llvm-svn: 86657

region, so that arithmetic within a memory chunk is allowed.

llvm-svn: 86652

llvm-svn: 86541

llvm-svn: 86538

llvm-svn: 86537

llvm-svn: 86529

llvm-svn: 86523

checker does not build sink nodes. Because svaluator computes an unknown value
for the subtraction now.

llvm-svn: 86517

llvm-svn: 86504

 - 'for i in $(find . -type f); do sed -e 's#\(RUN:.*[^ ]\) *&& *$#\1#g' $i | FileUpdate $i; done', for the curious.

llvm-svn: 86430

significant work left to be done to reduce the false-positive rate here.

llvm-svn: 86326

llvm-svn: 86286

Sentence-case bug type, and pull tests from region-only-test.c into misc-ps-region.store.m (removing an extra unneeded test file).  Also add a bunch of FIXME comments for future enhancements.

llvm-svn: 86282

llvm-svn: 86273

llvm-svn: 86252

llvm-svn: 86127

Catch uses of undefined values when they are used in assignment, thus catching such bugs closer to the source.

llvm-svn: 86003

Split it to two checkers, one for undefined size, 
the other for zero size, so that we don't need to query the size
when emitting the bug report.

llvm-svn: 85895

llvm-svn: 85887

llvm-svn: 85880

llvm-svn: 85867

Fixes: <rdar://problem/7358899>
llvm-svn: 85864

This fixes the crash reported in PR 5316.

llvm-svn: 85578

small test case to show we handle dereferences of undefined values.

llvm-svn: 85492

by Zhongxing Xu.  RemoveDeadBindings() would falsely prune
SymbolicRegions from the store that wrapped derived symbols whose
liveness could only be determined after scanning the store.

llvm-svn: 85484

llvm-svn: 85462

Unused ivars checker: also check methods in categories that are defined in the same translation unit.  Fixes <rdar://problem/6260004>.

llvm-svn: 85442

llvm-svn: 85191

region when doing lazy value retrieval of an ivar.

This fixes: <rdar://problem/7312221>

llvm-svn: 84584

retain/release checker: allow 'new', 'copy', 'alloc', 'init' prefix to start before '_' when determining Cocoa fundamental rule.

Fixes: <rdar://problem/7265711>
llvm-svn: 84569

Fix another static analyzer crash due to a corner case in "folding" symbolic values that are constrained to be a constant.

llvm-svn: 84320

Fix static analyzer crash due to recently add symbolic-value constant folding. The issue was falsely
converting the constant value of the LHS of a '<<'/'>>' operation to the same APSInt value of the
RHS.

llvm-svn: 84269

retain/release checker: Stop tracking reference counts for any symbols touched by StoreManager::InvalidateRegion().

This fixes <rdar://problem/7257223> and <rdar://problem/7283470>.

llvm-svn: 84223

Add a few passing test cases for finding leaks of retained objects stored to arrays (<rdar://problem/7283470>).

llvm-svn: 84221

retain/release checker: Use simpler utility method for creating class method summaries.  No functionality change.

llvm-svn: 84210

RegionStoreManager::Retrieve() that was intended to handle conflated uses of pointers as integers.
It turns out this isn't needed, and resulted in inconsistent behavior when creating symbolic values on the following test case in 'tests/Analysis/misc-ps.m':

  typedef struct _BStruct { void *grue; } BStruct;
  void testB_aux(void *ptr);
  void testB(BStruct *b) {
    {
      int *__gruep__ = ((int *)&((b)->grue));
      int __gruev__ = *__gruep__;
      testB_aux(__gruep__);
    }
    {
      int *__gruep__ = ((int *)&((b)->grue));
      int __gruev__ = *__gruep__;
      if (~0 != __gruev__) {}
    }
  }

When the code was analyzed with '-arch x86_64', the value assigned to '__gruev__' be would be a
symbolic integer, but for '-arch i386' the value assigned to '__gruev__' would be a symbolic region
(a blob of memory). With this change the value created is always a symbolic integer.

Since the code being removed was added to support analysis of code calling
OSAtomicCompareAndSwapXXX(), I also modified 'test/Analysis/NSString.m' to analyze the code in both
'-arch i386' and '-arch x86_64', and also added some complementary test cases to test the presence
of leaks when using OSAtomicCompareAndSwap32Barrier()/OSAtomicCompareAndSwap64Barrier() instead of
just their absence. This code change reveals that previously both RegionStore and BasicStore were
handling these cases wrong, and would never cause the analyzer to emit a leak in these cases (false
negatives). Now RegionStore gets it right, but BasicStore still gets it wrong (and hence it has been
disabled temporarily for this test case).

llvm-svn: 84163

llvm-svn: 84078

llvm-svn: 84070

'CVPixelBufferCreateWithPlanarBytes()' and
'CVPixelBufferCreateWithBytes' (Core Video API) can indirectly release
a pixel buffer object via a callback.

This fixes <rdar://problem/7283567>.

llvm-svn: 84064

the data argument) should not be tracked further until we support full IPA.

(fixes <rdar://problem/7299394>)

llvm-svn: 84047