llvm-svn: 63181

llvm-svn: 63180

llvm-svn: 63179

llvm-svn: 63178

llvm-svn: 63177

llvm-svn: 63176

More hacking on static analyzer diagnostics.  When emitting summary diagnostics the code paths for diagnostics involving paths or single locations are now unified.  This patch also constifies many arguments/methods that are touched by this logic, leading to a nice overall code cleanup.

llvm-svn: 62903

Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object called "SymbolReaper".  Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.

llvm-svn: 62722

llvm-svn: 62331

"logical" location, refer to the "instantiation" location.

llvm-svn: 62316

- Refactor a bunch of logic in the retain/release checker, making it more
  condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework

retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
  retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.

llvm-svn: 62106

recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).

Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:

1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.

2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).

llvm-svn: 61837

Fix regression when invalidating reference-counts for objects passed-by-reference to a function/method.

llvm-svn: 61224

- Because of the introduction of AnonTypedRegions when reasoning about casts, we
  had a regression in the "symbolication" of variable values passed-by-reference
  to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
  blasting through the layer of AnonTypedRegions when symbolicating the value of
  the variable. This logic may get moved elsewhere. Note that this change
  affects only -checker-cfref and not -checker-simple; eventually this logic
  should get pulled out of CFRefCount.cpp into a more common place. All users
  use -checker-cfref by default, and -checker-simple should probably just be
  removed.  
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
  a test case for this regression.

llvm-svn: 61147

- Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995

Rename SymbolID to SymbolRef.  This is a precursor to some overhauling of the representation of symbolic values.

llvm-svn: 60575

llvm-svn: 60390

a new NamedDecl::getAsString() method.

Change uses of Selector::getName() to just pass in a Selector 
where possible (e.g. to diagnostics) instead of going through
an std::string.

This also adds new formatters for objcinstance and objcclass
as described in the dox.

llvm-svn: 59933

GRExprEngine/CFRefCount/GRSimpleVals: We don't do any special handling (yet) of vector types.  Add explicit checks that when we process integers that they really are scalars.

llvm-svn: 59225

llvm-svn: 59153

llvm-svn: 58771

llvm-svn: 58758

llvm-svn: 58666

etc more generic. For some targets, long may not be equal to pointer size. For
example: PIC16 has int as i16, ptr as i16 but long as i32.

Also fixed a few build warnings in assert() functions in CFRefCount.cpp,
CGDecl.cpp, SemaDeclCXX.cpp and ParseDeclCXX.cpp.

llvm-svn: 58501

llvm-svn: 58469

llvm-svn: 58362

llvm-svn: 58114

followsFundamentalRule() returns true if "alloc" or "new" appear at the beginning of the string, not anywhere within it.

llvm-svn: 58112

Issue warnings about owned objects returned from a method that does not match the established Cocoa naming conventions.

llvm-svn: 58108

Disable warning about potential leaks of returned values until we test it a little more (lots of noise).

llvm-svn: 58021

Warn about potentially leaked objects that are returned from methods whose names do not follow the Cocoa Memory Management guidelines.

llvm-svn: 58012

Enhance reference-count checker to correctly identify CG "release" functions.  This fixes <rdar://problem/6303488>.

llvm-svn: 57997

Handle [NSAutoreleasePool addObject:] (an alternative way to add objects to the current autorelease pool).

Added initial code for tracking stack of autorelease pools.

llvm-svn: 57908

retain/release checker: Check if a tracked value escapes if we also try binding it to the store and the store doesn't support that binding (i.e., it cannot track it).  This has the nice feature that the checker will automatically get more powerful if we use a more powerful store model.

llvm-svn: 57755

When conjuring symbols to recover path-sensitivity, don't conjure symbols that represent an entire struct.  We need to implement struct temporaries as an actual "region", and then bind symbols to the FieldRegion of those temporaries.

llvm-svn: 57739

- Added new region "SymbolicRegion", which maps symbol values to the region domain.
- Enhanced BasicStore::getFieldLValue() to return a FieldRegion (using SymbolicRegion)
- Added some utility methods to GRState for fetch svals from the store.
- Fixed regression in CheckNSError (we weren't getting the value bound to the parameter)

llvm-svn: 57717

RVal => SVal
LVal => Loc
NonLVal => NonLoc
lval => loc
nonlval => nonloc

llvm-svn: 57671

This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.

This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h.  This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses.  This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.  

The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls.  In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal.  Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.

There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.

The memory region abstraction also allows type-information to literally be affixed to a memory region.  This will allow the some now redundant logic to be removed from the retain/release checker.

llvm-svn: 57042

Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.

llvm-svn: 56894

llvm-svn: 56755