llvm-svn: 79680

made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.

The root of the change is in StoreManager::CastRegion().  Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region.  This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.

Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object.  This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).

Other related changes that cascaded from this one (as tests were
failing in RegionStore):

- Revamped RegionStoreManager::InvalidateRegion() to completely remove
  all bindings and default values from a region and all subregions.
  Now invalidated fields are not bound directly to new symbolic
  values; instead the base region has a "default" symbol value from
  which "derived symbols" can be created.  The main advantage of this
  approach is that it allows us to invalidate a region hierarchy and
  then lazily instantiate new values no matter how deep the hierarchy
  went (i.e., regardless of the number of field accesses,
  e.g. x->f->y->z->...).  The previous approach did not do this.

- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
  incorporate live symbols and live regions that do not have direct
  bindings but also have "default values" used for lazy instantiation.
  The changes to 'InvalidateRegion' revealed that these were necessary
  in order to achieve lazy instantiation of values in the region store
  with those bindings being removed too early.

- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
  a serious bug in 'getSubRegionMap()' where not all region -> subregion
  relationships involved in actually bindings (explicit and implicit)
  were being recorded.  This has been fixed by using a worklist algorithm
  to iteratively fill in the region map.

- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
  OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
  layering of ElementRegions.

- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
  being marked live if the symbol they were derived from was also live.
  This fix was critical for getting lazy instantiation in RegionStore
  to work.

- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
  to use SymbolManager::canSymbolicate() to decide whether or not a
  symbol should be symbolicated.

- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
  moved to 'test/Analysis/misc-ps.m'.

- Tweaked some pretty-printing of MemRegions, and implemented
  'ElementRegion::getRawOffset()' for use with the CastRegion changes.

llvm-svn: 77782

OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.

llvm-svn: 77509

index 0.  This will be used for refinements to InvalidateRegion and CastRegion.

llvm-svn: 77481

llvm-svn: 76381

llvm-svn: 76380

ValueManager::makeArrayIndex()/convertArrayIndex() methods.  This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.

llvm-svn: 75884

Tidy pretty-printing for SVals, using 'dump()' instead of 'printStdErr()', and implementing operator<< support for llvm::raw_ostream.

llvm-svn: 75560

When pretty-printing symbolic regions, use '{' ... '}' to indicate the symbol used for the region (makes it easier to read for nested regions).

llvm-svn: 75550

Change pretty-printing API for SymExprs and MemRegions to use a naming convention and style similar to other elements in Clang.

llvm-svn: 75548

Rename potentially ambiguous member template 'getRegion' to 'getSubRegion' to hopefully resolve template lookup ambiguities on some compilers.

llvm-svn: 75253

structures passed-by-value as function arguments.

llvm-svn: 74729

directly consulting if a VarDecl is an implicit or actual parameter, a global,
etc.

llvm-svn: 74716

This will simplify the logic of StoreManagers that want to specially reason
about the values of parameters.

llvm-svn: 74715

llvm-svn: 74709

This is simple enough, but then I thought it would be nice to make PrintingPolicy
get a LangOptions so that various things can key off "bool" and "C++" independently.
This spiraled out of control.  There are many fixme's, but I think things are slightly
better than they were before.

One thing that can be improved: CFG should probably have an ASTContext pointer in it,
which would simplify its clients.

llvm-svn: 74493

- Change implementation of MemRegion::hasStackStorage()/hasHeapStorage() to use
  'getMemorySpace()'.  This avoids a double traversal up the region hierarchy
  and is simpler.
- Add MemRegion::hasHeapOrStackStorage() as a slightly more efficient
  alternative to 'hasStackStorage() || hasHeapStorage()'.

llvm-svn: 73977

llvm-svn: 73973

trait-based MemRegion creation.

llvm-svn: 73941

llvm-svn: 73940

- Embed a reference to MemRegionManager objects in MemSpaceRegion objects
- Use this embedded reference for MemRegion objects to access ASTContext objects without external help
- Use this access to ASTContext to simplify 'isBoundable' (no ASTContext& argument required)

llvm-svn: 73935

llvm-svn: 73927

the new trait-based construction of MemRegion objects.

llvm-svn: 73926

new generalized region-construction code.

llvm-svn: 73921

member template functions and traits. The idea is to allow MemRegionManager to
construct subclasses of MemRegion that aren't declared in MemRegion.h (e.g.,
checker-specific regions).

llvm-svn: 73917

be unique.

llvm-svn: 73482

 RValueType => ObjectType
 LValueType => LocationType

No functionality change.

llvm-svn: 71304

future we would create ElementRegion directly on top of typeless regions.

llvm-svn: 71075

ElementRegion.  I also removed 'ElementRegion::getArrayRegion',
although we may need to add this back.

This breaks a few test cases with RegionStore:
- 'array-struct.c' triggers an infinite recursion in RegionStoreManager.  Need to investigate.
- misc-ps.m triggers a failure with RegionStoreManager as we now get the diagnostic:
  'Line 159: Uninitialized or undefined return value returned to caller.'
  
There were a bunch of places that needed to be edit
RegionStoreManager, and we may not be passing all the correct 'element
types' down from GRExprEngine.

Zhongxing: When you get a chance, could you review this?  I could have
easily screwed up something basic in RegionStoreManager.

llvm-svn: 70830

name of the tracked function.

llvm-svn: 70381

the build).

llvm-svn: 69702

llvm-svn: 69697

llvm-svn: 69694

llvm-svn: 69688

ProgramPoints all the way through to GRCoreEngine.

NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.

llvm-svn: 68845

A CodeTextRegion wraps two kinds of data: FunctionDecl* or SymbolRef. 
The latter comes from the symbolic function pointer that are generated from
function calls or input data.

llvm-svn: 68777

it.  Will discuss offline whether symbolic regions should by typed or typeless.

llvm-svn: 68070

llvm-svn: 68068

Layer the type information with a TypedViewRegion on top of the SymbolicRegion.

llvm-svn: 68028

Zhongxing and I discussed by email.

Main changes:
- Removed SymIntConstraintVal and SymIntConstraint
- Added SymExpr as a parent class to SymbolData, SymSymExpr, SymIntExpr
- Added nonloc::SymExprVal to wrap SymExpr
- SymbolRef is now just a typedef of 'const SymbolData*'
- Bunch of minor code cleanups in how some methods were invoked (no functionality change)

This changes are part of a long-term plan to have full symbolic expression
trees. This will be useful for lazily evaluating complicated expressions.

llvm-svn: 67731