Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object called "SymbolReaper".  Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.

llvm-svn: 62722

Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings).

llvm-svn: 62667

that every declaration lives inside a DeclContext.

Moved several things that don't have names but were ScopedDecls (and,
therefore, NamedDecls) to inherit from Decl rather than NamedDecl,
including ObjCImplementationDecl and LinkageSpecDecl. Now, we don't
store empty DeclarationNames for these things, nor do we try to insert
them into DeclContext's lookup structure.

The serialization tests are temporarily disabled. We'll re-enable them
once we've sorted out the remaining ownership/serialiazation issues
between DeclContexts and TranslationUnion, DeclGroups, etc.

llvm-svn: 62562

Dead stores checker: Fix <rdar://problem/6506065> by being more selective when say that a store is dead even though the computed value is used in the enclosing expression.

llvm-svn: 62552

Fix analyzer crash found when scanning Wine sources where the analyzer used old logic to determine the value of a switch 'case' label.

llvm-svn: 62395

StringRegion::print: Remove copy/paste code and just call Stmt::printPretty() for the StringLiteral.

llvm-svn: 62340

llvm-svn: 62331

"logical" location, refer to the "instantiation" location.

llvm-svn: 62316

the "physical" location of tokens, refer to the "spelling" location.
This is more concrete and useful, tokens aren't really physical objects!

llvm-svn: 62309

and uninitialized use options.

llvm-svn: 62270

llvm-svn: 62142

 - put the killed region in the kill set.
 - set its default value to unknown.
 - removes all bindings for its subregions.  

llvm-svn: 62138

llvm-svn: 62130

Invert condition on branch (was causing RegionStore::ArrayToPointer to return 'unknown' on most cases.

llvm-svn: 62129

- Refactor a bunch of logic in the retain/release checker, making it more
  condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework

retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
  retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.

llvm-svn: 62106

Dead stores checker: Don't flag dead stores for self-assignments (common escape hatch for 'unused variable' warnings).

llvm-svn: 62010

llvm-svn: 61924

llvm-svn: 61894

llvm-svn: 61888

recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).

Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:

1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.

2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).

llvm-svn: 61837

Return UnknownVal in RegionStoreManager::getSizeInElements() for unsupported regions.  This silences a warning when compiling Release-Asserts builds.

llvm-svn: 61818

information for declarations that were referenced via a qualified-id,
e.g., N::C::value. We keep track of the location of the start of the
nested-name-specifier. Note that the difference between
QualifiedDeclRefExpr and DeclRefExpr does have an effect on the
semantics of function calls in two ways:
  1) The use of a qualified-id instead of an unqualified-id suppresses
     argument-dependent lookup
  2) If the name refers to a virtual function, the qualified-id
  version will call the function determined statically while the
  unqualified-id version will call the function determined dynamically
  (by looking up the appropriate function in the vtable).

Neither of these features is implemented yet, but we do print out
qualified names for QualifiedDeclRefExprs as part of the AST printing.

llvm-svn: 61789

llvm-svn: 61419

llvm-svn: 61418

llvm-svn: 61409

llvm-svn: 61333

us to measure the effect of this optimization.

llvm-svn: 61319

llvm-svn: 61304

llvm-svn: 61300

llvm-svn: 61299

which can refer to static data members, enumerators, and member
functions as well as to non-static data members.

Implement correct lvalue computation for member references in C++. 
Compute the result type of non-static data members of reference type properly.

llvm-svn: 61294

* Now Bind() methods take and return GRState* because binding could
  also alter GDM.
* No variables are initialized except those declared with initial
  values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.

llvm-svn: 61274

Fix <rdar://problem/6454568>: BugReporter should correctly handle switch statements with no default case.

llvm-svn: 61270

Fix regression when invalidating reference-counts for objects passed-by-reference to a function/method.

llvm-svn: 61224

- Fix regression reported in <rdar://problem/6452745>.  After a null check, null references to resources should not have a retain count.  This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.

llvm-svn: 61155

- Because of the introduction of AnonTypedRegions when reasoning about casts, we
  had a regression in the "symbolication" of variable values passed-by-reference
  to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
  blasting through the layer of AnonTypedRegions when symbolicating the value of
  the variable. This logic may get moved elsewhere. Note that this change
  affects only -checker-cfref and not -checker-simple; eventually this logic
  should get pulled out of CFRefCount.cpp into a more common place. All users
  use -checker-cfref by default, and -checker-simple should probably just be
  removed.  
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
  a test case for this regression.

llvm-svn: 61147

llvm-svn: 61146

- one queue (FIFO) to queue up nodes at block entrances
- another queue (LIFO) to queue up other nodes
- The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks.

llvm-svn: 61106

- Added four new ProgramPoint types that subclass PostStmt for use in
  GRExprEngine::EvalLocation:
  - PostOutOfBoundsCheckFailed
  - PostUndefLocationCheckFailed
  - PostNullCheckFailed
  - PostLocationChecksSucceed
  These were created because of a horribly subtle caching bug in EvalLocation
  where a node representing an "bug condition" in EvalLocation (e.g. a null
  dereference) could be re-used as the "non-bug condition" because the Store did
  not contain any information to differentiate between the two. The extra
  program points just disables any accidental caching between EvalLocation and
  its callers.

GRExprEngine:
- EvalLocation now returns a NodeTy* instead of GRState*.  This should be used as the "vetted" predecessor for EvalLoad/EvalStore.

llvm-svn: 61105

llvm-svn: 61069