ArrayBoundCheckerV2: don't arbitrarily warn about indexing before the 0-index of a symbolic region.  In many cases that isn't really the base offset.

llvm-svn: 129366

This patch adds modeling of strcmp() to the CString checker. Validates inputs are not NULL and are real C strings, then does the comparison and binds the proper return value. Unit tests included. 

llvm-svn: 129364

Validates inputs are not NULL, checks for overlapping strings, concatenates the strings checking for buffer overflow, sets the length of the destination string to the sum of the s1 length and the s2 length, binds the return value to the s1 value.

llvm-svn: 129215

Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.

Also, brings the security syntax checker more inline with coding standards.

llvm-svn: 128916

Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.

llvm-svn: 128785

llvm-svn: 128762

Teach IdempotentOperationsChecker about paths aborted because ExprEngine didn't know how to handle a specific Expr type.

llvm-svn: 128761

static analyzer: Rename 'BlocksAborted' to 'BlocksExhausted' to reflect that a given CFGBlock was analyzed too many times.

llvm-svn: 128760

Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. 

llvm-svn: 128679

Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.

llvm-svn: 128677

llvm-svn: 128670

llvm-svn: 128512

[analyzer] For -analyzer-checker-help show all the info about groups, packages, and which packages/checkers are hidden.

llvm-svn: 128511

llvm-svn: 128475

llvm-svn: 128310

llvm-svn: 128187

This rename serves two purposes:

- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.

llvm-svn: 127930

llvm-svn: 127798

Teach VariadicMethodTypeChecker that CF references are valid arguments to variadic Objective-C methods.

llvm-svn: 127797

VariadicMethodTypeChecker: don't warn for null pointer constants passed to variadic Objective-C methods.

llvm-svn: 127719

llvm-svn: 127687

Tweak VariadicMethodTypeChecker to only create one ExplodedNode when issuing multiple warnings for the same message expression.

Also add a test case showing that we correctly report multiple warnings for the same message expression.

llvm-svn: 127605

Add an Objective-C checker that checks that arguments passed to some variadic Objective-C methods are of Objective-C pointer types.

Ted or Argiris, I'd appreciate a review!

llvm-svn: 127572

Re-enable the IdempotentOperations checker for --analyze, and put it and the DeadStores checker into the "deadcode" group.

llvm-svn: 127531

llvm-svn: 127528

This checker was created by Jim Goodnow II, and I migrated it to the
new Checker interface (recent changes by Argiris).

llvm-svn: 127525

extending the existing support for sizeof and alignof.  Original
patch by Guy Benyei.

llvm-svn: 127475

Make the Objective-C checker look for subclasses of NSString instead of just NSString and NSMutableString.

llvm-svn: 127268

conventional categories into Basic and AST.  Update the self-init checker
to use this logic;  CFRefCountChecker is complicated enough that I didn't
want to touch it.

llvm-svn: 126817

In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.

- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.

llvm-svn: 126738

llvm-svn: 126735

llvm-svn: 126734

and hope the wrath of the buildbots will not descend upon me.

llvm-svn: 126728

llvm-svn: 126726

llvm-svn: 126725

llvm-svn: 126724

llvm-svn: 126690

They cooperate in that NSErrorChecker listens for ImplicitNullDerefEvent events that
DereferenceChecker can dispatch.
ImplicitNullDerefEvent is when we dereferenced a location that may be null.

llvm-svn: 126659

llvm-svn: 126629

llvm-svn: 126626