the index when the value evaluation isn't powerful enough.  By creating ElementRegions with
UnknownVals as the index, this gives the false impression that they are the same element, when
they really aren't.  This becomes really problematic when deriving symbols from these regions
(e.g., those representing the initial value of the index), since two different indices will
get the same symbol for their binding.

This fixes an issue with the idempotent operations checker that would cause two indices that
are clearly not the same to make it appear as if they always had the same value.

Fixes <rdar://problem/8431728>.

llvm-svn: 113920

llvm-svn: 113893

Don't divide-by-zero in RegionStoreManager::getSizeInElements() when getting the size of a VLA.  We don't track VLA extents yet,
but we should at least not crash.  Fixes <rdar://problem/8424269>.

llvm-svn: 113888

Rename 'MaxLoop' to 'MaxVisit' in AnalysisManager to more correctly reflect that we aborted analysis may not necessarily be due to a loop.

llvm-svn: 113862

This reverts commit r113631

Conflicts:

	CMakeLists.txt
	lib/CodeGen/CMakeLists.txt

llvm-svn: 113817

of whatever we were using before...

llvm-svn: 113631

llvm-svn: 113627

Polish diagnostics for null dereferences via ObjC ivar accesses.  Finishes up <rdar://problem/6352035>.

llvm-svn: 113612

llvm-svn: 113574

llvm-svn: 113573

llvm-svn: 113572

Added AnalyzerStatsChecker, a path sensitive check that reports visitation statistics about analysis. Running clang with the -analyzer-stats flag will emit warnings containing the information. We can then run a postanalysis script to take this data and give useful information about how much the analyzer missed in a project.

llvm-svn: 113568

Fixes: <rdar://problem/8409480> “warning: Pass-by-value argument in function call is undefined” message can be improved
llvm-svn: 113554

Use FindReportInEquivalenceClass to identify all the nodes used for the trimmed graph (in BugReporter).  This fixes a problem where a leak that happened to occur on both an exit() path and a non-exit() path was getting reported with the exit() path (which users don't care about).

This fixes:

<rdar://problem/8331641> leak reports should not show paths that end with exit() (but ones that don't end with exit())

llvm-svn: 113524

llvm-svn: 113489

llvm-svn: 113482

this fixes all analyser test failures in my gcc34-based
environment

how the cast result could bind to the non-const ref is
somewhat mysterious and remains to be investigated; to
avoid similar miscompilations (by gcc34 only?)

llvm-svn: 113480

The end result is now we eagarly constant-fold symbols in the analyzer that are perfectly constrained
to be a constant value.  This allows us to recover some path-sensitivity in some cases by lowering
the required level of reasoning power needed to evaluate some expressions.

The net win from this change is that the false positive in PR 8015 is fixed, and we also
find more idempotent operations bugs.

We do, however, regress with the BugReporterVisitors, which need to be modified to understand
this constant folding (and look past it).  This causes some diagnostic regressions in plist-output.m
which will get addressed in a future patch.  plist-output.m is now marked XFAIL, while
plist-output-alternate.m now tests that the plist output is working, but with the suboptimal
diagnostics.  This second test file will eventually be removed.

llvm-svn: 113477

Simplified reachability checking in IdempotentOperationChecker and added a helper function for path display.
- Created private class CFGReachabilityAnalysis, which provides cached reachability lookups in the CFG
- Simplified PathWasCompletelyAnalyzed to use the new reachability class
- Added getLastRelevantNodes function for future use with path displaying in BugReporter

llvm-svn: 113465

Static analyzer fix: <rdar://problem/5880430> Switch on enum should not consider default case live if all enum values are covered

llvm-svn: 113457

llvm-svn: 113444

Fix null pointer dereference in StreamChecker::Fseek (reported in PR 8081) and simplify surrounding checking logic.

llvm-svn: 113282

llvm-svn: 113269

should probably be removed if it has no purpose, but I just #if'd it out
in case it's usefulIdempotentOperationChecker::isTruncationExtensionAssignment
should probably be removed if it has no purpose, but I just #if'd it out
in case it's useful

llvm-svn: 112949

llvm-svn: 112932

llvm-svn: 112931

Add optional record of "location" SVals in the environment.  When we analyzing loads/stores, we lose the location SVal, which makes it difficult to recover in some cases (e.g., for post diagnostics).  This is prep for pending changes to GRExprEngine.

llvm-svn: 112930

Add GRState::getSimplifiedSVal(), which provides an API hook for doing symbol -> constant folding.  This isn't used yet, but
is prep for some pending optimizations in GRExprEngine.

llvm-svn: 112929

Reapply 112850 and 112839 with a constructor for the BinaryOperatorData struct. Clang would zero out the enum and pointer in the struct in some conditions, but GCC would never zero out the values.

llvm-svn: 112909

well-intentioned but completely unused code.

llvm-svn: 112868

llvm-svn: 112857

llvm-svn: 112850

- SourceRange highlighting is only given for the relevant side of the operator (assignments give both)
- Added PostVisitBinaryOperator hook to retrieve the ExplodedNode for an operator
- Added a BugReporterVisitor to display the last store to every VarDecl in a Stmt
- Changed bug reporting to use the new BugReporterVisitor

llvm-svn: 112839

llvm-svn: 112796

For GRExprEngine::EvalBind() (and called visitors), unifiy StoreE and AssignE.  Now StoreE (const Stmt*) represents the expression where the store took place, which is the assignment expression if it takes place in an assignment.  This removes some conceptual dissidence as well as removes an extra parameter from the Checker::PreVisitBind() visitor.  It also improves ranges and source location information in analyzer diagnostics.

llvm-svn: 112789

llvm-svn: 112784

Partial fix for PR 8015 (fix is actually by Jordy Rose, and I added a test case for follow-on work).  This patch adds a bandaid for RegionStore's limited reasoning about symbolic array values.

llvm-svn: 112766

Don't assert in the analyzer when analyze code does a byte load from a function's address.  Fixes PR 8052.

llvm-svn: 112761

llvm-svn: 112738

llvm-svn: 112569