Anna Zaks [Wed, 29 Aug 2012 21:22:37 +0000 (21:22 +0000)]
[analyzer] Improved diagnostic pruning for calls initializing values.
This heuristic addresses the case when a pointer (or ref) is passed
to a function, which initializes the variable (or sets it to something
other than '0'). On the branch where the inlined function does not
set the value, we report use of undefined value (or NULL pointer
dereference). The access happens in the caller and the path
through the callee would get pruned away with regular path pruning. To
solve this issue, we previously disabled diagnostic pruning completely
on undefined and null pointer dereference checks, which entailed very
verbose diagnostics in most cases. Furthermore, not all of the
undef value checks had the diagnostic pruning disabled.
This patch implements the following heuristic: if we pass a pointer (or
ref) to the region (on which the error is reported) into a function and
it's value is either undef or 'NULL' (and is a pointer), do not prune
the function.
Simon Atanasyan [Wed, 29 Aug 2012 19:59:32 +0000 (19:59 +0000)]
Use getTargetDefines() virtual function in MipsTargetInfoBase successors
to define all macros for MIPS targets. Remove redundant virtual function
getArchDefines(). Two virtual functions for this task are really too much.
Hans Wennborg [Wed, 29 Aug 2012 18:27:29 +0000 (18:27 +0000)]
Move TLS check from LValueExprEvaluator::VisitVarDecl to
CheckLValueConstantExpression.
Richard pointed out that using the address of a TLS variable is ok in a
core C++11 constant expression, as long as it isn't part of the eventual
result of constant expression evaluation. Having the check in
CheckLValueConstantExpression accomplishes this.
Fixed a problem with #pragma push_macro/pop_macro implementation.
Summary:
The problem was with the following sequence:
#pragma push_macro("long")
#undef long
#pragma pop_macro("long")
in case when "long" didn't represent a macro.
Fixed crash and removed code duplication for #undef/pop_macro case. Added regression tests.
Ted Kremenek [Wed, 29 Aug 2012 05:55:00 +0000 (05:55 +0000)]
Add new -cc1 driver option -analyzer-config, which allows one to specify
a comma separated collection of key:value pairs (which are strings). This
allows a general way to provide analyzer configuration data from the command line.
Jordan Rose [Wed, 29 Aug 2012 01:11:59 +0000 (01:11 +0000)]
[analyzer] C++ objects returned on the stack may be wrapped in ExprWithCleanups.
In C++, objects being returned on the stack are actually copy-constructed into
the return value. That means that when a temporary is returned, it still has
to be destroyed, i.e. the returned expression will be wrapped in an
ExprWithCleanups node. Our "returning stack memory" checker needs to look
through this node to see if we really are returning an object by value.
Summary:
Summary: Keep history of macro definitions and #undefs with corresponding source locations, so that we can later find out all macros active in a specified source location. We don't save the history in PCH (no need currently). Memory overhead is about sizeof(void*)*3*<number of macro definitions and #undefs>+<in-memory size of all #undef'd macros>
I've run a test on a file composed of 109 .h files from boost 1.49 on x86-64 linux.
Stats before this patch:
*** Preprocessor Stats:
73222 directives found:
19171 #define.
4345 #undef.
#include/#include_next/#import:
5233 source files entered.
27 max include stack depth
19210 #if/#ifndef/#ifdef.
2384 #else/#elif.
6891 #endif.
408 #pragma.
14466 #if/#ifndef#ifdef regions skipped
80023/451669/1270 obj/fn/builtin macros expanded, 85724 on the fast path.
127145 token paste (##) operations performed, 11008 on the fast path.
Stats with this patch:
...
Preprocessor Memory: 7541687B total
BumpPtr: 6066176
Macro Expanded Tokens: 417768
Predefines Buffer: 8135
Macros: 1048576
#pragma push_macro Info: 0
Poison Reasons: 1024
Comment Handlers: 8
In my test increase in memory usage is about 1.7Mb, which is ~28% of initial preprocessor's memory usage and about 0.8% of clang's total VMM allocation.
As for CPU overhead, it should only be noticeable when iterating over all macros, and should mostly consist of couple extra dereferences and one comparison per macro + skipping of #undef'd macros. It's less trivial to measure, though, as the preprocessor consumes a very small fraction of compilation time.
Manuel Klimek [Tue, 28 Aug 2012 23:26:39 +0000 (23:26 +0000)]
Modifes BoundNodes to store void* and allow casting them
into the correct types when pulling them out in the result
callback in a type safe way.
This is also the base change for multiple things that will
allow handling things more generally and thus supporting more
of the AST, especially handling Type nodes.
objective-C arc: ns_returns_retained is a type attribute in ARC,
and when used in property type declaration, is handled as type
attribute. Do not issue the warning when declaraing the property.
// rdar://12173491
Aaron Ballman [Tue, 28 Aug 2012 20:55:40 +0000 (20:55 +0000)]
Splitting the duplicated decl spec extension warning into two: one is an ExtWarn and the other a vanilla warning. This addresses PR13705, where const char const * wouldn't warn unless -pedantic was specified under the right conditions.
Jordan Rose [Tue, 28 Aug 2012 20:52:21 +0000 (20:52 +0000)]
[analyzer] Teach CallEventManager that CXXTemporaryObjectExpr is also a ctor.
Specifically, CallEventManager::getCaller was looking at the call site for
an inlined call and trying to see what kind of call it was, but it only
checked for CXXConstructExprClass. (It's not using an isa<> here to avoid
doing three more checks on the the statement class.)
This caused an unreachable when we actually did inline the constructor of a
temporary object.
Jordan Rose [Tue, 28 Aug 2012 20:52:13 +0000 (20:52 +0000)]
[analyzer] When we look for the last stmt in a function, skip implicit dtors.
When exiting a function, the analyzer looks for the last statement in the
function to see if it's a return statement (and thus bind the return value).
However, the search for "the last statement" was accepting statements that
were in implicitly-generated inlined functions (i.e. destructors). So we'd
go and get the statement from the destructor, and then say "oh look, this
function had no explicit return...guess there's no return value". And /that/
led to the value being returned being declared dead, and all our leak
checkers complaining.
CUDA: give static storage class to __shared__ and __constant__
variables without a storage class within a function, to implement
CUDA B.2.5: "__shared__ and __constant__ variables have implied static
storage [duration]."
Chad Rosier [Tue, 28 Aug 2012 20:33:49 +0000 (20:33 +0000)]
[ms-inline asm] Have generateAsmString() return the AsmString computed by Sema.
We still need to translate the string, but this at least gets us one step
closer to using the more general EmitAsmStmt() codegen function. No functional
change intended.
Chad Rosier [Tue, 28 Aug 2012 20:28:20 +0000 (20:28 +0000)]
[ms-inline asm] Add constraints to MSAsmStmt. We don't currently compute
the constraints, so in the interim we speculatively assume a 'r' constraint.
This is expected to work for most cases on x86.
Chad Rosier [Tue, 28 Aug 2012 18:54:39 +0000 (18:54 +0000)]
[ms-inline asm] Rename EmitGCCAsmStmt to EmitAsmStmt and have it accept
AsmStmts. This function is only used by GCCAsmStmts, however. Constraints need
to be properly computed before MSAsmStmts can use EmitAsmStmt. No functional
change intended.
Jordan Rose [Tue, 28 Aug 2012 18:16:45 +0000 (18:16 +0000)]
[analyzer] Don't purge dead symbols at the end of calls if -analyzer-purge=none.
No test case since this is a debug option that we will never turn on by
default since it makes the leak checkers much less useful. (We'll only report
leaks at the end of analysis if -analyzer-purge=none.)
Hans Wennborg [Tue, 28 Aug 2012 15:44:30 +0000 (15:44 +0000)]
Warn about suspicious implicit conversions from floating point to bool
This warns in two specific situations:
1) For potentially swapped function arguments, e.g.
void foo(bool, float);
foo(1.7, false);
2) Misplaced brackets around function call arguments, e.g.
bool InRange = fabs(a - b < delta);
Where the last argument in a function call is implicitly converted
from bool to float, and the function returns a float which gets
implicitly converted to bool.
Jordan Rose [Tue, 28 Aug 2012 00:50:51 +0000 (00:50 +0000)]
[analyzer] Rename addTrackNullOrUndefValueVisitor to trackNullOrUndefValue.
This helper function (in the clang::ento::bugreporter namespace) may add more
than one visitor, but conceptually it's tracking a single use of a null or
undefined value and should do so as best it can.
Also, the BugReport parameter has been made a reference to underscore that
it is non-optional.
Jordan Rose [Tue, 28 Aug 2012 00:50:45 +0000 (00:50 +0000)]
[analyzer] Refactor FindLastStoreBRVisitor to not find the store ahead of time.
As Anna pointed out to me offline, it's a little silly to walk backwards through
the graph to find the store site when BugReporter will do the exact same walk
as part of path diagnostic generation.
Jordan Rose [Tue, 28 Aug 2012 00:50:38 +0000 (00:50 +0000)]
[analyzer] Rename CallEvent::mayBeInlined to CallEvent::isCallStmt.
The two callers are using this in order to be conservative, so let's just
clarify the information that's actually being provided here. This is not
related to inlining decisions in any way.
[libclang] When determining the cursor via a location, ignore synthesized ivars otherwise
if we have something like:
@synthesize prop = _prop;
and '_prop' is not declared, we will encounter a '_prop' ivar before
encountering the 'prop' synthesize declaration and we will think that
we passed the region-of-interest, missing the cursor for 'prop'.
Simon Atanasyan [Mon, 27 Aug 2012 20:55:56 +0000 (20:55 +0000)]
MIPS: Use -G option to specify MIPS section threshold. Translate it
to the -mllvm -mips-ssection-threshold=<value> pair and pass to the frontend.
The patch suggested by Carl Norum.
Chad Rosier [Mon, 27 Aug 2012 20:23:31 +0000 (20:23 +0000)]
[ms-inline asm] Rename GenerateAsmString to generateAsmString to conform with
coding standards. Also, add stub for MSAsmStmt class as part of unifying
codegen logic for AsmStmts.
Manuel Klimek [Mon, 27 Aug 2012 18:49:12 +0000 (18:49 +0000)]
This is a temporary solution until we have a better way to
parse doxygen comments for macros with libclang.
I'm not entirely happy about this script, but as it saves
a lot of work in keeping the docs up to date with the
actual code I think checking it in makes sense.
Jordan Rose [Mon, 27 Aug 2012 18:39:22 +0000 (18:39 +0000)]
[analyzer] Don't inline constructors for objects allocated with operator new.
Because the CXXNewExpr appears after the CXXConstructExpr in the CFG, we don't
actually have the correct region to construct into at the time we decide
whether or not to inline. The long-term fix (discussed in PR12014) might be to
introduce a new CFG node (CFGAllocator) that appears before the constructor.
Tracking the short-term fix in <rdar://problem/12180598>.
Jordan Rose [Mon, 27 Aug 2012 17:50:07 +0000 (17:50 +0000)]
[analyzer] Inline constructors for any object with a trivial destructor.
This allows us to better reason about status objects, like Clang's own
llvm::Optional (when its contents are trivially destructible), which are
often intended to be passed around by value.
We still don't inline constructors for temporaries in the general case.
Jordan Rose [Sat, 25 Aug 2012 01:06:23 +0000 (01:06 +0000)]
[analyzer] Use the common evalBind infrastructure for initializers.
This allows checkers (like the MallocChecker) to process the effects of the
bind. Previously, using a memory-allocating function (like strdup()) in an
initializer would result in a leak warning.
This does bend the expectations of checkBind a bit; since there is no
assignment expression, the statement being used is the initializer value.
In most cases this shouldn't matter because we'll use a PostInitializer
program point (rather than PostStmt) for any checker-generated nodes, though
we /will/ generate a PostStore node referencing the internal statement.
(In theory this could have funny effects if someone actually does an
assignment within an initializer; in practice, that seems like it would be
very rare.)
Richard Smith [Sat, 25 Aug 2012 00:32:28 +0000 (00:32 +0000)]
-fcatch-undefined-behavior: add the -ftrapv checks to the set of things caught
by this mode, and also check for signed left shift overflow. The rules for the
latter are a little subtle:
* neither C89 nor C++98 specify the behavior of a signed left shift at all
* in C99 and C11, shifting a 1 bit into the sign bit has undefined behavior
* in C++11, with core issue 1457, shifting a 1 bit *out* of the sign bit has
undefined behavior
As of this change, we use the C99 rules for all C language variants, and the
C++11 rules for all C++ language variants. Once we have individual
-fcatch-undefined-behavior= flags, this should be revisited.
objective-C: Do not warn if align attribute on method
declaration is not provided. It is only necessary on
the method implementation. // rdar://11593375
projects / clang / log