llvm-svn: 95534

llvm-svn: 95365

llvm-svn: 95362

llvm-svn: 95360

llvm-svn: 95357

llvm-svn: 95279

(1) libAnalysis is a generic analysis library that can be used by
    Sema.  It defines the CFG, basic dataflow analysis primitives, and
    inexpensive flow-sensitive analyses (e.g. LiveVariables).

(2) libChecker contains the guts of the static analyzer, incuding the
    path-sensitive analysis engine and domain-specific checks.

Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.

This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker.  More changes pending.  :)

This change also exposed a layering violation between AnalysisContext
and MemRegion.  BlockInvocationContext shouldn't explicitly know about
BlockDataRegions.  For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet).  We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.

llvm-svn: 94406

llvm-svn: 91572

llvm-svn: 91557

llvm-svn: 91553

- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.

This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects.  Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object.  In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).

llvm-svn: 90809

llvm-svn: 90582

llvm-svn: 90028

* Add a load type to GRExprEngine::EvalLoad().
* When retrieve from 'theValue' of OSAtomic funcitions, use the type of the 
  region instead of the argument expression as the load type.
* Then we can convert CastRetrievedSVal to a pure assertion. In the future
  we can let all Retrieve() methods simply return SVal.

llvm-svn: 88888

getBaseRegion will be used in another method.

llvm-svn: 86649

Refactor StoreManager::BindDecl() to take a VarRegion* instead of a VarDecl*, and modify GRExprEngine::EvalBind() to handle decl initialization as well.  This paves the way for adding "checker" visitation in EvalBind().

llvm-svn: 85983

retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().

This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.

llvm-svn: 84223

* Make all Base value the last argument.

llvm-svn: 84071

<rdar://problem/6914474> checker doesn't realize that variable might
have been assigned if a pointer to that variable was passed to another
function via a structure

The problem here was the RegionStoreManager::InvalidateRegion didn't
invalidate the bindings of invalidated regions.  This required a
rewrite of this method using a worklist.

As part of this fix, changed ValueManager::getConjuredSymbolVal() to
require a 'void*' SymbolTag argument.  This tag is used to
differentiate two different symbols created at the same location.

llvm-svn: 82920

to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.

Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.

llvm-svn: 81579

llvm-svn: 81346

Fix regression in BasicStoreManager caused by implicitly casting loaded values and trying to load/store from arrays.  RegionStoreManager already properly handles these cases well; we just need to gracefully not handle this case in BasicStoreManager.  This fixes PR 4781.

llvm-svn: 80051

implicit cast logic in RegionStoreManager to BasicStoreManager. This involved
moving CastRetriedVal from RegionStoreManager to StoreManager.

llvm-svn: 80026

llvm-svn: 79854

SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.

For RegionStoreManager, the value for SelfRegion is just lazily created.

For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.

As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.

llvm-svn: 79694

llvm-svn: 79680

llvm-svn: 79590

of GRStateManager and GRExprEngine, pass the initial location context
to the getInitialState() method.

llvm-svn: 79228

Generalize the interface of 'StoreManager::RemoveDeadBindings()' to manipulate the entire GRState, not just the Store.

llvm-svn: 77870

  Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
  Type::getAsRecordType() -> Type::getAs<RecordType>()
  Type::getAsPointerType() -> Type::getAs<PointerType>()
  Type::getAsBlockPointerType() -> Type::getAs<BlockPointerType>()
  Type::getAsLValueReferenceType() -> Type::getAs<LValueReferenceType>()
  Type::getAsRValueReferenceType() -> Type::getAs<RValueReferenceType>()
  Type::getAsMemberPointerType() -> Type::getAs<MemberPointerType>()
  Type::getAsReferenceType() -> Type::getAs<ReferenceType>()
  Type::getAsTagType() -> Type::getAs<TagType>()
  
And remove Type::getAsReferenceType(), etc.

This change is similar to one I made a couple weeks ago, but that was partly
reverted pending some additional design discussion. With Doug's pending smart
pointer changes for Types, it seemed natural to take this approach.

llvm-svn: 77510

OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.

llvm-svn: 77509

in StoreManager to RegionStoreManager, and create a special, highly reduced
version in BasicStoreManager.

These changes are in preparation for future RegionStore-specific changes to
InvalidateRegion.

llvm-svn: 77483

to SValuator::EvalCast. In the process, the StoreManagers now use this new cast
machinery, and the hack in GRExprEngine::EvalBind to handle implicit casts
involving OSAtomicCompareAndSwap and friends has been removed (and replaced with
logic closer to the logic specific to those functions).

llvm-svn: 76641

until Doug Gregor's Type smart pointer code lands (or more discussion occurs).
These methods just call the new Type::getAs<XXX> methods, so we still have
reduced implementation redundancy. Having explicit getAsXXXType() methods makes
it easier to set breakpoints in the debugger.

llvm-svn: 76193

This method is intended to eventually replace the individual
Type::getAsXXXType<> methods.

The motivation behind this change is twofold:

1) Reduce redundant implementations of Type::getAsXXXType() methods. Most of
them are basically copy-and-paste.

2) By centralizing the implementation of the getAs<Type> logic we can more
smoothly move over to Doug Gregor's proposed canonical type smart pointer
scheme.

Along with this patch:

a) Removed 'Type::getAsPointerType()'; now clients use getAs<PointerType>.
b) Removed 'Type::getAsBlockPointerTypE()'; now clients use getAs<BlockPointerType>.

llvm-svn: 76098

Fix <rdar://problem/7062158> by having BasicStoreManager model values for 'static' global variables.

llvm-svn: 75844

Tidy pretty-printing for SVals, using 'dump()' instead of 'printStdErr()', and implementing operator<< support for llvm::raw_ostream.

llvm-svn: 75560

and replace the 'clang-cc' option '-analyzer-store=basic-new-cast' with
'-analyzer-store=basic-old-cast'. We'll keep the old CastRegion implementation
around for a little while for regression testing.

llvm-svn: 75209

Make 'BasicStoreManager' + 'NewCastRegion' testable from the command line using '-analyzer-store=basic-new-cast'.

llvm-svn: 74865

BasicStoreManager: Use SymbolManager::canSymbolicate() to determine if a variable can be symbolicated.

llvm-svn: 74750