llvm-svn: 57107

This is a big patch, but the functionality change is small and the rest of the patch consists of deltas due to API changes.

This patch overhauls the "memory region" abstraction that was prototyped (but never really used) as part of the Store.h.  This patch adds MemRegion.h and MemRegion.cpp, which defines the class MemRegion and its subclasses.  This classes serve to define an abstract representation of memory, with regions being layered on other regions to to capture the relationships between fields and variables, variables and the address space they are allocated in, and so on.  

The main motivation of this patch is that key parts of the analyzer assumed that all value bindings were to VarDecls.  In the future this won't be the case, and this patch removes lval::DeclVal and replaces it with lval::MemRegionVal.  Now all pieces of the analyzer must reason about abstract memory blocks instead of just variables.

There should be no functionality change from this patch, but it opens the door for significant improvements to the analyzer such as field-sensitivity and object-sensitivity, both which were on hold until the memory abstraction got generalized.

The memory region abstraction also allows type-information to literally be affixed to a memory region.  This will allow the some now redundant logic to be removed from the retain/release checker.

llvm-svn: 57042

Expand checking to include functions, not just methods.

llvm-svn: 56938

llvm-svn: 56912

Use this updated interface when invalidating arguments passed by reference; the type of symbol is of the object passed by reference, not the reference itself.

llvm-svn: 56894

llvm-svn: 56832

from the subexpression type to the expression type.

llvm-svn: 56831

llvm-svn: 56755

llvm-svn: 56735

Move VLA processing logic from LiveVariables to CFG construction.  This way all dataflow analyses "see" the VLA size expressions.

llvm-svn: 56655

Fixes <rdar://problem/6248086>

llvm-svn: 56645

llvm-svn: 56405

llvm-svn: 56403

llvm-svn: 56402

llvm-svn: 56401

llvm-svn: 56394

Changed casing of many bug names.  The convention will be to have bug names (mostly) lower cased, and categories use some capitalization.

llvm-svn: 56385

GRExprEngine:
  Use PostStore in EvalStore.
  Use a second version of EvalStore in EvalBinaryOperator to associate the store with the expression on the LHS.

llvm-svn: 56383

Bug fix: for the base transfer function logic for casts, handle const casts as just propagating the value.

llvm-svn: 56368

For checking if a symbol >= value, we need to check if symbol == value || symbol
> value. When checking symbol > value and we know that symbol != value, the path
is infeasible only if value == maximum integer.

For checking if a symbol <= value, we need to check if symbol == value || symbol
< value. When checking symbol < value and we know that symbol != value, the path
is infeasible only if value == minimum integer.

Updated test case exercising this logic: we only prune paths if the values are
unsigned.

llvm-svn: 56354

'symbol operator-reverse int'. This patch is a combination of code from
Zhongxing Xu and myself (Zhongxing noticed this bug for the cases of
relational operators).

llvm-svn: 56351

llvm-svn: 56334

llvm-svn: 56327

llvm-svn: 56319

Implement second part of PR 2600: NSError** parameter may be null, and should be checked before being dereferenced.

llvm-svn: 56318

Change implementation of NSError** coding-style check to be invoked at the end of the retain/release analysis.

llvm-svn: 56312

"Method accepting NSError** argument should have non-void return value to indicate that an error occurred."

Test case written, but the header needs to be delta-debugged reduced.  Will commit shortly.

llvm-svn: 56297

  if we know that 'len != 0' and know that 'i == 0' then we know that
  'i < len' must evaluate to true and cannot evaluate to false

llvm-svn: 56260

motivated because it became clear that the number of subclasses of ProgramPoint
would expand and we ran out of bits to represent a pointer variant. As a plus of
this change, BlockEdge program points can now be represented explicitly without
using a cache of CFGBlock* pairs in CFG.

llvm-svn: 56245

"Here is a patch what replaces std::ostream with llvm::raw_ostream. This patch
covers the AST library, but ignores Analysis lib."

llvm-svn: 56185

llvm-svn: 56166

- Change definition of store::Region and store::Binding (once again) to make
  them real classes that just wrap pointers. This makes them more strictly
  typed, and allows specific implementations of Regions/Bindings to just
  subclass them.
- minor renamings to RegionExtent and its subclasses
- added a bunch of doxygen comments

StoreManager: (static analyzer)
- added 'iterBindings', an iteration method for iterating over the bindings of a
  store. It that takes a callback object (acting like a poor man's closure).
- added 'getRVal' version for store::Binding. Will potentially phase the other
  versions of GetRVal in StoreManager out.
- reimplemented 'getBindings' to be non-virtual and to use 'iterBindings'

BasicStoreManager: (static analyzer)
- implemented 'iterBindings' for BasicStoreManager

llvm-svn: 55688

llvm-svn: 55559

llvm-svn: 55537

llvm-svn: 55536

llvm-svn: 55526

Migrated CFRefCount.cpp to use getBindings and BindingsAsString instead of
making assumptions about the Store (removed dependence on GRState::vb_iterator).

llvm-svn: 55522

llvm-svn: 55519

Remove Regions.h and Regions.cpp, since we are now using an even more abstract representation of "memory regions" in the static analyzer.

llvm-svn: 55515

Their precise semantics will be implemented by a specific StoreManager.

Use function pointer to create the StoreManager in GRStateManager.  This matches how we create ConstraintsManager.

llvm-svn: 55514