Richard Smith [Tue, 14 Aug 2012 03:13:00 +0000 (03:13 +0000)]
Fix undefined behavior in code completion, caught by
-fcatch-undefined-behavior. Don't try to fit 34 different flags
into 32 bits. Also, don't use 32-bit signed left shifts for this.
Richard Smith [Tue, 14 Aug 2012 01:28:02 +0000 (01:28 +0000)]
Fix undefined behavior (and wrong code, as far as I can tell) in NEON builtin
tablegen code, found by -fcatch-undefined-behavior. I would appreciate if
someone more familiar with the NEON code could point me in the direction of how
to write a test for this. We appear to have essentially no test coverage
whatsoever for these builtins.
Anna Zaks [Tue, 14 Aug 2012 00:36:17 +0000 (00:36 +0000)]
[analyzer] Disable autorelease pool tracking.
The autorelease pool has not been implemented completely: we were adding
the autoreleased symbols to the state, but never looking at them. Until
we have a complete implementation, remove the overhead and comment out
the unused code.
Anna Zaks [Tue, 14 Aug 2012 00:36:15 +0000 (00:36 +0000)]
[analyzer] Refactor RetainReleaseChecker to go through a function call
to set/get/remove the RefBinding.
No functional change here. Having these setter and getter methods will
make it much easier when replacing the underlining representation of
RefBindings (I just went through the exercise). It makes the code more
readable as well.
Jordan Rose [Mon, 13 Aug 2012 23:46:05 +0000 (23:46 +0000)]
[analyzer] Reduce code duplication: make CXXDestructorCall a CXXInstanceCall.
While there is now some duplication between SimpleCall and the CXXInstanceCall
sub-hierarchy, this is much better than copy-and-pasting the devirtualization
logic shared by both instance methods and destructors.
An unfortunate side effect is that there is no longer a single CallEvent type
that corresponds to "calls written as CallExprs". For the most part this is a
good thing, but the checker callback eval::Call still takes a CallExpr rather
than a CallEvent (since we're not sure if we want to allow checkers to
evaluate other kinds of calls). A mistake here will be caught by a cast<> in
CheckerManager::runCheckersForEvalCall.
Jordan Rose [Mon, 13 Aug 2012 23:46:01 +0000 (23:46 +0000)]
[analyzer] Be more careful when downcasting for devirtualization.
Virtual base regions are never layered, so simply stripping them off won't
necessarily get you to the correct casted class. Instead, what we want is
the same logic for evaluating dynamic_cast: strip off base regions if possible,
but add new base regions if necessary.
Jordan Rose [Mon, 13 Aug 2012 22:11:42 +0000 (22:11 +0000)]
[analyzer] Handle dynamic_casts that turn out to be upcasts.
This can occur with multiple inheritance, which jumps from one parent to
the other, and with virtual inheritance, since virtual base regions always
wrap the actual object and can't be nested within other base regions.
This also exposed some incorrect logic for multiple inheritance: even if B
is known not to derive from C, D might still derive from both of them.
Jordan Rose [Mon, 13 Aug 2012 22:11:34 +0000 (22:11 +0000)]
[analyzer] Don't strip CXXBaseObjectRegions when checking dynamic_casts.
...and /do/ strip CXXBaseObjectRegions when casting to a virtual base class.
This allows us to enforce the invariant that a CXXBaseObjectRegion can always
provide an offset for its base region if its base region has a known class
type, by only allowing virtual bases and direct non-virtual bases to form
CXXBaseObjectRegions.
This does mean some slight problems for our modeling of dynamic_cast, which
needs to be resolved by finding a path from the current region to the class
we're trying to cast to.
Richard Smith [Mon, 13 Aug 2012 21:29:18 +0000 (21:29 +0000)]
PR13570: When an unresolved overloaded call appeared in a dependent context, we
forgot to set it as being instantiation-dependent as well as being type- and
value-dependent.
Douglas Gregor [Mon, 13 Aug 2012 16:37:30 +0000 (16:37 +0000)]
When looking for the comment associated with a declaration, adjust the
'templated' declaration for a function or class template to refer to
the function or class template itself, to which the documentation will
be attached. Fixes PR13593.
Douglas Gregor [Mon, 13 Aug 2012 15:47:39 +0000 (15:47 +0000)]
When the header file search resolves a quoted include to a file in the
current directory, propagate the framework and in-index-header-map
from the including header's information down to the included header's
information. Fixes <rdar://problem/11261291>.
As with everything header-map related, we can't really test this in
isolation within Clang, so it's tested elsewhere.
Dmitri Gribenko [Sat, 11 Aug 2012 00:51:43 +0000 (00:51 +0000)]
Attaching comments to declarations: find comment attached to any redeclaration
Not only look for the comment near the declaration itself, but also walk the
redeclaration chain: the previous declaration might have had a documentation
comment.
Jordan Rose [Fri, 10 Aug 2012 22:26:46 +0000 (22:26 +0000)]
[analyzer] Strip CXXBaseObjectRegions when devirtualizing method calls.
This was causing a crash when we tried to re-apply a base object region to
itself. It probably also caused incorrect offset calculations in RegionStore.
Jordan Rose [Fri, 10 Aug 2012 22:26:29 +0000 (22:26 +0000)]
[analyzer] Add clang_analyzer_checkInlined for debugging purposes.
This check is also accessible through the debug.ExprInspection checker.
Like clang_analyzer_eval, you can use it to test the analyzer engine's
current state; the argument should be true or false to indicate whether or
not you expect the function to be inlined.
When used in the positive case (clang_analyzer_checkInlined(true)), the
analyzer prints the message "TRUE" if the function is ever inlined. However,
clang_analyzer_checkInlined(false) should never print a message; this asserts
that there should be no paths on which the current function is inlined, but
then there are no paths on which to print a message! (If the assertion is
violated, the message "FALSE" will be printed.)
This asymmetry comes from the fact that the only other chance to print a
message is when the function is analyzed as a top-level function. However,
when we do that, we can't be sure it isn't also inlined elsewhere (such as
in a recursive function, or if we want to analyze in both general or
specialized cases). Rather than have all checkInlined calls have an appended,
meaningless "FALSE" or "TOP-LEVEL" case, there is just no message printed.
Chad Rosier [Fri, 10 Aug 2012 21:27:11 +0000 (21:27 +0000)]
[ms-inline asm] PatchMSAsmString() doesn't correctly patch non-simple asm
statements. Therefore, we can't pass the PatchedAsmString to the AsmParser
and expect things to work.
Ted Kremenek [Fri, 10 Aug 2012 20:50:00 +0000 (20:50 +0000)]
Fix horrible regression in control of warnings caused by introduction of -Wpedantic.
While -Wpedantic was reasonable, -Wno-pedantic would turn off a bunch of warnings that
are on by default. This counters the intention of this warning flag.
To fix this, -Wpedantic now includes extentions that are not on by default. The
remaining warnings will manifest anyway, and won't accidentally get turned off
by -Wno-pedantic.
Thread-safety-analysis: adds existential quantification over lock
expressions. The syntax &MyClass::mutex is interpreted as a
pattern that matches m->mutex for any object m of type MyClass.
Anna Zaks [Fri, 10 Aug 2012 18:56:01 +0000 (18:56 +0000)]
[analyzer] ObjC Inlining: add tests for ivars and properties.
TODO:
- Handle @syncronized properties.
- Always inline properties declared publicly (do not split the path).
This is tricky since there is no mapping from a Decl to the property in
the AST as far as I can tell.
Anna Zaks [Fri, 10 Aug 2012 18:55:53 +0000 (18:55 +0000)]
[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases
when we don't need to split.
In some cases we know that a method cannot have a different
implementation in a subclass:
- the class is declared in the main file (private)
- all the method declarations (including the ones coming from super
classes) are in the main file.
This can be improved further, but might be enough for the heuristic.
(When we are too aggressive splitting the state, efficiency suffers.
When we fail to split the state coverage might suffer.)
John McCall [Fri, 10 Aug 2012 03:15:35 +0000 (03:15 +0000)]
Check access to friend declarations. There's a number of different
things going on here that were problematic:
- We were missing the actual access check, or rather, it was suppressed
on account of being a redeclaration lookup.
- The access check would naturally happen during delay, which isn't
appropriate in this case.
- We weren't actually emitting dependent diagnostics associated with
class templates, which was unfortunate.
- Access was being propagated incorrectly for friend method declarations
that couldn't be matched at parse-time.
Jordan Rose [Fri, 10 Aug 2012 01:06:16 +0000 (01:06 +0000)]
Update VerifyDiagnosticConsumer to only get directives during parsing.
The old behavior was to re-scan any files (like modules) where we may have
directives but won't actually be parsing during the -verify invocation.
Now, we keep the old behavior in Debug builds as a sanity check (though
modules are a known entity), and expect all legitimate directives to come
from comments seen by the preprocessor.
This also affects the ARC migration tool, which captures diagnostics in
order to filter some out. This change adds an explicit cleanup to
CaptureDiagnosticsConsumer in order to let its sub-consumer handle the
real end of diagnostics.
This was originally split into four patches, but the tests do not run
cleanly without all four, so I've combined them into one commit.
Patches by Andy Gibbs, with slight modifications from me.
Jordan Rose [Thu, 9 Aug 2012 22:55:54 +0000 (22:55 +0000)]
[analyzer] Merge RegionStore's KillStruct and CopyLazyBindings: BindAggregate.
Both methods need to clear out existing bindings and provide a new default
binding. Originally KillStruct always provided UnknownVal as the default,
but it's allowed symbolic values for quite some time (for handling returned
structs in C).
Jordan Rose [Thu, 9 Aug 2012 22:55:51 +0000 (22:55 +0000)]
[analyzer] Cluster bindings in RegionStore by base region.
This should speed up activities that need to access bindings by cluster,
such as invalidation and dead-bindings cleaning. In some cases all we save
is the cost of building the region cluster map, but other times we can
actually avoid traversing the rest of the store.
In casual testing, this produced a speedup of nearly 10% analyzing SQLite,
with /less/ memory used.
This was triggering -Woverloaded-virtual, but there's really no reason for
the cast version to be virtual anyway. It just calls through to the QualType
entry point.
Jordan Rose [Thu, 9 Aug 2012 21:24:02 +0000 (21:24 +0000)]
[analyzer] A CXXBaseObjectRegion should correspond to a DIRECT base.
An ASTContext's RecordLayoutInfo can only be used to look up offsets of
direct base classes, and we need the offset to make non-symbolic bindings
in RegionStore. This change makes sure that we have one layer of
CXXBaseObjectRegion for each base we are casting through.
Temporarily revert r161612 while we figure out just what the semantics
of PARALLEL_DIRS are. They apparantly aren't what either Nick, Eric, or
I thought. ;] Should let the bots make forward progress.
Recurse into the extra tools repo the correct way from the Makefile
build system. Thanks to Nick for pointing at the actual construct which
should be used here.
Dmitri Gribenko [Thu, 9 Aug 2012 18:20:29 +0000 (18:20 +0000)]
Comment to HTML and XML conversion: ignore commands that contain a declaration
as their argument. For example, \fn, \function, \typedef, \method, \class etc.
Anna Zaks [Thu, 9 Aug 2012 00:21:33 +0000 (00:21 +0000)]
[analyzer] Bifurcate the path with dynamic dispatch.
This is an initial (unoptimized) version. We split the path when
inlining ObjC instance methods. On one branch we always assume that the
type information for the given memory region is precise. On the other we
assume that we don't have the exact type info. It is important to check
since the class could be subclassed and the method can be overridden. If
we always inline we can loose coverage.
Allow the Makefile build system to find the extra repo if it is checked
out.
Unfortunately, the existing makefiles for the extra repo don't specify
the correct library dependencies. Fixing that next. If you're following
along, you'll get linker errors.