[analyzer] Add a clone() method to BugReporterVisitor, so that we'll be able to reset diagnostic generation.

llvm-svn: 153368

llvm-svn: 152521

Essentially, a bug centers around a story for various symbols and regions.  We should only include
the path diagnostic events that relate to those symbols and regions.

The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.

This patch reduces the diagnostics emitted in several of our test cases.  I've vetted these as
having desired behavior.  The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c.  This will require some investigation to fix,
and I have added a FIXME to the test case.

llvm-svn: 152361

closest function context (Keychain API).

llvm-svn: 151613

(Very similar to the previous change in malloc.)

llvm-svn: 151297

llvm-svn: 151007

(I was going to fix the TODO about DenseMap too, but
that would break self-host right now. See PR11922.)

llvm-svn: 149799

llvm-svn: 149798

Fix all the transitive include users.

llvm-svn: 149783

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

llvm-svn: 149081

+ all the other Retrieve..() methods + a comment for ElementRegion.

llvm-svn: 148011

(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining.  Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back.  There are also potential performance implications
of enlarging the Environment.  Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment.  This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

llvm-svn: 147688

We trigger an error if free is called after a possibly failed allocation. Do not trigger the error if we know that the buffer is not null.

llvm-svn: 145584

We are getting name of the called function or it's declaration in a few checkers. Refactor them to use the helper function in the CheckerContext. 

llvm-svn: 145576

many checkers are trying to get a name of the callee when visiting
a CallExpr, so provide a convenience API.

llvm-svn: 144820

Also document addTransition methods.

llvm-svn: 143059

Remove dead members/parameters: ProgramState, respondsToCallback, autoTransition.
Remove addTransition method since it's the same as generateNode. Maybe we should
rename generateNode to genTransition (since a transition is always automatically
generated)?

llvm-svn: 142946

Get rid of the EndOfPathBuilder completely.
Use the generic NodeBuilder to generate nodes.
Enqueue the end of path frontier explicitly.

llvm-svn: 142943

[analyzer] Refactor: make PathDiagnosticLocation responsible for validation of SourceLocations (commit 2 of ?):
- Modify all PathDiagnosticLocation constructors that take Stmt to also requre LocationContext.
- Add a constructor which should be used in case there is no valid statement/location (it will grab the location of the enclosing function).

llvm-svn: 139763

[analyzer] MacOSKeychainAPIChecker: Simplify getSymbolForRegion by using existing API. Thanks Jordy.

llvm-svn: 138765

Fix: Bug 10798 - [analyzer] Crash when analyzing ICU. (A slight improvement on the previous commit.)

llvm-svn: 138762

Patch by Jean-Daniel Dupas. Thanks for spotting and fixing!

llvm-svn: 138757

llvm-svn: 138535

[analyzer] MacOSKeychainAPIChecker: Add the custom BugReport visitor(which highlights the allocation site) to all the relevant reports within the checker.

llvm-svn: 138531

llvm-svn: 138497

llvm-svn: 138493

[analyzer] MacOSKeychainAPIChecker: Provide reacher diagnostic trace by pointing to the allocation site when reporting a leak.

llvm-svn: 138479

[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.

llvm-svn: 138417

[analyzer] MacOSKeychainAPIChecker: Retrieve the memory region which we are tracking even when it's no longer a SymbolicRegion, for example, when it is cast to char*.

llvm-svn: 138415

llvm-svn: 138414

[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.

llvm-svn: 138296

Remove EnhancedBugReport and RangedBugReport - pull all the extra functionality they provided into their parent BugReport. The only functional changes are: made getRanges() non const - it adds default range to Ranges if none are supplied, made getStmt() private, which was another FIXME.

llvm-svn: 137894

llvm-svn: 137720

MacOSKeychainAPIChecker: The security API/memory leak checker should always generate regular nodes instead of sink nodes.

llvm-svn: 137681

llvm-svn: 137665

MacOSKeychainAPIChecker: Use llvm::SmallString instead of std::string (as per code review for r137523).

llvm-svn: 137633

MacOSKeychainAPIChecker: If the allocated data address entered as an enclosing function parameter, skip it to avoid false positives.

llvm-svn: 137526

Report errors earlier: on checkDeadSymbols() and clear the state after the symbol we are tracking goes out of scope. 

Also, perform lazy error checking. Instead of forcing the paths to be split depending one the return value of the allocator, make the return symbol depend on the allocated data symbol, which prolongs its life span to the time when the allocated data symbol becomes dead.

llvm-svn: 137523

MacOSKeychainAPIChecker: There is no need to use SymbolMetadata to represent the allocated data symbol, we can just use the symbol corresponding to the SymbolicRegion. This simplifies tracking of the symbol, for example, SymbolMetadata needs to go through extra hoops to stay alive.

Make AllocationState internal to the MacOSKeychainAPIChecker class.

llvm-svn: 137514

KeychainAPI checker: Track SymbolMetadata instead of MemRegion in checker state so that we could clear the state on evalDeadSymbols; also track the return value.

llvm-svn: 137003