(1) libAnalysis is a generic analysis library that can be used by
    Sema.  It defines the CFG, basic dataflow analysis primitives, and
    inexpensive flow-sensitive analyses (e.g. LiveVariables).

(2) libChecker contains the guts of the static analyzer, incuding the
    path-sensitive analysis engine and domain-specific checks.

Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.

This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker.  More changes pending.  :)

This change also exposed a layering violation between AnalysisContext
and MemRegion.  BlockInvocationContext shouldn't explicitly know about
BlockDataRegions.  For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet).  We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.

llvm-svn: 94406

This with previous patch fixes a OSAtomic test case.

llvm-svn: 93146

Split CodeTextRegion into FunctionTextRegion and BlockTextRegion.  This a precursor to having basic static analysis support for blocks.

llvm-svn: 89828

getBaseRegion will be used in another method.

llvm-svn: 86649

llvm-svn: 86523

llvm-svn: 81346

pointers.  Most logic cares first about whether or not a region is
symbolic, and second if represents code.  This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).

llvm-svn: 80335

llvm-svn: 79854

RegionStore already lazily abstracted the contents of arrays and structs, when
doing an assignment from one array/struct to another we did an explicit
element-wise copy, which resulted in a loss of laziness and huge performance
problem when analyzing many code bases.

Now RegionStoreManager handles such assignments using a new SVal could
'LazyCompoundSVal', which basically means the value of a given struct or array
(a MemRegion*) in a specific state (GRState). When we do a load from a field
whose encompassing struct binds to a LazyCompoundSVal, we essentially do a field
lookup in the original structure. This means we have essentially zero copying of
data for structs/arrays and everything stays lazy.

llvm-svn: 78268

OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.

llvm-svn: 77509

index 0.  This will be used for refinements to InvalidateRegion and CastRegion.

llvm-svn: 77481

llvm-svn: 75672

Tidy pretty-printing for SVals, using 'dump()' instead of 'printStdErr()', and implementing operator<< support for llvm::raw_ostream.

llvm-svn: 75560

llvm-svn: 74521

GRTransferFuncs had the conflated role of both constructing SVals (symbolic
expressions) as well as handling checker-specific logic. Now SValuator has the
role of constructing SVals from expressions and GRTransferFuncs just handles
checker-specific logic. The motivation is by separating these two concepts we
will be able to much more easily create richer constraint-generating logic
without coupling it to the main checker transfer function logic.

We now have one implementation of SValuator: SimpleSValuator.

SimpleSValuator is essentially the SVal-related logic that was in GRSimpleVals
(which is removed in this patch). This includes the logic for EvalBinOp,
EvalCast, etc. Because SValuator has a narrower role than the old
GRTransferFuncs, the interfaces are much simpler, and so is the implementation
of SimpleSValuator compared to GRSimpleVals. I also did a line-by-line review of
SVal-related logic in GRSimpleVals and cleaned it up while moving it over to
SimpleSValuator.

As a consequence of removing GRSimpleVals, there is no longer a
'-checker-simple' option. The '-checker-cfref' did everything that option did
but also ran the retain/release checker. Of course a user may not always wish to
run the retain/release checker, nor do we wish core analysis logic buried in the
checker-specific logic. The next step is to refactor the logic in CFRefCount.cpp
to separate out these pieces into the core analysis engine.

llvm-svn: 74229

llvm-svn: 74136

llvm-svn: 73954

No functionality change.

llvm-svn: 73952

Clean up code with ValueManager.

llvm-svn: 73951

array elements to 0 explicitly. Create 0 values with the element type.

llvm-svn: 73946

because the type of the symbol is used to create the default range. We need the
sign to be consistent.

llvm-svn: 73756

GRState->bindXXX and friends (and constify some arguments along the way).

llvm-svn: 73740

type. 

When retrieving the region value, if we are going to create a symbol value, use
the cast-to type if possible.

llvm-svn: 73690

array region, set its default value to conjured symbol. When retrieving its
element, create new region value symbol for the element.

Also fix some 80 columns violations.

llvm-svn: 71548

  SymbolRegionRValue => SymbolRegionValue
  SymExpr::RegionRValue => SymExpr::RegionValueKind

llvm-svn: 71322

TypedRegion::getValueType().

llvm-svn: 71321

 RValueType => ObjectType
 LValueType => LocationType

No functionality change.

llvm-svn: 71304

llvm-svn: 70865

no-outofbounds.c still fails. Previously it passed because the array index
is mistakenly a loc::ConcreteInt.

llvm-svn: 70844

layered regions.

llvm-svn: 69686

llvm-svn: 69577

get FunctionDecl with more general utility method.

llvm-svn: 69570

methods of SVal.

llvm-svn: 69565

ProgramPoints all the way through to GRCoreEngine.

NSString.m now fails with RegionStoreManager because of the void** cast.
Disabling use of region store for that test for now.

llvm-svn: 68845

llvm-svn: 68800

A CodeTextRegion wraps two kinds of data: FunctionDecl* or SymbolRef. 
The latter comes from the symbolic function pointer that are generated from
function calls or input data.

llvm-svn: 68777

llvm-svn: 68771

- Pull SVal::GetConjuredSymbol() and friends into ValueManager. This greatly
simplifies the calling interface to clients.

llvm-svn: 68731

llvm-svn: 68711

llvm-svn: 68703