Douglas Gregor [Mon, 13 Aug 2012 15:47:39 +0000 (15:47 +0000)]
When the header file search resolves a quoted include to a file in the
current directory, propagate the framework and in-index-header-map
from the including header's information down to the included header's
information. Fixes <rdar://problem/11261291>.
As with everything header-map related, we can't really test this in
isolation within Clang, so it's tested elsewhere.
Dmitri Gribenko [Sat, 11 Aug 2012 00:51:43 +0000 (00:51 +0000)]
Attaching comments to declarations: find comment attached to any redeclaration
Not only look for the comment near the declaration itself, but also walk the
redeclaration chain: the previous declaration might have had a documentation
comment.
Jordan Rose [Fri, 10 Aug 2012 22:26:46 +0000 (22:26 +0000)]
[analyzer] Strip CXXBaseObjectRegions when devirtualizing method calls.
This was causing a crash when we tried to re-apply a base object region to
itself. It probably also caused incorrect offset calculations in RegionStore.
Jordan Rose [Fri, 10 Aug 2012 22:26:29 +0000 (22:26 +0000)]
[analyzer] Add clang_analyzer_checkInlined for debugging purposes.
This check is also accessible through the debug.ExprInspection checker.
Like clang_analyzer_eval, you can use it to test the analyzer engine's
current state; the argument should be true or false to indicate whether or
not you expect the function to be inlined.
When used in the positive case (clang_analyzer_checkInlined(true)), the
analyzer prints the message "TRUE" if the function is ever inlined. However,
clang_analyzer_checkInlined(false) should never print a message; this asserts
that there should be no paths on which the current function is inlined, but
then there are no paths on which to print a message! (If the assertion is
violated, the message "FALSE" will be printed.)
This asymmetry comes from the fact that the only other chance to print a
message is when the function is analyzed as a top-level function. However,
when we do that, we can't be sure it isn't also inlined elsewhere (such as
in a recursive function, or if we want to analyze in both general or
specialized cases). Rather than have all checkInlined calls have an appended,
meaningless "FALSE" or "TOP-LEVEL" case, there is just no message printed.
Chad Rosier [Fri, 10 Aug 2012 21:27:11 +0000 (21:27 +0000)]
[ms-inline asm] PatchMSAsmString() doesn't correctly patch non-simple asm
statements. Therefore, we can't pass the PatchedAsmString to the AsmParser
and expect things to work.
Ted Kremenek [Fri, 10 Aug 2012 20:50:00 +0000 (20:50 +0000)]
Fix horrible regression in control of warnings caused by introduction of -Wpedantic.
While -Wpedantic was reasonable, -Wno-pedantic would turn off a bunch of warnings that
are on by default. This counters the intention of this warning flag.
To fix this, -Wpedantic now includes extentions that are not on by default. The
remaining warnings will manifest anyway, and won't accidentally get turned off
by -Wno-pedantic.
Thread-safety-analysis: adds existential quantification over lock
expressions. The syntax &MyClass::mutex is interpreted as a
pattern that matches m->mutex for any object m of type MyClass.
Anna Zaks [Fri, 10 Aug 2012 18:56:01 +0000 (18:56 +0000)]
[analyzer] ObjC Inlining: add tests for ivars and properties.
TODO:
- Handle @syncronized properties.
- Always inline properties declared publicly (do not split the path).
This is tricky since there is no mapping from a Decl to the property in
the AST as far as I can tell.
Anna Zaks [Fri, 10 Aug 2012 18:55:53 +0000 (18:55 +0000)]
[analyzer] Optimize dynamic dispatch bifurcation by detecting the cases
when we don't need to split.
In some cases we know that a method cannot have a different
implementation in a subclass:
- the class is declared in the main file (private)
- all the method declarations (including the ones coming from super
classes) are in the main file.
This can be improved further, but might be enough for the heuristic.
(When we are too aggressive splitting the state, efficiency suffers.
When we fail to split the state coverage might suffer.)
John McCall [Fri, 10 Aug 2012 03:15:35 +0000 (03:15 +0000)]
Check access to friend declarations. There's a number of different
things going on here that were problematic:
- We were missing the actual access check, or rather, it was suppressed
on account of being a redeclaration lookup.
- The access check would naturally happen during delay, which isn't
appropriate in this case.
- We weren't actually emitting dependent diagnostics associated with
class templates, which was unfortunate.
- Access was being propagated incorrectly for friend method declarations
that couldn't be matched at parse-time.
Jordan Rose [Fri, 10 Aug 2012 01:06:16 +0000 (01:06 +0000)]
Update VerifyDiagnosticConsumer to only get directives during parsing.
The old behavior was to re-scan any files (like modules) where we may have
directives but won't actually be parsing during the -verify invocation.
Now, we keep the old behavior in Debug builds as a sanity check (though
modules are a known entity), and expect all legitimate directives to come
from comments seen by the preprocessor.
This also affects the ARC migration tool, which captures diagnostics in
order to filter some out. This change adds an explicit cleanup to
CaptureDiagnosticsConsumer in order to let its sub-consumer handle the
real end of diagnostics.
This was originally split into four patches, but the tests do not run
cleanly without all four, so I've combined them into one commit.
Patches by Andy Gibbs, with slight modifications from me.
Jordan Rose [Thu, 9 Aug 2012 22:55:54 +0000 (22:55 +0000)]
[analyzer] Merge RegionStore's KillStruct and CopyLazyBindings: BindAggregate.
Both methods need to clear out existing bindings and provide a new default
binding. Originally KillStruct always provided UnknownVal as the default,
but it's allowed symbolic values for quite some time (for handling returned
structs in C).
Jordan Rose [Thu, 9 Aug 2012 22:55:51 +0000 (22:55 +0000)]
[analyzer] Cluster bindings in RegionStore by base region.
This should speed up activities that need to access bindings by cluster,
such as invalidation and dead-bindings cleaning. In some cases all we save
is the cost of building the region cluster map, but other times we can
actually avoid traversing the rest of the store.
In casual testing, this produced a speedup of nearly 10% analyzing SQLite,
with /less/ memory used.
This was triggering -Woverloaded-virtual, but there's really no reason for
the cast version to be virtual anyway. It just calls through to the QualType
entry point.
Jordan Rose [Thu, 9 Aug 2012 21:24:02 +0000 (21:24 +0000)]
[analyzer] A CXXBaseObjectRegion should correspond to a DIRECT base.
An ASTContext's RecordLayoutInfo can only be used to look up offsets of
direct base classes, and we need the offset to make non-symbolic bindings
in RegionStore. This change makes sure that we have one layer of
CXXBaseObjectRegion for each base we are casting through.
Temporarily revert r161612 while we figure out just what the semantics
of PARALLEL_DIRS are. They apparantly aren't what either Nick, Eric, or
I thought. ;] Should let the bots make forward progress.
Recurse into the extra tools repo the correct way from the Makefile
build system. Thanks to Nick for pointing at the actual construct which
should be used here.
Dmitri Gribenko [Thu, 9 Aug 2012 18:20:29 +0000 (18:20 +0000)]
Comment to HTML and XML conversion: ignore commands that contain a declaration
as their argument. For example, \fn, \function, \typedef, \method, \class etc.
Anna Zaks [Thu, 9 Aug 2012 00:21:33 +0000 (00:21 +0000)]
[analyzer] Bifurcate the path with dynamic dispatch.
This is an initial (unoptimized) version. We split the path when
inlining ObjC instance methods. On one branch we always assume that the
type information for the given memory region is precise. On the other we
assume that we don't have the exact type info. It is important to check
since the class could be subclassed and the method can be overridden. If
we always inline we can loose coverage.
Allow the Makefile build system to find the extra repo if it is checked
out.
Unfortunately, the existing makefiles for the extra repo don't specify
the correct library dependencies. Fixing that next. If you're following
along, you'll get linker errors.
Eli Friedman [Wed, 8 Aug 2012 21:08:34 +0000 (21:08 +0000)]
Don't add attributes for "#pragma pack" and friends to tag declarations which
are not definitions. This follows the behavior of both gcc and earlier
versions of clang. Regression from r156531. <rdar://problem/12048621>.
Chad Rosier [Wed, 8 Aug 2012 20:37:31 +0000 (20:37 +0000)]
[ms-inline asm] Add a very simple test case. Basically, we're only testing for
crashers at the moment (and coincidentally this case was causing a crash).
Jordan Rose [Wed, 8 Aug 2012 18:23:36 +0000 (18:23 +0000)]
[analyzer] Clean up the printing of FieldRegions for leaks.
Unfortunately, generalized region printing is very difficult:
- ElementRegions are used both for casting and as actual elements.
- Accessing values through a pointer means going through an intermediate
SymbolRegionValue; symbolic regions are untyped.
- Referring to implicitly-defined variables like 'this' and 'self' could be
very confusing if they come from another stack frame.
We fall back to simply not printing the region name if we can't be sure it
will print well. This will allow us to improve in the future.
Jordan Rose [Wed, 8 Aug 2012 18:23:31 +0000 (18:23 +0000)]
[analyzer] Track malloc'd regions stored in structs.
The main blocker on this (besides the previous commit) was that
ScanReachableSymbols was not looking through LazyCompoundVals.
Once that was fixed, it's easy enough to clear out malloc data on return,
just like we do when we bind to a global region.
Jordan Rose [Wed, 8 Aug 2012 18:23:27 +0000 (18:23 +0000)]
[analyzer] Revamp RegionStore to distinguish regions with symbolic offsets.
RegionStore currently uses a (Region, Offset) pair to describe the locations
of memory bindings. However, this representation breaks down when we have
regions like 'array[index]', where 'index' is unknown. We used to store this
as (SubRegion, 0); now we mark them specially as (SubRegion, SYMBOLIC).
Furthermore, ProgramState::scanReachableSymbols depended on the existence of
a sub-region map, but RegionStore's implementation doesn't provide for such
a thing. Moving the store-traversing logic of scanReachableSymbols into the
StoreManager allows us to eliminate the notion of SubRegionMap altogether.
This fixes some particularly awkward broken test cases, now in
array-struct-region.c.
Chad Rosier [Wed, 8 Aug 2012 18:22:06 +0000 (18:22 +0000)]
[ms-inline asm] Add support for detecting simple ms-style inline asm. Simple
asm statements are those that don't reference variable names, function names,
and labels.
Add logic to generate a patched AsmString that will eventually be consumed by
the AsmParser. No functional change at this point, so unfortunately no test
case.
David Blaikie [Wed, 8 Aug 2012 17:33:31 +0000 (17:33 +0000)]
Implement warning for integral null pointer constants other than the literal 0.
This is effectively a warning for code that violates core issue 903 & thus will
become standard error in the future, hopefully. It catches strange null
pointers such as: '\0', 1 - 1, const int null = 0; etc...
There's currently a flaw in this warning (& the warning for 'false' as a null
pointer literal as well) where it doesn't trigger on comparisons (ptr == '\0'
for example). Fix to come in a future patch.
Also, due to this only being a warning, not an error, it triggers quite
frequently on gtest code which tests expressions for null-pointer-ness in a
SFINAE context (so it wouldn't be a problem if this was an error as in an
actual implementation of core issue 903). To workaround this for now, the
diagnostic does not fire in unevaluated contexts.
projects / clang / log