The final graph contains a single root node, which is a parent of all externally available functions(and 'main'). As well as a list of Parentless/Unreachable functions, which are either truly unreachable or are unreachable due to our analyses imprecision.

The analyzer checkers debug.DumpCallGraph or debug.ViewGraph can be used to look at the produced graph.

Currently, the graph is not very precise, for example, it entirely skips edges resulted from ObjC method calls.

llvm-svn: 152272

llvm-svn: 152139

llvm-svn: 152080

llvm-svn: 152078

when the called function is never inlined.

Fixes <rdar://problem/10977037>.

llvm-svn: 152073

calls with self as a parameter.

llvm-svn: 152039

calling an ObjC method ending with 'NoCopy'.

llvm-svn: 152037

[analyzer] do not warn about returning stack-allocated memory when it comes from an ancestor stack frame.

llvm-svn: 151964

attributes, introduced in r151188.

+ the test to catch it.

Thanks to Ahmed Charles for pointing this out.

llvm-svn: 151840

Needs llvm update.

llvm-svn: 151829

funopen, setvbuf.

Teach the checker and the engine about these APIs to resolve malloc
false positives. As I am adding more of these APIs, it is clear that all
this should be factored out into a separate callback (for example,
region escapes). Malloc, KeyChainAPI and RetainRelease checkers could
all use it.

llvm-svn: 151737

[analyzer] Tweak the UnreachableCode checker to not warning about unreachable default blocks.  Patch by Cyril Roelandt!

llvm-svn: 151709

closest function context (RetainCountChecker).

llvm-svn: 151661

message.

llvm-svn: 151657

closest function context (Keychain API).

llvm-svn: 151613

When allocated buffer is passed to CF/NS..NoCopy functions, the
ownership is transfered unless the deallocator argument is set to
'kCFAllocatorNull'.

llvm-svn: 151608

closest function context. 

This prevents us from uniqueing all leaks from the same allocation
helper. radar://10932226

llvm-svn: 151592

to make it more widely available.

Depends on llvm commit r151564

llvm-svn: 151566

RetainCountChecker: don't adjust the retain count when analyzing a ReturnStmt unless we are in the top-level call frame.  We can do more later, but this makes the checker self-consistent (and fixes a crash).

llvm-svn: 151426

Assume none of the ObjC messages defined in system headers free memory,
except for the ones containing 'freeWhenDone' selector. Currently, just
assume that the region escapes to the messages with 'freeWhenDone'
(ideally, we want to treat it as 'free()').

For now, always assume that regions escape when passed to C++ methods.

llvm-svn: 151410

(Very similar to the previous change in malloc.)

llvm-svn: 151297

When we find two leak reports with the same allocation site, report only
one of them.

Provide a helper method to BugReporter to facilitate this.

llvm-svn: 151287

Make this call an exception in ExprEngine::invalidateArguments:
'int pthread_setspecific(ptheread_key k, const void *)' stores
a value into thread local storage. The value can later be retrieved
with 'void *ptheread_getspecific(pthread_key)'. So even thought the
parameter is 'const void *', the region escapes through the
call.

(Here we just blacklist the call in the ExprEngine's default
logic. Another option would be to add a checker which evaluates
the call and triggers the call to invalidate regions.)

Teach the Malloc Checker, which treats all system calls as safe about
the API.

llvm-svn: 151220

 - We should not evaluate strdup in the Malloc Checker, it's the job of
CString checker, so just update the RefState to reflect allocated
memory.

- Refactor to reduce LOC: remove some wrapper auxiliary functions, make
all functions return the state and add the transition in one place
(instead of in each auxiliary function).

llvm-svn: 151188

llvm-svn: 151124

, when we return a symbol reachable to the malloced one via pointer
arithmetic.

llvm-svn: 151121

llvm-svn: 151120

llvm-svn: 151007

tests.

llvm-svn: 150993

checks:

- unix.Malloc - Checks for memory leaks, double free, use-after-free.
- unix.cstring.NullArg - Checks for null pointers passed as arguments to
CString functions + evaluates CString functions.
- unix.cstring.BadSizeArg - Checks for common anti-patterns in
strncat size argument.

llvm-svn: 150988

llvm-svn: 150892

Adopt ExprEngine and checkers to ObjC property refactoring.  Everything was working, but now diagnostics are aware of message expressions implied by uses of properties.  Fixes <rdar://problem/9241180>.

llvm-svn: 150888

Have conjured symbols depend on LocationContext, to add context sensitivity for functions called more than once.

llvm-svn: 150849

it aware of CString APIs that return the input parameter.

Malloc Checker needs to know how the 'strcpy' function is
evaluated. Introduce the dependency on CStringChecker for that.
CStringChecker knows all about these APIs.

Addresses radar://10864450

llvm-svn: 150846

(Ex: It was not treating __inline_strcpy as strcpy. Will add tests that
rely on this later on.)

llvm-svn: 150845

 - Rename the category "Logic Error" -> "Memory Error".
 - Shorten all the messages.

llvm-svn: 150733

of failing realloc. + Minor cleanups.

llvm-svn: 150732

We are not properly handling the memory regions that escape into struct
fields, which led to a bunch of false positives. Be conservative here
and give up when a pointer escapes into a struct.

llvm-svn: 150658

llvm-svn: 150556

the passed in pointer on failure.

llvm-svn: 150533