Resolves a common false positive, where we were reporting a leak inside
asserts

llvm-svn: 150312

We use the same logic here as the RetainRelease checker.

llvm-svn: 150311

(use of return instead of continue), wording.

llvm-svn: 150215

llvm-svn: 150172

llvm-svn: 150158

Very simple so far - we just highlight every allocation and release
site.

llvm-svn: 150156

llvm-svn: 150155

which allows values to escape through unknown calls.

Assumes all calls but the malloc family are unknown.

Also, catch a use-after-free when a pointer is passed to a
function after a call to free (previously, you had to explicitly
dereference the pointer value).

llvm-svn: 150112

optimistic.

TODO: actually implement the pessimistic version of the checker. Ex: it
needs to assume that any function that takes a pointer might free it.

The optimistic version relies on annotations to tell us which functions
can free the pointer.

llvm-svn: 150111

post visit of CallExpr.

In general, we should avoid using evalCall as it leads to interference
with other checkers.

llvm-svn: 150086

(I was going to fix the TODO about DenseMap too, but
that would break self-host right now. See PR11922.)

llvm-svn: 149799

llvm-svn: 149798

Fix all the transitive include users.

llvm-svn: 149783

Fix all the files that depended on transitive includes of Diagnostic.h.
With this patch in place changing a diagnostic no longer requires a full rebuild of the StaticAnalyzer.

llvm-svn: 149781

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

llvm-svn: 149081

This allows -Wswitch-enum to find switches that need updating when these enums are modified.

llvm-svn: 148281

(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining.  Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back.  There are also potential performance implications
of enlarging the Environment.  Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment.  This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

llvm-svn: 147688

as a result of a call.

Problem:
Global variables, which come in from system libraries should not be
invalidated by all calls. Also, non-system globals should not be
invalidated by system calls.

Solution:
The following solution to invalidation of globals seems flexible enough
for taint (does not invalidate stdin) and should not lead to too
many false positives. We split globals into 3 classes:

* immutable - values are preserved by calls (unless the specific
global is passed in as a parameter):
     A :  Most system globals and const scalars

* invalidated by functions defined in system headers:
     B: errno

* invalidated by all other functions (note, these functions may in
turn contain system calls):
     B: errno
     C: all other globals (which are not in A nor B)

llvm-svn: 147569

llvm-svn: 147566

We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. 

llvm-svn: 145576

Also document addTransition methods.

llvm-svn: 143059

Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?

llvm-svn: 142946

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

llvm-svn: 142943

Passing a pointer was a bad idea as it collides with the overload for void*.

llvm-svn: 141971

llvm-svn: 141262

[analyzer] Removing references to CheckerContext::getNodeBuilder(): checkers can obtain block count directly from the Context.

llvm-svn: 141112

free() is returned by realloc(). Most code expect NULL.

And we only need to transfer one final ProgramState.

llvm-svn: 138937

Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.

llvm-svn: 137894

llvm-svn: 137665

Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*].  It was highly inconsistent, and very ugly to look at.

llvm-svn: 137537

[analyzer] fix bug in malloc checker where the tracked symbol would not properly be removed from the state.

llvm-svn: 136418

them into the clang namespace.

llvm-svn: 135852

More accurately model realloc() when the size argument is 0. realloc() with a size of 0 is equivalent to free(). The memory region should be marked as free and not used again.

Unit tests f2_realloc_0(), f6_realloc(), and f7_realloc() contributed by Marshall Clow <mclow.lists@gmail.com>. Thanks! 

llvm-svn: 130303

llvm-svn: 128762

llvm-svn: 126726

llvm-svn: 126606

-Introduce EndOfFunctionNodeBuilder::withCheckerTag to allow it be "specialized" with a
 checker tag and not require the checkers to pass a tag.
-For EndOfFunctionNodeBuilder::generateNode, reverse the order of tag/P parameters since
 there are actual calls that assume the second parameter is ExplodedNode.

llvm-svn: 126332

llvm-svn: 125724

Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.

This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

llvm-svn: 125251

[analyzer] lib/StaticAnalyzer/Checkers/ExprEngineExperimentalChecks.h -> lib/StaticAnalyzer/Checkers/ExperimentalChecks.h

llvm-svn: 125122