Anna Zaks [Wed, 24 Aug 2011 00:06:27 +0000 (00:06 +0000)]
[analyzer] MacOSKeychainAPIChecker: Add reasoning about functions which MIGHT deallocate the memory region allocated with SecKeychain APIs. Specifically, when the buffer is passed to CFStringCreateWithBytesNoCopy along with a custom deallocator, which might potentially correctly release the memory.
Anna Zaks [Tue, 23 Aug 2011 23:56:12 +0000 (23:56 +0000)]
[analyzer] MacOSKeychainAPIChecker: Retrieve the memory region which we are tracking even when it's no longer a SymbolicRegion, for example, when it is cast to char*.
Ted Kremenek [Tue, 23 Aug 2011 23:05:11 +0000 (23:05 +0000)]
Start reworking -Wunreachable-code. The original analysis had serious flaws with how it
handled SCC's of dead code, or simply having false negatives by overly suppressing warnings.
Eli Friedman [Tue, 23 Aug 2011 22:24:57 +0000 (22:24 +0000)]
Refactor and fix checking for initialization of flexible array members. The old version had the checks scattered across the code, missed some checks, and had a couple nasty bugs in existing checks.
Fixes PR10648 and another similar accepts-invalid bug.
Amend r138129 (reduction of SLocEntries) which introduced performance regression due
to increased calls to SourceManager::getFileID. (rdar://9992664)
Use a slightly different approach that is more efficient both in terms of speed
(no extra getFileID calls) and in SLocEntries reduction.
Comparing pre-r138129 and this patch we get:
For compiling SemaExpr.cpp reduction of SLocEntries by 26%.
For the boost enum library:
-SLocEntries -34% (note that this was -5% for r138129)
-Memory consumption -50%
-PCH size -31%
Reduced SLocEntries also benefit the hot function SourceManager::getFileID,
evident by the reduced "FileID scans".
Jordy Rose [Tue, 23 Aug 2011 20:55:48 +0000 (20:55 +0000)]
[analyzer] Move function retain-count effect summary log from CFRefCount to RetainReleaseChecker, and then explicitly provide the summary log when creating CFRefReports. No functionality change.
Ted Kremenek [Tue, 23 Aug 2011 20:30:50 +0000 (20:30 +0000)]
Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)
incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.
Jordy Rose [Tue, 23 Aug 2011 19:43:16 +0000 (19:43 +0000)]
[analyzer] Move ReturnStmt retain-count analysis from CFRefCount to RetainReleaseChecker. Tweak CFRefReport to reflect that fact that ReturnStmt checks are pre-statement, not post-statement. No intended functionality change.
Caitlin Sadowski [Tue, 23 Aug 2011 18:46:34 +0000 (18:46 +0000)]
Thread-safety analysis: adding in a basic lockset tracking system. This
system flags an error when unlocking a lock which was not held, locking
the same lock twice, having a different lockset on each iteration of a
loop, or going out of scope while still holding a lock. In order to
successfully use the lockset, this patch also makes sure that attribute
arguments are attached correctly for later parsing.
This patch was also worked on by DeLesley Hutchins.
Note: This patch has been reviewed by Chandler Carruth and Jeffrey
Yasskin. Feel free to provide post-commit review comments for a
subsequent patch.
Jordy Rose [Tue, 23 Aug 2011 04:27:15 +0000 (04:27 +0000)]
[analyzer] Only allocate retain summaries for interesting functions/messages. This is a minor saving of memory but doesn't seem to cost any performance.
For the test case added to function-redecl.cpp, we were previously complaining
about a mismatch in the parameter types, since the definition used the
typedef'd type.
Jordy Rose [Mon, 22 Aug 2011 23:48:23 +0000 (23:48 +0000)]
[analyzer] Migrate the handling of retain-count-related RetEffects and ArgEffects from CFRefCount to RetainReleaseChecker. No intended functionality change.
Anna Zaks [Mon, 22 Aug 2011 23:18:12 +0000 (23:18 +0000)]
[analyzer] MacOSKeychainAPIChecker: Users of KeyChain API often use free() to deallocate the password. Catch this error explicitly and generate the error message at the place where free() is called.
Chandler Carruth [Mon, 22 Aug 2011 17:24:56 +0000 (17:24 +0000)]
Fix a crash-on-valid that has been here for a very long time:
const int &x = x;
This crashed by inifinetly recursing within the lvalue evaluation
routine. I've added a (somewhat) braindead way of preventing this
recursion. If folks have better suggestions for how to avoid it I'm all
ears.
That said, we have some work to do. This doesn't trigger a single
warning for uninitialized, self-initialized or otherwise completely
wrong code. In some senses, the crash was almost better.
Boost the efficiency of SourceManager::getMacroArgExpandedLocation.
Currently getMacroArgExpandedLocation is very inefficient and for the case
of a location pointing at the main file it will end up checking almost all of
the SLocEntries. Make it faster:
-Use a map of macro argument chunks to their expanded source location. The map
is for a single source file, it's stored in the file's ContentCache and lazily
computed, like the source lines cache.
-In SLocEntry's FileInfo add an 'unsigned NumCreatedFIDs' field that keeps track
of the number of FileIDs (files and macros) that were created during preprocessing
of that particular file SLocEntry. This is useful when computing the macro argument
map in skipping included files while scanning for macro arg FileIDs that lexed from
a specific source file. Due to padding, the new field does not increase the size
of SLocEntry.
Jordy Rose [Sun, 21 Aug 2011 21:04:38 +0000 (21:04 +0000)]
[analyzer] Remove FIXME; Ted reminded me that -init is not guaranteed to return its receiver and pretending that it does won't actually buy us anything. (Comment change only.)
Jordy Rose [Sun, 21 Aug 2011 19:41:36 +0000 (19:41 +0000)]
[analyzer] Migrate return value handling from CFRefCount to ExprEngine. This seems to result in a minor performance hit, but I think that will go away again once we eliminate TransferFuncs from function calls entirely.
Chandler Carruth [Sat, 20 Aug 2011 06:30:57 +0000 (06:30 +0000)]
Remove this test. It requires C++ standard library headers, which we'd
like to avoid within the Clang test suite, it doesn't verify the output
at all so it only servers as a test that Clang doesn't crash, and
finally all it does is declare a function that returns a vector and call
it. Probably the biggest thing being tested here is Clang's parsing of
the vector template, and we have lots of good template parsing tests. We
don't need another in codegen.
Ted Kremenek [Sat, 20 Aug 2011 06:00:03 +0000 (06:00 +0000)]
Start partitioning ExprEngine.cpp into separate .cpp files that handle different parts
of the analysis (e.g., analysis of C expressions, analysis of Objective-C expressions, and so on).
Douglas Gregor [Sat, 20 Aug 2011 05:09:43 +0000 (05:09 +0000)]
Make the loading of multiple records for the same identifier (from
different modules) more robust. It already handled (simple) merges of
the set of declarations attached to that identifier, so add a test
case that shows us getting two different declarations for the same
identifier (one struct, one function) from different modules, and are
able to use both of them.
Douglas Gregor [Sat, 20 Aug 2011 04:39:52 +0000 (04:39 +0000)]
Introduce a module visitation function that starts at the top-level
modules (those that no other module depends on) and performs a search
over all of the modules, visiting a new module only when all of the
modules that depend on it have already been visited. The visitor can
abort the search for all modules that a module depends on, which
allows us to minimize the number of lookups necessary when performing
a search.
Switch identifier lookup from a linear walk over the set of modules to
this module visitation operation. The behavior is the same for simple
PCH and chained PCH, but provides the proper search order for
modules. Verified with printf debugging, since we don't have enough in
place to actually test this.
Anna Zaks [Sat, 20 Aug 2011 01:27:22 +0000 (01:27 +0000)]
Static Analyzer Diagnostics: Move the responsibility for generating the endOfPath diagnostic piece from BugReport to BugReporterVisitor. Switch CFRefCount to use visitors in order to generate the endOfPath piece.
For assigning SourceLocations to macro arg tokens, reserve a single SLocEntry
for tokens that are lexed consecutively from the same FileID, instead of creating
a SLocEntry for each token. e.g for
assert(foo == bar);
there will be a single SLocEntry for the "foo == bar" chunk and locations
for the 'foo', '==', 'bar' tokens will point inside that chunk.
For parsing SemaExpr.cpp, this reduced the number of SLocEntries by 25%.
projects / clang / log