llvm-svn: 63031

llvm-svn: 62847

llvm-svn: 62846

For now, return UnknownVal() in RegionStore::getElementsSize() for AnonTypedRegions.  It wasn't really doing the right thing and was crashing on rdar-6442306-1.m.  This fix causes all path-sensitive test cases to pass with RegionStore.

llvm-svn: 62816

Add RegionStore support for the implicit object region that 'self' references.  This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore.

llvm-svn: 62814

Fix RegionStore::getLValueElement() to handle the case when the base region is not an ElementRegion (also do some cleanups of its core logic).
This gets array-struct.c to work with RegionStore.

llvm-svn: 62781

their associated APIs.  We no longer need separate SymbolData objects
for fields, variables, etc.  Instead, we now associated symbols with
the "rvalue" of a MemRegion (i.e., the value stored at that region).
Now we only have two kinds of SymbolData objects: SymbolRegionRValue
and SymbolConjured.

This cleanup also makes the distinction between a SymbolicRegion and a
symbolic value that is a location much clearer.  A SymbolicRegion
represents a chunk of symbolic memory, while a symbolic location is
just a "pointer" with different possible values.  Without any specific
knowledge, a symbolic location resolves (i.e., via a dereference) to a
SymbolicRegion.  In the future, when we do better alias reasoning, a
symbolic location can become an alias for another location, thus
merging the constraints on the referred SymbolicRegion with the other
region.

llvm-svn: 62769

llvm-svn: 62727

Static Analyzer: Replace LiveSymbols/DeadSymbols sets with a new object called "SymbolReaper".  Right now it just consolidates the two and cleans up some client code, but shortly it will be used to enable "lazy computation" of live symbols for use with RegionStore.

llvm-svn: 62722

Because the RegionStore can reason about values beyond the reasoning power of BasicStore, this patch splits some of the test cases for the retain/release checker to have versions that are handled by RegionStore (more warnings) and BasicStore (less warnings).

llvm-svn: 62667

llvm-svn: 62142

 - put the killed region in the kill set.
 - set its default value to unknown.
 - removes all bindings for its subregions.  

llvm-svn: 62138

Invert condition on branch (was causing RegionStore::ArrayToPointer to return 'unknown' on most cases.

llvm-svn: 62129

llvm-svn: 61888

Return UnknownVal in RegionStoreManager::getSizeInElements() for unsupported regions.  This silences a warning when compiling Release-Asserts builds.

llvm-svn: 61818

llvm-svn: 61419

llvm-svn: 61418

llvm-svn: 61409

* Now Bind() methods take and return GRState* because binding could
  also alter GDM.
* No variables are initialized except those declared with initial
  values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.

llvm-svn: 61274

llvm-svn: 61069

llvm-svn: 61003

- Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995

GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node.  Failure to do so means that region values returned that don't require the state to be modified will get ignored.

MemRegion:
- Tighten the interface for ElementRegion.  Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion.  Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion.  All that matters is that it is a TypedRegion, which is now true all the time by design.

BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion.  This conforms to the updated interface for ElementRegion.

RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.

llvm-svn: 60990

llvm-svn: 60897

and separates lexical name lookup from qualified name lookup. In
particular:
  * Make DeclContext the central data structure for storing and
    looking up declarations within existing declarations, e.g., members
    of structs/unions/classes, enumerators in C++0x enums, members of
    C++ namespaces, and (later) members of Objective-C
    interfaces/implementations. DeclContext uses a lazily-constructed
    data structure optimized for fast lookup (array for small contexts,
    hash table for larger contexts). 

  * Implement C++ qualified name lookup in terms of lookup into
    DeclContext.

  * Implement C++ unqualified name lookup in terms of
    qualified+unqualified name lookup (since unqualified lookup is not
    purely lexical in C++!)

  * Limit the use of the chains of declarations stored in
    IdentifierInfo to those names declared lexically.

  * Eliminate CXXFieldDecl, collapsing its behavior into
    FieldDecl. (FieldDecl is now a ScopedDecl).

  * Make RecordDecl into a DeclContext and eliminates its
    Members/NumMembers fields (since one can just iterate through the
    DeclContext to get the fields).

llvm-svn: 60878

Rename SymbolID to SymbolRef.  This is a precursor to some overhauling of the representation of symbolic values.

llvm-svn: 60575

StoreManager::Retrieve and StoreManager::RemoveDeadBindings now take a GRState* argument instead of a Store.  This allows them to use the GDM for storing other data.

llvm-svn: 60570

Revamp RegionStoreManager::RemoveDeadBindings.  This method now does a complete mark-and-sweep of the store, removing dead regions and recording the set of live and dead symbols appropriately.

llvm-svn: 60523

llvm-svn: 60516

This may be the case on 64-bit systems. Whether that fact is a bug is a different question, but it's easy to cure the symptom.

llvm-svn: 60422

This fixes PR3127
http://llvm.org/bugs/show_bug.cgi?id=3127

llvm-svn: 60280

llvm-svn: 60248

When initialized, the index of the ElementRegion was unsigned. But the index
value of the ArraySubscriptExpr is signed. This inconsistency caused the value
of the array element retrieved to be UnknownVal despite it was initialized to
symbolic.

This is only a hack. Real fix of this problem is required.

llvm-svn: 60207

llvm-svn: 60205

GDMContext.

llvm-svn: 60150

llvm-svn: 59975

There might be other, similar bugs lurking there.

llvm-svn: 59974

One design problem that is emerging is the signed-ness problem during static
analysis. Many unsigned value have to be converted into signed value because
it partipates in operations with signed values. 

On the other hand, we cannot blindly make all values occuring in static analysis
signed, because we do have cases where unsignedness is required, for example,
integer overflow detection.

llvm-svn: 59957

llvm-svn: 59943

llvm-svn: 59932