Update several tests to explicitly use BasicConstraintManager as well as to use RangeConstraintManager with RegionStoreManager.

llvm-svn: 64854

llvm-svn: 64837

llvm-svn: 64799

Enhance tests to exercise more combinations of using the RangeConstraintManager with the RegionStoreManager.

llvm-svn: 64788

llvm-svn: 64771

- Move all analyzer options logic to AnalysisConsumer.cpp.
- Unified specification of stores/constraints/output to be:
   -analyzer-output=...
   -analyzer-store=...
   -analyzer-constraints=...
  instead of -analyzer-range-constraints, -analyzer-store-basic, etc.
- Updated drivers (ccc-analyzer, scan-builds, new ccc) to obey this new
  interface
- Updated test cases to conform to new driver options

llvm-svn: 64737

llvm-svn: 64663

llvm-svn: 64541

symbols from an SVal.

- Fixed a bug in EnvironmentManager::RemoveDeadBindings() where it did not mark
  live all the symbols reachable from a live block-level expression.

- Fixed a bug in the retain/release checker where it did not stop tracking
  symbols that 'escaped' via compound literals being assigned to something the
  BasicStoreManager didn't reason about.

llvm-svn: 64534

printf-like functions, both builtin functions and those in the
C library. The function-call checker now queries this attribute do
determine if we have a printf-like function, rather than scanning
through the list of "known functions IDs". However, there are 5
functions they are not yet "builtins", so the function-call checker
handles them specifically still:

  - fprintf and vfprintf: the builtins mechanism cannot (yet)
    express FILE* arguments, so these can't be encoded.
  - NSLog: the builtins mechanism cannot (yet) express NSString*
    arguments, so this (and NSLogv) can't be encoded.
  - asprintf and vasprintf: these aren't part of the C99 standard
    library, so we really shouldn't be defining them as builtins in
    the general case (and we don't seem to have the machinery to make
    them builtins only on certain targets and depending on whether
    extensions are enabled).

llvm-svn: 64512

etc.) when we perform name lookup on them. This ensures that we
produce the correct signature for these functions, which has two
practical impacts:

  1) When we're supporting the "implicit function declaration" feature
  of C99, these functions will be implicitly declared with the right
  signature rather than as a function returning "int" with no
  prototype. See PR3541 for the reason why this is important (hint:
  GCC always predeclares these functions).
 
  2) If users attempt to redeclare one of these library functions with
  an incompatible signature, we produce a hard error.

This patch does a little bit of work to give reasonable error
messages. For example, when we hit case #1 we complain that we're
implicitly declaring this function with a specific signature, and then
we give a note that asks the user to include the appropriate header
(e.g., "please include <stdlib.h> or explicitly declare 'malloc'"). In
case #2, we show the type of the implicit builtin that was incorrectly
declared, so the user can see the problem. We could do better here:
for example, when displaying this latter error message we say
something like:

  'strcpy' was implicitly declared here with type 'char *(char *, char
  const *)'

but we should really print out a fake code line showing the
declaration, like this:

  'strcpy' was implicitly declared here as:

    char *strcpy(char *, char const *)

This would also be good for printing built-in candidates with C++
operator overloading.

The set of C library functions supported by this patch includes all
functions from the C99 specification's <stdlib.h> and <string.h> that
(a) are predefined by GCC and (b) have signatures that could cause
codegen issues if they are treated as functions with no prototype
returning and int. Future work could extend this set of functions to
other C library functions that we know about.

llvm-svn: 64504

Add test case illustrating special handling of 'SenTestCase' subclasses for the missing -dealloc check.

llvm-svn: 64494

llvm-svn: 64417

llvm-svn: 64257

Fix PR 2514: Do not flag dead initializations for variables initialized to a constant global variable.

llvm-svn: 64149

llvm-svn: 64080

llvm-svn: 64045

llvm-svn: 63930

for FieldRegion. This enables us to track more values.

Simplify SymbolicRegion::getRValueType(). We assume the symbol always has
pointer type.

llvm-svn: 63928

Add 'AppendValue' to the list of magic CF function names that cause a tracked object to escape.  Fixes <rdar://problem/6560661>.

llvm-svn: 63891

the ownership of BugTypes and BugReports. Now BugReports are owned by BugTypes,
and BugTypes are owned by the BugReporter object.

The major functionality change in this patch is that reports are not immediately
emitted by a call to BugReporter::EmitWarning (now called EmitReport), but
instead of queued up in report "equivalence classes". When
BugReporter::FlushReports() is called, it emits one diagnostic per report
equivalence class. This provides a nice cleanup with the caching of reports as
well as enables the BugReporter engine to select the "best" path for reporting a
path-sensitive bug based on all the locations in the ExplodedGraph that the same
bug could occur.

Along with this patch, Leaks are now coalesced into a common equivalence class
by their allocation site, and the "summary" diagnostic for leaks now reports the
allocation site as the location of the bug (this may later be augmented to also
provide an example location where the leak occurs).

llvm-svn: 63796

the liveness state of block-level expressions could oscillate because
of two issues:
- The initial value before a merge was not always set to "Top"
- The set of live block-level expressions is a union, not an intersection

This fixes <rdar://problem/650084>.

llvm-svn: 63421

llvm-svn: 63392

llvm-svn: 63391

- NonLoc::MakeVal() would use sizeof(unsigned) (literally) instead of consulting
  ASTContext for the size (in bits) of 'int'. While it worked, it was a
  conflation of concepts and using ASTContext.IntTy is 100% correct.
- RegionStore::getSizeInElements() no longer assumes that a VarRegion has the
  type "ConstantArray", and handles the case when uses use ordinary variables
  as if they were arrays.
- Fixed ElementRegion::getRValueType() to just return the rvalue type of its
  "array region" in the case the array didn't have ArrayType.
- All of this fixes <rdar://problem/6541136>

llvm-svn: 63347

retain/release checker: When generating summaries for CF/CG functions, allow arguments to "escape" if they are passed to a function containing the terms "InsertValue", "SetValue", or "AddValue".  This fixes <rdar://problem/6539791>.

llvm-svn: 63341

retain/release checker: Always generate an "autorelease" summary for an "autorelease" message, and have the summary processing logic treat it as a no-op in GC mode.  This change is motivated to encode more of the semantics in the summaries themselves for eventual better diagnostics.

llvm-svn: 63241

llvm-svn: 63237

retain/release checker: Improve diagnostics to indicate that CF objects are not automatically garbage collected.

llvm-svn: 63187

Fix bug in BasicStore::getLValueElement where if the base of an array subscript expression was an ElementRegion we stacked another ElementRegion on top of that.

This fixes PR 3422.

llvm-svn: 63110

Fix crash ElementRegion::getRValueType() when the RvalueType of the ArrayRegion is a typedef and not (directly) a pointer.

llvm-svn: 62909

More hacking on static analyzer diagnostics.  When emitting summary diagnostics the code paths for diagnostics involving paths or single locations are now unified.  This patch also constifies many arguments/methods that are touched by this logic, leading to a nice overall code cleanup.

llvm-svn: 62903

llvm-svn: 62847

llvm-svn: 62845

For now, return UnknownVal() in RegionStore::getElementsSize() for AnonTypedRegions.  It wasn't really doing the right thing and was crashing on rdar-6442306-1.m.  This fix causes all path-sensitive test cases to pass with RegionStore.

llvm-svn: 62816

Add RegionStore support for the implicit object region that 'self' references.  This causes tests 'ObjCProperties.m' and 'refcnt_naming.m' to now pass with RegionStore.

llvm-svn: 62814

llvm-svn: 62805

llvm-svn: 62804

llvm-svn: 62803

llvm-svn: 62802