declarations of abort(), and two, we mark it noreturn.  Missing the latter
shows up in one of the "embarassing" tests (from the thread on llvmdev
"detailed comparison of generated code size for LLVM and other compilers").

llvm-svn: 91515

This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.

The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements.  Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue.  DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.

The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.

In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents.  EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).

Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).

Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references.  This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.

llvm-svn: 91501

 - This is designed to make it obvious that %clang_cc1 is a "test variable"
   which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it
   can be useful to redefine what gets run as 'clang -cc1' (for example, to set
   a default target).

llvm-svn: 91446

Until we can make the dead stores checker smarter, dont' emit dead store warnings for C++ objects (whose constructors/destructors have possible side-effects).

llvm-svn: 91412

Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference

llvm-svn: 91348

llvm-svn: 91272

llvm-svn: 91216

Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame.  Fixes <rdar://problem/7462324>.

llvm-svn: 91107

Fix null dereference in OSAtomicChecker and special case SymbolicRegions.  We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.

llvm-svn: 90993

instead of the ElementRegion obtained from casts.

Test cast: the leak cannot occur bacause the true branch cannot be taken.

llvm-svn: 90964

llvm-svn: 90947

by the test case in PR 5627.  Essentially we shouldn't clear the
ExplodedNodeSet where we deposit newly constructed nodes if that set
is the 'Dst' set passed in.  It is not okay to clear that set because
it may already contain nodes.

llvm-svn: 90931

llvm-svn: 90706

Add another blocks test case illustrating how parameters passed-by-reference in block invocations are invalidated (just like function calls).

llvm-svn: 90466

Add value invalidation logic for block-captured variables.  Conceptually invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created.

llvm-svn: 90431

Add a heuristic to the dead stores checker to prune dead stores for variables annotated with '__block'.  This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call.

llvm-svn: 90364

llvm-svn: 90277

llvm-svn: 90274

llvm-svn: 90071

Improve diagnostics in ReturnStackAddressChecker for returning a stack-allocated block.  Implements the rest of <rdar://problem/7387385>.

llvm-svn: 89940

llvm-svn: 89939

the set of variables "captured" by a block.  Until the analysis gets
more sophisticated, for now we stop the retain count tracking of any
objects (transitively) referenced by these variables.

llvm-svn: 89929

Add really basic support for blocks in the retain/release checker.  For now, anytime we pass a tracked object to a block call we stop tracking it.

llvm-svn: 89831

Convert test case to FileCheck to test the behavior of the nil-receiver checker when the code is targetted for either Tiger or Leopard.

llvm-svn: 89810

For the nil-receiver checker, take into account the behavioral changes that got introduced in Mac OS X 10.5 and later, notably return values of double, float, etc., will not be garbage.  Fixes <rdar://problem/6829160>.

llvm-svn: 89809

initial transition of the nil-receiver checker to the Checker
interface as done in r89745.  Some important changes include:

1) We consolidate the BugType object used for nil receiver bug
reports, and don't include the type of the returned value in the
BugType (which would be wrong if a nil receiver bug was reported more
than once)

2) Added a new (temporary) flag to CheckerContext: DoneEvauating.
This is used by GRExprEngine when evaluating message expressions to
not continue evaluating the message expression if this flag is set.
This flag is currently set by the nil receiver checker.  This is an
intermediate solution to allow the nil-receiver checker to properly
work as a plug-in outside of GRExprEngine.  Basically, this flag
indicates that the entire message expression has been evaluated, not
just a precondition (which is what the nil-receiver checker does).
This flag *should not* be repurposed for general use, but just to pull
more things out of GRExprEngine that already in there as we devise a
better interface in the Checker class.

3) Cleaned up the logic in the nil-receiver checker, making the
control-flow a lot easier to read.

llvm-svn: 89804

Enhance null dereference diagnostics by indicating what variable (if any) was dereferenced.  Addresses <rdar://problem/7039161>.

llvm-svn: 89726

Tweak UndefBranchChecker to register the most nested "undefined" expression with bugreporter::registerTrackNullOrUndefValue instead of the condition itself.

llvm-svn: 89682

objective-c pointer type. This was a serious mishap and
luckily, Ted's test caught that (and patch fixes the test case).

llvm-svn: 89680

llvm-svn: 89679

Change CheckDeadStores to use Expr::isNullPointerConstant, which will correctly determine whether an expression is a null pointer constant.

Patch by Kovarththanan Rajaratnam!

llvm-svn: 89621

type and fixes a long-standing code gen. crash reported in
at least two PRs and a radar. (radar 7405040 and pr5025). 
There are couple of remaining issues that I would like for
Ted. and Doug to look at:

Ted, please look at failure in Analysis/MissingDealloc.m.
I have temporarily added an expected-warning to make the
test pass. This tests has a declaration of 'SEL' type which
may not co-exist with the new changes.

Doug, please look at a FIXME in PCHWriter.cpp/PCHReader.cpp.
I think the changes which I have ifdef'ed out are correct. They
need be considered for in a few Indexer/PCH test cases.

llvm-svn: 89561

Add RegionStore test case that shows that floating point values are also implicitly tracked for undefined values.  (test case for <rdar://problem/6811085>).

llvm-svn: 89538

BasicStore.  In this example, BasicStore would lose information about
the pointer in path after '*path++', causing the analyzer to falsely
flag a null dereference.  This addresses <rdar://problem/7191542>.

llvm-svn: 89533

Pull BadCallChecker int UndefinedArgChecker, and have UndefinedArgChecker also handled undefined receivers in message expressions.

llvm-svn: 89524

More checker refactoring.  Passing undefined values in a message expression is now handled by UndefinedArgChecker.

llvm-svn: 89519

Add simple static analyzer checker to check for sending 'release', 'retain', etc. directly to a class.  Fixes <rdar://problem/7252064>.

llvm-svn: 89449

Unused ivar checker: ivars referenced by lexically nested functions should not be flagged as unused.  Fixes <rdar://problem/7254495>.

llvm-svn: 89448

llvm-svn: 89430

llvm-svn: 89429