Jordan Rose [Sat, 30 Mar 2013 01:31:42 +0000 (01:31 +0000)]
[analyzer] Handle caching out while evaluating a C++ new expression.
Evaluating a C++ new expression now includes generating an intermediate
ExplodedNode, and this node could very well represent a previously-
reachable state in the ExplodedGraph. If so, we can short-circuit the
rest of the evaluation.
Anna Zaks [Fri, 29 Mar 2013 22:32:38 +0000 (22:32 +0000)]
[analyzer] Address Jordan’s review of r178309 - do not register an extra visitor for nil receiver
We can check if the receiver is nil in the node that corresponds to the StmtPoint of the message send.
At that point, the receiver is guaranteed to be live. We will find at least one unreclaimed node due to
my previous commit (look for StmtPoint instead of PostStmt) and the fact that the nil receiver nodes are tagged.
Anna Zaks [Fri, 29 Mar 2013 22:32:34 +0000 (22:32 +0000)]
[analyzer] Look for a StmtPoint node instead of PostStmt in trackNullOrUndefValue.
trackNullOrUndefValue tries to find the first node that matches the statement it is tracking.
Since we collect PostStmt nodes (in node reclamation), none of those might be on the
current path, so relax the search to look for any StmtPoint.
When looking for overridden ObjC methods, don't ignore 'hidden' ones.
When using modules we should not ignore overridden methods from
categories that are hidden because the module is not visible.
This will give more consistent results (when imports change) and it's more
correct since the methods are indeed overridden even if they are not "visible"
for lookup purposes.
[cmake] Add clang-headers as a dependency of libclang and if we have to copy them
for the IDE case, also create a symlink inside the libclang.dylib directory.
Benjamin Kramer [Fri, 29 Mar 2013 21:43:21 +0000 (21:43 +0000)]
Sema: Warn on sizeof on binary ops on decayed arrays.
The array will decay into a pointer, creating an unexpected result.
sizeof(array + int) is an easy to make typo for sizeof(array) + int.
This was motivated by a NetBSD security bug, used sizeof(key - r) instead of
sizeof(key) - r, reducing entropy in a random number generator.
http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/kern/subr_cprng.c.diff?r1=1.14&r2=1.15&only_with_tag=MAIN&f=h
Adrian Prantl [Fri, 29 Mar 2013 19:20:35 +0000 (19:20 +0000)]
Bugfix/Followup for r177086.
* Store the .block_descriptor (instead of self) in the alloca so we
can guarantee that all captured variables are available at -O0.
* Add the missing OpDeref for the alloca.
rdar://problem/12767564
Objective-C: Produce precise diagnostic when
'isa' ivar is accessed provided it is the first
ivar. Fixit hint will follow in another patch.
This is continuation of // rdar://13503456
Anna Zaks [Thu, 28 Mar 2013 23:15:29 +0000 (23:15 +0000)]
[analyzer] Add support for escape of const pointers and use it to allow “newed” pointers to escape
Add a new callback that notifies checkers when a const pointer escapes. Currently, this only works
for const pointers passed as a top level parameter into a function. We need to differentiate the const
pointers escape from regular escape since the content pointed by const pointer will not change;
if it’s a file handle, a file cannot be closed; but delete is allowed on const pointers.
This should suppress several false positives reported by the NewDelete checker on llvm codebase.
Anna Zaks [Thu, 28 Mar 2013 23:15:22 +0000 (23:15 +0000)]
[analyzer] Apply the suppression rules to the nil receiver only if the value participates in the computation of the nil we warn about.
We should only suppress a bug report if the IDCed or null returned nil value is directly related to the value we are warning about. This was
not the case for nil receivers - we would suppress a bug report that had an IDCed nil receiver on the path regardless of how it’s
related to the warning.
1) Thread EnableNullFPSuppression parameter through the visitors to differentiate between tracking the value which
is directly responsible for the bug and other values that visitors are tracking (ex: general tracking of nil receivers).
2) in trackNullOrUndef specifically address the case when a value of the message send is nil due to the receiver being nil.
Reid Kleckner [Thu, 28 Mar 2013 20:02:56 +0000 (20:02 +0000)]
[ms-cxxabi] Correctly compute the size of member pointers
Summary:
This also relaxes the requirement on Windows that the member pointer
class type be a complete type (http://llvm.org/PR12070). We still ask
for a complete type to instantiate any templates (MSVC does this), but
if that fails we continue as normal, relying on any inheritance
attributes on the declaration.
Objective-C: Provide fixit suggestions when class object
is accessed via accessing 'isa' ivar to use
object_getClass/object_setClass apis.
// rdar://13503456
Sam Panzer [Thu, 28 Mar 2013 19:07:11 +0000 (19:07 +0000)]
Implemented a warning when an input several bitwise operations are
likely be implicitly truncated:
* All forms of Bitwise-and, bitwise-or, and integer multiplication.
* The assignment form of integer addition, subtraction, and exclusive-or
* The RHS of the comma operator
* The LHS of left shifts.
Thomas Schwinge [Thu, 28 Mar 2013 19:02:48 +0000 (19:02 +0000)]
Rename LinuxDistro to Distro.
The concept of such a software distribution is not tied to the Linux kernel;
for example Debian GNU/Linux, Debian GNU/Hurd, and Debian GNU/kFreeBSD all
share the same source packages and generally the same user-space configuration.
Ted Kremenek [Thu, 28 Mar 2013 18:43:15 +0000 (18:43 +0000)]
Add CFG logic to create a conditional branch for modeling static initializers.
This is an optional variant of the CFG. This allows analyses to model whether
or not a static initializer has run, e.g.:
static Foo x = bar();
For basic dataflow analysis in Sema we will just assume that the initializer
always runs. For the static analyzer we can use this branch to accurately
track whether or not initializers are on.
This patch just adds the (opt-in) functionality to the CFG. The
static analyzer still needs to be modified to adopt this feature.
Fixed handling of comments before preprocessor directives.
Comments before preprocessor directives used to be stored with InPPDirective
flag set, which prevented correct comment splitting in this case. Fixed by
flushing comments before switching on InPPDirective. Added a new test and fixed
one of the existing tests.
Anton Yartsev [Thu, 28 Mar 2013 16:10:38 +0000 (16:10 +0000)]
[analyzer] For now assume all standard global 'operator new' functions allocate memory in heap.
+ Improved test coverage for cplusplus.NewDelete checker.
Hal Finkel [Thu, 28 Mar 2013 08:38:53 +0000 (08:38 +0000)]
Add support for gcc-compatible -mmfcrf -mno-mfcrf PPC options
gcc provides -mmfcrf and -mno-mfcrf for controlling what we call
the mfocrf target feature. Also, PPC is now making use of the
static function AddTargetFeature used by the Mips Driver code.
Richard Smith [Thu, 28 Mar 2013 03:27:52 +0000 (03:27 +0000)]
For -Wignored-qualifiers, don't warn on qualifiers which we acquire via a
typedef. Also don't warn on the _Atomic type specifier, just on the _Atomic
type qualifier.
Richard Smith [Thu, 28 Mar 2013 00:03:10 +0000 (00:03 +0000)]
Fold together the two implementations of 6.7.3p2 in SemaType. Fix two bugs, each of which was only present in one version:
* Give the right diagnostic for 'restrict' applied to a non-pointer, non-reference type.
* Don't reject 'restrict' applied indirectly to an Objective-C object pointer type (eg, through template instantiation).
When we are consuming the current token just to enter a new token stream, we push
the current token in the back of the stream so that we get it again.
Unfortunately this had the effect where if the current token is a code-completion one,
we would code-complete once during consuming it and another time after the stream ended.
Fix this by making sure that, in this case, ConsumeAnyToken() will consume a code-completion
token without invoking code-completion.
Richard Smith [Wed, 27 Mar 2013 23:20:25 +0000 (23:20 +0000)]
UBSan: Don't diagnose inf/nan conversions between floating-point types. It's far from clear whether these have undefined behavior, and these checks are helping no-one. Keep the double->float overflow warnings, though, since those are useful in practice, even though it's unclear whether such operations have defined behavior.
Jordan Rose [Wed, 27 Mar 2013 18:10:35 +0000 (18:10 +0000)]
[analyzer] Use evalBind for C++ new of scalar types.
These types will not have a CXXConstructExpr to do the initialization for
them. Previously we just used a simple call to ProgramState::bindLoc, but
that doesn't trigger proper checker callbacks (like pointer escape).
Anna Zaks [Wed, 27 Mar 2013 17:35:58 +0000 (17:35 +0000)]
[analyzer] Ensure that the node NilReceiverBRVisitor is looking for is not reclaimed
The visitor should look for the PreStmt node as the receiver is nil in the PreStmt and this is the node. Also, tag the nil
receiver nodes with a special tag for consistency.
Douglas Gregor [Wed, 27 Mar 2013 16:47:18 +0000 (16:47 +0000)]
<rdar://problem/13509689> Introduce -module-file-info option that provides information about a particular module file.
This option can be useful for end users who want to know why they
ended up with a ton of different variants of the "std" module in their
module cache. This problem should go away over time, as we reduce the
need for module variants, but it will never go away entirely.
Douglas Gregor [Wed, 27 Mar 2013 12:51:49 +0000 (12:51 +0000)]
<rdar://problem/13317030> Consider using directives when performing unqualified name lookup into declarations contexts represented by the qualified-id but not in the actual scope hierarchy.
[lib/Headers] Break the module import cycle between _Builtin_intrinsics.sse and _Builtin_intrinsics.sse2
Module "sse" implicitly exports module "sse2".
This is bad because we also have module "sse2" export module "sse" (as intended) so we end up with a cycle
in the module import graph:
1. sse2 -> (also imports) sse
2. sse -> (also imports) sse2
To eliminate the cycle remove 2.; importing module "sse2" will also import module "sse", but just importing
module "sse" will not also import module "sse2".
[modules] Before marking the module imported macros as ambiguous, check if this is a case where
the system macro uses a not identical definition compared to a macro from the clang headers.
For example (these come from different modules):
\#define LONG_MAX __LONG_MAX__ (clang's limits.h)
\#define LONG_MAX 0x7fffffffffffffffL (system's limits.h)
in which case don't mark them ambiguous to avoid the "ambiguous macro expansion" warning.
[modules] Re-enable the "ambiguous expansion of macro" warning.
Also update "test/Modules/macros.c" to test modified semantics:
-When there is an ambiguous macro, expand using the latest introduced version, not the first one.
-#undefs in submodules cause the macro to not be exported by that submodule, it doesn't cause
undefining of macros in the translation unit that imported that submodule.
This reduces macro namespace interference across modules.