A field rename and more comments.

llvm-svn: 79537

just as if it behaved like an init function.  This fixes <rdar://problem/7129086>.

llvm-svn: 79515

Although this does not make the CFG more correct, it makes the CFG more 
beautiful without multiple roots.

llvm-svn: 79509

Otherwise we get a wrong CFG.

llvm-svn: 79507

llvm-svn: 79502

fixing <rdar://problem/7152619>. Along the way, merge test cases in
'test/Analysis/rdar-6539791.c' into 'test/Analysis/retain-release.m'.

llvm-svn: 79499

and other core analysis logic will be untied to a particular Decl.

llvm-svn: 79420

Removed an unnecessary loop to get to setters incoming
argument. Added DoxyGen comments. Still more work
to do in this area (WIP).

llvm-svn: 79365

llvm-svn: 79328

BugReporter.

llvm-svn: 79327

which allows custom checks to register callback creator functions for creating
BugReporterVisitor objects. This allows various checks to include diagnostics
such as 'assuming value is null' with little extra work. Eventually this API
should be refactored to be cleaner and more simple.

llvm-svn: 79302

of GRStateManager and GRExprEngine, pass the initial location context
to the getInitialState() method.

llvm-svn: 79228

which is either a stack frame context of the function or a local scope 
context.

llvm-svn: 79072

llvm-svn: 78409

llvm-svn: 78407

with array accesses. In the process, refactor some common logic in
RetrieveElement() and RetrieveField() into RetrieveFieldOrElementCommon().

llvm-svn: 78349

involving reasoning about unions (which we don't handle yet).

llvm-svn: 78342

llvm-svn: 78305

Some Builders need further cleanup.

llvm-svn: 78301

merge GRCoreEngineImpl and GRCoreEngine.

Introduce a new interface class GRSubEngine as the subengine of GRCoreEngine.
GRExprEngine subclasses GRSubEngine now.

llvm-svn: 78298

  merge ExplodedGraphImpl and ExplodedGraph.

llvm-svn: 78291

llvm-svn: 78285

llvm-svn: 78284

llvm-svn: 78280

already been uniqued.

llvm-svn: 78279

llvm-svn: 78273

and their impl base classes. This can greatly simply some code of the core 
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.

llvm-svn: 78270

RegionStore already lazily abstracted the contents of arrays and structs, when
doing an assignment from one array/struct to another we did an explicit
element-wise copy, which resulted in a loss of laziness and huge performance
problem when analyzing many code bases.

Now RegionStoreManager handles such assignments using a new SVal could
'LazyCompoundSVal', which basically means the value of a given struct or array
(a MemRegion*) in a specific state (GRState). When we do a load from a field
whose encompassing struct binds to a LazyCompoundSVal, we essentially do a field
lookup in the original structure. This means we have essentially zero copying of
data for structs/arrays and everything stays lazy.

llvm-svn: 78268

llvm-svn: 78230

region to the worklist used to create the subregion map.

llvm-svn: 78228

Fix a bug in RegionStoreSubRegionManager::add() where multiple subregions wouldn't correctly get registered in the SubRegion map.

llvm-svn: 78162

constant value. If the UnaryOperator has location type, create the
constant with int type and pointer width.

This fixes the bug that all pointer increments 'p++' evaluated to Unknown.

llvm-svn: 78147

llvm-svn: 78000

llvm-svn: 77961

llvm-svn: 77876

llvm-svn: 77875

Generalize the interface of 'StoreManager::RemoveDeadBindings()' to manipulate the entire GRState, not just the Store.

llvm-svn: 77870

'void*' (or 'const void*') as an identity transformation.

llvm-svn: 77860

made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.

The root of the change is in StoreManager::CastRegion().  Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region.  This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.

Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object.  This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).

Other related changes that cascaded from this one (as tests were
failing in RegionStore):

- Revamped RegionStoreManager::InvalidateRegion() to completely remove
  all bindings and default values from a region and all subregions.
  Now invalidated fields are not bound directly to new symbolic
  values; instead the base region has a "default" symbol value from
  which "derived symbols" can be created.  The main advantage of this
  approach is that it allows us to invalidate a region hierarchy and
  then lazily instantiate new values no matter how deep the hierarchy
  went (i.e., regardless of the number of field accesses,
  e.g. x->f->y->z->...).  The previous approach did not do this.

- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
  incorporate live symbols and live regions that do not have direct
  bindings but also have "default values" used for lazy instantiation.
  The changes to 'InvalidateRegion' revealed that these were necessary
  in order to achieve lazy instantiation of values in the region store
  with those bindings being removed too early.

- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
  a serious bug in 'getSubRegionMap()' where not all region -> subregion
  relationships involved in actually bindings (explicit and implicit)
  were being recorded.  This has been fixed by using a worklist algorithm
  to iteratively fill in the region map.

- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
  OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
  layering of ElementRegions.

- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
  being marked live if the symbol they were derived from was also live.
  This fix was critical for getting lazy instantiation in RegionStore
  to work.

- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
  to use SymbolManager::canSymbolicate() to decide whether or not a
  symbol should be symbolicated.

- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
  moved to 'test/Analysis/misc-ps.m'.

- Tweaked some pretty-printing of MemRegions, and implemented
  'ElementRegion::getRawOffset()' for use with the CastRegion changes.

llvm-svn: 77782

Temporarily disable out-of-bounds checking.  The current checking logic will not work quite right with the changes I'm about to commit.

llvm-svn: 77779