Jordan Rose [Mon, 1 Oct 2012 19:07:22 +0000 (19:07 +0000)]
[analyzer] Allow ObjC ivar lvalues where the base is nil.
By analogy with C structs, this seems to be legal, if probably discouraged.
It's only if the ivar is read from or written to that there's a problem.
Running a program that gets the "address" of an instance variable does in
fact return the offset when the base "object" is nil.
This isn't a full revert because r164442 includes some diagnostic tweaks
as well; those have been kept.
Jordan Rose [Mon, 1 Oct 2012 19:07:15 +0000 (19:07 +0000)]
Revert "[analyzer] Check that a member expr is valid even when the result is an lvalue."
The original intent of this commit was to catch potential null dereferences
early, but it breaks the common "home-grown offsetof" idiom (PR13927):
(((struct Foo *)0)->member - ((struct foo *)0))
As it turns out, this appears to be legal in C, per a footnote in
C11 6.5.3.2: "Thus, &*E is equivalent to E (even if E is a null pointer)".
In C++ this issue is still open:
http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_active.html#232
We'll just have to make sure we have good path notes in the future.
Ted Kremenek [Mon, 1 Oct 2012 18:28:19 +0000 (18:28 +0000)]
Have AnalyzerOptions::getBooleanOption() stick the matching config
string in the config table so that it can be dumped as part of the
config dumper. Add a test to show that these options are sticking
and can be cross-checked using FileCheck.
Ted Kremenek [Mon, 1 Oct 2012 18:28:14 +0000 (18:28 +0000)]
Add checker debug.ConfigDumper to dump the contents of the configuration table.
The format of this output is a WIP; largely I'm bringing it up now
for regression testing. We can evolve the output format over time.
Richard Trieu [Mon, 1 Oct 2012 17:39:51 +0000 (17:39 +0000)]
Cleaning up the self initialization checker.
-Allow Sema to do more processing on the initial Expr before checking it.
-Remove the special conditions in HandleExpr()
-Move the code so that only one call site is needed.
-Removed the function from Sema and only call it locally.
-Warn on potentially evaluated reference variables, not just casts to r-values.
-Update tests.
Axel Naumann [Mon, 1 Oct 2012 09:51:27 +0000 (09:51 +0000)]
The Redeclarable part of named decls is read before their name.
Lookup can nevertheless find them due to the serialized lookup table.
For instance when reading a template decl's templatedDecl, it will search for existing decls that it could be a redeclaration of, and find the half-read template decl.
Thus there is no point in asserting the names of decls.
Axel Naumann [Mon, 1 Oct 2012 07:34:47 +0000 (07:34 +0000)]
Bring ASTReader and Writer into sync for the case where a canonical template specialization was written, which is non-canonical at the time of reading: force the reading of the ClassTemplateDecl if it was written.
The easiest way out is to store whether the decl was canonical at the time of writing.
Add test.
Benjamin Kramer [Sun, 30 Sep 2012 12:43:37 +0000 (12:43 +0000)]
CodeGen: Copy tail padding when we're not dealing with a trivial copy assign or move assign operator.
This fixes a regression from r162254, the optimizer has problems reasoning
about the smaller memcpy as it's often not safe to widen a store but making it
smaller is.
Daniel Jasper [Sat, 29 Sep 2012 15:55:18 +0000 (15:55 +0000)]
Fix refersToDeclaration()-matcher and add missing test case. This was
broken as of r164656 as TemplateArgument::getAsDecl() now asserts
instead of returning NULL for other template arugment kinds.
Dmitri Gribenko [Sat, 29 Sep 2012 11:40:46 +0000 (11:40 +0000)]
Move the 'find macro by spelling' infrastructure to the Preprocessor class and
use it to suggest appropriate macro for __attribute__((deprecated)) in
-Wdocumentation-deprecated-sync.
For PPCallbacks::InclusionDirective() add a parameter for the module, whenever
an inclusion directive was automatically turned into a module import, and
PPCallbacks::moduleImport() for an explicit module import.
Anna Zaks [Sat, 29 Sep 2012 00:20:38 +0000 (00:20 +0000)]
[analyzer] Re-implement IvarInvalidationChecker so that it verifies that
the validation occurred.
The original implementation was pessimistic - we assumed that ivars
which escape are invalidated. This version is optimistic, it assumes
that the ivars will always be explicitly invalidated: either set to nil
or sent an invalidation message.
Richard Smith [Fri, 28 Sep 2012 22:46:07 +0000 (22:46 +0000)]
PR13941: Mark all virtual functions as unnamed_addr. It's not possible to
observe their addresses (taking their address gives the vtable slot) so we are
free to merge their definitions.
Jordan Rose [Fri, 28 Sep 2012 22:42:04 +0000 (22:42 +0000)]
Use a custom DenseMapInfo for WeakObjectProfileTy.
We can't specialize the usual llvm::DenseMapInfo at the end of the file
because by that point the DenseMap in FunctionScopeInfo has already been
instantiated.
[Doc parsing] Add availability information to generated Comment XML.
(I still need to add a test once I figure it out).
Reviewed off-line by Doug. // rdar://12378879
Compatibility macro detection for the -Wimplicit-fallthrough diagnostic.
Summary:
When issuing a diagnostic message for the -Wimplicit-fallthrough diagnostics, always try to find the latest macro, defined at the point of fallthrough, which is immediately expanded to "[[clang::fallthrough]]", and use it's name instead of the actual sequence.
Known issues:
* uses PP.getSpelling() to compare macro definition with a string (anyone can suggest a convenient way to fill a token array, or maybe lex it in runtime?);
* this can be generalized and used in other similar cases, any ideas where it should reside then?
Jordan Rose [Fri, 28 Sep 2012 22:21:42 +0000 (22:21 +0000)]
-Wreceiver-is-weak: rephrase warning text and add a suggestion Note.
New output:
warning: weak property may be unpredictably set to nil
note: property declared here
note: assign the value to a strong variable to keep the object alive
during use
Jordan Rose [Fri, 28 Sep 2012 22:21:35 +0000 (22:21 +0000)]
-Warc-repeated-use-of-weak: check ivars and variables as well.
Like properties, loading from a weak ivar twice in the same function can
give you inconsistent results if the object is deallocated between the
two loads. It is safer to assign to a strong local variable and use that.
Jordan Rose [Fri, 28 Sep 2012 22:21:30 +0000 (22:21 +0000)]
Add a warning (off by default) for repeated use of the same weak property.
The motivating example:
if (self.weakProp)
use(self.weakProp);
As with any non-atomic test-then-use, it is possible a weak property to be
non-nil at the 'if', but be deallocated by the time it is used. The correct
way to write this example is as follows:
id tmp = self.weakProp;
if (tmp)
use(tmp);
The warning is controlled by -Warc-repeated-use-of-receiver, and uses the
property name and base to determine if the same property on the same object
is being accessed multiple times. In cases where the base is more
complicated than just a single Decl (e.g. 'foo.bar.weakProp'), it picks a
Decl for some degree of uniquing and reports the problem under a subflag,
-Warc-maybe-repeated-use-of-receiver. This gives a way to tune the
aggressiveness of the warning for a particular project.
The warning is not on by default because it is not flow-sensitive and thus
may have a higher-than-acceptable rate of false positives, though it is
less noisy than -Wreceiver-is-weak. On the other hand, it will not warn
about some cases that may be legitimate issues that -Wreceiver-is-weak
will catch, and it does not attempt to reason about methods returning weak
values.
Even though this is not a real "analysis-based" check I've put the bug
emission code in AnalysisBasedWarnings for two reasons: (1) to run on
every kind of code body (function, method, block, or lambda), and (2) to
suggest that it may be enhanced by flow-sensitive analysis in the future.
The second (smaller) half of this work is to extend it to weak locals
and weak ivars. This should use most of the same infrastructure.
Richard Smith [Fri, 28 Sep 2012 21:23:50 +0000 (21:23 +0000)]
When processing an InitListExpr and skipping the initialization of an invalid
record, skip at least one element from the InitListExpr to avoid an infinite
loop if we're initializing an array of unknown bound.
Jordan Rose [Fri, 28 Sep 2012 17:15:25 +0000 (17:15 +0000)]
[analyzer] Handle inlined constructors for rvalue temporaries correctly.
Previously the analyzer treated all inlined constructors like lvalues,
setting the value of the CXXConstructExpr to the newly-constructed
region. However, some CXXConstructExprs behave like rvalues -- in
particular, the implicit copy constructor into a pass-by-value argument.
In this case, we want only the /contents/ of a temporary object to be
passed, so that we can use the same "copy each argument into the
parameter region" algorithm that we use for scalar arguments.
This may change when we start modeling destructors of temporaries,
but for now this is the last part of <rdar://problem/12137950>.
Jordan Rose [Fri, 28 Sep 2012 17:15:21 +0000 (17:15 +0000)]
[analyzer] Create a temp region when a method is called on a struct rvalue.
An rvalue has no address, but calling a C++ member function requires a
'this' pointer. This commit makes the analyzer create a temporary region
in which to store the struct rvalue and use as a 'this' pointer whenever
a member function is called on an rvalue, which is essentially what
CodeGen does.
More of <rdar://problem/12137950>. The last part is tracking down the
C++ FIXME in array-struct-region.cpp.
Jordan Rose [Fri, 28 Sep 2012 17:15:12 +0000 (17:15 +0000)]
[analyzer] Create a temporary region for rvalue structs when accessing fields
Struct rvalues are represented in the analyzer by CompoundVals,
LazyCompoundVals, or plain ConjuredSymbols -- none of which have associated
regions. If the entire structure is going to persist, this is not a
problem -- either the rvalue will be assigned to an existing region, or
a MaterializeTemporaryExpr will be present to create a temporary region.
However, if we just need a field from the struct, we need to create the
temporary region ourselves.
This is inspired by the way CodeGen handles calls to temporaries;
support for that in the analyzer is coming next.
Benjamin Kramer [Fri, 28 Sep 2012 16:44:29 +0000 (16:44 +0000)]
Avoid malloc thrashing in the uninitialized value analysis.
- The size of the packed vector is often small, save mallocs using SmallBitVector.
- Copying SmallBitVectors is also cheap, remove a level of indirection.
Daniel Jasper [Fri, 28 Sep 2012 15:45:07 +0000 (15:45 +0000)]
Set Diag.ErrorOccurred even if a DiagnosticConsumer does not want it in
diagnostic count.
If a DiagnosticConsumer sub-class overwrites IncludeInDiagnosticCounts,
this should change diagnostic counts. However, it currently also
influences Diag.ErrorOccurred, which in turn influences the behavior of
parsing and semantic analysis (in a way that can make it crash).
Douglas Gregor [Thu, 27 Sep 2012 14:50:15 +0000 (14:50 +0000)]
Following up on r164620, cope with symlinking from an embedded
framework location out to a top-level framework. Such frameworks are
not really embedded at all.
Per discussion in http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20120917/064551.html
have PPCallbacks::InclusionDirective pass the character range for the filename quotes or brackets.
Jordan Rose [Thu, 27 Sep 2012 01:40:12 +0000 (01:40 +0000)]
Use %clang_cc1 so that the test works even if the target isn't available.
Xcode-style clang builds only support Xcode's architectures, so mips
isn't available and the driver tries to use gcc instead. cc1 will go
ahead and do -fsyntax-only for any platform it knows about even if it
can't actually compile.
Nick Lewycky [Wed, 26 Sep 2012 22:48:46 +0000 (22:48 +0000)]
Turn off this test, as the new and old SROA cause it produce different output.
Left in a note that we need to turn it back on once the SROA fallout is cleared
up.
This checker is annotation driven. It checks that the annotated
invalidation method accesses all ivars of the enclosing objects that are
objects of type, which in turn contains an invalidation method.
This is driven by
__attribute((annotation("objc_instance_variable_invalidator")).
Fix template instantiation of attributes. More specifically, fix the case
where an attribute is attached to a forward declaration of a template function,
and refers to parameters of that declaration, but is then inherited by the
definition of that function. When the definition is instantiated, the
parameter references need to be remapped.
Jordan Rose [Wed, 26 Sep 2012 16:41:11 +0000 (16:41 +0000)]
Make our mini-stdint.h platform-independent by using predefined macros.
This also adds a definition for uint64_t, which was causing build failures
on some platforms. (I'm actually surprised this didn't happen on more
builders, but maybe the search paths are different.)
Eli Friedman [Wed, 26 Sep 2012 04:34:21 +0000 (04:34 +0000)]
Fix an edge case of mangling involving the combination of a lambda and typeid.
typeid (and a couple other non-standard places where we can transform an
unevaluated expression into an evaluated expression) is special
because it introduces an an expression evaluation context,
which conflicts with the mechanism to compute the current
lambda mangling context. PR12123.
I would appreciate if someone would double-check that we get the mangling
correct with this patch.