Jordan Rose [Fri, 3 May 2013 05:47:31 +0000 (05:47 +0000)]
[analyzer] Check the stack frame when looking for a var's initialization.
FindLastStoreBRVisitor is responsible for finding where a particular region
gets its value; if the region is a VarRegion, it's possible that value was
assigned at initialization, i.e. at its DeclStmt. However, if a function is
called recursively, the same DeclStmt may be evaluated multiple times in
multiple stack frames. FindLastStoreBRVisitor was not taking this into
account and just picking the first one it saw.
Jordan Rose [Fri, 3 May 2013 05:47:24 +0000 (05:47 +0000)]
[analyzer] Fix trackNullOrUndef when tracking args that have nil receivers.
There were actually two bugs here:
- if we decided to look for an interesting lvalue or call expression, we
wouldn't go find its node if we also knew we were at a (different) call.
- if we looked through one message send with a nil receiver, we thought we
were still looking at an argument to the original call.
Put together, this kept us from being able to track the right values, which
means sub-par diagnostics and worse false-positive suppression.
Adrian Prantl [Fri, 3 May 2013 00:44:13 +0000 (00:44 +0000)]
Attempt to un-break the gdb buildbot.
- Use the debug location of the return expression for the cleanup code
if the return expression is trivially evaluatable, regardless of the
number of stop points in the function.
- Ensure that any EH code in the cleanup still gets the line number of
the closing } of the lexical scope.
- Added a testcase with EH in the cleanup.
John McCall [Fri, 3 May 2013 00:10:13 +0000 (00:10 +0000)]
Move parsing of identifiers in MS-style inline assembly into
the actual parser and support arbitrary id-expressions.
We're actually basically set up to do arbitrary expressions here
if we wanted to.
Assembly operands permit things like A::x to be written regardless
of language mode, which forces us to embellish the evaluation
context logic somewhat. The logic here under template instantiation
is incorrect; we need to preserve the fact that an expression was
unevaluated. Of course, template instantiation in general is fishy
here because we have no way of delaying semantic analysis in the
MC parser. It's all just fishy.
I've also fixed the serialization of MS asm statements.
Ted Kremenek [Thu, 2 May 2013 23:56:33 +0000 (23:56 +0000)]
Change LocationContextMap to be a temporary instead of shared variable in BugReporter.
BugReporter is used to process ALL bug reports. By using a shared map,
we are having mappings from different PathDiagnosticPieces to LocationContexts
well beyond the point where we are processing a given report. This
state is inherently error prone, and is analogous to using a global
variable. Instead, just create a temporary map, one per report,
and when we are done with it we throw it away. No extra state.
Douglas Gregor [Thu, 2 May 2013 23:25:32 +0000 (23:25 +0000)]
Use attribute argument information to determine when to parse attribute arguments as expressions.
This change partly addresses a heinous problem we have with the
parsing of attribute arguments that are a lone identifier. Previously,
we would end up parsing the 'align' attribute of this as an expression
"(Align)":
The code that handles the alignment attribute would completely ignore
the parameter name, so the while the first of these would do what's
expected, the second would silently be equivalent to
i.e., use the maximal alignment rather than the specified alignment.
Address this by sniffing the "Args" provided in the TableGen
description of attributes. If the first argument is "obviously"
something that should be treated as an expression (rather than an
identifier to be matched later), parse it as an expression.
Douglas Gregor [Thu, 2 May 2013 23:08:12 +0000 (23:08 +0000)]
Use attribute argument information to determine when to parse attribute arguments as expressions.
This change partly addresses a heinous problem we have with the
parsing of attribute arguments that are a lone identifier. Previously,
we would end up parsing the 'align' attribute of this as an expression
"(Align)":
The code that handles the alignment attribute would completely ignore
the parameter name, so the while the first of these would do what's
expected, the second would silently be equivalent to
i.e., use the maximal alignment rather than the specified alignment.
Address this by sniffing the "Args" provided in the TableGen
description of attributes. If the first argument is "obviously"
something that should be treated as an expression (rather than an
identifier to be matched later), parse it as an expression.
Jordan Rose [Thu, 2 May 2013 19:51:20 +0000 (19:51 +0000)]
[analyzer] Don't try to evaluate MaterializeTemporaryExpr as a constant.
...and don't consider '0' to be a null pointer constant if it's the
initializer for a float!
Apparently null pointer constant evaluation looks through both
MaterializeTemporaryExpr and ImplicitCastExpr, so we have to be more
careful about types in the callers. For RegionStore this just means giving
up a little more; for ExprEngine this means handling the
MaterializeTemporaryExpr case explicitly.
Bill Wendling [Thu, 2 May 2013 19:18:03 +0000 (19:18 +0000)]
Use the Itanium ABI for thread_local on Darwin.
After some discussion, it was decided to use the Itanium ABI for thread_local on
Darwin OS X platforms. This involved a couple of changes. First, we use
"_tlv_atexit" instead of "__cxa_thread_atexit". Secondly, the global variables
are marked with 'internal' linkage, because we want all access to be calls to
the Itanium-specific entry point, which has normal linkage.
<rdar://problem/13733006>
Douglas Gregor [Thu, 2 May 2013 17:58:30 +0000 (17:58 +0000)]
When looking for the module associated with one of our magical builtin headers, speculatively load module maps.
The "magical" builtin headers are the headers we provide as part of
the C standard library, which typically comes from /usr/include. We
essentially merge our headers into that location (due to cyclic
dependencies). This change makes sure that, when header search finds
one of our builtin headers, we figure out which module it actually
lives in. This case is fairly rare; one ends up having to include one
of the few built-in C headers we provide before including anything
from /usr/include to trigger it. Fixes <rdar://problem/13787184>.
Adrian Prantl [Thu, 2 May 2013 17:30:20 +0000 (17:30 +0000)]
Ensure that the line table for functions with cleanups is sequential.
If there is cleanup code, the cleanup code gets the debug location of
the closing '}'. The subsequent ret IR-instruction does not get a
debug location. The return _expression_ will get the debug location
of the return statement.
If the function contains only a single, simple return statement,
the cleanup code may become the first breakpoint in the function.
In this case we set the debug location for the cleanup code
to the location of the return statement.
Hans Wennborg [Thu, 2 May 2013 13:12:32 +0000 (13:12 +0000)]
Make sure we define wchar_t related macros correctly in -fms-extensions mode.
This adds a test to make sure we define _WCHAR_T_DEFINED and
_NATIVE_WCHAR_T_DEFINED correctly in the preprocessor, and updates
stddef.h to set it when typedeffing wchar_t.
Jordan Rose [Thu, 2 May 2013 01:51:40 +0000 (01:51 +0000)]
[analyzer] RetainCountChecker: don't track through xpc_connection_set_context.
It is unfortunate that we have to mark these exceptions in multiple places.
This was already in CallEvent. I suppose it does let us be more precise
about saying /which/ arguments have their retain counts invalidated -- the
connection's is still valid even though the context object's isn't -- but
we're not tracking the retain count of XPC objects anyway.
Anton Yartsev [Thu, 2 May 2013 00:52:46 +0000 (00:52 +0000)]
[analyzer] scan-build for Windows
The patch allows Windows users to launch scan-build without any additional preparations in the same way as it described in http://clang-analyzer.llvm.org/scan-build.html. The only thing that should be done to make scan-build work from an arbitrary location is to add scan-build folder to the PATH environment variable.
Jordan Rose [Wed, 1 May 2013 23:10:44 +0000 (23:10 +0000)]
[analyzer] Consolidate constant evaluation logic in SValBuilder.
Previously, this was scattered across Environment (literal expressions),
ExprEngine (default arguments), and RegionStore (global constants). The
former special-cased several kinds of simple constant expressions, while
the latter two deferred to the AST's constant evaluator.
Now, these are all unified as SValBuilder::getConstantVal(). To keep
Environment fast, the special cases for simple constant expressions have
been left in, but the main benefits are that (a) unusual constants like
ObjCStringLiterals now work as default arguments and global constant
initializers, and (b) we're not duplicating code between ExprEngine and
RegionStore.
This actually caught a bug in our test suite, which is awesome: we stop
tracking allocated memory if it's passed as an argument along with some
kind of callback, but not if the callback is 0. We were testing this in
a case where the callback parameter had a default value, but that value
was 0. After this change, the analyzer now (correctly) flags that as a
leak!
Jordan Rose [Wed, 1 May 2013 22:39:31 +0000 (22:39 +0000)]
[analyzer] Don't inline the [cd]tors of C++ iterators.
This goes with r178516, which instructed the analyzer not to inline the
constructors and destructors of C++ container classes. This goes a step
further and does the same thing for iterators, so that the analyzer won't
falsely decide we're trying to construct an iterator pointing to a
nonexistent element.
The heuristic for determining whether something is an iterator is the
presence of an 'iterator_category' member. This is controlled under the
same -analyzer-config option as container constructor/destructor inlining:
'c++-container-inlining'.
Chad Rosier [Wed, 1 May 2013 19:50:45 +0000 (19:50 +0000)]
[inline asm] Add a test case for r180873. Test case needs to be on the clang
side because we need an inline asm diagnostics handler in place. Unfortunately,
we emit a .s file because we need to build the SelectionDAG to hit the backend
issue.
rdar://13446483
Richard Smith [Wed, 1 May 2013 19:00:39 +0000 (19:00 +0000)]
PR15884: In the 'taking the address of a temporary' extension, materialize the
temporary to an lvalue before taking its address. This removes a weird special
case from the AST representation, and allows the constant expression evaluator
to deal with it without (broken) hacks.
Jordan Rose [Wed, 1 May 2013 18:19:59 +0000 (18:19 +0000)]
Re-apply "[analyzer] Model casts to bool differently from other numbers."
This doesn't appear to be the cause of the slowdown. I'll have to try a
manual bisect to see if there's really anything there, or if it's just
the bot itself taking on additional load. Meanwhile, this change helps
with correctness.
This changes an assertion and adds a test case, then re-applies r180638,
which was reverted in r180714.
[ObjC declaration documentation] declaration of
types involving Objective-C pointers must have
their arc qualifiers elided as they don't
add any additional info. // rdar://13757500.
Point diagnostics that complain about a use of a selector in an objc message, to the selector location.
Previously it would point to the left bracket or the receiver, which can be particularly
problematic if the receiver is a block literal and we end up point the diagnostic far away
for the selector that is complaining about.
Richard Smith [Tue, 30 Apr 2013 21:34:13 +0000 (21:34 +0000)]
Revert r180739 and r180748: they broke C++11 thread_local on non-Darwin systems and did not do the right thing on Darwin.
Original commit message:
Emit the TLS intialization functions into a list.
Add the TLS initialization functions to a list of initialization functions. The
back-end takes this list and places the function pointers into the correct
section. This way they're called before `main().'
Summary:
Like Itanium, comparisons are basically bitwise comparisons of the two
values, with an exception for null member function pointers. If two
function pointers are null, only the function pointer field matters for
comparison purposes. The rest of the bits can be arbitrary. We take
advantage of this in isZeroInitializable(), and it may matter once we
start emitting conversions.
Richard Smith [Tue, 30 Apr 2013 13:56:41 +0000 (13:56 +0000)]
Don't treat a non-deduced 'auto' type as being type-dependent. Instead, there
are now two distinct canonical 'AutoType's: one is the undeduced 'auto'
placeholder type, and the other is a deduced-but-dependent type. All
deduced-to-a-non-dependent-type cases are still non-canonical.
Rafael Espindola [Tue, 30 Apr 2013 13:08:15 +0000 (13:08 +0000)]
Use {{.*}}suffix instead of [[TC]] in places where we print the toolchain
path with /. This matches linux-ld.c and should finish fixing this test on
windows.
Objective-C (mostly arc): Under ARC, we often have unneeded qualifiers
in the diagnostics. Remove them when reporting incompatible
Objective-C pointer types. // rdar://13752880.
[analyzer] Change PathPieces to be a wrapper around an ilist of (through indirection) PathDiagnosticPieces.
Much of this patch outside of PathDiagnostics.h are just minor
syntactic changes due to the return type for operator* and the like
changing for the iterator, so the real focus should be on
PathPieces itself.
This change is motivated so that we can do efficient insertion
and removal of individual pieces from within a PathPiece, just like
this was a kind of "IR" for static analyzer diagnostics. We
currently implement path transformations by iterating over an
entire PathPiece and making a copy. This isn't very natural for
some algorithms.
We use an ilist here instead of std::list because we want operations
to rip out/insert nodes in place, just like IR manipulation. This
isn't being used yet, but opens the door for more powerful
transformation algorithms on diagnostic paths.
Bill Wendling [Mon, 29 Apr 2013 22:27:16 +0000 (22:27 +0000)]
Emit the TLS intialization functions into a list.
Add the TLS initialization functions to a list of initialization functions. The
back-end takes this list and places the function pointers into the correct
section. This way they're called before `main().'
c language: diagnose use of "[*]" on any array dimension
in the parameter of a function definition. Currently,
it crashes in irgen if it is on other than the 1st dimension.
// rdar://13705391
At one point in time scan-view allowed absolute paths to reference files
within the server root, but this doesn't seem to be used anymore, and
caused problems if a server-root-relative path actually matched an
absolute path to an existing file. This patch just treats paths as
server-root-relative all the time.
Ben Langmuir [Mon, 29 Apr 2013 13:32:41 +0000 (13:32 +0000)]
Small CapturedStmt improvements
Add a CapturedStmt.h similar to Lambda.h to reduce the typing required to get
to the CapturedRegionKind enum. This also allows codegen to access this enum
without including Sema/ScopeInfo.h.
Also removes some duplicated code for capturing 'this' between CapturedStmt and
Lambda.
Richard Smith [Mon, 29 Apr 2013 10:13:55 +0000 (10:13 +0000)]
Implement DR580: access checks for template parameters of a class template are
performed within the context of that class template. Patch by Ismail Pazarbasi!
Richard Smith [Mon, 29 Apr 2013 08:45:27 +0000 (08:45 +0000)]
Fix an assertion failure / accepts-invalid in -fms-extensions mode. Don't build
a dependent-scope id expression when a templated member function of a
non-templated class references an unknown identifier, since instantiation won't
rebuild it (and we can tell at parse time that it'll never work). Based on a
patch by Faisal Vali!
Chad Rosier [Sat, 27 Apr 2013 01:14:43 +0000 (01:14 +0000)]
[driver] Revert r180652 and 180658 and temporarily #define MAXPATHLEN to
make the gdb tests and the Windows bots happy.
The Path::GetCurrentDirectory API is not equivalent to ::getcwd(), so
r180652 causes a gdb tests to fail. On the other hand, <sys/param.h>
isn't defined on Windows systems, so that causes Windows builds to fail.
rdar://12237559
Sean Callanan [Fri, 26 Apr 2013 22:49:25 +0000 (22:49 +0000)]
In the ASTImporter, when checking whether two
structs are compatible, check whether the fields
of the structs have the same name. This prevents
erroneous coalescing of (in particular) anonymous
structs.
Jordan Rose [Fri, 26 Apr 2013 21:43:01 +0000 (21:43 +0000)]
[analyzer] An ObjC for-in loop runs 0 times if the collection is nil.
In an Objective-C for-in loop "for (id element in collection) {}", the loop
will run 0 times if the collection is nil. This is because the for-in loop
is implemented using a protocol method that returns 0 when there are no
elements to iterate, and messages to nil will result in a 0 return value.
At some point we may want to actually model this message send, but for now
we may as well get the nil case correct, and avoid the false positives that
would come with this case.
projects / clang / log