When importing a FunctionProtoType::ExtProtoInfo, its ExceptionSpecDecl can point to the
FunctionDecl that we are importing the FunctionProtoType for, in which case we'll have
infinite recursion when importing.
Initially create a FunctionProtoType with null ExceptionSpecDecl/ExceptionSpecTemplate and
update the type in ASTNodeImporter::VisitFunctionDecl after the FunctionDecl has been created.
Jordan Rose [Sat, 22 Sep 2012 01:25:06 +0000 (01:25 +0000)]
[analyzer] Suppress bugs whose paths go through the return of a null pointer.
This is a heuristic intended to greatly reduce the number of false
positives resulting from inlining, particularly inlining of generic,
defensive C++ methods that live in header files. The suppression is
triggered in the cases where we ask to track where a null pointer came
from, and it turns out that the source of the null pointer was an inlined
function call.
This change brings the number of bug reports in LLVM from ~1500 down to
around ~300, a much more manageable number. Yes, some true positives may
be hidden as well, but from what I looked at the vast majority of silenced
reports are false positives, and many of the true issues found by the
analyzer are still reported.
I'm hoping to improve this heuristic further by adding some exceptions
next week (cases in which a bug should still be reported).
Jordan Rose [Sat, 22 Sep 2012 01:24:56 +0000 (01:24 +0000)]
[analyzer] Always allow BugReporterVisitors to see the bug path.
Before, PathDiagnosticConsumers that did not support actual path output
would (sensibly) cause the generation of the full path to be skipped.
However, BugReporterVisitors may want to see the path in order to mark a
BugReport as invalid.
Now, even for a path generation scheme of 'None' we will still create a
trimmed graph and walk backwards through the bug path, doing no work other
than passing the nodes to the BugReporterVisitors. This isn't cheap, but
it's necessary to properly do suppression when the first path consumer does
not support path notes.
In the future, we should try only generating the path and visitor-provided
path notes once, or at least only creating the trimmed graph once.
Jordan Rose [Sat, 22 Sep 2012 01:24:53 +0000 (01:24 +0000)]
[analyzer] Allow a BugReport to be marked "invalid" during path generation.
This is intended to allow visitors to make decisions about whether a
BugReport is likely a false positive. Currently there are no visitors
making use of this feature, so there are no tests.
When a BugReport is marked invalid, the invalidator must provide a key
that identifies the invaliation (intended to be the visitor type and a
context pointer of some kind). This allows us to reverse the decision
later on. Being able to reverse a decision about invalidation gives us more
flexibility, and allows us to formulate conditions like "this report is
invalid UNLESS the original argument is 'foo'". We can use this to
fine-tune our false-positive suppression (coming soon).
Jordan Rose [Sat, 22 Sep 2012 01:24:46 +0000 (01:24 +0000)]
[analyzer] Better path notes for null pointers passed as arguments.
Rather than saying "Null pointer value stored to 'foo'", we now say
"Passing null pointer value via Nth parameter 'foo'", which is much better.
The note is also now on the argument expression as well, rather than the
entire call.
This paves the way for continuing to track arguments back to their sources.
Richard Smith [Sat, 22 Sep 2012 00:53:56 +0000 (00:53 +0000)]
Fix bug which sometimes resulted in further diagnostics being produced after a
fatal error. Previously, if a fatal error was followed by a diagnostic which
was suppressed due to a SFINAETrap, we'd forget that we'd seen a fatal error.
objective-C: when diagnosing deprecated/unavailable usage of
setter or getter backing a deprecated/unavailable property,
also not location of the property. // rdar://12324295
Rafael Espindola [Fri, 21 Sep 2012 20:39:32 +0000 (20:39 +0000)]
Call CGM.SetLLVMFunctionAttributesForDefinition on thunks so that they get
attributes like uwtable. Without uwtable a stack unwinder would be unable
to go past the thunks.
Thread-safety analysis: better handling of unreachable blocks. Fixes a bug
where a call to function marked 'noreturn' is followed by unreachable
implicit destructor calls.
Hans Wennborg [Fri, 21 Sep 2012 08:58:33 +0000 (08:58 +0000)]
Make warnings about uninitialized fields include the field name.
This makes the wording more informative, and consistent with the other
warnings about uninitialized variables.
Also, me and David who reviewed this couldn't figure out why we would
need to do a lookup to get the name of the variable; so just print the
name directly.
[PCH] After deserializing a DeclContext, if it has external lexical decls but not
external visible decls, call DeclContext::setMustBuildLookupTable so that the
"lazy decls" bit of the LookupPtr is set.
Previously, in non-C++, if there were no new declarations causing the "lazy decls" bit
to be set, then DeclContext::lookups_begin() would fail to return the decls from the PCH.
Jim Grosbach [Fri, 21 Sep 2012 00:18:30 +0000 (00:18 +0000)]
ARM: Use a dedicated intrinsic for vector bitwise select.
The expression based expansion too often results in IR level optimizations
splitting the intermediate values into separate basic blocks, preventing
the formation of the VBSL instruction as the code author intended. In
particular, LICM would often hoist part of the computation out of a loop.
Implement faux-body-synthesis of well-known functions in the static analyzer when
their implementations are unavailable. Start by simulating dispatch_sync().
This change is largely a bunch of plumbing around something very simple. We
use AnalysisDeclContext to conjure up a fake function body (using the
current ASTContext) when one does not exist. This is controlled
under the analyzer-config option "faux-bodies", which is off by default.
The plumbing in this patch is largely to pass the necessary machinery
around. CallEvent needs the AnalysisDeclContextManager to get
the function definition, as one may get conjured up lazily.
BugReporter and PathDiagnosticLocation needed to be relaxed to handle
invalid locations, as the conjured body has no real source locations.
We do some primitive recovery in diagnostic generation to generate
some reasonable locations (for arrows and events), but it can be
improved.
Richard Smith [Thu, 20 Sep 2012 21:52:32 +0000 (21:52 +0000)]
If the range in a for range statement doesn't have a viable begin/end function,
but can be dereferenced to form an expression which does have viable begin/end
functions, then typo-correct the range, even if something else goes wrong with
the statement (such as inaccessible begin/end or the wrong type of loop
variable).
In order to ensure we recover correctly and produce any followup diagnostics in
this case, redo semantic analysis on the for-range statement outside of the
diagnostic trap, after issuing the typo-correction.
David Blaikie [Thu, 20 Sep 2012 18:42:02 +0000 (18:42 +0000)]
Remove a test that is non-portable (cannot be execute on cross builds, for example)
While it might be nice to have a quick end-to-end sanity test, it's just not
really the right place for it & would require more work to enable lit to
provide a detection flag ("XFAIL: cross" or similar) than the value we get from
having this test. Early on it might've made more sense, but these days we've
got some pretty good coverage across the stack with more targeted tests.
David Blaikie [Thu, 20 Sep 2012 18:38:57 +0000 (18:38 +0000)]
Include types when a definition's type differs from a prior declaration.
This is some really old code (took me a while to find the test cases) & the
diagnostic text is slightly incorrect (it should really only apply to
re/declarations/, redefinitions are an error regardless of whether the types
match). Not sure if anyone cares about it, though.
For now this just makes the diagnostic more clear in less obvious cases where
the type of a declaration might not be explicitly written (eg: because it
uses decltype)
Daniel Jasper [Thu, 20 Sep 2012 09:24:58 +0000 (09:24 +0000)]
Provide better error messages for incorrect matchers.
By changing the conversion operator into a conversion constructor, we
can enabled based on the template parameters leading to better error
messages. E.g.: stmt(decl()) will now create an error message including:
note: candidate function not viable: no known conversion from
'clang::ast_matchers::internal::BindableMatcher<clang::Decl>' to 'const
clang::ast_matchers::internal::Matcher<clang::Stmt>' for 1st argument
Jordan Rose [Thu, 20 Sep 2012 01:55:32 +0000 (01:55 +0000)]
[analyzer] MallocChecker should not do post-call checks on inlined functions.
If someone provides their own function called 'strdup', or 'reallocf', or
even 'malloc', and we inlined it, the inlining should have given us all the
malloc-related information we need. If we then try to attach new information
to the return value, we could end up with spurious warnings.
Jordan Rose [Thu, 20 Sep 2012 01:54:56 +0000 (01:54 +0000)]
Revert "[analyzer] Remove constraints on dead symbols as part of removeDeadBindings."
While we definitely want this optimization in the future, we're not
currently handling constraints on symbolic /expressions/ correctly.
These should stay live even if the SymExpr itself is no longer referenced
because could recreate an identical SymExpr later. Only once the SymExpr
can no longer be recreated -- i.e. a component symbol is dead -- can we
safely remove the constraints on it.
This liveness issue is tracked by <rdar://problem/12333297>.
Benjamin Kramer [Wed, 19 Sep 2012 13:40:40 +0000 (13:40 +0000)]
ASTWriter: Tighten up assertions when emitting a declaration name.
clang has recently started to warn about the enum compares:
lib/Serialization/ASTWriter.cpp:2760:31: warning: comparison of literal 256 with expression of type
'clang::DeclarationName::NameKind' is always true [-Wtautological-constant-out-of-range-compare]
Eli Friedman [Wed, 19 Sep 2012 01:18:11 +0000 (01:18 +0000)]
Add the TypeSourceInfo for the lambda call operator to the lambda's
definition info; it needs to be there because the mangler needs to
access it before we're finished defining the lambda class.
PR12808.
c: warn when an integer value comparison with an
integral expression have the obvious result.
Patch reviewed by John McCall off line.
// rdar://12202422
Daniel Jasper [Tue, 18 Sep 2012 14:17:42 +0000 (14:17 +0000)]
Fix isDerivedFrom matcher.
Without this patch, the isDerivedFrom matcher asserts in the
"assert(ClassDecl != NULL);" in the new test, as a
DependentTemplateSpecilizationType is not a sub-type of
TemplateSpecializationType and also does not offer getAsCXXRecordDecl().
I am not sure why this did not cause problems before. It is now (after
the changed implementation of isDerivedFrom) easier to write a matcher
that actually gets into this branch of the code.
Daniel Jasper [Tue, 18 Sep 2012 13:09:13 +0000 (13:09 +0000)]
Make all VariadicDynCast-Expr-matchers StatementMatchers
Having Expr-subclass-matchers being VariadicDynCast-Expr-matchers does
not provide additional type safety and just makes using them harder. In
the clang AST, expressions are always statements and an expression
matcher can be used anywhere, a statement matcher is expected. Any given
matcher definition still has at least one noun.