llvm-svn: 167189

No functionality change.

llvm-svn: 167187

(and the same for isFalse)

No functionality change.

llvm-svn: 167186

Thanks Ted.

llvm-svn: 167176

Previously, every call to a ConstraintManager's isNull would do a full
assumeDual to test feasibility. Now, ConstraintManagers can override
checkNull if they have a cheaper way to do the same thing.
RangeConstraintManager can do this in less than half the work.

<rdar://problem/12608209>

llvm-svn: 167138

llvm-svn: 167099

IdentifierInfo.

Ee: C++ copy constructors.
llvm-svn: 167092

llvm-svn: 167002

llvm-svn: 167001

The ImmutableMap should not be the key into the GDM map as there could
be several entries with the same map type. Thanks, Jordan.

This complicates the usage of the macro a bit. When we want to retrieve
the whole map, we need to use another name. Currently, I set it to be
Name ## Ty as in "type of the map we are storing in the ProgramState".

llvm-svn: 167000

llvm-svn: 166999

Patch by Sean McBride!

llvm-svn: 166995

This is a syntactic checker aimed at helping iOS programmers correctly
subclass and override the methods of UIViewController. While this should
eventually be covered by the 'objc_requires_super' attribute, this
checker can be used with the existing iOS SDKs without any header changes.

This new checker is currently named 'alpha.osx.cocoa.MissingSuperCall'.
Patch by Julian Mayer!

llvm-svn: 166993

No need for the auxiliary flag. No need to generate a leak node when
there is no error.

llvm-svn: 166977

This is an example checker for catching fopen fclose API misuses.

llvm-svn: 166976

- Adding Immutable Map to GDM and getIdentifierInfo helper method.

llvm-svn: 166975

Our one basic suppression heuristic is to assume that functions do not
usually return NULL. However, when one of the arguments is NULL it is
suddenly much more likely that NULL is a valid return value. In this case,
we don't suppress the report here, but we do attach /another/ visitor to
go find out if this NULL argument also comes from an inlined function's
error path.

This new behavior, controlled by the 'avoid-suppressing-null-argument-paths'
analyzer-config option, is turned off by default. Turning it on produced
two false positives and no new true positives when running over LLVM/Clang.

This is one of the possible refinements to our suppression heuristics.
<rdar://problem/12350829>

llvm-svn: 166941

Additionally, don't collect PostStore nodes -- they are often used in
path diagnostics.

Previously, we tried to track null arguments in the same way as any other
null values, but in many cases the necessary nodes had already been
collected (a memory optimization in ExplodedGraph). Now, we fall back to
using the value of the argument at the time of the call, which may not
always match the actual contents of the region, but often will.

This is a precursor to improving our suppression heuristic.
<rdar://problem/12350829>

llvm-svn: 166940

llvm-svn: 166778

path notes for cases where a value may be assumed to be null, etc.
Instead of having redundant diagnostics, do a pass over the generated
PathDiagnostic pieces and remove notes from TrackConstraintBRVisitor
that are already covered by ConditionBRVisitor, whose notes tend
to be better.

Fixes <rdar://problem/12252783>

llvm-svn: 166728

This caused assertion failures analyzing LLVM.

<rdar://problem/12560282>

llvm-svn: 166529

After every 1000 CFGElements processed, the ExplodedGraph trims out nodes
that satisfy a number of criteria for being "boring" (single predecessor,
single successor, and more). Rather than controlling this with a cc1 option,
which can only disable this behavior, we now have an analyzer-config option,
'graph-trim-interval', which can change this interval from 1000 to something
else. Setting the value to 0 disables reclamation.

The next commit relies on this behavior to actually test anything.

llvm-svn: 166528

This is actually required by the C++ standard in
[basic.stc.dynamic.allocation]p3:

  If an allocation function declared with a non-throwing
  exception-specification fails to allocate storage, it shall return a
  null pointer. Any other allocation function that fails to allocate
  storage shall indicate failure only by throwing an exception of a type
  that would match a handler of type std::bad_alloc.

We don't bother checking for the specific exception type, but just go off
the operator new prototype. This should help with a certain class of lazy
initalization false positives.

<rdar://problem/12115221>

llvm-svn: 166363

llvm-svn: 166211

This actually looks through several kinds of expression, such as
OpaqueValueExpr and ExprWithCleanups. The idea is that binding and lookup
should be consistent, and so if the environment needs to be modified later,
the code doing the modification will not have to manually look through these
"transparent" expressions to find the real binding to change.

This is necessary for proper updating of struct rvalues as described in
the previous commit.

llvm-svn: 166121

In C++, rvalues that need to have their address taken (for example, to be
passed to a function by const reference) will be wrapped in a
MaterializeTemporaryExpr, which lets CodeGen know to create a temporary
region to store this value. However, MaterializeTemporaryExprs are /not/
created when a method is called on an rvalue struct, even though the 'this'
pointer needs a valid value. CodeGen works around this by creating a
temporary region anyway; now, so does the analyzer.

The analyzer also does this when accessing a field of a struct rvalue.
This is a little unfortunate, since the rest of the struct will soon be
thrown away, but it does make things consistent with the rest of the
analyzer.

This allows us to bring back the assumption that all known 'this' values
are Locs. This is a revised version of r164828-9, reverted in r164876-7.

<rdar://problem/12137950>

llvm-svn: 166120

@implementation.

llvm-svn: 166047

Follow-up to r165838, which fixed a potential crash.

llvm-svn: 166002

llvm-svn: 165994

llvm-svn: 165993

llvm-svn: 165992

This was only used by OSAtomicChecker and makes it more
difficult to update values for expressions that the environment
may look through instead (it's not the same as IgnoreParens).
With this gone, we can have bindExpr bind to the inner
expression that getSVal will find.

Groundwork for <rdar://problem/12137950>

llvm-svn: 165866

I believe the removed assert in CheckerManager says it best:

	InlineCall is a special hacky callback to allow intrusive
	evaluation of the call (which simulates inlining). It is
	currently only used by OSAtomicChecker and should go away
	at some point.

OSAtomicChecker has gone away; inlineCall can now go away as well!

llvm-svn: 165865

llvm-svn: 165842

that a DeclRefExpr can never return a null decl.  We possibly should
hoist this into getDecl() itself.

llvm-svn: 165841

invariants using assertions.

llvm-svn: 165840

the number of arguments.

llvm-svn: 165838

llvm-svn: 165744

objc_atomicCompareAndSwap.

llvm-svn: 165743

This time, actually uncomment the code that's supposed to fix the problem.

This reverts r165671 / 8ceb837585ed973dc36fba8dfc57ef60fc8f2735.

llvm-svn: 165676