[analyzer] If we call a C++ method on an object, assume it's non-null.

This is analogous to our handling of pointer dereferences: if we
dereference a pointer that may or may not be null, we assume i

[analyzer] If we call a C++ method on an object, assume it's non-null.

This is analogous to our handling of pointer dereferences: if we
dereference a pointer that may or may not be null, we assume it's non-null
from then on.

While some implementations of C++ (including ours) allow you to call a
non-virtual method through a null pointer of object type, it is technically
disallowed by the C++ standard, and should not prune out any real paths in
practice.

[class.mfct.non-static]p1: A non-static member function may be called
for an object of its class type, or for an object of a class derived
from its class type...
(a null pointer value does not refer to an object)

We can also make the same assumption about function pointers.

llvm-svn: 161992

show more ...

[analyzer] Use a more robust check for null in CallAndMessageChecker.

This should fix the failing test on the buildbot as well.

llvm-svn: 161290

[analyzer] When a symbol is null, we should track its constraints.

Because of this, we would previously emit NO path notes when a parameter
is constrained to null (because there are no stores). Now

[analyzer] When a symbol is null, we should track its constraints.

Because of this, we would previously emit NO path notes when a parameter
is constrained to null (because there are no stores). Now we show where we
made the assumption, which is much more useful.

llvm-svn: 161280

show more ...

[analyzer] Track null/uninitialized C++ objects used in method calls.

llvm-svn: 161278

[analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.

llvm-svn: 160815

Add static analyzer check for calling a C++ instance method with a null/uninitialized pointer.

llvm-svn: 160767

[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall.

As pointed out by Anna, we only differentiate between explicit message sends

This also adds support for ObjCSubscriptExprs, which

[analyzer] Combine all ObjC message CallEvents into ObjCMethodCall.

As pointed out by Anna, we only differentiate between explicit message sends

This also adds support for ObjCSubscriptExprs, which are basically the same
as properties in many ways. We were already checking these, but not emitting
nice messages for them.

This depends on the llvm::PointerIntPair change in r160456.

llvm-svn: 160461

show more ...

[analyzer] If 'super' is known to be nil, we can still mark its range.

llvm-svn: 159596

[analyzer] Convert existing checkers to use check::preCall and check::postCall.

llvm-svn: 159563

[analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.

The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall
argument, which can represent an explicit message

[analyzer] Finish replacing ObjCMessage with ObjCMethodDecl and friends.

The preObjCMessage and postObjCMessage callbacks now take an ObjCMethodCall
argument, which can represent an explicit message send (ObjCMessageSend) or an
implicit message generated by a property access (ObjCPropertyAccess).

llvm-svn: 159559

show more ...

[analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.

Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper
around the existing ObjCMessage abstraction (over

[analyzer] Begin replacing ObjCMessage with ObjCMethodCall and friends.

Previously, the CallEvent subclass ObjCMessageInvocation was just a wrapper
around the existing ObjCMessage abstraction (over message sends and property
accesses). Now, we have abstract CallEvent ObjCMethodCall with subclasses
ObjCMessageSend and ObjCPropertyAccess.

In addition to removing yet another wrapper object, this should make it easy
to add a ObjCSubscriptAccess call event soon.

llvm-svn: 159558

show more ...

[analyzer] Convert CallAndMessageChecker and ObjCSelfInitChecker to CallEvent.

Both of these got uglier rather than cleaner because we don't have preCall and
postCall yet; properly wrapping a CallEx

[analyzer] Convert CallAndMessageChecker and ObjCSelfInitChecker to CallEvent.

Both of these got uglier rather than cleaner because we don't have preCall and
postCall yet; properly wrapping a CallExpr in a CallEvent requires doing a bit
of deconstruction on the callee. Even when we have preCall and postCall we may
want to expose the current CallEvent to pre/postStmt<CallExpr>.

llvm-svn: 159556

show more ...

Revert Decl's iterators back to pointer value_type rather than reference value_type

In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I w

Revert Decl's iterators back to pointer value_type rather than reference value_type

In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I would've omitted them entirely but
std::distance likes them to be there even if it doesn't use them.

This rolls back r155808 and r155869.

Review by Doug Gregor incorporating feedback from Chandler Carruth.

llvm-svn: 158104

show more ...

Remove unused private member variables found by clang's new -Wunused-private-field.

llvm-svn: 158086

Remove the ref/value inconsistency in filter_decl_iterator.

filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior in

Remove the ref/value inconsistency in filter_decl_iterator.

filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior into a reusable
library of any kind.

This change errs on the side of value, making op-> return T* and op* return
T&.

(reviewed by Richard Smith)

llvm-svn: 155808

show more ...

[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the p

[analyzer] Implement basic path diagnostic pruning based on "interesting" symbols and regions.
Essentially, a bug centers around a story for various symbols and regions. We should only include
the path diagnostic events that relate to those symbols and regions.

The pruning is done by associating a set of interesting symbols and regions with a BugReporter, which
can be modified at BugReport creation or by BugReporterVisitors.

This patch reduces the diagnostics emitted in several of our test cases. I've vetted these as
having desired behavior. The only regression is a missing null check diagnostic for the return
value of realloc() in test/Analysis/malloc-plist.c. This will require some investigation to fix,
and I have added a FIXME to the test case.

llvm-svn: 152361

show more ...

Teak CallAndMessageChecker to only warn about uninitialized struct fields in call arguments
when the called function is never inlined.

Fixes <rdar://problem/10977037>.

llvm-svn: 152073

Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180

Adopt ExprEngine and checkers to ObjC property refactoring. Everything was working, but now diagnostics are aware of message expressions implied by uses of properties. Fixes <rdar://problem/9241180>.

llvm-svn: 150888

show more ...

Basic: import SmallString<> into clang namespace

(I was going to fix the TODO about DenseMap too, but
that would break self-host right now. See PR11922.)

llvm-svn: 149799

Basic: import OwningPtr<> into clang namespace

llvm-svn: 149798

Move a method from IdentifierTable.h out of line and remove the SmallString include.

Fix all the transitive include users.

llvm-svn: 149783

Fix an assertion failure in isMacOSXVersionLT for IOS targets.

Check if the triple OS is IOS instead of checking for arm/thumb architectures
and check that before calling isMacOSXVersionLT.

llvm-sv

Fix an assertion failure in isMacOSXVersionLT for IOS targets.

Check if the triple OS is IOS instead of checking for arm/thumb architectures
and check that before calling isMacOSXVersionLT.

llvm-svn: 149454

show more ...

Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eage

Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.

At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

llvm-svn: 149081

show more ...

[analyzer] Rename Store::Retrieve() -> getBinding().

+ all the other Retrieve..() methods + a comment for ElementRegion.

llvm-svn: 148011

[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via i

[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.

This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.

This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).

llvm-svn: 147688

show more ...