Jordan Rose [Sat, 16 Mar 2013 01:07:58 +0000 (01:07 +0000)]
[analyzer] Separate graph trimming from creating the single-path graph.
When we generate a path diagnostic for a bug report, we have to take the
full ExplodedGraph and limit it down to a single path. We do this in two
steps: "trimming", which limits the graph to all the paths that lead to
this particular bug, and "creating the report graph", which finds the
shortest path in the trimmed path to any error node.
With BugReporterVisitor false positive suppression, this becomes more
expensive: it's possible for some paths through the trimmed graph to be
invalid (i.e. likely false positives) but others to be valid. Therefore
we have to run the visitors over each path in the graph until we find one
that is valid, or until we've ruled them all out. This can become quite
expensive.
This commit separates out graph trimming from creating the report graph,
performing the first only once per bug equivalence class and the second
once per bug report. It also cleans up that portion of the code by
introducing some wrapper classes.
This seems to recover most of the performance regression described in my
last commit.
Jordan Rose [Sat, 16 Mar 2013 01:07:47 +0000 (01:07 +0000)]
[analyzer] Don't repeat a bug equivalence class if every report is invalid.
I removed this check in the recursion->iteration commit, but forgot that
generatePathDiagnostic may be called multiple times if there are multiple
PathDiagnosticConsumers.
Manman Ren [Sat, 16 Mar 2013 00:11:09 +0000 (00:11 +0000)]
Exploit this-return of a callsite in a this-return function.
For constructors/desctructors that return 'this', if there exists a callsite
that returns 'this' and is immediately before the return instruction, make
sure we are using the return value from the callsite.
We don't need to keep 'this' alive through the callsite. It also enables
optimizations in the backend, such as tail call optimization.
Richard Trieu [Fri, 15 Mar 2013 23:55:09 +0000 (23:55 +0000)]
Improve template diffing handling of default integer values.
When the template argument is both default and value dependent, the expression
retrieved for the default argument cannot be evaluated, thus never matching
any argument value. To get the proper value, get the template argument
from the desugared template specialization. Also, output the original
expression to provide more information about the argument mismatch.
Anna Zaks [Fri, 15 Mar 2013 23:34:29 +0000 (23:34 +0000)]
[analyzer] Use isLiveRegion to determine when SymbolRegionValue is dead.
Fixes a FIXME, improves dead symbol collection, suppresses a false positive,
which resulted from reusing the same symbol twice for simulation of 2 calls to the same function.
Fixing this lead to 2 possible false negatives in CString checker. Since the checker is still alpha and
the solution will not require revert of this commit, move the tests to a FIXME section.
Ted Kremenek [Fri, 15 Mar 2013 23:09:37 +0000 (23:09 +0000)]
Fix buffer underrun (invalid read) triggered during diagnostic rendering. The test would overflow when computing '0 - 1'.
I don't have a good testcase for this that does not depend on system headers.
It did not trigger with preprocessed output, and I had trouble reducing the example.
Douglas Gregor [Fri, 15 Mar 2013 22:15:07 +0000 (22:15 +0000)]
<rdar://problem/13426257> Introduce SDKSettings.plist as an input file dependency for PCH/modules.
When we're building a precompiled header or module against an SDK on
Darwin, there will be a file SDKSettings.plist in the sysroot. Since
stat()'ing every system header on which a module or PCH file depends
is performance suicide, we instead stat() just SDKSettings.plist. This
hack works well on Darwin; it's unclear how we want to handle this on
other platforms. If there is a canonical file, we should use it; if
not, we either have to take the performance hit of stat()'ing system
headers repeatedly or roll the dice by not checking anything.
Jordan Rose [Fri, 15 Mar 2013 21:41:55 +0000 (21:41 +0000)]
[analyzer] Make GRBugReporter::generatePathDiagnostic iterative, not recursive.
The previous generatePathDiagnostic() was intended to be tail-recursive,
restarting and trying again if a report was marked invalid. However:
(1) this leaked all the cloned visitors, which weren't being deleted, and
(2) this wasn't actually tail-recursive because some local variables had
non-trivial destructors.
This was causing us to overflow the stack on inputs with large numbers of
reports in the same equivalence class, such as sqlite3.c. Being iterative
at least prevents us from blowing out the stack, but doesn't solve the
performance issue: suppressing thousands (yes, thousands) of paths in the
same equivalence class is expensive. I'm looking into that now.
Jordan Rose [Fri, 15 Mar 2013 21:41:53 +0000 (21:41 +0000)]
[analyzer] Collect stats on the max # of bug reports in an equivalence class.
We discovered that sqlite3.c currently has 2600 reports in a single
equivalence class; it would be good to know if this is a recent
development or what.
(For the curious, the different reports in an equivalence class represent
the same bug found along different paths. When we're suppressing false
positives, we need to go through /every/ path to make sure there isn't a
valid path to a bug. This is a flaw in our after-the-fact suppression,
made worse by the fact that that function isn't particularly optimized.)
Richard Trieu [Fri, 15 Mar 2013 20:35:18 +0000 (20:35 +0000)]
Refactor template diffing to store an enum that records which type of
difference is stored inside a DiffNode. This should not change any
diagnostic messages.
Adrian Prantl [Fri, 15 Mar 2013 17:09:05 +0000 (17:09 +0000)]
Force column info only for direct inlined functions. This should strike
the balance between expected behavior and compatibility with the gdb
testsuite.
(GDB gets confused if we break an expression into multiple debug
stmts so we enable this behavior only for inlined functions. For the
full experience people can still use -gcolumn-info.)
Sylvestre Ledru [Fri, 15 Mar 2013 16:22:43 +0000 (16:22 +0000)]
Take in account the triplet 'powerpc-linux-gnuspe' for PowerPC SPE. Done for the port of Debian on this arch. More information on: http://wiki.debian.org/PowerPCSPEPort Patch by Roland Stigge
Nico Weber [Fri, 15 Mar 2013 15:02:37 +0000 (15:02 +0000)]
Remove a pointless assertion.
FindNodeOrInsertPos() is called 10 lines earlier already, and the function
early-returns there if the result is != 0. InsertPos isn't recomputed after
that check, so this assert is always trivially true. (And it has nothing to
do with if T is canonical or not.)
Richard Smith [Fri, 15 Mar 2013 00:41:52 +0000 (00:41 +0000)]
PR15290: 'this' is not permitted in the declaration of a friend function,
therefore references to members should not be transformed into implicit uses of
'this'. Patch by Ismail Pazarbasi!
Don't try to typo-correct 'super' in an objc method.
This created 2 issues:
1) Performance issue, since typo-correction with PCH/modules is rather expensive.
2) Correctness issue, since if it managed to "correct" 'super' then bogus compiler errors would
be emitted, like this:
3.m:8:3: error: unknown type name 'super'; did you mean 'super1'?
super.x = 0;
^~~~~
super1
t3.m:5:13: note: 'super1' declared here
typedef int super1;
^
t3.m:8:8: error: expected identifier or '('
super.x = 0;
^
Anna Zaks [Thu, 14 Mar 2013 22:31:56 +0000 (22:31 +0000)]
[analyzer] Change the way in which IDC Visitor decides to kick in and make sure it attaches in the given edge case
In the test case below, the value V is not constrained to 0 in ErrorNode but it is in node N.
So we used to fail to register the Suppression visitor.
We also need to change the way we determine that the Visitor should kick in because the node N belongs to
the ExplodedGraph and might not be on the BugReporter path that the visitor sees. Instead of trying to match the node,
turn on the visitor when we see the last node in which the symbol is ‘0’.
Adrian Prantl [Thu, 14 Mar 2013 17:53:33 +0000 (17:53 +0000)]
Allocate stack storage for .block_descriptor and captured self at -O0.
This way the register allocator will not optimize away the debug info
for captured variables.
Manuel Klimek [Thu, 14 Mar 2013 16:33:21 +0000 (16:33 +0000)]
Implements memoization for ancestor matching.
This yields a log(#ast_nodes) worst-case improvement with matchers like
stmt(unless(hasAncestor(...))).
Also made the order of visitation for ancestor matches BFS, as the most
common use cases (for example finding the closest enclosing function
definition) rely on that.
Chandler Carruth [Thu, 14 Mar 2013 11:17:20 +0000 (11:17 +0000)]
Fix an unused variable warning from Clang by sinking a dyn_cast into an
isa and a cast inside the assert. The efficiency concern isn't really
important here. The code should likely be cleaned up a bit more,
especially getting a message into the assert.
John McCall [Thu, 14 Mar 2013 05:13:41 +0000 (05:13 +0000)]
Flag that friend function definitions are "late parsed" so that
template instantiation will still consider them to be definitions
if we instantiate the containing class before we get around
to parsing the friend.
This seems like a legitimate use of "late template parsed" to me,
but I'd appreciate it if someone responsible for the MS feature
would look over this.
This file already appears to access AST nodes directly, which
is arguably not kosher in the parser, but the performance of this
path matters enough that perpetuating the sin is justifiable.
Probably we ought to reconsider this policy for very simple
manipulations like this.
The reason this entire thing is necessary is that
function template instantiation plays some very gross games
in order to not associate an instantiated function template
with the class it came from unless it's a definition, and
the reason *that's* necessary is that the AST currently
cannot represent the instantiation history of individual
function template declarations, but instead tracks it in
common for the entire function template. That probably
prevents us from correctly reporting ill-formed calls to
ambiguously instantiated friend function templates.
Rafael Espindola [Thu, 14 Mar 2013 03:07:35 +0000 (03:07 +0000)]
Avoid computing the linkage too early. Don't invalidate it.
Before this patch we would compute the linkage lazily and cache it. When the
AST was modified in ways that could change the value, we would invalidate the
cache.
That was fairly brittle, since any code could ask for the a linkage before
the correct value was available.
We should change the API to one where the linkage is computed explicitly and
trying to get it when it is not available asserts.
This patch is a first step in that direction. We still compute the linkage
lazily, but instead of invalidating a cache, we assert that the AST
modifications didn't change the result.
Bill Wendling [Wed, 13 Mar 2013 22:24:33 +0000 (22:24 +0000)]
Have these attriubtes set to 'true' or 'false'.
The back-end cannot differentiate between functions that are from a .ll file and
those generated from the front-end. We cannot then take the non-precense of
these attributes as a "false" value. Have the front-end explicitly set the value
to 'true' or 'false' depending upon what is actually set.
[Modules] Don't eagerly load and associate all the module header files.
In a module-enabled Cocoa PCH file, we spend a lot of time stat'ing the headers
in order to associate the FileEntries with their modules and support implicit
module import.
Use a more lazy scheme by enhancing HeaderInfoTable to store extra info about
the module that a header belongs to, and associate it with its module only when
there is a request for loading the header info for a particular file.
This allows resolving top-header filenames of modules to FileEntries when
we need them, not eagerly.
Note that that this breaks ABI for libclang functions
clang_Module_getTopLevelHeader / clang_Module_getNumTopLevelHeaders
but this is fine because they are experimental and not widely used yet.
Anna Zaks [Wed, 13 Mar 2013 20:20:14 +0000 (20:20 +0000)]
[analyzer] BugReporter - more precise tracking of C++ references
When BugReporter tracks C++ references involved in a null pointer violation, we
want to differentiate between a null reference and a reference to a null pointer. In the
first case, we want to track the region for the reference location; in the second, we want
to track the null pointer.
In addition, the core creates CXXTempObjectRegion to represent the location of the
C++ reference, so teach FindLastStoreBRVisitor about it.
Jim Grosbach [Tue, 12 Mar 2013 20:17:58 +0000 (20:17 +0000)]
Driver: -ccc-install-dir should affect cc1 -resource-dir
-ccc-install-dir is supposed to cause the compiler to behave as-if it
were installed in the indicated location. It almost does, but misses
anything that's relying on the resource directory (libc++ header search,
in particular). The resource dir is resolved too early, before command
line args are handled.
The fix is simply to move handling of the resource dir until after we
know if a -ccc-install-dir is present.
Richard Smith [Tue, 12 Mar 2013 19:56:09 +0000 (19:56 +0000)]
Make C++11 status page more consistent: we mark entries as "done" if we
implement correct functionality, even if it's not optimal. On this basis, mark
"data dependency ordering" as done. Add footnotes for cases where our
implementation is known to be suboptimal.
Objective-C: Issue warning in couple of obscure cases
when property autosynthesis does not synthesize a property.
When property is declared 'readonly' in a super class and
is redeclared 'readwrite' in a subclass. When a property
autosynthesis causes it to share 'ivar' with another property.
// rdar://13388503
Bob Wilson [Tue, 12 Mar 2013 19:39:19 +0000 (19:39 +0000)]
Revert r166370 and r166540 now that Xcode 4.6 has been available for a while.
Those changes were added as a temporary workaround for Xcode 4.5 passing the
-Wno-arc-abi option. Xcode 4.6 does not pass that option so this should no
longer be necessary.