Douglas Gregor [Thu, 16 Jun 2011 17:56:04 +0000 (17:56 +0000)]
Teach the warning about non-POD memset/memcpy/memmove to deal with the
__builtin_ versions of these functions as well as the normal function
versions, so that it works on platforms where memset/memcpy/memmove
are macros that map down to the builtins (e.g., Darwin). Fixes
<rdar://problem/9372688>.
Douglas Gregor [Thu, 16 Jun 2011 16:50:48 +0000 (16:50 +0000)]
Implement the consistency checking for C++ [temp.deduct.call]p3, which
checks that the deduced argument type for a function call matches the
actual argument type provided. The only place we've found where the
consistency checking should actually cause template argument deduction
failure is due to qualifier differences that don't fall into the realm
of qualification conversions (which are *not* checked when we
initially perform deduction). However, we're performing the full
checking as specified in the standard to ensure that no other cases
exist.
Chandler Carruth [Thu, 16 Jun 2011 16:17:05 +0000 (16:17 +0000)]
Raise the ARCMT functionality in Clang into proper FrontendActions.
These are somewhat special in that they wrap any other FrontendAction,
running various ARC transformations or checks prior to the standard
action's run. To implement them easily, this extends FrontendAction to
have a WrapperFrontendAction utility class which forwards all calls by
default to an inner action setup at construction time. This is then
subclassed to override the specific behavior needed by the different
ARCMT tools.
Finally, FrontendTool is taught how to create these wrapper actions from
the existing flags and options structures.
The result is that clangFrontend no longer depends on clangARCMigrate.
This is very important, as clangARCMigrate *heavily* depends on
clangFrontend. Fundamentally ARCMigrate is at the same layer as
a library like Rewrite, sitting firmly on top of the Frontend, but tied
together with the FrontendTool when building the clang binary itself.
NAKAMURA Takumi [Thu, 16 Jun 2011 12:43:57 +0000 (12:43 +0000)]
Be aware of (x86_64-redhat-linux6E-)g++44 on RHEL5.
AFAIK, RHEL5 (and its clones) provides g++44 as the package "gcc44-c++".
By default, g++-4.1.1 is available, though, its libstdc++ would not be suitable to clang++.
Chandler Carruth [Thu, 16 Jun 2011 09:09:40 +0000 (09:09 +0000)]
Rework the warning for 'memset(p, 0, sizeof(p))' where 'p' is a pointer
and the programmer intended to write 'sizeof(*p)'. There are several
elements to the new version:
1) The actual expressions are compared in order to more accurately flag
the case where the pattern that works for an array has been used, or
a '*' has been omitted.
2) Only do a loose type-based check for record types. This prevents us
from warning when we happen to be copying around chunks of data the
size of a pointer and the pointer types for the sizeof and
source/dest match.
3) Move all the diagnostics behind the runtime diagnostic filter. Not
sure this is really important for this particular diagnostic, but
almost everything else in SemaChecking.cpp does so.
4) Make the wording of the diagnostic more precise and informative. At
least to my eyes.
5) Provide highlighting for the two expressions which had the unexpected
similarity.
6) Place this diagnostic under a flag: -Wsizeof-pointer-memaccess
This uses the Stmt::Profile system for computing #1. Because of the
potential cost, this is guarded by the warning flag. I'd be interested
in feedback on how bad this is in practice; I would expect it to be
quite cheap in practice. Ideas for a cheaper / better way to do this are
also welcome.
The diagnostic wording could likely use some further wordsmithing.
Suggestions welcome here. The goals I had were to: clarify that its the
interaction of 'memset' and 'sizeof' and give more reasonable
suggestions for a resolution.
An open question is whether these diagnostics should have the note
attached for silencing by casting the dest/source pointer to void*.
Jordy Rose [Thu, 16 Jun 2011 07:13:34 +0000 (07:13 +0000)]
[analyzer] Clean up modeling of strcmp, including cases where a string literal has an embedded null character, and where both arguments are the same buffer. Also use nested ifs rather than early returns; in this case early returns will lose any assumptions we've made earlier in the function.
Chandler Carruth [Thu, 16 Jun 2011 06:47:06 +0000 (06:47 +0000)]
Make the Stmt::Profile method const, and the StmtProfile visitor
a ConstStmtVisitor. This also required adding some const iteration
support for designated initializers and making some of the getters on
the designators const.
It also made the formatting of StmtProfile.cpp rather awkward. I'm happy
to adjust any of the formatting if folks have suggestions. I've at least
fitted it all within 80 columns.
Chandler Carruth [Thu, 16 Jun 2011 02:01:48 +0000 (02:01 +0000)]
Add the new arcmt-test tool to the clang-test dependencies with
c-index-test and friends. This brings the failures on CMake clang tests
from 23 to 2 on Linux.
Chandler Carruth [Thu, 16 Jun 2011 02:00:04 +0000 (02:00 +0000)]
Skip both character pointers and void pointers when diagnosing bad
argument types for mem{set,cpy,move}. Character pointers, much like void
pointers, often point to generic "memory", so trying to check whether
they match the type of the argument to 'sizeof' (or other checks) is
unproductive and often results in false positives.
Nico, please review; does this miss any of the bugs you were trying to
find with this warning? The array test case you had should be caught by
the array-specific sizeof warning I think.
Chandler Carruth [Thu, 16 Jun 2011 01:05:14 +0000 (01:05 +0000)]
Refactor parentheses suggestion notes to have less code duplication and
be more consistent in how parenthesized ranges which hit macros are
handled. Also makes the code significantly shorter, and the diagnostics
when macros are present a bit more useful.
Chandler Carruth [Thu, 16 Jun 2011 01:05:12 +0000 (01:05 +0000)]
Make the presentation of the warnings on 'x + y ? 1 : 0' a bit more
pretty. In particular this makes it much easier for me to read messages
such as:
x.cc:42: ?: has lower ...
Where I'm inclined to associate the third ':' with a missing column
number, but in fact column numbers have been turned off. Similar
punctuation collisions happened elsewhere as well.
Devang Patel [Wed, 15 Jun 2011 17:57:08 +0000 (17:57 +0000)]
Do not emit stoppoint before emitting debug info for parameters.
- llvm.dbg.declare already receives line number information from ParmDecl
- Additional extra stoppoint messes up gdb's understanding of where function body starts.
Douglas Gregor [Wed, 15 Jun 2011 16:02:29 +0000 (16:02 +0000)]
Eliminate a 'default' case in template argument deduction, where we
were just punting on template argument deduction for a number of type
nodes. Most of them, obviously, didn't matter.
As a consequence of this, make extended vector types (via the
ext_vector_type attribute) actually work properly for several
important cases:
- If the attribute appears in a type-id (i.e, not attached to a
typedef), actually build a proper vector type
- Build ExtVectorType whenever the size is constant; previously, we
were building DependentSizedExtVectorType when the size was constant
but the type was dependent, which makes no sense at all.
- Teach template argument deduction to handle
ExtVectorType/DependentSizedExtVectorType.
Douglas Gregor [Wed, 15 Jun 2011 14:20:42 +0000 (14:20 +0000)]
When performing substitution of default template template parameters
before the template parameters have acquired a proper context (e.g.,
because the enclosing context has yet to be built), provide empty
parameter lists for all outer template parameter scopes to inhibit any
substitution for those template parameters. Fixes PR9643 /
<rdar://problem/9251019>.
Jordy Rose [Wed, 15 Jun 2011 05:52:56 +0000 (05:52 +0000)]
[analyzer] Revise CStringChecker's modelling of strcpy() and strcat():
- (bounded copies) Be more conservative about how much is being copied.
- (str(n)cat) If we can't compute the exact final length of an append operation, we can still lower-bound it.
- (stpcpy) Fix the conjured return value at the end to actually be returned.
This requires these supporting changes:
- C string metadata symbols are still live even when buried in a SymExpr.
- "Hypothetical" C string lengths, to represent a value that /will/ be passed to setCStringLength() if all goes well. (The idea is to allow for temporary constrainable symbols that may end up becoming permanent.)
- The 'checkAdditionOverflow' helper makes sure that the two strings being appended in a strcat don't overflow size_t. This should never *actually* happen; the real effect is to keep the final string length from "wrapping around" in the constraint manager.
This doesn't actually test the "bounded" operations (strncpy and strncat) because they can leave strings unterminated. Next on the list!
Douglas Gregor [Wed, 15 Jun 2011 05:45:11 +0000 (05:45 +0000)]
Don't add redundant FormatAttr, ConstAttr, or NoThrowAttr attributes,
either imlicitly (for builtins) or explicitly (due to multiple
specification of the same attributes). Fixes <rdar://problem/9612060>.
Jordy Rose [Wed, 15 Jun 2011 05:14:03 +0000 (05:14 +0000)]
[analyzer] If a C string length is UnknownVal, clear any existing length binding. No tests yet because the only thing that sets string length is strcpy(), and that needs some work anyway.
Jordy Rose [Wed, 15 Jun 2011 04:55:49 +0000 (04:55 +0000)]
[analyzer] When performing a binary operation on symbolic operands, we convert the symbol values to a common type. But in a relational operation, the result is an 'int' or 'bool', which may not be the appropriate type to convert the operands to. In these cases, use the left-hand operand's type as the conversion type.
There's no associated test for this because fully-constrained symbolic values are evaluated ahead of time in normal expressions. This can only come up in checker-constructed expressions (like the ones in an upcoming patch to CStringChecker).
Douglas Gregor [Wed, 15 Jun 2011 03:23:34 +0000 (03:23 +0000)]
Properly implement C++0x [stmt.dcl]p3, which requires a scope to be
protected in the case where a variable is being initialized by a
trivial default constructor but has a non-trivial destructor.
Ted Kremenek [Wed, 15 Jun 2011 00:54:52 +0000 (00:54 +0000)]
Sema: show shift result in hexadecimal
Change the output for -Wshift-overflow and
-Wshift-sign-overflow to an unsigned hexadecimal. It makes
more sense for looking at bits than a signed decimal does.
Also, change the diagnostic's wording from "overrides"
to "sets".
This uses a new optional argument in APInt::toString()
that adds the '0x' prefix to hexademical numbers.
Chris Lattner [Tue, 14 Jun 2011 18:19:37 +0000 (18:19 +0000)]
revert r133003 and fix the bug properly: the issue was that ## in a token
lexer is not a paste operator, it is a normal token. This fixes a conformance
issue shown here:
http://p99.gforge.inria.fr/c99-conformance/c99-conformance-clang-2.9.html
Douglas Gregor [Tue, 14 Jun 2011 16:42:44 +0000 (16:42 +0000)]
When profiling FunctionProtoTypes, don't canonicalize the expression
in a noexcept exception specification because it isn't part of the
canonical type. This ensures that we keep the exact expression written
in the noexcept exception specification, rather than accidentally
"adopting" a previously-written and canonically "equivalent" function
prototype. Fixes PR10087.
Chris Lattner [Tue, 14 Jun 2011 06:38:10 +0000 (06:38 +0000)]
when compiling in a GNU mode (e.g. gnu99) treat VLAs with a size that can be folded to a constant
as constant size arrays. This has slightly different semantics in some insane cases, but allows
us to accept some constructs that GCC does. Continue to be pedantic in -std=c99 and other
modes. This addressed rdar://8733881 - error "variable-sized object may not be initialized"; g++ accepts same code
Eli Friedman [Tue, 14 Jun 2011 01:37:52 +0000 (01:37 +0000)]
The LLVM IR representation of byval arguments has a rather strange property: if the alignment of an argument to a call is less than the specified byval alignment for that argument, there is no way to specify the alignment of the implied copy. Therefore, we must ensure that the alignment of the argument is at least the byval alignment. To do this, we have to mess with the alignment of relevant alloca's in some cases, and insert a copy that conceptually shouldn't be necessary in some cases.
This patch tries relatively hard to avoid creating an extra copy if it can be avoided (see test3 in the included testcase), but it is not possible to avoid in some cases (like test2 in the included testcase).