Commit a bit of a hack to fully handle the situation where variables are
marked explicitly as uninitialized through direct self initialization:
int x = x;
With r128894 we prevented warnings about this code, and this patch
teaches the analysis engine to continue analyzing subsequent uses of
'x'. This should wrap up PR9624.
There is still an open question of whether we should suppress the
maybe-uninitialized warnings resulting from variables initialized in
this fashion. The definitely-uninitialized uses should always be warned.
Add security syntax checker for strcat() which causes the Static Analyzer to generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119.
Also, brings the security syntax checker more inline with coding standards.
Andrew Trick [Tue, 5 Apr 2011 18:56:55 +0000 (18:56 +0000)]
Added *hidden* flags -print-options and -print-all-options so
developers can see if their driver changed any cl::Option's. The
current implementation isn't perfect but handles most kinds of
options. This is nice to have when decomposing the stages of
compilation and moving between different drivers. It's also a good
sanity check when comparing results produced by different command line
invocations that are expected to produce the comparable results.
Note: This is not an attempt to prolong the life of cl::Option. On the
contrary, it's a placeholder for a feature that must exist when
cl::Option is replaced by a more appropriate framework. A new
framework needs: a central option registry, dynamic name lookup,
non-global containers of option values (e.g. per-module,
per-function), *and* the ability to print options values and their defaults at
any point during compilation.
Separate the logic for issuing the initialization fixit hint from the
diagnostic emission. The fixit hint, when suggested, typically has
nothing to do with the nature or form of the reference.
Begin refactoring the uninitialized warning code that I uglied up. This
extracts a function to handle the emission of the diagnostic separately
from the walking over the set of uninitialized uses.
Also updates the naming used within this extracted function to be a bit
more consistent with the rest of Clang's naming patterns.
The next step will be breaking this apart so that we can go through
different functions rather than tracking so many boolean variables.
Fix PR9624 by explicitly disabling uninitialized warnings for direct self-init:
int x = x;
GCC disables its warnings on this construct as a way of indicating that
the programmer intentionally wants the variable to be uninitialized.
Only the warning on the initializer is turned off in this iteration.
This makes the code a lot more ugly, but starts commenting the
surprising behavior here. This is a WIP, I want to refactor it
substantially for clarity, and to determine whether subsequent warnings
should be suppressed or not.
Cleanup the style of some of this code prior to functional changes.
I think this moves the code in the desired direction of the new style
recommendations (and style conventional in Clang), but if anyone prefers
the previous style, or has other suggestions just chime in and I'll
follow up.
Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
-Wuninitialized: use "self-init" warning when issue uninitialized values warnings from the dataflow analysis that include within the initializer of a variable.
Bob Wilson [Mon, 4 Apr 2011 16:53:11 +0000 (16:53 +0000)]
Change ARM data layout strings to match llvm-gcc.
Sandeep Patel noticed that the alignment was wrong for Neon vector types,
and this change is partly derived from his patch. For the APCS ABI, however,
additional changes were required: the maximum ABI alignment is 32 bits and
the preferred alignment for i64 and f64 types should be 64 bits.
Richard Smith [Sun, 3 Apr 2011 14:12:46 +0000 (14:12 +0000)]
clang has had full and tested support for C++0x trailing-return-type and auto type deduction since r126166. Update the website to reflect this, and add a __has_feature test.
trailing-return-type codegen is not tested yet (name mangling in particular).
Refactoring the security checker a little bit so that each CallExpr check doesn't get called for each CallExpr. Instead it does a switch and only runs the check for the proper identifier. Slight speed improvement (probably significant on very large ASTs), and should make it easier and more clear to add more checks for other CallExpr's later.
static analyzer: Add a new ProgramPoint PostCondition to represent the post position of a branch condition, and a new generateNode method to BranchNodeBuilder using PostCondition ProgramPoint. This method generates a new ExplodedNode but not a new block edge.
Apply a bug-fix patch from Marcin Kowalczyk to the source locations for
a couple of operator overloads which form interesting expressions in the
AST.
I added test cases for both bugs with the c-index-test's token
annotation feature. Also, thanks to John McCall for confirming that this
is the correct solution.
Fix an error in TreeTransform where we failed to copy the TemplateName's
location into a TemplateSpecializationTypeLoc. These were found using
a hand-written program to inspect every source location in
TemplateSpecializationTypeLocs and Valgrind. I don't know of any way to
test them in Clang's existing test suite sadly.
Example code that triggers the ElaboratedType case:
template <typename T> struct X1 {
template <typename U> struct X1_1 {
int x;
};
};
The other fix was simply spotted by inspection. I audited all constructions of
[Dependent]TemplateSpecializationTypeLocs in TreeTransform.h, and the rest set
the TemplateNameLoc properly.
Daniel Dunbar [Thu, 31 Mar 2011 23:32:15 +0000 (23:32 +0000)]
IRgen: Improve GCC compatibility when dealing with packed arrays by propagating
the array alignment to the array access.
- This is more or less the best we can do without having alignment present in
the type system, but is a long way from truly matching how GCC handles this.
Ted Kremenek [Thu, 31 Mar 2011 22:32:41 +0000 (22:32 +0000)]
-Wuninitialized should not warn about variables captured by blocks as byref.
Note this can potentially be enhanced to detect if the __block variable
is actually written by the block, or only when the block "escapes" or
is actually used, but that requires more analysis than it is probably worth
for this simple check.
Lenny Maiorani [Thu, 31 Mar 2011 22:09:14 +0000 (22:09 +0000)]
Add security syntax checker for strcpy() which causes the Static Analyzer to generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers.
Lenny Maiorani [Thu, 31 Mar 2011 21:36:53 +0000 (21:36 +0000)]
Adding Static Analyzer checker for mempcpy().
Models mempcpy() so that if length is NULL the destination pointer is returned. Otherwise, the source and destination are confirmed not to be NULL and not overlapping. Finally the copy is validated to not cause a buffer overrun and the return value is bound to the address of the byte after the last byte copied.
Sebastian Redl [Thu, 31 Mar 2011 19:29:24 +0000 (19:29 +0000)]
Make ChainedIncludesSource an ExternalSemaSource, otherwise initialization of the ASTReader is incomplete, leading to errors like not realizing std::type_info is already defined.
Sebastian Redl [Thu, 31 Mar 2011 19:29:18 +0000 (19:29 +0000)]
Tell the diagnostic client about starting and ending source files when automatically creating chained PCHs. This way, we don't get a crash whenever a diagnostic is emitted while processing the include.
John McCall [Thu, 31 Mar 2011 08:03:29 +0000 (08:03 +0000)]
After much contemplation, I've decided that we probably shouldn't "unique"
__block object copy/dispose helpers for C++ objects with those for
different variables with completely different semantics simply because
they happen to both be no more aligned than a pointer.
Found by inspection.
Also, internalize most of the helper generation logic within CGBlocks.cpp,
and refactor it to fit my peculiar aesthetic sense.
Ted Kremenek [Thu, 31 Mar 2011 04:46:53 +0000 (04:46 +0000)]
Static analyzer: fix bug in handling of dynamic_cast<>. The sink node wouldn't always be the final node, thus causing the state to continue propagating. Instead,
recover some path-sensitivity by conjuring a symbol.
Ted Kremenek [Thu, 31 Mar 2011 04:04:48 +0000 (04:04 +0000)]
Teach static analyzer about the basics of handling new[]. We still don't simulate constructors, but at least the analyzer doesn't think the return value is uninitialized.
Ted Kremenek [Wed, 30 Mar 2011 17:41:19 +0000 (17:41 +0000)]
Begin reworking static analyzer support for C++ method calls. The current logic was divorced
from how we process ordinary function calls, had a tremendous about of redundancy, and relied
strictly on inlining behavior (which was incomplete) to provide semantics instead of falling
back to the conservative analysis we use for C functions. This is a significant step into
making C++ analyzer support more useful.