Ted Kremenek [Wed, 17 Dec 2008 21:50:35 +0000 (21:50 +0000)]
CF-retain/release checker:
- Fix regression reported in <rdar://problem/6452745>. After a null check, null references to resources should not have a retain count. This regression was caused by removing the call to "GRTransferFuncs::EvalAssume" in BasicConstraintManager.
- Added a test case to test this behavior.
This patch will build the Records lazily per Steve's comments.
Note that one test duplicate-ivar-check.m will fail because I
need to re-implement duplicate ivar checking.
Ted Kremenek [Wed, 17 Dec 2008 19:42:34 +0000 (19:42 +0000)]
Fix <rdar://problem/6451816>:
- Because of the introduction of AnonTypedRegions when reasoning about casts, we
had a regression in the "symbolication" of variable values passed-by-reference
to a function. This is now fixed in CFRefCount.cpp (-checker-cfref) by
blasting through the layer of AnonTypedRegions when symbolicating the value of
the variable. This logic may get moved elsewhere. Note that this change
affects only -checker-cfref and not -checker-simple; eventually this logic
should get pulled out of CFRefCount.cpp into a more common place. All users
use -checker-cfref by default, and -checker-simple should probably just be
removed.
- Updated test 'Analysis/uninit-vals-ps.c' to only use -checker-cfref and added
a test case for this regression.
Douglas Gregor [Wed, 17 Dec 2008 16:48:01 +0000 (16:48 +0000)]
Make the injected-class-name of a C++ class a separate RecordDecl from the class itself, with a different scope. This eliminates some ownership issues, so that the RecordDecl only lives in a single context
Douglas Gregor [Wed, 17 Dec 2008 16:19:15 +0000 (16:19 +0000)]
Removed the warning
warning: statement was disambiguated as declaration
because it is currently firing in cases where the declaration would
not actually parse as a statement. We'd love to bring this warning
back if we can make it more accurate.
Ted Kremenek [Tue, 16 Dec 2008 22:13:33 +0000 (22:13 +0000)]
Add new GRWorkList class that uses two queues:
- one queue (FIFO) to queue up nodes at block entrances
- another queue (LIFO) to queue up other nodes
- The idea is to explore basic blocks to completion, but to do a BFS exploration of blocks.
Ted Kremenek [Tue, 16 Dec 2008 22:02:27 +0000 (22:02 +0000)]
ProgramPoint:
- Added four new ProgramPoint types that subclass PostStmt for use in
GRExprEngine::EvalLocation:
- PostOutOfBoundsCheckFailed
- PostUndefLocationCheckFailed
- PostNullCheckFailed
- PostLocationChecksSucceed
These were created because of a horribly subtle caching bug in EvalLocation
where a node representing an "bug condition" in EvalLocation (e.g. a null
dereference) could be re-used as the "non-bug condition" because the Store did
not contain any information to differentiate between the two. The extra
program points just disables any accidental caching between EvalLocation and
its callers.
GRExprEngine:
- EvalLocation now returns a NodeTy* instead of GRState*. This should be used as the "vetted" predecessor for EvalLoad/EvalStore.
Douglas Gregor [Tue, 16 Dec 2008 21:30:33 +0000 (21:30 +0000)]
Delay parsing of default arguments of member functions until the class
is completely defined (C++ [class.mem]p2).
Reverse the order in which we process the definitions of member
functions specified inline. This way, we'll get diagnostics in the
order in which the member functions were declared in the class.
Eli Friedman [Tue, 16 Dec 2008 20:15:50 +0000 (20:15 +0000)]
Silence a couple more operator precedence warnings; this shouldn't
change the semantics. Please correct this if the precedence was
actually supposed to be something different.
Douglas Gregor [Tue, 16 Dec 2008 00:38:16 +0000 (00:38 +0000)]
Make name lookup when we're inside a declarator's scope, such as ClassName::func, work with the new unqualified name lookup code. Test it with default arguments in out-of-line member definitions
Douglas Gregor [Tue, 16 Dec 2008 00:08:34 +0000 (00:08 +0000)]
Added a test for default arguments added to out-of-line member
functions. They work except that name lookup within the default
arguments needs to be deferred until the class definition is complete
(see FIXME in the test).
Douglas Gregor [Mon, 15 Dec 2008 23:53:10 +0000 (23:53 +0000)]
Diagnose erroneous uses of out-of-line member definitions and scope
specifiers. Specifically:
* Determine when an out-of-line function definition does not match
any declaration within the class or namespace (including coping
with overloaded functions).
* Complain about typedefs and parameters that have scope specifiers.
* Complain about out-of-line declarations that aren't also
definitions.
* Complain about non-static data members being declared out-of-line.
* Allow cv-qualifiers on out-of-line member function definitions.
Douglas Gregor [Mon, 15 Dec 2008 21:24:18 +0000 (21:24 +0000)]
Place constructors and destructors into the DeclContext of the class,
just like all other members, and remove the special variables in
CXXRecordDecl to store them. This eliminates a lot of special-case
code for constructors and destructors, including
ActOnConstructor/ActOnDeclarator and special lookup rules in
LookupDecl. The result is far more uniform and manageable.
Ted Kremenek [Mon, 15 Dec 2008 19:56:42 +0000 (19:56 +0000)]
Preprocessor: Allocate MacroInfo objects using a BumpPtrAllocator instead using new/delete. This speeds up -Eonly on Cocoa.h using the regular lexer by 1.8% and the PTHLexer by 3%.
Douglas Gregor [Mon, 15 Dec 2008 17:33:16 +0000 (17:33 +0000)]
Don't double-destroy constructors defined out-of-line. This is a
half-solution; the real solution is coming when constructors and
destructors are treated like all other functions by ActOnDeclarator.
Ted Kremenek [Sat, 13 Dec 2008 21:49:13 +0000 (21:49 +0000)]
MemRegion:
- Overhauled the notion of "types" for TypedRegions. We now distinguish between the "lvalue" of a region (via getLValueRegion()) and the "rvalue" of a region (va getRValueRegion()). Since a region represents a chunk of memory it has both, but we were conflating these concepts in some cases, leading to some insidious bugs.
- Removed AnonPointeeType, partially because it is unused and because it doesn't have a clear notion of lvalue vs rvalue type. We can add it back once there is a need for it and we can resolve its role with these concepts.
StoreManager:
- Overhauled StoreManager::CastRegion. It expects an *lvalue* type for a region. This is actually what motivated the overhaul to the MemRegion type mechanism. It also no longer returns an SVal; we can just return a MemRegion*.
- BasicStoreManager::CastRegion now overlays an "AnonTypedRegion" for pointer-pointer casts. This matches with the MemRegion changes.
- Similar changes to RegionStore, except I've added a bunch of FIXMEs where it wasn't 100% clear where we should use TypedRegion::getRValueRegion() or TypedRegion::getLValueRegion().
AuditCFNumberCreate check:
- Now blasts through AnonTypedRegions that may layer the original memory region, thus checking if the actually memory block is of the appropriate type. This change was needed to work with the changes to StoreManager::CastRegion.
GRExprEngine::VisitCast:
- Conform to the new interface of StoreManager::CastRegion.
Tests:
- None of the analysis tests fail now for using the "basic store".
- Disabled the tests 'array-struct.c' and 'rdar-6442306-1.m' pending further testing and bug fixing.
Ted Kremenek [Sat, 13 Dec 2008 19:24:37 +0000 (19:24 +0000)]
A series of cleanups/fixes motivated by <rdar://problem/6442306>:
GRExprEngine (VisitCast):
- When using StoreManager::CastRegion, always use the state and value it returns to generate the next node. Failure to do so means that region values returned that don't require the state to be modified will get ignored.
MemRegion:
- Tighten the interface for ElementRegion. Now ElementRegion can only be created with a super region that is a 'TypedRegion' instead of any MemRegion. Code in BasicStoreManager/RegionStoreManager already assumed this, but it would result in a dynamic assertion check (and crash) rather than just having the compiler forbid the construction of such regions.
- Added ElementRegion::getArrayRegion() to return the 'typed version' of an ElementRegion's super region.
- Removed bogus assertion in ElementRegion::getType() that assumed that the super region was an AnonTypedRegion. All that matters is that it is a TypedRegion, which is now true all the time by design.
BasicStore:
- Modified getLValueElement() to check if the 'array' region is a TypedRegion before creating an ElementRegion. This conforms to the updated interface for ElementRegion.
RegionStore:
- In ArrayToPointer() gracefully handle things we don't reason about, and only create an ElementRegion if the array region is indeed a TypedRegion.
Ted Kremenek [Fri, 12 Dec 2008 22:05:38 +0000 (22:05 +0000)]
PTH: Added minor 'sibling jumping' optimization for iterating over the side table used for fast preprocessor block skipping. This has a minor performance improvement when preprocessing Cocoa.h, but can have some wins in pathologic cases.
Ted Kremenek [Fri, 12 Dec 2008 18:34:08 +0000 (18:34 +0000)]
Added PTH optimization to not process entire blocks of tokens that appear in skipped preprocessor blocks. This improves PTH speed by 6%. The code for this optimization itself is not very optimized, and will get cleaned up.
Chris Lattner [Fri, 12 Dec 2008 18:00:51 +0000 (18:00 +0000)]
Implement the final (hopefully) wrinkle to i-c-e + builtin_constant_p
processing: it allows arbitrary foldable constants as the operand of ?: when
builtin_constant_p is the condition.
Chris Lattner [Fri, 12 Dec 2008 06:19:11 +0000 (06:19 +0000)]
merge recovery-2.c into recovery-3.c.
Substantially improve error recovery after broken if conditions by
parsing the full if when we have a semantic error instead of using
parser recovery techniques to recover from a semantic error.
This fixes rdar://6094870 - spurious error after invalid 'if' condition
projects / clang / log