GRStateManager. Having these references was an abstraction violation,
as they really should only be known about GRExprEngine.
This change required adding a new 'ProcessAssume' callback in
GRSubEngine. GRExprEngine implements this callback by calling
'EvalAssume' on all registered Checker objects as well as the
registered GRTransferFunc object.
llvm-svn: 92549
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.
Based on Lei Zhang's patch and discussion.
llvm-svn: 92342
migrate work in the destructors of PathDiagnosticClients from their
destructors to FlushReports(). The destructors now currently call
FlushReports(); this will be fixed in a subsequent patch.
llvm-svn: 86108
AnalysisManager periodically cleanup its AnalysisContextManager and LocationContextManager objects,
as they don't need to forever retain all the CFGs ever created when analyzing a file.
llvm-svn: 84684
avoid scanning for an "entry point" FunctionDecl if we (a) have no
translation unit actions and (b) no entry point function has been
specified.
llvm-svn: 82846
pruning of diagnostics that may be emitted multiple times. This is
accomplished by adding FoldingSet profiling support to PathDiagnostic,
and then having BugReporter record what diagnostics have been issued.
This was motived to a serious bug introduced by moving the
'divide-by-zero' checking outside of GRExprEngine into a separate
'Checker' class. When analyzing code using the '-fobjc-gc' option, a
given function would be analyzed twice, but the second time various
"internal checks" would be disabled to avoid emitting multiple
diagnostics (e.g., "null dereference") for the same issue. The
problem is that such checks also effect path pruning and don't just
emit diagnostics. This resulted in an assertion failure involving a
real divide-by-zero in some analyzed code where we would get an
assertion failure in APInt because the 'DivZero' check was disabled
and didn't prune the logic that resulted in the divide-by-zero in the
analyzer.
The implemented solution is somewhat of a hack, and may not perform
extremely well. This will need to be cleaned up over time.
As a regression test, 'misc-ps.m' has been modified so that its tests
are run using -fobjc-gc to test this diagnostic pruning behavior.
llvm-svn: 82198
Now AnalysisManager is the only place we can get CodeDecl.
This leads to an API change: GRState::bindExpr() now takes the CFG argument.
llvm-svn: 79980
and their impl base classes. This can greatly simply some code of the core
analysis engine. This patch merges ExplodedNodeImpl into ExplodedNode.
llvm-svn: 78270
created by AnalysisConsumer would be released by an instance of AnalysisManager
and then reused by later instances of AnalysisManager. Ownership of the
PathDiagnosticClient now belongs (for now) in AnalysisConsumer.
We also need this layering (for now) because the HTMLDiagnostiClient requires
that the entire translation unit be processed before emitting diagnostics. This
is done in its destructor (which should also be fixed, but that is another
issue).
This fixes PR 4653.
llvm-svn: 77648
Mike Stump