llvm-svn: 95459

(1) libAnalysis is a generic analysis library that can be used by
    Sema.  It defines the CFG, basic dataflow analysis primitives, and
    inexpensive flow-sensitive analyses (e.g. LiveVariables).

(2) libChecker contains the guts of the static analyzer, incuding the
    path-sensitive analysis engine and domain-specific checks.

Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.

This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker.  More changes pending.  :)

This change also exposed a layering violation between AnalysisContext
and MemRegion.  BlockInvocationContext shouldn't explicitly know about
BlockDataRegions.  For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet).  We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.

llvm-svn: 94406

"ASTContext::getTypeSize() / 8". Replace [u]int64_t variables with CharUnits
ones as appropriate. 

Also rename RawType, fromRaw(), and getRaw() in CharUnits to QuantityType, 
fromQuantity(), and getQuantity() for clarity.

llvm-svn: 93153

CXXObjectRegion to represent it. 

In Environment, lookup a literal expression before make up a value for it.

llvm-svn: 93047

Make static analysis support for C++ 'this' expression context-sensitive.  Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.

llvm-svn: 92675

llvm-svn: 91572

attribute: the object type. 
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.

llvm-svn: 91535

Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference

llvm-svn: 91348

Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame.  Fixes <rdar://problem/7462324>.

llvm-svn: 91107

- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.

This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects.  Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object.  In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).

llvm-svn: 90809

llvm-svn: 90503

llvm-svn: 90499

Make BlockDataRegion::referenced_vars_iterator an actual class that enforces that all MemRegions iterated over are VarRegions.

llvm-svn: 90430

llvm-svn: 90267

Add iterators to BlockDataRegion that allow clients to iterate over the VarRegions for "captured" variables for a block.

llvm-svn: 89927

'BlockDataRegion' to distinguish between the code associated with a
block (which is represented by 'BlockTextRegion') and an instance of a
block, which includes both code and data.  'BlockDataRegion' has an
associated LocationContext, which can be used to eventually model the
lifetime of a block object once LocationContexts can represent scopes
(and iterations around a loop, etc.).

llvm-svn: 89900

Split CodeTextRegion into FunctionTextRegion and BlockTextRegion.  This a precursor to having basic static analysis support for blocks.

llvm-svn: 89828

region, so that arithmetic within a memory chunk is allowed.

llvm-svn: 86652

getBaseRegion will be used in another method.

llvm-svn: 86649

llvm-svn: 81346

pointers.  Most logic cares first about whether or not a region is
symbolic, and second if represents code.  This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).

llvm-svn: 80335

SelfRegion represented the object bound to 'self' (when analyzing Objective-C
methods) upon entry to a method. Having this region stored on the side ignores
the current stack frame that we might be analyzing (among other things), and is
a problem for interprocedural analysis.

For RegionStoreManager, the value for SelfRegion is just lazily created.

For BasicStoreManager, the value for SelfRegion is bound eagerly to 'self', but
no explicit tracking of SelfRegion on the side is made.

As part of this change, remove the restriction in BasicStoreManager that we only
track ivars for 'self'. This shouldn't actually change anything in terms of
precision, and simplifies the logic.

llvm-svn: 79694

llvm-svn: 79680

made to RegionStore (and related classes) in order to handle some
analyzer failures involving casts and manipulation of symbolic memory.

The root of the change is in StoreManager::CastRegion().  Instead of
using ad hoc heuristics to decide when to layer an ElementRegion on a
casted MemRegion, we now always layer an ElementRegion when the cast
type is different than the original type of the region.  This carries
the current cast information associated with a region around without
resorting to the error prone recording of "casted types" in GRState.

Along with this new policy of layering ElementRegions, I added a new
algorithm to strip away existing ElementRegions when they simply
represented casts of a base memory object.  This algorithm computes
the raw "byte offset" that an ElementRegion represents from the base
region, and allows the new ElementRegion to be based off that offset.
The added benefit is that this naturally handles a series of casts of
a MemRegion without building up a set of redundant ElementRegions
(thus canonicalizing the region view).

Other related changes that cascaded from this one (as tests were
failing in RegionStore):

- Revamped RegionStoreManager::InvalidateRegion() to completely remove
  all bindings and default values from a region and all subregions.
  Now invalidated fields are not bound directly to new symbolic
  values; instead the base region has a "default" symbol value from
  which "derived symbols" can be created.  The main advantage of this
  approach is that it allows us to invalidate a region hierarchy and
  then lazily instantiate new values no matter how deep the hierarchy
  went (i.e., regardless of the number of field accesses,
  e.g. x->f->y->z->...).  The previous approach did not do this.

- Slightly reworked RegionStoreManager::RemoveDeadBindings() to also
  incorporate live symbols and live regions that do not have direct
  bindings but also have "default values" used for lazy instantiation.
  The changes to 'InvalidateRegion' revealed that these were necessary
  in order to achieve lazy instantiation of values in the region store
  with those bindings being removed too early.

- The changes to InvalidateRegion() and RemoveDeadBindings() revealed
  a serious bug in 'getSubRegionMap()' where not all region -> subregion
  relationships involved in actually bindings (explicit and implicit)
  were being recorded.  This has been fixed by using a worklist algorithm
  to iteratively fill in the region map.

- Added special support to RegionStoreManager::Bind()/Retrieve() to handle
  OSAtomicCompareAndSwap in light of the new 'CastRegion' changes and the
  layering of ElementRegions.

- Fixed a bug in SymbolReaper::isLive() where derived symbols were not
  being marked live if the symbol they were derived from was also live.
  This fix was critical for getting lazy instantiation in RegionStore
  to work.

- Tidied up the implementation of ValueManager::getXXXSymbolVal() methods
  to use SymbolManager::canSymbolicate() to decide whether or not a
  symbol should be symbolicated.

- 'test/Analysis/misc-ps-xfail.m' now passes; that test case has been
  moved to 'test/Analysis/misc-ps.m'.

- Tweaked some pretty-printing of MemRegions, and implemented
  'ElementRegion::getRawOffset()' for use with the CastRegion changes.

llvm-svn: 77782

OldCastRegion used), and the associated command line option
'-analyzer-store=old-basic-cast'.

llvm-svn: 77509

index 0.  This will be used for refinements to InvalidateRegion and CastRegion.

llvm-svn: 77481

llvm-svn: 76381

llvm-svn: 76380

ValueManager::makeArrayIndex()/convertArrayIndex() methods.  This
handles yet another crash case when reasoning about array indices of
different bitwidth and signedness.

llvm-svn: 75884

Tidy pretty-printing for SVals, using 'dump()' instead of 'printStdErr()', and implementing operator<< support for llvm::raw_ostream.

llvm-svn: 75560

When pretty-printing symbolic regions, use '{' ... '}' to indicate the symbol used for the region (makes it easier to read for nested regions).

llvm-svn: 75550

Change pretty-printing API for SymExprs and MemRegions to use a naming convention and style similar to other elements in Clang.

llvm-svn: 75548

Rename potentially ambiguous member template 'getRegion' to 'getSubRegion' to hopefully resolve template lookup ambiguities on some compilers.

llvm-svn: 75253

structures passed-by-value as function arguments.

llvm-svn: 74729

directly consulting if a VarDecl is an implicit or actual parameter, a global,
etc.

llvm-svn: 74716

This will simplify the logic of StoreManagers that want to specially reason
about the values of parameters.

llvm-svn: 74715

llvm-svn: 74709

This is simple enough, but then I thought it would be nice to make PrintingPolicy
get a LangOptions so that various things can key off "bool" and "C++" independently.
This spiraled out of control.  There are many fixme's, but I think things are slightly
better than they were before.

One thing that can be improved: CFG should probably have an ASTContext pointer in it,
which would simplify its clients.

llvm-svn: 74493

- Change implementation of MemRegion::hasStackStorage()/hasHeapStorage() to use
  'getMemorySpace()'.  This avoids a double traversal up the region hierarchy
  and is simpler.
- Add MemRegion::hasHeapOrStackStorage() as a slightly more efficient
  alternative to 'hasStackStorage() || hasHeapStorage()'.

llvm-svn: 73977

llvm-svn: 73973