Cross Reference: /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ef8225444452a1486bd721f3285301fe84643b00	21-Jul-2014	Stephen Hines <srhines@google.com>	Update Clang for rebase to r212749. This also fixes a small issue with arm_neon.h not being generated always. Includes a cherry-pick of: r213450 - fixes mac-specific header issue r213126 - removes a default -Bsymbolic on Android Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89	29-May-2014	Stephen Hines <srhines@google.com>	Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
651f13cea278ec967336033dd032faef0e9fc2ec	24-Apr-2014	Stephen Hines <srhines@google.com>	Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f	28-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make inlining decisions based on the callee being variadic. ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
95ab9e306f4deefeabd89ea61987f4a8d67e0890	02-Sep-2013	Pavel Labath <labath@google.com>	[analyzer] Add very limited support for temporary destructors This is an improved version of r186498. It enables ExprEngine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors. Now, the analyzer correctly handles expressions like "a \|\| A()", and executes the destructor of "A" only on the paths where "a" evaluted to false. Temporary destructor processing is still off by default and one has to explicitly request it by setting cfg-temporary-dtors=true. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1259 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189746 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
24146975f1af8c1b4b14e8545f218129d0e7dfeb	22-Aug-2013	Eli Friedman <eli.friedman@gmail.com>	Split isFromMainFile into two functions. Basically, isInMainFile considers line markers, and isWrittenInMainFile doesn't. Distinguishing between the two is useful when dealing with files which are preprocessed files or rewritten with -frewrite-includes (so we don't, for example, print useless warnings). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188968 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
9815ec0a00fe04db92e51a4160fc905f6cd48f30	23-Jul-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Add very limited support for temporary destructors" The analyzer doesn't currently expect CFG blocks with terminators to be empty, but this can happen when generating conditional destructors for a complex logical expression, such as (a && (b \|\| Temp{})). Moreover, the branch conditions for these expressions are not persisted in the state. Even for handling noreturn destructors this needs more work. This reverts r186498. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186925 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ac7cc2d37e82181e73fcc265c1d0a619d18b7605	19-Jul-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Include analysis stack in crash traces. Sample output: 0. Program arguments: ... 1. <eof> parser at end of file 2. While analyzing stack: #0 void inlined() #1 void test() 3. crash-trace.c:6:3: Error evaluating statement git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186639 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
046e79a425bfa82b480b8a07ce11d96391fa0a9b	17-Jul-2013	Pavel Labath <labath@google.com>	[analyzer] Add very limited support for temporary destructors Summary: This patch enables ExprEndgine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors and close bug #15599. I have also enabled the cfg-temporary-dtors analyzer option by default. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1131 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186498 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
50fa64d4411a42e0b4f373a84d8d4f5cbf339ea3	17-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline ~shared_ptr. The analyzer can't see the reference count for shared_ptr, so it doesn't know whether a given destruction is going to delete the referenced object. This leads to spurious leak and use-after-free warnings. For now, just ban destructors named '~shared_ptr', which catches std::shared_ptr, std::tr1::shared_ptr, and boost::shared_ptr. PR15987 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182071 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
776d3bb65c90278b9c65544b235d2ac40aea1d6e	02-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline the [cd]tors of C++ iterators. This goes with r178516, which instructed the analyzer not to inline the constructors and destructors of C++ container classes. This goes a step further and does the same thing for iterators, so that the analyzer won't falsely decide we're trying to construct an iterator pointing to a nonexistent element. The heuristic for determining whether something is an iterator is the presence of an 'iterator_category' member. This is controlled under the same -analyzer-config option as container constructor/destructor inlining: 'c++-container-inlining'. <rdar://problem/13770187> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180890 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ecee1651c100342366a9417c85c6e50399039930	03-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Better model for copying of array fields in implicit copy ctors. - Find the correct region to represent the first array element when constructing a CXXConstructorCall. - If the array is trivial, model the copy with a primitive load/store. - Don't warn about the "uninitialized" subscript in the AST -- we don't use the helper variable that Sema provides. <rdar://problem/13091608> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178602 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
c63a460d78a7625ff38d2b3580f78030c44f07db	02-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] For now, don't inline [cd]tors of C++ containers. This is a heuristic to make up for the fact that the analyzer doesn't model C++ containers very well. One example is modeling that 'std::distance(I, E) == 0' implies 'I == E'. In the future, it would be nice to model this explicitly, but for now it just results in a lot of false positives. The actual heuristic checks if the base type has a member named 'begin' or 'iterator'. If so, we treat the constructors and destructors of that type as opaque, rather than inlining them. This is intended to drastically reduce the number of false positives reported with experimental destructor support turned on. We can tweak the heuristic in the future, but we'd rather err on the side of false negatives for now. <rdar://problem/13497258> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178516 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
c9092bb5eb67d859122abb69a0ef61e9249500cd	02-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Cache whether a function is generally inlineable. Certain properties of a function can determine ahead of time whether or not the function is inlineable, such as its kind, its signature, or its location. We can cache this value in the FunctionSummaries map to avoid rechecking these static properties for every call. Note that the analyzer may still decide not to inline a specific call to a function because of the particular dynamic properties of the call along the current path. No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178515 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8a660eb1084294a903f6dcc00bf2fa4e3bc92cfc	26-Mar-2013	Anna Zaks <ganna@apple.com>	[analyzer] Change inlining policy to inline small functions when reanalyzing ObjC methods as top level. This allows us to better reason about(inline) small wrapper functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178063 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
a8d937e4bdd39cdf503f77454e9dc4c9c730a9f7	16-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Model trivial copy/move assignment operators with a bind as well. r175234 allowed the analyzer to model trivial copy/move constructors as an aggregate bind. This commit extends that to trivial assignment operators as well. Like the last commit, one of the motivating factors here is not warning when the right-hand object is partially-initialized, which can have legitimate uses. <rdar://problem/13405162> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177220 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
42f2309f739549bead6e5a6c34fd1be4d087998f	25-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's code review of r175857. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176043 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8dadf15224f1a8df96793e5fc4e0b0e38a5ffbe4	22-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Place all inlining policy checks into one palce Previously, we had the decisions about inlining spread out over multiple functions. In addition to the refactor, this commit ensures that we will always inline BodyFarm functions as long as the Decl is available. This fixes false positives due to those functions not being inlined when no or minimal inlining is enabled such (as shallow mode). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175857 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
7a95de68c093991047ed8d339479ccad51b88663	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace ProgramPoint llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
bc403861bc4e6f7ad1371e9e129f0f25b38b3a9a	15-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...after a host of optimizations related to the use of LazyCompoundVals (our implementation of aggregate binds). Originally applied in r173951. Reverted in r174069 because it was causing hangs. Re-applied in r174212. Reverted in r174265 because it was /still/ causing hangs. If this needs to be reverted again it will be punted to far in the future. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175234 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
2a3fe34b4a2a1b6ceab8838b896435378ae0e692	02-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." ...again. The problem has not been fixed and our internal buildbot is still getting hangs. This reverts r174212, originally applied in r173951, then reverted in r174069. Will not re-apply until the entire project analyzes successfully on my local machine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174265 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
453cb859a3c8dcafe79ae840dfc35ff8eae1b4b3	02-Feb-2013	Anna Zaks <ganna@apple.com>	[analyzer] Always inline functions with bodies generated by BodyFarm. Inlining these functions is essential for correctness. We often have cases where we do not inline calls. For example, the shallow mode and when reanalyzing previously inlined ObjC methods as top level. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174245 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
5500fc193af4b786bbbbee6ece743f523448e90b	01-Feb-2013	Jordan Rose <jordan_rose@apple.com>	Re-apply "[analyzer] Model trivial copy/move ctors with an aggregate bind." With the optimization in the previous commit, this should be safe again. Originally applied in r173951, then reverted in r174069. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174212 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
33e83b6cf776875be5716d214710717a898325c0	31-Jan-2013	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Model trivial copy/move ctors with an aggregate bind." It's causing hangs on our internal analyzer buildbot. Will restore after investigating. This reverts r173951 / baa7ca1142990e1ad6d4e9d2c73adb749ff50789. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174069 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
6bbe1442a5f3f5f761582a9005e9edf1d49c4da2	30-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Use analyzer config for max-inlinable-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173957 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
baa7ca1142990e1ad6d4e9d2c73adb749ff50789	30-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Model trivial copy/move ctors with an aggregate bind. This is faster for the analyzer to process than inlining the constructor and performing a member-wise copy, and it also solves the problem of warning when a partially-initialized POD struct is copied. Before: CGPoint p; p.x = 0; CGPoint p2 = p; <-- assigned value is garbage or undefined After: CGPoint p; p.x = 0; CGPoint p2 = p; // no-warning This matches our behavior in C, where we don't see a field-by-field copy. <rdar://problem/12305288> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173951 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
bfa9ab8183e2fdc74f8633d758cb0c6201314320	25-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] Replace "-analyzer-ipa" with "-analyzer-config ipa". The idea is to eventually place all analyzer options under "analyzer-config". In addition, this lays the ground for introduction of a high-level analyzer mode option, which will influence the default setting for IPAMode. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173385 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
73f0563009a6715a5d3d41f664f5bfab5096d51f	25-Jan-2013	Anna Zaks <ganna@apple.com>	[analyzer] refactor: access IPAMode through the accessor. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@173384 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
bdc691f1d61765dd806d5ae3b75ae004f676a7c9	14-Jan-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add ProgramStatePartialTrait<const void *>. This should fix cast-away-const warnings reported by David Greene. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172446 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
7959671d456c916706a5f61af609d8f1fc95decf	17-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Implement "do not inline large functions many times" performance heuristic After inlining a function with more than 13 basic blocks 32 times, we are not going to inline it anymore. The idea is that inlining large functions leads to drastic performance implications. Since the function has already been inlined, we know that we've analyzed it in many contexts. The following metrics are used: - Large function is a function with more than 13 basic blocks (we should switch to another metric, like cyclomatic complexity) - We consider that we've inlined a function many times if it's been inlined 32 times. This number is configurable with -analyzer-config max-times-inline-large=xx This heuristic addresses a performance regression introduced with inlining on one benchmark. The analyzer on this benchmark became 60 times slower with inlining turned on. The heuristic allows us to analyze it in 24% of the time. The performance improvements on the other benchmarks I've tested with are much lower - under 10%, which is expected. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170361 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
75f31c4862643ab09479c979fabf754e7ffe1460	07-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Optimization heuristic: do not reanalyze every ObjC method as top level. This heuristic is already turned on for non-ObjC methods (inlining-mode=noredundancy). If a method has been previously analyzed, while being inlined inside of another method, do not reanalyze it as top level. This commit applies it to ObjCMethods as well. The main caveat here is that to catch the retain release errors, we are still going to reanalyze all the ObjC methods but without inlining turned on. Gives 21% performance increase on one heavy ObjC benchmark, which suffered large performance regressions due to ObjC inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169639 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
4ecca28e20410f5e2816c5ddff5cdeaf45fb74b5	06-Dec-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use a smarter algorithm to find the last block in an inlined call. Previously we would search for the last statement, then back up to the entrance of the block that contained that statement. Now, while we're scanning for the statement, we just keep track of which blocks are being exited (in reverse order). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169526 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
63bc186d6ac0b44ba4ec6fccb5f471b05c79b666	15-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Report leaks at the closing brace of a function body. This fixes a few cases where we'd emit path notes like this: +---+ 1\| v p = malloc(len); ^ \|2 +---+ In general this should make path notes more consistent and more correct, especially in cases where the leak happens on the false branch of an if that jumps directly to the end of the function. There are a couple places where the leak is reported farther away from the cause; these are usually cases where there are several levels of nested braces before the end of the function. This still matches our current behavior for when there /is/ a statement after all the braces, though. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168070 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
84c484545c5906ba55143e212b4a5275ab55889f	15-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Mark symbol values as dead in the environment. This allows us to properly remove dead bindings at the end of the top-level stack frame, using the ReturnStmt, if there is one, to keep the return value live. This in turn removes the need for a check::EndPath callback in leak checkers. This does cause some changes in the path notes for leak checkers. Previously, a leak would be reported at the location of the closing brace in a function. Now, it gets reported at the last statement. This matches the way leaks are currently reported for inlined functions, but is less than ideal for both. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168066 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
bae930d4c69a624881e66f1628ee615e149362f7	13-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's feedback for r167780. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167790 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
d51db4935736fd943bfd46dfa74d41e9a3c2d41f	13-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Follow up to r167762 - precisely determine the adjustment conditions. The adjustment is needed only in case of dynamic dispatch performed by the analyzer - when the runtime declaration is different from the static one. Document this explicitly in the code (by adding a helper). Also, use canonical Decls to avoid matching against the case where the definition is different from found declaration. This fix suppresses the testcase I added in r167762, so add another testcase to make sure we do test commit r167762. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167780 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e7ad14e18247ec6fc3d46b208829e3dac6d85a1d	12-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix a regression (from r 165079): compare canonical types. Suppresses a leak false positive (radar://12663777). In addition, we'll need to rewrite the adjustReturnValue() method not to return UnknownVal by default, but rather assert in cases we cannot handle. To make it possible, we need to correctly handle some of the edge cases we already know about. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167762 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
40d8551890bc8454c4e0a28c9072c9c1d1dd588a	05-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Move convenience REGISTER_*_WITH_PROGRAMSTATE to CheckerContext.h As Anna pointed out, ProgramStateTrait.h is a relatively obscure header, and checker writers may not know to look there to add their own custom state. The base macro that specializes the template remains in ProgramStateTrait.h (REGISTER_TRAIT_WITH_PROGRAMSTATE), which allows the analyzer core to keep using it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167385 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
0a591c242b867844d483091cae546e294bbee312	03-Nov-2012	NAKAMURA Takumi <geek4civic@gmail.com>	StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp: Appease msvc. 0 (as nullptr) is incompatible to pointer in type matching on msvc. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167355 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb	03-Nov-2012	Anna Zaks <ganna@apple.com>	[analyzer] Run remove dead on end of path. This will simplify checkers that need to register for leaks. Currently, they have to register for both: check dead and check end of path. I've modified the SymbolReaper to consider everything on the stack dead if the input StackLocationContext is 0. (This is a bit disruptive, so I'd like to flash out all the issues asap.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
166d502d5367ceacd1313a33cac43b1048b8524d	02-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list). Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h. This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait, but it does get a lot of them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
48314cf6a289bc5a082d8c769c58a38f924c93b7	03-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Adjust the return type of an inlined devirtualized method call. In C++, overriding virtual methods are allowed to specify a covariant return type -- that is, if the return type of the base method is an object pointer type (or reference type), the overriding method's return type can be a pointer to a subclass of the original type. The analyzer was failing to take this into account when devirtualizing a method call, and anything that relied on the return value having the proper type later would crash. In Objective-C, overriding methods are allowed to specify ANY return type, meaning we can NEVER be sure that devirtualizing will give us a "safe" return value. Of course, a program that does this will most likely crash at runtime, but the analyzer at least shouldn't crash. The solution is to check and see if the function/method being inlined is the function that static binding would have picked. If not, check that the return value has the same type. If the types don't match, see if we can fix it with a derived-to-base cast (the C++ case). If we can't, return UnknownVal to avoid crashing later. <rdar://problem/12409977> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165079 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
622b6fb0a1d280c16e135c7e427b79cafffbde1f	01-Oct-2012	Ted Kremenek <kremenek@apple.com>	Have AnalyzerOptions::getBooleanOption() stick the matching config string in the config table so that it can be dumped as part of the config dumper. Add a test to show that these options are sticking and can be cross-checked using FileCheck. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164954 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
0504a598a5dc8f3f45e79d4f8ea206a926507859	01-Oct-2012	Jordan Rose <jordan_rose@apple.com>	Reapply "[analyzer] Handle inlined constructors for rvalue temporaries correctly." This is related to but not blocked by <rdar://problem/12137950> ("Return-by-value structs do not have associated regions") This reverts r164875 / 3278d41e17749dbedb204a81ef373499f10251d7. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164952 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
846c898cebf02cb753125633c52e0d1d7fd94b4b	29-Sep-2012	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Handle inlined constructors for rvalue temporaries correctly." This reverts commit 580cd17f256259f39a382e967173f34d68e73859. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164875 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
580cd17f256259f39a382e967173f34d68e73859	28-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle inlined constructors for rvalue temporaries correctly. Previously the analyzer treated all inlined constructors like lvalues, setting the value of the CXXConstructExpr to the newly-constructed region. However, some CXXConstructExprs behave like rvalues -- in particular, the implicit copy constructor into a pass-by-value argument. In this case, we want only the /contents/ of a temporary object to be passed, so that we can use the same "copy each argument into the parameter region" algorithm that we use for scalar arguments. This may change when we start modeling destructors of temporaries, but for now this is the last part of <rdar://problem/12137950>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164830 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ddc0c4814788dda4ef224cd4d22d07154a6ede49	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Simplify getRuntimeDefinition() back to taking no arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
a43df9539644bf1c258e12710cd69d79b0b078cd	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Implement faux-body-synthesis of well-known functions in the static analyzer when their implementations are unavailable. Start by simulating dispatch_sync(). This change is largely a bunch of plumbing around something very simple. We use AnalysisDeclContext to conjure up a fake function body (using the current ASTContext) when one does not exist. This is controlled under the analyzer-config option "faux-bodies", which is off by default. The plumbing in this patch is largely to pass the necessary machinery around. CallEvent needs the AnalysisDeclContextManager to get the function definition, as one may get conjured up lazily. BugReporter and PathDiagnosticLocation needed to be relaxed to handle invalid locations, as the conjured body has no real source locations. We do some primitive recovery in diagnostic generation to generate some reasonable locations (for arrows and events), but it can be improved. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
4ea9b89ff6dc50d5404eb56cad5e5870bce49ef2	11-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not count calls to small functions when computing stack depth. We only want to count how many substantial functions we inlined. This is an improvement to r163558. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163571 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
57330eed3fbe530cb05996e4a346cc5fc217c0d9	11-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add an option to enable/disable objc inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163562 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
7229d0011766c174beffe6a846d78f448f845b39	11-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add ipa-always-inline-size option (with 3 as the default). The option allows to always inline very small functions, whose size (in number of basic blocks) is set using -analyzer-config ipa-always-inline-size option. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163558 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
81fb50e8b120fc95dc0245b4112972d4d7cca3b5	10-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] For now, don't inline C++ standard library functions. This is a (heavy-handed) solution to PR13724 -- until we know we can do a good job inlining the STL, it's best to be consistent and not generate more false positives than we did before. We can selectively whitelist certain parts of the 'std' namespace that are known to be safe. This is controlled by analyzer config option 'c++-stdlib-inlining', which can be set to "true" or "false". This commit also adds control for whether or not to inline any templated functions (member or non-member), under the config option 'c++-template-inlining'. This option is currently on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163548 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
9eb214a691663a04ee61197e7d605128c85e09f7	01-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Silence unused variable warnings in NDEBUG builds. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163073 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
de5277fc555551857602bd7a7e5e616274e2d4a6	31-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Though C++ inlining is enabled, don't inline ctors and dtors. More generally, this adds a new configuration option 'c++-inlining', which controls which C++ member functions can be considered for inlining. This uses the new -analyzer-config table, so the cc1 arguments will look like this: ... -analyzer-config c++-inlining=[none\|methods\|constructors\|destructors] Note that each mode implies that all the previous member function kinds will be inlined as well; it doesn't make sense to inline destructors without inlining constructors, for example. The default mode is 'methods'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163004 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
fbcb3f11fc90e9f00e6074e9b118b8dc11ca604c	31-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Refactor the logic that determines if a functions should be reanalyzed. The policy on what to reanalyze should be in AnalysisConsumer with the rest of visitation order logic. There is no reason why ExprEngine needs to pass the Visited set to CoreEngine, it can populate it itself. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162957 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
255d4d4226b24036ceb11228fbb74286e58620f7	30-Aug-2012	Ted Kremenek <kremenek@apple.com>	Store const& to AnalyzerOptions in AnalysisManager instead of copying individual flags. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162929 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
632e5022f68fcae3b68bbc90538a60f3ba20229f	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] When we look for the last stmt in a function, skip implicit dtors. When exiting a function, the analyzer looks for the last statement in the function to see if it's a return statement (and thus bind the return value). However, the search for "the last statement" was accepting statements that were in implicitly-generated inlined functions (i.e. destructors). So we'd go and get the statement from the destructor, and then say "oh look, this function had no explicit return...guess there's no return value". And /that/ led to the value being returned being declared dead, and all our leak checkers complaining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162791 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
65e209ad795aeb3908760a45b1cbda0748cc0658	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't purge dead symbols at the end of calls if -analyzer-purge=none. No test case since this is a debug option that we will never turn on by default since it makes the leak checkers much less useful. (We'll only report leaks at the end of analysis if -analyzer-purge=none.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162772 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
6fe4dfbc9e5a7018763b1d898876d9b2b8ec3425	27-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline constructors for objects allocated with operator new. Because the CXXNewExpr appears after the CXXConstructExpr in the CFG, we don't actually have the correct region to construct into at the time we decide whether or not to inline. The long-term fix (discussed in PR12014) might be to introduce a new CFG node (CFGAllocator) that appears before the constructor. Tracking the short-term fix in <rdar://problem/12180598>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162689 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
210f5a28227c90d739298e3e6729e827858fe397	27-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] More internal stats collection. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162687 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
c210cb7a358d14cdd93b58562f33ff5ed2d895c1	27-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Inline constructors for any object with a trivial destructor. This allows us to better reason about status objects, like Clang's own llvm::Optional (when its contents are trivially destructible), which are often intended to be passed around by value. We still don't inline constructors for temporaries in the general case. <rdar://problem/11986434> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162681 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
66c486f275531df6362b3511fc3af6563561801b	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'currentX' to 'currX' throughout analyzer and libAnalysis. Also rename 'getCurrentBlockCounter()' to 'blockCount()'. This ripples a bunch of code simplifications; mostly aesthetic, but makes the code a bit tighter. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162349 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995	22-Aug-2012	Ted Kremenek <kremenek@apple.com>	Rename 'getConjuredSymbol' to 'conjureSymbol'. No need to have the "get", the word "conjure" is a verb too! Getting a conjured symbol is the same as conjuring one up. This shortening is largely cosmetic, but just this simple changed cleaned up a handful of lines, making them less verbose. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
12e2fb0db76ca2705ce5169e04d9cd52762fc685	22-Aug-2012	Matt Beaumont-Gay <matthewbg@google.com>	Add an llvm_unreachable to pacify GCC's -Wreturn-type. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162325 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
c568e2f801a62e442cbbd823b71f70175715661f	21-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Set the default IPA mode to 'basic-inlining', which excludes C++. Under -analyzer-ipa=basic-inlining, only C functions, blocks, and C++ static member functions are inlined -- essentially, the calls that behave like simple C function calls. This is essentially the behavior in Xcode 4.4. C++ support still has some rough edges, and we don't want users to be worried about them if they download and run their own checker. (In particular, the massive number of false positives for analyzing LLVM comes from inlining defensively-written code in contexts where more aggressive assumptions are implicitly made. This problem is not unique to C++, but it is exacerbated by the higher proportion of code that lives in header files in C++.) The eventual goal is to be comfortable enough with C++ support (and simple Objective-C support) to advance to -analyzer-ipa=inlining as the default behavior. See the IPA design notes for more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162318 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
da29ac527063fc9714547088bf841bfa30557bf0	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Even if we are not inlining a virtual call, still invalidate! Fixes a mistake introduced in r161916. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161987 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
4e79fdfe22db1c982e8fdf8397fee426a8c57821	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Correctly devirtualize virtual method calls in constructors. This is the other half of C++11 [class.cdtor]p4 (the destructor side was added in r161915). This also fixes an issue with post-call checks where the 'this' value was already being cleaned out of the state, thus being omitted from a reconstructed CXXConstructorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161981 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
b763ede873c23c8651bd18eba0c62e929b496ba5	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline dynamic-dispatch methods unless -analyzer-ipa=dynamic. Previously we were checking -analyzer-ipa=dynamic-bifurcate only, and unconditionally inlining everything else that had an available definition, even under -analyzer-ipa=inlining (but not under -analyzer-ipa=none). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161916 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
645baeed6800f952e9ad1d5666e01080385531a2	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall. While there is now some duplication between SimpleCall and the CXXInstanceCall sub-hierarchy, this is much better than copy-and-pasting the devirtualization logic shared by both instance methods and destructors. An unfortunate side effect is that there is no longer a single CallEvent type that corresponds to "calls written as CallExprs". For the most part this is a good thing, but the checker callback eval::Call still takes a CallExpr rather than a CallEvent (since we're not sure if we want to allow checkers to evaluate other kinds of calls). A mistake here will be caught by a cast<> in CheckerManager::runCheckersForEvalCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161809 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
6960f6e53b0d9a69a460c99ec199470271ff9603	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Clarify the values in Dyn. Dispatch Bifurcation map. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161616 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
5960f4aeac9760198c80e05d70d8dadb1db0ff0e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Improve readability of the dyn. dispatch bifurcation patch r161552. As per Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161603 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
fc05decf08feefd2ffe8cc250219aee6eab3119c	09-Aug-2012	Anna Zaks <ganna@apple.com>	Unbreak the build. Declaring "const Decl *Decl" is not a good idea. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161567 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e90d3f847dcce76237078b67db8895eb7a24189e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Bifurcate the path with dynamic dispatch. This is an initial (unoptimized) version. We split the path when inlining ObjC instance methods. On one branch we always assume that the type information for the given memory region is precise. On the other we assume that we don't have the exact type info. It is important to check since the class could be subclassed and the method can be overridden. If we always inline we can loose coverage. Had to refactor some of the call eval functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
2f9c40a915593849f6b0f5c4de516e2f597d0d66	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Control C++ inlining with a macro in ExprEngineCallAndReturn.cpp. For now this will stay on, but this way it's easy to switch off if we need to pull back our support for a while. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161064 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ef15831780b705475e7b237ac16418e9b53cb7a6	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Let CallEvent decide what goes in an inital stack frame. This removes explicit checks for 'this' and 'self' from Store::enterStackFrame. It also removes getCXXThisRegion() as a virtual method on all CallEvents; it's now only implemented in the parts of the hierarchy where it is relevant. Finally, it removes the option to ask for the ParmVarDecls attached to the definition of an inlined function, saving a recomputation of the result of getRuntimeDefinition(). No visible functionality change! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161017 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
57c033621dacd8720ac9ff65a09025f14f70e22f	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Perform post-call checks for all inlined calls. Previously, we were only checking the origin expressions of inlined calls. Checkers using the generic postCall and older postObjCMessage callbacks were ignored. Now that we have CallEventManager, it is much easier to create a CallEvent generically when exiting an inlined function, which we can then use for post-call checks. No test case because we don't (yet) have any checkers that depend on this behavior (which is why it hadn't been fixed before now). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161005 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e13056a8bb532ddfdc07952a13169aa422bacd3b	30-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add -analyzer-ipa=dynamic option for inlining dynamically dispatched methods. Disabled by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160988 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
d563d3fb73879df7147b8a5302c3bf0e1402ba18	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Only allow CallEvents to be created by CallEventManager. This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
979f098cfa808cc9236b39658cc3757a39dfa459	27-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use a stack-based local AGAIN to fix the build for real. It's a good thing CallEvents aren't created all over the place yet. I checked all the uses this time and the private copy constructor /really/ shouldn't cause any more problems. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160845 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e460c46c5d602f65354cab0879c458890273591c	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't crash on array constructors and destructors. This workaround is fairly lame: we simulate the first element's constructor and destructor and rely on the region invalidation to "initialize" the rest of the elements. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160809 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
3a0a9e3e8bbaa45f3ca22b1e20b3beaac0f5861e	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle C++ member initializers and destructors. This uses CFG to tell if a constructor call is for a member, and uses the member's region appropriately. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160808 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
888c90ac0ef6baf7d47e86cf5cc4715707d223b1	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle base class initializers and destructors. Most of the logic here is fairly simple; the interesting thing is that we now distinguish complete constructors from base or delegate constructors. We also make sure to cast to the base class before evaluating a constructor or destructor, since non-virtual base classes may behave differently. This includes some refactoring of VisitCXXConstructExpr and VisitCXXDestructor in order to keep ExprEngine.cpp as clean as possible (leaving the details for ExprEngineCXX.cpp). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160806 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
183ba8e19d49ab1ae25d3cdd0a19591369c5ab9f	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Show paths for destructor calls. This modifies BugReporter and friends to handle CallEnter and CallExitEnd program points that came from implicit call CFG nodes (read: destructors). This required some extra handling for nested implicit calls. For example, the added multiple-inheritance test case has a call graph that looks like this: testMultipleInheritance3 ~MultipleInheritance ~SmartPointer ~Subclass ~SmartPointer *bug here* In this case we correctly notice that we started in an inlined function when we reach the CallEnter program point for the second ~SmartPointer. However, when we reach the next CallEnter (for ~Subclass), we were accidentally re-using the inner ~SmartPointer call in the diagnostics. Rather than guess if we saw the corresponding CallExitEnd based on the contents of the active path, we now just ask the PathDiagnostic if there's any known stack before popping off the top path. (A similar issue could have occured without multiple inheritance, but there wasn't a test case for it.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160804 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
da5fc53d6b024872c4c1d2c8c5da11e08bf116aa	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Inline ctors + dtors when the CFG is built for them. At the very least this means initializer nodes for constructors and automatic object destructors are present in the CFG. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160803 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
9dc5167e4017ef4c8b327abb6f72225eec2e0f19	26-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Inline ObjC class methods. - Some cleanup(the TODOs) will be done after ObjC method inlining is complete. - Simplified CallEvent::getDefinition not to require ISDynamicDispatch parameter. - Also addressed Jordan's comments from r160530. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160768 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e81ce256b62717dd846bd19aecc4115a0dcd4995	20-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Refactor VisitObjCMessage and VisitCallExpr to rely on the same implementation for call evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160530 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8919e688dc610d1f632a4d43f7f1489f67255476	18-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall. As pointed out by Anna, we only differentiate between explicit message sends This also adds support for ObjCSubscriptExprs, which are basically the same as properties in many ways. We were already checking these, but not emitting nice messages for them. This depends on the llvm::PointerIntPair change in r160456. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160461 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
c36b30c92c78b95fd29fb5d9d6214d737b3bcb02	12-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't inline virtual calls unless we can devirtualize properly. Previously we were using the static type of the base object to inline methods, whether virtual or non-virtual. Now, we try to see if the base object has a known type, and if so ask for its implementation of the method. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160094 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
48b6247804eacc262cc5508e0fbb74ed819fbb6e	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Construct stack variables directly in their VarDecl. Also contains a number of tweaks to inlining that are necessary for constructors and destructors. (I have this enabled on a private branch, but it is very much unstable.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160023 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use CallEvent for building inlined stack frames. In order to accomplish this, we now build the callee's stack frame as part of the CallEnter node, rather than the subsequent BlockEdge node. This should not have any effect on perceived behavior or diagnostics. This makes it safe to re-enable inlining of member overloaded operators. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
852aa0d2c5d2d1faf2d77b5aa3c0848068a342c5	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make CallEnter, CallExitBegin, and CallExitEnd not be StmtPoints These ProgramPoints are used in inlining calls, and not all calls have associated statements anymore. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8d276d38c258dfc572586daf6c0e8f8fce249c0e	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a CXXDestructorCall CallEvent. While this work is still fairly tentative (destructors are still left out of the CFG by default), we now handle destructors in the same way as any other calls, instead of just automatically trying to inline them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160020 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
28038f33aa2db4833881fea757a1f0daf85ac02b	11-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints. These are currently unused, but are intended to be used in lieu of PreStmt and PostStmt when the call is implicit (e.g. an automatic object destructor). This also modifies the Data1 field of ProgramPoints to allow storing any pointer-sized value, as opposed to only aligned pointers. This is necessary to store SourceLocations. There is currently no BugReporter support for these; they should be skipped over in any diagnostic output. This commit also tags checkers that currently rely on function calls only occurring at StmtPoints. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ee158bc29bc12ce544996f7cdfde14aba63acf4d	09-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] When inlining, make sure we use the definition decl. This was a regression introduced during the CallEvent changes; a call to FunctionDecl::hasBody was also being used to replace the decl found by lookup with the actual definition. To keep from making this mistake again (particularly if/when we start inlining Objective-C methods), this commit adds a "getDefinition()" method to CallEvent, which should do the right thing under any circumstances. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159940 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
fdaa33818cf9bad8d092136e73bd2e489cb821ba	04-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] For now, don't inline non-static member overloaded operators. Our current inlining support (specifically RegionStore::enterStackFrame) doesn't know that calls to overloaded operators may be calls to non-static member functions, and that in these cases the first argument should be treated as 'this'. This caused incorrect results and sometimes crashes. The long-term fix will be to rewrite RegionStore::enterStackFrame to use CallEvent and its subclasses, but for now we can just disable these problematic calls by classifying them under a new CallEvent, CXXMemberOperatorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159692 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
70cbf3cc09eb21db1108396d30a414ea66d842cc	03-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Introduce CXXAllocatorCall to handle placement arg invalidation. This is NOT full-blown support for operator new, but removes some nasty duplicated code introduced in r158784. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159608 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
d4aeb8050a1d0fe47c53a73361c8b0b8ac310f46	02-Jul-2012	Ted Kremenek <kremenek@apple.com>	Bail out the LiveVariables analysis when the CFG is very large, as we are encountering some scalability issues with memory usage. The appropriate long term fix is to make the analysis more scalable, but this will at least prevent the analyzer swapping when analyzing very large functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159578 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
96479da6ad9d921d875e7be29fe1bfa127be8069	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add generic preCall and postCall checks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159562 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
69f87c956b3ac2b80124fd9604af012e1061473a	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use CallEvent for inlining and call default-evaluation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159560 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
740d490593e0de8732a697c9f77b90ddd463863b	02-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a new abstraction over all types of calls: CallEvent This is intended to replace CallOrObjCMessage, and is eventually intended to be used for anything that cares more about /what/ is being called than /how/ it's being called. For example, inlining destructors should be the same as inlining blocks, and checking __attribute__((nonnull)) should apply to the allocator calls generated by operator new. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2	23-Jun-2012	Ted Kremenek <kremenek@apple.com>	Implement initial static analysis inlining support for C++ methods. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
144e52be486a3906aec90c51b0ac94a30313152e	02-Jun-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix lack of coverage after empty inlined function. We should not stop exploring the path after we return from an empty function. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157859 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
7fa9b4f258636d89342eda28f21a986c8ac353b1	01-Jun-2012	Ted Kremenek <kremenek@apple.com>	static analyzer: add inlining support for directly called blocks. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
591b5f53c0e11d87401b4804bb1be1a53f95c619	19-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] For locations, use isGLValue() instead of isLValue(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157088 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
aca0ac58d2ae80d764e3832456667d7322445e0c	04-May-2012	Anna Zaks <ganna@apple.com>	[analyzer] Allow pointers escape through calls containing callback args. (Since we don't have a generic pointer escape callback, modify ExprEngineCallAndReturn as well as the malloc checker.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156134 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
0b3ade86a1c60cf0c7b56aa238aff458eb7f5974	20-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Run remove dead bindings right before leaving a function. This is needed to ensure that we always report issues in the correct function. For example, leaks are identified when we call remove dead bindings. In order to make sure we report a callee's leak in the callee, we have to run the operation in the callee's context. This change required quite a bit of infrastructure work since: - We used to only run remove dead bindings before a given statement; here we need to run it after the last statement in the function. For this, we added additional Program Point and special mode in the SymbolReaper to remove all symbols in context lower than the current one. - The call exit operation turned into a sequence of nodes, which are now guarded by CallExitBegin and CallExitEnd nodes for clarity and convenience. (Sorry for the long diff.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155244 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
01561d1039bfdda61edd20eed939011a8632c7c7	17-Apr-2012	Ted Kremenek <kremenek@apple.com>	Change ExprEngine::shouldInlineDecl() to be defensive in checking if the CFG of the callee is valid. Fixes <rdar://problem/11257631>. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154896 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e62f048960645b79363408fdead53fec2a063c52	03-Apr-2012	Anna Zaks <ganna@apple.com>	[analyzer] Record the basic blocks covered by the analyzes run. Store this info inside the function summary generated for all analyzed functions. This is useful for coverage stats and can be helpful for analyzer state space search strategies. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153923 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
d9b795524eb3dc035523f82f135d0a8adf15cd72	02-Apr-2012	Ted Kremenek <kremenek@apple.com>	Fix potential null dereference in the static analyzer when inlining a call that has already been inlined. Unfortunately I have no test case. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153900 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
4a5f724538cbc275370c9504e8169ce92503256c	01-Apr-2012	Benjamin Kramer <benny.kra@googlemail.com>	Analyzer: Store BugReports directly in a ilist instead of adding another layer of inderection with std::list git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153847 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
62a5c34ddc54696725683f6c5af1c8e1592c5c38	30-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer]Malloc,RetainRelease: Allow pointer to escape via NSMapInsert. Fixes a false positive (radar://11152419). The current solution of adding the info into 3 places is quite ugly. Pending a generic pointer escapes callback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153731 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
3bbd8cd831788c506f2980293eb3c7e1b3ca2501	30-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not inline functions which previously reached max block count. This is an optimization for "retry without inlining" option. Here, if we failed to inline a function due to reaching the basic block max count, we are going to store this information and not try to inline it again in the translation unit. This can be viewed as a function summary. On sqlite, with this optimization, we are 30% faster then before and cover 10% more basic blocks (partially because the number of times we reach timeout is decreased by 20%). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153730 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
5903a373db3d27794c90b25687e0dd6adb0e497d	27-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add an option to re-analyze a dead-end path without inlining. The analyzer gives up path exploration under certain conditions. For example, when the same basic block has been visited more than 4 times. With inlining turned on, this could lead to decrease in code coverage. Specifically, if we give up inside the inlined function, the rest of parent's basic blocks will not get analyzed. This commit introduces an option to enable re-run along the failed path, in which we do not inline the last inlined call site. This is done by enqueueing the node before the processing of the inlined call site with a special policy encoded in the state. The policy tells us not to inline the call site along the path. This lead to ~10% increase in the number of paths analyzed. Even though we expected a much greater coverage improvement. The option is turned off by default for now. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153534 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
514f2c9dcb9e04b52929c5b141a6fe88bd68b33f	23-Mar-2012	Ted Kremenek <kremenek@apple.com>	Avoid applying retain/release effects twice in RetainCountChecker when a function call was inlined (i.e., we do not need to apply summaries in such cases). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153309 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
6cc0969ab37c614d6cf496f2ed6d2fca397a0133	13-Mar-2012	Anna Zaks <ganna@apple.com>	[analyser] Refactor shouldInline logic into a helper. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@152677 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8235f9c9c8b3d1737d1c6bd57f7ba3f616b92392	02-Mar-2012	Anna Zaks <ganna@apple.com>	[analyzer] Bound the size of the functions being inlined + provide command line options for inlining tuning. This adds the option for stack depth bound as well as function size bound. + minor doxygenification git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151930 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
b2c60b04a597cc5ba4154837cf8e0a155a376fd7	01-Mar-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Move llvm/ADT/SaveAndRestore.h -> llvm/Support/SaveAndRestore.h. Needs llvm update. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151829 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ca23eb212c78ac5bc62d0881635579dbe7095639	29-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Malloc: A pointer might escape through CFContainers APIs, funopen, setvbuf. Teach the checker and the engine about these APIs to resolve malloc false positives. As I am adding more of these APIs, it is clear that all this should be factored out into a separate callback (for example, region escapes). Malloc, KeyChainAPI and RetainRelease checkers could all use it. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151737 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
07d39a479cf8f20294407e749f9933da34ebecb7	28-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Fix Malloc False Positive (PR 12100) When allocated buffer is passed to CF/NS..NoCopy functions, the ownership is transfered unless the deallocator argument is set to 'kCFAllocatorNull'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151608 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
d45d361f2ce5c37824052357e2218e8a5509eba5	27-Feb-2012	Argyrios Kyrtzidis <akyrtzi@gmail.com>	Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h" to make it more widely available. Depends on llvm commit r151564 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151566 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e55b03a6e44b99c1cd77b8ea5e4d836c28948904	24-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] We were silently stopping exploring the path after visiting 'return;' statement! This most likely caused us to skip a bunch of code when analyzing with inlining. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151368 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
0d389b819c33bdf0375694a8f141c8f02e002b18	23-Feb-2012	Anna Zaks <ganna@apple.com>	[analyzer] Invalidate the region passed to pthread_setspecific() call. Make this call an exception in ExprEngine::invalidateArguments: 'int pthread_setspecific(ptheread_key k, const void )' stores a value into thread local storage. The value can later be retrieved with 'void ptheread_getspecific(pthread_key)'. So even thought the parameter is 'const void *', the region escapes through the call. (Here we just blacklist the call in the ExprEngine's default logic. Another option would be to add a checker which evaluates the call and triggers the call to invalidate regions.) Teach the Malloc Checker, which treats all system calls as safe about the API. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151220 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
3133f79cf451e6302dd05262b4bb53a3e4fd6300	18-Feb-2012	Ted Kremenek <kremenek@apple.com>	Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
10520d76044e8fff71d414f30c21b449fd104960	09-Feb-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Proactively avoid inlining vararg functions and blocks until we properly support them. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150207 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
8bef8238181a30e52dea380789a7e2d760eac532	26-Jan-2012	Ted Kremenek <kremenek@apple.com>	Change references to 'const ProgramState *' to typedef 'ProgramStateRef'. At this point this is largely cosmetic, but it opens the door to replace ProgramStateRef with a smart pointer that more eagerly acts in the role of reclaiming unused ProgramState objects. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
0849ade4bb3e90c2fc0ce01ccd330f76f91da732	12-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
256ef642f8feef22fd53be7efa868e8e34752eed	11-Jan-2012	Ted Kremenek <kremenek@apple.com>	Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls. My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders and re-evaluating how C++ calls are handled in the CFG. The hope is to turn inlining "on-by-default" as soon as possible with a core set of things working well, and then expand over time. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147904 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
3070e13dca5bbefa32acb80ce4a7b217a6220983	07-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove CallEnterNodeBuilder and simplify ExprEngine::processCallEnter(). This removes analysis of other translation units, but that was an experimental feature anyway that we will revisit later. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147705 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
242384ddb0e0b65dd7e9e0ac0cf3c31cf98b06a6	07-Jan-2012	Ted Kremenek <kremenek@apple.com>	Correctly enqueue successors in ExprEngine::processCallExit(). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147698 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
894212e9510299abb203801e014fec76b7926a05	07-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Remove CallExitNodeBuilder, and have ExprEngine::processCallExit() do the work manually. This is a nice simplification. Along the way, fix Exprengine::processCallExit() to also perform the postStmt callback for checkers for CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147697 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
5eca482fe895ea57bc82410222e6426c09e63284	06-Jan-2012	Ted Kremenek <kremenek@apple.com>	[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from (Stmt,LocationContext) pairs to SVals instead of Stmt* to SVals. This is needed to support basic IPA via inlining. Without this, we cannot tell if a Stmt* binding is part of the current analysis scope (StackFrameContext) or part of a parent context. This change introduces an uglification of the use of getSVal(), and thus takes two steps forward and one step back. There are also potential performance implications of enlarging the Environment. Both can be addressed going forward by refactoring the APIs and optimizing the internal representation of Environment. This patch mainly introduces the functionality upon when we want to build upon (and clean up). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
eb31a76d1cdaaf8874c549dc6bd964ff270d3822	05-Jan-2012	Anna Zaks <ganna@apple.com>	[analyzer] Be less pessimistic about invalidation of global variables as a result of a call. Problem: Global variables, which come in from system libraries should not be invalidated by all calls. Also, non-system globals should not be invalidated by system calls. Solution: The following solution to invalidation of globals seems flexible enough for taint (does not invalidate stdin) and should not lead to too many false positives. We split globals into 3 classes: * immutable - values are preserved by calls (unless the specific global is passed in as a parameter): A : Most system globals and const scalars * invalidated by functions defined in system headers: B: errno * invalidated by all other functions (note, these functions may in turn contain system calls): B: errno C: all other globals (which are not in A nor B) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
2cbe791d3e9b26f30196c4852da75d9ad67b4ad9	20-Dec-2011	Anna Zaks <ganna@apple.com>	[analyzer] Do not invalidate arguments when the parameter's type is a pointer to const. (radar://10595327) The regions corresponding to the pointer and reference arguments to a function get invalidated by the calls since a function call can possibly modify the pointed to data. With this change, we are not going to invalidate the data if the argument is a pointer to const. This change makes the analyzer more optimistic in reporting errors. (Support for C, C++ and Obj C) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147002 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
2e9264a17bacc7dc228d5f93caaeb98dfb23d508	25-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Remove unused headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142945 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
aa0aeb1cbe117db68d35700cb3a34aace0f99b99	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Node builders cleanup + comments Renamed PureNodeBuilder->StmtNodeBuilder. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142849 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
056c4b46335a3bd2612414735d5749ee159c0165	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Completely remove the global Builder object. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142847 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
ebae6d0209e1ec3d5ea14f9e63bd0d740218ed14	24-Oct-2011	Anna Zaks <ganna@apple.com>	[analyzer] Convert ExprEngine::visit() to use short lived builders. This commit removes the major functional dependency on the ExprEngine::Builder member variable. In some cases the code became more verbose. Particularly, we call takeNodes() and addNodes() to move responsibility for the nodes from one builder to another. This will get simplified later on. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@142831 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
fe27971d54d26997149d6b84057f04ff398d1d5d	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Eliminate almost all uses of TransferFuncs from ExprEngine. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138719 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
e38dd95dddb8f1b38469c8d0e28aa1c660489324	28-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Migrate argument invalidation from CFRefCount to ExprEngine. This is a common path for function and C++ method calls, Objective-C messages and property accesses, and C++ construct-exprs. As support, add message receiver accessors to ObjCMessage and CallOrObjCMessage. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138718 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
500abad7edfcc2409b18dd616cdbc28a094926f5	21-Aug-2011	Jordy Rose <jediknil@belkadan.com>	[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138220 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
294fd0a62b95f512637910bf85c7efa6c2354b50	20-Aug-2011	Ted Kremenek <kremenek@apple.com>	Start partitioning ExprEngine.cpp into separate .cpp files that handle different parts of the analysis (e.g., analysis of C expressions, analysis of Objective-C expressions, and so on). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138194 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp