[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.

llvm-svn: 138417

[analyzer] MacOSKeychainAPIChecker: Retrieve the memory region which we are tracking even when it's no longer a SymbolicRegion, for example, when it is cast to char*.

llvm-svn: 138415

llvm-svn: 138414

[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.

llvm-svn: 138296

Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.

llvm-svn: 137894

llvm-svn: 137720

MacOSKeychainAPIChecker: The security API/memory leak checker should always generate regular nodes instead of sink nodes.

llvm-svn: 137681

llvm-svn: 137665

MacOSKeychainAPIChecker: Use llvm::SmallString instead of std::string (as per code review for r137523).

llvm-svn: 137633

MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.

llvm-svn: 137526

Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope. 

Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.

llvm-svn: 137523

MacOSKeychainAPIChecker: There is no need to use SymbolMetadata to represent the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.

Make AllocationState internal to the MacOSKeychainAPIChecker class.

llvm-svn: 137514

KeychainAPI checker: Track SymbolMetadata instead of MemRegion in checker state so that we could clear the state on evalDeadSymbols; also track the return value.

llvm-svn: 137003

KeychainAPI checker: Generate an error on double allocation. Pull out getAsPointeeMemoryRegion so that it could be reused.

llvm-svn: 136952

KeychainAPI checker: Track additional pair of SecKeychain APIs. Also, keep exploring the transition on which a call to allocator function failed (to be able to find errors in examples like ErrorCodesFromDifferentAPISDoNotInterfere).

llvm-svn: 136930

KeychainAPI checker: Refactor to make it easier to add more allocator/deallocator API pairs. Add the allocator function ID to the checker state. Better comments.

llvm-svn: 136889

llvm-svn: 136852

KeychainAPI checker: Add basic diagnostics. Track MemoryRegion istead of SymbolicRef since the address might not be a symbolic value in some cases, for example in fooOnlyFree() test.

llvm-svn: 136851

KeychainAPI checker: only check the paths on which the allocator function returned noErr. (+ minor cleanup)

llvm-svn: 136694

Add a skeleton for the Keychain Services API Checker. Register it as OSX experimental for now. Note, the checker still does not handle tracking of escaped values, taking into account the return value of the allocator functions, nor the actual bug reporting.. 

llvm-svn: 136659