have the iterators and operator[] handle the traversal of statements, as they
are stored in reverse order. Tests show this has no real performance impact, but
it does simply the CFG construction logic and will make it slightly easier to
change the allocation strategy for CFGBlocks (as we have fewer copies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82702 91177308-0d34-0410-b5e6-96231b3b80d8
The issue was a discrepancy between how RegionStoreManager::Bind() and
RegionStoreManager::Retrieve() derived the "key" for the first element
of a symbolic region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82680 91177308-0d34-0410-b5e6-96231b3b80d8
Several of the existing methods were identical to their respective
specializations, and so have been removed entirely. Several more 'leaf'
optimizations were introduced.
The getAsFoo() methods which imposed extra conditions, like
getAsObjCInterfacePointerType(), have been left in place.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82501 91177308-0d34-0410-b5e6-96231b3b80d8
integer pointer. For now just invalidate the fields of the struct.
This addresses: <rdar://problem/7185607> [RegionStore] support invalidation of bit fields using integer assignment
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82492 91177308-0d34-0410-b5e6-96231b3b80d8
r82198 and then reverted. This is an intermediate solution, as diagnostic
caching should not rely on static variables.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82301 91177308-0d34-0410-b5e6-96231b3b80d8
when running the analyzer on real projects. We'll keep the change to
AnalysisManager.cpp in r82198 so that -fobjc-gc analyzes code
correctly in both GC and non-GC modes, although this may emit two
diagnostics for each bug in some cases (a better solution will come
later).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82201 91177308-0d34-0410-b5e6-96231b3b80d8
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82198 91177308-0d34-0410-b5e6-96231b3b80d8
with binary operators. The result of a binary operator may be
undefined even if its operands are well-defined.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81874 91177308-0d34-0410-b5e6-96231b3b80d8
__builtin_offsetof in the static analyzer that __builtin_offsetof is
not guaranteed to return an integer constant. We will need to shore
this up later, but now at least we have correct support for when this
*is* an integer constant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81830 91177308-0d34-0410-b5e6-96231b3b80d8
to statically type various methods in SValuator/GRState as required either a
defined value or a defined-but-possibly-unknown value. This leads to various
logic cleanups in GRExprEngine, and lets the compiler enforce via type checking
our assumptions about what symbolic values are possibly undefined and what are
not.
Along the way, clean up some of the static analyzer diagnostics regarding the uses of uninitialized values.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81579 91177308-0d34-0410-b5e6-96231b3b80d8
Here we implement this as a precondition within GRExprEngine, even though it is
related to how BasicStoreManager and RegionStoreManager model 'self'
differently. Putting this as a high-level precondition is more general, which is
why it isn't in RegionStore.cpp.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@81378 91177308-0d34-0410-b5e6-96231b3b80d8
'dyn_cast' instead of 'cast' as the denominator value could be UnknownVal (and
is not guaranteed to be a DefinedVal).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80869 91177308-0d34-0410-b5e6-96231b3b80d8
Also fix a checker context bug: the Dst set is not always empty initially.
Because in GRExprEngine::CheckerVisit(), *CurrSet is used repeatedly.
So we removed the Dst.empty() condition in ~CheckerContext() when deciding
whether to do autotransision.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80786 91177308-0d34-0410-b5e6-96231b3b80d8
in the BugReport.
When all internal bug checking logic are moved to checkers, BuiltinBug will
not reference GRExprEngine, and FlushReports() will be not necessary, since
all bugs are emitted into the equivalent classes immediately.
For now just add a ctor with no arguments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80770 91177308-0d34-0410-b5e6-96231b3b80d8
motivated from Shark profiles that shows that 'markLive' was very
heavy when using --analyzer-store=region. On my benchmark file, this
reduces the analysis time for --analyzer-store=region from 19.5s to
13.5s and for --analyzer-store=basic from 5.3s to 3.5s. For the
benchmark file, this is a reduction of about 30% analysis time for
both analysis modes (a huge win).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80765 91177308-0d34-0410-b5e6-96231b3b80d8
space within the MemberExpr for the nested-name-specifier and its
source range. We'll do the same thing with explicitly-specified
template arguments, assuming I don't flip-flop again.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80642 91177308-0d34-0410-b5e6-96231b3b80d8
also be adding explicit template arguments as an additional
"adornment". No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80628 91177308-0d34-0410-b5e6-96231b3b80d8
pointers. Most logic cares first about whether or not a region is
symbolic, and second if represents code. This should fix a series of
silent corner case bugs (as well as simplify a bunch of code).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@80335 91177308-0d34-0410-b5e6-96231b3b80d8
Ted Kremenek
John McCall
Douglas Gregor
Benjamin Kramer
Zhongxing Xu
Mike Stump