Cross Reference: /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp

History log of /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
176edba5311f6eff0cad2631449885ddf4fbc9ea	01-Dec-2014	Stephen Hines <srhines@google.com>	Update aosp/master Clang for rebase to r222490. Change-Id: Ic557ac55e97fbf6ee08771c7b7c3594777b0aefd /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
c568f1e98938584c0ef0b12ae5018ff7d90a4072	21-Jul-2014	Stephen Hines <srhines@google.com>	Update Clang for rebase to r212749. This also fixes a small issue with arm_neon.h not being generated always. Includes a cherry-pick of: r213450 - fixes mac-specific header issue r213126 - removes a default -Bsymbolic on Android Change-Id: I2a790a0f5d3b2aab11de596fc3a74e7cbc99081d /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89	29-May-2014	Stephen Hines <srhines@google.com>	Update Clang for 3.5 rebase (r209713). Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
651f13cea278ec967336033dd032faef0e9fc2ec	24-Apr-2014	Stephen Hines <srhines@google.com>	Updated to Clang 3.5a. Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
9b072b31ee2f41b8e30d1d22142c9ab72ac5ff1f	28-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Make inlining decisions based on the callee being variadic. ...rather than trying to figure it out from the call site, and having people complain that we guessed wrong and that a prototype-less call is the same as a variadic call on their system. More importantly, fix a crash when there's no decl at the call site (though we could have just returned a default value). <rdar://problem/15037033> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191599 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
81557223ba8d7ef8b0468a6e1dc8fc79f2de46f2	25-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle destructors for the argument to C++ 'delete'. Now that the CFG includes nodes for the destructors in a delete-expression, process them in the analyzer using the same common destructor interface currently used for local, member, and base destructors. Also, check for when the value is known to be null, in which case no destructor is actually run. This does not yet handle destructors for deleted /arrays/, which may need more CFG work. It also causes a slight regression in the location of double delete warnings; the double delete is detected at the destructor call, which is implicit, and so is reported on the first access within the destructor instead of at the 'delete' statement. This will be fixed soon. Patch by Karthik Bhat! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191381 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
da8d37ce42d2db4e1e76ee6f7f38f10f6b0ef0f8	25-Sep-2013	Anton Yartsev <anton.yartsev@gmail.com>	[analyzer] This patch removes passing around of const-invalidation vs regular-invalidation info by passing around a datastructure that maps regions and symbols to the type of invalidation they experience. This simplifies the code and would allow to associate more different invalidation types in the future. With this patch things like preserving contents of regions (either hi- or low-level ones) or processing of the only top-level region can be implemented easily without passing around extra parameters. This patch is a first step towards adequate modeling of memcpy() by the CStringChecker checker and towards eliminating of majority of false-positives produced by the NewDeleteLeaks checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191342 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
7c98f9f5c3202a0b11eda7f30b4edd8cb4d1139c	20-Sep-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use getParentIgnoreParenCasts instead of doing it by hand. Apart from being more compact and already implemented, this also handles the case where the parent is null. (It does also ignore all casts, not just implicit ones, but this is more efficient to test and in the case we care about---a message in a PseudoObjectExpr---there should only be implicit casts anyway. This should fix our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@191094 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
de940da033aa46c50c7d07c61f455e7c5053e90a	17-Sep-2013	Anna Zaks <ganna@apple.com>	[analyzer] More reliably detect property accessors. This has a side effect of preventing a crash, which occurs because we get a property getter declaration, which is overriding but is declared inside @protocol. Will file a bug about this inconsistency internally. Getting a small test case is very challenging. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@190836 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
24146975f1af8c1b4b14e8545f218129d0e7dfeb	22-Aug-2013	Eli Friedman <eli.friedman@gmail.com>	Split isFromMainFile into two functions. Basically, isInMainFile considers line markers, and isWrittenInMainFile doesn't. Distinguishing between the two is useful when dealing with files which are preprocessed files or rewritten with -frewrite-includes (so we don't, for example, print useless warnings). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@188968 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
37926da411d5a0047240b3ffd4dad0c4838aac57	19-Jun-2013	Pavel Labath <labath@google.com>	Fix a crash in the static analyzer (bug #16307) Summary: When processing a call to a function, which got passed less arguments than it expects, the analyzer would crash. I've also added a test for that and a analyzer warning which detects these cases. CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D994 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@184288 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
b347c76054a0a4b8e6d1fce44314f6daf3294c69	30-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't crash if a block's signature just has the return type. It is okay to declare a block without an argument list: ^ {} or ^void {}. In these cases, the BlockDecl's signature-as-written will just contain the return type, rather than the entire function type. It is unclear if this is intentional, but the analyzer shouldn't crash because of it. <rdar://problem/14018351> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182948 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
eb41640fb417e25eb3218c2662a0dd512cdab04a	22-May-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't crash if a block doesn't have a type signature. Currently, blocks instantiated in templates lose their "signature as written"; it's not clear if this is intentional. Change the analyzer's use of BlockDecl::getSignatureAsWritten to check whether or not the signature is actually there. <rdar://problem/13954714> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@182497 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
898be7b4a7b0a527d9bd2569eebc41a198e6e528	17-Apr-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't warn for returning void expressions in void blocks. This was slightly tricky because BlockDecls don't currently store an inferred return type. However, we can rely on the fact that blocks with inferred return types will have return statements that match the inferred type. <rdar://problem/13665798> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@179699 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
658a28479dd775f6ff2c07fa5699a7ea01e04127	02-Apr-2013	Anna Zaks <ganna@apple.com>	[analyzer] Teach invalidateRegions that regions within LazyCompoundVal need to be invalidated Refactor invalidateRegions to take SVals instead of Regions as input and teach RegionStore about processing LazyCompoundVal as a top-level “escaping” value. This addresses several false positives that get triggered by the NewDelete checker, but the underlying issue is reproducible with other checkers as well (for example, MallocChecker). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178518 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
f8ddc098981d4d85cad4e72fc6dfcfe83b842b66	20-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Invalidate regions indirectly accessible through const pointers. In this case, the value of 'x' may be changed after the call to indirectAccess: struct Wrapper { int *ptr; }; void indirectAccess(const Wrapper &w); void test() { int x = 42; Wrapper w = { x }; clang_analyzer_eval(x == 42); // TRUE indirectAccess(w); clang_analyzer_eval(x == 42); // UNKNOWN } This is important for modelling return-by-value objects in C++, to show that the contents of the struct are escaping in the return copy-constructor. <rdar://problem/13239826> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177570 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
e1a2e90876cbe2187250939374d26036ccba2ad6	20-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Remove strip of ElementRegion in CallEvent::invalidateRegions. This is a bit of old code trying to deal with the fact that functions that take pointers often use them to access an entire array via pointer arithmetic. However, RegionStore already conservatively assumes you can use pointer arithmetic to access any part of a region. Some day we may want to go back to handling this specifically for calls, but we can do that in the future. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177569 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
962fbc46664f2486d6805549130fa6b310de6d60	07-Mar-2013	Jordan Rose <jordan_rose@apple.com>	[analyzer] Clean up a few doc comments for ProgramState and CallEvent. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@176600 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
b07805485c603be3d8011f72611465324c9e664b	23-Feb-2013	David Blaikie <dblaikie@gmail.com>	Remove the CFGElement "Invalid" state. Use Optional<CFG*> where invalid states were needed previously. In the one case where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy CFGAutomaticObjDtor. Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek and Doug Gregor. Post commit code review feedback on r175796 by Ted Kremenek. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175938 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
fdf6a279c9a75c778eba382d9a156697092982a1	21-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace CFGElement llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175796 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
dc84cd5efdd3430efb22546b4ac656aa0540b210	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Include llvm::Optional in clang/Basic/LLVM.h Post-commit CR feedback from Jordan Rose regarding r175594. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
5251abea41b446c26e3239c8dd6c7edea6fc335d	20-Feb-2013	David Blaikie <dblaikie@gmail.com>	Replace SVal llvm::cast support to be well-defined. See r175462 for another example/more details. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
1655bcd052a67a3050fc55df8ecce57342352e68	21-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's nitpicks as per code review of r170625. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170832 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
bf53dfac8195835028bd6347433f7dbebcc29fc1	20-Dec-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add the pointer escaped callback. Instead of using several callbacks to identify the pointer escape event, checkers now can register for the checkPointerEscape. Converted the Malloc checker to use the new callback. SimpleStreamChecker will be converted next. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170625 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
bf25fb1e2eaea0eadb90d1a9ce91e7d510c8972a	07-Dec-2012	Ted Kremenek <kremenek@apple.com>	Cache queries to lookupPrivateMethod() within ObjCMethodCall::getRuntimeDefinition(). The same queries can happen thousands of times. This reduces the analysis time on one heavy Objective-C file by 2.4%. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169589 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
55fc873017f10f6f566b182b70f6fc22aefa3464	04-Dec-2012	Chandler Carruth <chandlerc@gmail.com>	Sort all of Clang's files under 'lib', and fix up the broken headers uncovered. This required manually correcting all of the incorrect main-module headers I could find, and running the new llvm/utils/sort_includes.py script over the files. I also manually added quite a few missing headers that were uncovered by shuffling the order or moving headers up to be main-module-headers. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
a93d0f280693b8418bc88cf7a8c93325f7fcf4c6	01-Dec-2012	Benjamin Kramer <benny.kra@googlemail.com>	Include pruning and general cleanup. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169095 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
2f3017f9cbd3774f690c979410bfec38423d03af	03-Nov-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add some convenience accessors to CallEvent, and use them. These are CallEvent-equivalents of helpers already accessible in CheckerContext, as part of making it easier for new checkers to be written using CallEvent rather than raw CallExprs. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167338 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
3719ed248b7b7e239b1b435dd569b007aaea9d26	31-Oct-2012	Anna Zaks <ganna@apple.com>	[analyzer]Don't invalidate const arguments when there is no IdentifierInfo. Ee: C++ copy constructors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167092 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
f1e67d75fc922ff905de9faa6326bb1a96685ec1	17-Oct-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Create a temporary region when accessing a struct rvalue. In C++, rvalues that need to have their address taken (for example, to be passed to a function by const reference) will be wrapped in a MaterializeTemporaryExpr, which lets CodeGen know to create a temporary region to store this value. However, MaterializeTemporaryExprs are /not/ created when a method is called on an rvalue struct, even though the 'this' pointer needs a valid value. CodeGen works around this by creating a temporary region anyway; now, so does the analyzer. The analyzer also does this when accessing a field of a struct rvalue. This is a little unfortunate, since the rest of the struct will soon be thrown away, but it does make things consistent with the rest of the analyzer. This allows us to bring back the assumption that all known 'this' values are Locs. This is a revised version of r164828-9, reverted in r164876-7. <rdar://problem/12137950> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@166120 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
ddc0c4814788dda4ef224cd4d22d07154a6ede49	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Simplify getRuntimeDefinition() back to taking no arguments. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
a43df9539644bf1c258e12710cd69d79b0b078cd	21-Sep-2012	Ted Kremenek <kremenek@apple.com>	Implement faux-body-synthesis of well-known functions in the static analyzer when their implementations are unavailable. Start by simulating dispatch_sync(). This change is largely a bunch of plumbing around something very simple. We use AnalysisDeclContext to conjure up a fake function body (using the current ASTContext) when one does not exist. This is controlled under the analyzer-config option "faux-bodies", which is off by default. The plumbing in this patch is largely to pass the necessary machinery around. CallEvent needs the AnalysisDeclContextManager to get the function definition, as one may get conjured up lazily. BugReporter and PathDiagnosticLocation needed to be relaxed to handle invalid locations, as the conjured body has no real source locations. We do some primitive recovery in diagnostic generation to generate some reasonable locations (for arrows and events), but it can be improved. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
16e6a7cb41319459ded69b4d47f405c1035dd347	13-Sep-2012	Anna Zaks <ganna@apple.com>	[analyzer] Do not report use of undef on "return foo();" when the return type is void. Fixes a false positive found by analyzing LLVM code base. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163750 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
d66b3c56a5da1cbaf5ec12811ee7221231b6c301	12-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Handle when the dynamic type is worse than the static type. Currently we don't update the dynamic type of a C++ object when it is cast. This can cause the situation above, where the static type of the region is now known to be a subclass of the dynamic type. Once we start updating DynamicTypeInfo in response to the various kinds of casts in C++, we can re-add this assert to make sure we don't miss any cases. This work is tracked by <rdar://problem/12287087>. In -Asserts builds, we will simply not return any runtime definition when our DynamicTypeInfo is known to be incorrect like this. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163745 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
fe3769dbb448edf8e5ece13b14017608558d4763	12-Sep-2012	Jordan Rose <jordan_rose@apple.com>	Revert "[analyzer] Use the static type for a virtual call if the dynamic type is worse." Using the static type may be inconsistent with later calls. We should just report that there is no inlining definition available if the static type is better than the dynamic type. See next commit. This reverts r163644 / 19d5886d1704e24282c86217b09d5c6d35ba604d. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163744 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
19d5886d1704e24282c86217b09d5c6d35ba604d	11-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Use the static type for a virtual call if the dynamic type is worse. reinterpret_cast does not provide any of the usual type information that static_cast or dynamic_cast provide -- only the new type. This can get us in a situation where the dynamic type info for an object is actually a superclass of the static type, which does not match what CodeGen does at all. In these cases, just fall back to the static type as the best possible type for devirtualization. Should fix the crashes on our internal buildbot. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163644 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
00b4f64ecb26b031c1f4888f39be6c706156356a	11-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Member function calls that use qualified names are non-virtual. C++11 [expr.call]p1: ...If the selected function is non-virtual, or if the id-expression in the class member access expression is a qualified-id, that function is called. Otherwise, its final overrider in the dynamic type of the object expression is called. <rdar://problem/12255556> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163577 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
8f0d0fef5f90b16600cdb802d5d7344417c34aad	07-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Fail gracefully when the dynamic type is outside the hierarchy. With some particularly evil casts, we can get an object whose dynamic type is not actually a subclass of its static type. In this case, we won't even find the statically-resolved method as a devirtualization candidate. Rather than assert that this situation cannot occur, we now simply check that the dynamic type is not an ancestor or descendent of the static type, and leave it at that. This error actually occurred analyzing LLVM: CallEventManager uses a BumpPtrAllocator to allocate a concrete subclass of CallEvent (FunctionCall), but then casts it to the actual subclass requested (such as ObjCMethodCall) to perform the constructor. Yet another crash in PR13763. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163367 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
200fa2e70d52ae6d620e81cd45536071fdde70c0	06-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't attempt to devirtualize calls to base class destructors. CXXDestructorCall now has a flag for when it is a base destructor call. Other kinds of destructor calls (locals, fields, temporaries, and 'delete') all behave as "whole-object" destructors and do not behave differently from one another (specifically, in these cases we /should/ try to devirtualize a call to a virtual destructor). This was causing crashes in both our internal buildbot, the crash still being tracked in PR13765, and some of the crashes being tracked in PR13763, due to a assertion failure. (The behavior under -Asserts happened to be correct anyway.) Adding this knowledge also allows our DynamicTypePropagation checker to do a bit less work; the special rules about virtual method calls during a destructor only require extra handling during base destructors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163348 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
6ebea89be233eaba5e29de8cf3524ad150c860bb	05-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Be more forgiving about calling methods on struct rvalues. The problem is that the value of 'this' in a C++ member function call should always be a region (or NULL). However, if the object is an rvalue, it has no associated region (only a conjured symbol or LazyCompoundVal). For now, we handle this in two ways: 1) Actually respect MaterializeTemporaryExpr. Before, it was relying on CXXConstructExpr to create temporary regions for all struct values. Now it just does the right thing: if the value is not in a temporary region, create one. 2) Have CallEvent recognize the case where its 'this' pointer is a non-region, and just return UnknownVal to keep from confusing clients. The long-term problem is being tracked internally in <rdar://problem/12137950>, but this makes many test cases pass. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163220 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
4e45dba1c0234eec7b7c348dbbf568c5ac9fc471	05-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Clean up a couple uses of getPointeeType(). No intended functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163219 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
5699f62df144545702b91e91836a63db4e5f2627	01-Sep-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Always derive a CallEvent's return type from its origin expr. Previously, we preferred to get a result type by looking at the callee's declared result type. This allowed us to handlereferences, which are represented in the AST as lvalues of their pointee type. (That is, a call to a function returning 'int &' has type 'int' and value kind 'lvalue'.) However, this results in us preferring the original type of a function over a casted type. This is a problem when a function pointer is casted to another type, because the conjured result value will have the wrong type. AdjustedReturnValueChecker is supposed to handle this, but still doesn't handle the case where there is no "original function" at all, i.e. where the callee is unknown. Now, we instead look at the call expression's value kind (lvalue, xvalue, or prvalue), and adjust the expr's type accordingly. This will have no effect when the function is inlined, and will conjure the value that will actually be used when it is not. This makes AdjustedReturnValueChecker /nearly/ unnecessary; unfortunately, the cases where it would still be useful are where we need to cast the result of an inlined function or a checker-evaluated function, and in these cases we don't know what we're casting /from/ by the time we can do post- call checks. In light of that, remove AdjustedReturnValueChecker, which was already not checking quite a few calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163065 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
827eeb63614309bafac9d77a5a3a7ca81f1e4751	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Teach CallEventManager that CXXTemporaryObjectExpr is also a ctor. Specifically, CallEventManager::getCaller was looking at the call site for an inlined call and trying to see what kind of call it was, but it only checked for CXXConstructExprClass. (It's not using an isa<> here to avoid doing three more checks on the the statement class.) This caused an unreachable when we actually did inline the constructor of a temporary object. PR13717 git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162792 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
6062334cc388bce69fb3978c4ecb26c6485a5c2b	28-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename CallEvent::mayBeInlined to CallEvent::isCallStmt. The two callers are using this in order to be conservative, so let's just clarify the information that's actually being provided here. This is not related to inlining decisions in any way. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162717 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
5a90193ad825656d4a03099cd5e9c928d1782b5e	24-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Make analyzer less aggressive when dealing with [self init]. With inlining, retain count checker starts tracking 'self' through the init methods. The analyser results were too noisy if the developer did not follow 'self = [super init]' pattern (which is common especially in older code bases) - we reported self init anti-pattern AND possible use-after-free. This patch teaches the retain count checker to assume that [super init] does not fail when it's not consumed by another expression. This silences the retain count warning that warns about possibility of use-after-free when init fails, while preserving all the other checking on 'self'. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162508 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
d1420c6fa788669e49f21e184927c7833881e399	16-Aug-2012	Richard Smith <richard-llvm@metafoo.co.uk>	Store SourceManager pointer on PrintingPolicy in the case where we're dumping, and remove ASTContext reference (which was frequently bound to a dereferenced null pointer) from the recursive lump of printPretty functions. In so doing, fix (at least) one case where we intended to use the 'dump' mode, but that failed because a null ASTContext reference had been passed in. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162011 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
4e79fdfe22db1c982e8fdf8397fee426a8c57821	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Correctly devirtualize virtual method calls in constructors. This is the other half of C++11 [class.cdtor]p4 (the destructor side was added in r161915). This also fixes an issue with post-call checks where the 'this' value was already being cleaned out of the state, thus being omitted from a reconstructed CXXConstructorCall. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161981 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
fc87350ce0b279c82b1c9d2647063f4acf48a978	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't try to devirtualize if the class is incomplete. A similar issue to the previous commit, introduced by r161915. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161961 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
9f6441ad92c30028032eb3df6f4a7f2ebe393a68	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Only adjust the type of 'this' when we devirtualize a method call. With reinterpret_cast, we can get completely unrelated types in a region hierarchy together; this was resulting in CXXBaseObjectRegions being layered directly on an (untyped) SymbolicRegion, whose symbol was from a completely different type hierarchy. This was what was causing the internal buildbot to fail. Reverts r161911, which merely masked the problem. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161960 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
0ad36baedc516005cb6ea97d96327517ebfe5138	15-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Correctly devirtualize virtual method calls in destructors. C++11 [class.cdtor]p4: When a virtual function is called directly or indirectly from a constructor or from a destructor, including during the construction or destruction of the class’s non-static data members, and the object to which the call applies is the object under construction or destruction, the function called is the final overrider in the constructor's or destructor's class and not one overriding it in a more-derived class. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161915 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
38aee3bb4ffe14c8323785ae2fafed6f627fb577	14-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer]Assume that the properties cannot be overridden when dot syntax is used. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161889 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
42c72c258e08ca79c9267346b4badcddd8fcd001	14-Aug-2012	Benjamin Kramer <benny.kra@googlemail.com>	Do NOT use inline functions with LLVM_ATTRIBUTE_USED. The function will be emitted into every single TU including the header! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161872 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
645baeed6800f952e9ad1d5666e01080385531a2	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall. While there is now some duplication between SimpleCall and the CXXInstanceCall sub-hierarchy, this is much better than copy-and-pasting the devirtualization logic shared by both instance methods and destructors. An unfortunate side effect is that there is no longer a single CallEvent type that corresponds to "calls written as CallExprs". For the most part this is a good thing, but the checker callback eval::Call still takes a CallExpr rather than a CallEvent (since we're not sure if we want to allow checkers to evaluate other kinds of calls). A mistake here will be caught by a cast<> in CheckerManager::runCheckersForEvalCall. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161809 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
8ec104b9fffb917924c495ce3dd25694e4e3087a	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Be more careful when downcasting for devirtualization. Virtual base regions are never layered, so simply stripping them off won't necessarily get you to the correct casted class. Instead, what we want is the same logic for evaluating dynamic_cast: strip off base regions if possible, but add new base regions if necessary. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161808 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
b11a3ada9a22e146c6edd33bcc6301e221fedd7a	14-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts. ...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class. This allows us to enforce the invariant that a CXXBaseObjectRegion can always provide an offset for its base region if its base region has a known class type, by only allowing virtual bases and direct non-virtual bases to form CXXBaseObjectRegions. This does mean some slight problems for our modeling of dynamic_cast, which needs to be resolved by finding a path from the current region to the class we're trying to cast to. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161797 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
b6d2bea04801cb66263de2f3fe99ef8e1dcd9f53	11-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Strip CXXBaseObjectRegions when devirtualizing method calls. This was causing a crash when we tried to re-apply a base object region to itself. It probably also caused incorrect offset calculations in RegionStore. PR13569 / <rdar://problem/12076683> git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161710 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
9584f67b6da17283a31dedf0a1cab2d83a3d121c	11-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Try to devirtualize even if the static callee has no definition. This mostly affects pure virtual methods, but would also affect parent methods defined inline in the header when analyzing the child's source file. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161709 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
54918ba02ba900c0e0bb4fd3d749b6b1ac4e50a9	10-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Track if a region can be a subclass in the dynamic type info. When object is allocated with alloc or init, we assume it cannot be a subclass (currently used only for bifurcation purposes). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161682 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
3f558af01643787d209a133215b0abec81b5fe30	10-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases when we don't need to split. In some cases we know that a method cannot have a different implementation in a subclass: - the class is declared in the main file (private) - all the method declarations (including the ones coming from super classes) are in the main file. This can be improved further, but might be enough for the heuristic. (When we are too aggressive splitting the state, efficiency suffers. When we fail to split the state coverage might suffer.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161681 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
5960f4aeac9760198c80e05d70d8dadb1db0ff0e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Improve readability of the dyn. dispatch bifurcation patch r161552. As per Jordan's feedback. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161603 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
fc05decf08feefd2ffe8cc250219aee6eab3119c	09-Aug-2012	Anna Zaks <ganna@apple.com>	Unbreak the build. Declaring "const Decl *Decl" is not a good idea. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161567 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
e90d3f847dcce76237078b67db8895eb7a24189e	09-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Bifurcate the path with dynamic dispatch. This is an initial (unoptimized) version. We split the path when inlining ObjC instance methods. On one branch we always assume that the type information for the given memory region is precise. On the other we assume that we don't have the exact type info. It is important to check since the class could be subclassed and the method can be overridden. If we always inline we can loose coverage. Had to refactor some of the call eval functions. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161552 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
8ed21ef726be89ef7151b5ff397631379bd8a537	07-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Address Jordan's review of DynamicTypePropagation. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161391 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
c7ecc43c33a21b82c49664910b19fcc1f555aa51	07-Aug-2012	Anna Zaks <ganna@apple.com>	[analyzer] Add a checker to manage dynamic type propagation. Instead of sprinkling dynamic type info propagation throughout ExprEngine, the added checker would add the more precise type information on known APIs (Ex: ObjC alloc, new) and propagate the type info in other cases (ex: ObjC init method, casts (the second is not implemented yet)). Add handling of ObjC alloc, new and init to the checker. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161357 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
9da59a67a27a4d3fc9d59552f07808a32f85e9d3	04-Aug-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Track null/uninitialized C++ objects used in method calls. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161278 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
4fe64ad383c056774087113561063429103ac9a6	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Don't try to inline if there's no region for a message receiver. While usually we'd use a symbolic region rather than a straight-up Unknown, we can still generate unknowns via array subscripts with symbolic indexes. (And if this ever changes in the future, we still shouldn't crash.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161059 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
6d8ab45a203eb701c2fd1104492cb4bd7557a3e9	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Add a FIXME about devirtualization in ctors/dtors. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161058 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
ef15831780b705475e7b237ac16418e9b53cb7a6	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Let CallEvent decide what goes in an inital stack frame. This removes explicit checks for 'this' and 'self' from Store::enterStackFrame. It also removes getCXXThisRegion() as a virtual method on all CallEvents; it's now only implemented in the parts of the hierarchy where it is relevant. Finally, it removes the option to ask for the ParmVarDecls attached to the definition of an inlined function, saving a recomputation of the result of getRuntimeDefinition(). No visible functionality change! git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161017 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
f0324d33967f28758f7243c7bb1a469c5a0394b6	31-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Handle inlining of instance calls to super. Use self-init.m for testing. (It used to have a bunch of failing tests with dynamic inlining turned on.) git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161012 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
57c033621dacd8720ac9ff65a09025f14f70e22f	31-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Perform post-call checks for all inlined calls. Previously, we were only checking the origin expressions of inlined calls. Checkers using the generic postCall and older postObjCMessage callbacks were ignored. Now that we have CallEventManager, it is much easier to create a CallEvent generically when exiting an inlined function, which we can then use for post-call checks. No test case because we don't (yet) have any checkers that depend on this behavior (which is why it hadn't been fixed before now). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161005 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
2d18419a7c8f9a2975d4ed74a202de6467308ad1	30-Jul-2012	Anna Zaks <ganna@apple.com>	[analyzer] Very simple ObjC instance method inlining - Retrieves the type of the object/receiver from the state. - Binds self during stack setup. - Only explores the path on which the method is inlined (no bifurcation to explore the path on which the method is not inlined). git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160991 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
d563d3fb73879df7147b8a5302c3bf0e1402ba18	30-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Only allow CallEvents to be created by CallEventManager. This ensures that it is valid to reference-count any CallEvents, and we won't accidentally try to reclaim a CallEvent that lives on the stack. It also hides an ugly switch statement for handling CallExprs! There should be no functionality change here. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160986 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
7c99aa385178c630e29f671299cdd9c104f1c885	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] CallEvent is no longer a value object. After discussion, the type-based dispatch was decided to be bad for maintenance and made it very easy for subtle bugs to creep in. Instead, we'll just be very careful when we do have to allocate these on the heap. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160817 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp
f540c54701e3eeb34cb619a3a4eb18f1ac70ef2d	26-Jul-2012	Jordan Rose <jordan_rose@apple.com>	[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160815 91177308-0d34-0410-b5e6-96231b3b80d8 /external/clang/lib/StaticAnalyzer/Core/CallEvent.cpp