.

Patch by Karthik Bhat!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191381 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
767b3d2000a00c56e1a3c19372810e2b7d66b76c 22-Sep-2013 Benjamin Kramer <benny.kra@googlemail.com> Fix array_pod_sort predicates after LLVM change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191176 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
2d46cc271e209ff6d4ec8f77d242288ef51cf79b 22-Sep-2013 Benjamin Kramer <benny.kra@googlemail.com> array_pod_sort loses some type safety, better use the right types.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191174 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
52e2d30430981289736e03d891db91af6b1397c5 22-Sep-2013 Benjamin Kramer <benny.kra@googlemail.com> Rewrite a cold use of std::sort to array_pod_sort.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191173 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
73fa2525b4d8b9768dbc1e5a09976d6f9e568e23 17-Sep-2013 Anna Zaks <ganna@apple.com> [analyzer] Stop tracking the objects with attribute cleanup in the RetainCountChecker.

This suppresses false positive leaks. We stop tracking a value if it is assigned to a variable declared with a cleanup attribute.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190835 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
30845189af590de0af68ad9c7c47dd789ee28df2 16-Sep-2013 Anton Yartsev <anton.yartsev@gmail.com> New message for cases when ownership is taken:
"+method_name: cannot take ownership of memory allocated by 'new'."
instead of the old
"Memory allocated by 'new' should be deallocated by 'delete', not +method_name"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190800 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
57b1da1588a3f5785ad8bd5d9f2d795d685e1058 14-Sep-2013 Cameron Esfahani <dirty@apple.com> Clean up some Triple usage in clang.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190737 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
a1ec2b0dbfd33cc3b4b7ac003a390995fc2305c6 13-Sep-2013 Jordan Rose <jordan_rose@apple.com> Fix two incorrect comments.

Patch by Jared Grubb!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190652 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
2d2aed29220dcad17c36479901281376e36637eb 11-Sep-2013 Eli Friedman <eli.friedman@gmail.com> Get rid of unused isPodLike definition.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190463 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
caa5ab264ddea332e8423af1ebcea50d0cb37206 03-Sep-2013 Aaron Ballman <aaron@aaronballman.com> Switched FormatAttr to using an IdentifierArgument instead of a StringArgument since that is a more accurate modeling.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189851 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
344472ebeded2fca2ed5013b9e87f81d09bfa908 23-Aug-2013 Robert Wilhelm <robert.wilhelm@gmx.net> Use pop_back_val() instead of both back() and pop_back().
No functionality change intended.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189112 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
51718e3555404192040a5fad715367bc4cef22fb 19-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't run unreachable code checker on inlined functions.

This is still an alpha checker, but we use it in certain tests to make sure
something is not being executed.

This should fix the buildbots.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188682 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
a728e927c6e58f26b2c8615a8baa761d2f157e4b 19-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Assume that strings are no longer than SIZE_MAX/4.

This keeps the analyzer from making silly assumptions, like thinking
strlen(foo)+1 could wrap around to 0. This fixes PR16558.

Patch by Karthik Bhat!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188680 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
7d0dcd2de023e2667a3f1f14daff9d087fab9bf7 19-Aug-2013 Jordan Rose <jordan_rose@apple.com> Omit arguments of __builtin_object_size from the CFG.

This builtin does not actually evaluate its arguments for side effects,
so we shouldn't include them in the CFG. In the analyzer, rely on the
constant expression evaluator to get the proper semantics, at least for
now. (In the future, we could get ambitious and try to provide path-
sensitive size values.)

In theory, this does pose a problem for liveness analysis: a variable can
be used within the __builtin_object_size argument expression but not show
up as live. However, it is very unlikely that such a value would be used
to compute the object size and not used to access the object in some way.

<rdar://problem/14760817>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188679 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
2104374e29e2cca55c3c0bce41fa77d92527a695 17-Aug-2013 Ted Kremenek <kremenek@apple.com> Use the number of parameters in the actual method or function to determine the CallEffects size.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188587 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
a1da6b24327b2c311f3e4689d45427c11fc73398 16-Aug-2013 Benjamin Kramer <benny.kra@googlemail.com> RetainCountChecker: Replace some loops with std:: algorithms.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188581 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
8fd67b6bcbfc659106170155ba2ff559b45fbabb 16-Aug-2013 Ted Kremenek <kremenek@apple.com> Revert r188574. Turns out it isn't needed.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188578 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
747797f0b494ab4c708c22f787c5e3c56895bc3d 16-Aug-2013 Fariborz Jahanian <fjahanian@apple.com> Need summary info. about arguments to
CF functions coming from static analyzer API.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188574 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
68502e52938f84b97267b51e86d4a90a11552512 15-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] If realloc fails on an escaped region, that region doesn't leak.

When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.

Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.

PR16730

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188468 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
53c7ea1517fc9080b30b054c578cb407de12d5b5 15-Aug-2013 Ted Kremenek <kremenek@apple.com> [static analyzer] add a simple "CallEffects" API to query the retain count semantics of a method.

This is intended to be a simplified API, whose internals are
deliberately less efficient for the purpose of a simplified interface,
for use with clients that want to query the analyzer's heuristics for
determining retain count semantics.

There are no immediate clients, but it is intended to be used
by the ObjC modernizer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188433 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
5774e390199a572d10b22c78a80ed2cdde94304d 15-Aug-2013 Ted Kremenek <kremenek@apple.com> [static analyzer] Factor out ArgEffect and RetEffect into public header file.

This is a WIP change to allow other clients to query the retain count
heuristics of the static analyzer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188432 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
a79a20e054312bc6673d4ddb8254d8d2681bed9c 09-Aug-2013 Benjamin Kramer <benny.kra@googlemail.com> DirectIvarAssignment: Replace vtable'd objects with simple functions.

Avoids unnecessary static constructors.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188083 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
fa220f58f02014e4a3389f429b82948a09dc4986 09-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Warn when using 'delete' on an uninitialized variable.

Patch by Karthik Bhat, modified slightly by me.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188043 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
4ac73c7514f9e836b4d9781738f333c5cb91cb63 08-Aug-2013 Stephen Hines <srhines@google.com> Merge commit '51e75aecf4fb303b91c9e54fd88e3509e5acc7a6' into merge-20130807

Conflicts:
lib/Basic/Targets.cpp
lib/Sema/SemaDeclAttr.cpp

Change-Id: If457223ecbee9e43c73d15333bf10d36590d05c4
a7b879723d3989d85b9492fd8218e7d745367fe3 07-Aug-2013 Jordan Rose <jordan_rose@apple.com> Eliminate CXXConstructorDecl::IsImplicitlyDefined.

This field is just IsDefaulted && !IsDeleted; in all places it's used,
a simple check for isDefaulted() is superior anyway, and we were forgetting
to set it in a few cases.

Also eliminate CXXDestructorDecl::IsImplicitlyDefined, for the same reasons.

No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187891 91177308-0d34-0410-b5e6-96231b3b80d8
ndefinedArraySubscriptChecker.cpp
d8188f8ad5d584b5f6e1f58e5a4882586cc630d4 02-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't process autorelease counts in synthesized function bodies.

We process autorelease counts when we exit functions, but if there's an
issue in a synthesized body the report will get dropped. Just skip the
processing for now and let it get handled when the caller gets around to
processing autoreleases.

(This is still suboptimal: objects autoreleased in the caller context
should never be warned about when exiting a callee context, synthesized
or not.)

Second half of <rdar://problem/14611722>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@187625 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
a5e660188a3c654cf0c88ed1093b28207e870b2b 20-Jul-2013 Eli Friedman <eli.friedman@gmail.com> Make IgnoreParens() look through ChooseExprs.

This is the same way GenericSelectionExpr works, and it's generally a
more consistent approach.

A large part of this patch is devoted to caching the value of the condition
of a ChooseExpr; it's needed to avoid threading an ASTContext into
IgnoreParens().

Fixes <rdar://problem/14438917>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186738 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
ac7cc2d37e82181e73fcc265c1d0a619d18b7605 19-Jul-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Include analysis stack in crash traces.

Sample output:

0. Program arguments: ...
1. <eof> parser at end of file
2. While analyzing stack:
#0 void inlined()
#1 void test()
3. crash-trace.c:6:3: Error evaluating statement

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186639 91177308-0d34-0410-b5e6-96231b3b80d8
xprInspectionChecker.cpp
3aa29df37b140f9c6786b6863a0cac195071b598 15-Jul-2013 Craig Topper <craig.topper@gmail.com> Add 'static' and 'const' qualifiers to some arrays of strings.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186314 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
7c0a8b560ae78b28d72bff8614b94ac05cb2b469 12-Jul-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Add support for __builtin_addressof.

...so we don't regress on std::addressof.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186140 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
09d19efaa147762f84aed55efa7930bb3616a4e5 04-Jul-2013 Craig Topper <craig.topper@gmail.com> Use SmallVectorImpl instead of SmallVector for iterators and references to avoid specifying the vector size unnecessarily.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185610 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
impleStreamChecker.cpp
2a02f4d535ddae30898f013649d8c1902082921c 03-Jul-2013 Pavel Labath <labath@google.com> [analyzer] Improve handling of noreturn destructors

Summary:
The analyzer incorrectly handled noreturn destructors which were hidden inside
function calls. This happened because NoReturnFunctionChecker only listened for
PostStmt events, which are not executed for destructor calls. I've changed it to
listen to PostCall events, which should catch both cases.

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1056

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185522 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
fa8277c52afa18430407f4a0a6d9878b1cce146a 24-Jun-2013 Eli Friedman <eli.friedman@gmail.com> Use getAs<> where appropriate on QualTypes instead of using dyn_cast.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184775 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
9f7ba9bd52823eb0fdb64767f2d09fb6b96b8179 24-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Add a debug checker that prints Exploded Graph
Add a debug checker that is useful to understand how the ExplodedGraph is
built; it can be triggered using the following command:

clang -cc1 -analyze -analyzer-checker=debug.ViewExplodedGraph my_program.c

A patch by Béatrice Creusillet!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184768 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
dbcc7561f6964404c590f42454a249af5324fa44 24-Jun-2013 Reid Kleckner <reid@kleckner.net> Check the canonical parameter type with getAs<>() in a static checker

This will prevent breakage when I introduce the DecayedType sugar node.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184755 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
2ffcd18b845d4f855074ff7011c46e20616e08fd 22-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Use output form collections’ count to decide if ObjC for loop should be entered

This fixes false positives by allowing us to know that a loop is always entered if
the collection count method returns a positive value and vice versa.

Addresses radar://14169391.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184618 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
37926da411d5a0047240b3ffd4dad0c4838aac57 19-Jun-2013 Pavel Labath <labath@google.com> Fix a crash in the static analyzer (bug #16307)

Summary:
When processing a call to a function, which got passed less arguments than it
expects, the analyzer would crash.

I've also added a test for that and a analyzer warning which detects these
cases.

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D994

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184288 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
52810c51afaa10b30319d236d353d70534cf9356 19-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Do not report uninitialized value warnings inside swap functions.

This silences warnings that could occur when one is swapping partially initialized structs. We suppress
not only the assignments of uninitialized members, but any values inside swap because swap could
potentially be used as a subroutine to swap class members.

This silences a warning from std::try::function::swap() on partially initialized objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184256 91177308-0d34-0410-b5e6-96231b3b80d8
ndefResultChecker.cpp
ndefinedAssignmentChecker.cpp
cff15128c6c089bd6fae841b80680e6f5afbf0bf 17-Jun-2013 Reid Kleckner <reid@kleckner.net> [AST] Don't include RecursiveASTVisitor.h in ASTContext.h

The untemplated implementation of getParents() doesn't need to be in a
header file.

RecursiveASTVisitor.h is full of repeated macro expansion. Moving this
include to ASTContext.cpp speeds up compilation of
LambdaMangleContext.cpp, a small C++ file with few includes, from 3.7s
to 2.8s for me locally. I haven't measured a full build, but it can't
hurt.

I had to fix a few static analyzer files that were depending on
transitive includes of C++ AST headers.

Reviewers: rsmith, klimek

Differential Revision: http://llvm-reviews.chandlerc.com/D982

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184075 91177308-0d34-0410-b5e6-96231b3b80d8
ndefinedArraySubscriptChecker.cpp
2049840b0ffe8ee4bf39051cfa8ca08440c8f667 12-Jun-2013 Stephen Hines <srhines@google.com> Merge commit '1342a4ef62dd7b839c6f09348b246a4f00282f29' into merge_20130612
3b8f77d09d0fe9af717bd89b7407d81d18557d71 12-Jun-2013 Pavel Labath <labath@google.com> Fix memory corruption in CStringChecker

Summary:
"register" functions for the checker were caching the checker objects in a
static variable. This caused problems when the function is called with a
different CheckerManager.

Reviewers: klimek

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D955

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183823 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
3370859a809e5fa6c27659095c7349ce1c321233 08-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Minor fixups to r183062

Based on feedback from Jordan.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183600 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
e7a5c829540a452f30cd5a1c0609dddcb1af33ce 01-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.

Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape.
For example, NSData initWithBytes id not going to free the memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183062 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
ee1af2398086464cfa2b7306ac4d8359d61872ee 01-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive reported on rare strange code, which happens to be in JSONKit

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183055 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
872db39510372c4acd8851a3b956e1a135cfcd41 25-May-2013 Duncan Sands <baldrick@free.fr> Fix comment type pointed out by Kim Gräsman.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182702 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
809b981cef3ab653370a812917de7e8a762e74cd 24-May-2013 Duncan Sands <baldrick@free.fr> Fix comment typo pointed out by maslen on IRC.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182642 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
d049b40ef411eee12a735233dbe04fdc42c67e1a 16-May-2013 Jordan Rose <jordan_rose@apple.com> Remove unused, awkward CFGStmtVisitor and subclasses.

This class is a StmtVisitor that distinguishes between block-level and
non-block-level statements in a CFG. However, it does so using a hard-coded
idea of which statements might be block-level, which probably isn't accurate
anymore. The only implementer of the CFGStmtVisitor hierarchy was the
analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG
anyway (every non-trivial statement is a block-level statement).

This also allows us to remove the block-expr map ("BlkExprMap"), which
mapped statements to positions in the CFG. Apart from having a helper type
that really should have just been Optional<unsigned>, it was only being
used to ask /if/ a particular expression was block-level, for traversal
purposes in CFGStmtVisitor.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181945 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
ef202c35b37c137e32fe30f4453915b6d3b525d7 14-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Refactor: address Jordan’s code review of r181738.

(Modifying the checker to record that the values are no longer nil will be done separately.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181744 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
b834a78f9b79cb71b093ebbbb381b92f9d4bbf3b 13-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Warn about nil elements/keys/values in array and dictionary literals.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181738 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
f2d8fbed93541b74c3a84bf788f151df2d543b27 10-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Assume [NSNull null] does not return nil.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181616 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
374ae320b87c15b0262c40e5c46e8990111df5ca 10-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Indirect invalidation counts as an escape for leak checkers.

Consider this example:

char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);

In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.

The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.

In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.

This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:

char **p = malloc(sizeof(char *));
systemFunction(p + 1);
// leak

Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.

Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.

<rdar://problem/13758386>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181607 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
impleStreamChecker.cpp
83eba02c2ea333015335e2f74c4d11c5315b655d 03-May-2013 Stephen Hines <srhines@google.com> Merge remote-tracking branch 'upstream/master' into merge-20130502
8a729b4b20796bc0ca25e8d86d57c0cd0c5e40d4 02-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: don't track through xpc_connection_set_context.

It is unfortunate that we have to mark these exceptions in multiple places.
This was already in CallEvent. I suppose it does let us be more precise
about saying /which/ arguments have their retain counts invalidated -- the
connection's is still valid even though the context object's isn't -- but
we're not tracking the retain count of XPC objects anyway.

<rdar://problem/13783514>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180904 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
5d2e4e1f9ed87ea26295e891acf7e5a3b106f194 26-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] An ObjC for-in loop runs 0 times if the collection is nil.

In an Objective-C for-in loop "for (id element in collection) {}", the loop
will run 0 times if the collection is nil. This is because the for-in loop
is implemented using a protocol method that returns 0 when there are no
elements to iterate, and messages to nil will result in a 0 return value.

At some point we may want to actually model this message send, but for now
we may as well get the nil case correct, and avoid the false positives that
would come with this case.

<rdar://problem/13744632>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180639 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
9ed6d8068f767819951bc4eebf6f4912087c442a 25-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Teach DeadStoreChecker to look though BO_Comma and disregard the LHS.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180579 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
3d8f462d58a4be21f9f5d287253b9b2565506ca5 25-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a crash in RetainCountChecker - we should not rely on CallEnter::getCallExpr to return non-NULL

We get a CallEnter with a null expression, when processing a destructor. All other users of
CallEnter::getCallExpr work fine with null as return value.

(Addresses PR15832, Thanks to Jordan for reducing the test case!)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180234 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
caadc413a88e864e058a3bea832f42debd8ddef2 24-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] IvarInvalidation: correctly handle cases where only partial invalidators exist

- If only partial invalidators exist and there are no full invalidators in @implementation, report every ivar that has
not been invalidated. (Previously, we reported the first Ivar in the list, which could actually have been invalidated
by a partial invalidator. The code assumed you cannot have only partial invalidators.)

- Do not report missing invalidation method declaration if a partial invalidation method declaration exists.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180170 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
e3a813abc1874bbd842bcfbdd0fd676fb5cfdde8 24-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Set the allocation site to be the uniqueing location for retain count checker leaks.

The uniqueing location is the location which is part of the hash used to determine if two reports are
the same. This is used by the CmpRuns.py script to compare two analyzer runs and determine which
warnings are new.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180166 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
2545b1d99942080bac4a74cda92c620123d0d6e9 23-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: Clean up path notes for autorelease.

No functionality change.

<rdar://problem/13710586>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180075 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
af22621352481e91488a54ea0e0b5e73f6551ab7 23-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Model strsep(), particularly that it returns its input.

This handles the false positive leak warning in PR15374, and also serves
as a basic model for the strsep() function.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180069 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
fbc4444eb2675934b44f3720ef9a5f368ecbeb0a 22-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Type information from C++ new expressions is perfect.

This improves our handling of dynamic_cast and devirtualization for
objects allocated by 'new'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180051 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
898be7b4a7b0a527d9bd2569eebc41a198e6e528 17-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't warn for returning void expressions in void blocks.

This was slightly tricky because BlockDecls don't currently store an
inferred return type. However, we can rely on the fact that blocks with
inferred return types will have return statements that match the inferred
type.

<rdar://problem/13665798>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179699 91177308-0d34-0410-b5e6-96231b3b80d8
eturnUndefChecker.cpp
08a838d16825159f7d0ae20d171aa5b3ebab3939 16-Apr-2013 Ted Kremenek <kremenek@apple.com> [analyzer] Add experimental option "leak-diagnostics-reference-allocation".

This is an opt-in tweak for leak diagnostics to reference the allocation
site if the diagnostic consumer only wants a pithy amount of information,
and not the entire path.

This is a strawman enhancement that I expect to see some experimentation
with over the next week, and can go away if we don't want it.

Currently it is only used by RetainCountChecker, but could be used
by MallocChecker if and when we decide this should stay in.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179634 91177308-0d34-0410-b5e6-96231b3b80d8
llocationDiagnostics.cpp
llocationDiagnostics.h
MakeLists.txt
etainCountChecker.cpp
ec4fbc6144c1edcd82ec71a16ee3d0dfb94dfeae 16-Apr-2013 Ted Kremenek <kremenek@apple.com> Properly sort list.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179627 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
148d9223f02dba1ba6e40848d413daa3ffc09dfe 16-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Improve the malloc checker stack hint message

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179580 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
9df151c5bc2a746096632bbd21dc61e18675ed55 13-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179428 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
b1b683ea5f1ff161b6bbdf2e2519317618ee2811 12-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Makes NewDeleteLeaks checker work independently from NewDelete.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179410 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
9e2f5977a180ae927d05e844c65b8a7873be48a4 12-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer]Print field region even when the base region is not printable

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
6026df1e5d518a958aef342d55a9e5d0fbdb85ca 12-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Fix grammar in comment.

By Adam Schnitzer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179352 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
9ae7a92009c468d01d233e6a9f37ab04946864f9 11-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Refactoring: better doxygen comment; renaming isTrackedFamily to isTrackedByCurrentChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179242 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
8cf91f7efb4dcb238fe443915d9a30119ce5b70c 11-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan’s review of r179219

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179235 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
etainCountChecker.cpp
ee9043ba7c6934d248d4f0e2abded18e26b81df8 11-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan’s code review of r 179221

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179234 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
55e57a50a36749ce0483db2f16259649c9d25792 11-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Switched to checkPreCall interface for detecting usage after free.

Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179230 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
fececcbc3890955fd46f92036e9cb6ee7d0a60f4 11-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a crash in SyntaxCString checker when given a custom strncat.

Fixes PR13476

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179228 91177308-0d34-0410-b5e6-96231b3b80d8
StringSyntaxChecker.cpp
7a87e520e42c1e58c358e3a9a436ef17f551fd13 10-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] When reporting a leak in RetainCount checker due to an early exit from init, step into init.

The heuristic here (proposed by Jordan) is that, usually, if a leak is due to an early exit from init, the allocation site will be
a call to alloc. Note that in other cases init resets self to [super init], which becomes the allocation site of the object.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179221 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
27d99dd714895564b526b786284a46b40f53be01 10-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Cleanup leak warnings: do not print the names of variables from other functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179219 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
etainCountChecker.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382 09-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace isIntegerType() with isIntegerOrEnumerationType().

Previously, the analyzer used isIntegerType() everywhere, which uses the C
definition of "integer". The C++ predicate with the same behavior is
isIntegerOrUnscopedEnumerationType().

However, the analyzer is /really/ using this to ask if it's some sort of
"integrally representable" type, i.e. it should include C++11 scoped
enumerations as well. hasIntegerRepresentation() sounds like the right
predicate, but that includes vectors, which the analyzer represents by its
elements.

This commit audits all uses of isIntegerType() and replaces them with the
general isIntegerOrEnumerationType(), except in some specific cases where
it makes sense to exclude scoped enumerations, or any enumerations. These
cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>()
plus BuiltinType::isInteger().

isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and
include/clang/StaticAnalysis. :-)

Fixes real assertion failures. PR15703 / <rdar://problem/12350701>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
heckSecuritySyntaxOnly.cpp
allocSizeofChecker.cpp
0413023bed8ec91d3642cd6ff114957badf51f31 09-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator

Test that the path notes do not change. I don’t think we should print a note on escape.

Also, I’ve removed a check that assumed that the family stored in the RefStete could be
AF_None and added an assert in the constructor.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179075 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
f34cb3d3df1612e14a19d259afa3424337cd315e 08-Apr-2013 Ted Kremenek <kremenek@apple.com> Tweak warning text for nil value in ObjC container warning.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179034 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
68eb4c25e961d18f82b47a0a385f90d7af09bcc3 06-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Shorten the malloc checker’s leak message

As per Ted’s suggestion!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178938 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
24cac5a4847b9e4673afb9fd02701f273097f57a 06-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Reword error messages for nil keys and values of NSMutableDictionary.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178935 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
a3989b8f54421cd90a48ace8820c7147cea6bb3d 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Eliminates all the cases with unknown family.

Now treat AF_None family as impossible in isTrackedFamily()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178899 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
e449edc5bdace60f9d754c32abc5459bc7d94a14 05-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Re-enable cplusplus.NewDelete (but not NewDeleteLeaks).

As mentioned in the previous commit message, the use-after-free and
double-free warnings for 'delete' are worth enabling even while the
leak warnings still have false positives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178891 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
e85deb356f5d2d2172b7ef70314bc9cfc742a936 05-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Split new/delete checker into use-after-free and leaks parts.

This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the
difficult false positives we've seen with the new/delete checker have been
spurious leak warnings; the use-after-free warnings and mismatched
deallocator warnings, while rare, have always been valid.

<rdar://problem/6194569>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178890 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
allocChecker.cpp
a3ae937ab7b7026953b6e93e0159cf1dd918e2a1 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Path notes for the MismatchedDeallocator checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178862 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
418780f132a6d790b248ef91e1067c3c3dd31350 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Check allocation family more precise.

The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function.
Now the allocation family is derived from Sym, that holds a family of a real allocator.

This commit is also a movement towards getting rid of tracking memory allocating by unknown means.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178834 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
c84543123a12045f8a1415c1f05b647b70190f34 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Corrected the switch statement.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178831 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
9c6bbb3492cc34df1eed1e151c94935846edc17f 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Fully-covered switch for families in isTrackedFamily()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178820 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
648cb71625a2ab3164b2cacac9e9cb3d22b03bd7 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp

This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new.
Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).

Additional changes:
improved test coverage for checker correlations;
refactoring: BadDealloc -> MismatchedDealloc

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178814 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
44405b7aacdb869be129430313a7bcb050336aa4 05-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: refactor annotation handling.

...and add a new test case.

I thought this was broken, but it isn't; refactoring and reformatting anyway
so that I don't make the same mistake again. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178799 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
88530f880e7f3b1874f6bb98d7cfe84348ed0227 03-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Rename “Mac OS X API”, “Mac OS API” -> “API Misuse (Apple)”

As they are relevant on both Mac and iOS.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178687 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
841f16846e17f625874ecfe9c6dba822d29a2b95 03-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Warn when nil receiver results in forming null reference

This also allows us to ensure IDC/return null suppression gets triggered in such cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178686 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
ecee1651c100342366a9417c85c6e50399039930 03-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Better model for copying of array fields in implicit copy ctors.

- Find the correct region to represent the first array element when
constructing a CXXConstructorCall.
- If the array is trivial, model the copy with a primitive load/store.
- Don't warn about the "uninitialized" subscript in the AST -- we don't use
the helper variable that Sema provides.

<rdar://problem/13091608>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178602 91177308-0d34-0410-b5e6-96231b3b80d8
ndefinedArraySubscriptChecker.cpp
3d11708c491a96198ebfee49079ae458ed90eaf8 02-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Moving cplusplus.NewDelete to alpha.* for now.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178529 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
123243cfd80f790a27edd1b829cd190a85f6c006 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Document existence of ConstPointerEscape.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178311 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
41988f331a74a72cf243a2a68ffb56418e9a174e 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.

This should suppress several false positives reported by the NewDelete checker on llvm codebase.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
aabb4c5eacca6d78ef778f33ec5cd4c755d71a39 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Apply the suppression rules to the nil receiver only if the value participates in the computation of the nil we warn about.

We should only suppress a bug report if the IDCed or null returned nil value is directly related to the value we are warning about. This was
not the case for nil receivers - we would suppress a bug report that had an IDCed nil receiver on the path regardless of how it’s
related to the warning.

1) Thread EnableNullFPSuppression parameter through the visitors to differentiate between tracking the value which
is directly responsible for the bug and other values that visitors are tracking (ex: general tracking of nil receivers).
2) in trackNullOrUndef specifically address the case when a value of the message send is nil due to the receiver being nil.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178309 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
ndefCapturedBlockVarChecker.cpp
65a0892ff5f2c2a70d48b8b649c80967eab67c5e 28-Mar-2013 Ted Kremenek <kremenek@apple.com> Use early return in printing logic. Minor cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178264 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
03852c8717b45ece934f7740a100de526a734641 28-Mar-2013 Eric Christopher <echristo@gmail.com> Fix order of initialization warning.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178255 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
849c7bf718ed3c08bd66b93f0bd508a44bb2f669 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] These implements unix.MismatchedDeallocatorChecker checker.
+ Improved display names for allocators and deallocators

The checker checks if a deallocation function matches allocation one. ('free' for 'malloc', 'delete' for 'new' etc.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178250 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
allocChecker.cpp
697462881c4b9b704c7859f4bab0a6116c684bb1 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] For now assume all standard global 'operator new' functions allocate memory in heap.
+ Improved test coverage for cplusplus.NewDelete checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178244 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
4a49df3be929d442535d6721ab8a2bbc8a7cd528 27-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Ensure that the node NilReceiverBRVisitor is looking for is not reclaimed

The visitor should look for the PreStmt node as the receiver is nil in the PreStmt and this is the node. Also, tag the nil
receiver nodes with a special tag for consistency.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178152 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
1533833e21ae5b3f5f39b168b3fbac109ee77008 27-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Make sure IDC works for ‘NSContainer value/key is nil’ checks.

Register the nil tracking visitors with the region and refactor trackNullOrUndefValue a bit.

Also adds the cast and paren stripping before checking if the value is an OpaqueValueExpr
or ExprWithCleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178093 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
2de19edab6001d2c17720d02fe0760b9b452192a 25-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177849 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
allocChecker.cpp
b095782ec09329b474a4e0d0ccdad4c15d515b39 23-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Warn when a nil key or value are passed to NSMutableDictionary and ensure it works with subscripting.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177789 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
f3e426b22a36fc31c00ebf7c0de3aa445758b7e6 21-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Print return values from debug.DumpCalls checker.

Debug utility only, no functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177649 91177308-0d34-0410-b5e6-96231b3b80d8
raversalChecker.cpp
af42246bdafd7145ef0f0daaddda7e8c41baf265 19-Mar-2013 Stephen Hines <srhines@google.com> Update Clang for merge to r177345.

Change-Id: I375c37904c0ca05b7bad8fc0fec0e21cc497cafc
ndroid.mk
15d68882f5fa4afae8333e75b2bfd5e2834c8aaf 19-Mar-2013 Stephen Hines <srhines@google.com> Merge branch 'upstream' into merge_2013_03_18

Conflicts:
lib/Sema/SemaDeclAttr.cpp

Change-Id: I05e70941163ec5a461eba43ef78f6738cd5a1e69
4b94f4daa13118441b4cf53b7e57cae1b48dc427 18-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Warn when a ‘nil’ object is added to NSArray or NSMutableArray.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177318 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
0621c45dcd4c5f43df0de5a2febae525d3287b74 16-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Address a TODO in the StreamChecker; otherwise the output is non-deterministic.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177207 91177308-0d34-0410-b5e6-96231b3b80d8
treamChecker.cpp
3258d4b3fb5922027747217e5e6f81a11878600d 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] fixed the logic changed by r176949

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176956 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
bb3699543e60594af7b5cbdb3b2e9acb816b3687 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> Refactoring:
+ Individual Report* method for each bug type
+ Comment improved: missing non-trivial alloca() case annotated
+ 'range' parameter of ReportBadFree() capitalized
+ 'SymbolRef Sym = State->getSVal(A, C.getLocationContext()).getAsSymbol();' shorten to 'SymbolRef Sym = C.getSVal(A).getAsSymbol();'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176949 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
80412c4e28c8247ad9c8d30d04c94938f01b21fb 09-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Rename AttrNonNullChecker -> NonNullParamChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176755 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
MakeLists.txt
heckers.td
onNullParamChecker.cpp
9fe09f30f76cb65ca2a5fcd8e649f5b2f0cf02bd 09-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Be more consistent about Objective-C methods that free memory.

Previously, MallocChecker's pointer escape check and its post-call state
update for Objective-C method calls had a fair amount duplicated logic
and not-entirely-consistent checks. This commit restructures all this to
be more consistent and possibly allow us to be more aggressive in warning
about double-frees.

New policy (applies to system header methods only):
(1) If this is a method we know about, model it as taking/holding ownership
of the passed-in buffer.
(1a) ...unless there's a "freeWhenDone:" parameter with a zero (NO) value.
(2) If there's a "freeWhenDone:" parameter (but it's not a method we know
about), treat the buffer as escaping if the value is non-zero (YES) and
non-escaping if it's zero (NO).
(3) If the first selector piece ends with "NoCopy" (but it's not a method we
know about and there's no "freeWhenDone:" parameter), treat the buffer
as escaping.

The reason that (2) and (3) don't explicitly model the ownership transfer is
because we can't be sure that they will actually free the memory using free(),
and we wouldn't want to emit a spurious "mismatched allocator" warning
(coming in Anton's upcoming patch). In the future, we may have an idea of a
"generic deallocation", i.e. we assume that the deallocator is correct but
still continue tracking the region so that we can warn about double-frees.

Patch by Anton Yartsev, with modifications from me.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176744 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
018e9aa033ff7363797c62fc3b14669d0558284b 07-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Warn on passing a reference to null pointer as an argument in a call

Warn about null pointer dereference earlier when a reference to a null pointer is
passed in a call. The idea is that even though the standard might allow this, reporting
the issue earlier is better for diagnostics (the error is reported closer to the place where
the pointer was set to NULL). This also simplifies analyzer’s diagnostic logic, which has
to track “where the null came from”. As a consequence, some of our null pointer
warning suppression mechanisms started triggering more often.

TODO: Change the name of the file and class to reflect the new check.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176612 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
c236b7327f989c1e7fe6b08a188bfef86727513d 07-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Check for returning null references in ReturnUndefChecker.

Officially in the C++ standard, a null reference cannot exist. However,
it's still very easy to create one:

int &getNullRef() {
int *p = 0;
return *p;
}

We already check that binds to reference regions don't create null references.
This patch checks that we don't create null references by returning, either.

<rdar://problem/13364378>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176601 91177308-0d34-0410-b5e6-96231b3b80d8
eturnUndefChecker.cpp
42773d64f98db0dd5cc80181c3b2d561851668f7 06-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Pass the correct Expr to the bug reporter visitors when dealing with CompoundLiteralExpr

This allows us to trigger the IDC visitor in the added test case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176577 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
bd3aca04d304b9f31240b94af0aad818f6f932ab 06-Mar-2013 Stephen Hines <srhines@google.com> Update build rules for Clang merge to version 176138.

Change-Id: Ib028329a591e6175998d969f11b5404bf3f19e81
ndroid.mk
450b86c0c9ff8307f5145ced621914600196c500 06-Mar-2013 Stephen Hines <srhines@google.com> Merge commit 'b58f810669d9c17bcc025b7560de01d162856f34' into merge_20130226

Conflicts:
include/clang/Basic/LangOptions.def
lib/Sema/SemaDeclAttr.cpp

Change-Id: Ia10b4d3b2c949a72d328cb58b113f90237d4a5d5
5aff3f1e9a66fa72576a6b04c8c319c17e0360c6 05-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't let cf_audited_transfer override CFRetain semantics.

We weren't treating a cf_audited_transfer CFRetain as returning +1 because
its name doesn't contain "Create" or "Copy". Oops! Fortunately, the
standard definitions of these functions are not marked audited.

<rdar://problem/13339601>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176463 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
a0e6e6dd37f4acee8477c106d5e5679de015d120 26-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] StackAddrEscapeChecker: strip qualifiers from temporary types.

With the new support for trivial copy constructors, we are not always
consistent about whether a CXXTempObjectRegion gets reused or created
from scratch, which affects whether qualifiers are preserved. However,
we probably don't care anyway.

This also switches to using the current PrintingPolicy for the type,
which means C++ types don't get a spurious 'struct' prefix anymore.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176068 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
db061e40d639da0d938f915f0eef9e9772019c22 25-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Restrict ObjC type inference to methods that have related result type.

This addresses a case when we inline a wrong method due to incorrect
dynamic type inference. Specifically, when user code contains a method from init
family, which creates an instance of another class.

Use hasRelatedResultType() to find out if our inference rules should be triggered.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176054 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
43b82b823a6113fdbee54243b280db9c55ef72cb 24-Feb-2013 Ted Kremenek <kremenek@apple.com> [analyzer] tracking stores/constraints now works for ObjC ivars or struct fields.

This required more changes than I originally expected:

- ObjCIvarRegion implements "canPrintPretty" et al
- DereferenceChecker indicates the null pointer source is an ivar
- bugreporter::trackNullOrUndefValue() uses an alternate algorithm
to compute the location region to track by scouring the ExplodedGraph.
This allows us to get the actual MemRegion for variables, ivars,
fields, etc. We only hand construct a VarRegion for C++ references.
- ExplodedGraph no longer drops nodes for expressions that are marked
'lvalue'. This is to facilitate the logic in the previous bullet.
This may lead to a slight increase in size in the ExplodedGraph,
which I have not measured, but it is likely not to be a big deal.

I have validated each of the changed plist output.

Fixes <rdar://problem/12114812>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175988 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
0dd15d78fb0c99faa5df724139ba4c16a9a345c6 24-Feb-2013 Ted Kremenek <kremenek@apple.com> Add "KnownSVal" to represent SVals that cannot be UnknownSVal.

This provides a few sundry cleanups, and allows us to provide
a compile-time check for a case that was a runtime assertion.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175987 91177308-0d34-0410-b5e6-96231b3b80d8
ndefCapturedBlockVarChecker.cpp
b07805485c603be3d8011f72611465324c9e664b 23-Feb-2013 David Blaikie <dblaikie@gmail.com> Remove the CFGElement "Invalid" state.

Use Optional<CFG*> where invalid states were needed previously. In the one case
where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy
CFGAutomaticObjDtor.

Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek
and Doug Gregor.

Post commit code review feedback on r175796 by Ted Kremenek.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175938 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
allocOverflowSecurityChecker.cpp
nreachableCodeChecker.cpp
e13001441f95fd907228459a4d9310c113ac0a5b 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Add back implicitly dropped const.

(found due to incoming improvements to llvm::cast machinery that will error on
this sort of mistake)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175817 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
7a95de68c093991047ed8d339479ccad51b88663 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace ProgramPoint llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
rrayBoundChecker.cpp
StringChecker.cpp
dempotentOperationChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
ndefBranchChecker.cpp
nreachableCodeChecker.cpp
fdf6a279c9a75c778eba382d9a156697092982a1 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace CFGElement llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175796 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
allocOverflowSecurityChecker.cpp
nreachableCodeChecker.cpp
0adb17502365b56dca99bfa971c59514ece54877 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Avoid implicit conversions of Optional<T> to bool.

This is a precursor to making Optional<T>'s operator bool 'explicit' when
building Clang & LLVM as C++11.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175722 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
66874fb18afbffb8b2ca05576851a64534be3352 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Use None rather than Optional<T>() where possible.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175705 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Include llvm::Optional in clang/Basic/LLVM.h

Post-commit CR feedback from Jordan Rose regarding r175594.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
oolAssignmentChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ivZeroChecker.cpp
enericTaintChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
9e85b29dd17fd3878134216f9abaf5ec4774b2a5 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Remove redundant Optional type in favor of llvm::Optional

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175678 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace SVal llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
oolAssignmentChecker.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
xprInspectionChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCContainersChecker.cpp
bjCSelfInitChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
724cfee8b506ffef6f55e556a3329a7403ef7198 18-Feb-2013 Ted Kremenek <kremenek@apple.com> Disable dead stores checker for template instantations. Fixes <rdar://problem/13213575>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175425 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
cfaed8d399a34e79fbab9f70eb4ea1bbeb81a02b 14-Feb-2013 Fariborz Jahanian <fjahanian@apple.com> objective-C: synthesize properties in order of their
declarations to synthesize their ivars in similar
determinstic order so they are laid out in
a determinstic order. // rdar://13192366


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175214 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
223f0ff6a9a5d0eaf63b98b3aa92888b4c088868 09-Feb-2013 Jordan Rose <jordan_rose@apple.com> Remove some stray uses of <ctype.h> functions.

These are causing assertions on some MSVC builds.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174805 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
d523df6a143a97eea46916c6e31c8f2a0728bf28 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Invalidation checker: move the "missing implementation" check

The missing definition check should be in the same category as the
missing ivar validation - in this case, the intent is to invalidate in
the given class, as described in the declaration, but the implementation
does not perform the invalidation. Whereas the MissingInvalidationMethod
checker checks the cases where the method intention is not to
invalidate. The second checker has potential to have a much higher false
positive rate.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174787 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
adecec39481f925701e63d7fe3b8bf02dd7ddf01 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Move DefaultBool so that all checkers can share it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174782 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
varInvalidationChecker.cpp
722cd9e3c0142948b9eb3190211dbc0dd4da4105 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Split IvarInvalidation into two checkers

Separate the checking for the missing invalidation methods into a
separate checker so that it can be turned on/off independently.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174781 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
varInvalidationChecker.cpp
2b174c37ae174063d70494e9b4fd91f4eff26463 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] IvarInvalidation: refactor, pull out the diagnostic printing

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174780 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
26db7dbf67b1532b2d617b3a85428699a1ffc997 09-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] IvarInvalidation: add annotation for partial invalidation

The new annotation allows having methods that only partially invalidate
IVars and might not be called from the invalidation methods directly
(instead, are guaranteed to be called before the invalidation occurs).
The checker is going to trust the programmer to call the partial
invalidation method before the invalidator.This is common in cases when
partial object tear down happens before the death of the object.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174779 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
118aa750c5cfe975542dce8e41586b2054d1f5dd 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Report bugs when freeing memory with offset pointer

The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point to the
start of the allocated memory. For example:

int *p1 = malloc(sizeof(int));
p1++;
free(p1); // warn

From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry
in the list of potential checkers.

A patch by Branden Archer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174678 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
233e26acc0ff2a1098f4c813f69286fce840a422 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
allocChecker.cpp
impleStreamChecker.cpp
0217b1d045ea99fe792e83ed1a785816289dd53c 31-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer]RetainCount: Fix an autorelease related false positive.

The Cnt variable is adjusted (incremented) for simplification of
checking logic. The increment should not be stored in the state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174104 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
e36d81b1eeab13fb1bbd15291d009a1699de6ec1 31-Jan-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't track autorelease pools created by +new.

This matches our behavior for autorelease pools created by +alloc. Some
people like to create autorelease pools in one method and release them
somewhere else.

If you want safe autorelease pool semantics, use the new ARC-compatible
syntax: @autoreleasepool { ... }

<rdar://problem/13121353>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174096 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
44ec3f00e64199667edf9f12c0f31f66916c95fe 26-Jan-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Track null object lvalues back through C++ method calls.

The expression 'a->b.c()' contains a call to the 'c' method of 'a->b'.
We emit an error if 'a' is NULL, but previously didn't actually track
the null value back through the 'a->b' expression, which caused us to
miss important false-positive-suppression cases, including
<rdar://problem/12676053>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173547 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
dede2fd56d053a114a65ba72583981ce7aab27da 26-Jan-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] bugreporter::getDerefExpr now takes a Stmt, not an ExplodedNode.

This allows it to be used in places where the interesting statement
doesn't match up with the current node. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173546 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
b33349e605a7373b067f7b96619e27c57c13932b 23-Jan-2013 Ted Kremenek <kremenek@apple.com> Add missing null check. Not sure why my tests passed before.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173292 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
a5b6469a55fb8796353b073f6c12694b0adc77c2 23-Jan-2013 Ted Kremenek <kremenek@apple.com> Honor attribute 'analyzer_noreturn' on Objective-C methods.

This isn't likely a full solution, but it catches the common cases
and can be refined over time.

Fixes <rdar://problem/11634353>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173291 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
cd376b63c42214c7851ca917e7da9d30f9e84fa4 09-Jan-2013 Stephen Hines <srhines@google.com> Update Clang for merge to r171906.

clang-tblgen-rules.mk - New AttrDump.inc target
lib/AST/Android.mk
lib/Analysis/Android.mk
lib/Basic/Android.mk
lib/Lex/Android.mk
lib/Parse/Android.mk
lib/Sema/Android.mk
lib/StaticAnalyzer/Checkers/Android.mk

Change-Id: If31b4c9123f730ab851f11b00b0688166b14b4b2
ndroid.mk
15bb58edc9d053aa49c28167deb41ff0409ddabc 21-Jan-2013 Stephen Hines <srhines@google.com> Merge commit 'd130fd2e141f1fef412c2d58e7385370801bd718' into merge-llvm

Conflicts:
lib/Basic/Targets.cpp

Change-Id: I90a669a33ffe4de8b32c8459016fd0b2a55da0ad
fa2b53c5780a8a6f38803a26e3c6f9f0a9ba8b4d 18-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] DirectIvarAssignment: allow suppression annotation on Ivars.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172766 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
cd8ab51a44e80625d84126780b0d85a7732e25af 17-Jan-2013 Richard Smith <richard-llvm@metafoo.co.uk> Implement C++11 semantics for [[noreturn]] attribute. This required splitting
it apart from [[gnu::noreturn]] / __attribute__((noreturn)), since their
semantics are not equivalent (for instance, we treat [[gnu::noreturn]] as
affecting the function type, whereas [[noreturn]] does not).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172691 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
d329724745b49f894b768d47275b7c2713106e89 17-Jan-2013 Douglas Gregor <dgregor@apple.com> Rework the traversal of Objective-C categories and extensions to
consider (sub)module visibility.

The bulk of this change replaces myriad hand-rolled loops over the
linked list of Objective-C categories/extensions attached to an
interface declaration with loops using one of the four new category
iterator kinds:

visible_categories_iterator: Iterates over all visible categories
and extensions, hiding any that have their "hidden" bit set. This is
by far the most commonly used iterator.

known_categories_iterator: Iterates over all categories and
extensions, ignoring the "hidden" bit. This tends to be used for
redeclaration-like traversals.

visible_extensions_iterator: Iterates over all visible extensions,
hiding any that have their "hidden" bit set.

known_extensions_iterator: Iterates over all extensions, whether
they are visible to normal name lookup or not.

The effect of this change is that any uses of the visible_ iterators
will respect module-import visibility. See the new tests for examples.

Note that the old accessors for categories and extensions are gone;
there are *Raw() forms for some of them, for those (few) areas of the
compiler that have to manipulate the linked list of categories
directly. This is generally discouraged.

Part two of <rdar://problem/10634711>.




git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172665 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
bjCUnusedIVarsChecker.cpp
d7b1d2467d8bf01be5068dbbad1a6324cee8bf4a 16-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Add an annotation to allow suppression of direct ivar
assignment

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172597 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
79ccd5635495fb4588d0ec47c0bf05764441a14c 16-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix warning typo.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172596 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
64eb070234bc4cd4fd2debf3a91c6e2d8f0d32d8 16-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Refactor: parameter rename.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172595 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
etainCountChecker.cpp
14a372bb7d7681cdfbcebe71b109e773327e4e1c 14-Jan-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] -drain is not an alias for -release.

This was previously added to support -[NSAutoreleasePool drain], which
behaves like -release under non-GC and "please collect" under GC. We're
not currently modeling the autorelease pool stack, though, so we can
just take this out entirely.

Fixes PR14927.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172444 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f 12-Jan-2013 Dmitri Gribenko <gribozavr@gmail.com> Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
oolAssignmentChecker.cpp
eadStoresChecker.cpp
enericTaintChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
SErrorChecker.cpp
impleStreamChecker.cpp
6de7daa60412744bcf168c6c0d521688435fe221 11-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Rename the warning: state the issue before the hint of how it
can be fixed

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172170 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
b8f6678bdd54d4dabac416476993343837dd229c 11-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer]Recognize ivar invalidation protocol even if it was redeclared

This will get rid of some false positives as well as false negatives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172169 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
ae81e172e93b75594c7053f3226a16b9d8daa6fd 11-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Ivar invalidation: track ivars declared in categories.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172168 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
6503255e4fa0689f427b3b798180fceac29c98c2 11-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Allow IvarInvalidation checker to suppress warnings via
assertions.

To ensure that custom assertions/conditional would also be supported,
just check if the ivar that needs to be invalidated or set to nil is
compared against 0.

Unfortunately, this will not work for code containing 'assert(IvarName)'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172147 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
664566c37f81d70226df22c12aa05d1603b620f3 10-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix non-determinizm introduced in r172104.

In some cases, we just pick any ivar that needs invalidation and attach
the warning to it. Picking the first from DenseMap of pointer keys was
triggering non-deterministic output.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172134 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
b1fc673783dd0215a1426b2c411779cd05a16a07 10-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Add more checks to the ObjC Ivar Invalidation checker.

Restructured the checker so that it could easily find two new classes of
issues:
- when a class contains an invalidatable ivar, but no declaration of an
invalidation method
- when a class contains an invalidatable ivar, but no definition of an
invalidation method in the @implementation.

The second case might trigger some false positives, for example, when
the method is defined in a category.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172104 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
97bfb558f69c09b01a5c1510f08dc91eb62329a7 08-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Include the bug uniqueing location in the issue_hash.

The issue here is that if we have 2 leaks reported at the same line for
which we cannot print the corresponding region info, they will get
treated as the same by issue_hash+description. We need to AUGMENT the
issue_hash with the allocation info to differentiate the two issues.

Add the "hash" (offset from the beginning of a function) representing
allocation site to solve the issue.

We might want to generalize solution in the future when we decide to
track more than just the 2 locations from the diagnostics.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171825 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
0b67c75c988f7188743059713a04ca2320c9f15a 07-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive in Secure Keychain API checker.

Better handle the blacklisting of known bad deallocators when symbol
escapes through a call to CFStringCreateWithBytesNoCopy.

Addresses radar://12702952.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171770 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
acOSKeychainAPIChecker.cpp
5879fb3f6d559863c18df7132ee3d5fdb62b6ae5 07-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive in the ivar invalidation checker.

When a property is "inherited" through both a parent class and directly
through a protocol, we should not require the child to invalidate it
since the backing ivar belongs to the parent class.
(Fixes radar://12913734)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171769 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
a620bd8fb8c6f2080898e4aecf77b46e7e1a8f16 04-Jan-2013 Ted Kremenek <kremenek@apple.com> NSErrorChecker: remove quoting the parameter name in the diagnostic until we actually include it's name.

This is a possible regression of moving to using ImplicitNullDerefEvent.
Fixing this for real (including the parameter name) requires more
plumbing in ImplicitNullDerefEvent. This is just a stop gap fix.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171502 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
a4a1759ba11892b510a3b09ad8605aa82602d33e 04-Jan-2013 Ted Kremenek <kremenek@apple.com> Tighten code. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171501 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
c37fad6d8b483b636e96f568202f24cb2b714db4 03-Jan-2013 Ted Kremenek <kremenek@apple.com> Make MallocChecker debug output useful.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171439 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
344c77aac25e5d960aced3f45fbaa09853383f6d 03-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Rename callback EndPath -> EndFunction

This better reflects when callback is called and what the checkers
are relying on. (Both names meant the same pre-IPA.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171432 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
raversalChecker.cpp
a05d2741c40c71b59cf6d2f8bbc5d433a5d0e6de 22-Dec-2012 Ted Kremenek <kremenek@apple.com> Fix typo: objc_no_direct_instance_variable_assignmemt => objc_no_direct_instance_variable_assignment.

Fixes <rdar://problem/12927551>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170971 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
irectIvarAssignment.cpp
4b6bb40b22877472d0b3d2961689f1f0ac23cc71 22-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Convert SimpleStreamChecker to use the PointerEscape callback

The new callback greatly simplifies the checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170969 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
1655bcd052a67a3050fc55df8ecce57342352e68 21-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's nitpicks as per code review of r170625.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckerDocumentation.cpp
etainCountChecker.cpp
bbf4d53343c2bbd082b7c1488f34650a7d07ae3b 20-Dec-2012 Ted Kremenek <kremenek@apple.com> Update RetainCountChecker to understand attribute ns_returns_autoreleased.

Fixes <rdar://problem/12887356>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170724 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
bf53dfac8195835028bd6347433f7dbebcc29fc1 20-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckerDocumentation.cpp
allocChecker.cpp
etainCountChecker.cpp
impleStreamChecker.cpp
8302767d5f577ce1729187abec30404a201804b1 17-Dec-2012 Argyrios Kyrtzidis <akyrtzi@gmail.com> Don't include the header outside the include guards, it defeats the purpose of the include guards.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170364 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckers.h
45397f92bb3009dd5a1b399ef0885ccddc34838e 13-Dec-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Fix doc error (wrong param name) in ObjCSuperCallChecker.

Thanks for the -Wdocumentation catch, Dmitri!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170139 91177308-0d34-0410-b5e6-96231b3b80d8
bjCMissingSuperCallChecker.cpp
e14999e768fe55f620719fc4fbc361759e990e80 13-Dec-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Generalize ObjCMissingSuperCallChecker.

We now check a few methods for UIResponder, NSResponder, and NSDocument.

Patch by Julian Mayer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170089 91177308-0d34-0410-b5e6-96231b3b80d8
bjCMissingSuperCallChecker.cpp
1812652c24c5a7847654cef9b0875414000af27f 13-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a self-init checker false positive.

This is a Band-Aid fix to a false positive, where we complain about not
initializing self to [super init], where self is not coming from the
init method, but is coming from the caller to init.

The proper solution would be to associate the self and it's state with
the enclosing init.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170059 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
c2cca2361aeafdf9170de2695b17d8bcd1c6f7db 11-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Don't generate a summary for "freeWhenDone" if method is
inlined.

Fixes a false positive that occurs if a user writes their own
initWithBytesNoCopy:freeWhenDone wrapper.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169795 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
4ee1c557c3ebddb8a9be8f6fb66605b971793820 06-Dec-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Simplify RetainCountChecker's handling of dead symbols.

Previously we made three passes over the set of dead symbols, and removed
them from the state /twice/. Now we combine the autorelease pass and the
symbol death pass, and only have to remove the bindings for the symbols
that leaked.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169527 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
e3ce2c10c3f6ae7b26700d758de909deab190d42 06-Dec-2012 Ted Kremenek <kremenek@apple.com> Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator.

This is a nice conceptual cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
etainCountChecker.cpp
ndefCapturedBlockVarChecker.cpp
e0c6c67d670588508da2d343193cfe2845bef7e0 06-Dec-2012 Ted Kremenek <kremenek@apple.com> Use 'getOriginalRegion()' rather than going through the logic to recreate it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169478 91177308-0d34-0410-b5e6-96231b3b80d8
ndefCapturedBlockVarChecker.cpp
aacadfea7a7174116dbde09937098763a3211396 05-Dec-2012 Daniel Jasper <djasper@google.com> Add missing virtual destructors reported by -Wnon-virtual-dtor.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169365 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
39a62fcd3003785d9cc913ab2820be2f6f27bb40 05-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Implement an opt-in variant of direct ivar assignment.

This will only check the direct ivar assignments in the annotated
methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169349 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
irectIvarAssignment.cpp
79762d3d6d82a314848cf4bfa6d2d58439536dbe 04-Dec-2012 Ted Kremenek <kremenek@apple.com> Alphabetize source files, just like they have been before.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169318 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
55fc873017f10f6f566b182b70f6fc22aefa3464 04-Dec-2012 Chandler Carruth <chandlerc@gmail.com> Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.

This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.

I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
oolAssignmentChecker.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
StringSyntaxChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
heckerDocumentation.cpp
hrootChecker.cpp
ebugCheckers.cpp
ereferenceChecker.cpp
irectIvarAssignment.cpp
ivZeroChecker.cpp
ynamicTypePropagation.cpp
xprInspectionChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
varInvalidationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
bjCAtSyncChecker.cpp
bjCContainersASTChecker.cpp
bjCContainersChecker.cpp
bjCMissingSuperCallChecker.cpp
bjCSelfInitChecker.cpp
bjCUnusedIVarsChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
impleStreamChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
9d5a78d5a0c724f35af5ea2f17b2b88b32335e24 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Add raw_ostream include to pacify MSVC.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169097 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
a93d0f280693b8418bc88cf7a8c93325f7fcf4c6 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Include pruning and general cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169095 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
dempotentOperationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
allocSizeofChecker.cpp
SErrorChecker.cpp
tackAddrEscapeChecker.cpp
raversalChecker.cpp
ndefResultChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
9852f58f50b4fc20914fbce5b4454135a42343f4 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Don't include Type.h in DeclarationName.h.

Recursively prune some includes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169094 91177308-0d34-0410-b5e6-96231b3b80d8
xprInspectionChecker.cpp
tackAddrEscapeChecker.cpp
2fa67efeaf66a9332c30a026dc1c21bef6c33a6c 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.

Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169092 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
heckObjCDealloc.cpp
eadStoresChecker.cpp
enericTaintChecker.cpp
varInvalidationChecker.cpp
allocChecker.cpp
oReturnFunctionChecker.cpp
bjCUnusedIVarsChecker.cpp
etainCountChecker.cpp
ndefCapturedBlockVarChecker.cpp
dac6cd533d90fa1f75e66f83f7d5ebc12e34bfb7 26-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a crash reported in PR 14400.

The AllocaRegion did not have the superRegion (based on LocationContext)
as part of it's hash. As a consequence, the AllocaRegions from
different frames were uniqued to be the same region.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168599 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
4d9f4e5bfa701fc870e3c481f93f1fcc52d327bb 22-Nov-2012 Benjamin Kramer <benny.kra@googlemail.com> Make helpers static/anonymous.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168500 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
f34a5791c5c9df0348714e275adb09b8cf858460 15-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] StreamChecker: Remove now-unnecessary check::EndPath callback.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkDeadSymbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168069 91177308-0d34-0410-b5e6-96231b3b80d8
treamChecker.cpp
7f82bc87c99371df7adb2dbdf3464832031e4184 15-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] MacOSKeychainAPIChecker: Remove now-unnecessary check::EndPath.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkDeadSymbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168068 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
65d4bd60ec6a734b814b7253b1026d35c8e46ce9 15-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkDeadSymbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168067 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
2ccecfaa4852c134191d4075d94e09399ab46fea 13-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's code review for r167813.

This simplifies logic, fixes a bug, and adds a test case.
Thanks Jordan!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167868 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
4141e4dcab6b175374710925aa90d547600a5e66 13-Nov-2012 Anna Zaks <ganna@apple.com> Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.

When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we should allow the user to free
the pointer by calling another function when the return value is NULL.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167813 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
0fe4d400ab05995727440620c25fe1d185b4e046 07-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Check that the argument to CFMakeCollectable is non-NULL.

Patch by Sean McBride!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167537 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
heckers.td
65bc6537509fcfb9e7e724e7d40546eea931e07f 07-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Enhance docs for checker callbacks (esp. processRegionChanges).

No functionality change; this checker is only used for documentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167522 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
35d4a09efbdc313b02f05612e6501a7ec7d3a37d 06-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Add symbol escapes logic to the SimpleStreamChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167439 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
d1ad5e5d6c895f809ada5b420060b2ec0b48567b 06-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove isWithinInlined. It's been replaced with inTopFrame().

Thanks Jordan.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167438 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
fadcd5d5bbe1bfc1c6b8d819cc2242f780a49fec 03-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] add LocationContext::inTopFrame() helper.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167351 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
0c396d618dfa7cdd6ddafea24df7f74789d1f829 03-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Convert SimpleStreamChecker over to CallEvent.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167340 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
1f03a8a0334924719ff85c993d652480e93fda98 03-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] CheckerDocumentation: Change examples for PreStmt and PostStmt.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167339 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
2f3017f9cbd3774f690c979410bfec38423d03af 03-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add some convenience accessors to CallEvent, and use them.

These are CallEvent-equivalents of helpers already accessible in
CheckerContext, as part of making it easier for new checkers to be written
using CallEvent rather than raw CallExprs.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167338 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
d624607d4196e4b37d235daa14699bcb3c1012a6 03-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] isCLibraryFunction: check that the function is at TU-scope.

Also, Decls already carry a pointer to the ASTContext, so there's no need
to pass an extra argument to the predicate.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167337 91177308-0d34-0410-b5e6-96231b3b80d8
StringSyntaxChecker.cpp
edd07f40ce13eb64537e9bd3af2bec4847a90fb2 02-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Factor SimpleStreamChecker pulling out isLeaked().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167316 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
466224fd068a0a0084968a7f521a690a51c3b226 02-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Convert some of the harder cases over to ProgramStateTrait macros.

Add FIXMEs for the traits visible from multiple translation units.
Currently the macros hide their key types in an anonymous namespace.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167277 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
bjCSelfInitChecker.cpp
treamChecker.cpp
166d502d5367ceacd1313a33cac43b1048b8524d 02-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).

Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.

This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait,
but it does get a lot of them.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
enericTaintChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
bjCContainersChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
785950e59424dca7ce0081bebf13c0acd2c4fff6 02-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename 'EmitReport' to 'emitReport'.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167275 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
oolAssignmentChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
xprInspectionChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCContainersChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
impleStreamChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
79a29eb35a9508d61abb07452e4912d03466d1e7 01-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Fix typo in r167186.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167189 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
32f38c11642ddeaeb6c4ffb1e589ab444c825f6e 01-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Minor cleanup in SimpleStreamChecker's class definition.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167187 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
ec8d420d4fa57fc6b5a5a2b1446742e976a7ba00 01-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename ConditionTruthVal::isTrue to isConstrainedTrue.

(and the same for isFalse)

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167186 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
impleStreamChecker.cpp
bbb751a1788c461bc9765ec3387536cad6b52619 31-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a bug in SimpleStreamChecker - return after sink.

Thanks Ted.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167176 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
32133cfb333510ba94aff040067713c0b32d58c5 31-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] SimpleStreamChecker - remove evalAssume and other refinements

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167099 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
19948ac84f145b9ea576db2faefda1927c249e44 30-Oct-2012 Ted Kremenek <kremenek@apple.com> Trim #includes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167002 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
bdbb17b81ca02f0279909836668420351b7f24c1 30-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer]SimpleStreamChecker: add a TODO for better leak report.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167001 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
360b29c52a4c10f9d4c031d84d962ed2a4d58263 30-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a bug in REGISTER_MAP_WITH_PROGRAMSTATE

The ImmutableMap should not be the key into the GDM map as there could
be several entries with the same map type. Thanks, Jordan.

This complicates the usage of the macro a bit. When we want to retrieve
the whole map, we need to use another name. Currently, I set it to be
Name ## Ty as in "type of the map we are storing in the ProgramState".

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167000 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
ac150f2619efcadbf23acd6e86695b5412723eb1 30-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename REGISTER_MAP_WITH_GDM ->REGISTER_MAP_WITH_PROGRAMSTATE

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166999 91177308-0d34-0410-b5e6-96231b3b80d8
impleStreamChecker.cpp
eafaad279f7be4552e5a2246fcda1b5d65698104 30-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Warn about reallocf with an allocation size of 0, like realloc.

Patch by Sean McBride!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166995 91177308-0d34-0410-b5e6-96231b3b80d8
nixAPIChecker.cpp
3cf9a72743d147f3a6152ba3374f081bac749c28 30-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] New checker for missing super calls in UIViewController subclasses.

This is a syntactic checker aimed at helping iOS programmers correctly
subclass and override the methods of UIViewController. While this should
eventually be covered by the 'objc_requires_super' attribute, this
checker can be used with the existing iOS SDKs without any header changes.

This new checker is currently named 'alpha.osx.cocoa.MissingSuperCall'.
Patch by Julian Mayer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166993 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
bjCMissingSuperCallChecker.cpp
54458707b2df12c5a63599fe9727a227d91bc183 29-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker cleanup/refactor

No need for the auxiliary flag. No need to generate a leak node when
there is no error.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166977 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
d65e55d691655462880ffd51c10784955ab6a362 29-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Add SimpleStreamChecker.

This is an example checker for catching fopen fclose API misuses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166976 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
impleStreamChecker.cpp
5ac1df3e15f91ed663826faec7efe2462c18d98c 29-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Add checker helpers to CheckerContext.

- Adding Immutable Map to GDM and getIdentifierInfo helper method.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166975 91177308-0d34-0410-b5e6-96231b3b80d8
treamChecker.cpp
c3c26b7390bc4ac3ad122f557a10ba17ab871216 18-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Ivar invalidation: identify properties declared in protocols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166211 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
e0c50fa01d59749e9392ccff50ee6fb90a61725b 16-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Ivar Invalidation: track ivars in continuations and
@implementation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166047 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
bc9e5ffb0d0757238c071764e4bc1fc8a1521097 16-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] ObjCContainersASTChecker: minor cleanup and an extra test case.

Follow-up to r165838, which fixed a potential crash.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166002 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersASTChecker.cpp
51431dcf4a591ded089a56aaa985bb546cec8ce4 16-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Enhance the error message.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165993 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
625ce084bc8de75e74b8920593ab761f20ff5971 16-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Do not warn on direct ivar assignments within copy methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165992 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
74616824108151e139d84338db609cc32f065c05 13-Oct-2012 Ted Kremenek <kremenek@apple.com> Move assertion to not crash tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165842 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
d0f3d7148ca761fda2243528b2b62f916770f546 13-Oct-2012 Ted Kremenek <kremenek@apple.com> Silence static analyzer issue by documenting that in this context
that a DeclRefExpr can never return a null decl. We possibly should
hoist this into getDecl() itself.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165841 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
5a8fc88b18793f25d4423805d7e4ac5d0325b9a6 13-Oct-2012 Ted Kremenek <kremenek@apple.com> Silence null dereference warnings by documenting context-specific
invariants using assertions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165840 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
441ee1dfa5ff8d904ad07dc3b7837c44d9f173eb 13-Oct-2012 Ted Kremenek <kremenek@apple.com> Fix potential crash in ObjCContainersChecker by properly validating
the number of arguments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165838 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersASTChecker.cpp
42adacbb9bc7b6172bd36f9baa297180c77ab6d7 11-Oct-2012 Ted Kremenek <kremenek@apple.com> Remove OSAtomicChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165744 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
SAtomicChecker.cpp
48fa1361505c51cdc5e78deffdbdd7c334cca5d0 11-Oct-2012 Ted Kremenek <kremenek@apple.com> Switch over to BodyFarm implementation of OSAtomicCompareAndSwap and
objc_atomicCompareAndSwap.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165743 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
bbff82f302a1dd67589f65912351978905f0c5a7 01-Oct-2012 Anna Zaks <ganna@apple.com> Move isObjCSelf into Expr.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164966 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
b9733ac1a2012c3e909ac262073a6deb8533d2c7 01-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's review for r164868.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164965 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
43e8ef0b90dffcf9bda4fc2d3e6b21feb1e15bfb 01-Oct-2012 Ted Kremenek <kremenek@apple.com> Add checker debug.ConfigDumper to dump the contents of the configuration table.
The format of this output is a WIP; largely I'm bringing it up now
for regression testing. We can evolve the output format over time.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164953 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
31f69cc770888ec0f0f7012212e5df7979aba4f3 29-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Re-implement IvarInvalidationChecker so that it verifies that
the validation occurred.

The original implementation was pessimistic - we assumed that ivars
which escape are invalidated. This version is optimistic, it assumes
that the ivars will always be explicitly invalidated: either set to nil
or sent an invalidation message.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164868 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
bf24792e00a47fd9d74ff21e21d2cbffc6d62818 27-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's code review for r164790.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164803 91177308-0d34-0410-b5e6-96231b3b80d8
irectIvarAssignment.cpp
377945cc9e4f23cdbb01ade2a664acd5ff95a888 27-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] IvarInvalidation: track synthesized ivars and allow escape
through property getters.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164802 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
69e431e23d95013c3401067af112da9d6dbe10e1 27-Sep-2012 Anna Zaks <ganna@apple.com> Unbreak cmake build
(fixup for r164790)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164791 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
88a83e3f3bade5497ff371ed5a570b83d9373e3a 27-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Add an experimental ObjC direct ivar assignment checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164790 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
irectIvarAssignment.cpp
b087bbf3cf44a56d60ad1ed6fd5abb48dab0e0b3 27-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's code review comments for r164716.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164788 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
varInvalidationChecker.cpp
f3477c13eeaf11b32a41f181398fb5deffd0dd73 27-Sep-2012 Sylvestre Ledru <sylvestre@debian.org> Revert 'Fix a typo 'iff' => 'if''. iff is an abreviation of if and only if. See: http://en.wikipedia.org/wiki/If_and_only_if Commit 164766

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164769 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
94ff8e1f57c6382d91d0de981a4f311509d83e37 27-Sep-2012 Sylvestre Ledru <sylvestre@debian.org> Fix a typo 'iff' => 'if'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164766 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
7836011482bc26dfebf15df4fd993d07b607fbcf 27-Sep-2012 NAKAMURA Takumi <geek4civic@gmail.com> IvarInvalidationChecker.cpp: Remove an unused member, InterfD. [-Wunused-private-field]

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164745 91177308-0d34-0410-b5e6-96231b3b80d8
varInvalidationChecker.cpp
5bf5c2ec54ede5352293e5739e9b44bea2f6b01b 26-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Add experimental ObjC invalidation method checker.

This checker is annotation driven. It checks that the annotated
invalidation method accesses all ivars of the enclosing objects that are
objects of type, which in turn contains an invalidation method.

This is driven by
__attribute((annotation("objc_instance_variable_invalidator")).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164716 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
varInvalidationChecker.cpp
c693339753d7ec0b9af6a6e4173aeaf6f9ec866c 25-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a buildbot crash triggered by turning on dynamic
dispatch.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164579 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
615a092a511cd2dfe1a5364ebf5f80e55e33034d 22-Sep-2012 Jordan Rose <jordan_rose@apple.com> Use llvm::getOrdinalSuffix to print ordinal numbers in diagnostics.

Just a refactoring of common infrastructure. No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164443 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
991bcb4370fe849603346ebbddc8dd47bc29d235 22-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Check that an ObjCIvarRefExpr's base is non-null even as an lvalue.

Like with struct fields, we want to catch cases like this early,
so that we can produce better diagnostics and path notes:

PointObj *p = nil;
int *px = &p->_x; // should warn here
*px = 1;

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164442 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
c20c7275c351f362b42915901d308ac66b8b71d1 20-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] MallocChecker should not do post-call checks on inlined functions.

If someone provides their own function called 'strdup', or 'reallocf', or
even 'malloc', and we inlined it, the inlining should have given us all the
malloc-related information we need. If we then try to attach new information
to the return value, we could end up with spurious warnings.

<rdar://problem/12317671>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164276 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0 17-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Teach the analyzer about implicit initialization of statics
in ObjCMethods.

Extend FunctionTextRegion to represent ObjC methods as well as
functions. Note, it is not clear what type ObjCMethod region should
return. Since the type of the FunctionText region is not currently used,
defer solving this issue.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164046 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
allocChecker.cpp
45b76bad757d8b9f93df2b21ca012c309810d206 13-Sep-2012 Ted Kremenek <kremenek@apple.com> Fix grammar.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163828 91177308-0d34-0410-b5e6-96231b3b80d8
acOSXAPIChecker.cpp
be879727893994532b4a643bfae6fb656742057f 13-Sep-2012 Ted Kremenek <kremenek@apple.com> When warning about unsafe uses of dispatch_once, specially handle the
crazy case where dispatch_once gets redefined as a macro that calls
_dispatch_once (which calls the real dispatch_once). Users want to
see the warning in their own code.

Fixes <rdar://problem/11617767>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163816 91177308-0d34-0410-b5e6-96231b3b80d8
acOSXAPIChecker.cpp
16e6a7cb41319459ded69b4d47f405c1035dd347 13-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Do not report use of undef on "return foo();" when the return type is void.

Fixes a false positive found by analyzing LLVM code base.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8
eturnUndefChecker.cpp
9dc298bf8e4001978e44e7f1872f337fe5805960 13-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix another false positive in malloc realloc logic.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163749 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
e5cc4c967178669dd19832bc0fb03b293d5d969f 11-Sep-2012 Stephen Hines <srhines@google.com> Merge up through LLVM r163557.

New CommentCommandInfo and CommentHTMLTagsProperties targets for TableGen.

Updated Android.mk source files for AST, StaticAnalyzer/Checkers,
StaticAnalyzer/Core, driver, and TableGen.

Split Rewrite/Android.mk into Core and Frontend sub-libraries.

Change-Id: Ia114939e242a79570c41a519f4f3cc712a0ed9a8
ndroid.mk
9f0b1324a5352713337c75ef4a5acffd96609c6c 11-Sep-2012 Stephen Hines <srhines@google.com> Merge branch 'upstream' into merge-2012_09_10
1ad23d62007162df82b58bca31b4aa277a5f6586 10-Sep-2012 Dmitri Gribenko <gribozavr@gmail.com> Remove redundant semicolons which are null statements.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163546 91177308-0d34-0410-b5e6-96231b3b80d8
heckObjCDealloc.cpp
da88536ed2c2755873a0db72656e443b95068d45 10-Sep-2012 Benjamin Kramer <benny.kra@googlemail.com> Make helper functions static.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163505 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
allAndMessageChecker.cpp
82f2ad456a82da1b9cb7ddfc994c8f5fa44b59e6 08-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] ObjCSelfInitChecker should always clean up in postCall checks.

ObjCSelfInitChecker stashes information in the GDM to persist it across
function calls; it is stored in pre-call checks and retrieved post-call.
The post-call check is supposed to clear out the stored state, but was
failing to do so in cases where the call did not have a symbolic return
value.

This was actually causing the inappropriate cache-out from r163361.
Per discussion with Anna, we should never actually cache out when
assuming the receiver of an Objective-C message is non-nil, because
we guarded that node generation by checking that the state has changed.
Therefore, the only states that could reach this exact ExplodedNode are
ones that should have merged /before/ making this assumption.

r163361 has been reverted and the test case removed, since it won't
actually test anything interesting now.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163449 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
a435e6989de2c668c5c512dda48e6f8756e0ba2c 08-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add debug output for ObjCSelfInitChecker's state.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163448 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
9f6ec8253e3ec3e9722ca7e4599f977db2f786ef 08-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Address John's code review for r163407.

Teach malloc sizeof checker to find type inconsistencies in multi-
dimensional arrays.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163438 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9 08-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove ProgramState::getSymVal(). It was being misused by Checkers,
with at least one subtle bug in MacOSXKeyChainAPIChecker where the
calling the method was a substitute for assuming a symbolic value
was null (which is not the case).

We still keep ConstraintManager::getSymVal(), but we use that as
an optimization in SValBuilder and ProgramState::getSVal() to
constant-fold SVals. This is only if the ConstraintManager can
provide us with that information, which is no longer a requirement.
As part of this, introduce a default implementation of
ConstraintManager::getSymVal() which returns null.

For Checkers, introduce ConstraintManager::isNull(), which queries
the state to see if the symbolic value is constrained to be a null
value. It does this without assuming it has been implicitly constant
folded.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
258bd59eee5403fc2a98fb23df71fa0281a3ec29 07-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive in sizeof malloc checker.

Don't warn when the sizeof argument is an array with the same element
type as the pointee of the return type.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163407 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
2ab012a6de2b2769ec7ad99c4b61788cc5175d17 07-Sep-2012 Ted Kremenek <kremenek@apple.com> Fix off-by-one bug in diagnostic prose of ObjCContainersASTChecker.
While the check itself should count 0-based for the parameter index,
the diagnostic should be 1-based (first, second, third, not start at 0).

Fixes <rdar://problem/12249569>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163375 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersASTChecker.cpp
061707a86f20bf608758e7013df24bd1be12ffc6 07-Sep-2012 Ted Kremenek <kremenek@apple.com> Teach RetainCountChecker that CFPlugInInstanceCreate does not
return a CF object at all.

Fixes <rdar://problem/9566345>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163362 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
ec9f36ea83e0f57683dceaa53163f6246d1442d5 07-Sep-2012 Ted Kremenek <kremenek@apple.com> Refine diagnostics for leaks reported when returning an object
via function/method with [CF,NS]_RETURNS_NOT_RETAINED.

Fixes <rdar://problem/11379000>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163355 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
2827f5af018c515986ffb1779ec2e7246988f150 07-Sep-2012 Ted Kremenek <kremenek@apple.com> Tweak DeadStoresChecker to not warn about dead stores to variables that
are used in EH code. Right now the CFG doesn't support exceptions well,
so we need this hack to avoid bogus dead store warnings.

Fixes <rdar://problem/12147586>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163353 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
200fa2e70d52ae6d620e81cd45536071fdde70c0 06-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't attempt to devirtualize calls to base class destructors.

CXXDestructorCall now has a flag for when it is a base destructor call.
Other kinds of destructor calls (locals, fields, temporaries, and 'delete')
all behave as "whole-object" destructors and do not behave differently
from one another (specifically, in these cases we /should/ try to
devirtualize a call to a virtual destructor).

This was causing crashes in both our internal buildbot, the crash still
being tracked in PR13765, and some of the crashes being tracked in PR13763,
due to a assertion failure. (The behavior under -Asserts happened to be
correct anyway.)

Adding this knowledge also allows our DynamicTypePropagation checker to do
a bit less work; the special rules about virtual method calls during a
destructor only require extra handling during base destructors.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163348 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
9b925ac059089dfe74e3b8fa5effe519fb9ee885 06-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Enhance the member expr tracking to account for references.

As per Jordan's suggestion. (Came out of code review for r163261.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163269 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
9bc1e6db1c0a1d57eaf9b35eb3ab8a60ffb437ed 06-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove unneeded code.

This region is set as interesting as part of trackNullOrUndefValue call,
no need to mark it as interesting twice.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163260 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
d21c96409fee1d09331d9218bd673d0df7352874 05-Sep-2012 Ted Kremenek <kremenek@apple.com> Fix indentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163176 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
4a25f3056416aaffa7852985c2045634e5275876 01-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Future-proofing r163012 (nameless functions and RetainCountChecker)

Any future exceptions need to go INSIDE the test that checks if the
IdentifierInfo is non-null!

No functionality change. Thanks for the review, Ted.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163067 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
5699f62df144545702b91e91836a63db4e5f2627 01-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Always derive a CallEvent's return type from its origin expr.

Previously, we preferred to get a result type by looking at the callee's
declared result type. This allowed us to handlereferences, which are
represented in the AST as lvalues of their pointee type. (That is, a call
to a function returning 'int &' has type 'int' and value kind 'lvalue'.)

However, this results in us preferring the original type of a function
over a casted type. This is a problem when a function pointer is casted
to another type, because the conjured result value will have the wrong
type. AdjustedReturnValueChecker is supposed to handle this, but still
doesn't handle the case where there is no "original function" at all,
i.e. where the callee is unknown.

Now, we instead look at the call expression's value kind (lvalue, xvalue,
or prvalue), and adjust the expr's type accordingly. This will have no
effect when the function is inlined, and will conjure the value that will
actually be used when it is not.

This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately,
the cases where it would still be useful are where we need to cast the
result of an inlined function or a checker-evaluated function, and in these
cases we don't know what we're casting /from/ by the time we can do post-
call checks. In light of that, remove AdjustedReturnValueChecker, which
was already not checking quite a few calls.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163065 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
MakeLists.txt
heckers.td
a89f719ad3a7134e3eec7c9e03aa0e22031c0de9 31-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: don't assume all functions have names.

Fixes a hard-to-reach crash when calling a non-member overloaded operator
with arguments that may be callbacks.

Future-proofing: don't make the same assumption in MallocSizeofChecker.
Aside from possibly respecting attributes in the future, it might be
possible to call 'malloc' through a function pointer.

I audited all other uses of FunctionDecl::getIdentifier() in the analyzer;
they all now correctly test to see if the identifier is present before
using it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163012 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
etainCountChecker.cpp
43d3974ab355daa77c2b7cdae62737be1a60beb9 31-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove cast inside dyn_cast.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162951 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
dc601f4a9f69315521abddbca04d4652deee5fdb 31-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Fixup for r162935 as per Jordan's review.

Thanks for catching this!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162949 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
05fcbd3dc28f4cba4a6d33e7aeaabb5f6f7837e3 30-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Do not propagate the [super init] could be nil assumption
from callee to caller.

radar://12109638

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162935 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
e788365f513a579b03ff7f49296d5b95645ea3fe 30-Aug-2012 Ted Kremenek <kremenek@apple.com> Teach RetainCountChecker about 'pragma clang arc_cf_code_audited'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162934 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
554067f290282f366ccf65a27e0b914aa67a52c6 30-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Stop tracking symbols based on a retain count summary of
inlined function.

This resolves retain count checker false positives that are caused by
inlining ObjC and other methods. Essentially, if we are passing an
object to a method with "delegate" in the selector or a function pointer
as another argument, we should stop tracking the other parameters/return
value as far as the retain count checker is concerned.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162876 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
80de487e03dd0f44e4572e2122ebc1aa6a3961f5 29-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Improved diagnostic pruning for calls initializing values.

This heuristic addresses the case when a pointer (or ref) is passed
to a function, which initializes the variable (or sets it to something
other than '0'). On the branch where the inlined function does not
set the value, we report use of undefined value (or NULL pointer
dereference). The access happens in the caller and the path
through the callee would get pruned away with regular path pruning. To
solve this issue, we previously disabled diagnostic pruning completely
on undefined and null pointer dereference checks, which entailed very
verbose diagnostics in most cases. Furthermore, not all of the
undef value checks had the diagnostic pruning disabled.

This patch implements the following heuristic: if we pass a pointer (or
ref) to the region (on which the error is reported) into a function and
it's value is either undef or 'NULL' (and is a pointer), do not prune
the function.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
eturnUndefChecker.cpp
ndefBranchChecker.cpp
ndefResultChecker.cpp
ndefinedAssignmentChecker.cpp
73212dff6437d409e0c1b779fdcac2f4f98ca8b0 29-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] C++ objects returned on the stack may be wrapped in ExprWithCleanups.

In C++, objects being returned on the stack are actually copy-constructed into
the return value. That means that when a temporary is returned, it still has
to be destroyed, i.e. the returned expression will be wrapped in an
ExprWithCleanups node. Our "returning stack memory" checker needs to look
through this node to see if we really are returning an object by value.

PR13722

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162817 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
a1f81bb0e55749a1414b1b5124bb83b9052ff2ac 28-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename addTrackNullOrUndefValueVisitor to trackNullOrUndefValue.

This helper function (in the clang::ento::bugreporter namespace) may add more
than one visitor, but conceptually it's tracking a single use of a null or
undefined value and should do so as best it can.

Also, the BugReport parameter has been made a reference to underscore that
it is non-optional.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162720 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
bjCAtSyncChecker.cpp
eturnUndefChecker.cpp
ndefBranchChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
c210cb7a358d14cdd93b58562f33ff5ed2d895c1 27-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Inline constructors for any object with a trivial destructor.

This allows us to better reason about status objects, like Clang's own
llvm::Optional (when its contents are trivially destructible), which are
often intended to be passed around by value.

We still don't inline constructors for temporaries in the general case.

<rdar://problem/11986434>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162681 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
3d578130c438585476d31f0e8c0bf3223992d683 24-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename the "experimental" checker package to "alpha". We will then refine
this group into "alpha" and "beta" to distinguish between checkers in
different levels of premature state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162582 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
55dd956d521d4d650dfd929d67f4b98ede61c0ea 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix realloc related bug in the malloc checker.

When reallocation of a non-allocated (not owned) symbol fails do not
expect it to be freed.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162533 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
8eba6f194484c38ed724375aeab27de556113a84 23-Aug-2012 Stephen Hines <srhines@google.com> Add new files for merge to upstream r162325.

Change-Id: I44af8265445bd67d7985164e2e3117b8c3d8d3c1
ndroid.mk
80ea4bc944eb01c220eeaa004b21ad709ba928e1 24-Aug-2012 Stephen Hines <srhines@google.com> Merge branch 'upstream' into merge_2

Conflicts:
lib/Sema/SemaDeclAttr.cpp

Change-Id: If47d0d39459760017258502b4d9e859ac36a273b
4f534e70b0922fa74d56022b71f0099d4b2c4e6b 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove unnecessary code.

This code has been added a while ago and removing it does not trigger
any test failures. The false positives it was trying to suppress are
probably handled by other logic (ex: special handling of delegates).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162529 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
5a90193ad825656d4a03099cd5e9c928d1782b5e 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Make analyzer less aggressive when dealing with [self init].

With inlining, retain count checker starts tracking 'self' through the
init methods. The analyser results were too noisy if the developer
did not follow 'self = [super init]' pattern (which is common
especially in older code bases) - we reported self init anti-pattern AND
possible use-after-free. This patch teaches the retain count
checker to assume that [super init] does not fail when it's not consumed
by another expression. This silences the retain count warning that warns
about possibility of use-after-free when init fails, while preserving
all the other checking on 'self'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162508 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
769bc07f4199b5889a88cf092ab4713d5520ff33 23-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Fixup to r162399. Initialize the member variable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162405 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
266636128f87c167ff5a99e2e6e6136ab2495f08 22-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Add osx.cocoa.NonNilReturnValue checker.

The checker adds assumptions that the return values from the known APIs
are non-nil. Teach the checker about NSArray/NSMutableArray/NSOrderedSet
objectAtIndex, objectAtIndexedSubscript.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162398 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
heckers.td
56a46b51df691f857f7120aaf2d4deeff0b014de 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to
'killBinding()'. The name is more specific, and one just forwarded
to the other.

Add some doxygen comments along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
66c486f275531df6362b3511fc3af6563561801b 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'currentX' to 'currX' throughout analyzer and libAnalysis.
Also rename 'getCurrentBlockCounter()' to 'blockCount()'.

This ripples a bunch of code simplifications; mostly aesthetic,
but makes the code a bit tighter.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
StringChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'getConjuredSymbol*' to 'conjureSymbol*'.

No need to have the "get", the word "conjure" is a verb too!
Getting a conjured symbol is the same as conjuring one up.

This shortening is largely cosmetic, but just this simple changed
cleaned up a handful of lines, making them less verbose.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
9641d451d5d97474a4ae0788114f22ddfe65dc9e 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Remove stale header file.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162341 91177308-0d34-0410-b5e6-96231b3b80d8
bjCAtSyncChecker.cpp
fa06f0464a04bb7fce1fcfb3780d151bb029e00c 20-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace boolean IsSink parameters with 'generateSink' methods.

Generating a sink is significantly different behavior from generating a
normal node, and a simple boolean parameter can be rather opaque. Per
offline discussion with Anna, adding new generation methods is the
clearest way to communicate intent.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162215 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
etainCountChecker.cpp
2bce86c836f6d6e00f7d2f92bc20e5250d5c4232 18-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove obsolete GenericNodeBuilderRefCount from RetainCountChecker.

This was once an adapter class between callbacks that had CheckerContexts
and those that don't, but for a while now it's essentially just been a
wrapper around a ProgramPointTag. We can just pass the tag around instead.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162155 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
7f660857309a14c036a80ef90b40bf8f68fda9da 15-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] If we call a C++ method on an object, assume it's non-null.

This is analogous to our handling of pointer dereferences: if we
dereference a pointer that may or may not be null, we assume it's non-null
from then on.

While some implementations of C++ (including ours) allow you to call a
non-virtual method through a null pointer of object type, it is technically
disallowed by the C++ standard, and should not prune out any real paths in
practice.

[class.mfct.non-static]p1: A non-static member function may be called
for an object of its class type, or for an object of a class derived
from its class type...
(a null pointer value does not refer to an object)

We can also make the same assumption about function pointers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161992 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
4e79fdfe22db1c982e8fdf8397fee426a8c57821 15-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Correctly devirtualize virtual method calls in constructors.

This is the other half of C++11 [class.cdtor]p4 (the destructor side
was added in r161915). This also fixes an issue with post-call checks
where the 'this' value was already being cleaned out of the state, thus
being omitted from a reconstructed CXXConstructorCall.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161981 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
0ad36baedc516005cb6ea97d96327517ebfe5138 15-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Correctly devirtualize virtual method calls in destructors.

C++11 [class.cdtor]p4: When a virtual function is called directly or
indirectly from a constructor or from a destructor, including during
the construction or destruction of the class’s non-static data members,
and the object to which the call applies is the object under
construction or destruction, the function called is the final overrider
in the constructor's or destructor's class and not one overriding it in
a more-derived class.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
c6ba23f207410efcaf93132790218b9f9bcebe43 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove other #if 0 from Retain Count checker.

These date back to 2009, 2011.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161876 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
81f01c62d74601303069682ce12210eb0368c8e7 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove autorelease pools code from the Retain Count checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161875 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
f345ffb2f4e75e7837d9fba8745525b36fa92ee5 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Fixup to r161821

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161854 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
c95bb76e85ff9a37de23821f713d947dcbc98f35 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Disable autorelease pool tracking.

The autorelease pool has not been implemented completely: we were adding
the autoreleased symbols to the state, but never looking at them. Until
we have a complete implementation, remove the overhead and comment out
the unused code.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161821 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
8d6b43c4acf666499ed456ef90e143fa6e84392e 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Refactor RetainReleaseChecker to go through a function call
to set/get/remove the RefBinding.

No functional change here. Having these setter and getter methods will
make it much easier when replacing the underlining representation of
RefBindings (I just went through the exercise). It makes the code more
readable as well.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161820 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
955cd444f445bcdbade1cdd3926254c8ee7890d8 14-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Add getStackFrame() to CheckerContext and ExplodedNode.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161819 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
e5399f1375f8571bdd821ae08291af1c895adfd3 11-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add clang_analyzer_checkInlined for debugging purposes.

This check is also accessible through the debug.ExprInspection checker.
Like clang_analyzer_eval, you can use it to test the analyzer engine's
current state; the argument should be true or false to indicate whether or
not you expect the function to be inlined.

When used in the positive case (clang_analyzer_checkInlined(true)), the
analyzer prints the message "TRUE" if the function is ever inlined. However,
clang_analyzer_checkInlined(false) should never print a message; this asserts
that there should be no paths on which the current function is inlined, but
then there are no paths on which to print a message! (If the assertion is
violated, the message "FALSE" will be printed.)

This asymmetry comes from the fact that the only other chance to print a
message is when the function is analyzed as a top-level function. However,
when we do that, we can't be sure it isn't also inlined elsewhere (such as
in a recursive function, or if we want to analyze in both general or
specialized cases). Rather than have all checkInlined calls have an appended,
meaningless "FALSE" or "TOP-LEVEL" case, there is just no message printed.

void clang_analyzer_checkInlined(int);

For debugging purposes only!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161708 91177308-0d34-0410-b5e6-96231b3b80d8
xprInspectionChecker.cpp
54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9 10-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Track if a region can be a subclass in the dynamic type info.

When object is allocated with alloc or init, we assume it cannot be a
subclass (currently used only for bifurcation purposes).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
d4fe57f7f7a8793227effc1274d70ec44cee9a4f 09-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename the function to better reflect what it actually does.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161617 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
431e35c279972a28be8adc31e127a207e666498d 09-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Cleanup of malloc checker.

Remove Escaped state, which is not really necessary. We can just stop
tracking the symbol instead of keeping it around and marking escaped.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161557 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
42f74f21ece01dc8573d5377859d327fbb23b26c 09-Aug-2012 Eli Friedman <eli.friedman@gmail.com> clang support for Bitrig (an OpenBSD fork); patch by David Hill.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161546 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
919e8a1c6698bfa6848571d366430126bced727d 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Clean up the printing of FieldRegions for leaks.

Unfortunately, generalized region printing is very difficult:
- ElementRegions are used both for casting and as actual elements.
- Accessing values through a pointer means going through an intermediate
SymbolRegionValue; symbolic regions are untyped.
- Referring to implicitly-defined variables like 'this' and 'self' could be
very confusing if they come from another stack frame.

We fall back to simply not printing the region name if we can't be sure it
will print well. This will allow us to improve in the future.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161512 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
0d53ab4024488d0c6cd283992be3fd4b67099bd3 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Track malloc'd regions stored in structs.

The main blocker on this (besides the previous commit) was that
ScanReachableSymbols was not looking through LazyCompoundVals.
Once that was fixed, it's easy enough to clear out malloc data on return,
just like we do when we bind to a global region.

<rdar://problem/10872635>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161511 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
8ed21ef726be89ef7151b5ff397631379bd8a537 07-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's review of DynamicTypePropagation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161391 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
c4c647c88ced2e953f15f8987952ede9b96aa969 07-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Dynamic type info - propagate through implicit casts.

I currently have a bit of redundancy with the cast kind switch statement
inside the ImplicitCast callback, but I might be adding more casts going
forward.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161358 91177308-0d34-0410-b5e6-96231b3b80d8
ynamicTypePropagation.cpp
c7ecc43c33a21b82c49664910b19fcc1f555aa51 07-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Add a checker to manage dynamic type propagation.

Instead of sprinkling dynamic type info propagation throughout
ExprEngine, the added checker would add the more precise type
information on known APIs (Ex: ObjC alloc, new) and propagate
the type info in other cases (ex: ObjC init method, casts (the second is
not implemented yet)).

Add handling of ObjC alloc, new and init to the checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
ynamicTypePropagation.cpp
15d18e15384c9e992bd294fc56f4fdf770763d71 06-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Ignore OS X 10.8's annotations for NSMakeCollectable.

The frameworks correctly use the 'cf_consumed' and 'ns_returns_retained'
attributes for NSMakeCollectable, but we can model the behavior under
garbage collection more precisely than that.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161349 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
4d33286d59e5d71a072c7e08ea0c5dd65e45b81c 04-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: remove assert since is not valid as of r161248

We can be in the situation where we did not track the symbol before
realloc was called on it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161294 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
a8695180217806bb421cfc6700bec76fc0b1ae56 04-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Use a more robust check for null in CallAndMessageChecker.

This should fix the failing test on the buildbot as well.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161290 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
522f46f497d9ccecc8bc2f5ec132b9bb7060dee1 04-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't assume values bound to references are automatically non-null.

While there is no such thing as a "null reference" in the C++ standard,
many implementations of references (including Clang's) do not actually
check that the location bound to them is non-null. Thus unlike a regular
null dereference, this will not cause a problem at runtime until the
reference is actually used. In order to catch these cases, we need to not
prune out paths on which the input pointer is null.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161288 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
685379965c1b105ce89cf4f6c60810932b7f4d0d 04-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] When a symbol is null, we should track its constraints.

Because of this, we would previously emit NO path notes when a parameter
is constrained to null (because there are no stores). Now we show where we
made the assumption, which is much more useful.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161280 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
bjCAtSyncChecker.cpp
eturnUndefChecker.cpp
ndefBranchChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
9da59a67a27a4d3fc9d59552f07808a32f85e9d3 04-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Track null/uninitialized C++ objects used in method calls.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161278 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
ede875b794e8f35aa1432e61610ea6e84360b6d3 03-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: track non-allocated but freed memory

There is no reason why we should not track the memory which was not
allocated in the current function, but was freed there. This would
allow to catch more use-after-free and double free with no/limited IPA.

Also fix a realloc issue which surfaced as the result of this patch.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161248 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
ee959355b93c0648fea88dc986d196e3705407dc 03-Aug-2012 Shih-wei Liao <sliao@google.com> Apply changes to migrate to CLANG-160673-20120724.

Change-Id: I00d23ac9b893c62dca281ec771eeb5f911854bae
ndroid.mk
08fc8eb5a1cc9c01af67e016ab21c9b905711eb1 03-Aug-2012 Shih-wei Liao <sliao@google.com> Merge with Clang upstream r160673 (Jul 24th 2012)

Conflicts:
lib/Sema/SemaDeclAttr.cpp

Change-Id: I37f02f20642a037b9da8d35fefa01986cd250b14
9f3b9d54ccbbf212591602f389ebde7923627490 02-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a simple check for initializing reference variables with null.

There's still more work to be done here; this doesn't catch reference
parameters or return values. But it's a step in the right direction.

Part of <rdar://problem/11212286>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161214 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
d563d3fb73879df7147b8a5302c3bf0e1402ba18 30-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Only allow CallEvents to be created by CallEventManager.

This ensures that it is valid to reference-count any CallEvents, and we
won't accidentally try to reclaim a CallEvent that lives on the stack.
It also hides an ugly switch statement for handling CallExprs!

There should be no functionality change here.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
11abf2ad01f64ede7c0555167f41a1c5852f80c6 27-Jul-2012 NAKAMURA Takumi <geek4civic@gmail.com> clang/lib: [CMake] Update tblgen'd dependencies.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160851 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d 26-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
allAndMessageChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
oReturnFunctionChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
raversalChecker.cpp
fc999ac663eca933359047c88dc4a1ef6e579e8a 26-Jul-2012 Ted Kremenek <kremenek@apple.com> Add static analyzer check for calling a C++ instance method with a null/uninitialized pointer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160767 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
5292718007095d59ee9c4bca554a386674aa7045 25-Jul-2012 Ted Kremenek <kremenek@apple.com> Remove experimental invalid iterators checker from the codebase until we have the time
to fix all the issues. Currently the code is essentially unmaintained and buggy, and
needs major revision (with coupled enhancements to the analyzer core).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160754 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
teratorsChecker.cpp
bed28ac1d1463adca3ecf24fca5c30646fa9dbb2 23-Jul-2012 Sylvestre Ledru <sylvestre@debian.org> Fix a typo (the the => the)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160622 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
nixAPIChecker.cpp
8919e688dc610d1f632a4d43f7f1489f67255476 18-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Combine all ObjC message CallEvents into ObjCMethodCall.

As pointed out by Anna, we only differentiate between explicit message sends

This also adds support for ObjCSubscriptExprs, which are basically the same
as properties in many ways. We were already checking these, but not emitting
nice messages for them.

This depends on the llvm::PointerIntPair change in r160456.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
heckerDocumentation.cpp
etainCountChecker.cpp
7373ead8719ceedd21c108419159ea74b02b2461 18-Jul-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove trivial destructor from SVal.

This enables the faster SmallVector in clang and also allows clang's unused
variable warnings to be more effective. Fix the two instances that popped up.

The RetainCountChecker change actually changes functionality, it would be nice
if someone from the StaticAnalyzer folks could look at it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160444 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
etainCountChecker.cpp
0ffbfd1a7f80f9a3c07317cb8f44c562f2ba1ba5 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add debug.DumpCalls, which prints out any CallEvents it sees.

This is probably not so useful yet because it is not path-sensitive, though
it does try to show inlining with indentation.

This also adds a dump() method to CallEvent, which should be useful for
debugging.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160030 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
raversalChecker.cpp
5ef6e94b294cc47750d8ab220858a36726caba59 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Guard against C++ member functions that look like system functions.

C++ method calls and C function calls both appear as CallExprs in the AST.
This was causing crashes for an object that had a 'free' method.

<rdar://problem/11822244>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160029 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
852aa0d2c5d2d1faf2d77b5aa3c0848068a342c5 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPoints

These ProgramPoints are used in inlining calls,
and not all calls have associated statements anymore.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
8d276d38c258dfc572586daf6c0e8f8fce249c0e 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a CXXDestructorCall CallEvent.

While this work is still fairly tentative (destructors are still left out of
the CFG by default), we now handle destructors in the same way as any other
calls, instead of just automatically trying to inline them.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160020 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
28038f33aa2db4833881fea757a1f0daf85ac02b 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.

These are currently unused, but are intended to be used in lieu of PreStmt
and PostStmt when the call is implicit (e.g. an automatic object destructor).

This also modifies the Data1 field of ProgramPoints to allow storing any
pointer-sized value, as opposed to only aligned pointers. This is necessary
to store SourceLocations.

There is currently no BugReporter support for these; they should be skipped
over in any diagnostic output.

This commit also tags checkers that currently rely on function calls only
occurring at StmtPoints.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
etainCountChecker.cpp
783db50d09cf2df90679331cca6c7254f4a2fbc5 10-Jul-2012 Anna Zaks <ganna@apple.com> [analyzer] Remove redundant check (scalar type is a superset of integer)

PR13319 Reported by Jozsef Mihalicza.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159996 91177308-0d34-0410-b5e6-96231b3b80d8
ivZeroChecker.cpp
8d3ba23f2d9e6c87794d059412a0808c9cbacb25 06-Jul-2012 Dmitri Gribenko <gribozavr@gmail.com> Implement AST classes for comments, a real parser for Doxygen comments and a
very simple semantic analysis that just builds the AST; minor changes for lexer
to pick up source locations I didn't think about before.

Comments AST is modelled along the ideas of HTML AST: block and inline content.

* Block content is a paragraph or a command that has a paragraph as an argument
or verbatim command.
* Inline content is placed within some block. Inline content includes plain
text, inline commands and HTML as tag soup.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159790 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
fdaa33818cf9bad8d092136e73bd2e489cb821ba 04-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] For now, don't inline non-static member overloaded operators.

Our current inlining support (specifically RegionStore::enterStackFrame)
doesn't know that calls to overloaded operators may be calls to non-static
member functions, and that in these cases the first argument should be
treated as 'this'. This caused incorrect results and sometimes crashes.

The long-term fix will be to rewrite RegionStore::enterStackFrame to use
CallEvent and its subclasses, but for now we can just disable these
problematic calls by classifying them under a new CallEvent,
CXXMemberOperatorCall.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
70cbf3cc09eb21db1108396d30a414ea66d842cc 03-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation.

This is NOT full-blown support for operator new, but removes some nasty
duplicated code introduced in r158784.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
fb3cc8be6941edc44cf2176335fa6090d8ff4425 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] If 'super' is known to be nil, we can still mark its range.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159596 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
fe6a011a113b3ddcb32f42af152d7476054e7f79 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Convert existing checkers to use check::preCall and check::postCall.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159563 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
allAndMessageChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
96479da6ad9d921d875e7be29fe1bfa127be8069 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add generic preCall and postCall checks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159562 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
de507eaf3cb54d3cb234dc14499c10ab3373d15f 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.

The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall
argument, which can represent an explicit message send (ObjCMessageSend) or an
implicit message generated by a property access (ObjCPropertyAccess).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159559 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
allAndMessageChecker.cpp
heckerDocumentation.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
oReturnFunctionChecker.cpp
bjCContainersChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
cde8cdbd6a662c636164465ad309b5f17ff01064 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.

Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper
around the existing ObjCMessage abstraction (over message sends and property
accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses
ObjCMessageSend and ObjCPropertyAccess.

In addition to removing yet another wrapper object, this should make it easy
to add a ObjCSubscriptAccess call event soon.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159558 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
allocChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
85d7e01cf639b257d70f8a129709a2d7594d7b22 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Move the last bits of CallOrObjCMessage over to CallEvent.

This involved refactoring some common pointer-escapes code onto CallEvent,
then having MallocChecker use those callbacks for whether or not to consider
a pointer's /ownership/ as escaping. This still needs to be pinned down, and
probably we want to make the new argumentsMayEscape() function a little more
discerning (content invalidation vs. ownership/metadata invalidation), but
this is a good improvement.

As a bonus, also remove CallOrObjCMessage from the source completely.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159557 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
55037cdc2e29b70df2fd1ca0ba9d4c36da1049e8 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Convert CallAndMessageChecker and ObjCSelfInitChecker to CallEvent.

Both of these got uglier rather than cleaner because we don't have preCall and
postCall yet; properly wrapping a CallExpr in a CallEvent requires doing a bit
of deconstruction on the callee. Even when we have preCall and postCall we may
want to expose the current CallEvent to pre/postStmt<CallExpr>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159556 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
bjCSelfInitChecker.cpp
4531b7d64e1ed03a925ffdcfb4aa065f2721afb8 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Convert RetainCountChecker to use CallEvent as much as possible.

This ended allowing quite a bit of cleanup, and some minor changes.

- CallEvent makes it easy to use hasNonZeroCallbackArg more aggressively, which
we check in order to avoid false positives with callbacks that might release
the object.
- In order to support this for functions which consume their arguments, there
are two new ArgEffects: DecRefAndStopTracking and DecRefMsgAndStopTracking.
These act just like StopTracking, except that if the object only had a
return count of +1 it's now considered released instead (so we still get
use-after-free messages).
- On the plus side, we no longer have to special-case
+[NSObject performSelector:withObject:afterDelay:] and friends.
- The use of IdentifierInfos in the method summary cache is now hidden; only
the ObjCInterfaceDecl gets passed around most of the time.
- Since we cache all "simple" summaries and check every function call, there is
no real benefit to having NULL stand in for default summaries anymore.
- Whitespace, unused methods, etc.

Even more simplification to come when we get check::postCall and can unify all
these other post* checks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159555 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
740d490593e0de8732a697c9f77b90ddd463863b 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a new abstraction over all types of calls: CallEvent

This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckerDocumentation.cpp
allocChecker.cpp
etainCountChecker.cpp
b0754170b249e896298df24fa28fbd9a008a114d 29-Jun-2012 Ted Kremenek <kremenek@apple.com> Revert "Tweak insecureAPI analyzer checks to have the ability to be individually disabled."

Jordan Rose corrected me that this actually isn't needed.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159462 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
4f50875f3bb5174fe669a7a08790d76e67f4a7cd 29-Jun-2012 Ted Kremenek <kremenek@apple.com> Tweak insecureAPI analyzer checks to have the ability to be individually disabled.

The solution is a bit inefficient: it creates N checkers, one for each check, and
each check does a dispatch on the function name. This is redundant, but we can fix
this once we have the proper ability to enable/disable subchecks.

Fixes <rdar://problem/11780180>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159459 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
8d0f528afd9fcb9ebb8ccb4b8a529a05375b628e 29-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a test that we are, in fact, doing a DFS on the ExplodedGraph.

Previously:
...the comment said DFS...
...the WorkList being instantiated said BFS...
...and the implementation was actually DFS...
...due to an unintentional change in 2010...
...and everything kept working anyway.

This fixes our std::deque implementation of BFS, but switches back to a
SmallVector-based implementation of DFS.

We should probably still investigate the ramifications of DFS vs. BFS,
especially for large functions (and especially when we hit our block path
limit), since this might completely change our memory use. It can also mask
some bugs and reveal others depending on when we halt analysis. But at least
we will not have this kind of little mistake creep in again.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159397 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
raversalChecker.cpp
29299c6c98fa05f635c984898d0e9b5fcbb412d4 27-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCountChecker: remove unused SelfOwn ArgEffect kind.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159245 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
ee681111c713f300884550b1503713ade3b32374 25-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Be careful about implicitly-declared operator new/delete. (PR13090)

The implicit global allocation functions do not have valid source locations,
but we still want to treat them as being "system header" functions for the
purposes of how they affect program state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159160 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
7186dc63094d3ba24e57e16a66a226d21448dd4f 23-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Teach malloc checker that initWith[Bytes|Characters}NoCopy
relinquish memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159043 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
3e4f65d863bff9c4bbb2e7061a5d69b8c0366d66 23-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Fixup to r158958.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159037 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
5b7aa34167f23e6137bd257addac4dd67f612ec4 22-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Warn about use-after-free when memory ownership was
transfered with dataWithBytesNoCopy.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158958 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
b0d8671f95fe08a220118bca29063ba4d11a9dac 21-Jun-2012 Chandler Carruth <chandlerc@gmail.com> Remove a goofy CMake hack and use the standard CMake facilities to
express library-level dependencies within Clang.

This is no more verbose really, and plays nicer with the rest of the
CMake facilities. It should also have no change in functionality.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158888 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
52a04812e5767dab68efb33ad044760b5b168941 21-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc leak false positive: Allow xpc context to escape.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158875 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
050cdd7107526df8ff7a8e0a08b3e99c83c263c0 20-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: cleanup, disallow free on relinquished memory.

This commits sets the grounds for more aggressive use after free
checking. We will use the Relinquished sate to denote that someone
else is now responsible for releasing the memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158850 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
5f75768579b9b1d70d01903ab4766aede65defcc 19-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow pointers to escape into NSPointerArray.
(Fixes radar://11691035 PR13140)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158703 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
1bf908df57cc43f3bc7296f4e51f5708bd323c6b 16-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Buffers passed to CGBitmapContextCreate can escape.

Specifically, although the bitmap context does not take ownership of the
buffer (unlike CGBitmapContextCreateWithData), the data buffer can be extracted
out of the created CGContextRef. Thus the buffer is not leaked even if its
original pointer goes out of scope, as long as
- the context escapes, or
- it is retrieved via CGBitmapContextGetData and freed.

Actually implementing that logic is beyond the current scope of MallocChecker,
so for now CGBitmapContextCreate goes on our system function exception list.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158579 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
50571a9fd8871c722e8655c7c2c3b2871a0d14c1 15-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] RetainCount: don't track objects init'd with a delegate

We already didn't track objects that have delegates or callbacks or
objects that are passed through void * "context pointers". It's a
not-uncommon pattern to release the object in its callback, and so
the leak message we give is not very helpful.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158532 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
81c16fc757fe7b68cbd035765e3be92281625663 15-Jun-2012 James Dennett <jdennett@google.com> Documentation cleanup:
* Add \brief to produce a summary in the Doxygen output;
* Add missing parameter names to \param commands;
* Fix mismatched parameter names for \param commands;
* Add a parameter name so that the \param has a target.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158503 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
1895a0a6936001374f66adbdfcf8abe5edf912ea 11-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add ObjCLoopChecker: objects from NSArray et al are non-nil.

While collections containing nil elements can still be iterated over in an
Objective-C for-in loop, the most common Cocoa collections -- NSArray,
NSDictionary, and NSSet -- cannot contain nil elements. This checker adds
that assumption to the analyzer state.

This was the cause of some minor false positives concerning CFRelease calls
on objects in an NSArray.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158319 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
heckers.td
9765ea9f755be50bb571100b44865f488e958d6d 11-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] When looking for a known class, only traverse the hierarchy once.

This has a small hit in the case where only one class is interesting
(NilArgChecker) but is a big improvement when looking for one of several
interesting classes (VariadicMethodTypeChecker), in which the most common
case is that there is no match.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158318 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
2e336ac5ace420470bbb0ff54a94a5484443a44f 08-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocSizeofChecker false positive: when sizeof is argument
to addition.

We should not to warn in case the malloc size argument is an
addition containing 'sizeof' operator - it is common to use the pattern
to pack values of different sizes into a buffer.

Ex:

uint8_t *buffer = (uint8_t*)malloc(dataSize + sizeof(length));

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158219 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
e17fdb2d5dbf0ffefd417587003eebbe5baf5984 07-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Anti-aliasing: different heap allocations do not alias

Add a concept of symbolic memory region belonging to heap memory space.
When comparing symbolic regions allocated on the heap, assume that they
do not alias.

Use symbolic heap region to suppress a common false positive pattern in
the malloc checker, in code that relies on malloc not returning the
memory aliased to other malloc allocations, stack.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
581deb3da481053c4993c7600f97acf7768caac5 06-Jun-2012 David Blaikie <dblaikie@gmail.com> Revert Decl's iterators back to pointer value_type rather than reference value_type

In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I would've omitted them entirely but
std::distance likes them to be there even if it doesn't use them.

This rolls back r155808 and r155869.

Review by Doug Gregor incorporating feedback from Chandler Carruth.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158104 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
heckObjCDealloc.cpp
LVMConventionsChecker.cpp
bjCUnusedIVarsChecker.cpp
facde171ae4b8926622a1bffa833732a06f1875b 06-Jun-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove unused private member variables found by clang's new -Wunused-private-field.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158086 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
etainCountChecker.cpp
irtualCallChecker.cpp
ce56fd3d6ddf3f1b7ae1a3ca3dd4a8768222594c 06-Jun-2012 Ted Kremenek <kremenek@apple.com> Disable path pruning for UndefResultChecker. It turns out we usually want to see more of the path
to discover how a value was used uninitialized.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158048 91177308-0d34-0410-b5e6-96231b3b80d8
ndefResultChecker.cpp
48d798ce32447607144db70a484cdb99c1180663 02-Jun-2012 Benjamin Kramer <benny.kra@googlemail.com> Fix typos found by http://github.com/lyda/misspell-check

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157886 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
allocChecker.cpp
dd82519ac6c322a6183954848b5b55deb6c364f7 02-Jun-2012 Ted Kremenek <kremenek@apple.com> Disable diagnosic path pruning for ReturnUndefChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157851 91177308-0d34-0410-b5e6-96231b3b80d8
eturnUndefChecker.cpp
605954e8dfaf055da4446935493f9b0bf81814bc 31-May-2012 Tom Care <tom.care@uqconnect.edu.au> [analyzer] Fix BugType memory leak in IdempotentOperationChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157772 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
ed7948b55fa4b2505f240cc5287137f451172b4c 31-May-2012 Ted Kremenek <kremenek@apple.com> Allow some BugReports to opt-out of PathDiagnostic callstack pruning until we have significantly
improved the pruning heuristics. The current heuristics are pretty good, but they make diagnostics
for uninitialized variables warnings particularly useless in some cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157734 91177308-0d34-0410-b5e6-96231b3b80d8
ereferenceChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefinedAssignmentChecker.cpp
28b230723d5daf3c48c2e134f4b5626bd69392c8 27-May-2012 Benjamin Kramer <benny.kra@googlemail.com> Replace some custom hash combines with the standard stuff from DenseMapInfo.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157531 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
be72df01a84fc4f978f5cb03ac92d4bd1e5ced30 24-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Minor cleanup to checkers' help text.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157402 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
a38cb2ccb1c501f3cf421396262da80008d62e87 19-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: remove unnecessary comparisons.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157081 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
1434518f17272968765602a54391c794c975350a 18-May-2012 Anna Zaks <ganna@apple.com> [analyzer]Malloc: refactor and report use after free by memory
allocating functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157037 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
93a9d828378b5c969344f27aeb275b8c2a19d918 16-May-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Introduce clang_analyzer_eval for regression test constraint checks.

The new debug.ExprInspection checker looks for calls to clang_analyzer_eval,
and emits a warning of TRUE, FALSE, or UNKNOWN (or UNDEFINED) based on the
constrained value of its (boolean) argument. It does not modify the analysis
state though the conditions tested can result in branches (e.g. through the
use of short-circuit operators).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156919 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
xprInspectionChecker.cpp
5ec351c9507f12d5bede569c51d5257fad167134 16-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a regression in ObjCUnusedIVars checker.

We can no longer rely on children iterator to visit all the AST
tree children of an expression (OpaqueValueExpr has no children).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156870 91177308-0d34-0410-b5e6-96231b3b80d8
bjCUnusedIVarsChecker.cpp
6e4244ee86a2d71af4eac791808f2dc50c7484e6 14-May-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] strncpy: Special-case a length of 0 to avoid an incorrect warning.

We check the address of the last element accessed, but with 0 calculating that
address results in element -1. This patch bails out early (and avoids a bunch
of other work at that).

Fixes PR12807.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156769 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
70fdbc366da85880aae5baebd3351e993ca05603 12-May-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] RetainCountChecker: track ObjC boxed expression objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156699 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
88feba05142651618aba0a0e57b0b98e026de336 10-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Do not highlight the range of the statement in case of leak.

We report a leak at a point a leaked variable is no longer accessible.
The statement that happens to be at that point is not relevant to the
leak diagnostic and, thus, should not be highlighted.

radar://11178519

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156530 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
6a2a1865f8bfaedff312b043f1e875a43e95b259 08-May-2012 Anna Zaks <ganna@apple.com> [analyzer] SelfInit: Stop tracking self if it's assigned a value we
don't reason about.

Self is just like a local variable in init methods, so it can be
assigned anything like result of static functions, other methods ... So
to suppress false positives that result in such cases, stop tracking the
checker-specific state after self is being assigned to (unless the
value is't being assigned to is either self or conforms to our rules).

This change does not invalidate any existing regression tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156420 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
c91fdf662d4f453ce9bb975b25cec348d0ced9c6 08-May-2012 Ted Kremenek <kremenek@apple.com> Teach the static analyzer that NSLog() and friends do not hold on to object references (thus extending their lifetime).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156346 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
ca11510d399ae0493bcb3daf24e3c1df399d75f2 08-May-2012 Anna Zaks <ganna@apple.com> [analyzer]Turn on MallocSizeOfChecker by default; shorten the diagnostic

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156341 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
allocSizeofChecker.cpp
41a669a30074dcc221ba199e5dde484cc33adba1 07-May-2012 Anna Zaks <ganna@apple.com> [analyzer]Fixup r156215: use StopTracking summary instead of ScratchArgs

As per Jordy's and Ted's comment, use the default StopTracking summary
instead of adding all arguments to ScratchArs.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156310 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
58822c403cc8855adeecba92248612ee08dc1f3a 05-May-2012 Anna Zaks <ganna@apple.com> [analyzer] RetainCountChecker: Allow objects to escape through callbacks

Fixes radar://10973977.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156215 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
aca0ac58d2ae80d764e3832456667d7322445e0c 04-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow pointers escape through calls containing callback args.

(Since we don't have a generic pointer escape callback, modify
ExprEngineCallAndReturn as well as the malloc checker.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
dd160f3ed50def10765ed823bf4ce2a56b2cd035 03-May-2012 Anna Zaks <ganna@apple.com> [analyzer] CString Checker: Do not split the path unless the user
specifically checks for equality to null.

Enforcing this general practice, which keeps the analyzer less
noisy, in the CString Checker. This change suppresses "Assigned value is
garbage or undefined" warning in the added test case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156085 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
e7958da55ec0ec66e56b6beed6c6ce24dbdc4075 02-May-2012 Anna Zaks <ganna@apple.com> [analyzer] RetainRelease: Self assignment should not suppress a leak
warning.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155966 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
93c5a24b517e65eb61481ed866b503f1e37cff20 02-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155963 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
537dd3a8c87765245aad792a3356852a87380a30 01-May-2012 Ted Kremenek <kremenek@apple.com> Teach RetainCountchecker about IORegistryEntrySearchCFProperty returning retained objects. I know there is an SDK enhancement request for this to have the cf_returns_retained annotation, so this is just a stop gap.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155887 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
88db6a2daa8bb55fe924773805f42616c8a4f314 01-May-2012 Ted Kremenek <kremenek@apple.com> malloc size checker: Ignore const'ness of pointer types when determining of a sizeof() type is compatible with a pointed type.

Fixes <rdar://problem/11292586>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155864 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
262bc18e32500558af7cb0afa205b34bd37bafed 30-Apr-2012 David Blaikie <dblaikie@gmail.com> Remove the ref/value inconsistency in filter_decl_iterator.

filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior into a reusable
library of any kind.

This change errs on the side of value, making op-> return T* and op* return
T&.

(reviewed by Richard Smith)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155808 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
heckObjCDealloc.cpp
LVMConventionsChecker.cpp
bjCUnusedIVarsChecker.cpp
befc6d2eae269efa2da9c81d0be8dba144a74d47 26-Apr-2012 Ted Kremenek <kremenek@apple.com> Teach RetainCountChecker that it doesn't quite understand pthread_setspecific and it should just give up when it sees it. Fixes <rdar://problem/11282706>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155613 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
28c9e5720dea5f7b9a4d154ee49886c69de8ae29 24-Apr-2012 Shih-wei Liao <sliao@google.com> Migrate external/clang to CLANG-155088-20120419.

Change-Id: I7e31d8b22ef405f54838a8582c78291fa45ca344
ndroid.mk
fa784da5b9039ead42323bfe9ae6d33ab3c5c6b3 24-Apr-2012 Shih-wei Liao <sliao@google.com> Merge with CLANG upstream r155088.

Conflicts:
lib/Basic/Targets.cpp

Change-Id: Id80f069ae25e623967b705e9fa11cfd94dd2461c
9a70cddef6850f302615b4f5d27f16ec45926ca6 16-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a false alarm in SelfInitChecker (radar://11235991).
Along with it, fix a couple of other corner cases and add more tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154866 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
259052d8c819d101f6f627f960f56e582ecbcebc 11-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] Don't crash even when the system functions are redefined.
(Applied changes to CStringAPI, Malloc, and Taint.)

This might almost never happen, but we should not crash even if it does.
This fixes a crash on the internal analyzer buildbot, where postgresql's
configure was redefining memmove (radar://11219852).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154451 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
enericTaintChecker.cpp
allocChecker.cpp
bd613137499b1d4c3b63dccd0aa21f6add243f4f 07-Apr-2012 Ted Kremenek <kremenek@apple.com> Rework ExprEngine::evalLoad and clients (e.g. VisitBinaryOperator) so that when we generate a new ExplodedNode
we use the same Expr* as the one being currently visited. This is preparation for transitioning to having
ProgramPoints refer to CFGStmts.

This required a bit of trickery. We wish to keep the old Expr* bindings in the Environment intact,
as plenty of logic relies on it and there is no reason to change it, but we sometimes want the Stmt* for
the ProgramPoint to be different than the Expr* being used for bindings. This requires adding an extra
argument for some functions (e.g., evalLocation). This looks a bit strange for some clients, but
it will look a lot cleaner when were start using CFGStmt* in the appropriate places.

As some fallout, the diagnostics arrows are a bit difference, since some of the node locations have changed.
I have audited these, and they look reasonable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154214 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
f439e00c7055d2d51b88141f63ebfc893af10951 06-Apr-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Check that the arguments to NSOrderedSet creation methods are valid ObjC objects.

Patch by Sean McBride!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154194 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
6fd4505ad67a186da8cc26fdb493c93fe4937555 05-Apr-2012 Ted Kremenek <kremenek@apple.com> Require that all static analyzer issues have a category. As part of this change,
consolidate some commonly used category strings into global references (more of this can be done, I just did a few).

Fixes <rdar://problem/11191537>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154121 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
langSACheckers.h
ommonBugCategories.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
bjCContainersASTChecker.cpp
bjCContainersChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
nixAPIChecker.cpp
04a18c9f42e91db1b2d2c7483723c1cd321c3d39 05-Apr-2012 Ted Kremenek <kremenek@apple.com> Teach ObjCContainersChecker that the array passed to CFArrayGetValueAtIndex might not be a symbolic value.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154083 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersChecker.cpp
bb811cab1bfa91074f1992b154fcb0c288e6eda3 04-Apr-2012 Ted Kremenek <kremenek@apple.com> Look through chains of 'x = y = z' when employing silencing heuristics in the DeadStoresChecker.

Fixes <rdar://problem/11185138>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154040 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
07189521a15d9c088216b943649cb9fe231cbb57 04-Apr-2012 Ted Kremenek <kremenek@apple.com> Include the "issue context" (e.g. function or method) where a static analyzer issue occurred in the plist output.

Fixes <rdar://problem/11004527>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154030 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
StringSyntaxChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
eadStoresChecker.cpp
LVMConventionsChecker.cpp
allocOverflowSecurityChecker.cpp
allocSizeofChecker.cpp
SErrorChecker.cpp
bjCContainersASTChecker.cpp
bjCUnusedIVarsChecker.cpp
nreachableCodeChecker.cpp
irtualCallChecker.cpp
4a5f724538cbc275370c9504e8169ce92503256c 01-Apr-2012 Benjamin Kramer <benny.kra@googlemail.com> Analyzer: Store BugReports directly in a ilist instead of adding another layer of inderection with std::list

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153847 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
62a5c34ddc54696725683f6c5af1c8e1592c5c38 30-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.

Fixes a false positive (radar://11152419). The current solution of
adding the info into 3 places is quite ugly. Pending a generic pointer
escapes callback.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
etainCountChecker.cpp
64ee9d03c9fa0e9f4b944300167f871d9a65a991 28-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Refactor: Use Decl when determining if the Block belongs to
the root function.

(This is a bit cleaner then using the StackFrame.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153580 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
65552ca127ac5d9b767c5f0b09d86e17cb3e9e5e 27-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Stats checker: minor interprocedural tweaks.

Report root function name with exhausted block diagnostic.

Also, use stack frames, not just any location context when checking if
the basic block is in the same context.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153532 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
de5b4fbe31e50641806234b3334eb9aa829673f8 27-Mar-2012 Ted Kremenek <kremenek@apple.com> Change RetainCountChecker to eagerly "escape" retained objects when they are
assigned to a struct. This is fallout from inlining results, which expose
far more patterns where people stuff CF objects into structs and pass them
around (and we can reason about it). The problem is that we don't have
a general way to detect when values have escaped, so as an intermediate step
we need to eagerly prune out such tracking.

Fixes <rdar://problem/11104566>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153489 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
4cd7edfa851ff5d9b37d09539a77685a12e82994 26-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Allow a pointer to escape through OSAtomicEnqueue.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153453 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
560ad31c413724fafd13d6fd723e403f28daa132 22-Mar-2012 Shih-wei Liao <sliao@google.com> Migrate external/clang to CLANG-153220-20120321.

Change-Id: I3b469a42a5048f05f06d14aba34419119047e1a9
ndroid.mk
d316862f4fb281ec08a2e45cd3e5580574adb889 24-Mar-2012 Shih-wei Liao <sliao@google.com> Merge branch 'upstream' into sliao_d
b000fb5999265d12d54a1ef9f31848c9e334dcaa 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Tighten up the realloc() failure path note generation...make sure we get the right realloc()!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153370 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
3bc75ca0a636efdc93471c9b6bad43085a22bf3a 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Restart path diagnostic generation if any of the visitors change the report configuration while walking the path.

This required adding a change count token to BugReport, but also allowed us to ditch ImmutableList as the BugReporterVisitor data type.

Also, remove the hack from MallocChecker, now that visitors appear in the opposite order. This is not exactly a fix, but the common case -- custom diagnostics after generic ones -- is now the default behavior.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153369 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
011534973e83db51f49098871186238fc64d5f54 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able to reset diagnostic generation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153368 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
514f2c9dcb9e04b52929c5b141a6fe88bd68b33f 23-Mar-2012 Ted Kremenek <kremenek@apple.com> Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
e8018f24f0f0e1cb1490c37b158da5d5c456e577 23-Mar-2012 Anton Yartsev <anton.yartsev@gmail.com> corrected check::EndOfTranslationUnit checker name and added 'const' to declaration

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153302 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
749bbe6f5f23676244f12a0d41511c8e73516feb 22-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Add stats useful for coverage investigations.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153280 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
64394e2cc57d597eafe980bd94b060e2967a1cbd 22-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Add inlining awareness to the block coverage computation
(Stats Checker).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153279 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
06911d4e88b1a6ca7ec3b2d8e234e679a4c09ff9 22-Mar-2012 Ted Kremenek <kremenek@apple.com> "Teach" RetainCountChecker about dispatch_set_context, which can indirectly free its argument later. Fixes <rdar://problem/11059275>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153244 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
f5aa3f5e58356d0bea823fe75dd7bf6aea6f47f4 22-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: drop symbols captured by blocks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153232 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
850f1b1af015719ec10351bb93530101c265dd29 21-Mar-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove unused variable, fix indentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153220 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19 21-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Utter the name of the leaked variable.
Specifically, we use the last store of the leaked symbol in the leak diagnostic.
(No support for struct fields since the malloc checker doesn't track those
yet.)

+ Infrastructure to track the regions used in store evaluations.
This approach is more precise than iterating the store to
obtain the region bound to the symbol, which is used in RetainCount
checker. The region corresponds to what is uttered in the code in the
last store and we do not rely on the store implementation to support
this functionality.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
27b867ea1c9cb4b40f9b817c303d6df3ee753da9 21-Mar-2012 Anna Zaks <ganna@apple.com> [analyser] Factor out FindUniqueBinding from RetainCount checker.

So that others could use it as well. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153211 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
393f98b5b7f7c950d2b0a7d84501b5dfd00ad780 18-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Mark a failed-realloc's result as an interesting symbol between the realloc call and the null check, so we get nicer path notes. Fixes a regression introduced by the diagnostic pruning added in r152361.

This is accomplished by calling markInteresting /during/ path diagnostic generation, and as such relies on deterministic ordering of BugReporterVisitors -- namely, that BugReporterVisitors are run in /reverse/ order from how they are added. (Right now that's a consequence of storing visitors in an ImmutableList, where new items are added to the front.) It's a little hacky, but it works for now.

I think this is the best we can do without storing the relation between the old and new symbols, and that would be a hit whether or not there ends up being an error.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153010 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
ef94588752babc1b7c46b955e57945fc4c183db2 18-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Use a FoldingSet to cache simple RetainSummary instances, rather than explicitly keeping DoNothing and StopTracking summaries and nothing else.

I tried to test the effects of this change on memory usage and run time, but what I saw on retain-release.m was indistinguishable from noise (debug and release builds). Even so, some caveman profiling showed 101 cache hits that we would have generated new summaries for before (i.e. not default or stop summaries), and the more code we analyze, the more memory we should save.

Maybe we should have a standard project for benchmarking the retain count checker's memory and time?


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153007 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
f3aae58296fd5f930f7c4c0709886924e6822ae7 17-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Unify retain-count summary generation for class and instance methods. No functionality change.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153001 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
e921b1a8b6b6f47abbc9b3de47cc74a34db2852b 17-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Remove duplicate work on deriving method behavior. No functionality change.

The cocoa::deriveNamingConventions helper is just using method families anyway now, and the way RetainSummaryTemplate works means we're allocating an extra summary for every method with a relevant family.

Also, fix RetainSummaryTemplate to do the right thing w/r/t annotating an /existing/ summary. This was probably the real cause of <rdar://problem/10824732> and the fix in r152448.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152998 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
74b7b2b42dd710ccea78d86a47c979d4b2af7093 17-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Don't claim an object was returned with +1 retain count before counting autoreleases. Fixes PR10376.

(Also, 80-column violations.)


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152976 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
fbd58743fa6c793b84ed60a0e2325335a53da6c4 17-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Shorten the stack hint diagnostic.

Do not display the standard "Returning from 'foo'", when a stack hint is
available.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
56a938ff85a444eb3d30d2634d92ce5b1f6fae56 17-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Create symbol-aware stack hints (building upon r152837).

The symbol-aware stack hint combines the checker-provided message
with the information about how the symbol was passed to the callee: as
a parameter or a return value.

For malloc, the generated messages look like this :
"Returning from 'foo'; released memory via 1st parameter"
"Returning from 'foo'; allocated memory via 1st parameter"
"Returning from 'foo'; allocated memory returned"
"Returning from 'foo'; reallocation of 1st parameter failed"


(We are yet to handle cases when the symbol is a field in a struct or
an array element.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
368a0d565f078666ca5bfb7fe08d04648688e4bc 15-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow checkers to supply call stack diagnostic hints for the
BugVisitor DiagnosticPieces.

When checkers create a DiagnosticPieceEvent, they can supply an extra
string, which will be concatenated with the call exit message for every
call on the stack between the diagnostic event and the final bug report.
(This is a simple version, which could be/will be further enhanced.)

For example, this is used in Malloc checker to produce the ",
which allocated memory" in the following example:

static char *malloc_wrapper() { // 2. Entered call from 'use'
return malloc(12); // 3. Memory is allocated
}

void use() {
char *v;
v = malloc_wrapper(); // 1. Calling 'malloc_wrappers'
// 4. Returning from 'malloc_wrapper', which allocated memory
} // 5. Memory is never released; potential
memory leak

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
4e4d08403ca5cfd4d558fa2936215d3a4e5a528d 11-Mar-2012 David Blaikie <dblaikie@gmail.com> Unify naming of LangOptions variable/get function across the Clang stack (Lex to AST).

The member variable is always "LangOpts" and the member function is always "getLangOpts".

Reviewed by Chris Lattner

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152536 91177308-0d34-0410-b5e6-96231b3b80d8
heckObjCDealloc.cpp
ebugCheckers.cpp
SAutoreleasePoolChecker.cpp
bjCAtSyncChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
3e67814381a56e70e68481e91e26f05a43a05ba0 11-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Replace a static helper with existing logic. No functionality change.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152521 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
f4b88a45902af1802a1cb42ba48b1c474474f228 10-Mar-2012 John McCall <rjmccall@apple.com> Remove BlockDeclRefExpr and introduce a bit on DeclRefExpr to
track whether the referenced declaration comes from an enclosing
local context. I'm amenable to suggestions about the exact meaning
of this bit.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152491 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
ndefCapturedBlockVarChecker.cpp
7acf23f03e4598d9a68d4a5e5441947300f0d32c 10-Mar-2012 Ted Kremenek <kremenek@apple.com> Teach RetainCountChecker about mixing method families with explicit annotations. Fixes <rdar://problem/10824732>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152448 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
76aadc346c3a4c363238a1e1232f324c3355d9e0 09-Mar-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.

The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.

This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
bjCAtSyncChecker.cpp
etainCountChecker.cpp
eturnUndefChecker.cpp
ndefBranchChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
196b8cfe9cfcc452eb2f83aa4ad330c2324f8c7d 08-Mar-2012 Anna Zaks <ganna@apple.com> Add a basic CallGraph to Analysis.

The final graph contains a single root node, which is a parent of all externally available functions(and 'main'). As well as a list of Parentless/Unreachable functions, which are either truly unreachable or are unreachable due to our analyses imprecision.

The analyzer checkers debug.DumpCallGraph or debug.ViewGraph can be used to look at the produced graph.

Currently, the graph is not very precise, for example, it entirely skips edges resulted from ObjC method calls.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152272 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
1a45a5ff5d495cb6cd9a3d4d06317af79c0f634d 06-Mar-2012 Ted Kremenek <kremenek@apple.com> Add static analyzer support for new NSArray/NSDictionary/NSNumber literals.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152139 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
218fce0f113f82fc28f2fb0c4b555ae2901b8a93 06-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Remove now-unused constant. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152080 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
257c60f23be7dcb012eeee832f5fda22c125c9bd 06-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix unnecessary dyn_cast_or_null. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152078 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
e4d653b5a4cba281502177f6ef03d43e3ebb2b6a 06-Mar-2012 Ted Kremenek <kremenek@apple.com> Teak CallAndMessageChecker to only warn about uninitialized struct fields in call arguments
when the called function is never inlined.

Fixes <rdar://problem/10977037>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152073 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
361035524dc26094825134f30c07311f38f4f8b1 06-Mar-2012 Stephen Hines <srhines@google.com> Merge with upstream Clang @152062.

Added include/clang/Config/config.h
(note the ANDROID_CONFIG_H header guard because CONFIG_H is already taken)

Added support for AttrTemplateInstantiate TableGen rules.

Added libLLVMVectorize dependency.

Build
-HostInfo.cpp
-CallGraph.cpp
+GlobalCallGraph.cpp
-MultiInitializer.cpp
+PPCallbacks.cpp
+SemaConsumer.cpp
+ChainedDiagnosticConsumer.cpp
+DependencyGraph.cpp
+DiagnosticRenderer.cpp
+LayoutOverrideSource.cpp
+WindowsToolChain.cpp
+SemaLambda.cpp
+BoolAssignmentChecker.cpp
+LambdaMangleContext.cpp
+CStringSyntaxChecker.cpp
+ObjCContainersASTChecker.cpp
+ObjCContainersChecker.cpp
+VirtualCallChecker.cpp
+Dominators.cpp
+SubEngine.cpp
+RewriteModernObjC.cpp

Change-Id: Ifda805ce87ae132f055131f4f83692b5c3d63d17
ndroid.mk
91932089c31e1233f0c478b03412e90a65e07ad2 05-Mar-2012 Stephen Hines <srhines@google.com> Merge branch 'upstream' into merge-20120305

Conflicts:
lib/Basic/Targets.cpp

Change-Id: Ib76c138030a701355ce39a6eda1a89a79f401667
f420fe35dc3a7b7b53809b615fb28379e5694c22 05-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] False positive in SelfInit - teach the checker about method
calls with self as a parameter.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152039 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
fb7f76f285faa4c21d299f2bce8f55de3f71e548 05-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc should assume that ownership is transfered when
calling an ObjC method ending with 'NoCopy'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152037 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
7e8678314cf19f28cfddb2d9d0567d993073ec7e 03-Mar-2012 Ted Kremenek <kremenek@apple.com> [analyzer] do not warn about returning stack-allocated memory when it comes from an ancestor stack frame.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151964 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
b3d7275c1a4a9f676af850cd661b56c4ad7ef5c9 01-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a regression introduced in malloc with
attributes, introduced in r151188.

+ the test to catch it.

Thanks to Ahmed Charles for pointing this out.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151840 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
b2c60b04a597cc5ba4154837cf8e0a155a376fd7 01-Mar-2012 Argyrios Kyrtzidis <akyrtzi@gmail.com> Move llvm/ADT/SaveAndRestore.h -> llvm/Support/SaveAndRestore.h.

Needs llvm update.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151829 91177308-0d34-0410-b5e6-96231b3b80d8
irtualCallChecker.cpp
ca23eb212c78ac5bc62d0881635579dbe7095639 29-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: A pointer might escape through CFContainers APIs,
funopen, setvbuf.

Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
28cd22d7c2d2458575ce9cc19dfe63c6321010ce 29-Feb-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Tweak the UnreachableCode checker to not warning about unreachable default blocks. Patch by Cyril Roelandt!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151709 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
e7e0168f625368032a5d2b4471d3406cd9d9f8ae 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Leaks should be uniqued by the allocation point in the
closest function context (RetainCountChecker).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151661 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
212000e24cf11da0badea90c23d4f300da34e607 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Retain release: drop the line number info from the leak
message.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151657 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
721aa37621e047755a45b742160e21f4e879f462 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Leaks should be uniqued by the allocation point in the
closest function context (Keychain API).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151613 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
07d39a479cf8f20294407e749f9933da34ebecb7 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix Malloc False Positive (PR 12100)

When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151608 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
7752d292c97fd4b78a954c9a027b2a862be50f8b 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Leaks should be uniqued by the allocation point in the
closest function context.

This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151592 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
d45d361f2ce5c37824052357e2218e8a5509eba5 27-Feb-2012 Argyrios Kyrtzidis <akyrtzi@gmail.com> Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h"
to make it more widely available.

Depends on llvm commit r151564

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151566 91177308-0d34-0410-b5e6-96231b3b80d8
irtualCallChecker.cpp
e571578002fc3d4ebb654d2f31d2446d7cc1831d 25-Feb-2012 Ted Kremenek <kremenek@apple.com> RetainCountChecker: don't adjust the retain count when analyzing a ReturnStmt unless we are in the top-level call frame. We can do more later, but this makes the checker self-consistent (and fixes a crash).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151426 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
3cd89ad193834e766ce5dc24e260aa8615d0d5e1 25-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: reason about the ObjC messages and C++.

Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').

For now, always assume that regions escape when passed to C++ methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151410 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
d708bacd66794e66681e635b9d42e126d8ae8552 23-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] KeyChainAPI: unique the leaks by allocation site.
(Very similar to the previous change in malloc.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151297 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
ca8e36eb637e232475ef31c3f22d5da907390917 23-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: unique leak reports by allocation site.

When we find two leak reports with the same allocation site, report only
one of them.

Provide a helper method to BugReporter to facilitate this.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151287 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
0d389b819c33bdf0375694a8f141c8f02e002b18 23-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Invalidate the region passed to pthread_setspecific() call.

Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.

(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)

Teach the Malloc Checker, which treats all system calls as safe about
the API.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
87cb5bed5060805a86509c297fae133816c1cd87 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc cleanup:
- We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.

- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151188 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
60a1fa497b978114b969f4f0176a7cbad3b5d9c6 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: mark 'strdup' and 'strndup' as allocators.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151124 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: fix another false positive.
, when we return a symbol reachable to the malloced one via pointer
arithmetic.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151121 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
5fdadf4b643dd2f7a467244946dc1587b2f9ed1f 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Change naming in bug reports "tainted" -> "untrusted"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151120 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
9c1e1bd0405b990b6e7909647def7b23d5c28f17 21-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make KeyChainAPI checker inlining-aware.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151007 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
a19581ae489335abf5cf96b253b31ecefe96b8e4 20-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make Malloc aware of inter-procedural execution + basic
tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150993 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
bb2a6864f111e13f7905725963649c60c60bf18b 20-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Turn on by default the Malloc Checker and a couple of CString
checks:

- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150988 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
a979712238d6285e79e8f1d6e8b813a1f640e88c 18-Feb-2012 Ted Kremenek <kremenek@apple.com> Teach analyzer about NSAutoreleasePool -allocWithZone:. Fixes <rdar://problem/10640253>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150892 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
b673a41c92aa276f2e37164d0747be1cfb0c402b 18-Feb-2012 Ted Kremenek <kremenek@apple.com> Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150888 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
bjCSelfInitChecker.cpp
3133f79cf451e6302dd05262b4bb53a3e4fd6300 18-Feb-2012 Ted Kremenek <kremenek@apple.com> Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
f0dfc9c0f29fd82552896558c04043731d30b851 17-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix another false positive in the Malloc Checker, by making
it aware of CString APIs that return the input parameter.

Malloc Checker needs to know how the 'strcpy' function is
evaluated. Introduce the dependency on CStringChecker for that.
CStringChecker knows all about these APIs.

Addresses radar://10864450

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150846 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
nterCheckerAPI.h
allocChecker.cpp
998e2754281b19bb1db19299ae16c2fd5947bcc0 17-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Generalize function name checking in CString checker.
(Ex: It was not treating __inline_strcpy as strcpy. Will add tests that
rely on this later on.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150845 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
febdc324faaf1678a4f41497fd691efe54e145c9 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Clean up bug naming:
- Rename the category "Logic Error" -> "Memory Error".
- Shorten all the messages.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150733 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
fe571608b925079227d053a459eca86f7408e5c6 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Make the diagnostic visitor handle the case
of failing realloc. + Minor cleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150732 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
ac593008c2035fa241c80352a0c97c5d853facbf 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Give up when a pointer escapes into a struct.

We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be conservative here
and give up when a pointer escapes into a struct.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150658 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
1d6cc6a44182ef03a373ecd61505042eca3af906 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: make a bit safer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150556 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
40add2983dedcf489d7ad8c7bccc58b6ae368ee4 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: add support for reallocf, which always frees
the passed in pointer on failure.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150533 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: add support for valloc + minor code
hardening.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150532 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
66c40400e7d6272b0cd675ada18dd62c1f0362c7 14-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)

This moves the logic which checked if a symbol escapes through a
parameter to invalidateRegionCallback (instead of post CallExpr visit.)

To accommodate the change, added a CallOrObjCMessage parameter to
checkRegionChanges callback.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckerDocumentation.cpp
allocChecker.cpp
etainCountChecker.cpp
b276bd9cc98247331cac8b290ba278b939e53657 14-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.

If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed, which would lead us to
missing a memory leak warning.

Also added new test cases, which we can handle now.
Plus minor cleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150446 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
30838b994527d12e269abb14d395b1878e78c16d 13-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: realloc: correct the way we are handing the
case when size is 0.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150412 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
c8bb3befcad8cd8fc9556bc265289b07dc3c94c8 13-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: rework realloc handling:

1) Support the case when realloc fails to reduce False Positives. (We
essentially need to restore the state of the pointer being reallocated.)

2) Realloc behaves differently under special conditions (from pointer is
null, size is 0). When detecting these cases, we should consider
under-constrained states (size might or might not be 0). The
old version handled this in a very hacky way. The code did not
differentiate between definite and possible (no consideration for
under-constrained states). Further, after processing each special case,
the realloc processing function did not return but chained to the next
special case processing. So you could end up in an execution in which
you first see the states in which size is 0 and realloc ~ free(),
followed by the states corresponding to size is not 0 followed by the
evaluation of the regular realloc behavior.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150402 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
15d0ae170c2037815b6383c532253585fcd3d04e 12-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: reduce false negatives rate by assuming that
a pointer cannot escape through calls to system functions. Also, stop
after reporting the first use-after-free.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150315 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
0860cd0646ed40f87085df39563f2c5f7f77750b 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Report a leak when we are returning freed
memory.
(As per one test case, the existing checker thought that this could
cause a lot of false positives - not sure if that's valid, to be
verified.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150313 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
da04677092c7b08fe7438f82a8636dcc8c6e9683 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: Leak bugs should be suppressed by sinks.
Resolves a common false positive, where we were reporting a leak inside
asserts

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150312 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
4fb548710837dc4e709e1a84f241c4bea121e895 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: refactor/improve the symbol escape logic.

We use the same logic here as the RetainRelease checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150311 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
b141b285d17934a08d1cb0f5f0a5a4d65b2caab2 11-Feb-2012 Ryan Govostes <rzg@apple.com> [analyzer] New checker for assignment of non-0/1 values to Boolean variables.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150306 91177308-0d34-0410-b5e6-96231b3b80d8
oolAssignmentChecker.cpp
MakeLists.txt
heckers.td
e9ef5622a7600604b101f1843e7a3736eeb45d83 10-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker Cleanup - harden against crashes, fix an error
(use of return instead of continue), wording.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150215 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
7fb4900f83832432dd4cdb84eb6e2ed132e6daf1 09-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove unused fun.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150172 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
f8c17b79ab55d633567a151da5eb596b6001fa30 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: address a diagnostic "fixme".

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150158 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6f 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Add custom path diagnostic to the Malloc Checker.

Very simple so far - we just highlight every allocation and release
site.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150156 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
cdfec5e5ea0d1cfebe27888ef072346704424ed8 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker cleanup, more tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150155 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
91c2a1192cdd4e7b2b4ac7838c5aceef200ea251 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: implement pessimistic version of the checker,
which allows values to escape through unknown calls.

Assumes all calls but the malloc family are unknown.

Also, catch a use-after-free when a pointer is passed to a
function after a call to free (previously, you had to explicitly
dereference the pointer value).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150112 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
231361ad343d655e4bbb1574ccbb4173b72dadfd 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Split the MallocChecker into two versions - pessimistic and
optimistic.

TODO: actually implement the pessimistic version of the checker. Ex: it
needs to assume that any function that takes a pointer might free it.

The optimistic version relies on annotations to tell us which functions
can free the pointer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150111 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
allocChecker.cpp
b319e029a6a05a76023c1bb1ce77a6d567457838 08-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: convert from using evalCall to
post visit of CallExpr.

In general, we should avoid using evalCall as it leads to interference
with other checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150086 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
d7a3e2c5f61cd4893f95b69a424fe4def3aa0f69 07-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Revert my patches which removed Diagnostic.h includes by moving some operator overloads out of line.

This seems to negatively affect compile time onsome ObjC tests
(which use a lot of partial diagnostics I assume). I have to come
up with a way to keep them inline without including Diagnostic.h
everywhere. Now adding a new diagnostic requires a full rebuild
of e.g. the static analyzer which doesn't even use those diagnostics.

This reverts commit 6496bd10dc3a6d5e3266348f08b6e35f8184bc99.
This reverts commit 7af19b817ba964ac560b50c1ed6183235f699789.
This reverts commit fdd15602a42bbe26185978ef1e17019f6d969aa7.
This reverts commit 00bd44d5677783527d7517c1ffe45e4d75a0f56f.
This reverts commit ef9b60ffed980864a8db26ad30344be429e58ff5.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150006 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
ivZeroChecker.cpp
bjCAtSyncChecker.cpp
threadLockChecker.cpp
treamChecker.cpp
a59d20b135bfde058a5a69045bab5ec4e2553f74 07-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Print NamedDecls directly to a raw_ostream where possible.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149982 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
irtualCallChecker.cpp
f978059b82db8c0d849c5f992036210b5ca53200 07-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Switch the ObjC*Decl raw_stream overloads to take a reference, for consistency with NamedDecls.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149981 91177308-0d34-0410-b5e6-96231b3b80d8
heckObjCDealloc.cpp
57300760964904cc022a175643342f29f46b7e6b 07-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow each CString check to be enabled/disabled
separately.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149947 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckers.td
0cf3d471546251b12bdceff360f66c079c40526c 07-Feb-2012 Ted Kremenek <kremenek@apple.com> Add basic BugReporter support for CallEnter/CallExit. WIP.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149939 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
f7ccbad5d9949e7ddd1cbef43d482553b811e026 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import SmallString<> into clang namespace

(I was going to fix the TODO about DenseMap too, but
that would break self-host right now. See PR11922.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149799 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
StringSyntaxChecker.cpp
allAndMessageChecker.cpp
heckSecuritySyntaxOnly.cpp
eadStoresChecker.cpp
ereferenceChecker.cpp
dempotentOperationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
allocSizeofChecker.cpp
bjCContainersASTChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
6f42b62b6194f53bcbc349f5d17388e1936535d7 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import OwningPtr<> into clang namespace

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
hrootChecker.cpp
eadStoresChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
bjCAtSyncChecker.cpp
bjCContainersChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
8fe83e1df954d72c0f4ffc15d20a5222ec151c21 04-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Move a method from IdentifierTable.h out of line and remove the SmallString include.

Fix all the transitive include users.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149783 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
StringSyntaxChecker.cpp
allAndMessageChecker.cpp
heckSecuritySyntaxOnly.cpp
eadStoresChecker.cpp
ereferenceChecker.cpp
dempotentOperationChecker.cpp
LVMConventionsChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
allocSizeofChecker.cpp
bjCContainersASTChecker.cpp
etainCountChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
irtualCallChecker.cpp
00bd44d5677783527d7517c1ffe45e4d75a0f56f 04-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Move various diagnostic operator<< overloads out of line and remove includes of Diagnostic.h.

Fix all the files that depended on transitive includes of Diagnostic.h.
With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149781 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
StringChecker.cpp
ivZeroChecker.cpp
allocChecker.cpp
bjCAtSyncChecker.cpp
threadLockChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
e59ec3dfe17c1ceb648861b621a3890a9a56ab0c 04-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make sure Containers OutOfBounds checker does not crash on undefined arguments, when CF functions are called with wrong number of arguments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149771 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersChecker.cpp
52a3888c4a695ebbb5d7c39c29270ae3408b47e8 04-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Turn on by default two checkers:
- osx.coreFoundation.containers.IndexOutOfBounds
- osx.cocoa.SelfInit

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149747 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
1efcc42c922204d6797a70d90d3c350882f3c098 04-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Minor cleanups to the ObjCSelfInitChecker.
(Also renames in other ObjC checkers to create one category of checks.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149745 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersASTChecker.cpp
bjCContainersChecker.cpp
bjCSelfInitChecker.cpp
f196a90b26479a2c67959c6715491763cbc8ade1 02-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive in the CFArrayCreate check that surfaces
the the code like this (due to x and &x being the same value but
different size):

void* x[] = { ptr1, ptr2, ptr3 };
CFArrayCreate(NULL, (const void **) &x, count, NULL);

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149579 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersASTChecker.cpp
8f1e65617844d315dd19b6cf9bfc437fd4902ed8 01-Feb-2012 Bob Wilson <bob.wilson@apple.com> Fix an assertion failure in isMacOSXVersionLT for IOS targets.

Check if the triple OS is IOS instead of checking for arm/thumb architectures
and check that before calling isMacOSXVersionLT.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149454 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
e00575f12cf280621ef0ed4d69e909bdfc9fef62 31-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add checks for common anti-patterns in strncat.
(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149407 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
StringSyntaxChecker.cpp
heckers.td
393b9793da0b62e26e3974c88a0bca18f2d7fd5e 31-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Change the warning to suggest 'strlcat/strlcpy' as
replacements for 'starcat/strcpy' instead of 'strncat/strncpy'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149406 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
be4dc941030988c71e41303fc9116e0dc099b516 31-Jan-2012 Ted Kremenek <kremenek@apple.com> Convert checker over to using ProgramStateRef.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149319 91177308-0d34-0410-b5e6-96231b3b80d8
bjCContainersChecker.cpp
7fc800356f3c86a0c63e94353d7a1ac5a0ffbf66 30-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename the checker as per Ted's comment. Remove the reference
from the driver.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149276 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
304e6f1495f4796ba5f93e8db2fa9e925a68dae8 30-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Make osx.cocos.CFContainersSyntax a default checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149258 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
af5f550de34525b27f0ff31dafce792caf8158b6 30-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add index out of bounds check for CFArrayGetArrayAtIndex.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149228 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
bjCContainersChecker.cpp
c35fb7d67d515659ad2325b4f6ec97c9fe64fb63 28-Jan-2012 Benjamin Kramer <benny.kra@googlemail.com> StaticAnalyzer: Move ObjC- and CXX-specific methods out of line so checkers that don't care about the language don't have to pull in all the headers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149178 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
ereferenceChecker.cpp
teratorsChecker.cpp
bjCAtSyncChecker.cpp
8bef8238181a30e52dea380789a7e2d760eac532 26-Jan-2012 Ted Kremenek <kremenek@apple.com> Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
heckerDocumentation.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
46e39e30ed10b1f2921363373b131110947ae24c 26-Jan-2012 NAKAMURA Takumi <geek4civic@gmail.com> StaticAnalyzer/Checkers: Fix CMake build.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149009 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
cbd273387a61409f179fcfe8460a8733fcf8f872 26-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add an AST checker that checks for a common pitfall when
using CFArrayCreate & family.

Specifically, CFArrayCreate's input should be:
'A C array of the pointer-sized values to be in the new array.'

(radar://10717339)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149008 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
bjCContainersASTChecker.cpp
b9ac30cf9ec001fd0d63ffc44289a333a21e691d 24-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add more C taint sources/sinks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148844 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
665b00265858a47f3ccd80b2f27b250c54f5fd5d 21-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148631 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
3bfd6d701ee297bd062967e11400daae51b36eb2 21-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Make VLA checker taint aware.

Also, slightly modify the diagnostic message in ArrayBound and DivZero (still use 'taint', which might not mean much to the user, but plan on changing it later).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148626 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
ivZeroChecker.cpp
LASizeChecker.cpp
3026348bd4c13a0f83b59839f64065e0fcbea253 20-Jan-2012 David Blaikie <dblaikie@gmail.com> More dead code removal (using -Wunreachable-code)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148577 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
threadLockChecker.cpp
02019f7134e69e39e33c5a938183fd492410464c 20-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add taint awareness to DivZeroChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148566 91177308-0d34-0410-b5e6-96231b3b80d8
ivZeroChecker.cpp
a8180e5a8795b4b80587662167dfc13646a494a1 20-Jan-2012 Ted Kremenek <kremenek@apple.com> Reenable DeadStoresChecker under --analyze, and move the IdempotentOperationsChecker to the 'experimental' category. Fixes <rdar://problem/10146347>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148533 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
b63d8d8f7b2d101838af992749411dd79c2ed116 20-Jan-2012 Ted Kremenek <kremenek@apple.com> Implement checker that looks for calls to mktemps and friends that have fewer than 6 Xs. Implements <rdar://problem/6336672>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148531 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
heckers.td
76a54246dbbe6cc3c74186e64f8ea0deb4a64ea2 20-Jan-2012 Ted Kremenek <kremenek@apple.com> Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure APIs. Now
multiple checks are exposed as separate checkers, but CheckerManager only creates
one Checker object.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148525 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
heckers.td
2bf8fd84087231fd92dfdebe18895e01a6ae405c 20-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add socket API as a source of taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148518 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
7cdfe298ae49e381f6d78fc93855c372e5173dd0 18-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Refactor: prePropagateTaint ->
TaintPropagationRule::process().

Also remove the "should be a pointer argument" warning - should be
handled elsewhere.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148372 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
4e46221e38b7d434fbecb1cd56b259437206d246 18-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Taint: warn when tainted data is used to specify a buffer
size (Ex: in malloc, memcpy, strncpy..)

(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148371 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
9b0c749a20d0f7d0e63441d76baa15def3f37fdb 18-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Taint: add taint propagation rules for string and memory copy
functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
7530c034c0c71a64c5a9173206d9742ae847af8b 17-Jan-2012 David Blaikie <dblaikie@gmail.com> Remove unreachable code in Clang. (replace with llvm_unreachable where appropriate or when GCC requires it)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148292 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
561d3abc881033776ece385a01a510e1cbc1fa92 17-Jan-2012 David Blaikie <dblaikie@gmail.com> Remove unnecessary default cases in switches over enums.

This allows -Wswitch-enum to find switches that need updating when these enums are modified.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148281 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
022b3f4490bbdcde7b3f18ce0498f9a73b6cbf53 17-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Taint: generalize taint propagation to simplify adding more
taint propagation functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148266 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
8568ee743406ac4bb23c9768a0dffd627fdbc579 14-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Taint: add system and popen as undesirable sinks for taint
data.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148176 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
71d29095d27e94b00083259c06a45f5294501697 13-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Taint: when looking up a binding, provide the type.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148080 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e 12-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename Store::Retrieve() -> getBinding().

+ all the other Retrieve..() methods + a comment for ElementRegion.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
acOSKeychainAPIChecker.cpp
1fb826a6fd893234f32b0b91bb92ea4d127788ad 12-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add taint transfer by strcpy & others (part 1).

To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.

Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148010 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
3e97758f22f31d0dbc336fc4794b86aed8607053 11-Jan-2012 Ted Kremenek <kremenek@apple.com> "This change adds alloca/valloc checks to UnixAPIChecker. It includes a small refactoring for
the common *alloc functions as well as a few tiny wibbles (adds a note
to CWE/CERT advisory numbers in the bug output, and fixes a couple
80-column-wide violations.)"

Patch by Austin Seipp!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147931 91177308-0d34-0410-b5e6-96231b3b80d8
nixAPIChecker.cpp
2215eef02c3ac84c3189e5ac694326038226b467 07-Jan-2012 Rafael Espindola <rafael.espindola@gmail.com> Remove unused variable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147744 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
9f03b62036a7abc0a227b17f4a49b9eefced9450 07-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Add basic format string vulnerability checking.

We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
5eca482fe895ea57bc82410222e6426c09e63284 06-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
hrootChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
enericTaintChecker.cpp
dempotentOperationChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
aintTesterChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 05-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars

* invalidated by functions defined in system headers:
B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
e3659a78a96da3b9a5a90fa84c96078a84f0f3e3 05-Jan-2012 Ted Kremenek <kremenek@apple.com> Fix 80 col violations.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147566 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
0507f7ee76ed838ce3012ca9e10ff7811723acf2 04-Jan-2012 Ted Kremenek <kremenek@apple.com> Minor code formatting cleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147505 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
c1275da4eb5778eb3c9600e79918ad1fbec589c6 04-Jan-2012 Ted Kremenek <kremenek@apple.com> Enhance UnixAPIChecker to also warn about zero-sized allocations to calloc() and realloc(). Patch by Cyril Roelandt!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147500 91177308-0d34-0410-b5e6-96231b3b80d8
nixAPIChecker.cpp
de9f25365ca1fbc146eefeb839053b1cf9b75ae1 04-Jan-2012 Ted Kremenek <kremenek@apple.com> Add initial version of checker to check if virtual member functions are called transitively
from C++ constructors or destructors. Checker by Lei Zhang with a few tweaks by Ted Kremenek.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147494 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
irtualCallChecker.cpp
63d32bdf895e1ad8cfeef8e634a84fe136215202 29-Dec-2011 Rafael Espindola <rafael.espindola@gmail.com> Fix cmake build with -DBUILD_SHARED_LIBS=ON.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147338 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
682060c5d95f6e4f79536013781ab0870cdd3850 23-Dec-2011 Ted Kremenek <kremenek@apple.com> Colorize and condense CFG pretty-printing.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147203 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
b7dcddf1820f4d2e5c2605c12090ea7d17f9fa82 22-Dec-2011 Ted Kremenek <kremenek@apple.com> Fix typos in analyzer diagnostics pointed out by Matt Beaumont-Gay and Robert Purves.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147139 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
9ffbe243cca46082b4a59b5c3be454ab0c455378 17-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Add support for taint flowing through a function (atoi).

Check if the input parameters are tainted (or point to tainted data) on
a checkPreStmt<CallExpr>. If the output should be tainted, record it in
the state. On post visit (checkPostStmt<CallExpr>), use the state to
make decisions (in addition to the existing logic). Use this logic for
atoi and fscanf.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146793 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
d3d8548e75f3fb6db53ed0927c1df30d78f4ce1d 16-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Better stdin support.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146748 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
9b879db75be6b8db4a7c804e9bba4c07c4cfa81c 16-Dec-2011 Logan Chien <loganchien@google.com> Apply changes to migrate to clang upstream r146715.

Change-Id: I7a40ad93f4cc76a6e748ba314ac06a1bef473bbf
ndroid.mk
298aaf2c97ab7c4d5bd3a8e8d8112e3bc77b29b6 16-Dec-2011 Logan Chien <loganchien@google.com> Merge with clang upstream r146715 (Dec 16th 2011)

Change-Id: I66024a7b6eb0ee37d7b3ff7ce41c0bfb4b514bee
efd6989f4644c8460854606e085fc69535054058 14-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Treat stdin as a source of taint.

Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146536 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
1009ac715501a4fa1951d94722dcbe6ab30068f8 14-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Mark output of fscanf and fopen as tainted.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146533 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
e55a22b917327651178ddea36b3615f579681eea 14-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Mark getenv output as tainted.

Also, allow adding taint to a region (not only a symbolic value).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
e3d250e488241cbfe71a592df4d07d03ad89434a 11-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.

We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about.

In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)

This patch also contains 2 small bug fixes:
- swap the order of operators inside SValBuilder::makeGenericVal.
- handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146343 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
enericTaintChecker.cpp
f4e8a12ea6f93843910e750b26bfc9d3ead1f078 08-Dec-2011 Francois Pichet <pichet2000@gmail.com> Unbreak MSVC build.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146146 91177308-0d34-0410-b5e6-96231b3b80d8
allocSizeofChecker.cpp
dc30967a4633186782e0e204c65dba2552301ec9 08-Dec-2011 Peter Collingbourne <peter@pcc.me.uk> Add an experimental MallocSizeofChecker, which reports inconsistencies
between the casted type of the return value of a malloc/calloc/realloc
call and the operand of any sizeof expressions contained within
its argument(s).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146144 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
allocSizeofChecker.cpp
0e35b4ecee380c2b4c33d75da6bc2fb6f6bc7df3 07-Dec-2011 Richard Smith <richard-llvm@metafoo.co.uk> DeadStoresChecker: when whitelisting dead initializations with constants, look
for a foldable constant rather than an IR-level constant. This is still far too
liberal, but is a step in the right direction.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145990 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb 07-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it
for finding dependent symbols for taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
e5ee70d08e62cb6c96a736163204c12c6ef8147a 07-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove an unnecessary check.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145984 91177308-0d34-0410-b5e6-96231b3b80d8
aintTesterChecker.cpp
02f34c5003b2c5067675f89ffce0a84c28faf722 05-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Rely on LLVM Dominators in Clang dominator computation.

(Previously, Clang used it's implementation of dominators.)

The patch is contributed by Guoping Long!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145858 91177308-0d34-0410-b5e6-96231b3b80d8
ebugCheckers.cpp
f62ceec2173e6eefa3879ffa6a7bd68cba463023 05-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Change RetainCountChecker to use symbol dump method instead
of relying on SymbolID.

This way any expression can be printed (not only SymbolData).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145829 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
a50b7ab5af79690855af68f1fff7897291ba9535 05-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Add a debug checker to test for tainted data.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145827 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
aintTesterChecker.cpp
ee5a21fda5efce750c21db5a1d635c9742f5859b 01-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Make KeychainAPI checker less aggressive. radar://10508828

We trigger an error if free is called after a possibly failed allocation. Do not trigger the error if we know that the buffer is not null.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145584 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
b805c8ff133ef0c62df032fa711d6b13c5afd7f4 01-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor checkers to use helper function for getting callee Decl and name.

We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145576 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
hrootChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SAtomicChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
75df4eeede7b91c22c1d63fafd4dd4142844e3b9 01-Dec-2011 Ted Kremenek <kremenek@apple.com> Further tweak -Wurneachable-code and templates by allowing the warning to run on
explicit template specializations (which represent actual functions somebody wrote).

Along the way, refactor some other code which similarly cares about whether or
not they are looking at a template instantiation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145547 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
90735f717de5d5dfe6a6f5f543b0daedff94bc1a 30-Nov-2011 Benjamin Kramer <benny.kra@googlemail.com> Update CMake build.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145506 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
d699ade396154238d2fa89bb09fdcfb79e5587d2 30-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Add checker callback documentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145495 91177308-0d34-0410-b5e6-96231b3b80d8
heckerDocumentation.cpp
2db4f4e0b4234eb96347aa69c00aa0c5624676a3 25-Nov-2011 Logan Chien <loganchien@google.com> Apply changes to migrate to clang upstream r145117. (Nov 25th 2011)

Change-Id: I13ff6eaa1f0b0f179c026f9703292a532d714c07
ndroid.mk
2a710c84db1ebf0c16cba0ff121ca8e15f045a07 25-Nov-2011 Logan Chien <loganchien@google.com> Merge with clang upstream r145117 (Nov 25th 2011)

Change-Id: Id4fde985342e3c81f13887e8728bd94b82523642
8f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5 18-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Warn when non pointer arguments are passed to scanf (only when running taint checker).

There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144964 91177308-0d34-0410-b5e6-96231b3b80d8
enericTaintChecker.cpp
3d5f24ae1ad6241e630b7824eb8d02a8576193ab 16-Nov-2011 Benjamin Kramer <benny.kra@googlemail.com> Update CMake build.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144829 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
9b0970f2c7fdc070b18e113f0bbd96e7f77b4f54 16-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Catch the first taint propagation implied buffer overflow.

Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.

+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144826 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
df18c5ae6c48d3b56f7f9550875c53dc46eb8d78 16-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Adding generic taint checker.

The checker is responsible for defining attack surface and adding taint to symbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144825 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
enericTaintChecker.cpp
0e12ebfd3ef9ad5d894466c6e4910ac5e6041034 16-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Factor getCalleeName to the checker context.
many checkers are trying to get a name of the callee when visiting
a CallExpr, so provide a convenience API.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144820 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
71d9a71d19099a6673750b47b32e9786803fa81d 15-Nov-2011 Logan Chien <loganchien@google.com> Merge with clang upstream r144605 (Nov 15th 2011)

Conflicts:
include/clang-c/Index.h
include/clang/AST/APValue.h
include/clang/AST/DeclBase.h
include/clang/AST/DeclObjC.h
include/clang/Basic/DiagnosticSemaKinds.td
include/clang/Serialization/ASTWriter.h
lib/AST/APValue.cpp
lib/AST/ASTImporter.cpp
lib/AST/DeclObjC.cpp
lib/AST/ExprConstant.cpp
lib/Driver/ToolChains.cpp
lib/Frontend/SerializedDiagnosticPrinter.cpp
lib/Frontend/Warnings.cpp
lib/Lex/HeaderSearch.cpp
lib/Lex/LiteralSupport.cpp
lib/Sema/SemaExpr.cpp
lib/Sema/SemaInit.cpp
lib/Sema/SemaPseudoObject.cpp
test/Analysis/misc-ps.c
test/Analysis/retain-release-path-notes.m
test/CodeGen/string-literal-unicode-conversion.c
test/CodeGenCXX/blocks.cpp
test/Driver/crash-cleanup.c
test/Misc/serialized-diags.c
test/Misc/warning-flags.c
tools/c-index-test/c-index-test.c
tools/libclang/CXLoadedDiagnostic.cpp
tools/libclang/IndexDecl.cpp
tools/libclang/IndexTypeSourceInfo.cpp
tools/libclang/Indexing.cpp
tools/libclang/IndexingContext.cpp
tools/libclang/IndexingContext.h
tools/libclang/libclang.exports

Change-Id: I6621e7d5d9a9d1e4cdec7b7b62ffa6dffaff375d
4c42bb7815e4f6317826767f8c53776ae03b4028 14-Nov-2011 Ted Kremenek <kremenek@apple.com> [static analyzer] Tweak RetainCountChecker's diagnostics to correctly indicate if a message was due to a property access. This can
potentially be refactored for other clients, and this is a regression from the refactoring of property acceses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144571 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
62d3cba9d0c608e894a8ce65f0012d730f29f267 10-Nov-2011 Richard Smith <richard-llvm@metafoo.co.uk> Constant expression evaluation: support for evaluation of structs and unions of
literal types, as well as derived-to-base casts for lvalues and
derived-to-virtual-base casts.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144265 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
e6b86f57c7adb6a398e6dc09547146dd6614061b 08-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove redundant check from DivZeroChecker

Analysis by Ted:
"
if (stateZero && !stateNotZero) {

is checking to see if:

(A) "it is possible for the value to be zero" (stateZero)

AND

(B) "it is not possible for the value to be non-zero" (!stateNotZero)

That said, the only way for both B to be true AND A to be false is if the path is completely infeasible by the time we reach the divide-by-zero check. For the most part (all cases?), such cases should automatically get pruned out at branches (i.e., an infeasible path gets dropped), which is the case in our tests. So the question is whether or not such an infeasible path might not get dropped earlier? I can't envision any right now.

Indeed, the rest of the checker assumes that if the bug condition didn't fire then 'stateNotZero' is non-NULL:

C.addTransition(stateNotZero);
"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144114 91177308-0d34-0410-b5e6-96231b3b80d8
ivZeroChecker.cpp
c0161d060cd1c1349cb4e8f8d94a300fb7fc07d6 05-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] There should be a space between "expect" and "only"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143787 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
0c9badaf92f3846a7cf35858c2eb4ae2d737d97e 01-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] CheckerContext::getPredecessor() cleanup

Remove unnecessary calls to CheckerContext::getPredecessor() + Comments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143513 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
etainCountChecker.cpp
98d03ba401daa01833bd9ee79234ab3b630a4e92 28-Oct-2011 Ted Kremenek <kremenek@apple.com> [analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143215 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
cab62f8cc4967a6b9b86bb6d2b21562ad5385eb5 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Add getLocationContext to CheckerContext

CheckerContext::getPredecessor is only used to get to the LocationContext
half of the times.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143061 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
StringChecker.cpp
teratorsChecker.cpp
SErrorChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
ndefCapturedBlockVarChecker.cpp
LASizeChecker.cpp
a21ca0e56b638f148d974c17427efb746674cc31 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove EmitBasicReport form CheckerContext.

The path sensitive checkers should use EmitBasicReport, which provides the
node information.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143060 91177308-0d34-0410-b5e6-96231b3b80d8
SAutoreleasePoolChecker.cpp
23c5497d36cbf0506f48575b6d89abb4dde1b5dc 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Rename generateNode -> addTransition in CheckerContext

Also document addTransition methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astToStructChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
c23482b5ded0c032a5959d54109d26f38d00edd2 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove getEngine() form CheckerContext

A step toward making sure that diagnostics report should only
be generated though the CheckerContext and not though BugReporter
or ExprEngine directly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142947 91177308-0d34-0410-b5e6-96231b3b80d8
SAutoreleasePoolChecker.cpp
etainCountChecker.cpp
f5d6176554eda96ac4097a0a1e0852250cadfb9a 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Simplify CheckerContext

Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
a284a7a3d1b18428afbf9f6f41b4f057406d3361 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Make branch for condition callback use CheckerContext

Now, all the path sensitive checkers use CheckerContext!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142944 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
1f7571b85caea78e0cefb558867ec84e12b32e79 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyze] Convert EndOfPath callback to use CheckerContext

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
7c4629c8bba02762119c873b657329d28abaa4ca 25-Oct-2011 Ted Kremenek <kremenek@apple.com> Add source-level dominators analysis. Patch by Guoping Long!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142885 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
0962ee5f01b0ee39c82d2bf0583a2446672c4b8c 24-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Node builders cleanup + comments
Renamed PureNodeBuilder->StmtNodeBuilder.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
479f24e3aa41899f65ed45cb31a31436d36650c8 24-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove more dependencies from global Builder
- OSAtomicChecker
- ExprEngine::processStmt

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142846 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
579ee4f9f5c7b8f939621c8008337a3c1c679957 24-Oct-2011 Ted Kremenek <kremenek@apple.com> Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
eadStoresChecker.cpp
dempotentOperationChecker.cpp
allocOverflowSecurityChecker.cpp
bjCSelfInitChecker.cpp
nreachableCodeChecker.cpp
180f47959a066795cc0f409433023af448bb0328 10-Nov-2011 Richard Smith <richard-llvm@metafoo.co.uk> Constant expression evaluation: support for evaluation of structs and unions of
literal types, as well as derived-to-base casts for lvalues and
derived-to-virtual-base casts.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144265 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
8d0ffc7f8c9e7515c54d47b5fd37f8a62850dffb 08-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove redundant check from DivZeroChecker

Analysis by Ted:
"
if (stateZero && !stateNotZero) {

is checking to see if:

(A) "it is possible for the value to be zero" (stateZero)

AND

(B) "it is not possible for the value to be non-zero" (!stateNotZero)

That said, the only way for both B to be true AND A to be false is if the path is completely infeasible by the time we reach the divide-by-zero check. For the most part (all cases?), such cases should automatically get pruned out at branches (i.e., an infeasible path gets dropped), which is the case in our tests. So the question is whether or not such an infeasible path might not get dropped earlier? I can't envision any right now.

Indeed, the rest of the checker assumes that if the bug condition didn't fire then 'stateNotZero' is non-NULL:

C.addTransition(stateNotZero);
"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144114 91177308-0d34-0410-b5e6-96231b3b80d8
ivZeroChecker.cpp
de2a6a81c217ff4b8e77aa4486966eef2edfdb2f 05-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] There should be a space between "expect" and "only"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143787 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
a2a860306e3697fcf7a12c5ba59551ca60578968 01-Nov-2011 Anna Zaks <ganna@apple.com> [analyzer] CheckerContext::getPredecessor() cleanup

Remove unnecessary calls to CheckerContext::getPredecessor() + Comments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143513 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
etainCountChecker.cpp
4a037c70fdaefafb9c635fedb7035ad462a2742c 28-Oct-2011 Ted Kremenek <kremenek@apple.com> [analyzer] ObjC message sends to nil receivers that return structs are now okay (compiler zeroes out the data). Fixes <rdar://problem/9151319>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143215 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
39ac1876f6f9a1a8e0070f0df61036c7ba05202b 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Add getLocationContext to CheckerContext

CheckerContext::getPredecessor is only used to get to the LocationContext
half of the times.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143061 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
StringChecker.cpp
teratorsChecker.cpp
SErrorChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
ndefCapturedBlockVarChecker.cpp
LASizeChecker.cpp
48468dfeb3ccf099ed51ff5dcb8ae0fe783692fd 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove EmitBasicReport form CheckerContext.

The path sensitive checkers should use EmitBasicReport, which provides the
node information.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143060 91177308-0d34-0410-b5e6-96231b3b80d8
SAutoreleasePoolChecker.cpp
0bd6b110e908892d4b5c8671a9f435a1d72ad16a 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Rename generateNode -> addTransition in CheckerContext

Also document addTransition methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astToStructChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
6a93bd526c5136ee5a26871e829cf5a8548a1c6a 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove getEngine() form CheckerContext

A step toward making sure that diagnostics report should only
be generated though the CheckerContext and not though BugReporter
or ExprEngine directly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142947 91177308-0d34-0410-b5e6-96231b3b80d8
SAutoreleasePoolChecker.cpp
etainCountChecker.cpp
063e0887ad65d666d23ee3178436ad6507abbd1b 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Simplify CheckerContext

Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
threadLockChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
f236b6503a4dbc44c1fccb8756bd57c9d0efdf05 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Make branch for condition callback use CheckerContext

Now, all the path sensitive checkers use CheckerContext!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142944 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
af498a28797c075c48d7e943df5f5a8e78ed8eb0 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyze] Convert EndOfPath callback to use CheckerContext

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
58f6f1e37ab32fdd0c8bab6771d8e09bc139e9ed 25-Oct-2011 Ted Kremenek <kremenek@apple.com> Add source-level dominators analysis. Patch by Guoping Long!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142885 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
aa0aeb1cbe117db68d35700cb3a34aace0f99b99 24-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Node builders cleanup + comments
Renamed PureNodeBuilder->StmtNodeBuilder.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
f185cc1ac77a84139c603eee3473b88dcb839c68 24-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove more dependencies from global Builder
- OSAtomicChecker
- ExprEngine::processStmt

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142846 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
1d26f48dc2eea1c07431ca1519d7034a21b9bcff 24-Oct-2011 Ted Kremenek <kremenek@apple.com> Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142782 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
eadStoresChecker.cpp
dempotentOperationChecker.cpp
allocOverflowSecurityChecker.cpp
bjCSelfInitChecker.cpp
nreachableCodeChecker.cpp
fe6bd6dc51777802a0118521b9039981a0e6a806 21-Oct-2011 Logan Chien <loganchien@google.com> Apply changes to migrate to upstream Oct 20th 2011 (r142531)

Change-Id: I32cdb5da2c07c84e01f42b4e87161196f468806a
ndroid.mk
00a92abaf907802bfa4d6f38bdd242c6bfc34c09 21-Oct-2011 Logan Chien <loganchien@google.com> Merge with clang upstream Oct 20th 2011 (r142531)

Change-Id: I42181113f38ce445f2a48694d6f654438562b71e
4e82d3cf6fd4c907265e3fa3aac0a835c35dc759 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Make NodeBuilder and Pred node loosely coupled

NodeBuilder should not assume it's dealing with a single predecessor. Remove predecessor getters. Modify the BranchNodeBuilder to not be responsible for doing auto-transitions (which depend on a predecessor).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142453 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
67d9fbac82922ef5b6c9ba5ac4a07e80f9960292 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove dead code.
ExprEngineBuilders is not used.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142450 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
cd656cab3fa3dd4b0c974c6ae1c0e60880b18c22 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Modularize builder use in processBranch.

Take advantage of the new builders for branch processing. As part of this change pass generic NodeBuilder (instead of BranchNodeBuilder) to the BranchCondition callback and remove the unused methods form BranchBuilder.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142448 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
a19f4af7a94835ce4693bfe12d6270754e79eb56 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] NodeBuilder Refactoring: Subclass BranchNodeBuilder from NodeBuilder.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142444 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
f05aac8472d8ed081a361a218fd14d59ddc91b85 19-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Node Builder refactoring: Introduce a simple Node Builder responsible for generating the node frontier.

Currently we have a bunch of different node builders which provide some common
functionality but are difficult to refactor. Each builder generates nodes of
different kinds and calculates the frontier nodes, which should be propagated
to the next step (after the builder dies).

Introduce a new NodeBuilder which provides very basic node generation facilities
but takes care of the second problem. The idea is that all the other builders
will eventually use it. Use this builder in CheckerContext instead of
StmtNodeBuilder (the way the frontier is propagated to the StmtBuilder
is a hack and will be removed later on).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142443 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
b8989f27f116ff2400e92a52c067a69846119eb5 14-Oct-2011 Benjamin Kramer <benny.kra@googlemail.com> Change operator<< for raw_ostream and NamedDecl to take a reference instead of a pointer.

Passing a pointer was a bad idea as it collides with the overload for void*.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141971 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
eadStoresChecker.cpp
allocChecker.cpp
bjCUnusedIVarsChecker.cpp
etainCountChecker.cpp
tackAddrEscapeChecker.cpp
c800f68f8e61007a6dc5dc8213629fb423e76cd9 11-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Fix a typo.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141678 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
a7957ff18c2480cb46081311067b61eb47023355 11-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Warn about the use of insecure, deprecated vfork() function PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053).

A patch by Graham Lee!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141643 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
a6b8b2c09610b8bc4330e948ece8b940c2386406 10-Oct-2011 Richard Smith <richard-llvm@metafoo.co.uk> Constant expression evaluation refactoring:
- Remodel Expr::EvaluateAsInt to behave like the other EvaluateAs* functions,
and add Expr::EvaluateKnownConstInt to capture the current fold-or-assert
behaviour.
- Factor out evaluation of bitfield bit widths.
- Fix a few places which would evaluate an expression twice: once to determine
whether it is a constant expression, then again to get the value.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141561 91177308-0d34-0410-b5e6-96231b3b80d8
allocOverflowSecurityChecker.cpp
a5937bbfd19e61d651a58b0f0ffeef68457902a5 08-Oct-2011 Ted Kremenek <kremenek@apple.com> Remove AnalysisContext::getLiveVariables(), and introduce a templatized mechanism to lazily create analyses that are attached to AnalysisContext objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141425 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
ebugCheckers.cpp
5e1cdac63c3d9c9b32fa41fa0b2d242a58a20d49 07-Oct-2011 John McCall <rjmccall@apple.com> Rename TagDecl::isDefinition -> isCompleteDefinition
for better self-documenting code, since the semantics
are subtly different from getDefinition().



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141355 91177308-0d34-0410-b5e6-96231b3b80d8
LVMConventionsChecker.cpp
6ee5b9384533d5b3f8c18b578fccd3935e1b892f 06-Oct-2011 Peter Collingbourne <peter@pcc.me.uk> Clang-side build system infrastructure for multiple tblgens.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141267 91177308-0d34-0410-b5e6-96231b3b80d8
akefile
390909c89c98ab1807e15e033a72e975f866fb23 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove the dependency on CheckerContext::getStmt() as well as the method itself.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141262 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ereferenceChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
ndefinedAssignmentChecker.cpp
93edbc5269c166e3ab50ccb323b934c7bdf07c3c 06-Oct-2011 Ted Kremenek <kremenek@apple.com> Fix major regression in RetainCountChecker. DefaultSummaries were not being used when they were meant to be. Fixes <rdar://problem/10241614>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141250 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
4eff823b8e015e003d05953c386d685ee6bb6235 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove the last dependency on CheckerContext::getNodeBuilder() as well as the method itself.

Checkers should not directly access NodeBuilder, nodes can be created by calling the CheckerContext's generateNode() methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141249 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
dff6ef903ff4fcb43b5ea292ecd772e381393b5d 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] OSAtomicChecker implements evalCall in a very invasive way - it essentially simulates inlining of compareAndSwap() by means of setting the NodeBuilder flags and calling ExprEngine directly.

This commit introduces a new callback just for this checker to unblock checker API cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141246 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
cbb7add8d7e3f868a6695a601e45fc13257bd9f5 05-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Removing more references to CheckerContext::getNodeBuilder(): ask CheckerContext to generate the nodes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141136 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
5d0ea6d62e076c776ddad028c4eb615783be1323 04-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141112 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
StringChecker.cpp
allocChecker.cpp
etainCountChecker.cpp
treamChecker.cpp
8ba721428af297e540fb40b176eeeea0ee010c1f 04-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove unused methods, add comments to others.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141098 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
3381a73dd77f3f84a6cdc8a0e3c4ec53b7df9651 04-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove redundant state (AnalysisContext pointer for every BinaryOperator tracked) from IdempotentOperationChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141045 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
1e9775d36de8edbc665c0f0bf4dae1400e3d2112 03-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] In UndefBranchChecker, use a node generator which does not create an edge/branching. (ExprEngine should be in charge of generating edges. The checkers should examine the condition and generate PostCondition node if needed.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141034 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
9c81bc2763dc37f78f357be339a6376402aad537 03-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Cleanup in UndefBranchChecker:
- Remove unused FindUndefExpr::ProgramStateManager.
- The Condition parameter of the callback is the terminator of the block, no need to retrieve it again.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141027 91177308-0d34-0410-b5e6-96231b3b80d8
ndefBranchChecker.cpp
491306a83c4f0f49f95a3bcbca8580cb98a91c7a 03-Oct-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> Allow getting all source locations of selector identifiers in a ObjCMethodDecl.

Instead of always storing all source locations for the selector identifiers
we check whether all the identifiers are in a "standard" position; "standard" position is

-Immediately before the arguments: -(id)first:(int)x second:(int)y;
-With a space between the arguments: -(id)first: (int)x second: (int)y;
-For nullary selectors, immediately before ';': -(void)release;

In such cases we infer the locations instead of storing them.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140989 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
etainCountChecker.cpp
7df2ff45f101c87398329d0ea23c1377328dca40 01-Oct-2011 John McCall <rjmccall@apple.com> Tweak the interface for analyzing the CF conventions for a name
to take a FunctionDecl* instead of an llvm::StringRef. Eventually
we might push more logic in there, like using slightly different
conventions for C++ methods.

Also, fix a bug where 'copy' and 'create' were being caught in
non-camel-cased strings. We want copyFoo and CopyFoo and XCopy
but not Xcopy or xcopy.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140911 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
0658879cc98e8cb918e2f349a59c901f74f0de11 30-Sep-2011 Anna Zaks <ganna@apple.com> [analyzer] Fix a bug in RetainReleaseChecker diagnostics. It gives more precise error message on the modified test case (and prevents duplicate diagnostics when we purge at block granularity).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140840 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
7e5f112ca7410af93c7cdc07cf3a9dae15214300 28-Sep-2011 Anna Zaks <ganna@apple.com> Fix a crash in MallocOverflowSecurityChecker. Patch by Lei Zhang.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140648 91177308-0d34-0410-b5e6-96231b3b80d8
allocOverflowSecurityChecker.cpp
d25be9f401baf469892890119f915289b041e4f0 24-Sep-2011 Benjamin Kramer <benny.kra@googlemail.com> Fix comment typo.

Patch by Rui Paulo!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140448 91177308-0d34-0410-b5e6-96231b3b80d8
threadLockChecker.cpp
b219cfc4d75f0a03630b7c4509ef791b7e97b2c8 23-Sep-2011 David Blaikie <dblaikie@gmail.com> Switch assert(0/false) llvm_unreachable.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140367 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
590dd8e0959d8df5621827768987c4792b74fc06 20-Sep-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor PathDiagnosticLocation: Make PathDiagnosticLocation(SourceLocation...) private. Most of the effort here goes to making BugReport refer to a PathDiagnosticLocation instead of FullSourceLocation.

(Another step closer to the goal of having Diagnostics which can recover from invalid SourceLocations.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140182 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
eadStoresChecker.cpp
LVMConventionsChecker.cpp
allocOverflowSecurityChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
bjCUnusedIVarsChecker.cpp
etainCountChecker.cpp
nreachableCodeChecker.cpp
4fdf97bf51d2a156cec3232efd6dae110aa02aa0 15-Sep-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?):
- Fix a fixme and move the logic of creating a PathDiagnosticLocation corresponding to a ProgramPoint into a PathDiagnosticLocation constructor.
- Rename PathDiagnosticLocation::create to differentiate from the added constructor.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139825 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
220ac8c175cb1bf9b18d82eefe036995d7a2164d 15-Sep-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?):
- Modify all PathDiagnosticLocation constructors that take Stmt to also requre LocationContext.
- Add a constructor which should be used in case there is no valid statement/location (it will grab the location of the enclosing function).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139763 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
etainCountChecker.cpp
43f48b0b1bc763dc56db6e01de4fcc44ad389bef 14-Sep-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor: Make PathDiagnosticLocation responsible for creating a valid object given an ExploadedNode (the same logic can be reused by other checkers).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139672 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
e289d81369914678db386f6aa86faf8f178e245d 13-Sep-2011 Douglas Gregor <dgregor@apple.com> Switch LangOptions over to a .def file that describes header of the
language options. Use that .def file to declare the LangOptions class
and initialize all of its members, eliminating a source of annoying
initialization bugs.

AST serialization changes are next up.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139605 91177308-0d34-0410-b5e6-96231b3b80d8
heckObjCDealloc.cpp
SAutoreleasePoolChecker.cpp
etainCountChecker.cpp
d77ba899b3ed39aa4bdba22aabc4bcd5ca6effdf 03-Sep-2011 Benjamin Kramer <benny.kra@googlemail.com> Make helpers static, remove unused variables.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139078 91177308-0d34-0410-b5e6-96231b3b80d8
etainCountChecker.cpp
d1e5a89226da79f7e6f43d40facc46abda9e5245 02-Sep-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Remove TransferFuncs.h, then deal with the fallout.

And with that, TransferFuncs is gone!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139003 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
allAndMessageChecker.cpp
SAutoreleasePoolChecker.cpp
oReturnFunctionChecker.cpp
bjCSelfInitChecker.cpp
etainCountChecker.cpp
910c4050b7cf0a5742a12e123b99ed29dacd9fbf 02-Sep-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Move RetainReleaseChecker to the Checkers library and rename it to RetainCountChecker...and clean up the file while I'm at it.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139002 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
etainCountChecker.cpp
17a38e2636a8b1ce473fc6504c4b16cb09db29f4 02-Sep-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Move the knowledge of whether or not GC is enabled for the current analysis from CFRefCount to ExprEngine.

Remove TransferFuncs from ExprEngine and AnalysisConsumer.

Demote RetainReleaseChecker to a regular checker, and give it the name osx.cocoa.RetainCount (class name change coming shortly). Update tests accordingly.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138998 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
bcfd1f55bfbb3e5944cd5e03d07b343e280838c4 02-Sep-2011 Douglas Gregor <dgregor@apple.com> Extend the ASTContext constructor to delay the initialization of
builtin types (When requested). This is another step toward making
ASTUnit build the ASTContext as needed when loading an AST file,
rather than doing so after the fact. No actual functionality change (yet).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138985 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
heckSecuritySyntaxOnly.cpp
nixAPIChecker.cpp
d56763fd33321cb3d0f17804abecb379cea78c01 01-Sep-2011 Zhongxing Xu <xuzhongxing@foxmail.com> If size was equal to 0, either NULL or a pointer suitable to be passed to
free() is returned by realloc(). Most code expect NULL.

And we only need to transfer one final ProgramState.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
1af9d9e5f6d0f07917c01b1017620104dbbc0e7f 31-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix varargs helper to only use POD types even for named arguments. Thanks, Joerg.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138875 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
065a4055f796c545cdcc89a490be2d3288426d57 29-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Simplify getSymbolForRegion by using existing API. Thanks Jordy.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138765 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
8b6eb7ce4f6a7124babd4d7f6f4bb4bb5f6daddf 29-Aug-2011 Anna Zaks <ganna@apple.com> Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement on the previous commit.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138762 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
5c96f862b7789594b11db74416af12e379a299b9 29-Aug-2011 Anna Zaks <ganna@apple.com> Fix bug 10797: Crash: "cast<Ty>() argument of incompatible type!" assert when analyzing ICU.

Patch by Jean-Daniel Dupas. Thanks for spotting and fixing!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138757 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
537716ad8dd10f984b6cfe6985afade1185c5e3c 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.

Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.

Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
782f63ecd124f9384f988dc7e0cf4ae1540c15f6 26-Aug-2011 Jeffrey Yasskin <jyasskin@google.com> Handle CXXTempObjectRegion in StackAddrEscapeChecker.

Also convert stack-addr-ps.cpp to use the analyzer instead of just Sema, now
that it doesn't crash, and extract the stack-block test into another file since
it errors, and that prevents the analyzer from running.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138613 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
eacd2b469bea7b5fe4f7643087faefc9f1fb3922 25-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Cleanup AllocationState structure.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138535 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
6b7aad989f45a4684981b604ad603f53a5ef6f65 25-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Add the custom BugReport visitor(which highlights the allocation site) to all the relevant reports within the checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138531 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
5eb7d82604970c2d2730a8b1fe5ee268b37f9844 24-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] Do not use references in std::pair.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138497 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
e94cb98d39fcd2cca68ab1b0d71f9a16b5e934c1 24-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] Unbreak the release buildbot.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138493 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
98401114e1c6dd3a3271820d16781d792555e40e 24-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Provide reacher diagnostic trace by pointing to the allocation site when reporting a leak.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138479 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
6cf0ed062fb7ff3def3b627bab8ca275a549579e 24-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138417 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
31e1028afca8745ff6cfd64ecacdc05e513039ec 24-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Retrieve the memory region which we are tracking even when it's no longer a SymbolicRegion, for example, when it is cast to char*.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138415 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
dd6060ebbd92842fbebd5d383f5ad48b29e7c99c 24-Aug-2011 Anna Zaks <ganna@apple.com> Move creation of the deallocation mismatch report into a separate function for future reuse.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138414 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
7bbd166c0e7644e56257537fc16082bf270f8dfb 23-Aug-2011 Anna Zaks <ganna@apple.com> [analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138296 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
7df1234c2e62b2a23dc4417e527f941c20ebe858 21-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Replace calls to getNameAsString() with StringRef equivalents.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138215 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
tackAddrEscapeChecker.cpp
d9f5a709ddbffe35dcc419c9c3fa6a852e833f7a 20-Aug-2011 Benjamin Kramer <benny.kra@googlemail.com> Fix compile on platforms that don't implicitly include stdarg.h here.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138214 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
e62e87bdb14ec0237819a3b66f6a30105a8f5a0c 20-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Move handling of hardcoded noreturn ("panic") methods from CFRefCount to NoReturnFunctionChecker. No functionality change intended.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138210 91177308-0d34-0410-b5e6-96231b3b80d8
oReturnFunctionChecker.cpp
e0e29332c89da22b6890929b97e6f568c917d85f 20-Aug-2011 Ted Kremenek <kremenek@apple.com> Remove dead code.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138183 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
50bbc165b063155cc23c360deb7b865502e068e2 20-Aug-2011 Anna Zaks <ganna@apple.com> Static Analyzer Diagnostics: Kill the addVisitorCreator(callbackTy, void*) API in favor of addVisitor(BugReporterVisitor*).

1) Create a header file to expose the predefined visitors. And move the parent(BugReporterVisitor) there as well.

2) Remove the registerXXXVisitor functions - the Visitor constructors/getters can be used now to create the object. One exception is registerVarDeclsLastStore(), which registers more then one visitor, so make it static member of FindLastStoreBRVisitor.

3) Modify all the checkers to use the new API.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138126 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
dempotentOperationChecker.cpp
bjCAtSyncChecker.cpp
eturnUndefChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
e172e8b9e7fc67d7d03589af7e92fe777afcf33a 18-Aug-2011 Anna Zaks <ganna@apple.com> Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137894 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
dempotentOperationChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrEscapeChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
08b86531ade68727c56918f162816075b87c864a 16-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Overhaul of checker registration in preparation for basic plugin support. Removes support for checker groups (we can add them back in later if we decide they are still useful), and -analyzer-checker-help output is a little worse for the time being (no packages).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137758 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
langCheckers.cpp
langSACheckerProvider.cpp
langSACheckerProvider.h
langSACheckers.h
b1a1950291c1385008af7d33b56fdb881a9b9ee5 16-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: Turn it on by default.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137740 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
f0c7fe56891d9d329e45d968a3ac2437f78f4bfa 16-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: Do not report double allocation if first allocation returned an error.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137720 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
7d458b0768160819d7380da8046a31ef092c601d 16-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: The security API/memory leak checker should always generate regular nodes instead of sink nodes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137681 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672 16-Aug-2011 Ted Kremenek <kremenek@apple.com> Rename GRState to ProgramState, and cleanup some code formatting along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
hrootChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
dempotentOperationChecker.cpp
teratorsChecker.cpp
acOSKeychainAPIChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
eturnPointerRangeChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
67f7fa471c6928eee5cd28ca3886df9b8f0e1539 15-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: Use llvm::SmallString instead of std::string (as per code review for r137523).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137633 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
9c378f705405d37f49795d5e915989de774fe11f 13-Aug-2011 Ted Kremenek <kremenek@apple.com> Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
hrootChecker.cpp
eadStoresChecker.cpp
teratorsChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
SAtomicChecker.cpp
bjCSelfInitChecker.cpp
bjCUnusedIVarsChecker.cpp
threadLockChecker.cpp
tackAddrEscapeChecker.cpp
ndefBranchChecker.cpp
ndefinedAssignmentChecker.cpp
LASizeChecker.cpp
ca804539d908d3a0e8c72a0df5f1f571d29490bb 13-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.

Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137529 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
79c9c75737cb22fd74d186999eccc10672eef8c0 13-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137526 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
703ffb11eff7bc6e8532bdbe54045e19a7732253 12-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker:
Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope.

Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137523 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
096aef9597b263b4cd6a0feaacf9e7214fa9c75a 12-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Nitpicks on Olaf's patch, which I meant to e-mail but then didn't in
time. One is cleanup, the other is me being OCD about enum group nesting.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137517 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
864d25233426d36ef4f86019d0a1a0de5d742db9 12-Aug-2011 Anna Zaks <ganna@apple.com> MacOSKeychainAPIChecker: There is no need to use SymbolMetadata to represent the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.

Make AllocationState internal to the MacOSKeychainAPIChecker class.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137514 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
9697934650354bed2e509d8e7e44f21a1fb00f76 12-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't.

Patch by Olaf Krzikalla!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
SAtomicChecker.cpp
5a58c6d66db05ad17673e2258946b61898721cd7 06-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: Track SymbolMetadata instead of MemRegion in checker state so that we could clear the state on evalDeadSymbols; also track the return value.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137003 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
ca0b57e07cfa029d4a6a061260727625bd833fd4 05-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136952 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
76cbb75ff8c1c14ad0164b602176d5d4515eb06c 04-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: Track additional pair of SecKeychain APIs. Also, keep exploring the transition on which a call to allocator function failed (to be able to find errors in examples like ErrorCodesFromDifferentAPISDoNotInterfere).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136930 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
083fcb208ee2c8c2e375c41482a92039282e6389 04-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: Refactor to make it easier to add more allocator/deallocator API pairs. Add the allocator function ID to the checker state. Better comments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136889 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
08551b575396ec89411a4e416d27fd7056ceaa9b 04-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: refactor to use early exit.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136852 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
03826aaf95018e3b29f94a10ca5616c0fc9bbee5 04-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136851 91177308-0d34-0410-b5e6-96231b3b80d8
acOSKeychainAPIChecker.cpp
0e2447113598cbd72a0cd79ac512f68d894dfbf6 04-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Remove 'all-experimental' checker group.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136849 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
033a07e5fca459ed184369cfee7c90d82367a93a 04-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] rename all experimental checker packages to have 'experimental' be the common root package.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136835 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
17f7bdddd11a2dc5b4be248f756e14b1ebfe207b 03-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136804 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
allocOverflowSecurityChecker.cpp
e68b5f1fa73f8404c5d6859a3d8a139fb1da7bbb 02-Aug-2011 Anna Zaks <ganna@apple.com> KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136694 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
acOSKeychainAPIChecker.cpp
f57be289b6040c6c92c026844a70b4f8eaba34f3 02-Aug-2011 Anna Zaks <ganna@apple.com> Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting..

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136659 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
acOSKeychainAPIChecker.cpp
b9a8adf57b30611951e72e140b61ecc7caee3564 31-Jul-2011 Benjamin Kramer <benny.kra@googlemail.com> Remove dead code flagged by GCC's -Wunused-but-set-variable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136581 91177308-0d34-0410-b5e6-96231b3b80d8
threadLockChecker.cpp
882998923889a2fcce9b49696506c499e22cf38f 29-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.

The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.

Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time. There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136419 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
nreachableCodeChecker.cpp
217470e07582a83b7cdc99e439f82eaeeeeb2262 29-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136418 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
642116259e8df6286063a17361c20e95b5017a0a 25-Jul-2011 Chandler Carruth <chandlerc@gmail.com> Rename getInstantiationLineNumber to getExpansionLineNumber in both
SourceManager and FullSourceLoc.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135969 91177308-0d34-0410-b5e6-96231b3b80d8
tackAddrEscapeChecker.cpp
5f9e272e632e951b1efe824cd16acb4d96077930 23-Jul-2011 Chris Lattner <sabre@nondot.org> remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
asicObjCFoundationChecks.cpp
StringChecker.cpp
allAndMessageChecker.cpp
heckSecuritySyntaxOnly.cpp
langSACheckerProvider.cpp
eadStoresChecker.cpp
ereferenceChecker.cpp
teratorsChecker.cpp
LVMConventionsChecker.cpp
allocChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
threadLockChecker.cpp
tackAddrEscapeChecker.cpp
9d102547dc44d064b40473a5a5166a8bb0dec99a 20-Jul-2011 Logan Chien <loganchien@google.com> Merge with clang upstream r135574 (Jul 20th 2011)

Change-Id: Ib6cc2ba08a63e4cf8febc05fb6e3f2ca58f1d71d
4cc1187e8a04f1f36e8c3656f65097e770bdc437 19-Jul-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Very minor cleanup in PthreadLockChecker. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135518 91177308-0d34-0410-b5e6-96231b3b80d8
threadLockChecker.cpp
dcb1d5d681d857eb7f534dec1f2b3d5a9f81d1f1 19-Jul-2011 Jordy Rose <jediknil@belkadan.com> [analysis] Add checks for double-locking and lock order reversal bugs for
pthread and XNU locks. Patch by Rui Paulo!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135515 91177308-0d34-0410-b5e6-96231b3b80d8
threadLockChecker.cpp
99d3594a56fb8e6900611ede7330aae61e924ec4 17-Jul-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r135359 at Sun. 17th July 2011.
0556048ae8ff743d0abb9fa88a0d0ee8e9123742 16-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Place checking for Core Foundation "Create" rule into a proper API. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135349 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
174cba922331b896949d02d8b1a05f1998ed98e1 16-Jul-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r135344 at Sat. 16th July 2011.
af5b043fe7933e515e405b8509b2609117045ce7 15-Jul-2011 Jordy Rose <jediknil@belkadan.com> Clean up UnixAPIChecker, including switching its array of BugTypes to llvm::OwningPtr<BugType> vars (the new convention). No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135255 91177308-0d34-0410-b5e6-96231b3b80d8
nixAPIChecker.cpp
57964bda54c9b1e10090cae94d776a6b9b7eca33 15-Jul-2011 Jordy Rose <jediknil@belkadan.com> Clean up MacOSXAPIChecker, including switching its array of BugTypes to a single llvm::OwningPtr<BugType> (the new convention). No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135250 91177308-0d34-0410-b5e6-96231b3b80d8
acOSXAPIChecker.cpp
3c54415a4e1db09b210a466469c72d2582ce1d83 02-Jul-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r134305 at Sat. 2nd July 2011.
aa7333c860ac651c75da495217e0d6a9c10c0bb0 02-Jul-2011 Eric Christopher <echristo@apple.com> Update for llvm commit r134291.

Fixes rdar://9714064


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@134292 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
7062281f240ef9c4fb343614fb2406532307c4a5 23-Jun-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r133678 at Thu. 23th Jun 2011.
03e80030515c800d1ab44125b9052dfffd1bd04c 21-Jun-2011 Douglas Gregor <dgregor@apple.com> Introduce a new AST node describing reference binding to temporaries.

MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given

const int& r = 1.0;

The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value.

IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.




git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133521 91177308-0d34-0410-b5e6-96231b3b80d8
teratorsChecker.cpp
8912aaedb413b15f6dd1d8997d80e1d505f7d52f 20-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Finish size argument checking for strncat (and strncpy).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133472 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
8cc2491239f0b9de35985a1650fffc05c1ca8242 20-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Replace stream-built error message with constant string. No functionality change.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133410 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
5e5f15062bcf4b62fda9062b453178f8b9bd0c2d 20-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Re-enable checking for strncpy, along with a new validation of the size argument. strncat is not yet up-to-date, but I'm leaving it enabled for now (there shouldn't be any false positives, at least...)


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133408 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
9e49d9fbdc861c25c2480233147dee07f5fa9660 20-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Eliminate "byte string function" from CStringChecker's diagnostics, and make it easier to provide custom messages for overflow checking, in preparation for re-enabling strncpy checking.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133406 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
16c8f9d68ae6d302083763d4733e728634717dec 16-Jun-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r133163 at Fri. 17th Jun 2011.
adc42d412d747391dbcee234610f00b0f087cf7b 16-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133154 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
ee2fde12934c0b11a71db286d1dc9ee8341802a5 16-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix trivial errors in previous commit.

I will not commit without building first.
I will not commit without building first.
I will not commit without building first...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133150 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
1e022415b9a66c84a9005b4e0bb2d4becb76d189 16-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Cleanup: mainly 80-char violations and preferring SValBuilder::getComparisonType() to just referencing IntTy.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133149 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
f85e193739c953358c865005855253af4f68a497 16-Jun-2011 John McCall <rjmccall@apple.com> Automatic Reference Counting.

Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.

Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133103 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
tackAddrEscapeChecker.cpp
d5af0e17b00ab2ee6a8c1f352bb9eeb1cc5b2d07 15-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.

This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.

This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133046 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
210c05b10317a11971f87e474ffa4c30bb8e4df9 15-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133044 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
467f7c8ba2b3c3b65065d05323696ded5d8a93a9 14-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] CStringChecker checks functions in the C standard library, not C++. Its external name is now unix.experimental.CString.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132958 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
bd32beee8a0f22e1d5245112f5e34ad4669994ae 14-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change large if body to early return. No functionality change.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132956 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
793bff3fb7ca2a31e81aa7f4f3f21f921459010b 14-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix modeling of strnlen to be more conservative. Move tests we can't properly model (yet?) to string-fail.c.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132955 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
e5df885367b9e122ac11c89ddfbc62375695cdab 10-Jun-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r132843 at Fri. 10th Jun 2011.
7182b9652f20c122d261d9255e11bf3a1bf871ec 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change an indent-if to an early return. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132618 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
3f8bb2fa289c956a66613b0f09e3df5e25d27c66 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Don't crash when copying an unknown number of bytes with memcpy(). Also handle all memcpy-family return values in evalCopyCommon(), rather than having some outside and some inside.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132617 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
7eb83caea14cbd3f0273004a6816c26040ac3755 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Remove extra assignment that actually lost a few of the assumptions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132614 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
c152586baf0fcdfd4c660e5dcd7b6857f13203d6 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix comment for (still-disabled) evalStrncpy


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132608 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
22d27178bf795145439b9588e260ccceab79a088 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix handling of "copy zero bytes" for memcpy and friends.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132607 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
be460d8e5364c6bffeb7b27e4c0d4d5d16e39c59 04-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] __mempcpy_chk is the same as mempcpy (at least to CStringChecker)


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132605 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
d01d2b2de449d68e6c44d99a12c0c1fc53222113 14-May-2011 Nowar Gu <nowar100@gmail.com> Merge upstream to r131335 at Sat. 14th May 2011.
10620eb5164e31208fcbf0437cd79ae535ed0559 06-May-2011 Sean Hunt <scshunt@csclub.uwaterloo.ca> Modify some deleted function methods to better reflect reality:

- New isDefined() function checks for deletedness
- isThisDeclarationADefinition checks for deletedness
- New doesThisDeclarationHaveABody() does what
isThisDeclarationADefinition() used to do
- The IsDeleted bit is not propagated across redeclarations
- isDeleted() now checks the canoncial declaration
- New isDeletedAsWritten() does what it says on the tin.
- isUserProvided() now correct (thanks Richard!)

This fixes the bug that we weren't catching

void foo() = delete;
void foo() {}

as being a redefinition.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131013 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
094ea0afcfa79eb0c4a2c35a059491be3ab954a9 03-May-2011 Lenny Maiorani <lenny@colorado.edu> Removing strncpy() checking in CString checker for now. Some significant changes need to be made to properly support modeling of it since it potentially leaves strings non-null terminated.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130758 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
35bdbf40624beba3fc00cb72ab444659939c1a6b 02-May-2011 Ted Kremenek <kremenek@apple.com> Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
454fd2d3a1b6d0ef225c5d3927c1ad3b97510d1a 02-May-2011 Lenny Maiorani <lenny@colorado.edu> Implements strncasecmp() checker and simplifies some of the logic around creating substrings if necessary and calling the appropriate StringRef::compare/compare_lower().



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130708 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
a2a3da6503bb0738f91bb46863b586b37de47367 30-Apr-2011 Ted Kremenek <kremenek@apple.com> Move the SelfInit checker to the 'cocoa.experimental' package.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130598 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
401549d71fdbc8a566c1eb71d30825de653ea5c4 28-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Use StringRef::substr() and unbounded StringRef::compare() instead of bounded version of StringRef::compare() because bounded version of StringRef::compare() is going to be removed.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130425 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
508c627db67ea4b53439fbcd688145f24d9c0400 28-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Eliminates an assert in the strncpy/strncat checker caused by not validating a cast was successful. If the value of an argument was unknown, the cast would result in a NULL pointer which was later being dereferenced.

This fixes Bugzilla #9806.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130422 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
bd1d16a1792cd6ea5ede9869e18d781e3fc1a8c3 28-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Implements strcasecmp() checker in Static Analyzer.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130398 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
4d8d803b06804defe25346871c7beb6096540c4a 27-Apr-2011 Lenny Maiorani <lenny@colorado.edu> More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.

Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130303 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
6b4f567109d76ce1f1de289554e35f2a7bbeff6b 27-Apr-2011 Ted Kremenek <kremenek@apple.com> Allow 'Environment::getSVal()' to allow an optional way for checkers to do a direct lookup to values bound to expressions, without
resulting to lazy logic. This is critical for the OSAtomicChecker that does a simulated load on any arbitrary expression.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130292 91177308-0d34-0410-b5e6-96231b3b80d8
SAtomicChecker.cpp
357f6ee9f1f6f8e5027377cb3e5907c62c4fe3df 26-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Implements the strncmp() checker just like the strcmp() checker, but with bounds. Requires LLVM svn r129582.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130161 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
c69a505cfa318d571ce8a0cd038c8d958585a735 23-Apr-2011 Jay Foad <jay.foad@gmail.com> Remove unused STL header includes.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130068 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
f05982b5f8f69a1d618c3bd844ab6efd3a6e2953 19-Apr-2011 Anders Carlsson <andersca@mac.com> Make the VariadicMethodTypeChecker accept block pointers as Objective-C pointers. Fixes PR9746.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129741 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
162e1c1b487352434552147967c3dd296ebee2f7 15-Apr-2011 Richard Smith <richard-llvm@metafoo.co.uk> Support for C++11 (non-template) alias declarations.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129567 91177308-0d34-0410-b5e6-96231b3b80d8
teratorsChecker.cpp
LVMConventionsChecker.cpp
fc8f0e14ad142ed811e90fbd9a30e419e301c717 15-Apr-2011 Chris Lattner <sabre@nondot.org> fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129559 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
bjCSelfInitChecker.cpp
9281efe614741f3742ebf8196a703f6c923c6ff0 12-Apr-2011 Ted Kremenek <kremenek@apple.com> Teach VariadicMethodTypeChecker to not crash when processing methods declared in protocols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129395 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
1212f807af8aa93689845d18eb5a260718c77e57 12-Apr-2011 Ted Kremenek <kremenek@apple.com> Fix another IdempotentOperationsChecker corner case when determining if an active block on the worklist
impacts the results of the check.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129394 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
82cfc6849204b07e80f8ac71e33247f7df760032 12-Apr-2011 Ted Kremenek <kremenek@apple.com> ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region. In many cases that isn't really the base offset.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129366 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
318dd92ad834857ea5bb91de288c1eb56cdbec1a 12-Apr-2011 Lenny Maiorani <lenny@colorado.edu> This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129364 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
067bbd0e11c71a33b51832532e836971be697699 09-Apr-2011 Lenny Maiorani <lenny@colorado.edu> strcat() and strncat() model additions to CStringChecker.

Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129215 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
9a7319305fc25222b91d585dfa056c8cdbac8434 06-Apr-2011 Nowar Gu <nowar100@gmail.com> Merge upstream until 2011.04.05.
9cb677e3d8bffc665fd2a62e65b0f2f5e659a61d 05-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.

Also, brings the security syntax checker more inline with coding standards.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128916 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
c2dace11190e42d7cdd3c1b3bd2ecc8593f8e13e 03-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128785 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
e87e717b0dbe4776f2b4dbb1e6ce2a19f562d2b0 02-Apr-2011 csmon7507 <csmon7507@gmail.com> Merge branch 'upstream' into logan-fastforward-20110320
2bfa3019b8fb35931ca4927feaf25d39161b423e 02-Apr-2011 Zhongxing Xu <xuzhongxing@gmail.com> Remove a redundant method. We have a const version.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
422ab7a49a9a4252dbc6350e49d7a5708337b9c7 02-Apr-2011 Ted Kremenek <kremenek@apple.com> Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128761 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
dempotentOperationChecker.cpp
66750fa464ace9f8c41666c8585ec71a248c1cca 02-Apr-2011 Ted Kremenek <kremenek@apple.com> static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128760 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
dempotentOperationChecker.cpp
f445debe3a6825e6528655db0906ce4fa41240ea 01-Apr-2011 csmon <csmon@csmon-desktop.(none)> Merge branch 'upstream' into logan-fastforward-20110320
5b67a82a2621c148694ff0f0352aa949b363934c 01-Apr-2011 Lenny Maiorani <lenny@colorado.edu> Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128679 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
b8b875be7b2d177d755641c6212111859372d611 31-Mar-2011 Lenny Maiorani <lenny@colorado.edu> Adding Static Analyzer checker for mempcpy().

Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128677 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
ea4411e3eee3f86e5d9ebb5caa7fdc025ca3a515 31-Mar-2011 Lenny Maiorani <lenny@colorado.edu> Fix spelling in a comment. (test commit)



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128670 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
1b02dcdbe0aa9733b4ff2657216bd52a493f5627 30-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Allow all checkers of a group to be enabled.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128512 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckerProvider.cpp
9bc1afc3580133c1c930ddba497e6ef541c917be 30-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128511 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckerProvider.cpp
langSACheckers.h
1293cdac691975a57a0e8a4f1448b3ed9e293c50 29-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Checker Packages can now belong to a group. This requires llvm commit r128474.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128475 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
b80302622c224d5b7b61cedc1c753f8c752bddf8 26-Mar-2011 Ted Kremenek <kremenek@apple.com> Tweak grammar in checker description.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128310 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
5188507b9a1b09ec95c14ffadf0e832f2b47aa8a 24-Mar-2011 Ted Kremenek <kremenek@apple.com> Rework checker "packages" and groups to be more hierarchical.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128187 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
97d2d2e368d3ead34d83c328383711c7dabab60a 22-Mar-2011 Logan Chien <tzuhsiang.chien@gmail.com> Merge with clang upstream r127980 (Mar 20th 2011)
aeafaf67b019bf195fb1adec7a45ab00ace0efb6 20-Mar-2011 Logan Chien <tzuhsiang.chien@gmail.com> Apply changes to migrate to Mar 18th 2011.
ndroid.mk
8e02635c9c276720a1e6f926b33303a53cebe9c7 18-Mar-2011 Logan Chien <tzuhsiang.chien@gmail.com> Merge with clang upstream r127869 (Mar 18th 2011)
af13d5b25b360e698cc1cf1055ad7d14e008e505 19-Mar-2011 Ted Kremenek <kremenek@apple.com> Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.

This rename serves two purposes:

- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127930 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
f3f929386254a53c398fa884848738113a73ca23 17-Mar-2011 Ted Kremenek <kremenek@apple.com> Teach VariadicMethodTypeChecker about pointers attributed as 'NSObject'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127798 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
928c415d5dde89b7c01e41f0dfa8a782cbfa8e7d 17-Mar-2011 Ted Kremenek <kremenek@apple.com> Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127797 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
d5fde2106af8e78cc1b97d6369ad0de5d0875491 16-Mar-2011 Ted Kremenek <kremenek@apple.com> VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127719 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
cf995d357759221f0a3b9fcd9315b004a4aa38ad 15-Mar-2011 Ted Kremenek <kremenek@apple.com> Remove bogus assertion in IdempotentOperationsChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127687 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
6fb5c1facaf36795a8c1050cd901e0e829ac1a64 14-Mar-2011 Ted Kremenek <kremenek@apple.com> Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.

Also add a test case showing that we correctly report multiple warnings for the same message expression.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127605 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
4597b7b28e3a71f3c4f0ee3a3bd6a34423e6f885 13-Mar-2011 Anders Carlsson <andersca@mac.com> Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.

Ted or Argiris, I'd appreciate a review!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127572 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
heckers.td
ade3195a201e16e989e9f93a568fb1806519077c 12-Mar-2011 Ted Kremenek <kremenek@apple.com> Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127531 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
7084da3e944fdfaa922dda0d57c0fe4cb7b88178 12-Mar-2011 Ted Kremenek <kremenek@apple.com> Don't have side-effects (or rather non-trivial computation) in StringSwitch "cases."

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127528 91177308-0d34-0410-b5e6-96231b3b80d8
teratorsChecker.cpp
dd54de85cd98b85a79857723bcf3d7d95073a2a0 12-Mar-2011 Ted Kremenek <kremenek@apple.com> Add initial version of "IteratorsChecker", a checker to find misues uses of C++ iterators.

This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127525 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
teratorsChecker.cpp
f4e3cfbe8abd124be6341ef5d714819b4fbd9082 11-Mar-2011 Peter Collingbourne <peter@pcc.me.uk> Add support for the OpenCL vec_step operator, by generalising and
extending the existing support for sizeof and alignof. Original
patch by Guy Benyei.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127475 91177308-0d34-0410-b5e6-96231b3b80d8
heckSizeofPointer.cpp
dempotentOperationChecker.cpp
nreachableCodeChecker.cpp
c805eb9bc32fb0e2e767e2c4dcce1541feb4b69d 07-Mar-2011 Logan Chien <tzuhsiang.chien@gmail.com> Add build rules for StaticAnalyzer.
ndroid.mk
b62bdce3e981ea4f357126bc391be1cbc1efa4df 08-Mar-2011 Anders Carlsson <andersca@mac.com> Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127268 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
85f3d76c0ecfdefcf83ea44a57b7a16119c8a045 02-Mar-2011 John McCall <rjmccall@apple.com> Move some of the logic about classifying Objective-C methods into
conventional categories into Basic and AST. Update the self-init checker
to use this logic; CFRefCountChecker is complicated enough that I didn't
want to touch it.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126817 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
3c0349e87cdbd7316d06d2411d86ee1086e717a5 01-Mar-2011 Ted Kremenek <kremenek@apple.com> In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.

- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126738 91177308-0d34-0410-b5e6-96231b3b80d8
nreachableCodeChecker.cpp
4ba48c43410a8ad4f32d1d3f684c7d297513e0a1 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Also make sure that the parameter is coming from the current stack frame.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126735 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
25a792b0361d80337c75a14320f5be1b210066dc 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove SVal::getAsVarDecl() and reason about MemRegions, not Decls. Suggestion by Ted!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126734 91177308-0d34-0410-b5e6-96231b3b80d8
SErrorChecker.cpp
7636d8853f4b96be2fa394eb59047ccad37efa4c 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Move lib/StaticAnalyzer/Checkers/ExprEngine.cpp -> lib/StaticAnalyzer/Core
and hope the wrath of the buildbots will not descend upon me.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126728 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
xprEngine.cpp
ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Rename CheckerV2 -> Checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
nalyzerStatsChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
hrootChecker.cpp
eadStoresChecker.cpp
ebugCheckers.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
ixedAddressChecker.cpp
dempotentOperationChecker.cpp
LVMConventionsChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
bjCUnusedIVarsChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrEscapeChecker.cpp
treamChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
LASizeChecker.cpp
d26a475068535834bbebd87f429ec773d6227e41 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove Checker V1.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126725 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
eb48bd1dd4168ab206a330bf523659170291a6a0 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove checker V1 registration and running from ExprEngine.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126724 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
c367a876d0abcf32cb443712ce2709a0491be00b 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove unused checker stuff from AnalysisConsumer and some unused headers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126690 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
asicObjCFoundationChecks.h
eadStoresChecker.cpp
xprEngine.cpp
nternalChecks.h
LVMConventionsChecker.cpp
b3d74da3e1620c9a7a378afb5f244e4987e6713e 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate NSErrorChecker and DereferenceChecker to CheckerV2.

They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126659 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ereferenceChecker.cpp
xprEngine.cpp
SErrorChecker.cpp
3b368dda700e46ef6002168b92cb5bd18e261a5c 28-Feb-2011 Anders Carlsson <andersca@mac.com> Fix CMake build.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126629 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
d84f422ebfde2145bce79a8fa823e3393b392994 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analzyer] Migrate CallAndMessageChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126626 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
heckers.td
xprEngine.cpp
nternalChecks.h
2b3ca9c420e90f131642d7e7d47af6387dad7e1d 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] ExprEngine should not depend on checkers for not crashing.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126625 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
139ca9630d2f4978e3ec97ab57097dcf6991bbe7 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate AdjustedReturnValueChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126624 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
heckers.td
xprEngine.cpp
nternalChecks.h
bd90076671c8012244bb7e3fd84b6789e47cb199 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate AttrNonNullChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126623 91177308-0d34-0410-b5e6-96231b3b80d8
ttrNonNullChecker.cpp
heckers.td
xprEngine.cpp
nternalChecks.h
73c498a08f4968b6987d1453c7b77929dcc6d5f7 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] ExprEngine should not depend on checkers for not crashing.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126622 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
3ce2b48461115af047ee1e957e1892af255bf120 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate VLASizeChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126621 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
LASizeChecker.cpp
919c9b99e56f1ba519f21d55f2008592c4f32640 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate DivZeroChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126620 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ivZeroChecker.cpp
xprEngine.cpp
nternalChecks.h
7f649d749f18b3499456d7ae6a69f3bbd7cf7cdc 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate ReturnUndefChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126619 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
eturnUndefChecker.cpp
eb290caacc49587e4d3c992ba742d1916cab5350 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UndefinedArraySubscriptChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126618 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
ndefinedArraySubscriptChecker.cpp
267aa5c93b1eecc1d6f2c65ed2ba1fe840a9d0fd 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UndefinedAssignmentChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126617 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
ndefinedAssignmentChecker.cpp
cc05d511b26ac6dc80fcbcc78ac305d2755aa0b9 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UndefBranchChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126616 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
ndefBranchChecker.cpp
265c674f634e99e5df1135d764e21365351372da 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UndefCapturedBlockVarChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126615 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
ndefCapturedBlockVarChecker.cpp
180e03f9761aa55b5adca430706595e1bbb79c4d 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UndefResultChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126614 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
ndefResultChecker.cpp
3267d9563f8265bfce967b3801273a7c53b91346 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate NoReturnFunctionChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126613 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
oReturnFunctionChecker.cpp
a676d501a001657892c483bd4d651650e168f337 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Move the DeadStores checker out of the 'core' package.

-Now it gets enabled with '-analyzer-checker=DeadStores'.
-The driver passes the above flag by default.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126612 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
103487088211c13ff3ae66f265130c56fb6be025 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate BuiltinFunctionChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126611 91177308-0d34-0410-b5e6-96231b3b80d8
uiltinFunctionChecker.cpp
heckers.td
xprEngine.cpp
nternalChecks.h
f029366e3028b1002cd16a88b07bab5bffc73339 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate OSAtomicChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126610 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xprEngine.cpp
nternalChecks.h
SAtomicChecker.cpp
05357018b2e5e66559ad0ce2147dc1db9af42b9d 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate ArrayBoundCheckerV2 to CheckerV2.

Turns -analyzer-check-buffer-overflows into -analyzer-checker=core.experimental.Overflow

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126609 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundCheckerV2.cpp
heckers.td
nternalChecks.h
58f2e7c3c3860e410fa3d8252862ef10be7cdc70 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Turn -analyzer-stats into -analyzer-checker=debug.Stats

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126608 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
heckers.td
xperimentalChecks.h
6dd4dffe1090e820e9b5b25eee8ad3907a1aa679 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove '-analyzer-experimental-checks' flag.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126607 91177308-0d34-0410-b5e6-96231b3b80d8
xperimentalChecks.cpp
xperimentalChecks.h
312dbec867f6b8d6b86fd562c53352cd4db27468 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate MallocChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126606 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xperimentalChecks.cpp
xprEngine.cpp
allocChecker.cpp
b8d545ca06761ce779eb14326af7b2dfeb1196fc 25-Feb-2011 Ted Kremenek <kremenek@apple.com> Update test cases.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126523 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
f5d2ef4a61e70eb2bcc3f4872e7095cf19d20163 25-Feb-2011 Ted Kremenek <kremenek@apple.com> Tidy up help text in Checkers.td, and rename StackAddrLeakChecker to StackAddrEscapeChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126522 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
tackAddrEscapeChecker.cpp
tackAddrLeakChecker.cpp
116f3640daee424dfcdbe55e80be5a67476be4b0 25-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> Intoduce '-analyzer-checker-help' flag which outputs a list of all available static analyzer checkers.

This is pretty basic for now, eventually checkers should be grouped according to package, hidden checkers should be indicated etc.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126454 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckerProvider.cpp
65d39251ff57b8e33cf6d3a7fcc6aa1c6f8cdc68 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove '-analyzer-experimental-internal-checks' flag, it doesn't have any checkers associated with it anymore.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126440 91177308-0d34-0410-b5e6-96231b3b80d8
xperimentalChecks.cpp
08099adb95fd111009c19f49038674c93df34c48 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Allow a checker to be hidden even if its package is hidden & enabled.

For example, if 'core.experimental.UnreachableCode' is hidden, it should not be enabled with 'core.experimental'.
Note that this requires llvm commit r126436.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126439 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
langSACheckerProvider.cpp
0d6b0c00823410c8d532fc15e40c9b62ae43a08b 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate CastSizeChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126438 91177308-0d34-0410-b5e6-96231b3b80d8
astSizeChecker.cpp
heckers.td
xperimentalChecks.cpp
nternalChecks.h
8be5b3aced37e1c7728741c60d47011f11649a58 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate ArrayBoundChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126371 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
heckers.td
xperimentalChecks.cpp
nternalChecks.h
9c0d6891b3ec4b0d20b8a295946c0dc5426d147c 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Don't pass a GRState to CheckerManager::runCheckersForLocation, terrible mistake.

If the state is new, make sure an ExplodedNode is associated with it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126370 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
69355798abdbe5e78d1185af7d4600b9355b5814 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate ReturnPointerRangeChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126369 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xperimentalChecks.cpp
nternalChecks.h
eturnPointerRangeChecker.cpp
64be13795a9b5b25de6b151551a2f5ef2bab353c 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Remove unused functions from CheckerManager.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126352 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
699bbf9f3fa67ededdd762d2637d72d2a4a88b7a 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate StreamChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126351 91177308-0d34-0410-b5e6-96231b3b80d8
treamChecker.cpp
183ff98f425d470c2a0276880aaf43496c9dad14 24-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate CStringChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126350 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
xprEngine.cpp
af5800a1e287990bb547e052f257adeeae5ab476 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate StackAddrLeakChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126333 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
tackAddrLeakChecker.cpp
f178ac8b68b29e44867777232ba8fee59edc4037 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Refactor EndOfFunctionNodeBuilder.

-Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a
checker tag and not require the checkers to pass a tag.
-For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since
there are actual calls that assume the second parameter is ExplodedNode.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126332 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
allocChecker.cpp
tackAddrLeakChecker.cpp
treamChecker.cpp
ecc4d33619f68481aa7435a7957fe824f9eb9029 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate IdempotentOperationChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126331 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
e1bfb7ae0dd0762c88e1fd94746e973c37f2e04e 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate ChrootChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126324 91177308-0d34-0410-b5e6-96231b3b80d8
hrootChecker.cpp
xprEngine.cpp
30726c6baee1417307236e854f1474fdb3cedb98 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate UnreachableCodeChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126308 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
nreachableCodeChecker.cpp
45d9b4e44154939b91d6b8f63e7756feaca547f2 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate to CheckerV2:

NSAutoreleasePoolChecker
ObjCAtSyncChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126307 91177308-0d34-0410-b5e6-96231b3b80d8
SAutoreleasePoolChecker.cpp
bjCAtSyncChecker.cpp
42461eecee98fff3671b3c14ce10f1a9e18cc95c 23-Feb-2011 Ted Kremenek <kremenek@apple.com> Migrate CFGReachabilityAnalysis out of the IdempotentOperationsChecker and into its own analysis file.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126289 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
283a358aecb75e30fcd486f2206f6c03c5e7f11d 23-Feb-2011 Ted Kremenek <kremenek@apple.com> Have IdempotentOperationsChecker pull its CFGStmtMap from AnalysisContext.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126288 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
983326f32c746f5e47161a73758e4d363263dd2c 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate to CheckerV2:

CastToStructChecker
FixedAddressChecker
MacOSXAPIChecker
PointerArithChecker
PointerSubChecker
PthreadLockChecker
UnixAPIChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126284 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
astToStructChecker.cpp
ixedAddressChecker.cpp
acOSXAPIChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
nixAPIChecker.cpp
74eed0ea03598cc5ef58b72fd5ed929631a11631 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate the BasicObjCFoundationChecks to CheckerV2:

NilArgChecker
CFNumberCreateChecker
ClassReleaseChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126275 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
404fc3ad6bd844bf8ce70cbf9974ab297704a122 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Refactor BugTypes and their ownership model.

-In general, don't have the BugReporter deleting BugTypes, BugTypes will eventually become owned by checkers
and outlive the BugReporter. In the meantime, there will be some leaks since some checkers assume that
the BugTypes they create will be destroyed by the BugReporter.
-Have BugReporter::EmitBasicReport create BugTypes that are reused if the same name & category strings
are passed to EmitBasicReport. These BugTypes are owned and destroyed by the BugReporter.
This allows bugs reported through EmitBasicReport to be coalesced.
-Remove the llvm::FoldingSet<BugReportEquivClass> from BugType and move it into the BugReporter.
For uniquing BugReportEquivClass also use the BugType* so that we can iterate over all of them using only one set.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126272 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
769ce3e93ad35bd9ac28e4d8b8f035ae4fd9a5b5 22-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Start moving the path-sensitive checkers to CheckerV2.

-Migrate ObjCSelfInitChecker to CheckerV2. In the process remove the 'preCallSelfFlags' field
from the checker class and use GRState for storing that info.
-Get ExprEngine to start delegating checker running to CheckerManager.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126229 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
bjCSelfInitChecker.cpp
0ef473f75426f0a95635d0a9dd567d27b07dbd5b 22-Feb-2011 Ted Kremenek <kremenek@apple.com> Add CStringChecker support for strncpy. Patch by Lenny Maiorani!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126188 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
be4242ce039f0542ea0dd5f234aa0ee698f90c53 22-Feb-2011 Ted Kremenek <kremenek@apple.com> Add CStringChecker support for strnlen. Patch by Lenny Maiorani!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126187 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
c8da1ecaf58ff41b652dd53331aace948027039b 20-Feb-2011 Oscar Fuentes <ofv@wanadoo.es> New function for tablegenning: clang_tablegen.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126093 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
b20f5c6f79968ce57ebb6222f0d2e7f51908d1be 19-Feb-2011 Oscar Fuentes <ofv@wanadoo.es> Fix some add_dependencies.

The syntax is (add_dependencies target-name depend-target1 ...).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126049 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
63ba0460da07749607a33ee419b315712a323542 17-Feb-2011 Oscar Fuentes <ofv@wanadoo.es> CMake: updated source file list.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125783 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
2d67b90a21c9c1093e6598809c2cbc832919cfe6 17-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism for the debugging info "checks".

The relative checker package is 'debug':

'-dump-live-variables' is replaced by '-analyzer-checker=debug.DumpLiveVars'
'-cfg-view' is replaced by '-analyzer-checker=debug.ViewCFG'
'-cfg-dump' is replaced by '-analyzer-checker=debug.DumpCFG'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125780 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
ebugCheckers.cpp
7dd445ec20e704846cfbdb132e56539280d71311 17-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on the non-path-sensitive-checkers:

DeadStoresChecker
ObjCMethSigsChecker
ObjCUnusedIvarsChecker
SizeofPointerChecker
ObjCDeallocChecker
SecuritySyntaxChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125779 91177308-0d34-0410-b5e6-96231b3b80d8
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
heckers.td
eadStoresChecker.cpp
bjCUnusedIVarsChecker.cpp
9fb9474c5b267400d4abfbff63c8b39f378235d4 17-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer]
-Introduce CheckerV2, a set of templates for convenient declaration & registration of checkers.
Currently useful just for checkers working on the AST not the path-sensitive ones.
-Enhance CheckerManager to actually collect the checkers and turn it into the entry point for
running the checkers.
-Use the new mechanism for the LLVMConventionsChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125778 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
LVMConventionsChecker.cpp
695fb502825a53ccd178ec1c85c77929d88acb71 17-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Pass CheckerManager to the registration functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125777 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
StringChecker.cpp
astToStructChecker.cpp
hrootChecker.cpp
langSACheckerProvider.cpp
langSACheckers.h
ixedAddressChecker.cpp
dempotentOperationChecker.cpp
acOSXAPIChecker.cpp
SAutoreleasePoolChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
tackAddrLeakChecker.cpp
treamChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
c869abe2a9deeff22f778029a7f7f75e009be03f 17-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> When building StaticAnalyzer/Frontend add -I "<Checkers build dir>" to allow Checkers.inc to be
included without '..', thus being compatible with build systems of *BSDs.

Patch by Joerg Sonnenberger!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125758 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckers.h
56ca35d396d8692c384c785f9aeebcf22563fe1e 17-Feb-2011 John McCall <rjmccall@apple.com> Change the representation of GNU ?: expressions to use a different expression
class and to bind the shared value using OpaqueValueExpr. This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait; or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.

Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.

This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here. In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.

I've tried to update the analyzer to deal with this in at least some
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125744 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
dempotentOperationChecker.cpp
ad8dcf4a9df0e24051dc31bf9e6f3cd138a34298 17-Feb-2011 Chris Lattner <sabre@nondot.org> Step #1/N of implementing support for __label__: split labels into
LabelDecl and LabelStmt. There is a 1-1 correspondence between the
two, but this simplifies a bunch of code by itself. This is because
labels are the only place where we previously had references to random
other statements, causing grief for AST serialization and other stuff.

This does cause one regression (attr(unused) doesn't silence unused
label warnings) which I'll address next.

This does fix some minor bugs:
1. "The only valid attribute " diagnostic was capitalized.
2. Various diagnostics printed as ''labelname'' instead of 'labelname'
3. This reduces duplication of label checking between functions and blocks.

Review appreciated, particularly for the cindex and template bits.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125733 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
6810630bb00ba2944cbeb54834f38f69dbddfd7f 17-Feb-2011 Chris Lattner <sabre@nondot.org> simplify a bit.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125724 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
allocChecker.cpp
7dfc9420babe83e236a47e752f8723bd06070d9d 16-Feb-2011 Zhanyong Wan <wan@google.com> Makes most methods in SVals.h conform to the naming guide. Reviewed
by kremenek.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
xprEngine.cpp
2dbf07d095e6ffbeef50942a9c9f3241f71d5fb8 16-Feb-2011 Nick Lewycky <nicholas@mxc.ca> Revert r125642. This broke the build? It should be a no-op.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125645 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckers.h
864b9830f3becc0769503b8a470791946f15a8ed 16-Feb-2011 Nick Lewycky <nicholas@mxc.ca> Don't use "../foo" to return to the current directory.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125642 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckers.h
0b1ba6227c67d5e04b589ed8a08afa2345a40666 16-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on the apple checkers:

NilArgChecker
CFNumberCreateChecker
NSAutoreleasePoolChecker
CFRetainReleaseChecker
ClassReleaseChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125636 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
asicObjCFoundationChecks.h
heckers.td
SAutoreleasePoolChecker.cpp
23ade507cecd24b03f5e4b5ebaea48eb38060262 15-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on some of the experimental internal checkers:

CastToStructChecker
FixedAddressChecker
PointerArithChecker
PointerSubChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125612 91177308-0d34-0410-b5e6-96231b3b80d8
astToStructChecker.cpp
heckers.td
xperimentalChecks.cpp
ixedAddressChecker.cpp
nternalChecks.h
ointerArithChecker.cpp
ointerSubChecker.cpp
c9f2e0f286500c7e747849b3aa9c0e67a4dc90d7 15-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on the IdempotentOperationChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125611 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
xperimentalChecks.h
dempotentOperationChecker.cpp
a0decc9a2481f938e1675b4f7bbd58761a882a36 15-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on some of the experimental checks. These are:

CStringChecker
ChrootChecker
MallocChecker
PthreadLockChecker
StreamChecker
UnreachableCodeChecker

MallocChecker creates implicit dependencies between checkers and needs to be handled differently.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125598 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
heckers.td
hrootChecker.cpp
xperimentalChecks.cpp
xperimentalChecks.h
threadLockChecker.cpp
treamChecker.cpp
nreachableCodeChecker.cpp
6cd370cc314a57c406920084170c4f353048c416 15-Feb-2011 Douglas Gregor <dgregor@apple.com> Add missing CMake dependency

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125566 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
26c05b11dc91662820e7709bb22efe9903289d1f 15-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Reflect changes for tablegen'ing the checkers.

-Update tablegen files for checkers, use the tablegen class name for the checker class name.
-Update ClangSACheckersProvider to not look into hidden checker packages.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125560 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
langSACheckerProvider.cpp
akefile
027a6abdd6cedc0b8203da72eed6d15c796dce9d 15-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Use the new registration mechanism on some of the internal checks. These are:

StackAddrLeakChecker
ObjCAtSyncChecker
UnixAPIChecker
MacOSXAPIChecker

The rest have/create implicit dependencies between checkers and need to be handled differently.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125559 91177308-0d34-0410-b5e6-96231b3b80d8
heckers.td
langSACheckers.h
xprEngine.cpp
nternalChecks.h
acOSXAPIChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
tackAddrLeakChecker.cpp
nixAPIChecker.cpp
b53189160c53b1d49d10c1b6fc439549a06ce618 15-Feb-2011 Ted Kremenek <kremenek@apple.com> IdempotentOperationChecker: don't repeatedly recompute block reachability.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125548 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
b641f08cbee230ce872b37816d241cef081af803 14-Feb-2011 Oscar Fuentes <ofv@wanadoo.es> Add current binary and source directories to the header search list
for all compiler invocations.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125514 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
7fa4f62979d3810b300cdcea60b3e659dc088268 14-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> Remove left-over #include.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125507 91177308-0d34-0410-b5e6-96231b3b80d8
langSACheckerProvider.cpp
43dee220252ef0b42c5f8a3bb1eca97f84f2565f 14-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Overhauling of the checker registration mechanism.

-Checkers will be defined in the tablegen file 'Checkers.td'.
-Apart from checkers, we can define checker "packages" that will contain a collection of checkers.
-Checkers can be enabled with -analyzer-checker=<name> and disabled with -analyzer-disable-checker=<name> e.g:
Enable checkers from 'cocoa' and 'corefoundation' packages except the self-initialization checker:
-analyzer-checker=cocoa -analyzer-checker=corefoundation -analyzer-disable-checker=cocoa.SelfInit
-Introduces CheckerManager and CheckerProvider. CheckerProviders get the set of checker names to enable/disable and
register them with the CheckerManager which will be the entry point for all checker-related functionality.

Currently only the self-initialization checker takes advantage of the new mechanism.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125503 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckers.td
langSACheckerProvider.cpp
langSACheckerProvider.h
langSACheckers.h
xprEngine.cpp
akefile
f49a009c18b9c6fd92868600c3195afe4eb97259 14-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Move Checkers/FrontendActions.cpp -> Frontend/FrontendActions.cpp

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125500 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
rontendActions.cpp
e817771c57d0eacbe069a314ba619c43d0ac70ab 14-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Introduce libclangStaticAnalyzerFrontend and move Checkers/AnalysisConsumer.cpp into Frontend lib.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125499 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.cpp
MakeLists.txt
6a6d9a8eceb9424b18ed4a897dece97e5bf5c297 14-Feb-2011 Ted Kremenek <kremenek@apple.com> Remove dead code in IdempotentOperationChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125497 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
e8350c6996170e324b31cd188d002fe5f40f54f7 14-Feb-2011 Ted Kremenek <kremenek@apple.com> Fix edge case where we don't cull warnings in IdempotentOperationsChecker due to incomplete analysis of loops.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125495 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
8e3767711f79578ff2aac8a0d28de1e08a3923f4 14-Feb-2011 Ted Kremenek <kremenek@apple.com> Use 'BitVector' instead of SmallPtrSet<CFGBlock*> in IdempotentOperationsChecker. No real functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125494 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
020c374273ab6099acbed747a7f27aebf8f0af1d 12-Feb-2011 Ted Kremenek <kremenek@apple.com> Teach the IdempotentOperations checker to ignore property setters.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125443 91177308-0d34-0410-b5e6-96231b3b80d8
dempotentOperationChecker.cpp
b715a7cef11664c1c47cfc3dcc503aadc58b6cac 12-Feb-2011 Ted Kremenek <kremenek@apple.com> Weaken the ObjCSelfInitChecker to only warn when one calls an 'init' method within an 'init' method. This is a temporary stop gap to avoid false positives while we investigate how to make it smarter.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125427 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
f4e532b5a1683a9f6c842f361c7415bf3474315f 12-Feb-2011 Ted Kremenek <kremenek@apple.com> Don't emit a dead store for '++' operations unless it occurs with a return statement. We've never seen any other cases that were real bugs.

Fixes <rdar://problem/6962292>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125419 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
848ec83483ca4ba52ed72c7e29ebc330f8c87252 12-Feb-2011 Ted Kremenek <kremenek@apple.com> Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125415 91177308-0d34-0410-b5e6-96231b3b80d8
eadStoresChecker.cpp
2534528c22260211a073e192c38d0db84c70c327 11-Feb-2011 Ted Kremenek <kremenek@apple.com> Rename 'InvalidateRegions()' to 'invalidateRegions()'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8
StringChecker.cpp
886e1606c28e970bb288abf4dbc40feb16822a79 10-Feb-2011 NAKAMURA Takumi <geek4civic@gmail.com> CMake: LLVM_NO_RTTI must be obsolete now!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125275 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
9b663716449b618ba0390b1dbebc54fa8e971124 10-Feb-2011 Ted Kremenek <kremenek@apple.com> Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.

This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
nalysisConsumer.cpp
nalyzerStatsChecker.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
asicObjCFoundationChecks.cpp
uiltinFunctionChecker.cpp
StringChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
heckObjCDealloc.cpp
heckObjCInstMethSignature.cpp
heckSecuritySyntaxOnly.cpp
heckSizeofPointer.cpp
hrootChecker.cpp
eadStoresChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
xprEngine.cpp
ixedAddressChecker.cpp
rontendActions.cpp
dempotentOperationChecker.cpp
LVMConventionsChecker.cpp
acOSXAPIChecker.cpp
allocChecker.cpp
SAutoreleasePoolChecker.cpp
SErrorChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
bjCUnusedIVarsChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
threadLockChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrLeakChecker.cpp
treamChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
nreachableCodeChecker.cpp
LASizeChecker.cpp
e08ce650a2b02410eddd1f60a4aa6b3d4be71e73 09-Feb-2011 Peter Collingbourne <peter@pcc.me.uk> AST, Sema, Serialization: add CUDAKernelCallExpr and related semantic actions

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125217 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
63c00d7f35fa060c0a446c9df3a4402d9c7757fe 09-Feb-2011 John McCall <rjmccall@apple.com> Remove vtables from the Stmt hierarchy; this was pretty easy as
there were only three virtual methods of any significance.

The primary way to grab child iterators now is with
Stmt::child_range children();
Stmt::const_child_range children() const;
where a child_range is just a std::pair of iterators suitable for
being llvm::tie'd to some locals. I've left the old child_begin()
and child_end() accessors in place, but it's probably a substantial
penalty to grab the iterators individually now, since the
switch-based dispatch is kindof inherently slower than vtable
dispatch. Grabbing them together is probably a slight win over the
status quo, although of course we could've achieved that with vtables, too.

I also reclassified SwitchCase (correctly) as an abstract Stmt
class, which (as the first such class that wasn't an Expr subclass)
required some fiddling in a few places.

There are somewhat gross metaprogramming hooks in place to ensure
that new statements/expressions continue to implement
getSourceRange() and children(). I had to work around a recent clang
bug; dgregor actually fixed it already, but I didn't want to
introduce a selfhosting dependency on ToT.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125183 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
d767d81290288c030f3be0be1d3e62b9c8df51dc 09-Feb-2011 Ted Kremenek <kremenek@apple.com> static analyzer: Further reduce the analyzer's memory usage when analyzing sqlite3 by 7-10% by recylcing "uninteresting" ExplodedNodes.

The optimization involves eagerly pruning ExplodedNodes from the ExplodedGraph that contain
practically no difference between the predecessor and successor nodes. For example, if
the state is different between a predecessor and a node, the node is left in. Only for
the 'environment' component of the state do we not care if the ExplodedNodes are different.
This paves the way for future optimizations where we can reclaim the environment objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125154 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.cpp
xprEngine.cpp
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core.

Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration.
Yet another library to avoid cyclic dependencies between Core and Checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8
nalyzerStatsChecker.cpp
MakeLists.txt
a12a51701794a5ce96d47513ed186922e41eadd5 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.cpp -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.cpp

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125123 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
xperimentalChecks.cpp
xprEngineExperimentalChecks.cpp
af1a9330ffc0757e1534206f4f50eb420ef57b23 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.h

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125122 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.cpp
StringChecker.cpp
hrootChecker.cpp
xperimentalChecks.h
xprEngineExperimentalChecks.cpp
xprEngineExperimentalChecks.h
dempotentOperationChecker.cpp
allocChecker.cpp
threadLockChecker.cpp
treamChecker.cpp
nreachableCodeChecker.cpp
04291a7c76e16a2dc5433c80c3d13c826bf372dc 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineInternalChecks.h -> lib/StaticAnalyzer/Checkers/InternalChecks.h

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125121 91177308-0d34-0410-b5e6-96231b3b80d8
djustedReturnValueChecker.cpp
nalysisConsumer.cpp
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ttrNonNullChecker.cpp
uiltinFunctionChecker.cpp
allAndMessageChecker.cpp
astSizeChecker.cpp
astToStructChecker.cpp
ereferenceChecker.cpp
ivZeroChecker.cpp
xprEngine.cpp
xprEngineExperimentalChecks.cpp
xprEngineInternalChecks.h
ixedAddressChecker.cpp
nternalChecks.h
acOSXAPIChecker.cpp
oReturnFunctionChecker.cpp
SAtomicChecker.cpp
bjCAtSyncChecker.cpp
bjCSelfInitChecker.cpp
ointerArithChecker.cpp
ointerSubChecker.cpp
eturnPointerRangeChecker.cpp
eturnUndefChecker.cpp
tackAddrLeakChecker.cpp
ndefBranchChecker.cpp
ndefCapturedBlockVarChecker.cpp
ndefResultChecker.cpp
ndefinedArraySubscriptChecker.cpp
ndefinedAssignmentChecker.cpp
nixAPIChecker.cpp
LASizeChecker.cpp
0ca1040a964e6375561cc8e90d9b20ebcd6bffa8 05-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Fix a false positive of the 'self' initialization checker.

A common pattern in classes with multiple initializers is to put the
subclass's common initialization bits into a static function that receives
the value of 'self', e.g:

if (!(self = [super init]))
return nil;
if (!(self = _commonInit(self)))
return nil;

It was reported that 'self' was not set to the result of [super init].
Until we can use inter-procedural analysis, in such a call, transfer the
ObjCSelfInitChecker flags associated with 'self' to the result of the call.

Fixes rdar://8937441 & http://llvm.org/PR9094

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124940 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
c2e20d0c42cf085940c9a9cb495a7116d1b0eb07 03-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Fix a crash until we can handle temporary struct objects properly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124822 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
469a1eb996e1cb0be54f9b210f836afbddcbb2cc 02-Feb-2011 John McCall <rjmccall@apple.com> An insomniac stab at making block declarations list the variables they close
on, as well as more reliably limiting invalid references to locals from
nested scopes.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124721 91177308-0d34-0410-b5e6-96231b3b80d8
ndefCapturedBlockVarChecker.cpp
63eeade25deaa8ca0b8a8a91871eb5af81544989 01-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> Fix the message. Thanks to Thomas Clement for noticing.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124680 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
be29d8d3dff34313c1ae1ae09145e64dd948b0da 01-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Slightly improve the diagnostic message of ObjCSelfInitChecker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124674 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
9319b56154cfd9e3c781e54d2ee1c10c5858efed 27-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Fix crash when handling dot syntax on 'super'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124376 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
bd5a94e263137dc3ce7c100485626bae025cf58e 26-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Enable the self-init checker under command-line option '-analyzer-check-objc-self-init' which by default
is enabled by the driver for '--analyze'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124266 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.cpp
xprEngine.cpp
4717f163eb3578f5bada399dd6ced1c62847bfe4 26-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Improve the diagnostic for the self-init checker. Suggestion by Ted!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124263 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
eaf969bf4b657f0c4577f38a39f8c4ef1d9272fc 26-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Do the self-init check only on NSObject subclasses. Patch by Jean-Daniel Dupas!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124249 91177308-0d34-0410-b5e6-96231b3b80d8
bjCSelfInitChecker.cpp
e3115e257163321ecde429aeae75f1702f099d4c 25-Jan-2011 Ted Kremenek <kremenek@apple.com> Recycle memory for GRStates that are never referenced
by ExplodedNodes. This leads to about a 4-8%
reduction in memory footprint when analyzing
functions in sqlite3.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124214 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
937596fc25bba3ac7519e9ffff3e4fab2c97863e 25-Jan-2011 Ted Kremenek <kremenek@apple.com> Tweak wording of static analyzer diagnostic
for a block capturing the value of an uninitialized
variable.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124212 91177308-0d34-0410-b5e6-96231b3b80d8
ndefCapturedBlockVarChecker.cpp
14429b918bd2f4cb52abc75546a7fe37142054ca 25-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Handle the dot syntax for properties in the ExprEngine.

We translate property accesses to obj-c messages by simulating "loads" or "stores" to properties
using a pseudo-location SVal kind (ObjCPropRef).

Checkers can now reason about obj-c messages for both explicit message expressions and implicit
messages due to property accesses.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124161 91177308-0d34-0410-b5e6-96231b3b80d8
allAndMessageChecker.cpp
xprEngine.cpp
5286e2ddfd8332520de4c076e49991d6fe557adb 25-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Introduce ExprEngine::VisitObjCMessage for handling general ObjCMessages (both message expressions and property access)
and use it in ExprEngine::VisitObjCMessageExpr.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124160 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
432424d67641d609e4990d791baa782fc161027e 25-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Introduce ObjCMessage which represents both explicit ObjC message expressions and implicit
messages that are sent for handling properties in dot syntax.

Replace all direct uses of ObjCMessageExpr in the checkers and checker interface with ObjCMessage.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124159 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
allAndMessageChecker.cpp
xprEngine.cpp
SAutoreleasePoolChecker.cpp
bjCSelfInitChecker.cpp
090c47baf01394de7a4061740ae7bb1f7c26492a 25-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Simplify GetReceiverType function in BasicObjCFoundationChecks.cpp; no functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@124157 91177308-0d34-0410-b5e6-96231b3b80d8
asicObjCFoundationChecks.cpp
14cc9451de4a9539bf79e4e5d63248c2377426db 20-Jan-2011 Ted Kremenek <kremenek@apple.com> Enhance AnalysisConsumer to also visit functions
and methods defined within 'namespace X { ... }'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123921 91177308-0d34-0410-b5e6-96231b3b80d8
nalysisConsumer.cpp
f4c7371fb1d3cebcfb40abad4537bb82515704ea 19-Jan-2011 John McCall <rjmccall@apple.com> Change QualType::getTypePtr() to return a const pointer, then change a
thousand other things which were (generally inadvertantly) relying on that.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123814 91177308-0d34-0410-b5e6-96231b3b80d8
astSizeChecker.cpp
astToStructChecker.cpp
dec0984fce504a39a7f085774fb67cfd9957be58 18-Jan-2011 Jeffrey Yasskin <jyasskin@google.com> Fix warnings found by gcc-4.6, from -Wunused-but-set-variable and
-Wint-to-pointer-cast.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123719 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
0f565591bcc0685181d7037fe9db60a31d29b9c9 17-Jan-2011 Douglas Gregor <dgregor@apple.com> NetBSD, OpenBSD, and Dragonfly BSD also have arc4random. Patch from
Joerg Sonnenberger!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123669 91177308-0d34-0410-b5e6-96231b3b80d8
heckSecuritySyntaxOnly.cpp
c7793c73ba8a343de3f2552d984851985a46f159 15-Jan-2011 Douglas Gregor <dgregor@apple.com> Introduce a new expression kind, SubstNonTypeTemplateParmPackExpr,
that captures the substitution of a non-type template argument pack
for a non-type template parameter pack within a pack expansion that
cannot be fully expanded. This follows the approach taken by
SubstTemplateTypeParmPackType.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123506 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
c39b5e867df74904ac7e50d225b3cca0db43571f 14-Jan-2011 Ted Kremenek <kremenek@apple.com> Cleanup confused code that redundantly called "getDeclContext()" twice.
Found by clang static analyzer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123485 91177308-0d34-0410-b5e6-96231b3b80d8
LVMConventionsChecker.cpp
db0594bfc013131f88429add4eb653c285fa94fb 14-Jan-2011 Ted Kremenek <kremenek@apple.com> Rename 'RemoveDeadBindings()' to 'removeDeadBindings()'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123460 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
2ccf047adf877f5e821210b1ce1a2c8289acadc0 14-Jan-2011 Ted Kremenek <kremenek@apple.com> Rename 'EnterStackFrame()' to 'enterStackFrame()'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123459 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
d1d8ddc5bae35610c243cc92812e72b83667d227 13-Jan-2011 Ted Kremenek <kremenek@apple.com> Rename 'CheckDeadStores.cpp' to 'DeadStoresChecker.cpp'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123395 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
heckDeadStores.cpp
eadStoresChecker.cpp
56b1f71156db11b9c8234ca621c29213a73218e0 13-Jan-2011 Ted Kremenek <kremenek@apple.com> Remove warning in dead stores checker for
dead stores within nested assignments. I have
never seen an actual bug found by this specific
warning, and it can lead to many false positives.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123394 91177308-0d34-0410-b5e6-96231b3b80d8
heckDeadStores.cpp
d074441e027471a914cbb909a7aad1d43224950f 13-Jan-2011 Zhongxing Xu <xuzhongxing@gmail.com> Support inlining base initializers. We still haven't got it completely right,
since the bindings are purged after they are set up. Need to investigate
RemoveDeadBindings algorithm.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123374 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
b4857264b8d3d861f688cdaa174aab30e0729a73 13-Jan-2011 Ted Kremenek <kremenek@apple.com> Rename 'HasGeneratedNode' to 'hasGeneratedNode'
and 'getBasePredecessor()' to 'getPredecessor()'.

Also remove a unneeded save-and-restore of
node builder's tag field.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123363 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
ba37d3b2ef37c3591a4f673215d78cb9cc928de3 13-Jan-2011 Ted Kremenek <kremenek@apple.com> Remove unnecessary save-and-restore of the
node builder's 'HasGeneratedNode' field.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123362 91177308-0d34-0410-b5e6-96231b3b80d8
allocChecker.cpp
tackAddrLeakChecker.cpp
treamChecker.cpp
d7a31ba6db617e38bb064df0ab09dbd41cdfed18 11-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Introduce ObjCSelfInitChecker, which checks initialization methods to verify that they assign 'self' to the
result of an initialization call (e.g. [super init], or [self initWith..]) before using any instance variable or
returning 'self'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123264 91177308-0d34-0410-b5e6-96231b3b80d8
MakeLists.txt
xprEngine.cpp
xprEngineInternalChecks.h
bjCSelfInitChecker.cpp
6547884b9c20096594bdc652669df82c322c5eb6 11-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Support post-visiting ObjCIvarRefExprs for checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123263 91177308-0d34-0410-b5e6-96231b3b80d8
xprEngine.cpp
f7fbbda62705352a53ac3b495a1128946a34ced3 11-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Add 'isLoad' parameter in Checker::visitLocation() to conveniently distinguish between loads/stores.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123261 91177308-0d34-0410-b5e6-96231b3b80d8
rrayBoundChecker.cpp
rrayBoundCheckerV2.cpp
ereferenceChecker.cpp
allocChecker.cpp