Jordan Rose [Tue, 25 Sep 2012 22:32:51 +0000 (22:32 +0000)]
Rename CanFitInto64Bits to alwaysFitsInto64Bits per discussion on IRC.
This makes the behavior clearer concerning literals with the maximum
number of digits. For a 32-bit example, 4,000,000,000 is a valid uint32_t,
but 5,000,000,000 is not, so we'd have to count 10-digit decimal numbers
as "unsafe" (meaning we have to check for overflow when parsing them,
just as we would for numbers with 11 digits or higher). This is the same,
only with 64 bits to play with.
Jordan Rose [Tue, 25 Sep 2012 19:03:09 +0000 (19:03 +0000)]
[analyzer] Add tests for symbolic expression liveness.
There are very few tests here because SValBuilder is fairly aggressive
about not building SymExprs that we can't evaluate, which saves memory
and CPU but also makes it very much tied to the current constraint
manager. We should probably scale back here and let things decay to
UnknownVal later on.
bitwise-ops.c tests that for the SymExprs we do create, we persist our
assumptions about them. traversal-path-unification.c tests that we do
clean out constraints on arbitrary SymExprs once they have actually died.
Jordan Rose [Tue, 25 Sep 2012 19:03:06 +0000 (19:03 +0000)]
Reapply "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings."
Previously, we'd just keep constraints around forever, which means we'd
never be able to merge paths that differed only in constraints on dead
symbols.
Because we now allow constraints on symbolic expressions, not just single
symbols, this requires changing SymExpr::symbol_iterator to include
intermediate symbol nodes in its traversal, not just the SymbolData leaf
nodes.
This depends on the previous commit to be correct. Originally applied in
r163444, reverted in r164275, now being re-applied.
Note: the added FIXME to investigate SymbolRegionValue liveness is
tracked by <rdar://problem/12368183>. This patch does not change the
existing behavior.
Douglas Gregor [Tue, 25 Sep 2012 18:29:14 +0000 (18:29 +0000)]
Under certain terrible circumstances (<rdar://problem/10805775>),
top-level frameworks can actually be symlinked over to embedded
frameworks, and accessed via the top-level framework's headers. In
this case, we need to determine that the framework was *actually* an
embedded framework, so we can load the appropriate top-level module.
Bob Wilson [Tue, 25 Sep 2012 16:30:16 +0000 (16:30 +0000)]
Examine the last, not the first, instruction from the MC matcher.
If an MS-style inline asm is matched to multiple instructions, e.g., with a
a WAIT-prefix, then we need to examine the operands of the last instruction
instruction, not the prefix instruction.
Douglas Gregor [Tue, 25 Sep 2012 15:44:52 +0000 (15:44 +0000)]
Introduce builtin macros to determine whether we're building a
specific module (__building_module(modulename)) and to get the name of
the current module as an identifier (__MODULE__).
Used to help headers behave differently when they're being included as
part of building a module. Oh, the irony.
John McCall [Tue, 25 Sep 2012 10:10:39 +0000 (10:10 +0000)]
When performing a ::delete of an object with a virtual destructor,
be sure to delete the complete object pointer, not the original
pointer. This is necessary if the base being deleted is at a
non-zero offset in the complete object. This is only required
for objects with virtual destructors because deleting an object
via a base-class subobject when the base does not have a virtual
destructor is undefined behavior.
Noticed while reviewing the last four years of cxx-abi-dev
activity.
John McCall [Tue, 25 Sep 2012 06:56:03 +0000 (06:56 +0000)]
During jump-scope checking, build an ExprWithCleanups immediately
into the enclosing scope; this is a more accurate model but is
(I believe) unnecessary in my test case due to other flaws.
However, one of those flaws is now intentional: blocks which
appear in return statements can be trivially observed to not
extend in lifetime past the return, and so we can allow a jump
past them. Do the necessary magic in IR-generation to make
this work.
Richard Smith [Tue, 25 Sep 2012 04:46:05 +0000 (04:46 +0000)]
Fix crash when a decltype expression in a trailing return type refers to the
function being instantiated. An error recovery codepath was recursively
performing name lookup (and triggering an unbounded stack of template
instantiations which blew out the stack before hitting the depth limit).
Douglas Gregor [Mon, 24 Sep 2012 19:56:18 +0000 (19:56 +0000)]
Make sure that we don't end up making an #undef'd macro visible after
the fact. Test cases will come when we're actually (de-)serializing
macro history.
Dmitri Gribenko [Mon, 24 Sep 2012 18:19:21 +0000 (18:19 +0000)]
Change the wording of the extension warning from
> 'long long' is an extension when C99 mode is not enabled
to
> 'long long' is a C++11 extension
while compiling in C++98 mode.
Dmitri Gribenko [Mon, 24 Sep 2012 09:53:54 +0000 (09:53 +0000)]
Small cleanup of literal semantic analysis: hiding 'char *' pointers behind
StringRef makes code cleaner. Also, make the temporary buffer smaller:
512 characters is unreasonably large for integer literals.
Dmitri Gribenko [Sun, 23 Sep 2012 20:29:07 +0000 (20:29 +0000)]
As a followup for r164303, add some tests for printing literals that test
printing directly rather than through a complicated machinery of ObjC rewriter.
Dmitri Gribenko [Sat, 22 Sep 2012 21:47:50 +0000 (21:47 +0000)]
Comment sema: warn when comment has \deprecated but declaration does not have a
deprecation attribute ('deprecated', 'availability' or 'unavailable').
This warning is under a separate flag, -Wdocumentation-deprecated-sync, so it
can be turned off easily while leaving other -Wdocumentation warnings on.
When importing a FunctionProtoType::ExtProtoInfo, its ExceptionSpecDecl can point to the
FunctionDecl that we are importing the FunctionProtoType for, in which case we'll have
infinite recursion when importing.
Initially create a FunctionProtoType with null ExceptionSpecDecl/ExceptionSpecTemplate and
update the type in ASTNodeImporter::VisitFunctionDecl after the FunctionDecl has been created.
Jordan Rose [Sat, 22 Sep 2012 01:25:06 +0000 (01:25 +0000)]
[analyzer] Suppress bugs whose paths go through the return of a null pointer.
This is a heuristic intended to greatly reduce the number of false
positives resulting from inlining, particularly inlining of generic,
defensive C++ methods that live in header files. The suppression is
triggered in the cases where we ask to track where a null pointer came
from, and it turns out that the source of the null pointer was an inlined
function call.
This change brings the number of bug reports in LLVM from ~1500 down to
around ~300, a much more manageable number. Yes, some true positives may
be hidden as well, but from what I looked at the vast majority of silenced
reports are false positives, and many of the true issues found by the
analyzer are still reported.
I'm hoping to improve this heuristic further by adding some exceptions
next week (cases in which a bug should still be reported).
Jordan Rose [Sat, 22 Sep 2012 01:24:56 +0000 (01:24 +0000)]
[analyzer] Always allow BugReporterVisitors to see the bug path.
Before, PathDiagnosticConsumers that did not support actual path output
would (sensibly) cause the generation of the full path to be skipped.
However, BugReporterVisitors may want to see the path in order to mark a
BugReport as invalid.
Now, even for a path generation scheme of 'None' we will still create a
trimmed graph and walk backwards through the bug path, doing no work other
than passing the nodes to the BugReporterVisitors. This isn't cheap, but
it's necessary to properly do suppression when the first path consumer does
not support path notes.
In the future, we should try only generating the path and visitor-provided
path notes once, or at least only creating the trimmed graph once.
Jordan Rose [Sat, 22 Sep 2012 01:24:53 +0000 (01:24 +0000)]
[analyzer] Allow a BugReport to be marked "invalid" during path generation.
This is intended to allow visitors to make decisions about whether a
BugReport is likely a false positive. Currently there are no visitors
making use of this feature, so there are no tests.
When a BugReport is marked invalid, the invalidator must provide a key
that identifies the invaliation (intended to be the visitor type and a
context pointer of some kind). This allows us to reverse the decision
later on. Being able to reverse a decision about invalidation gives us more
flexibility, and allows us to formulate conditions like "this report is
invalid UNLESS the original argument is 'foo'". We can use this to
fine-tune our false-positive suppression (coming soon).
Jordan Rose [Sat, 22 Sep 2012 01:24:46 +0000 (01:24 +0000)]
[analyzer] Better path notes for null pointers passed as arguments.
Rather than saying "Null pointer value stored to 'foo'", we now say
"Passing null pointer value via Nth parameter 'foo'", which is much better.
The note is also now on the argument expression as well, rather than the
entire call.
This paves the way for continuing to track arguments back to their sources.
Richard Smith [Sat, 22 Sep 2012 00:53:56 +0000 (00:53 +0000)]
Fix bug which sometimes resulted in further diagnostics being produced after a
fatal error. Previously, if a fatal error was followed by a diagnostic which
was suppressed due to a SFINAETrap, we'd forget that we'd seen a fatal error.
objective-C: when diagnosing deprecated/unavailable usage of
setter or getter backing a deprecated/unavailable property,
also not location of the property. // rdar://12324295
Rafael Espindola [Fri, 21 Sep 2012 20:39:32 +0000 (20:39 +0000)]
Call CGM.SetLLVMFunctionAttributesForDefinition on thunks so that they get
attributes like uwtable. Without uwtable a stack unwinder would be unable
to go past the thunks.
Thread-safety analysis: better handling of unreachable blocks. Fixes a bug
where a call to function marked 'noreturn' is followed by unreachable
implicit destructor calls.
Hans Wennborg [Fri, 21 Sep 2012 08:58:33 +0000 (08:58 +0000)]
Make warnings about uninitialized fields include the field name.
This makes the wording more informative, and consistent with the other
warnings about uninitialized variables.
Also, me and David who reviewed this couldn't figure out why we would
need to do a lookup to get the name of the variable; so just print the
name directly.
[PCH] After deserializing a DeclContext, if it has external lexical decls but not
external visible decls, call DeclContext::setMustBuildLookupTable so that the
"lazy decls" bit of the LookupPtr is set.
Previously, in non-C++, if there were no new declarations causing the "lazy decls" bit
to be set, then DeclContext::lookups_begin() would fail to return the decls from the PCH.
Jim Grosbach [Fri, 21 Sep 2012 00:18:30 +0000 (00:18 +0000)]
ARM: Use a dedicated intrinsic for vector bitwise select.
The expression based expansion too often results in IR level optimizations
splitting the intermediate values into separate basic blocks, preventing
the formation of the VBSL instruction as the code author intended. In
particular, LICM would often hoist part of the computation out of a loop.