Jordan Rose [Sat, 23 Mar 2013 01:21:33 +0000 (01:21 +0000)]
[analyzer] Teach constraint managers about unsigned comparisons.
In C, comparisons between signed and unsigned numbers are always done in
unsigned-space. Thus, we should know that "i >= 0U" is always true, even
if 'i' is signed. Similarly, "u >= 0" is also always true, even though '0'
is signed.
Part of <rdar://problem/13239003> (false positives related to std::vector)
Jordan Rose [Sat, 23 Mar 2013 01:21:29 +0000 (01:21 +0000)]
[analyzer] Loc-Loc operations (subtraction or comparison) produce a NonLoc.
For two concrete locations, we were producing another concrete location and
then casting it to an integer. We should just create a nonloc::ConcreteInt
to begin with.
Jordan Rose [Sat, 23 Mar 2013 01:21:26 +0000 (01:21 +0000)]
[analyzer] CmpRuns.py: Accept single files as input.
This allows us to compare two direct invocations of the analyzer on a
single source file without having to wrap the output plists in their
own directories.
Jordan Rose [Sat, 23 Mar 2013 01:21:16 +0000 (01:21 +0000)]
[analyzer] Translate "a != b" to "(b - a) != 0" in the constraint manager.
Canonicalizing these two forms allows us to better model containers like
std::vector, which use "m_start != m_finish" to implement empty() but
"m_finish - m_start" to implement size(). The analyzer should have a
consistent interpretation of these two symbolic expressions, even though
it's not properly reasoning about either one yet.
The other unfortunate thing is that while the size() expression will only
ever be written "m_finish - m_start", the comparison may be written
"m_finish == m_start" or "m_start == m_finish". Right now the analyzer does
not attempt to canonicalize those two expressions, since it doesn't know
which length expression to pick. Doing this correctly will probably require
implementing unary minus as a new SymExpr kind (<rdar://problem/12351075>).
For now, the analyzer inverts the order of arguments in the comparison to
build the subtraction, on the assumption that "begin() != end()" is
written more often than "end() != begin()". This is purely speculation.
Jordan Rose [Sat, 23 Mar 2013 01:21:05 +0000 (01:21 +0000)]
[analyzer] Use SymExprs to represent '<loc> - <loc>' and '<loc> == <loc>'.
We just treat this as opaque symbols, but even that allows us to handle
simple cases where the same condition is tested twice. This is very common
in the STL, which means that any project using the STL gets spurious errors.
documentation parsing: when providing code completion comment
for a getter used in property-dot syntax, if geter has its own
comment use it. // rdar://12791315
Richard Smith [Sat, 23 Mar 2013 00:30:08 +0000 (00:30 +0000)]
If a .syms file is available alongside a sanitizer runtime, pass it to the
linker via --dynamic-list instead of using --export-dynamic. This reduces the
size of the dynamic symbol table, and thus of the binary (in some cases by up
to ~30%).
Bill Wendling [Fri, 22 Mar 2013 21:33:46 +0000 (21:33 +0000)]
Use RequireCompleteType() instead of isIncompleteType().
isIncompleteType() returns true or false for template types depending on whether
the type is instantiated yet. In this context, that's arbitrary. The better way
to check for a complete type is RequireCompleteType().
Jordan Rose [Fri, 22 Mar 2013 21:15:33 +0000 (21:15 +0000)]
Revert "[analyzer] Break cycles (optionally) when trimming an ExplodedGraph."
The algorithm used here was ridiculously slow when a potential back-edge
pointed to a node that already had a lot of successors. The previous commit
makes this feature unnecessary anyway.
Jordan Rose [Fri, 22 Mar 2013 21:15:28 +0000 (21:15 +0000)]
[analyzer] Use a forward BFS instead of a reverse BFS to find shortest paths.
For a given bug equivalence class, we'd like to emit the report with the
shortest path. So far to do this we've been trimming the ExplodedGraph to
only contain relevant nodes, then doing a reverse BFS (starting at all the
error nodes) to find the shortest paths from the root. However, this is
fairly expensive when we are suppressing many bug reports in the same
equivalence class.
r177468-9 tried to solve this problem by breaking cycles during graph
trimming, then updating the BFS priorities after each suppressed report
instead of recomputing the whole thing. However, breaking cycles is not
a cheap operation because an analysis graph minus cycles is still a DAG,
not a tree.
This fix changes the algorithm to do a single forward BFS (starting from the
root) and to use that to choose the report with the shortest path by looking
at the error nodes with the lowest BFS priorities. This was Anna's idea, and
has the added advantage of requiring no update step: we can just pick the
error node with the next lowest priority to produce the next bug report.
[PCH/Modules] De/Serialize MacroInfos separately than MacroDirectives.
-Serialize the macro directives history into its own section
-Get rid of the macro updates section
-When de/serializing an identifier from a module, associate only one macro per
submodule that defined+exported it.
Reid Kleckner [Fri, 22 Mar 2013 19:02:54 +0000 (19:02 +0000)]
[ms-cxxabi] Implement member data pointers for non-dynamic classes
Summary:
For non-dynamic classes (no virtual bases), member data pointers are
simple offsets from the base of the record. Dynamic classes use an
aggregate for member data pointers and are therefore currently
unsupported.
Unlike Itanium, the ms ABI uses 0 to represent null for polymorphic
classes. Non-polymorphic classes use -1 like Itanium, since 0 is a
valid field offset.
Douglas Gregor [Fri, 22 Mar 2013 18:50:14 +0000 (18:50 +0000)]
<rdar://problem/13479539> Simplify ModuleManager/GlobalModuleIndex interaction to eliminate a pile of extraneous stats().
The refactoring in r177367 introduced a serious performance bug where
the "lazy" resolution of module file names in the global module index
to actual module file entries in the module manager would perform
repeated negative stats(). The new interaction requires the module
manager to inform the global module index when a module file has been
loaded, eliminating the extraneous stat()s and a bunch of bookkeeping
on both sides.
documentation parsing. Provide code completion comment
for self.GetterName where GetterName is the getter method
for a property with name different from the property name
(declared via a property getter attribute) // rdar://12791315
Daniel Jasper [Fri, 22 Mar 2013 10:01:29 +0000 (10:01 +0000)]
Make clang-format understand more line comments.
Apparently one needs to set LangOptions.LineComment.
Before "//* */" got reformatted to "/ /* */" as the lexer was returning
the token sequence (slash, comment). This could also lead to weird other
stuff, e.g. for people that like to using comments like:
//****************
John McCall [Fri, 22 Mar 2013 02:10:40 +0000 (02:10 +0000)]
Fix a crash-on-valid where a block capture copy expression was
picking up cleanups from earlier in the statement. Also fix a
crash-on-invalid where a reference to an invalid decl from an
enclosing scope was causing an expression to fail to build, but
only *after* a cleanup was registered from that statement,
causing an assertion downstream.
Richard Smith [Fri, 22 Mar 2013 00:47:07 +0000 (00:47 +0000)]
ubsan: Pass floating-point arguments to the runtime by value if they fit the
value argument. If not, be sure we don't accidentally use a dynamic alloca.
Douglas Gregor [Fri, 22 Mar 2013 00:10:49 +0000 (00:10 +0000)]
<rdar://problem/13479214> Make Clang's <stddef.h> robust against system headers defining size_t/ptrdiff_t/wchar_t.
Clang's <stddef.h> provides definitions for the C standard library
types size_t, ptrdiff_t, and wchar_t. However, the system's C standard
library headers tend to provide the same typedefs, and the two
generally avoid each other using the macros
_SIZE_T/_PTRDIFF_T/_WCHAR_T. With modules, however, we need to see
*all* of the places where these types are defined, so provide the
typedefs (ignoring the macros) when modules are enabled.
Douglas Gregor [Thu, 21 Mar 2013 21:48:48 +0000 (21:48 +0000)]
<rdar://problem/13477190> Give the Clang module cache directory some structure, so it's easier to find.
We now put the Clang module cache in
<system-temp-directory>/org.llvm.clang/ModuleCache. Perhaps some day
there will be other caches under <system-temp-directory>/org.llvm.clang>.
Objective-C: Tighten the rules when warning
is issused for on overriding 'readwrite'
property which is not auto-synthesized.
Buttom line is that if hueristics determine
that there will be a user implemented setter,
no warning will be issued. // rdar://13388503
Summary:
1. When splitting one-line block comment, use indentation and *s.
2. Remove trailing whitespace from all lines of a comment, not only the ones being splitted.
3. Add backslashes for all lines if a comment is used insed a preprocessor directive.
David Blaikie [Wed, 20 Mar 2013 23:57:15 +0000 (23:57 +0000)]
Debug info - generalize namespace test to not depend on a DW_TAG_file_type entry
This isn't necessary & with the next change to LLVM the DW_TAG_file_type entry
won't be emitted at all - only the raw filename/directory pair, so match on
that directly instead.
Richard Smith [Wed, 20 Mar 2013 23:49:07 +0000 (23:49 +0000)]
Split ubsan runtime into three pieces (clang part):
* libclang_rt-san-* is sanitizer_common, and is linked in only if no other
sanitizer runtime is present.
* libclang_rt-ubsan-* is the piece of the runtime which doesn't depend on
a C++ ABI library, and is always linked in.
* libclang_rt-ubsan_cxx-* is the piece of the runtime which depends on a
C++ ABI library, and is only linked in when linking a C++ binary.
This change also switches us to using -whole-archive for the ubsan runtime
(which is made possible by the above split), and switches us to only linking
the sanitizer runtime into the main binary and not into DSOs (which is made
possible by using -whole-archive).
The motivation for this is to only link a single copy of sanitizer_common
into any binary. This is becoming important now because we want to share
more state between multiple sanitizers in the same process (for instance,
we want a single shared output mutex).
The Darwin ubsan runtime is unchanged; because we use a DSO there, we don't
need this complexity.
James Dennett [Wed, 20 Mar 2013 21:30:03 +0000 (21:30 +0000)]
Documentation cleanup for MacroInfo.
* Clarify what MacroInfo::isBuiltinMacro means, as it really means something
more like "isMagicalMacro" or "requiresProcessingBeforeExpansion" -- the
macros defined in "<built-in>" are not considered built-in by this function;
* Escape __LINE__ as \__LINE__ in Doxygen comments so that the underscores
don't get replaced by *bold* output;
* Turn comments in MacroInfo.cpp into non-Doxygen comments, so that they
don't result in duplicated/badly formatted Doxygen output;
* Clean up a bunch of \brief formatting, and add a \file comment for
MacroInfo.h.
Douglas Gregor [Wed, 20 Mar 2013 21:10:35 +0000 (21:10 +0000)]
<rdar://problem/12368093> Extend module maps with a 'conflict' declaration, and warn when a newly-imported module conflicts with an already-imported module.
Jordan Rose [Wed, 20 Mar 2013 20:36:01 +0000 (20:36 +0000)]
[analyzer] Don't invalidate globals when there's no call involved.
This fixes some mistaken condition logic in RegionStore that caused
global variables to be invalidated when /any/ region was invalidated,
rather than only as part of opaque function calls. This was only
being used by CStringChecker, and so users will now see that strcpy()
and friends do not invalidate global variables.
Also, add a test case we don't handle properly: explicitly-assigned
global variables aren't being invalidated by opaque calls. This is
being tracked by <rdar://problem/13464044>.
Jordan Rose [Wed, 20 Mar 2013 20:35:57 +0000 (20:35 +0000)]
[analyzer] Track malloc'd memory into struct fields.
Due to improper modelling of copy constructors (specifically, their
const reference arguments), we were producing spurious leak warnings
for allocated memory stored in structs. In order to silence this, we
decided to consider storing into a struct to be the same as escaping.
However, the previous commit has fixed this issue and we can now properly
distinguish leaked memory that happens to be in a struct from a buffer
that escapes within a struct wrapper.
Originally applied in r161511, reverted in r174468.
<rdar://problem/12945937>
Jordan Rose [Wed, 20 Mar 2013 20:35:48 +0000 (20:35 +0000)]
[analyzer] Remove strip of ElementRegion in CallEvent::invalidateRegions.
This is a bit of old code trying to deal with the fact that functions that
take pointers often use them to access an entire array via pointer
arithmetic. However, RegionStore already conservatively assumes you can use
pointer arithmetic to access any part of a region.
Some day we may want to go back to handling this specifically for calls,
but we can do that in the future.
David Blaikie [Wed, 20 Mar 2013 19:10:57 +0000 (19:10 +0000)]
Enhance debug info namespace test to check for context/scope reference
The #line directive is mostly for backend testing (keeping these files matching
should simplify maintenance somewhat) though the corresponding backend test
improvement/update doesn't verify the file information directly just yet.
Coming in a later iteration.
Do the error recovery for @end only.
I am not sure how much we can improve for
when a randon ObjC keyword is thrown into the
ivar decl. block. // rdar://6854840
Manman Ren [Wed, 20 Mar 2013 16:59:38 +0000 (16:59 +0000)]
Exploit this-return of a callsite in a this-return function.
For constructors/desctructors that return 'this', if there exists a callsite
that returns 'this' and is immediately before the return instruction, make
sure we are using the return value from the callsite.
We don't need to keep 'this' alive through the callsite. It also enables
optimizations in the backend, such as tail call optimization.
Rafael Espindola [Wed, 20 Mar 2013 03:05:54 +0000 (03:05 +0000)]
Remove the Tools DensMap from the toolchain.
Each toolchain has a set of tools, but they are all of known types. It can
have a linker, an assembler, a "clang" (compile, analyze, ...) a non-clang
compiler, etc.
Instead of keeping a map, just have member variable for each type of tool.
Nick Lewycky [Wed, 20 Mar 2013 02:14:38 +0000 (02:14 +0000)]
The flag "-coverage-function-names-in-data" is actually backwards -- we do
emit function names in .gcda files by default, and the flag turns that off!
Rename the flag to make it match what it actually does. This keeps the default
format compatible with gcc 4.2.
Reid Kleckner [Wed, 20 Mar 2013 01:40:23 +0000 (01:40 +0000)]
[ms-cxxabi] Fix assertion on unhandled function template arg types
This code was changed in r158376 to get template argument source info
for better diagnostics, but the current code asserts for any kind of
unsupported template argument before it can issue a diagnostic. This change
goes back to the Itanium implementation of isTemplate() and puts the argument
index into the diagnostic instead of a source location.
Nick Lewycky [Wed, 20 Mar 2013 01:38:16 +0000 (01:38 +0000)]
Make clang emit linkage names in debug info for subprograms when coverage info
is enabled. Also add a new -test-coverage cc1 flag which makes testing coverage
possible and add our first clang-side coverage test.