There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.

llvm-svn: 144964

A bunch of fixes to argument passing and va_arg on Darwin x86-32 for structures containing an SSE vector.

llvm-svn: 144963

llvm-svn: 144961

Simplify code for returning a struct for Darwin x86-32 ABI.  Use a better type for a function returning a struct containing only a pointer.  Handle the edge case of a struct containing only a float or double plus some dead padding instead of asserting.

llvm-svn: 144960

llvm-svn: 144944

parsing or false to abort parsing.

llvm-svn: 144943

Fixes rdar://10433202

llvm-svn: 144938

import TranslationUnitDecls.

llvm-svn: 144934

When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation.

With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted.

Also added some comments and asserts.

llvm-svn: 144932

Make 'LangOptions' in CompilerInvocation a heap-allocated, reference counted object.  I discovered that llvm::RefCountedBase<T> has
a bug where the reference count is copied in the copy constructor, which means that there were cases when the CompilerInvocation
objects created by ASTUnit were actually leaked.  When I fixed that bug locally, it showed that a whole bunch of code assumed
that the LangOptions object that was part of CompilerInvocation was still alive.  By making it heap-allocated and reference counted,
we can keep it around after the CompilerInvocation object goes away.

As part of this change, change CompilerInvocation:getLangOptions() to return a pointer, acting as another clue that this
object may outlive the CompilerInvocation object.

This commit doesn't fix the CompilerInvocation leak itself.  That will come when I commit the fix to llvm::RefCountedBase<T> to
mainline LLVM.

llvm-svn: 144930

Simplify crash cleanup logic in ASTUnit::LoadFromCommandLine() by zeroing out two IntrusiveRefCnt pointers after we have assigned their respective values into fields of ASTUnit.

llvm-svn: 144929

llvm-svn: 144928

Naming could be improved.. But we should first rename the classes in the SVal hierarchy.

llvm-svn: 144927

and base-to-derived casts, and add proper handling of temporaries.

llvm-svn: 144926

preprocess/parse a header, report back with an actual module (which
may be a submodule) rather than just the name of the module.

llvm-svn: 144925

modules (obviously) describe frameworks, and understand the header
layout of frameworks.

llvm-svn: 144921

file as a virtual file with the stored modification time and size.

llvm-svn: 144916

Revert r132539 for now, "My testing shows that function stat has no problem with trailing separators. (tested on Windows and Darwin)."

It caused PR10331. MSVCRT stat() cannot strip trailing '/'. (can '\')

llvm-svn: 144884

llvm-svn: 144883

In Microsoft mode, make "Unqualified lookup into dependent bases of class templates" works  inside default argument instantiation.

This is a little bit tricky because during default argument instantiation the CurContext points to a CXXMethodDecl but we can't use the keyword this or have an implicit member call generated.

This fixes 2 errors when parsing MFC code with clang.

llvm-svn: 144881

llvm-svn: 144880

llvm-svn: 144879

into a module. This module can either be loaded from a module map in
the framework directory (which isn't quite working yet) or inferred
from an umbrella header (which does work, and replaces the existing
hack).

llvm-svn: 144877

llvm-svn: 144871

llvm-svn: 144870

llvm-svn: 144869

the umbrella header's directory and its subdirectories are part of the
module (that's why it's an umbrella). Make sure that these headers are
considered to be part of the module for lookup purposes.

llvm-svn: 144859

llvm-svn: 144850

The code for checking Neon builtin pointer argument types was assuming that
there would only be one pointer argument.  But, for vld2-4 builtins, the first
argument is a special sret pointer where the result will be stored.  So,
instead of scanning all the arguments to find a pointer, have TableGen figure
out the index of the pointer argument that needs checking.  That's better than
scanning all the arguments regardless.  <rdar://problem/10448804>

llvm-svn: 144834

Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.

llvm-svn: 144831

file in the source manager. This allows us to properly create and use
modules described by module map files without umbrella headers (or
with incompletely umbrella headers). More generally, we can actually
build a PCH file that makes use of  file -> buffer remappings, which
could be useful in libclang in the future.

llvm-svn: 144830

llvm-svn: 144829

Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.

+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...

llvm-svn: 144826

The checker is responsible for defining attack surface and adding taint to symbols.

llvm-svn: 144825

TaintTag.h will contain definitions of different taint kinds and their properties.
TaintManager will be responsible for implementing taint specific operations, storing taint.
ProgramState will provide API to add/remove taint.

llvm-svn: 144824

llvm-svn: 144823

many checkers are trying to get a name of the callee when visiting
a CallExpr, so provide a convenience API.

llvm-svn: 144820

llvm-svn: 144800

llvm-svn: 144799

header, create our own in-memory buffer to parse all of the
appropriate headers, and use that to build the module. This isn't
end-to-end testable yet; that's coming next.

llvm-svn: 144797