Merge commit 'refs/am/changes/f5816a32e3a418490689b48c3f02c101c35394b5_swift/master' into HEAD

 Conflicts:
	lldb/source/DataFormatters/FormatManager.cpp
	lldb/source/DataFormatters/LanguageCategory.cpp

Author: adrian-prantl

clang/lib/StaticAnalyzer/Checkers/CStringChecker.cpp

@@ -290,9 +290,9 @@ ProgramStateRef CStringChecker::checkNonNull(CheckerContext &C,
       SmallString<80> buf;
       llvm::raw_svector_ostream OS(buf);
       assert(CurrentFunctionDescription);
-      OS << "Null pointer argument in call to " << CurrentFunctionDescription
-         << ' ' << IdxOfArg << llvm::getOrdinalSuffix(IdxOfArg)
-         << " parameter";
+      OS << "Null pointer passed as " << IdxOfArg
+         << llvm::getOrdinalSuffix(IdxOfArg) << " argument to "
+         << CurrentFunctionDescription;
 
       emitNullArgBug(C, stateNull, S, OS.str());
     }
@@ -1313,30 +1313,29 @@ void CStringChecker::evalMemcmp(CheckerContext &C, const CallExpr *CE) const {
     ProgramStateRef StSameBuf, StNotSameBuf;
     std::tie(StSameBuf, StNotSameBuf) = state->assume(SameBuf);
 
-    // If the two arguments might be the same buffer, we know the result is 0,
+    // If the two arguments are the same buffer, we know the result is 0,
     // and we only need to check one size.
-    if (StSameBuf) {
+    if (StSameBuf && !StNotSameBuf) {
       state = StSameBuf;
       state = CheckBufferAccess(C, state, Size, Left);
       if (state) {
         state = StSameBuf->BindExpr(CE, LCtx,
                                     svalBuilder.makeZeroVal(CE->getType()));
         C.addTransition(state);
       }
+      return;
     }
 
-    // If the two arguments might be different buffers, we have to check the
-    // size of both of them.
-    if (StNotSameBuf) {
-      state = StNotSameBuf;
-      state = CheckBufferAccess(C, state, Size, Left, Right);
-      if (state) {
-        // The return value is the comparison result, which we don't know.
-        SVal CmpV = svalBuilder.conjureSymbolVal(nullptr, CE, LCtx,
-                                                 C.blockCount());
-        state = state->BindExpr(CE, LCtx, CmpV);
-        C.addTransition(state);
-      }
+    // If the two arguments might be different buffers, we have to check
+    // the size of both of them.
+    assert(StNotSameBuf);
+    state = CheckBufferAccess(C, state, Size, Left, Right);
+    if (state) {
+      // The return value is the comparison result, which we don't know.
+      SVal CmpV =
+          svalBuilder.conjureSymbolVal(nullptr, CE, LCtx, C.blockCount());
+      state = state->BindExpr(CE, LCtx, CmpV);
+      C.addTransition(state);
     }
   }
 }
@@ -1536,7 +1535,10 @@ void CStringChecker::evalStrcpyCommon(CheckerContext &C, const CallExpr *CE,
                                       bool ReturnEnd, bool IsBounded,
                                       ConcatFnKind appendK,
                                       bool returnPtr) const {
-  CurrentFunctionDescription = "string copy function";
+  if (appendK == ConcatFnKind::none)
+    CurrentFunctionDescription = "string copy function";
+  else
+    CurrentFunctionDescription = "string concatenation function";
   ProgramStateRef state = C.getState();
   const LocationContext *LCtx = C.getLocationContext();
 

clang/lib/StaticAnalyzer/Checkers/LocalizationChecker.cpp

@@ -1078,7 +1078,10 @@ void EmptyLocalizationContextChecker::checkASTDecl(
     AnalysisDeclContext *DCtx = Mgr.getAnalysisDeclContext(M);
 
     const Stmt *Body = M->getBody();
-    assert(Body);
+    if (!Body) {
+      assert(M->isSynthesizedAccessorStub());
+      continue;
+    }
 
     MethodCrawler MC(M->getCanonicalDecl(), BR, this, Mgr, DCtx);
     MC.VisitStmt(Body);

clang/lib/StaticAnalyzer/Checkers/StreamChecker.cpp

@@ -64,6 +64,7 @@ class StreamChecker : public Checker<eval::Call,
 
   CallDescriptionMap<FnCheck> Callbacks = {
       {{"fopen"}, &StreamChecker::evalFopen},
+      {{"freopen", 3}, &StreamChecker::evalFreopen},
       {{"tmpfile"}, &StreamChecker::evalFopen},
       {{"fclose", 1}, &StreamChecker::evalFclose},
       {{"fread", 4},
@@ -90,6 +91,7 @@ class StreamChecker : public Checker<eval::Call,
   };
 
   void evalFopen(const CallEvent &Call, CheckerContext &C) const;
+  void evalFreopen(const CallEvent &Call, CheckerContext &C) const;
   void evalFclose(const CallEvent &Call, CheckerContext &C) const;
   void evalFseek(const CallEvent &Call, CheckerContext &C) const;
 
@@ -160,6 +162,49 @@ void StreamChecker::evalFopen(const CallEvent &Call, CheckerContext &C) const {
   C.addTransition(stateNull);
 }
 
+void StreamChecker::evalFreopen(const CallEvent &Call,
+                                CheckerContext &C) const {
+  ProgramStateRef State = C.getState();
+
+  auto *CE = dyn_cast_or_null<CallExpr>(Call.getOriginExpr());
+  if (!CE)
+    return;
+
+  Optional<DefinedSVal> StreamVal = Call.getArgSVal(2).getAs<DefinedSVal>();
+  if (!StreamVal)
+    return;
+  // Do not allow NULL as passed stream pointer.
+  // This is not specified in the man page but may crash on some system.
+  checkNullStream(*StreamVal, C, State);
+  // Check if error was generated.
+  if (C.isDifferent())
+    return;
+
+  SymbolRef StreamSym = StreamVal->getAsSymbol();
+  // Do not care about special values for stream ("(FILE *)0x12345"?).
+  if (!StreamSym)
+    return;
+
+  // Generate state for non-failed case.
+  // Return value is the passed stream pointer.
+  // According to the documentations, the stream is closed first
+  // but any close error is ignored. The state changes to (or remains) opened.
+  ProgramStateRef StateRetNotNull =
+      State->BindExpr(CE, C.getLocationContext(), *StreamVal);
+  // Generate state for NULL return value.
+  // Stream switches to OpenFailed state.
+  ProgramStateRef StateRetNull = State->BindExpr(CE, C.getLocationContext(),
+                                                 C.getSValBuilder().makeNull());
+
+  StateRetNotNull =
+      StateRetNotNull->set<StreamMap>(StreamSym, StreamState::getOpened());
+  StateRetNull =
+      StateRetNull->set<StreamMap>(StreamSym, StreamState::getOpenFailed());
+
+  C.addTransition(StateRetNotNull);
+  C.addTransition(StateRetNull);
+}
+
 void StreamChecker::evalFclose(const CallEvent &Call, CheckerContext &C) const {
   ProgramStateRef State = C.getState();
   if (checkDoubleClose(Call, C, State))

clang/lib/StaticAnalyzer/Core/RegionStore.cpp

@@ -1951,7 +1951,8 @@ RegionStoreManager::getBindingForFieldOrElementCommon(RegionBindingsConstRef B,
     if (hasSymbolicIndex)
       return UnknownVal();
 
-    if (!hasPartialLazyBinding)
+    // Additionally allow introspection of a block's internal layout.
+    if (!hasPartialLazyBinding && !isa<BlockDataRegion>(R->getBaseRegion()))
       return UndefinedVal();
   }
 

clang/test/Analysis/blocks.m

@@ -47,6 +47,10 @@ - (id)initWithFormat:(NSString *)format arguments:(va_list)argList __attribute__
 aslclient asl_open(const char *ident, const char *facility, uint32_t opts);
 int asl_log(aslclient asl, aslmsg msg, int level, const char *format, ...) __attribute__((__format__ (__printf__, 4, 5)));
 
+struct Block_layout {
+  int flags;
+};
+
 //===----------------------------------------------------------------------===//
 // Begin actual test cases.
 //===----------------------------------------------------------------------===//
@@ -241,3 +245,8 @@ void call_block_with_fewer_arguments() {
   b(); // expected-warning {{Block taking 1 argument is called with fewer (0)}}
 }
 #endif
+
+int getBlockFlags() {
+  int x = 0;
+  return ((struct Block_layout *)^{ (void)x; })->flags; // no-warning
+}

clang/test/Analysis/bsd-string.c

@@ -33,11 +33,11 @@ void f3() {
 }
 
 void f4() {
-  strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}}
+  strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
 }
 
 void f5() {
-  strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}}
+  strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
 }
 
 void f6() {

clang/test/Analysis/bstring.c

@@ -148,12 +148,12 @@ void memcpy9() {
 
 void memcpy10() {
   char a[4] = {0};
-  memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+  memcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void memcpy11() {
   char a[4] = {0};
-  memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+  memcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
 }
 
 void memcpy12() {
@@ -173,7 +173,7 @@ void memcpy_unknown_size (size_t n) {
 
 void memcpy_unknown_size_warn (size_t n) {
   char a[4];
-  void *result = memcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}}
+  void *result = memcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
   clang_analyzer_eval(result == a); // no-warning (above is fatal)
 }
 
@@ -268,12 +268,12 @@ void mempcpy9() {
 
 void mempcpy10() {
   char a[4] = {0};
-  mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+  mempcpy(0, a, 4); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void mempcpy11() {
   char a[4] = {0};
-  mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
+  mempcpy(a, 0, 4); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
 }
 
 void mempcpy12() {
@@ -327,7 +327,7 @@ void mempcpy16() {
 
 void mempcpy_unknown_size_warn (size_t n) {
   char a[4];
-  void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer argument in call to memory copy function}}
+  void *result = mempcpy(a, 0, n); // expected-warning{{Null pointer passed as 2nd argument to memory copy function}}
   clang_analyzer_eval(result == a); // no-warning (above is fatal)
 }
 
@@ -462,6 +462,12 @@ int memcmp7 (char *a, size_t x, size_t y, size_t n) {
          memcmp(&a[x*y], a, n);
 }
 
+int memcmp8(char *a, size_t n) {
+  char *b = 0;
+  // Do not warn about the first argument!
+  return memcmp(a, b, n); // expected-warning{{Null pointer passed as 2nd argument to memory comparison function}}
+}
+
 //===----------------------------------------------------------------------===
 // bcopy()
 //===----------------------------------------------------------------------===

clang/test/Analysis/cstring-ranges.c

@@ -2,6 +2,8 @@
 
 // This test verifies argument source range highlighting.
 // Otherwise we've no idea which of the arguments is null.
+// These days we actually also have it in the message,
+// but the range is still great to have.
 
 char *strcpy(char *, const char *);
 
@@ -10,6 +12,6 @@ void foo() {
   strcpy(a, b);
 }
 
-// CHECK: warning: Null pointer argument in call to string copy function
+// CHECK: warning: Null pointer passed as 1st argument to string copy function
 // CHECK-NEXT: strcpy(a, b);
 // CHECK-NEXT: ^      ~

clang/test/Analysis/localization-aggressive.m

@@ -293,3 +293,11 @@ - (void)testTakesLocalizedString {
   takesLocalizedString(@"not localized"); // expected-warning {{User-facing text should use localized string macro}}
 }
 @end
+
+@interface SynthesizedAccessors : NSObject
+@property (assign) NSObject *obj;
+@end
+
+@implementation SynthesizedAccessors
+// no-crash
+@end

clang/test/Analysis/null-deref-path-notes.c

@@ -13,40 +13,40 @@ void *memcpy(void *dest, const void *src, unsigned long count);
 
 void f1(char *source) {
   char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
-  memcpy(destination + 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                       // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination + 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                       // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void f2(char *source) {
   char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
-  memcpy(destination - 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                       // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination - 0, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                       // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void f3(char *source) {
   char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
   destination = destination + 0; // expected-note{{Null pointer value stored to 'destination'}}
-  memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                   // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                   // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void f4(char *source) {
   char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}}
   destination = destination - 0; // expected-note{{Null pointer value stored to 'destination'}}
-  memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                   // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                   // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void f5(char *source) {
   char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
   char *destination2 = destination1 + 0; // expected-note{{'destination2' initialized to a null pointer value}}
-  memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                    // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                    // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }
 
 void f6(char *source) {
   char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}}
   char *destination2 = destination1 - 0; // expected-note{{'destination2' initialized to a null pointer value}}
-  memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}}
-                                    // expected-note@-1{{Null pointer argument in call to memory copy function}}
+  memcpy(destination2, source, 10); // expected-warning{{Null pointer passed as 1st argument to memory copy function}}
+                                    // expected-note@-1{{Null pointer passed as 1st argument to memory copy function}}
 }

clang/test/Analysis/null-deref-ps-region.c

@@ -39,7 +39,7 @@ void bar() {
 
 void testConcreteNull() {
   int *x = 0;
-  memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}}
+  memset(x, 0, 1); // expected-warning {{Null pointer passed as 1st argument to memory set function}}
 }
 
 void testStackArray() {