(Fixes radar://11691035 PR13140)

llvm-svn: 158703

llvm-svn: 158681

llvm-svn: 158588

This happens in C++ mode right at the declaration of a struct VLA;
MallocChecker sees a bind and tries to get see if it's an escaping bind.
It's likely that our handling of this is still incomplete, but it fixes a
crash on valid without disturbing anything else for now.

llvm-svn: 158587

Specifically, although the bitmap context does not take ownership of the
buffer (unlike CGBitmapContextCreateWithData), the data buffer can be extracted
out of the created CGContextRef. Thus the buffer is not leaked even if its
original pointer goes out of scope, as long as
- the context escapes, or
- it is retrieved via CGBitmapContextGetData and freed.

Actually implementing that logic is beyond the current scope of MallocChecker,
so for now CGBitmapContextCreate goes on our system function exception list.

llvm-svn: 158579

llvm-svn: 158566

We already didn't track objects that have delegates or callbacks or
objects that are passed through void * "context pointers". It's a
not-uncommon pattern to release the object in its callback, and so
the leak message we give is not very helpful.

llvm-svn: 158532

* Add \brief to produce a summary in the Doxygen output;
* Add missing parameter names to \param commands;
* Fix mismatched parameter names for \param commands;
* Add a parameter name so that the \param has a target.

llvm-svn: 158503

This does not actually give us the right behavior for reinterpret_cast
of references. Reverting so I can think about it some more.

This reverts commit 50a75a6e26a49011150067adac556ef978639fe6.

llvm-svn: 158341

These casts only appear in very well-defined circumstances, in which the
target of a reinterpret_cast or a function formal parameter is an lvalue
reference. According to the C++ standard, the following are equivalent:

 reinterpret_cast<T&>( x)
*reinterpret_cast<T*>(&x)

[expr.reinterpret.cast]p11

llvm-svn: 158338

llvm-svn: 158325

While collections containing nil elements can still be iterated over in an
Objective-C for-in loop, the most common Cocoa collections -- NSArray,
NSDictionary, and NSSet -- cannot contain nil elements. This checker adds
that assumption to the analyzer state.

This was the cause of some minor false positives concerning CFRelease calls
on objects in an NSArray.

llvm-svn: 158319

This has a small hit in the case where only one class is interesting
(NilArgChecker) but is a big improvement when looking for one of several
interesting classes (VariadicMethodTypeChecker), in which the most common
case is that there is no match.

llvm-svn: 158318

to addition.

We should not to warn in case the malloc size argument is an
addition containing 'sizeof' operator - it is common to use the pattern
to pack values of different sizes into a buffer. 

Ex:

uint8_t *buffer = (uint8_t*)malloc(dataSize + sizeof(length));

llvm-svn: 158219

CmpRuns.py can be used to compare issues from different analyzer runs.
Since it uses the issue line number to unique 2 issues, adding a new
line to the beginning of a file makes all issues in the file reported as
new. 

The hash will be an opaque value which could be used (along with the
function name) by CmpRuns to identify the same issues. This way, we only
fail to identify the same issue from two runs if the function it appears
in changes (not perfect, but much better than nothing).

llvm-svn: 158180

I falsely assumed that the memory spaces are equal when we reach this
point, they might not be when memory space of one or more is stack or
Unknown. We don't want a region from Heap space alias something with
another memory space.

llvm-svn: 158165

Add a concept of symbolic memory region belonging to heap memory space.
When comparing symbolic regions allocated on the heap, assume that they
do not alias. 

Use symbolic heap region to suppress a common false positive pattern in
the malloc checker, in code that relies on malloc not returning the
memory aliased to other malloc allocations, stack.

llvm-svn: 158136

Patch by Guillem Marpons!

llvm-svn: 158106

In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I would've omitted them entirely but
std::distance likes them to be there even if it doesn't use them.

This rolls back r155808 and r155869.

Review by Doug Gregor incorporating feedback from Chandler Carruth.

llvm-svn: 158104

llvm-svn: 158086

to discover how a value was used uninitialized.

llvm-svn: 158048

adjacent edges to have compatible ranges.  This simplifies the layout logic for some clients.

llvm-svn: 158028

This bug was triggered by r157851. It only happens in the case where we
don't perform optimal diagnostic pruning.

llvm-svn: 157950

llvm-svn: 157886

explicitly.

This will make it easier to add inlining support to more expressions.

llvm-svn: 157870

When we timeout or exceed a max number of blocks within an inlined
function, we retry with no inlining starting from a node right before
the CallEnter node. We assume the state of that node is the state of the
program before we start evaluating the call. However, the node pruning
removes this node as unimportant. 

Teach the node pruning to keep the predecessors of the call enter nodes.

llvm-svn: 157860

We should not stop exploring the path after we return from an empty
function.

llvm-svn: 157859

llvm-svn: 157851

llvm-svn: 157833

llvm-svn: 157772

We should lock the number of elements after the initial parsing is
complete. Recursive AST visitors in AnalyzesConsumer and CallGarph can
trigger lazy pch deserialization resulting in more calls to
HandleTopLevelDecl and appending to the LocalTUDecls list. We should
ignore those.

llvm-svn: 157762

improved the pruning heuristics.  The current heuristics are pretty good, but they make diagnostics
for uninitialized variables warnings particularly useless in some cases.

llvm-svn: 157734

Follow up in r155693, r155680.

Prevents a hard to reproduce crash with the following stack trace:
3  libsystem_c.dylib 0x00007ff55a835050 _sigtramp + 18446744029881443184
4  clang             0x0000000106218e97 (anonymous
namespace)::AnalysisConsumer::HandleTranslationUnit(clang::ASTContext&)
+ 519
5  clang             0x0000000105cf3002 clang::ParseAST(clang::Sema&,
bool, bool) + 690
6  clang             0x00000001059a41d8
clang::ASTFrontendAction::ExecuteAction() + 312
7  clang             0x00000001059a3df7 clang::FrontendAction::Execute()
+ 231
8  clang             0x00000001059b0ecc
clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 860
9  clang             0x000000010595e451
clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 961
10 clang             0x0000000105947f29 cc1_main(char const**, char
const**, char const*, void*) + 969
11 clang             0x0000000105958259 main + 473
12 clang             0x0000000105947b34 start + 52

llvm-svn: 157721

llvm-svn: 157531

llvm-svn: 157478

llvm-svn: 157402

pointer.

Fixes one of the crashes reported in PR12874.

llvm-svn: 157401

(ex: float).

llvm-svn: 157211

While there clean up indentation.

llvm-svn: 157204

llvm-svn: 157088