[analyzer] do not warn about returning stack-allocated memory when it comes from an ancestor stack frame.

llvm-svn: 151964

Fixes <rdar://problem/10967815>

llvm-svn: 151938

command line options for inlining tuning.

This adds the option for stack depth bound as well as function size
bound. 

+ minor doxygenification

llvm-svn: 151930

[analyzer diagnostics] Change CompactPathDiagnostic to recursively compact diagnostics in calls into macro pieces.
Also fix handling of macros within calls in the HTMLDiagnostics.

This also adds a test case for r151774.

llvm-svn: 151872

Teach the analyzer to just ignore CXXBindTemporaryExpr.  There's nothing special to do with it, since destructors are represented explicitly in the CFG.

llvm-svn: 151856

attributes, introduced in r151188.

+ the test to catch it.

Thanks to Ahmed Charles for pointing this out.

llvm-svn: 151840

Needs llvm update.

llvm-svn: 151829

will be done by the general cleanup later on.
A Patch by Ted.

llvm-svn: 151784

llvm-svn: 151775

llvm-svn: 151774

funopen, setvbuf.

Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.

llvm-svn: 151737

because the CFG is fully linearized.

llvm-svn: 151711

[analyzer] Tweak the UnreachableCode checker to not warning about unreachable default blocks.  Patch by Cyril Roelandt!

llvm-svn: 151709

[analyzer diagnostics] Refactor filtration for PathDiagnosticConsumers that don't support cross-file diagnostics
into a common place.  Currently enable this filtration for Plist diagnostics as well.

llvm-svn: 151664

[analyzer diagnostics] start prototyping stripping PathDiagnostics of unnecessary cruft caused by path inlining.

This introduces a concept of a "prunable" PathDiagnosticEvent.  Currently this is a flag, but
we may evolve the concept to make this more dynamically inferred.

llvm-svn: 151663

closest function context (RetainCountChecker).

llvm-svn: 151661

message.

llvm-svn: 151657

test.

llvm-svn: 151656

closest function context (Keychain API).

llvm-svn: 151613

When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.

llvm-svn: 151608

[analyzer] teach analyzer about ObjC literals, thus trimming out a false positive with the malloc() checker involving
comparing literal addresses to nil.

Fixes <rdar://problem/10579586>

llvm-svn: 151602

closest function context. 

This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226

llvm-svn: 151592

[analyzer] Don't generate an explicit ExplodedNode for StringLiterals; have the SVal lazily generated from Environment::getSVal().

llvm-svn: 151589

As in http://llvm.org/docs/ProgrammersManual.html#Statistic

llvm-svn: 151570

to make it more widely available.

Depends on llvm commit r151564

llvm-svn: 151566

RetainCountChecker: don't adjust the retain count when analyzing a ReturnStmt unless we are in the top-level call frame.  We can do more later, but this makes the checker self-consistent (and fixes a crash).

llvm-svn: 151426

Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').

For now, always assume that regions escape when passed to C++ methods.

llvm-svn: 151410

This ensures that we report the bugs associated with symbols going
out of scope in the correct function context.

llvm-svn: 151369

visiting 'return;' statement!

This most likely caused us to skip a bunch of code when analyzing with
inlining.

llvm-svn: 151368

that provides the behavior of the C++11 library trait
std::is_trivially_constructible<T, Args...>, which can't be
implemented purely as a library.

Since __is_trivially_constructible can have zero or more arguments, I
needed to add Yet Another Type Trait Expression Class, this one
handling arbitrary arguments. The next step will be to migrate
UnaryTypeTrait and BinaryTypeTrait over to this new, more general
TypeTrait class.

Fixes the Clang side of <rdar://problem/10895483> / PR12038.

llvm-svn: 151352

Make PathDiagnosticBuilder sensitive to varying LocationContexts, thus fixing a bug in the inlining diagnostics where the wrong location could be used.

llvm-svn: 151349

Reapply r151317, but when computing the PathDiagnostic profile and size keep into account the nested structure.  Also fix a problem with how
inlining impacted Plist diagnostics, and adjust some ranges in the Plist output due to richer information.

llvm-svn: 151346

llvm-svn: 151338

Rework PathDiagnostic creation so that call stacks are captured by a nested PathDiagnosticCallPiece.

llvm-svn: 151317

(Very similar to the previous change in malloc.)

llvm-svn: 151297

When we find two leak reports with the same allocation site, report only
one of them.

Provide a helper method to BugReporter to facilitate this.

llvm-svn: 151287

Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.

(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)

Teach the Malloc Checker, which treats all system calls as safe about
the API.

llvm-svn: 151220

 - We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.

- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).

llvm-svn: 151188

block pointer that returns a block literal which captures (by copy)
the lambda closure itself. Some aspects of the block literal are left
unspecified, namely the capture variable (which doesn't actually
exist) and the body (which will be filled in by IRgen because it can't
be written as an AST).

Because we're switching to this model, this patch also eliminates
tracking the copy-initialization expression for the block capture of
the conversion function, since that information is now embedded in the
synthesized block literal. -1 side tables FTW.

llvm-svn: 151131

llvm-svn: 151124