When the solver and SValBuilder cannot reason about symbolic expressions (ex: (x+1)*y ), the analyzer conjures a new symbol with no ties to the past. This helps it to recover some path-sensitivity. However, this breaks the taint propagation.

With this commit, we are going to construct the expression even if we cannot reason about it later on if an operand is tainted.

Also added some comments and asserts.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144932 91177308-0d34-0410-b5e6-96231b3b80d8

Make 'LangOptions' in CompilerInvocation a heap-allocated, reference counted object.  I discovered that llvm::RefCountedBase<T> has
a bug where the reference count is copied in the copy constructor, which means that there were cases when the CompilerInvocation
objects created by ASTUnit were actually leaked.  When I fixed that bug locally, it showed that a whole bunch of code assumed
that the LangOptions object that was part of CompilerInvocation was still alive.  By making it heap-allocated and reference counted,
we can keep it around after the CompilerInvocation object goes away.

As part of this change, change CompilerInvocation:getLangOptions() to return a pointer, acting as another clue that this
object may outlive the CompilerInvocation object.

This commit doesn't fix the CompilerInvocation leak itself.  That will come when I commit the fix to llvm::RefCountedBase<T> to
mainline LLVM.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144930 91177308-0d34-0410-b5e6-96231b3b80d8

Simplify crash cleanup logic in ASTUnit::LoadFromCommandLine() by zeroing out two IntrusiveRefCnt pointers after we have assigned their respective values into fields of ASTUnit.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144929 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144928 91177308-0d34-0410-b5e6-96231b3b80d8

Naming could be improved.. But we should first rename the classes in the SVal hierarchy.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144927 91177308-0d34-0410-b5e6-96231b3b80d8

and base-to-derived casts, and add proper handling of temporaries.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144926 91177308-0d34-0410-b5e6-96231b3b80d8

preprocess/parse a header, report back with an actual module (which
may be a submodule) rather than just the name of the module.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144925 91177308-0d34-0410-b5e6-96231b3b80d8

modules (obviously) describe frameworks, and understand the header
layout of frameworks.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144921 91177308-0d34-0410-b5e6-96231b3b80d8

file as a virtual file with the stored modification time and size.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144916 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144897 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144887 91177308-0d34-0410-b5e6-96231b3b80d8

Revert r132539 for now, "My testing shows that function stat has no problem with trailing separators. (tested on Windows and Darwin)."

It caused PR10331. MSVCRT stat() cannot strip trailing '/'. (can '\')

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144884 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144883 91177308-0d34-0410-b5e6-96231b3b80d8

In Microsoft mode, make "Unqualified lookup into dependent bases of class templates" works  inside default argument instantiation.

This is a little bit tricky because during default argument instantiation the CurContext points to a CXXMethodDecl but we can't use the keyword this or have an implicit member call generated.

This fixes 2 errors when parsing MFC code with clang.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144881 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144880 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144879 91177308-0d34-0410-b5e6-96231b3b80d8

into a module. This module can either be loaded from a module map in
the framework directory (which isn't quite working yet) or inferred
from an umbrella header (which does work, and replaces the existing
hack).



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144877 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144871 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144870 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144869 91177308-0d34-0410-b5e6-96231b3b80d8

other coverage that actually properly checks features such that this test is not
really adding value anymore.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144868 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144862 91177308-0d34-0410-b5e6-96231b3b80d8

when cross compiling under the current organization.
 - See verbose comment for explanation, justification, and how to fix.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144860 91177308-0d34-0410-b5e6-96231b3b80d8

the umbrella header's directory and its subdirectories are part of the
module (that's why it's an umbrella). Make sure that these headers are
considered to be part of the module for lookup purposes.



git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144859 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144850 91177308-0d34-0410-b5e6-96231b3b80d8

The code for checking Neon builtin pointer argument types was assuming that
there would only be one pointer argument.  But, for vld2-4 builtins, the first
argument is a special sret pointer where the result will be stored.  So,
instead of scanning all the arguments to find a pointer, have TableGen figure
out the index of the pointer argument that needs checking.  That's better than
scanning all the arguments regardless.  <rdar://problem/10448804>

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144834 91177308-0d34-0410-b5e6-96231b3b80d8

Manager. Added test to ensure proper binding of initialized values.
This patch fixes PR11249.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144831 91177308-0d34-0410-b5e6-96231b3b80d8

file in the source manager. This allows us to properly create and use
modules described by module map files without umbrella headers (or
with incompletely umbrella headers). More generally, we can actually
build a PCH file that makes use of  file -> buffer remappings, which
could be useful in libclang in the future.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144830 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144829 91177308-0d34-0410-b5e6-96231b3b80d8

Change the ArrayBoundCheckerV2 to be more aggressive in reporting buffer overflows
when the offset is tainted. Previously, we did not report bugs when the state was
underconstrained (not enough information about the bound to determine if there is
an overflow) to avoid false positives. However, if we know that the buffer
offset is tainted - comes in from the user space and can be anything, we should
report it as a bug.

+ The very first example of us catching a taint related bug.
This is the only example we can currently handle. More to come...

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144826 91177308-0d34-0410-b5e6-96231b3b80d8

The checker is responsible for defining attack surface and adding taint to symbols.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144825 91177308-0d34-0410-b5e6-96231b3b80d8

TaintTag.h will contain definitions of different taint kinds and their properties.
TaintManager will be responsible for implementing taint specific operations, storing taint.
ProgramState will provide API to add/remove taint.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144824 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144823 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144822 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144821 91177308-0d34-0410-b5e6-96231b3b80d8

many checkers are trying to get a name of the callee when visiting
a CallExpr, so provide a convenience API.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144820 91177308-0d34-0410-b5e6-96231b3b80d8

Clang. It isn't any more, and we're not going to twist the code around
to make it work.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144815 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144800 91177308-0d34-0410-b5e6-96231b3b80d8

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144799 91177308-0d34-0410-b5e6-96231b3b80d8

header, create our own in-memory buffer to parse all of the
appropriate headers, and use that to build the module. This isn't
end-to-end testable yet; that's coming next.


git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144797 91177308-0d34-0410-b5e6-96231b3b80d8