llvm-svn: 62565

Dead stores checker: Fix <rdar://problem/6506065> by being more selective when say that a store is dead even though the computed value is used in the enclosing expression.

llvm-svn: 62552

Fix analyzer crash found when scanning Wine sources where the analyzer used old logic to determine the value of a switch 'case' label.

llvm-svn: 62395

llvm-svn: 62331

 - put the killed region in the kill set.
 - set its default value to unknown.
 - removes all bindings for its subregions.  

llvm-svn: 62138

llvm-svn: 62132

llvm-svn: 62130

- Refactor a bunch of logic in the retain/release checker, making it more
  condense and easier to read.
- Add support for "Create" methods in the DiskArbitration framework

retain/release tests:
- Rename CFDate.m to retain-release.m, and move test from CFString.c to
  retain-release.m
- Add DiskArbitration framework tests cases.
- Add/refine and few more retain/release GC test cases.

llvm-svn: 62106

Dead stores checker: Don't flag dead stores for self-assignments (common escape hatch for 'unused variable' warnings).

llvm-svn: 62010

recent discussions with Thomas Clement and Ken Ferry concerning the "fundamental
rule" for Cocoa memory management
(http://developer.apple.com/documentation/Cocoa/Conceptual/MemoryMgmt/Tasks/MemoryManagementRules.html).

Here is the revised behavior of the checker concerning tracking retain/release
counts for objects returned from message expressions involving instance methods:

1) Track the returned object if the return type of the message expression is
id<..>, id, or a pointer to *any* object that subclasses NSObject. Such objects
are assumed to have a retain count. Previously the checker only tracked objects
when the receiver of the message expression was part of the standard Cocoa API
(i.e., had class names prefixed with 'NS'). This should significantly expand the
amount of checking performed.

2) Consider the object owned if the selector of the message expression contains
"alloc", "new", or "copy". Previously we also considered "create", but this
doesn't follow from the fundamental rule (discussions with the Cocoa folks
confirms this).

llvm-svn: 61837

us to measure the effect of this optimization.

llvm-svn: 61319

* Now Bind() methods take and return GRState* because binding could
  also alter GDM.
* No variables are initialized except those declared with initial
  values.
* failed C test cases are due to bugs in RemoveDeadBindings(),
which removes constraints that is still alive. This will be fixed in later
patch.
* default value of array and struct regions will be implemented in later patch.

llvm-svn: 61274

Added test case for suppressing leak warnings for reference-counted objects passed by-reference to an unknown function.

llvm-svn: 61227

- Fix regression reported in <rdar://problem/6452745>.  After a null check, null references to resources should not have a retain count.  This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.

llvm-svn: 61155

- Because of the introduction of AnonTypedRegions when reasoning about casts, we
  had a regression in the "symbolication" of variable values passed-by-reference
  to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
  blasting through the layer of AnonTypedRegions when symbolicating the value of
  the variable. This logic may get moved elsewhere. Note that this change
  affects only -checker-cfref and not -checker-simple; eventually this logic
  should get pulled out of CFRefCount.cpp into a more common place. All users
  use -checker-cfref by default, and -checker-simple should probably just be
  removed.  
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
  a test case for this regression.

llvm-svn: 61147

llvm-svn: 61039

- Overhauled the notion of "types" for TypedRegions.  We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()).  Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type.  We can add it back once there is a need for it and we can resolve its role with these concepts.

StoreManager:
- Overhauled StoreManager::CastRegion.  It expects an *lvalue* type for a region.  This is actually what motivated the overhaul to the MemRegion type mechanism.  It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts.  This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().

AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type.  This change was needed to work with the changes to StoreManager::CastRegion.

GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.

Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.

llvm-svn: 60995

llvm-svn: 60991

GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node.  Failure to do so means that region values returned that don't require the state to be modified will get ignored.

MemRegion:
- Tighten the interface for ElementRegion.  Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion.  Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion.  All that matters is that it is a TypedRegion, which is now true all the time by design.

BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion.  This conforms to the updated interface for ElementRegion.

RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.

llvm-svn: 60990

llvm-svn: 60734

llvm-svn: 60731

llvm-svn: 60722

llvm-svn: 60721

llvm-svn: 60720

attributes. Example would be, readonly, assign or
assign, copy, etc.

llvm-svn: 60620

specific targets default them to on.  Default blocks to on on 10.6 and later.
Add a -fblocks option that allows the user to override the target's default.
Use -fblocks in the various testcases that use blocks.

llvm-svn: 60563

llvm-svn: 60548

llvm-svn: 60547

llvm-svn: 60544

llvm-svn: 60522

llvm-svn: 60521

- Fix nonsensical logic in AssumeSymGE. When comparing 'sym >= constant' and the
  constant is the maximum integer value, add the constraint that 'sym ==
  constant' when the path is deemed feasible.  All other cases are feasible.
- Improve AssumeSymGT. When comparing 'sym > constant' and constant is the
  maximum integer value we know the path is infeasible.
- Add test case for this enhancement to AssumeSymGT.

llvm-svn: 60490

- Fix nonsensical logic in AssumeSymLE. When comparing 'sym <= constant' and the
  constant is the minimum integer value, add the constraint that 'sym ==
  constant' when the path is deemed feasible.  All other cases are feasible.
- Improve AssumeSymLT to address <rdar://problem/6407949>.  When comparing
  'sym < constant' and constant is the minimum integer value we know the
  path is infeasible.
- Add test case for <rdar://problem/6407949>.

llvm-svn: 60489

llvm-svn: 60282

llvm-svn: 60281

llvm-svn: 60107

a writable property in one of its category.

llvm-svn: 60035

llvm-svn: 60002

llvm-svn: 59995

llvm-svn: 59943