History log of /external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 29-May-2014 Stephen Hines <srhines@google.com> Update Clang for 3.5 rebase (r209713).

Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
651f13cea278ec967336033dd032faef0e9fc2ec 24-Apr-2014 Stephen Hines <srhines@google.com> Updated to Clang 3.5a.

Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
81557223ba8d7ef8b0468a6e1dc8fc79f2de46f2 25-Sep-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle destructors for the argument to C++ 'delete'.

Now that the CFG includes nodes for the destructors in a delete-expression,
process them in the analyzer using the same common destructor interface
currently used for local, member, and base destructors. Also, check for when
the value is known to be null, in which case no destructor is actually run.

This does not yet handle destructors for deleted /arrays/, which may need
more CFG work. It also causes a slight regression in the location of
double delete warnings; the double delete is detected at the destructor
call, which is implicit, and so is reported on the first access within the
destructor instead of at the 'delete' statement. This will be fixed soon.

Patch by Karthik Bhat!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191381 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
30845189af590de0af68ad9c7c47dd789ee28df2 16-Sep-2013 Anton Yartsev <anton.yartsev@gmail.com> New message for cases when ownership is taken:
"+method_name: cannot take ownership of memory allocated by 'new'."
instead of the old
"Memory allocated by 'new' should be deallocated by 'delete', not +method_name"

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190800 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
68502e52938f84b97267b51e86d4a90a11552512 15-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] If realloc fails on an escaped region, that region doesn't leak.

When a region is realloc()ed, MallocChecker records whether it was known
to be allocated or not. If it is, and the reallocation fails, the original
region has to be freed. Previously, when an allocated region escaped,
MallocChecker completely stopped tracking it, so a failed reallocation
still (correctly) wouldn't require freeing the original region. Recently,
however, MallocChecker started tracking escaped symbols, so that if it were
freed we could check that the deallocator matched the allocator. This
broke the reallocation model for whether or not a symbol was allocated.

Now, MallocChecker will actually check if a symbol is owned, and only
require freeing after a failed reallocation if it was owned before.

PR16730

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188468 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3aa29df37b140f9c6786b6863a0cac195071b598 15-Jul-2013 Craig Topper <craig.topper@gmail.com> Add 'static' and 'const' qualifiers to some arrays of strings.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186314 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
09d19efaa147762f84aed55efa7930bb3616a4e5 04-Jul-2013 Craig Topper <craig.topper@gmail.com> Use SmallVectorImpl instead of SmallVector for iterators and references to avoid specifying the vector size unnecessarily.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@185610 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3370859a809e5fa6c27659095c7349ce1c321233 08-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Minor fixups to r183062

Based on feedback from Jordan.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183600 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e7a5c829540a452f30cd5a1c0609dddcb1af33ce 01-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker should only escape the receiver when “[O init..]” is called.

Jordan has pointed out that it is valuable to warn in cases when the arguments to init escape.
For example, NSData initWithBytes id not going to free the memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183062 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ee1af2398086464cfa2b7306ac4d8359d61872ee 01-Jun-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a false positive reported on rare strange code, which happens to be in JSONKit

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@183055 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
374ae320b87c15b0262c40e5c46e8990111df5ca 10-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Indirect invalidation counts as an escape for leak checkers.

Consider this example:

char *p = malloc(sizeof(char));
systemFunction(&p);
free(p);

In this case, when we call systemFunction, we know (because it's a system
function) that it won't free 'p'. However, we /don't/ know whether or not
it will /change/ 'p', so the analyzer is forced to invalidate 'p', wiping
out any bindings it contains. But now the malloc'd region looks like a
leak, since there are no more bindings pointing to it, and we'll get a
spurious leak warning.

The fix for this is to notice when something is becoming inaccessible due
to invalidation (i.e. an imperfect model, as opposed to being explicitly
overwritten) and stop tracking it at that point. Currently, the best way
to determine this for a call is the "indirect escape" pointer-escape kind.

In practice, all the patch does is take the "system functions don't free
memory" special case and limit it to direct parameters, i.e. just the
arguments to a call and not other regions accessible to them. This is a
conservative change that should only cause us to escape regions more
eagerly, which means fewer leak warnings.

This isn't perfect for several reasons, the main one being that this
example is treated the same as the one above:

char **p = malloc(sizeof(char *));
systemFunction(p + 1);
// leak

Currently, "addresses accessible by offsets of the starting region" and
"addresses accessible through bindings of the starting region" are both
considered "indirect" regions, hence this uniform treatment.

Another issue is our longstanding problem of not distinguishing const and
non-const bindings; if in the first example systemFunction's parameter were
a char * const *, we should know that the function will not overwrite 'p',
and thus we can safely report the leak.

<rdar://problem/13758386>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181607 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
148d9223f02dba1ba6e40848d413daa3ffc09dfe 16-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Improve the malloc checker stack hint message

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179580 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9df151c5bc2a746096632bbd21dc61e18675ed55 13-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Enable NewDelete checker if NewDeleteLeaks checker is enabled.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179428 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b1b683ea5f1ff161b6bbdf2e2519317618ee2811 12-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Makes NewDeleteLeaks checker work independently from NewDelete.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179410 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9e2f5977a180ae927d05e844c65b8a7873be48a4 12-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer]Print field region even when the base region is not printable

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179395 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9ae7a92009c468d01d233e6a9f37ab04946864f9 11-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Refactoring: better doxygen comment; renaming isTrackedFamily to isTrackedByCurrentChecker

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179242 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
8cf91f7efb4dcb238fe443915d9a30119ce5b70c 11-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan’s review of r179219

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179235 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
55e57a50a36749ce0483db2f16259649c9d25792 11-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Switched to checkPreCall interface for detecting usage after free.

Now the check is also applied to arguments for Objective-C method calls and to 'this' pointer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179230 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
27d99dd714895564b526b786284a46b40f53be01 10-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Cleanup leak warnings: do not print the names of variables from other functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179219 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0413023bed8ec91d3642cd6ff114957badf51f31 09-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Keep tracking the pointer after the escape to more aggressively report mismatched deallocator

Test that the path notes do not change. I don’t think we should print a note on escape.

Also, I’ve removed a check that assumed that the family stored in the RefStete could be
AF_None and added an assert in the constructor.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179075 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
68eb4c25e961d18f82b47a0a385f90d7af09bcc3 06-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Shorten the malloc checker’s leak message

As per Ted’s suggestion!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178938 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
a3989b8f54421cd90a48ace8820c7147cea6bb3d 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Eliminates all the cases with unknown family.

Now treat AF_None family as impossible in isTrackedFamily()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178899 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e85deb356f5d2d2172b7ef70314bc9cfc742a936 05-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Split new/delete checker into use-after-free and leaks parts.

This splits the leak-checking part of alpha.cplusplus.NewDelete into a
separate user-level checker, alpha.cplusplus.NewDeleteLeaks. All the
difficult false positives we've seen with the new/delete checker have been
spurious leak warnings; the use-after-free warnings and mismatched
deallocator warnings, while rare, have always been valid.

<rdar://problem/6194569>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178890 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
a3ae937ab7b7026953b6e93e0159cf1dd918e2a1 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Path notes for the MismatchedDeallocator checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178862 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
418780f132a6d790b248ef91e1067c3c3dd31350 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Check allocation family more precise.

The statement passed to isTrackedFamily() might be a user defined function calling malloc; in this case we got AF_NONE family for this function.
Now the allocation family is derived from Sym, that holds a family of a real allocator.

This commit is also a movement towards getting rid of tracking memory allocating by unknown means.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178834 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
c84543123a12045f8a1415c1f05b647b70190f34 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Corrected the switch statement.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178831 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9c6bbb3492cc34df1eed1e151c94935846edc17f 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Fully-covered switch for families in isTrackedFamily()

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178820 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
648cb71625a2ab3164b2cacac9e9cb3d22b03bd7 05-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Reduced the unwanted correlations between checkers living inside MallocChecker.cpp

This fixes an issue pointed to by Jordan: if unix.Malloc and unix.MismatchedDeallocator are both on, then we end up still tracking leaks of memory allocated by new.
Moved the guards right before emitting the bug reports to unify and simplify the logic of handling of multiple checkers. Now all the checkers perform their checks regardless of if they were enabled, or not, and it is decided just before the emitting of the report, if it should be emitted. (idea from Anna).

Additional changes:
improved test coverage for checker correlations;
refactoring: BadDealloc -> MismatchedDealloc

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178814 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
41988f331a74a72cf243a2a68ffb56418e9a174e 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.

This should suppress several false positives reported by the NewDelete checker on llvm codebase.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
03852c8717b45ece934f7740a100de526a734641 28-Mar-2013 Eric Christopher <echristo@gmail.com> Fix order of initialization warning.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178255 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
849c7bf718ed3c08bd66b93f0bd508a44bb2f669 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] These implements unix.MismatchedDeallocatorChecker checker.
+ Improved display names for allocators and deallocators

The checker checks if a deallocation function matches allocation one. ('free' for 'malloc', 'delete' for 'new' etc.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178250 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
697462881c4b9b704c7859f4bab0a6116c684bb1 28-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] For now assume all standard global 'operator new' functions allocate memory in heap.
+ Improved test coverage for cplusplus.NewDelete checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178244 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2de19edab6001d2c17720d02fe0760b9b452192a 25-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Adds cplusplus.NewDelete checker that check for memory leaks, double free, and use-after-free problems of memory managed by new/delete.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3258d4b3fb5922027747217e5e6f81a11878600d 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] fixed the logic changed by r176949

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176956 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
bb3699543e60594af7b5cbdb3b2e9acb816b3687 13-Mar-2013 Anton Yartsev <anton.yartsev@gmail.com> Refactoring:
+ Individual Report* method for each bug type
+ Comment improved: missing non-trivial alloca() case annotated
+ 'range' parameter of ReportBadFree() capitalized
+ 'SymbolRef Sym = State->getSVal(A, C.getLocationContext()).getAsSymbol();' shorten to 'SymbolRef Sym = C.getSVal(A).getAsSymbol();'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176949 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9fe09f30f76cb65ca2a5fcd8e649f5b2f0cf02bd 09-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Be more consistent about Objective-C methods that free memory.

Previously, MallocChecker's pointer escape check and its post-call state
update for Objective-C method calls had a fair amount duplicated logic
and not-entirely-consistent checks. This commit restructures all this to
be more consistent and possibly allow us to be more aggressive in warning
about double-frees.

New policy (applies to system header methods only):
(1) If this is a method we know about, model it as taking/holding ownership
of the passed-in buffer.
(1a) ...unless there's a "freeWhenDone:" parameter with a zero (NO) value.
(2) If there's a "freeWhenDone:" parameter (but it's not a method we know
about), treat the buffer as escaping if the value is non-zero (YES) and
non-escaping if it's zero (NO).
(3) If the first selector piece ends with "NoCopy" (but it's not a method we
know about and there's no "freeWhenDone:" parameter), treat the buffer
as escaping.

The reason that (2) and (3) don't explicitly model the ownership transfer is
because we can't be sure that they will actually free the memory using free(),
and we wouldn't want to emit a spurious "mismatched allocator" warning
(coming in Anton's upcoming patch). In the future, we may have an idea of a
"generic deallocation", i.e. we assume that the deallocator is correct but
still continue tracking the region so that we can warn about double-frees.

Patch by Anton Yartsev, with modifications from me.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176744 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
7a95de68c093991047ed8d339479ccad51b88663 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace ProgramPoint llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Include llvm::Optional in clang/Basic/LLVM.h

Post-commit CR feedback from Jordan Rose regarding r175594.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace SVal llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
118aa750c5cfe975542dce8e41586b2054d1f5dd 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Report bugs when freeing memory with offset pointer

The malloc checker will now catch the case when a previously malloc'ed
region is freed, but the pointer passed to free does not point to the
start of the allocated memory. For example:

int *p1 = malloc(sizeof(int));
p1++;
free(p1); // warn

From the "memory.LeakPtrValChanged enhancement to unix.Malloc" entry
in the list of potential checkers.

A patch by Branden Archer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174678 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
233e26acc0ff2a1098f4c813f69286fce840a422 08-Feb-2013 Anna Zaks <ganna@apple.com> [analyzer] Add pointer escape type param to checkPointerEscape callback

The checkPointerEscape callback previously did not specify how a
pointer escaped. This change includes an enum which describes the
different ways a pointer may escape. This enum is passed to the
checkPointerEscape callback when a pointer escapes. If the escape
is due to a function call, the call is passed. This changes
previous behavior where the call is passed as NULL if the escape
was due to indirectly invalidating the region the pointer referenced.

A patch by Branden Archer!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f 12-Jan-2013 Dmitri Gribenko <gribozavr@gmail.com> Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
97bfb558f69c09b01a5c1510f08dc91eb62329a7 08-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Include the bug uniqueing location in the issue_hash.

The issue here is that if we have 2 leaks reported at the same line for
which we cannot print the corresponding region info, they will get
treated as the same by issue_hash+description. We need to AUGMENT the
issue_hash with the allocation info to differentiate the two issues.

Add the "hash" (offset from the beginning of a function) representing
allocation site to solve the issue.

We might want to generalize solution in the future when we decide to
track more than just the 2 locations from the diagnostics.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171825 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
a4a1759ba11892b510a3b09ad8605aa82602d33e 04-Jan-2013 Ted Kremenek <kremenek@apple.com> Tighten code. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171501 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
c37fad6d8b483b636e96f568202f24cb2b714db4 03-Jan-2013 Ted Kremenek <kremenek@apple.com> Make MallocChecker debug output useful.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171439 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
bf53dfac8195835028bd6347433f7dbebcc29fc1 20-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
c2cca2361aeafdf9170de2695b17d8bcd1c6f7db 11-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Don't generate a summary for "freeWhenDone" if method is
inlined.

Fixes a false positive that occurs if a user writes their own
initWithBytesNoCopy:freeWhenDone wrapper.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169795 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e3ce2c10c3f6ae7b26700d758de909deab190d42 06-Dec-2012 Ted Kremenek <kremenek@apple.com> Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator.

This is a nice conceptual cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464 04-Dec-2012 Chandler Carruth <chandlerc@gmail.com> Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.

This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.

I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2fa67efeaf66a9332c30a026dc1c21bef6c33a6c 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.

Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169092 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4d9f4e5bfa701fc870e3c481f93f1fcc52d327bb 22-Nov-2012 Benjamin Kramer <benny.kra@googlemail.com> Make helpers static/anonymous.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168500 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
65d4bd60ec6a734b814b7253b1026d35c8e46ce9 15-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] MallocChecker: Remove now-unnecessary check::EndPath callback.

Also, don't bother to stop tracking symbols in the return value, either.
They are now properly considered live during checkDeadSymbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168067 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2ccecfaa4852c134191d4075d94e09399ab46fea 13-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Address Jordan's code review for r167813.

This simplifies logic, fixes a bug, and adds a test case.
Thanks Jordan!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167868 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4141e4dcab6b175374710925aa90d547600a5e66 13-Nov-2012 Anna Zaks <ganna@apple.com> Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.

When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we should allow the user to free
the pointer by calling another function when the return value is NULL.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167813 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
166d502d5367ceacd1313a33cac43b1048b8524d 02-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).

Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.

This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait,
but it does get a lot of them.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
785950e59424dca7ce0081bebf13c0acd2c4fff6 02-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename 'EmitReport' to 'emitReport'.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167275 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
79a29eb35a9508d61abb07452e4912d03466d1e7 01-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Fix typo in r167186.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167189 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ec8d420d4fa57fc6b5a5a2b1446742e976a7ba00 01-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename ConditionTruthVal::isTrue to isConstrainedTrue.

(and the same for isFalse)

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167186 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
54458707b2df12c5a63599fe9727a227d91bc183 29-Oct-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker cleanup/refactor

No need for the auxiliary flag. No need to generate a leak node when
there is no error.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166977 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
615a092a511cd2dfe1a5364ebf5f80e55e33034d 22-Sep-2012 Jordan Rose <jordan_rose@apple.com> Use llvm::getOrdinalSuffix to print ordinal numbers in diagnostics.

Just a refactoring of common infrastructure. No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164443 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
c20c7275c351f362b42915901d308ac66b8b71d1 20-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] MallocChecker should not do post-call checks on inlined functions.

If someone provides their own function called 'strdup', or 'reallocf', or
even 'malloc', and we inlined it, the inlining should have given us all the
malloc-related information we need. If we then try to attach new information
to the return value, we could end up with spurious warnings.

<rdar://problem/12317671>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164276 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5fc1d0c4532c55cc47ba6628f296bf5b86d2eaf0 17-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Teach the analyzer about implicit initialization of statics
in ObjCMethods.

Extend FunctionTextRegion to represent ObjC methods as well as
functions. Note, it is not clear what type ObjCMethod region should
return. Since the type of the FunctionText region is not currently used,
defer solving this issue.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164046 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9dc298bf8e4001978e44e7f1872f337fe5805960 13-Sep-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix another false positive in malloc realloc logic.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163749 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
47cbd0f3892c7965cf16a58393f9f17a22d4d4d9 08-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove ProgramState::getSymVal(). It was being misused by Checkers,
with at least one subtle bug in MacOSXKeyChainAPIChecker where the
calling the method was a substitute for assuming a symbolic value
was null (which is not the case).

We still keep ConstraintManager::getSymVal(), but we use that as
an optimization in SValBuilder and ProgramState::getSVal() to
constant-fold SVals. This is only if the ConstraintManager can
provide us with that information, which is no longer a requirement.
As part of this, introduce a default implementation of
ConstraintManager::getSymVal() which returns null.

For Checkers, introduce ConstraintManager::isNull(), which queries
the state to see if the symbolic value is constrained to be a null
value. It does this without assuming it has been implicitly constant
folded.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163428 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
55dd956d521d4d650dfd929d67f4b98ede61c0ea 24-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix realloc related bug in the malloc checker.

When reallocation of a non-allocated (not owned) symbol fails do not
expect it to be freed.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162533 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
66c486f275531df6362b3511fc3af6563561801b 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'currentX' to 'currX' throughout analyzer and libAnalysis.
Also rename 'getCurrentBlockCounter()' to 'blockCount()'.

This ripples a bunch of code simplifications; mostly aesthetic,
but makes the code a bit tighter.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
431e35c279972a28be8adc31e127a207e666498d 09-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Cleanup of malloc checker.

Remove Escaped state, which is not really necessary. We can just stop
tracking the symbol instead of keeping it around and marking escaped.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161557 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
919e8a1c6698bfa6848571d366430126bced727d 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Clean up the printing of FieldRegions for leaks.

Unfortunately, generalized region printing is very difficult:
- ElementRegions are used both for casting and as actual elements.
- Accessing values through a pointer means going through an intermediate
SymbolRegionValue; symbolic regions are untyped.
- Referring to implicitly-defined variables like 'this' and 'self' could be
very confusing if they come from another stack frame.

We fall back to simply not printing the region name if we can't be sure it
will print well. This will allow us to improve in the future.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161512 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0d53ab4024488d0c6cd283992be3fd4b67099bd3 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Track malloc'd regions stored in structs.

The main blocker on this (besides the previous commit) was that
ScanReachableSymbols was not looking through LazyCompoundVals.
Once that was fixed, it's easy enough to clear out malloc data on return,
just like we do when we bind to a global region.

<rdar://problem/10872635>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161511 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4d33286d59e5d71a072c7e08ea0c5dd65e45b81c 04-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: remove assert since is not valid as of r161248

We can be in the situation where we did not track the symbol before
realloc was called on it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161294 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ede875b794e8f35aa1432e61610ea6e84360b6d3 03-Aug-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: track non-allocated but freed memory

There is no reason why we should not track the memory which was not
allocated in the current function, but was freed there. This would
allow to catch more use-after-free and double free with no/limited IPA.

Also fix a realloc issue which surfaced as the result of this patch.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161248 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d 26-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5ef6e94b294cc47750d8ab220858a36726caba59 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Guard against C++ member functions that look like system functions.

C++ method calls and C function calls both appear as CallExprs in the AST.
This was causing crashes for an object that had a 'free' method.

<rdar://problem/11822244>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160029 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
852aa0d2c5d2d1faf2d77b5aa3c0848068a342c5 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPoints

These ProgramPoints are used in inlining calls,
and not all calls have associated statements anymore.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
28038f33aa2db4833881fea757a1f0daf85ac02b 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.

These are currently unused, but are intended to be used in lieu of PreStmt
and PostStmt when the call is implicit (e.g. an automatic object destructor).

This also modifies the Data1 field of ProgramPoints to allow storing any
pointer-sized value, as opposed to only aligned pointers. This is necessary
to store SourceLocations.

There is currently no BugReporter support for these; they should be skipped
over in any diagnostic output.

This commit also tags checkers that currently rely on function calls only
occurring at StmtPoints.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
de507eaf3cb54d3cb234dc14499c10ab3373d15f 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.

The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall
argument, which can represent an explicit message send (ObjCMessageSend) or an
implicit message generated by a property access (ObjCPropertyAccess).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159559 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cde8cdbd6a662c636164465ad309b5f17ff01064 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.

Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper
around the existing ObjCMessage abstraction (over message sends and property
accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses
ObjCMessageSend and ObjCPropertyAccess.

In addition to removing yet another wrapper object, this should make it easy
to add a ObjCSubscriptAccess call event soon.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159558 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
85d7e01cf639b257d70f8a129709a2d7594d7b22 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Move the last bits of CallOrObjCMessage over to CallEvent.

This involved refactoring some common pointer-escapes code onto CallEvent,
then having MallocChecker use those callbacks for whether or not to consider
a pointer's /ownership/ as escaping. This still needs to be pinned down, and
probably we want to make the new argumentsMayEscape() function a little more
discerning (content invalidation vs. ownership/metadata invalidation), but
this is a good improvement.

As a bonus, also remove CallOrObjCMessage from the source completely.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159557 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
740d490593e0de8732a697c9f77b90ddd463863b 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a new abstraction over all types of calls: CallEvent

This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ee681111c713f300884550b1503713ade3b32374 25-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Be careful about implicitly-declared operator new/delete. (PR13090)

The implicit global allocation functions do not have valid source locations,
but we still want to treat them as being "system header" functions for the
purposes of how they affect program state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159160 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
7186dc63094d3ba24e57e16a66a226d21448dd4f 23-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Teach malloc checker that initWith[Bytes|Characters}NoCopy
relinquish memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159043 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3e4f65d863bff9c4bbb2e7061a5d69b8c0366d66 23-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Fixup to r158958.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159037 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5b7aa34167f23e6137bd257addac4dd67f612ec4 22-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Warn about use-after-free when memory ownership was
transfered with dataWithBytesNoCopy.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158958 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
52a04812e5767dab68efb33ad044760b5b168941 21-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc leak false positive: Allow xpc context to escape.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158875 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
050cdd7107526df8ff7a8e0a08b3e99c83c263c0 20-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: cleanup, disallow free on relinquished memory.

This commits sets the grounds for more aggressive use after free
checking. We will use the Relinquished sate to denote that someone
else is now responsible for releasing the memory.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158850 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5f75768579b9b1d70d01903ab4766aede65defcc 19-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow pointers to escape into NSPointerArray.
(Fixes radar://11691035 PR13140)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158703 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
1bf908df57cc43f3bc7296f4e51f5708bd323c6b 16-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Buffers passed to CGBitmapContextCreate can escape.

Specifically, although the bitmap context does not take ownership of the
buffer (unlike CGBitmapContextCreateWithData), the data buffer can be extracted
out of the created CGContextRef. Thus the buffer is not leaked even if its
original pointer goes out of scope, as long as
- the context escapes, or
- it is retrieved via CGBitmapContextGetData and freed.

Actually implementing that logic is beyond the current scope of MallocChecker,
so for now CGBitmapContextCreate goes on our system function exception list.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158579 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e17fdb2d5dbf0ffefd417587003eebbe5baf5984 07-Jun-2012 Anna Zaks <ganna@apple.com> [analyzer] Anti-aliasing: different heap allocations do not alias

Add a concept of symbolic memory region belonging to heap memory space.
When comparing symbolic regions allocated on the heap, assume that they
do not alias.

Use symbolic heap region to suppress a common false positive pattern in
the malloc checker, in code that relies on malloc not returning the
memory aliased to other malloc allocations, stack.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158136 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
48d798ce32447607144db70a484cdb99c1180663 02-Jun-2012 Benjamin Kramer <benny.kra@googlemail.com> Fix typos found by http://github.com/lyda/misspell-check

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157886 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
a38cb2ccb1c501f3cf421396262da80008d62e87 19-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: remove unnecessary comparisons.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
1434518f17272968765602a54391c794c975350a 18-May-2012 Anna Zaks <ganna@apple.com> [analyzer]Malloc: refactor and report use after free by memory
allocating functions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157037 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
88feba05142651618aba0a0e57b0b98e026de336 10-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Do not highlight the range of the statement in case of leak.

We report a leak at a point a leaked variable is no longer accessible.
The statement that happens to be at that point is not relevant to the
leak diagnostic and, thus, should not be highlighted.

radar://11178519

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156530 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
aca0ac58d2ae80d764e3832456667d7322445e0c 04-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow pointers escape through calls containing callback args.

(Since we don't have a generic pointer escape callback, modify
ExprEngineCallAndReturn as well as the malloc checker.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
93c5a24b517e65eb61481ed866b503f1e37cff20 02-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix the 'ptr = ptr' false negative in the Malloc checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155963 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
259052d8c819d101f6f627f960f56e582ecbcebc 11-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] Don't crash even when the system functions are redefined.
(Applied changes to CStringAPI, Malloc, and Taint.)

This might almost never happen, but we should not crash even if it does.
This fixes a crash on the internal analyzer buildbot, where postgresql's
configure was redefining memmove (radar://11219852).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154451 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
62a5c34ddc54696725683f6c5af1c8e1592c5c38 30-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert.

Fixes a false positive (radar://11152419). The current solution of
adding the info into 3 places is quite ugly. Pending a generic pointer
escapes callback.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4cd7edfa851ff5d9b37d09539a77685a12e82994 26-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Allow a pointer to escape through OSAtomicEnqueue.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153453 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b000fb5999265d12d54a1ef9f31848c9e334dcaa 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Tighten up the realloc() failure path note generation...make sure we get the right realloc()!


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153370 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3bc75ca0a636efdc93471c9b6bad43085a22bf3a 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Restart path diagnostic generation if any of the visitors change the report configuration while walking the path.

This required adding a change count token to BugReport, but also allowed us to ditch ImmutableList as the BugReporterVisitor data type.

Also, remove the hack from MallocChecker, now that visitors appear in the opposite order. This is not exactly a fix, but the common case -- custom diagnostics after generic ones -- is now the default behavior.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153369 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
011534973e83db51f49098871186238fc64d5f54 24-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able to reset diagnostic generation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153368 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f5aa3f5e58356d0bea823fe75dd7bf6aea6f47f4 22-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: drop symbols captured by blocks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153232 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
850f1b1af015719ec10351bb93530101c265dd29 21-Mar-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove unused variable, fix indentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153220 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3d7c44e01d568e5d5c0fac9c6ccb3f080157ba19 21-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: Utter the name of the leaked variable.
Specifically, we use the last store of the leaked symbol in the leak diagnostic.
(No support for struct fields since the malloc checker doesn't track those
yet.)

+ Infrastructure to track the regions used in store evaluations.
This approach is more precise than iterating the store to
obtain the region bound to the symbol, which is used in RetainCount
checker. The region corresponds to what is uttered in the code in the
last store and we do not rely on the store implementation to support
this functionality.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153212 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
393f98b5b7f7c950d2b0a7d84501b5dfd00ad780 18-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Mark a failed-realloc's result as an interesting symbol between the realloc call and the null check, so we get nicer path notes. Fixes a regression introduced by the diagnostic pruning added in r152361.

This is accomplished by calling markInteresting /during/ path diagnostic generation, and as such relies on deterministic ordering of BugReporterVisitors -- namely, that BugReporterVisitors are run in /reverse/ order from how they are added. (Right now that's a consequence of storing visitors in an ImmutableList, where new items are added to the front.) It's a little hacky, but it works for now.

I think this is the best we can do without storing the relation between the old and new symbols, and that would be a hit whether or not there ends up being an error.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153010 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
fbd58743fa6c793b84ed60a0e2325335a53da6c4 17-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Shorten the stack hint diagnostic.

Do not display the standard "Returning from 'foo'", when a stack hint is
available.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152964 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
56a938ff85a444eb3d30d2634d92ce5b1f6fae56 17-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Create symbol-aware stack hints (building upon r152837).

The symbol-aware stack hint combines the checker-provided message
with the information about how the symbol was passed to the callee: as
a parameter or a return value.

For malloc, the generated messages look like this :
"Returning from 'foo'; released memory via 1st parameter"
"Returning from 'foo'; allocated memory via 1st parameter"
"Returning from 'foo'; allocated memory returned"
"Returning from 'foo'; reallocation of 1st parameter failed"


(We are yet to handle cases when the symbol is a field in a struct or
an array element.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152962 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
368a0d565f078666ca5bfb7fe08d04648688e4bc 15-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Allow checkers to supply call stack diagnostic hints for the
BugVisitor DiagnosticPieces.

When checkers create a DiagnosticPieceEvent, they can supply an extra
string, which will be concatenated with the call exit message for every
call on the stack between the diagnostic event and the final bug report.
(This is a simple version, which could be/will be further enhanced.)

For example, this is used in Malloc checker to produce the ",
which allocated memory" in the following example:

static char *malloc_wrapper() { // 2. Entered call from 'use'
return malloc(12); // 3. Memory is allocated
}

void use() {
char *v;
v = malloc_wrapper(); // 1. Calling 'malloc_wrappers'
// 4. Returning from 'malloc_wrapper', which allocated memory
} // 5. Memory is never released; potential
memory leak

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152837 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
76aadc346c3a4c363238a1e1232f324c3355d9e0 09-Mar-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.

The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.

This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152361 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
218fce0f113f82fc28f2fb0c4b555ae2901b8a93 06-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Remove now-unused constant. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152080 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
257c60f23be7dcb012eeee832f5fda22c125c9bd 06-Mar-2012 Jordy Rose <jediknil@belkadan.com> [analyzer] Fix unnecessary dyn_cast_or_null. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152078 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
fb7f76f285faa4c21d299f2bce8f55de3f71e548 05-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc should assume that ownership is transfered when
calling an ObjC method ending with 'NoCopy'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152037 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b3d7275c1a4a9f676af850cd661b56c4ad7ef5c9 01-Mar-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix a regression introduced in malloc with
attributes, introduced in r151188.

+ the test to catch it.

Thanks to Ahmed Charles for pointing this out.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151840 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ca23eb212c78ac5bc62d0881635579dbe7095639 29-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: A pointer might escape through CFContainers APIs,
funopen, setvbuf.

Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
07d39a479cf8f20294407e749f9933da34ebecb7 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix Malloc False Positive (PR 12100)

When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151608 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
7752d292c97fd4b78a954c9a027b2a862be50f8b 28-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Leaks should be uniqued by the allocation point in the
closest function context.

This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151592 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
3cd89ad193834e766ce5dc24e260aa8615d0d5e1 25-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: reason about the ObjC messages and C++.

Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').

For now, always assume that regions escape when passed to C++ methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151410 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ca8e36eb637e232475ef31c3f22d5da907390917 23-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: unique leak reports by allocation site.

When we find two leak reports with the same allocation site, report only
one of them.

Provide a helper method to BugReporter to facilitate this.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151287 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0d389b819c33bdf0375694a8f141c8f02e002b18 23-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Invalidate the region passed to pthread_setspecific() call.

Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.

(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)

Teach the Malloc Checker, which treats all system calls as safe about
the API.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
87cb5bed5060805a86509c297fae133816c1cd87 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc cleanup:
- We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.

- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151188 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
60a1fa497b978114b969f4f0176a7cbad3b5d9c6 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: mark 'strdup' and 'strndup' as allocators.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151124 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
d9ab7bbbd43639247c9a82c8e8dbfaa617f4e266 22-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc: fix another false positive.
, when we return a symbol reachable to the malloced one via pointer
arithmetic.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151121 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
a19581ae489335abf5cf96b253b31ecefe96b8e4 20-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make Malloc aware of inter-procedural execution + basic
tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150993 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f0dfc9c0f29fd82552896558c04043731d30b851 17-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Fix another false positive in the Malloc Checker, by making
it aware of CString APIs that return the input parameter.

Malloc Checker needs to know how the 'strcpy' function is
evaluated. Introduce the dependency on CStringChecker for that.
CStringChecker knows all about these APIs.

Addresses radar://10864450

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150846 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
febdc324faaf1678a4f41497fd691efe54e145c9 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Clean up bug naming:
- Rename the category "Logic Error" -> "Memory Error".
- Shorten all the messages.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150733 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
fe571608b925079227d053a459eca86f7408e5c6 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Make the diagnostic visitor handle the case
of failing realloc. + Minor cleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150732 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ac593008c2035fa241c80352a0c97c5d853facbf 16-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Give up when a pointer escapes into a struct.

We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be conservative here
and give up when a pointer escapes into a struct.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150658 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
1d6cc6a44182ef03a373ecd61505042eca3af906 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: make a bit safer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150556 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
40add2983dedcf489d7ad8c7bccc58b6ae368ee4 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: add support for reallocf, which always frees
the passed in pointer on failure.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150533 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b16ce45bd05b637b3d7b0bf70c05e5dfd4ddacc7 15-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: add support for valloc + minor code
hardening.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150532 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
66c40400e7d6272b0cd675ada18dd62c1f0362c7 14-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Make Malloc Checker optimistic in presence of inlining.
(In response of Ted's review of r150112.)

This moves the logic which checked if a symbol escapes through a
parameter to invalidateRegionCallback (instead of post CallExpr visit.)

To accommodate the change, added a CallOrObjCMessage parameter to
checkRegionChanges callback.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150513 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b276bd9cc98247331cac8b290ba278b939e53657 14-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: realloc: add dependency between the symbols
in realloc map.

If there is no dependency, the reallocated ptr will get garbage
collected before we know that realloc failed, which would lead us to
missing a memory leak warning.

Also added new test cases, which we can handle now.
Plus minor cleanups.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150446 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
30838b994527d12e269abb14d395b1878e78c16d 13-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: realloc: correct the way we are handing the
case when size is 0.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150412 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
c8bb3befcad8cd8fc9556bc265289b07dc3c94c8 13-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: rework realloc handling:

1) Support the case when realloc fails to reduce False Positives. (We
essentially need to restore the state of the pointer being reallocated.)

2) Realloc behaves differently under special conditions (from pointer is
null, size is 0). When detecting these cases, we should consider
under-constrained states (size might or might not be 0). The
old version handled this in a very hacky way. The code did not
differentiate between definite and possible (no consideration for
under-constrained states). Further, after processing each special case,
the realloc processing function did not return but chained to the next
special case processing. So you could end up in an execution in which
you first see the states in which size is 0 and realloc ~ free(),
followed by the states corresponding to size is not 0 followed by the
evaluation of the regular realloc behavior.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150402 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
15d0ae170c2037815b6383c532253585fcd3d04e 12-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: reduce false negatives rate by assuming that
a pointer cannot escape through calls to system functions. Also, stop
after reporting the first use-after-free.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150315 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0860cd0646ed40f87085df39563f2c5f7f77750b 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc Checker: Report a leak when we are returning freed
memory.
(As per one test case, the existing checker thought that this could
cause a lot of false positives - not sure if that's valid, to be
verified.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150313 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
da04677092c7b08fe7438f82a8636dcc8c6e9683 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Malloc checker: Leak bugs should be suppressed by sinks.
Resolves a common false positive, where we were reporting a leak inside
asserts

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150312 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4fb548710837dc4e709e1a84f241c4bea121e895 11-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: refactor/improve the symbol escape logic.

We use the same logic here as the RetainRelease checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150311 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e9ef5622a7600604b101f1843e7a3736eeb45d83 10-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker Cleanup - harden against crashes, fix an error
(use of return instead of continue), wording.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150215 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
7fb4900f83832432dd4cdb84eb6e2ed132e6daf1 09-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Remove unused fun.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150172 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f8c17b79ab55d633567a151da5eb596b6001fa30 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: address a diagnostic "fixme".

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150158 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ff3b9fdbfd4ff3a8361640c0d8a12d9f0cc1ce6f 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Add custom path diagnostic to the Malloc Checker.

Very simple so far - we just highlight every allocation and release
site.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150156 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
cdfec5e5ea0d1cfebe27888ef072346704424ed8 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker cleanup, more tests.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150155 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
91c2a1192cdd4e7b2b4ac7838c5aceef200ea251 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: implement pessimistic version of the checker,
which allows values to escape through unknown calls.

Assumes all calls but the malloc family are unknown.

Also, catch a use-after-free when a pointer is passed to a
function after a call to free (previously, you had to explicitly
dereference the pointer value).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150112 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
231361ad343d655e4bbb1574ccbb4173b72dadfd 09-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] Split the MallocChecker into two versions - pessimistic and
optimistic.

TODO: actually implement the pessimistic version of the checker. Ex: it
needs to assume that any function that takes a pointer might free it.

The optimistic version relies on annotations to tell us which functions
can free the pointer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150111 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b319e029a6a05a76023c1bb1ce77a6d567457838 08-Feb-2012 Anna Zaks <ganna@apple.com> [analyzer] MallocChecker: convert from using evalCall to
post visit of CallExpr.

In general, we should avoid using evalCall as it leads to interference
with other checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150086 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f7ccbad5d9949e7ddd1cbef43d482553b811e026 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import SmallString<> into clang namespace

(I was going to fix the TODO about DenseMap too, but
that would break self-host right now. See PR11922.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149799 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
6f42b62b6194f53bcbc349f5d17388e1936535d7 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import OwningPtr<> into clang namespace

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
8fe83e1df954d72c0f4ffc15d20a5222ec151c21 04-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Move a method from IdentifierTable.h out of line and remove the SmallString include.

Fix all the transitive include users.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149783 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
00bd44d5677783527d7517c1ffe45e4d75a0f56f 04-Feb-2012 Benjamin Kramer <benny.kra@googlemail.com> Move various diagnostic operator<< overloads out of line and remove includes of Diagnostic.h.

Fix all the files that depended on transitive includes of Diagnostic.h.
With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149781 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
8bef8238181a30e52dea380789a7e2d760eac532 26-Jan-2012 Ted Kremenek <kremenek@apple.com> Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
561d3abc881033776ece385a01a510e1cbc1fa92 17-Jan-2012 David Blaikie <dblaikie@gmail.com> Remove unnecessary default cases in switches over enums.

This allows -Wswitch-enum to find switches that need updating when these enums are modified.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148281 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5eca482fe895ea57bc82410222e6426c09e63284 06-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 05-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars

* invalidated by functions defined in system headers:
B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e3659a78a96da3b9a5a90fa84c96078a84f0f3e3 05-Jan-2012 Ted Kremenek <kremenek@apple.com> Fix 80 col violations.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147566 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b805c8ff133ef0c62df032fa711d6b13c5afd7f4 01-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor checkers to use helper function for getting callee Decl and name.

We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145576 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
0bd6b110e908892d4b5c8671a9f435a1d72ad16a 26-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Rename generateNode -> addTransition in CheckerContext

Also document addTransition methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@143059 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
063e0887ad65d666d23ee3178436ad6507abbd1b 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Simplify CheckerContext

Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142946 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
af498a28797c075c48d7e943df5f5a8e78ed8eb0 25-Oct-2011 Anna Zaks <ganna@apple.com> [analyze] Convert EndOfPath callback to use CheckerContext

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142943 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
b8989f27f116ff2400e92a52c067a69846119eb5 14-Oct-2011 Benjamin Kramer <benny.kra@googlemail.com> Change operator<< for raw_ostream and NamedDecl to take a reference instead of a pointer.

Passing a pointer was a bad idea as it collides with the overload for void*.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141971 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
390909c89c98ab1807e15e033a72e975f866fb23 06-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Remove the dependency on CheckerContext::getStmt() as well as the method itself.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141262 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5d0ea6d62e076c776ddad028c4eb615783be1323 04-Oct-2011 Anna Zaks <ganna@apple.com> [analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141112 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
d56763fd33321cb3d0f17804abecb379cea78c01 01-Sep-2011 Zhongxing Xu <xuzhongxing@foxmail.com> If size was equal to 0, either NULL or a pointer suitable to be passed to
free() is returned by realloc(). Most code expect NULL.

And we only need to transfer one final ProgramState.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138937 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e172e8b9e7fc67d7d03589af7e92fe777afcf33a 18-Aug-2011 Anna Zaks <ganna@apple.com> Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137894 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672 16-Aug-2011 Ted Kremenek <kremenek@apple.com> Rename GRState to ProgramState, and cleanup some code formatting along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9c378f705405d37f49795d5e915989de774fe11f 13-Aug-2011 Ted Kremenek <kremenek@apple.com> Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
217470e07582a83b7cdc99e439f82eaeeeeb2262 29-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136418 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
5f9e272e632e951b1efe824cd16acb4d96077930 23-Jul-2011 Chris Lattner <sabre@nondot.org> remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
4d8d803b06804defe25346871c7beb6096540c4a 27-Apr-2011 Lenny Maiorani <lenny@colorado.edu> More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.

Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks!



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130303 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
2bfa3019b8fb35931ca4927feaf25d39161b423e 02-Apr-2011 Zhongxing Xu <xuzhongxing@gmail.com> Remove a redundant method. We have a const version.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128762 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ec8605f1d7ec846dbf51047bfd5c56d32d1ff91c 01-Mar-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Rename CheckerV2 -> Checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126726 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
312dbec867f6b8d6b86fd562c53352cd4db27468 28-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Migrate MallocChecker to CheckerV2.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126606 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f178ac8b68b29e44867777232ba8fee59edc4037 23-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Refactor EndOfFunctionNodeBuilder.

-Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a
checker tag and not require the checkers to pass a tag.
-For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since
there are actual calls that assume the second parameter is ExplodedNode.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126332 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
6810630bb00ba2944cbeb54834f38f69dbddfd7f 17-Feb-2011 Chris Lattner <sabre@nondot.org> simplify a bit.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125724 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
9b663716449b618ba0390b1dbebc54fa8e971124 10-Feb-2011 Ted Kremenek <kremenek@apple.com> Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.

This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
af1a9330ffc0757e1534206f4f50eb420ef57b23 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.h

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125122 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
ba37d3b2ef37c3591a4f673215d78cb9cc928de3 13-Jan-2011 Ted Kremenek <kremenek@apple.com> Remove unnecessary save-and-restore of the
node builder's 'HasGeneratedNode' field.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123362 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
f7fbbda62705352a53ac3b495a1128946a34ced3 11-Jan-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Add 'isLoad' parameter in Checker::visitLocation() to conveniently distinguish between loads/stores.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123261 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
e36de1fe51c39d9161915dd3dbef880954af6476 11-Jan-2011 Ted Kremenek <kremenek@apple.com> Rename misc. methods in GRSubEngine to start
with a lower-case letter. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@123211 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp
21142581d55918beed544a757e4af3bb865b1812 23-Dec-2010 Ted Kremenek <kremenek@apple.com> Chris Lattner has strong opinions about directory
layout. :)

Rename the 'EntoSA' directories to 'StaticAnalyzer'.

Internally we will still use the 'ento' namespace
for the analyzer engine (unless there are further
sabre rattlings...).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@122514 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/MallocChecker.cpp