History log of /external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 29-May-2014 Stephen Hines <srhines@google.com> Update Clang for 3.5 rebase (r209713).

Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
651f13cea278ec967336033dd032faef0e9fc2ec 24-Apr-2014 Stephen Hines <srhines@google.com> Updated to Clang 3.5a.

Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1dc31f5ead63d7197edf6f34a7821b93ea6698a1 23-Oct-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Generate a LazyCompoundVal when loading from a union-typed region.

This ensures that variables accessible through a union are invalidated when
the union value is passed to a function. We still don't fully handle union
values, but this should at least quiet some false positives.

PR16596

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@193265 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
eac8c45f0d6528a21e68bf2651c3082d8e44132e 25-Sep-2013 NAKAMURA Takumi <geek4civic@gmail.com> StaticAnalyzer/Core/RegionStore.cpp: Prune one last "\param IsConst", as fixup to r191342. [-Wdocumentation]

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191360 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8 25-Sep-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future.
With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters.

This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
d8dfae602d7b2e42b0eef6b1e7779c96833f83c1 11-Sep-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle zeroing constructors for fields of structs with empty bases.

RegionStore tries to protect against accidentally initializing the same
region twice, but it doesn't take subregions into account very well. If
the outer region being initialized is a struct with an empty base class,
the offset of the first field in the struct will be 0. When we initialize
the base class, we may invalidate the contents of the struct by providing
a default value of Unknown (or some new symbol). We then go to initialize
the member with a zeroing constructor, only to find that the region at
that offset in the struct already has a value. The best we can do here is
to invalidate that value and continue; neither the old default value nor
the new 0 is correct for the entire struct after the member constructor call.

The correct solution for this is to track region extents in the store.

<rdar://problem/14914316>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190530 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
bf3d71e85f7449161a414c2ec3410e60394bf38a 30-Aug-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Treat the rvalue of a forward-declared struct as Unknown.

This will never happen in the analyzed code code, but can happen for checkers
that over-eagerly dereference pointers without checking that it's safe.
UnknownVal is a harmless enough value to get back.

Fixes an issue added in r189590, caught by our internal buildbot.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3c114f704a882f6923d6107f22aab89ba3d0a6b5 29-Aug-2013 Pavel Labath <labath@google.com> [analyzer] Fix handling of "empty" structs with base classes

Summary:
RegionStoreManager had an optimization which replaces references to empty
structs with UnknownVal. Unfortunately, this check didn't take into account
possible field members in base classes.

To address this, I changed this test to "is empty and has no base classes". I
don't consider it worth the trouble to go through base classes and check if all
of them are empty.

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1547

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189590 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
df70700f5aa5744d7f70fb3e6610ff434f643a71 17-Jul-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle C string default values for const char * arguments.

Previously, SValBuilder knew how to evaluate StringLiterals, but couldn't
handle an array-to-pointer decay for constant values. Additionally,
RegionStore was being too strict about loading from an array, refusing to
return a 'char' value from a 'const char' array. Both of these have been
fixed.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@186520 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
7f1fd2f182717d5ce6cde60398128910c90f98be 29-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Use the expression’s type instead of region’s type in ArrayToPointer decay evaluation

This gives slightly better precision, specifically, in cases where a non-typed region represents the array
or when the type is a non-array type, which can happen when an array is a result of a reinterpret_cast.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182810 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3056439bb175db8c46b89fb4385de8b3a8e42d0d 29-May-2013 Anna Zaks <ganna@apple.com> [analyzer] Re-enable reasoning about CK_LValueBitCast

It’s important for us to reason about the cast as it is used in std::addressof. The reason we did not
handle the cast previously was a crash on a test case (see commit r157478). The crash was in
processing array to pointer decay when the region type was not an array. Address the issue, by
just returning an unknown in that case.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
00ffb8079b14cade816d8f668675e853e613dee0 06-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Remove now-unused bindCompoundLiteral helper function.

The one user has been changed to use getLValue on the compound literal
expression and then use the normal bindLoc to assign a value. No need
to special case this in the StoreManager.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@181214 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e2b1246a24e8babf2f58c93713fba16b8edb8e2d 02-May-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Consolidate constant evaluation logic in SValBuilder.

Previously, this was scattered across Environment (literal expressions),
ExprEngine (default arguments), and RegionStore (global constants). The
former special-cased several kinds of simple constant expressions, while
the latter two deferred to the AST's constant evaluator.

Now, these are all unified as SValBuilder::getConstantVal(). To keep
Environment fast, the special cases for simple constant expressions have
been left in, but the main benefits are that (a) unusual constants like
ObjCStringLiterals now work as default arguments and global constant
initializers, and (b) we're not duplicating code between ExprEngine and
RegionStore.

This actually caught a bug in our test suite, which is awesome: we stop
tracking allocated memory if it's passed as an argument along with some
kind of callback, but not if the callback is 0. We were testing this in
a case where the callback parameter had a default value, but that value
was 0. After this change, the analyzer now (correctly) flags that as a
leak!

<rdar://problem/13773117>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180894 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e0262e25206bef1d7efb0cb2f37abd1e42ada4cb 24-Apr-2013 Anton Yartsev <anton.yartsev@gmail.com> [analyzer] Refactoring + explanatory comment.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@180181 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
258277d5a922e06ef523f7805900689b680ddc7d 18-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] "Force" LazyCompoundVals on bind when they are simple enough.

The analyzer uses LazyCompoundVals to represent rvalues of aggregate types,
most importantly structs and arrays. This allows us to efficiently copy
around an entire struct, rather than doing a memberwise load every time a
struct rvalue is encountered. This can also keep memory usage down by
allowing several structs to "share" the same snapshotted bindings.

However, /lookup/ through LazyCompoundVals can be expensive, especially
since they can end up chaining back to the original value. While we try
to reuse LazyCompoundVals whenever it's safe, and cache information about
this transitivity, the fact is it's sometimes just not a good idea to
perpetuate LazyCompoundVals -- the tradeoffs just aren't worth it.

This commit changes RegionStore so that binding a LazyCompoundVal to struct
will do a memberwise copy if the struct is simple enough. Today's definition
of "simple enough" is "up to N scalar members" (see below), but that could
easily be changed in the future. This is enough to bring the test case in
PR15697 back down to a manageable analysis time (within 20% of its original
time, in an unfair test where the new analyzer is not compiled with LTO).

The actual value of "N" is controlled by a new -analyzer-config option,
'region-store-small-struct-limit'. It defaults to "2", meaning structs with
zero, one, or two scalar members will be considered "simple enough" for
this code path.

It's worth noting that a more straightforward implementation would do this
on load, not on bind, and make use of the structure we already have for this:
CompoundVal. A long time ago, this was actually how RegionStore modeled
aggregate-to-aggregate copies, but today it's only used for compound literals.
Unfortunately, it seems that we've special-cased LazyCompoundVal in certain
places (such as liveness checks) but failed to similarly special-case
CompoundVal in all of them. Until we're confident that CompoundVal is
handled properly everywhere, this solution is safer, since the entire
optimization is just an implementation detail of RegionStore.

<rdar://problem/13599304>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179767 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
b93fc8ebed158ed5516fd85d11e89fffaf80622b 15-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Be lazy about struct/array global invalidation too.

Structs and arrays can take advantage of the single top-level global
symbol optimization (described in the previous commit) just as well
as scalars.

No intended behavioral change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179555 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
262e0d41e49c6b823d62743535e2accb117a6ea9 15-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Re-enable using global regions as a symbolic base.

Now that we're invalidating global regions properly, we want to continue
taking advantage of a particular optimization: if all global regions are
invalidated together, we can represent the bindings of each region with
a "derived region value" symbol. Essentially, this lazily links each
global region with a single symbol created at invalidation time, rather
than binding each region with a new symbolic value.

We used to do this, but haven't been for a while; the previous commit
re-enabled this code path, and this handles the fallout.

<rdar://problem/13464044>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e0208ff84598f48e0aafecf5b543afeff8574045 15-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Properly invalidate global regions on opaque function calls.

This fixes a regression where a call to a function we can't reason about
would not actually invalidate global regions that had explicit bindings.

void test_that_now_works() {
globalInt = 42;
clang_analyzer_eval(globalInt == 42); // expected-warning{{TRUE}}

invalidateGlobals();
clang_analyzer_eval(globalInt == 42); // expected-warning{{UNKNOWN}}
}

This has probably been around since the initial "cluster" refactoring of
RegionStore, if not longer.

<rdar://problem/13464044>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179553 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
a5796f87229b4aeebca71fa6ee1790ae7a5a0382 09-Apr-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Replace isIntegerType() with isIntegerOrEnumerationType().

Previously, the analyzer used isIntegerType() everywhere, which uses the C
definition of "integer". The C++ predicate with the same behavior is
isIntegerOrUnscopedEnumerationType().

However, the analyzer is /really/ using this to ask if it's some sort of
"integrally representable" type, i.e. it should include C++11 scoped
enumerations as well. hasIntegerRepresentation() sounds like the right
predicate, but that includes vectors, which the analyzer represents by its
elements.

This commit audits all uses of isIntegerType() and replaces them with the
general isIntegerOrEnumerationType(), except in some specific cases where
it makes sense to exclude scoped enumerations, or any enumerations. These
cases now use isIntegerOrUnscopedEnumerationType() and getAs<BuiltinType>()
plus BuiltinType::isInteger().

isIntegerType() is hereby banned in the analyzer - lib/StaticAnalysis and
include/clang/StaticAnalysis. :-)

Fixes real assertion failures. PR15703 / <rdar://problem/12350701>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3d3fb9078f0112fa51d8d9862221f5544c5c80e7 03-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix typo.

Thanks Jordan!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178683 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
658a28479dd775f6ff2c07fa5699a7ea01e04127 02-Apr-2013 Anna Zaks <ganna@apple.com> [analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated

Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore
about processing LazyCompoundVal as a top-level “escaping” value.

This addresses several false positives that get triggered by the NewDelete checker, but the
underlying issue is reproducible with other checkers as well (for example, MallocChecker).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
41988f331a74a72cf243a2a68ffb56418e9a174e 29-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape

Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.

This should suppress several false positives reported by the NewDelete checker on llvm codebase.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178310 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
df5f80f8a34e26a4fb77f48f858c7838426a0785 26-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] micro optimization as per Jordan’s feedback on r177905.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178062 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5db8fac5f304d9973f724d5aeb4108367d36f781 25-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Set concrete offset bindings to UnknownVal when processing symbolic offset binding, even if no bindings are present.

This addresses an undefined value false positive from concreteOffsetBindingIsInvalidatedBySymbolicOffsetAssignment.

Fixes PR14877; radar://12991168.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177905 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
683d25656f28937f78c815f70545139c432f1ff3 23-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Correct the stale comment.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177788 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
aa5573364b79bf4d85380aaec59cae2eeefcb322 20-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Appease buildbots: include template arguments in base class ref.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177583 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
f8e2c06cea1548c437761cb65cfbf97d50a057a7 20-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't invalidate globals when there's no call involved.

This fixes some mistaken condition logic in RegionStore that caused
global variables to be invalidated when /any/ region was invalidated,
rather than only as part of opaque function calls. This was only
being used by CStringChecker, and so users will now see that strcpy()
and friends do not invalidate global variables.

Also, add a test case we don't handle properly: explicitly-assigned
global variables aren't being invalidated by opaque calls. This is
being tracked by <rdar://problem/13464044>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177572 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66 20-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Invalidate regions indirectly accessible through const pointers.

In this case, the value of 'x' may be changed after the call to indirectAccess:

struct Wrapper {
int *ptr;
};

void indirectAccess(const Wrapper &w);

void test() {
int x = 42;
Wrapper w = { x };

clang_analyzer_eval(x == 42); // TRUE
indirectAccess(w);
clang_analyzer_eval(x == 42); // UNKNOWN
}

This is important for modelling return-by-value objects in C++, to show
that the contents of the struct are escaping in the return copy-constructor.

<rdar://problem/13239826>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9f3495aeaa24da4eacf8f6c274adcef65e2f3617 19-Mar-2013 Anna Zaks <ganna@apple.com> [analyzer] Do not believe lazy binding when symbolic region types do not match

This fixes a crash when analyzing LLVM that was exposed by r177220 (modeling of
trivial copy/move assignment operators).

When we look up a lazy binding for “Builder”, we see the direct binding of Loc at offset 0.
Previously, we believed the binding, which led to a crash. Now, we do not believe it as
the types do not match.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177453 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
d764e20189dbb42b38ada383a0a159f6adc0d56c 02-Mar-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Special-case bitfields when finding sub-region bindings.

Previously we were assuming that we'd never ask for the sub-region bindings
of a bitfield, since a bitfield cannot have subregions. However,
unification of code paths has made that assumption invalid. While we could
take advantage of this by just checking for the single possible binding,
it's probably better to do the right thing, so that if/when we someday
support unions we'll do the right thing there, too.

This fixes a handful of false positives in analyzing LLVM.

<rdar://problem/13325522>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176388 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e33d852452c7008ccd0677aae88f1055cf1a9af1 28-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] RegionStore: collectSubRegionKeys -> collectSubRegionBindings

By returning the (key, value) binding pairs, we save lookups afterwards.
This also enables further work later on.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176230 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
deb8f5d533b7bcd962976ecdbc1464fe754b6de0 27-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] If a struct has a partial lazy binding, its fields aren't Undef.

This is essentially the same problem as r174031: a lazy binding for the first
field of a struct may stomp on an existing default binding for the
entire struct. Because of the way RegionStore is set up, we can't help
but lose the top-level binding, but then we need to make sure that accessing
one of the other fields doesn't come back as Undefined.

In this case, RegionStore is now correctly detecting that the lazy binding
we have isn't the right type, but then failing to follow through on the
implications of that: we don't know anything about the other fields in the
aggregate. This fix adds a test when searching for other kinds of default
values to see if there's a lazy binding we rejected, and if so returns
a symbolic value instead of Undefined.

The long-term fix for this is probably a new Store model; see
<rdar://problem/12701038>.

Fixes <rdar://problem/13292559>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176144 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
fbdbed3bde8577815826b9d15790e5effb913f7b 25-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle reference parameters with default values.

r175026 added support for default values, but didn't take reference
parameters into account, which expect the default argument to be an
lvalue. Use createTemporaryRegionIfNeeded if we can evaluate the default
expr as an rvalue but the expected result is an lvalue.

Fixes the most recent report of PR12915. The original report predates
default argument support, so that can't be it.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176042 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
472b0613ff67e8598ef6a69bb478c721b21a9294 21-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Tidy up a few uses of Optional in RegionStore.

Some that I just added needed conversion to use 'None', others looked
better using Optional<SVal>::create.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175714 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
66874fb18afbffb8b2ca05576851a64534be3352 21-Feb-2013 David Blaikie <dblaikie@gmail.com> Use None rather than Optional<T>() where possible.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175705 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
11f0cae4bf4f62dcc706d33c1f795d460cd64816 21-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Tighten up safety in the use of lazy bindings.

- When deciding if we can reuse a lazy binding, make sure to check if there
are additional bindings in the sub-region.
- When reading from a lazy binding, don't accidentally strip off casts or
base object regions. This slows down lazy binding reading a bit but is
necessary for type sanity when treating one class as another.

A bit of minor refactoring allowed these two checks to be unified in a nice
early-return-using helper function.

<rdar://problem/13239840>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175703 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Include llvm::Optional in clang/Basic/LLVM.h

Post-commit CR feedback from Jordan Rose regarding r175594.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0b9c328bb47b38ef6ff877a42e8a90a31ab0e2e1 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Use op-> directly rather than via Optional<T>::getPointer.

Post-commit CR feedback from Jordan Rose regarding r175594.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175677 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d 20-Feb-2013 David Blaikie <dblaikie@gmail.com> Replace SVal llvm::cast support to be well-defined.

See r175462 for another example/more details.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
206f49966f66ad7cbfe3d37c14fa7e6e7410f3be 20-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Account for the "interesting values" hash table resizing.

RegionStoreManager::getInterestingValues() returns a pointer to a
std::vector that lives inside a DenseMap, which is constructed on demand.
However, constructing one such value can lead to constructing another
value, which will invalidate the reference created earlier.

Fixed by delaying the new entry creation until the function returns.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175582 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
65f991ccbec43b4a860f70594c92528ee8fb7c6f 19-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't accidentally strip off base object regions for lazy bindings.

If a base object is at a 0 offset, RegionStoreManager may find a lazy
binding for the entire object, then try to attach a FieldRegion or
grandparent CXXBaseObjectRegion on top of that (skipping the intermediate
region). We now preserve as many layers of base object regions necessary
to make the types match.

<rdar://problem/13239840>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175556 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
28743b006bd88cd7d0ea97b4f17646f8fc429b89 15-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Cache the bindings accessible through a LazyCompoundVal.

This means we don't have to recompute them all later for every
removeDeadSymbols check.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175233 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
fcfcd80cd1de38fe272e1a8ae8faa3cfb6b2e37e 15-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Tweak LazyCompoundVal reuse check to ignore qualifiers.

This is optimization only; no behavioral change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175231 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0a0f1309d0fbeb0e77edbbc4e0b15cc330c3a28c 15-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Use collectSubRegionKeys to make removeDeadBindings faster.

Previously, whenever we had a LazyCompoundVal, we crawled through the
entire store snapshot looking for bindings within the LCV's region. Now, we
just ask for the subregion bindings of the lazy region and only visit those.

This is an optimization (so no test case), but it may allow us to clean up
more dead bindings than we were previously.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175230 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9d688e219caa37e60975ec8d5bebe74a176c9c2b 15-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Refactor RegionStore's sub-region bindings traversal.

This is going to be used in the next commit.
While I'm here, tighten up assumptions about symbolic offset
BindingKeys, and make offset calculation explicitly handle all
MemRegion kinds.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175228 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
697a68590a75f5cd2326c8f686a6c666b51688b6 14-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Try constant-evaluation for all variables, not just globals.

In C++, constants captured by lambdas (and blocks) are not actually stored
in the closure object, since they can be expanded at compile time. In this
case, they will have no binding when we go to look them up. Previously,
RegionStore thought they were uninitialized stack variables; now, it checks
to see if they are a constant we know how to evaluate, using the same logic
as r175026.

This particular code path is only for scalar variables. Constant arrays and
structs are still unfortunately unhandled; we'll need a stronger solution
for those.

This may have a small performance impact, but only for truly-undefined
local variables, captures in a non-inlined block, and non-constant globals.
Even then, in the non-constant case we're only doing a quick type check.

<rdar://problem/13105553>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175194 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
38f68ef19cb51d5876e9025b5fceb44b33ec9ed7 13-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Use Clang's evaluation for global constants and default arguments.

Previously, we were handling only simple integer constants for globals and
the smattering of implicitly-valued expressions handled by Environment for
default arguments. Now, we can use any integer constant expression that
Clang can evaluate, in addition to everything we handled before.

PR15094 / <rdar://problem/12830437>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175026 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
04870edbea6cf88412c8c9c1eba65f7fc1fa12d9 13-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Use makeZeroVal in RegionStore's lazy evaluation of statics.

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175025 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
978aeac1a90020b2a0ae6c7eb7fe65aa8226f74a 01-Feb-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] Reuse a LazyCompoundVal if its type matches the new region.

This allows us to keep from chaining LazyCompoundVals in cases like this:
CGRect r = CGRectMake(0, 0, 640, 480);
CGRect r2 = r;
CGRect r3 = r2;

Previously we only made this optimization if the struct did not begin with
an aggregate member, to make sure that we weren't picking up an LCV for
the first field of the struct. But since LazyCompoundVals are typed, we can
make that inference directly by comparing types.

This is a pure optimization; the test changes are to guard against possible
future regressions.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174211 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0e450cbd94e5936fdecf42b810069e7becd3938d 31-Jan-2013 Jordan Rose <jordan_rose@apple.com> [analyzer] If a lazy binding is undefined, pretend that it's unknown instead.

This is a hack to work around the fact that we don't track extents for our
default bindings:

CGPoint p;
p.x = 0.0;
p.y = 0.0;
rectParam.origin = p;
use(rectParam.size); // warning: uninitialized value in rectParam.size.width

In this case, the default binding for 'p' gets copied into 'rectParam',
because the 'origin' field is at offset 0 within CGRect. From then on,
rectParam's old default binding (in this case a symbol) is lost.

This patch silences the warning by pretending that lazy bindings are never
made from uninitialized memory, but not only is that not true, the original
default binding is still getting overwritten (see FIXME test cases).
The long-term solution is tracked in <rdar://problem/12701038>

PR14765 and <rdar://problem/12875012>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174031 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5255f27362ffbfedea889870bf8d5812dae97553 31-Jan-2013 Anna Zaks <ganna@apple.com> [analyzer] Fix a bug in region store that lead to undefined value false
positives.

The includeSuffix was only set on the first iteration through the
function, resulting in invalid regions being produced by getLazyBinding
(ex: zoomRegion.y).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174016 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
cfa88f893915ceb8ae4ce2f17c46c24a4d67502f 12-Jan-2013 Dmitri Gribenko <gribozavr@gmail.com> Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
beac9e3772e255f89dad0abe34811953121912b2 09-Jan-2013 Ted Kremenek <kremenek@apple.com> Do not model loads from complex types, since we don't accurately model the imaginary and real parts yet.

Fixes false positive reported in <rdar://problem/12964481>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171987 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
bf53dfac8195835028bd6347433f7dbebcc29fc1 20-Dec-2012 Anna Zaks <ganna@apple.com> [analyzer] Add the pointer escaped callback.

Instead of using several callbacks to identify the pointer escape event,
checkers now can register for the checkPointerEscape.

Converted the Malloc checker to use the new callback.
SimpleStreamChecker will be converted next.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
b0abacf2f1f77214e4c77d6ec8a02b097bb98f7a 14-Dec-2012 Ted Kremenek <kremenek@apple.com> Refactor dump methods to make RegionBindingsRef printable in the debugger.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170170 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
18f860ee6cc43c8fc80834073b097eb5c02b22cf 07-Dec-2012 Ted Kremenek <kremenek@apple.com> Reduce conversions between Store <-> ImmutableMapRef in RegionStore.

This reduces canonicalization of ImmutableMaps. This reduces analysis time
of one heavy Objective-C file by another 1%.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169630 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0c312a90c5b9d27e1425bf8d0448e133a97806ce 07-Dec-2012 Ted Kremenek <kremenek@apple.com> Add helper method to convert from a RegionStoreRefBindings to a Store.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169622 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
23dca7d88f3e9a7925bfb2c5449499900c906633 07-Dec-2012 Ted Kremenek <kremenek@apple.com> Further reduce analysis time by 0.2% on a heavy Objective-C example by avoiding over-eager canonicalization of clusters.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169586 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
75191fdbc3d3eec5f3447b285acf6cfcc2054b25 07-Dec-2012 David Blaikie <dblaikie@gmail.com> Unbreak the GCC (4.4 & other bot) builds from r169571.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169581 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
29f5ccd7ef9bc066cb5894834945eaad2c4c7e53 07-Dec-2012 Ted Kremenek <kremenek@apple.com> Change RegionStore to always use ImmutableMapRef for processing cluster bindings.

This reduces analysis time by 1.2% on one test case (Objective-C), but
also cleans up some of the code conceptually as well. We can possible
just make RegionBindingsRef -> RegionBindings, but I wanted to stage
things.

After this, we should revisit Jordan's optimization of not canonicalizing
the immutable AVL trees for the cluster bindings as well.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169571 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
14491490a5276ff4da9b28100fb8e7d442944288 06-Dec-2012 Ted Kremenek <kremenek@apple.com> Revert "[analyzer] Aggressively cut back on the canonicalization in RegionStore."

Jordan and I discussed this, and we are going to do this another way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169538 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
426cc12317468d42ba4e603731ebe5971af098a6 06-Dec-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Aggressively cut back on the canonicalization in RegionStore.

Whenever we touch a single bindings cluster multiple times, we can delay
canonicalizing it until the final access. This has some interesting
implications, in particular that we shouldn't remove an /empty/ cluster
from the top-level map until canonicalization.

This is good for a 2% speedup or so on the test case in
<rdar://problem/12810842>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169523 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e3ce2c10c3f6ae7b26700d758de909deab190d42 06-Dec-2012 Ted Kremenek <kremenek@apple.com> Only provide explicit getCapturedRegion() and getOriginalRegion() from referenced_vars_iterator.

This is a nice conceptual cleanup.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169480 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
2fa67efeaf66a9332c30a026dc1c21bef6c33a6c 01-Dec-2012 Benjamin Kramer <benny.kra@googlemail.com> Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.

Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169092 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3881866dc782c5e13b21031bd363e93fbf367167 28-Nov-2012 Ted Kremenek <kremenek@apple.com> Remove workaround in RegionStore in r168741 since it is handled more generally by r168757.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168774 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
bd8a11e224c3ec6cbc4bb9b1fc70a8aa3a633e43 28-Nov-2012 Ted Kremenek <kremenek@apple.com> Provide stop-gap solution to crash reported in PR 14436.

This was also covered by <rdar://problem/12753384>. The static analyzer
evaluates a CXXConstructExpr within an initializer expression and
RegionStore doesn't know how to handle the resulting CXXTempObjectRegion
that gets created. We need a better solution than just dropping the
value, but we need to better understand how to implement the right
semantics here.

Thanks to Jordan for his help diagnosing the behavior here.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168741 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
4e674f77150b52d8e6ae82faf64fbdac79d675d3 10-Nov-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] When invalidating symbolic offset regions, take fields into account.

Previously, RegionStore was being VERY conservative in saying that because
p[i].x and p[i].y have a concrete base region of 'p', they might overlap.
Now, we check the chain of fields back up to the base object and check if
they match.

This only kicks in when dealing with symbolic offset regions because
RegionStore's "base+offset" representation of concrete offset regions loses
all information about fields. In cases where all offsets are concrete
(s.x and s.y), RegionStore will already do the right thing, but mixing
concrete and symbolic offsets can cause bindings to be invalidated that
are known to not overlap (e.g. p[0].x and p[i].y).
This additional refinement is tracked by <rdar://problem/12676180>.

<rdar://problem/12530149>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167654 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
8501b7a1c4c4a9ba0ea6cb8e500e601ef3759deb 03-Nov-2012 Anna Zaks <ganna@apple.com> [analyzer] Run remove dead on end of path.

This will simplify checkers that need to register for leaks. Currently,
they have to register for both: check dead and check end of path.

I've modified the SymbolReaper to consider everything on the stack dead
if the input StackLocationContext is 0.

(This is a bit disruptive, so I'd like to flash out all the issues
asap.)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167352 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
aa66b08d2d8bbf05bae8c68f58724f754ab57b35 03-Oct-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Push evalDynamicCast and evalDerivedToBase up to Store.

These functions are store-agnostic, and would benefit from information in
DynamicTypeInfo but gain nothing from the store type.

No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165078 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
041ce8e00afd1185549a25d5c2b97d219ae032d9 03-Oct-2012 Jordan Rose <jordan_rose@apple.com> Teach getCXXRecordDeclForPointerType about references.

Then, rename it getPointeeCXXRecordDecl and give it a nice doc comment,
and actually use it.

No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165077 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
732cdf383f9030ff2b9fb28dfbdae2285ded80c6 26-Sep-2012 Ted Kremenek <kremenek@apple.com> Remove unnecessary ASTContext& parameter from SymExpr::getType().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164661 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
f6d05bbedd482e634507a099e3416fa05cbc0e78 08-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Symbolic regions are live if any subregions are live.

RegionStoreManager was only treating a SymbolicRegion's symbel as live
if there was a binding referring to the region itself.

No test case because constraints are currently not being cleaned out
of the constraint manager at all (even if the symbol is legitimately dead).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163443 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
31ba6135375433b617a8587ea6cc836a014ebd86 06-Sep-2012 Roman Divacky <rdivacky@freebsd.org> Dont cast away const needlessly. Found by gcc48 -Wcast-qual.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163325 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
4e45dba1c0234eec7b7c348dbbf568c5ac9fc471 05-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Clean up a couple uses of getPointeeType().

No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163219 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
fd11957f02da689480618d5fc642ef14164e9cdc 05-Sep-2012 Jordan Rose <jordan_rose@apple.com> Revert "[analyzer] Treat all struct values as regions (even rvalues)."

This turned out to have many implications, but what eventually seemed to
make it unworkable was the fact that we can get struct values (as
LazyCompoundVals) from other places besides return-by-value function calls;
that is, we weren't actually able to "treat all struct values as regions"
consistently across the entire analyzer core.

Hopefully we'll be able to come up with an alternate solution soon.

This reverts r163066 / 02df4f0aef142f00d4637cd851e54da2a123ca8e.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163218 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
02df4f0aef142f00d4637cd851e54da2a123ca8e 01-Sep-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Treat all struct values as regions (even rvalues).

This allows us to correctly symbolicate the fields of structs returned by
value, as well as get the proper 'this' value for when methods are called
on structs returned by value.

This does require a moderately ugly hack in the StoreManager: if we assign
a "struct value" to a struct region, that now appears as a Loc value being
bound to a region of struct type. We handle this by simply "dereferencing"
the struct value region, which should create a LazyCompoundVal.

This should fix recent crashes analyzing LLVM and on our internal buildbot.

<rdar://problem/12137950>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163066 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
ad0fe03b897f9486191e75c8d90c3ffa9b4fd6a5 23-Aug-2012 Ted Kremenek <kremenek@apple.com> Fix an assortment of doxygen comment issues found by -Wdocumentation.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162412 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
56a46b51df691f857f7120aaf2d4deeff0b014de 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'unbindLoc()' (in ProgramState) and 'Remove()' to
'killBinding()'. The name is more specific, and one just forwarded
to the other.

Add some doxygen comments along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162350 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3b1df8bb941a18c4a7256d7cfcbccb9de7e39995 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'getConjuredSymbol*' to 'conjureSymbol*'.

No need to have the "get", the word "conjure" is a verb too!
Getting a conjured symbol is the same as conjuring one up.

This shortening is largely cosmetic, but just this simple changed
cleaned up a handful of lines, making them less verbose.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162348 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
32a549a64922af0903bdb777613ae7ae4490b70f 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Remove Store::bindDecl() and Store::bindDeclWithNoInit(), and
all forwarding methods.

This functionality is already covered by bindLoc().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162346 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5be88dc79d2768d67371103b6535fb8c4a6f27a1 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Rename 'BindCompoundLiteral' to 'bindCompoundLiteral' and
add doxygen comments.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162345 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
ab9c04fda542d096c667d6a3746d94c884f80e7b 22-Aug-2012 Ted Kremenek <kremenek@apple.com> Consilidate SmallPtrSet count() followed by insert() into a single insert().

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162330 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0a5629812019ce8bef86ade5425ac261bb544fd8 14-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Handle dynamic_casts that turn out to be upcasts.

This can occur with multiple inheritance, which jumps from one parent to
the other, and with virtual inheritance, since virtual base regions always
wrap the actual object and can't be nested within other base regions.

This also exposed some incorrect logic for multiple inheritance: even if B
is known not to derive from C, D might still derive from both of them.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
b11a3ada9a22e146c6edd33bcc6301e221fedd7a 14-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts.

...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class.

This allows us to enforce the invariant that a CXXBaseObjectRegion can always
provide an offset for its base region if its base region has a known class
type, by only allowing virtual bases and direct non-virtual bases to form
CXXBaseObjectRegions.

This does mean some slight problems for our modeling of dynamic_cast, which
needs to be resolved by finding a path from the current region to the class
we're trying to cast to.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
d1a4f68a4301d1ee3098cc9db0cd507b96dd1bee 10-Aug-2012 Benjamin Kramer <benny.kra@googlemail.com> Fix a couple of pedantic gcc warnings.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161656 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5ad76c073e1822d11901a8552c6aa9372038b5f0 10-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Merge RegionStore's KillStruct and CopyLazyBindings: BindAggregate.

Both methods need to clear out existing bindings and provide a new default
binding. Originally KillStruct always provided UnknownVal as the default,
but it's allowed symbolic values for quite some time (for handling returned
structs in C).

No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161637 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1e934431adba0f459668a59c6059b9596fd627b4 10-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Cluster bindings in RegionStore by base region.

This should speed up activities that need to access bindings by cluster,
such as invalidation and dead-bindings cleaning. In some cases all we save
is the cost of building the region cluster map, but other times we can
actually avoid traversing the rest of the store.

In casual testing, this produced a speedup of nearly 10% analyzing SQLite,
with /less/ memory used.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161636 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
824e07ac8f5c9efdddb4254de0203b9675b1ef0b 10-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Cache the "concrete offset base" for regions with symbolic offsets.

This makes it faster to access and invalidate bindings with symbolic offsets
by only computing this information once.

No intended functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161635 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e0d24eb1060a213ec9820dc02c45f26b2d5b348b 08-Aug-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Revamp RegionStore to distinguish regions with symbolic offsets.

RegionStore currently uses a (Region, Offset) pair to describe the locations
of memory bindings. However, this representation breaks down when we have
regions like 'array[index]', where 'index' is unknown. We used to store this
as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC).

Furthermore, ProgramState::scanReachableSymbols depended on the existence of
a sub-region map, but RegionStore's implementation doesn't provide for such
a thing. Moving the store-traversing logic of scanReachableSymbols into the
StoreManager allows us to eliminate the notion of SubRegionMap altogether.

This fixes some particularly awkward broken test cases, now in
array-struct-region.c.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161510 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d 26-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
21625c69e88d232e71a3bd4ba9d4bbb484183bf1 18-Jul-2012 Ted Kremenek <kremenek@apple.com> Fix crash in RegionStoreManager::evalDerivedToBase() due to not handling references
(in uses of dynamic_cast<>).

Fixes <rdar://problem/11817693>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160427 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e54cfc7b9990acffd0a8a4ba381717b4bb9f3011 11-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Use CallEvent for building inlined stack frames.

In order to accomplish this, we now build the callee's stack frame
as part of the CallEnter node, rather than the subsequent BlockEdge node.
This should not have any effect on perceived behavior or diagnostics.

This makes it safe to re-enable inlining of member overloaded operators.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160022 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
752bee2493ec2931bd18899753552e3a47dc85fe 06-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Be careful about LazyCompoundVals, which may be for the first field.

We use LazyCompoundVals to avoid copying the contents of structs and arrays
around in the store, and when we need to pass a struct around that already
has a LazyCompoundVal we just use the original one. However, it's possible
that the first field of a struct may have a LazyCompoundVal of its own, and
we currently can't distinguish a LazyCompoundVal for the first element of a
struct from a LazyCompoundVal for the entire struct. In this case we should
just drop the optimization and make a new LazyCompoundVal that encompasses
the old one.

PR13264 / <rdar://problem/11802440>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159866 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
740d490593e0de8732a697c9f77b90ddd463863b 02-Jul-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Add a new abstraction over all types of calls: CallEvent

This is intended to replace CallOrObjCMessage, and is eventually intended to be
used for anything that cares more about /what/ is being called than /how/ it's
being called. For example, inlining destructors should be the same as inlining
blocks, and checking __attribute__((nonnull)) should apply to the allocator
calls generated by operator new.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159554 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
10f77ad7fc5e5cf3f37a9b14ff5843468b8b84d2 23-Jun-2012 Ted Kremenek <kremenek@apple.com> Implement initial static analysis inlining support for C++ methods.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159047 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9955e708ffadb479b82b26d93dfcf0f5a2a6e372 16-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Return an UnknownVal when we try to get the binding for a VLA.

This happens in C++ mode right at the declaration of a struct VLA;
MallocChecker sees a bind and tries to get see if it's an escaping bind.
It's likely that our handling of this is still incomplete, but it fixes a
crash on valid without disturbing anything else for now.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158587 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5b8c69494881b7d35bc6244b4a19be0cc2eab368 12-Jun-2012 Jordan Rose <jordan_rose@apple.com> Revert "[analyzer] Treat LValueBitCasts like regular pointer bit casts."

This does not actually give us the right behavior for reinterpret_cast
of references. Reverting so I can think about it some more.

This reverts commit 50a75a6e26a49011150067adac556ef978639fe6.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158341 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
570d03c6831a8e19447dc863aa94ffff020077eb 12-Jun-2012 Jordan Rose <jordan_rose@apple.com> [analyzer] Treat LValueBitCasts like regular pointer bit casts.

These casts only appear in very well-defined circumstances, in which the
target of a reinterpret_cast or a function formal parameter is an lvalue
reference. According to the C++ standard, the following are equivalent:

reinterpret_cast<T&>( x)
*reinterpret_cast<T*>(&x)

[expr.reinterpret.cast]p11

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158338 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
581deb3da481053c4993c7600f97acf7768caac5 06-Jun-2012 David Blaikie <dblaikie@gmail.com> Revert Decl's iterators back to pointer value_type rather than reference value_type

In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I would've omitted them entirely but
std::distance likes them to be there even if it doesn't use them.

This rolls back r155808 and r155869.

Review by Doug Gregor incorporating feedback from Chandler Carruth.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@158104 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
7fa9b4f258636d89342eda28f21a986c8ac353b1 01-Jun-2012 Ted Kremenek <kremenek@apple.com> static analyzer: add inlining support for directly called blocks.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157833 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
51d18cab1f55df33d85137868b59fec0c4a8776a 11-May-2012 Ted Kremenek <kremenek@apple.com> Include line that was meant to be in my last commit.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156582 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
8667052a53a47a6290dc9ae98e5c3d9277df5f4a 11-May-2012 Ted Kremenek <kremenek@apple.com> Fix insidious RegionStore bug where we (a) didn't handle vector types and (b) had
a horrible bug in GetLazyBindings where we falsely appended a field suffix when traversing 3 or more
layers of lazy bindings. I don't have a reduced test case yet; but I have added the original source
to an internal regression test suite. I'll see about coming up with a reduced test case.

Fixes <rdar://problem/11405978> (for real).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156580 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
50b5a5c32e07301e4edcc01aca1f8a49a128c66c 09-May-2012 Anna Zaks <ganna@apple.com> [analyzer] Simplify r156446, as per Ted's review.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156482 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
a8f2362307b436023095e66efd678ae591c02184 09-May-2012 Anna Zaks <ganna@apple.com> [analyzer] We currently do not fully support CompoundLiterals in
RegionStore, so be explicit about it and generate UnknownVal().

This is a hack to ensure we never produce undefined values for a value
coming from a compound value. (The undefined values can lead to
false positives.)

radar://10127782

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156446 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
4213e389d6f8fa96ab30eec0d932e4e3eee32997 08-May-2012 Ted Kremenek <kremenek@apple.com> Having RegionStore lower field bindings to raw offsets, just like ElementRegions. This is a bit
disruptive, but it allows RegionStore to better "see" through casts that reinterpret arrays of values
as structs. Fixes <rdar://problem/11405978>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156428 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
7dbbc2178fb487f3a8bff03a2c9e87f727bf2b98 08-May-2012 Ted Kremenek <kremenek@apple.com> When creating lazy bindings in RegionStore, propagate existing lazy bindings instead of creating new ones.
This is a functionality optimization.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156427 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
6341931b144cbf369ab816e871322c99ee62bea7 08-May-2012 Ted Kremenek <kremenek@apple.com> Include address of Store in graphviz output of ExplodedGraph.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156426 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
85d87df66a50a15a1957f7213802000b451a8ec9 04-May-2012 Ted Kremenek <kremenek@apple.com> Explicitly model capturing variables for blocks in the static analyzer. Fixes <rdar://problem/11125868>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@156211 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
262bc18e32500558af7cb0afa205b34bd37bafed 30-Apr-2012 David Blaikie <dblaikie@gmail.com> Remove the ref/value inconsistency in filter_decl_iterator.

filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior into a reusable
library of any kind.

This change errs on the side of value, making op-> return T* and op* return
T&.

(reviewed by Richard Smith)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155808 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
8f40afbf7740c39fccaa4b8cc5aa2814d5ed6fdc 26-Apr-2012 Ted Kremenek <kremenek@apple.com> [analyzer] check lazy bindings in RegionStore first before looking for default values. Fixes <rdar://problem/11269741>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@155615 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
a2c8d2edfff1573450c6feba876830dd746ffaad 10-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] dynamic_cast: Better model cast from a reference.

Generate a sink when the dynamic_cast from a reference fails to
represent a thrown exception.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154438 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e19f86edab8fb3c2c1e99e0e9815b6058504df9b 10-Apr-2012 Anna Zaks <ganna@apple.com> [analyzer] Add support for C++ dynamic_cast.

Simulate the C++ dynamic_cast in the analyzer.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154434 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
31b57628576a2355428fd4b57f828a3aa8423000 03-Apr-2012 Ted Kremenek <kremenek@apple.com> Fix another false positive in RegionStore involving doing loads from symbolic offsets. We still don't
properly reason about such accesses, but we shouldn't emit bogus "uninitialized value" warnings
either. Fixes <rdar://problem/11127008>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@153913 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
3133f79cf451e6302dd05262b4bb53a3e4fd6300 18-Feb-2012 Ted Kremenek <kremenek@apple.com> Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@150849 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
6f42b62b6194f53bcbc349f5d17388e1936535d7 05-Feb-2012 Dylan Noblesmith <nobled@dreamwidth.org> Basic: import OwningPtr<> into clang namespace

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
8bef8238181a30e52dea380789a7e2d760eac532 26-Jan-2012 Ted Kremenek <kremenek@apple.com> Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
52e4c60e31fee851e2988f7909aebf488e57fc12 16-Jan-2012 David Blaikie <dblaikie@gmail.com> Refactor variables unused under non-assert builds.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148229 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
ce8ef16b1c58a304b7b59fad9836ad32d6ed020c 13-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] RegionStoreManager::getBinding() should not crash when
looking up value at a CodeTextRegion even when the type is not provided.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148079 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
0849ade4bb3e90c2fc0ce01ccd330f76f91da732 12-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] fix inlining's handling of mapping actual to formal arguments and limit the call stack depth. The analyzer can now accurately simulate factorial for limited depths.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148036 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1437425a62dbf7bdb0a855d3ed3b05ed2019ec1e 12-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Rename Store::Retrieve() -> getBinding().

+ all the other Retrieve..() methods + a comment for ElementRegion.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148011 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5eca482fe895ea57bc82410222e6426c09e63284 06-Jan-2012 Ted Kremenek <kremenek@apple.com> [analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
eb31a76d1cdaaf8874c549dc6bd964ff270d3822 05-Jan-2012 Anna Zaks <ganna@apple.com> [analyzer] Be less pessimistic about invalidation of global variables
as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
A : Most system globals and const scalars

* invalidated by functions defined in system headers:
B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
B: errno
C: all other globals (which are not in A nor B)

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147569 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
1d1d515b2bafb59d624883d8fdda97d4b7dba0cb 07-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Refactor: Move symbol_iterator from SVal to SymExpr, use it
for finding dependent symbols for taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145986 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
aace9ef279be3dadd53b481aee568bd7701178b4 07-Dec-2011 Anna Zaks <ganna@apple.com> [analyzer] Propagate taint through NonLoc to NonLoc casts.

- Created a new SymExpr type - SymbolCast.
- SymbolCast is created when we don't know how to simplify a NonLoc to
NonLoc casts.
- A bit of code refactoring: introduced dispatchCast to have better
code reuse, remove a goto.
- Updated the test case to showcase the new taint flow.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145985 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
214323b78b01ef9c1ad226f0eb5bd1187f3efa70 29-Nov-2011 Ted Kremenek <kremenek@apple.com> Relax RegionStore to allow loads from CodeTextRegions. Apparently you can actually write code that does this. This seems worthy of a checker, but the StoreManager should handle the memory abstraction without crashing. Fixes PR 11450.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@145424 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
e42a0ab77ca4ad5201591aac5679ef47a08af4b6 16-Nov-2011 Jim Goodnow II <jim@thegoodnows.net> Fixed crash with initializer lists and unnamed bitfields in the RegionStore
Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
729aa06b9d190ce01eccb7108415e698fc52f6f4 14-Nov-2011 Ted Kremenek <kremenek@apple.com> [analyzer;Regionstore] handle loads from StringLiteral elements for StringLiterals representing wide strings. Fixes PR 11294.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144563 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5e1cdac63c3d9c9b32fa41fa0b2d242a58a20d49 07-Oct-2011 John McCall <rjmccall@apple.com> Rename TagDecl::isDefinition -> isCompleteDefinition
for better self-documenting code, since the semantics
are subtly different from getDefinition().



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@141355 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
eb2d1f1c88836bd5382e5d7aa8f6b85148a88b27 23-Sep-2011 David Blaikie <dblaikie@gmail.com> Removing a bunch of dead returns/breaks after llvm_unreachables.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140407 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
b219cfc4d75f0a03630b7c4509ef791b7e97b2c8 23-Sep-2011 David Blaikie <dblaikie@gmail.com> Switch assert(0/false) llvm_unreachable.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@140367 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
537716ad8dd10f984b6cfe6985afade1185c5e3c 28-Aug-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Change the check::RegionChanges callback to include the regions explicitly requested for invalidation.

Also, allow CallOrObjCMessage to wrap a CXXConstructExpr as well.

Finally, this allows us to remove the clunky whitelisting system from CFRefCount/RetainReleaseChecker. Slight regression due to CXXNewExprs not yet being handled in post-statement callbacks (PR forthcoming).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138716 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
18c66fdc3c4008d335885695fe36fb5353c5f672 16-Aug-2011 Ted Kremenek <kremenek@apple.com> Rename GRState to ProgramState, and cleanup some code formatting along the way.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137665 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9c378f705405d37f49795d5e915989de774fe11f 13-Aug-2011 Ted Kremenek <kremenek@apple.com> Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137537 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9697934650354bed2e509d8e7e44f21a1fb00f76 12-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Introduce new MemRegion, "TypedValueRegion", so that we can separate TypedRegions that implement getValueType() from those that don't.

Patch by Olaf Krzikalla!

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137498 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
bea2753da897ede723e70bcd17023d050b0603d0 06-Aug-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Change SymbolReaper to store region roots implied by the Environment, allowing it be queried when
determining if symbols derived from regions are still live.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@137005 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
fa7a95c62aa573a30d87c215b320b0086ed08bdc 29-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Add StoreManager::includedInBindings() to to query whether a region is used in any bindings.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136416 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
31d922fdbf52ea14856f395cb1079173b33cefcd 29-Jul-2011 Ted Kremenek <kremenek@apple.com> [analyzer] Add safety checking in RegionStoreManager for string literal underruns.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136415 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
5f9e272e632e951b1efe824cd16acb4d96077930 23-Jul-2011 Chris Lattner <sabre@nondot.org> remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@135852 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
eda368791b21aafaf87012c8552dc5181c0ff7a1 27-Jun-2011 Jordy Rose <jediknil@belkadan.com> [analyzer] Use UnknownVal when default-initializing arrays whose element types we don't model, to distinguish them from uninitialized arrays (PR10163).


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133937 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
c46d6410947b18ac4c52cff4d0f8021b10a57c1e 20-May-2011 Ted Kremenek <kremenek@apple.com> Teach RegionStore not to symbolic array values whose indices it cannot reason about.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131702 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
35bdbf40624beba3fc00cb72ab444659939c1a6b 02-May-2011 Ted Kremenek <kremenek@apple.com> Augment retain/release checker to not warn about tracked objects passed as arguments to C++ constructors. This is a stop-gap measure for Objective-C++ code that uses smart pointers to manage reference counts.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@130711 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
bf1a66764a12f6cceb6ba8b349d4b74996e3786b 12-Apr-2011 Ted Kremenek <kremenek@apple.com> RegionStoreManager::invalidateRegions: treat classes the same as structs.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@129333 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
45fa623886dfb6a23b3cfd6d8764e05884382180 03-Apr-2011 Ted Kremenek <kremenek@apple.com> Fix RegionStore bug when doing a field load whose parent is also a field assigned a LazyCompoundValue. Fixes <rdar://problem/9163742> and PR 9522.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128783 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
613744181322b9680a4b3d59cce87d7e5e572c99 17-Mar-2011 Ted Kremenek <kremenek@apple.com> Tweak RegionStore's handling of lazy compound values to use the 'Default' versus 'Direct' binding key, thus allowing specific elements of an array/struct to be overwritten without
invalidating the entire binding. Fixes PR 9455.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127796 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
cf333339615da345c2ed6e873d94a501810d9f3f 09-Mar-2011 Ted Kremenek <kremenek@apple.com> static analyzer: Fix use-after-free bug in RegionStore involving LazyCompoundValueData not reference counting Store objects.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127288 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
77a4d5687c2cb3199c689892c9d040a94ff270af 19-Feb-2011 Ted Kremenek <kremenek@apple.com> Add 'StoreRef' smart pointer to allow more fine-grain memory lifetime control of Store objects.

This yields a minor memory reduction (for larger functions) on Sqlite at the cost of slightly
higher memory usage on some functions because of the increased size of GRState (which can be optimized).

I expect the real memory savings from this enhancement will come when we aggressively
canabilize more of the ExplodedGraph.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126012 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
7dfc9420babe83e236a47e752f8723bd06070d9d 16-Feb-2011 Zhanyong Wan <wan@google.com> Makes most methods in SVals.h conform to the naming guide. Reviewed
by kremenek.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125687 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
98caa2ccf04c02d14c99b3a918e0c6da57efddf4 11-Feb-2011 Ted Kremenek <kremenek@apple.com> Remove RegionStoreManager::evalBinOp(), which is now handled by the SValBuilder.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125396 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
2534528c22260211a073e192c38d0db84c70c327 11-Feb-2011 Ted Kremenek <kremenek@apple.com> Rename 'InvalidateRegions()' to 'invalidateRegions()'.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125395 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
9b663716449b618ba0390b1dbebc54fa8e971124 10-Feb-2011 Ted Kremenek <kremenek@apple.com> Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.

This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125251 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp
811d75ee35b8b061a9b10a4e7b81e0c0eaf739c3 08-Feb-2011 Argyrios Kyrtzidis <akyrtzi@gmail.com> [analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core.

Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration.
Yet another library to avoid cyclic dependencies between Core and Checkers.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125124 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Core/RegionStore.cpp