we now may have identical states with different analysis context.
Set the right AnalysisContext in state when entering and leaving a callee.
With both of the above changes, we can pass the test case.
llvm-svn: 97724
After discussion with Zhongxing, don't force the initializer of DeclStmts to be
block-level expressions.
This led to some interesting fallout:
[UninitializedValues]
Always visit the initializer of DeclStmts (do not assume they are block-level expressions).
[BasicStore]
With initializers of DeclStmts no longer block-level expressions, this causes self-referencing initializers (e.g. 'int x = x') to no longer cause the initialized variable to be live before the DeclStmt. While this is correct, it caused BasicStore::RemoveDeadBindings() to prune off the values of these variables from the initial store (where they are set to uninitialized). The fix is to back-port some (and only some) of the lazy-binding logic from RegionStore to
BasicStore. Now the default values of local variables are determined lazily as opposed
to explicitly initialized.
llvm-svn: 97591
Use this information to find the returned value and bind it to CallExpr in
ProcessCallExit.
And there is no need to remove dead bindings in ProcessCallExit, because
a. it would clean up the return value bound to CallExpr
b. we still would do it in the next ProcessStmt(), where we would not misclean
up the return value.
llvm-svn: 97225
This patch implements the CallEnter/CallExit idea of Ted.
Add two interfaces to GRSubEngine: ProcessCallEnter, ProcessCallExit.
The CallEnter program point uses caller's location context. The
CallExit program point uses callee's location context.
CallEnter is built by GRStmtNodeBuilder. CallExit is built by
GREndPathNodeBuilder.
llvm-svn: 97122
to various MacOS X functions. The checks in BasicObjCFoundationChecks.cpp will
gradually be migrated here.
As a first check, check that when 'dispatch_once()' is passed a predicate value
that has non-local storage.
llvm-svn: 97116
to various unix/posix functions, e.g. 'open()'.
As a first check, check that when 'open()' is passed 'O_CREAT' that it has
a third argument.
llvm-svn: 97086
pointer (for defensive programming). This matches the behavior with
assigning NULL to a regular pointer. Fixes <rdar://problem/7631278>.
llvm-svn: 96985
of operating on each code decl. This exposes two flaws in AnalysisConsumer
that should eventually be fixed:
(1) It is not possible to associate multiple "actions" with a single
command line argument. This will require the notion of an
"analysis" group, and possibly tablegen support. (although eventually
we want to support dynamically loading analyses as well)
(2) AnalysisConsumer may not actually be scanning the declarations in namespaces.
We'll experiment first in LLVMConventionsChecker before changing the
behavior in AnalysisConsumer.
llvm-svn: 96183
Currently these checks are intended to be largely syntactical, but may get more
sophisticated over time.
As an initial foray into this brave new world, emit a static analyzer warning
when binding a temporary 'std::string' to an 'llvm::StringRef' where the
lifetime of the 'std::string' does not outlive the 'llvm::StringRef'.
llvm-svn: 96147
NULL, not the store, to determine if a lookup succeeded. The store
can be null if it contained no bindings. This fixes a false positive
reported to me by a user of the analyzer.
llvm-svn: 95679
Zhongxing Xu