Jordan Rose [Thu, 15 Nov 2012 20:10:05 +0000 (20:10 +0000)]
[analyzer] Fix a use-after-free introduced in r168019.
In code like this:
void foo() {
bar();
baz();
}
...the location for the call to 'bar()' was being used as a backup location
for the call to 'baz()'. This is fine unless the call to 'bar()' is deemed
uninteresting and that part of the path deleted.
(This looks like a logic error as well, but in practice the only way 'baz()'
could have an invalid location is if the entire body of 'foo()' is
synthesized, meaning the call to 'bar()' will be using the location of the
call to 'foo()' anyway. Nevertheless, the new version better matches the
intent of the code.)
Found by Matt Beaumont-Gay using ASan. Thanks, Matt!
Jordan Rose [Thu, 15 Nov 2012 19:11:43 +0000 (19:11 +0000)]
[analyzer] Report leaks at the closing brace of a function body.
This fixes a few cases where we'd emit path notes like this:
+---+
1| v
p = malloc(len);
^ |2
+---+
In general this should make path notes more consistent and more correct,
especially in cases where the leak happens on the false branch of an if
that jumps directly to the end of the function. There are a couple places
where the leak is reported farther away from the cause; these are usually
cases where there are several levels of nested braces before the end of
the function. This still matches our current behavior for when there /is/
a statement after all the braces, though.
Jordan Rose [Thu, 15 Nov 2012 19:11:27 +0000 (19:11 +0000)]
[analyzer] Mark symbol values as dead in the environment.
This allows us to properly remove dead bindings at the end of the top-level
stack frame, using the ReturnStmt, if there is one, to keep the return value
live. This in turn removes the need for a check::EndPath callback in leak
checkers.
This does cause some changes in the path notes for leak checkers. Previously,
a leak would be reported at the location of the closing brace in a function.
Now, it gets reported at the last statement. This matches the way leaks are
currently reported for inlined functions, but is less than ideal for both.
block extended signatur option. Change previous option
to a cc1 -fencode-extended-block-signature and pass it
to cc1 and recognize this option to produce extended block
type signature. // rdar://12109031
Benjamin Kramer [Thu, 15 Nov 2012 15:18:42 +0000 (15:18 +0000)]
Do not cache a pointer to ExprEvalContexts.back().
It may become a dangling pointer if the underlying SmallVector reallocates.
Sadly the testcase is really large and doesn't reduce well because of
SmallVector's reallocation patterns.
Lang Hames [Thu, 15 Nov 2012 07:51:26 +0000 (07:51 +0000)]
Make -ffp-contract a codegen option, rather than a laguage option. This makes
more sense anyway - it determines how expressions are codegen'd. It also ensures
that -ffp-contract=fast has the intended effect when compiling LLVM IR.
Jordan Rose [Thu, 15 Nov 2012 02:07:23 +0000 (02:07 +0000)]
[analyzer] Make sure calls in synthesized functions have valid path locations.
We do this by using the "most recent" good location: if a synthesized
function 'A' calls another function 'B', the path notes for the call to 'B'
will be placed at the same location as the path note for calling 'A'.
Similarly, the call to 'A' will have a note saying "Entered call from...",
and now we just don't emit that (since the user doesn't have a body to look
at anyway).
Previously, we were doing this for the "Calling..." notes, but not for the
"Entered call from..." or "Returning to caller". This caused a crash when
the path entered and then exiting a call within a synthesized body.
Richard Smith [Thu, 15 Nov 2012 00:31:27 +0000 (00:31 +0000)]
Per [basic.lookup.classref]p3, in an expression of the form p->~type-name, the
type-name is looked up in the context of the complete postfix-expression. Don't
forget to pass the scope into this lookup when the type-name is a template-id;
it might name an alias template which can't be found within the class itself.
Eli Friedman [Thu, 15 Nov 2012 00:29:07 +0000 (00:29 +0000)]
Fix DiagnoseBitwisePrecedence so it doesn't cast "-1" to the type
BinaryOperator::Opcode. This is bad form, and the behavior of the static_cast
in this case is unspecified according to the standard.
Fixes a warning that showed up from r167992 on self-host.
Richard Smith [Wed, 14 Nov 2012 23:55:25 +0000 (23:55 +0000)]
Add -cc1 option -fno-diagnostics-use-presumed-location, a handy mode for
working with preprocessed testcases. This causes source locations in
diagnostics to point at the spelling location instead of the presumed location,
while still keeping the semantic effects of the line directives (entering and
leaving system-header mode, primarily).
objective-C blocks: under cc1 flag -encode-extended-block-signature,
generate expanded signature encoding to include types as we
already do this for protocol method lists.
// rdar://12109031
Richard Trieu [Wed, 14 Nov 2012 22:50:24 +0000 (22:50 +0000)]
Improve -Wtautological-constant-out-of-range-compare by taking into account
type conversion between integers. This allows the warning to be more accurate.
Also, turned the warning off in an analyzer test. The relavent test cases
are covered by the tests in Sema.
Eli Friedman [Wed, 14 Nov 2012 22:09:59 +0000 (22:09 +0000)]
When evaluating variably modified types for function parameters, dig out the
type as written from the ParmVarDecl; it's unclear whether the standard
(C99 6.9.1p10) requires this, but we're following the precedent set by gcc,
and hopefully nobody will ever ask about this again.
NAKAMURA Takumi [Wed, 14 Nov 2012 21:45:43 +0000 (21:45 +0000)]
ParseTemplate.cpp: Prune obsolete descriptions in ParseSingleDeclarationAfterTemplate(), for now. [-Wdocumentation]
/// \param TemplateParams if non-NULL, the template parameter lists
/// that preceded this declaration. In this case, the declaration is a
/// template declaration, out-of-line definition of a template, or an
/// explicit template specialization. When NULL, the declaration is an
/// explicit template instantiation.
///
/// \param TemplateLoc when TemplateParams is NULL, the location of
/// the 'template' keyword that indicates that we have an explicit
/// template instantiation.
In ExpressionEvaluationContextRecord manage LambdaMangle with a shared
pointer, otherwise we will double free it when ExpressionEvaluationContextRecord
gets copied.
Fixes crash in rdar://12645424 & http://llvm.org/PR14252
John McCall [Wed, 14 Nov 2012 17:48:31 +0000 (17:48 +0000)]
The ObjC++-to-C++ personality trick is only necessary on NeXT runtimes,
which is not coincidentally the only place it works, either (because
of how it tests for EH_TYPE symbols).
Richard Smith [Wed, 14 Nov 2012 07:36:28 +0000 (07:36 +0000)]
PR14279: Work around this major miscompilation by treating move operations as
non-trivial if they would not call a move operation, even if they would in fact
call a trivial copy operation. A proper fix is to follow, but this small
directed fix is intended for porting to the 3.2 release branch.
Richard Smith [Wed, 14 Nov 2012 07:06:31 +0000 (07:06 +0000)]
When we have a MemberExpr referring to an overloaded static member function,
and we resolve it to a specific function based on the type which it's used as,
don't forget to mark it as referenced.
NAKAMURA Takumi [Wed, 14 Nov 2012 02:21:48 +0000 (02:21 +0000)]
SemaTemplateDeduction.cpp: Prune two obsolete descriptions. [-Wdocumentation]
* getMostSpecialized()
/// \param Index if non-NULL and the result of this function is non-nULL,
/// receives the index corresponding to the resulting function template
/// specialization.
* DeduceTemplateArguments()
/// \param Name the name of the function being called. This is only significant
/// when the function template is a conversion function template, in which
/// case this routine will also perform template argument deduction based on
/// the function to which
Eli Friedman [Wed, 14 Nov 2012 02:18:46 +0000 (02:18 +0000)]
Suppress elided variadic macro argument extension diagnostic for macros using
the related comma pasting extension.
In certain cases, we used to get two diagnostics for what is essentially one
extension. This change suppresses the first diagnostic in certain cases
where we know we're going to print the second diagnostic. The
diagnostic is redundant, and it can't be suppressed in the definition
of the macro because it points at the use of the macro, so we want to
avoid printing it if possible.
The implementation works by detecting constructs which look like comma
pasting at the time of the definition of the macro; this information
is then used when the macro is used. (We can't actually detect
whether we're using the comma pasting extension until the macro is
actually used, but we can detecting constructs which will be comma
pasting if the varargs argument is elided.)
David Blaikie [Wed, 14 Nov 2012 01:52:05 +0000 (01:52 +0000)]
Provide the correct mangling and linkage for certain unnamed nested classes.
This corrects the mangling and linkage of classes (& their member functions) in
cases like this:
struct foo {
struct {
void func() { ... }
} x;
};
we were accidentally giving this nested unnamed struct 'no' linkage where it
should've had the linkage of the outer class. The mangling was incorrecty too,
mangling as TU-wide unnamed type mangling of $_X rather than class-scoped
mangling of UtX_.
This also fixes -Wunused-member-function which would incorrectly diagnose
'func' as unused due to it having no linkage & thus appearing to be TU-local
when in fact it might be correctly used in another TU.
Similar mangling should be applied to function local classes in similar cases
but I've deferred that for a subsequent patch.
Review/discussion by Richard Smith, John McCall, & especially Eli Friedman.
Richard Smith [Wed, 14 Nov 2012 00:50:40 +0000 (00:50 +0000)]
Remove another questionable use of hasTrivial*. The relevant thing for this
test was whether the /selected/ operator= was trivial, not whether the class
had any trivial (or any non-trivial) operator=s.
John McCall [Wed, 14 Nov 2012 00:49:39 +0000 (00:49 +0000)]
Accept and pass arguments to __unknown_anytype in argument
positions of Objective-C methods.
It is possible to recover a lot of type information about
Objective-C methods from the reflective metadata for their
implementations. This information is not rich when it
comes to struct types, however, and it is not possible to
produce a type in the debugger's round-tripped AST which
will really do anything useful during type-checking.
Therefore we allow __unknown_anytype in these positions,
which essentially disables type-checking for that argument.
We infer the parameter type to be the unqualified type of
the argument expression unless that expression is an
explicit cast, in which case it becomes the type-as-written
of that cast.
Nico Weber [Tue, 13 Nov 2012 22:09:44 +0000 (22:09 +0000)]
[ms] Make mangleIntegerLiteral less aware of exact type of the literal.
Integer literal mangling does not actually depend on exact type of the literal.
This will simplify calling mangleIntegerLiteral when literal type is not known,
for example, when sizes or offsets are mangled as integer literals.
Also, call mangleNumber instead of directly printing mangled values of 0/1, to
avoid this knowledge from being in multiple places.
Kaelyn Uhrain [Tue, 13 Nov 2012 21:23:31 +0000 (21:23 +0000)]
For classes that have the warn_unused_result attribute, don't apply the
attribute to the class' methods even when they return an instance of the
class (e.g. assignment operators).
Benjamin Kramer [Tue, 13 Nov 2012 15:32:35 +0000 (15:32 +0000)]
This patch makes the behavior of clang consistent with the behavior of gcc 4.6 in cases where both -fPIC and -fPIE is used.
- Separately check if -fPIE was specified in the command line and define both __PIC__ and __PIE__ when -fPIE is used. We need to check this separately because -fPIE will infer -fPIC even if its not explicitly used.
- Fixed existing tests.
- Added new tests for cases where both -fPIC and -fPIE is used.
Author: Tareq A. Siraj <tareq.a.siraj@intel.com> Fixes: PR13221
Review: http://llvm-reviews.chandlerc.com/D94
Anna Zaks [Tue, 13 Nov 2012 03:18:01 +0000 (03:18 +0000)]
Fix a Malloc Checker FP by tracking return values from initWithCharacter
and other functions.
When these functions return null, the pointer is not freed by
them/ownership is not transfered. So we should allow the user to free
the pointer by calling another function when the return value is NULL.
Bill Wendling [Tue, 13 Nov 2012 02:31:58 +0000 (02:31 +0000)]
Use the 'count' attribute instead of the 'upper_bound' attribute.
If we have a type 'int a[1]' and a type 'int b[0]', the generated DWARF is the
same for both of them because we use the 'upper_bound' attribute. Instead use
the 'count' attrbute, which gives the correct number of elements in the array.
<rdar://problem/12566646>
Bill Wendling [Tue, 13 Nov 2012 00:54:24 +0000 (00:54 +0000)]
Disable accelerator tables when compiling with LTO.
LTO doesn't generate correct accelerator tables. This is due to the general lack
correct of debug info for LTO. Disable it when using LTO.
<rdar://problem/12401423>
Richard Smith [Tue, 13 Nov 2012 00:54:12 +0000 (00:54 +0000)]
Fix some wrong-code bugs in implicitly-defined assignment operators:
- In C++11, perform overload resolution over all assignment operators, rather than just looking for copy/move assignment operators.
- Clean up after temporaries produced by operator= immediately, rather than accumulating them until the end of the function.
Ted Kremenek [Tue, 13 Nov 2012 00:12:13 +0000 (00:12 +0000)]
Fix bad CFG construction bug when handling C++ 'try' statements.
This code assigned the last created CFGBlock* to the variable 'Block',
which is a scratch variable which is null'ed out after a block is
completed. By assigning the last created block to 'Block', we start
editing a completed block, inserting CFGStmts that should be in
another block. This was the case with 'try'. The test case that
showed this had a while loop inside a 'try', and the logic before
the while loop was being included as part of the "condition block"
for the loop. This showed up as a bogus dead store, but could
have lots of implications.
Turns out this bug was replicated a few times within CFG.cpp, so
I went and fixed up those as well.
Nick Lewycky [Tue, 13 Nov 2012 00:08:34 +0000 (00:08 +0000)]
When filtering the list of associated namespaces so that we don't suggest people
add functions to namespace 'std', also filter out namespaces with '__' anywhere
in the name.
Kaelyn Uhrain [Mon, 12 Nov 2012 23:48:05 +0000 (23:48 +0000)]
Enable C++11 attribute syntax for warn_unused_result and allow it to be
applied to CXXRecordDecls, where functions with that return type will
inherit the warn_unused_result attribute.
Also includes a tiny fix (with no discernable behavior change for
existing code) to re-sync AttributeDeclKind enum and
err_attribute_wrong_decl_type with warn_attribute_wrong_decl_type since
the enum is used with both diagnostic messages to chose the correct
description.
Anna Zaks [Mon, 12 Nov 2012 23:40:29 +0000 (23:40 +0000)]
[analyzer] Follow up to r167762 - precisely determine the adjustment
conditions.
The adjustment is needed only in case of dynamic dispatch performed by
the analyzer - when the runtime declaration is different from the static
one.
Document this explicitly in the code (by adding a helper). Also, use
canonical Decls to avoid matching against the case where the definition
is different from found declaration.
This fix suppresses the testcase I added in r167762, so add another
testcase to make sure we do test commit r167762.
Richard Smith [Mon, 12 Nov 2012 23:33:00 +0000 (23:33 +0000)]
Factor duplicated implicit memcpy call generation code out of copy/move
assignment generation. This incidentally avoids reusing the same Expr* across
multiple statements in the same object; that was generating slightly broken
ASTs, but I couldn't trigger any observable bad behavior, so no test.
Anna Zaks [Mon, 12 Nov 2012 22:06:24 +0000 (22:06 +0000)]
[analyzer] Fix a regression (from r 165079): compare canonical types.
Suppresses a leak false positive (radar://12663777).
In addition, we'll need to rewrite the adjustReturnValue() method not to
return UnknownVal by default, but rather assert in cases we cannot
handle. To make it possible, we need to correctly handle some of the
edge cases we already know about.
Richard Smith [Mon, 12 Nov 2012 21:38:00 +0000 (21:38 +0000)]
Remove abuse of hasTrivial*, and fix miscompile wherein global arrays with
internal linkage, no uses, trivial construction, and nontrivial destruction
were not emitted.
Chad Rosier [Mon, 12 Nov 2012 21:32:24 +0000 (21:32 +0000)]
If we encounter a fatal error, exit with status 70. For BSD systems this is
defined as an internal software error. This notifies the driver to report
diagnostics information.
rdar://11951540
projects / clang / log