2008-04-03 12:42:52 +08:00
|
|
|
// BugReporter.cpp - Generate PathDiagnostics for Bugs ------------*- C++ -*--//
|
|
|
|
|
//
|
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
|
//
|
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
//
|
|
|
|
|
// This file defines BugReporter, a utility class for generating
|
2009-06-26 08:05:51 +08:00
|
|
|
// PathDiagnostics.
|
2008-04-03 12:42:52 +08:00
|
|
|
//
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2011-02-10 09:03:03 +08:00
|
|
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
|
2008-04-03 12:42:52 +08:00
|
|
|
#include "clang/AST/ASTContext.h"
|
2012-01-28 20:06:22 +08:00
|
|
|
#include "clang/AST/DeclObjC.h"
|
2008-04-03 12:42:52 +08:00
|
|
|
#include "clang/AST/Expr.h"
|
2013-06-17 20:56:08 +08:00
|
|
|
#include "clang/AST/ExprCXX.h"
|
2009-03-28 04:55:39 +08:00
|
|
|
#include "clang/AST/ParentMap.h"
|
2013-06-17 20:56:08 +08:00
|
|
|
#include "clang/AST/StmtCXX.h"
|
2014-01-07 19:51:46 +08:00
|
|
|
#include "clang/AST/StmtObjC.h"
|
2012-12-04 17:13:33 +08:00
|
|
|
#include "clang/Analysis/CFG.h"
|
2008-04-03 12:42:52 +08:00
|
|
|
#include "clang/Analysis/ProgramPoint.h"
|
2012-12-04 17:13:33 +08:00
|
|
|
#include "clang/Basic/SourceManager.h"
|
|
|
|
|
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
|
2011-02-10 09:03:03 +08:00
|
|
|
#include "clang/StaticAnalyzer/Core/BugReporter/PathDiagnostic.h"
|
2012-12-04 17:13:33 +08:00
|
|
|
#include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h"
|
2008-06-18 13:34:07 +08:00
|
|
|
#include "llvm/ADT/DenseMap.h"
|
2012-02-08 12:32:34 +08:00
|
|
|
#include "llvm/ADT/IntrusiveRefCntPtr.h"
|
2012-12-04 17:13:33 +08:00
|
|
|
#include "llvm/ADT/STLExtras.h"
|
|
|
|
|
#include "llvm/ADT/SmallString.h"
|
2013-03-16 05:41:53 +08:00
|
|
|
#include "llvm/ADT/Statistic.h"
|
2012-12-04 17:13:33 +08:00
|
|
|
#include "llvm/Support/raw_ostream.h"
|
2014-03-09 19:36:40 +08:00
|
|
|
#include <memory>
|
2009-03-13 07:41:59 +08:00
|
|
|
#include <queue>
|
2008-04-03 12:42:52 +08:00
|
|
|
|
|
|
|
|
using namespace clang;
|
2010-12-23 15:20:52 +08:00
|
|
|
using namespace ento;
|
2008-04-03 12:42:52 +08:00
|
|
|
|
2014-04-22 11:17:02 +08:00
|
|
|
#define DEBUG_TYPE "BugReporter"
|
|
|
|
|
|
2013-03-16 05:41:53 +08:00
|
|
|
STATISTIC(MaxBugClassSize,
|
|
|
|
|
"The maximum number of bug reports in the same equivalence class");
|
|
|
|
|
STATISTIC(MaxValidBugClassSize,
|
|
|
|
|
"The maximum number of bug reports in the same equivalence class "
|
|
|
|
|
"where at least one report is valid (not suppressed)");
|
|
|
|
|
|
2015-10-20 21:23:58 +08:00
|
|
|
BugReporterVisitor::~BugReporterVisitor() {}
|
2010-03-21 02:01:57 +08:00
|
|
|
|
2011-12-20 10:48:34 +08:00
|
|
|
void BugReporterContext::anchor() {}
|
|
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2009-04-01 07:00:32 +08:00
|
|
|
// Helper routines for walking the ExplodedGraph and fetching statements.
|
2009-02-05 07:49:09 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2008-04-03 12:42:52 +08:00
|
|
|
|
2011-08-13 07:37:29 +08:00
|
|
|
static const Stmt *GetPreviousStmt(const ExplodedNode *N) {
|
2013-04-24 07:57:43 +08:00
|
|
|
for (N = N->getFirstPred(); N; N = N->getFirstPred())
|
|
|
|
|
if (const Stmt *S = PathDiagnosticLocation::getStmt(N))
|
2009-02-24 06:44:26 +08:00
|
|
|
return S;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2009-02-24 06:44:26 +08:00
|
|
|
}
|
|
|
|
|
|
2009-07-23 06:35:28 +08:00
|
|
|
static inline const Stmt*
|
2011-08-13 07:37:29 +08:00
|
|
|
GetCurrentOrPreviousStmt(const ExplodedNode *N) {
|
2013-04-24 07:57:43 +08:00
|
|
|
if (const Stmt *S = PathDiagnosticLocation::getStmt(N))
|
2009-02-24 06:44:26 +08:00
|
|
|
return S;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-02-24 06:44:26 +08:00
|
|
|
return GetPreviousStmt(N);
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-02-29 07:06:21 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Diagnostic cleanup.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
static PathDiagnosticEventPiece *
|
|
|
|
|
eventsDescribeSameCondition(PathDiagnosticEventPiece *X,
|
|
|
|
|
PathDiagnosticEventPiece *Y) {
|
|
|
|
|
// Prefer diagnostics that come from ConditionBRVisitor over
|
|
|
|
|
// those that came from TrackConstraintBRVisitor.
|
|
|
|
|
const void *tagPreferred = ConditionBRVisitor::getTag();
|
|
|
|
|
const void *tagLesser = TrackConstraintBRVisitor::getTag();
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
if (X->getLocation() != Y->getLocation())
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
|
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
if (X->getTag() == tagPreferred && Y->getTag() == tagLesser)
|
|
|
|
|
return X;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
if (Y->getTag() == tagPreferred && X->getTag() == tagLesser)
|
|
|
|
|
return Y;
|
2014-05-27 10:45:47 +08:00
|
|
|
|
|
|
|
|
return nullptr;
|
2012-10-26 06:07:10 +08:00
|
|
|
}
|
|
|
|
|
|
2012-10-27 00:02:36 +08:00
|
|
|
/// An optimization pass over PathPieces that removes redundant diagnostics
|
|
|
|
|
/// generated by both ConditionBRVisitor and TrackConstraintBRVisitor. Both
|
|
|
|
|
/// BugReporterVisitors use different methods to generate diagnostics, with
|
|
|
|
|
/// one capable of emitting diagnostics in some cases but not in others. This
|
|
|
|
|
/// can lead to redundant diagnostic pieces at the same point in a path.
|
|
|
|
|
static void removeRedundantMsgs(PathPieces &path) {
|
2012-10-26 06:07:10 +08:00
|
|
|
unsigned N = path.size();
|
|
|
|
|
if (N < 2)
|
|
|
|
|
return;
|
2012-10-27 00:02:36 +08:00
|
|
|
// NOTE: this loop intentionally is not using an iterator. Instead, we
|
|
|
|
|
// are streaming the path and modifying it in place. This is done by
|
|
|
|
|
// grabbing the front, processing it, and if we decide to keep it append
|
|
|
|
|
// it to the end of the path. The entire path is processed in this way.
|
2012-10-26 06:07:10 +08:00
|
|
|
for (unsigned i = 0; i < N; ++i) {
|
|
|
|
|
IntrusiveRefCntPtr<PathDiagnosticPiece> piece(path.front());
|
|
|
|
|
path.pop_front();
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
switch (piece->getKind()) {
|
|
|
|
|
case clang::ento::PathDiagnosticPiece::Call:
|
2012-10-27 00:02:36 +08:00
|
|
|
removeRedundantMsgs(cast<PathDiagnosticCallPiece>(piece)->path);
|
2012-10-26 06:07:10 +08:00
|
|
|
break;
|
|
|
|
|
case clang::ento::PathDiagnosticPiece::Macro:
|
2012-10-27 00:02:36 +08:00
|
|
|
removeRedundantMsgs(cast<PathDiagnosticMacroPiece>(piece)->subPieces);
|
2012-10-26 06:07:10 +08:00
|
|
|
break;
|
|
|
|
|
case clang::ento::PathDiagnosticPiece::ControlFlow:
|
|
|
|
|
break;
|
|
|
|
|
case clang::ento::PathDiagnosticPiece::Event: {
|
|
|
|
|
if (i == N-1)
|
|
|
|
|
break;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-10-26 06:07:10 +08:00
|
|
|
if (PathDiagnosticEventPiece *nextEvent =
|
2014-07-05 11:08:06 +08:00
|
|
|
dyn_cast<PathDiagnosticEventPiece>(path.front().get())) {
|
2012-10-26 06:07:10 +08:00
|
|
|
PathDiagnosticEventPiece *event =
|
|
|
|
|
cast<PathDiagnosticEventPiece>(piece);
|
|
|
|
|
// Check to see if we should keep one of the two pieces. If we
|
|
|
|
|
// come up with a preference, record which piece to keep, and consume
|
|
|
|
|
// another piece from the path.
|
|
|
|
|
if (PathDiagnosticEventPiece *pieceToKeep =
|
|
|
|
|
eventsDescribeSameCondition(event, nextEvent)) {
|
|
|
|
|
piece = pieceToKeep;
|
|
|
|
|
path.pop_front();
|
|
|
|
|
++i;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
path.push_back(piece);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-03 08:32:44 +08:00
|
|
|
/// A map from PathDiagnosticPiece to the LocationContext of the inlined
|
|
|
|
|
/// function call it represents.
|
2013-05-04 09:13:01 +08:00
|
|
|
typedef llvm::DenseMap<const PathPieces *, const LocationContext *>
|
2013-05-03 08:32:44 +08:00
|
|
|
LocationContextMap;
|
|
|
|
|
|
2012-02-29 07:06:21 +08:00
|
|
|
/// Recursively scan through a path and prune out calls and macros pieces
|
|
|
|
|
/// that aren't needed. Return true if afterwards the path contains
|
2012-12-08 03:56:29 +08:00
|
|
|
/// "interesting stuff" which means it shouldn't be pruned from the parent path.
|
2013-05-03 08:32:44 +08:00
|
|
|
static bool removeUnneededCalls(PathPieces &pieces, BugReport *R,
|
|
|
|
|
LocationContextMap &LCM) {
|
2012-02-29 07:06:21 +08:00
|
|
|
bool containsSomethingInteresting = false;
|
|
|
|
|
const unsigned N = pieces.size();
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-02-29 07:06:21 +08:00
|
|
|
for (unsigned i = 0 ; i < N ; ++i) {
|
|
|
|
|
// Remove the front piece from the path. If it is still something we
|
|
|
|
|
// want to keep once we are done, we will push it back on the end.
|
|
|
|
|
IntrusiveRefCntPtr<PathDiagnosticPiece> piece(pieces.front());
|
|
|
|
|
pieces.pop_front();
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-03-01 08:05:06 +08:00
|
|
|
switch (piece->getKind()) {
|
|
|
|
|
case PathDiagnosticPiece::Call: {
|
|
|
|
|
PathDiagnosticCallPiece *call = cast<PathDiagnosticCallPiece>(piece);
|
2012-08-30 05:22:37 +08:00
|
|
|
// Check if the location context is interesting.
|
2013-05-04 09:13:01 +08:00
|
|
|
assert(LCM.count(&call->path));
|
|
|
|
|
if (R->isInteresting(LCM[&call->path])) {
|
2012-08-30 05:22:37 +08:00
|
|
|
containsSomethingInteresting = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2012-11-15 10:07:23 +08:00
|
|
|
|
2013-05-03 08:32:44 +08:00
|
|
|
if (!removeUnneededCalls(call->path, R, LCM))
|
2012-11-15 10:07:23 +08:00
|
|
|
continue;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-03-01 08:05:06 +08:00
|
|
|
containsSomethingInteresting = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case PathDiagnosticPiece::Macro: {
|
|
|
|
|
PathDiagnosticMacroPiece *macro = cast<PathDiagnosticMacroPiece>(piece);
|
2013-05-03 08:32:44 +08:00
|
|
|
if (!removeUnneededCalls(macro->subPieces, R, LCM))
|
2012-03-01 08:05:06 +08:00
|
|
|
continue;
|
2012-02-29 07:06:21 +08:00
|
|
|
containsSomethingInteresting = true;
|
2012-03-01 08:05:06 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case PathDiagnosticPiece::Event: {
|
|
|
|
|
PathDiagnosticEventPiece *event = cast<PathDiagnosticEventPiece>(piece);
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-03-01 08:05:06 +08:00
|
|
|
// We never throw away an event, but we do throw it away wholesale
|
|
|
|
|
// as part of a path if we throw the entire path away.
|
2012-09-08 15:18:18 +08:00
|
|
|
containsSomethingInteresting |= !event->isPrunable();
|
2012-03-01 08:05:06 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
case PathDiagnosticPiece::ControlFlow:
|
|
|
|
|
break;
|
2012-02-29 07:06:21 +08:00
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-02-29 07:06:21 +08:00
|
|
|
pieces.push_back(piece);
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-02-29 07:06:21 +08:00
|
|
|
return containsSomethingInteresting;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-25 05:43:11 +08:00
|
|
|
/// Returns true if the given decl has been implicitly given a body, either by
|
|
|
|
|
/// the analyzer or by the compiler proper.
|
|
|
|
|
static bool hasImplicitBody(const Decl *D) {
|
|
|
|
|
assert(D);
|
|
|
|
|
return D->isImplicit() || !D->hasBody();
|
|
|
|
|
}
|
|
|
|
|
|
2012-12-08 03:56:29 +08:00
|
|
|
/// Recursively scan through a path and make sure that all call pieces have
|
2015-09-08 11:50:52 +08:00
|
|
|
/// valid locations.
|
2014-05-27 10:45:47 +08:00
|
|
|
static void
|
|
|
|
|
adjustCallLocations(PathPieces &Pieces,
|
|
|
|
|
PathDiagnosticLocation *LastCallLocation = nullptr) {
|
2012-12-08 03:56:29 +08:00
|
|
|
for (PathPieces::iterator I = Pieces.begin(), E = Pieces.end(); I != E; ++I) {
|
2013-04-30 07:12:59 +08:00
|
|
|
PathDiagnosticCallPiece *Call = dyn_cast<PathDiagnosticCallPiece>(*I);
|
2012-12-08 03:56:29 +08:00
|
|
|
|
|
|
|
|
if (!Call) {
|
2013-04-30 07:12:59 +08:00
|
|
|
assert((*I)->getLocation().asLocation().isValid());
|
2012-12-08 03:56:29 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (LastCallLocation) {
|
2013-05-25 05:43:11 +08:00
|
|
|
bool CallerIsImplicit = hasImplicitBody(Call->getCaller());
|
|
|
|
|
if (CallerIsImplicit || !Call->callEnter.asLocation().isValid())
|
2012-12-08 03:56:29 +08:00
|
|
|
Call->callEnter = *LastCallLocation;
|
2013-05-25 05:43:11 +08:00
|
|
|
if (CallerIsImplicit || !Call->callReturn.asLocation().isValid())
|
2012-12-08 03:56:29 +08:00
|
|
|
Call->callReturn = *LastCallLocation;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Recursively clean out the subclass. Keep this call around if
|
|
|
|
|
// it contains any informative diagnostics.
|
|
|
|
|
PathDiagnosticLocation *ThisCallLocation;
|
2013-01-22 02:28:30 +08:00
|
|
|
if (Call->callEnterWithin.asLocation().isValid() &&
|
2013-05-25 05:43:11 +08:00
|
|
|
!hasImplicitBody(Call->getCallee()))
|
2012-12-08 03:56:29 +08:00
|
|
|
ThisCallLocation = &Call->callEnterWithin;
|
|
|
|
|
else
|
|
|
|
|
ThisCallLocation = &Call->callEnter;
|
|
|
|
|
|
|
|
|
|
assert(ThisCallLocation && "Outermost call has an invalid location");
|
|
|
|
|
adjustCallLocations(Call->path, ThisCallLocation);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-10-17 01:45:35 +08:00
|
|
|
/// Remove edges in and out of C++ default initializer expressions. These are
|
|
|
|
|
/// for fields that have in-class initializers, as opposed to being initialized
|
|
|
|
|
/// explicitly in a constructor or braced list.
|
|
|
|
|
static void removeEdgesToDefaultInitializers(PathPieces &Pieces) {
|
|
|
|
|
for (PathPieces::iterator I = Pieces.begin(), E = Pieces.end(); I != E;) {
|
|
|
|
|
if (PathDiagnosticCallPiece *C = dyn_cast<PathDiagnosticCallPiece>(*I))
|
|
|
|
|
removeEdgesToDefaultInitializers(C->path);
|
|
|
|
|
|
|
|
|
|
if (PathDiagnosticMacroPiece *M = dyn_cast<PathDiagnosticMacroPiece>(*I))
|
|
|
|
|
removeEdgesToDefaultInitializers(M->subPieces);
|
|
|
|
|
|
|
|
|
|
if (PathDiagnosticControlFlowPiece *CF =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I)) {
|
|
|
|
|
const Stmt *Start = CF->getStartLocation().asStmt();
|
|
|
|
|
const Stmt *End = CF->getEndLocation().asStmt();
|
|
|
|
|
if (Start && isa<CXXDefaultInitExpr>(Start)) {
|
|
|
|
|
I = Pieces.erase(I);
|
|
|
|
|
continue;
|
|
|
|
|
} else if (End && isa<CXXDefaultInitExpr>(End)) {
|
2014-03-02 20:20:24 +08:00
|
|
|
PathPieces::iterator Next = std::next(I);
|
2013-10-17 01:45:35 +08:00
|
|
|
if (Next != E) {
|
|
|
|
|
if (PathDiagnosticControlFlowPiece *NextCF =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*Next)) {
|
|
|
|
|
NextCF->setStartLocation(CF->getStartLocation());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
I = Pieces.erase(I);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
I++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-07 06:02:58 +08:00
|
|
|
/// Remove all pieces with invalid locations as these cannot be serialized.
|
|
|
|
|
/// We might have pieces with invalid locations as a result of inlining Body
|
|
|
|
|
/// Farm generated functions.
|
|
|
|
|
static void removePiecesWithInvalidLocations(PathPieces &Pieces) {
|
2013-06-07 06:32:11 +08:00
|
|
|
for (PathPieces::iterator I = Pieces.begin(), E = Pieces.end(); I != E;) {
|
2013-06-07 06:02:58 +08:00
|
|
|
if (PathDiagnosticCallPiece *C = dyn_cast<PathDiagnosticCallPiece>(*I))
|
|
|
|
|
removePiecesWithInvalidLocations(C->path);
|
|
|
|
|
|
|
|
|
|
if (PathDiagnosticMacroPiece *M = dyn_cast<PathDiagnosticMacroPiece>(*I))
|
|
|
|
|
removePiecesWithInvalidLocations(M->subPieces);
|
|
|
|
|
|
|
|
|
|
if (!(*I)->getLocation().isValid() ||
|
|
|
|
|
!(*I)->getLocation().asLocation().isValid()) {
|
2013-06-07 06:32:11 +08:00
|
|
|
I = Pieces.erase(I);
|
2013-06-07 06:02:58 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
2013-06-07 06:32:11 +08:00
|
|
|
I++;
|
2013-06-07 06:02:58 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-24 06:44:26 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2009-04-01 07:00:32 +08:00
|
|
|
// PathDiagnosticBuilder and its associated routines and helper objects.
|
2009-02-24 06:44:26 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2009-02-24 07:13:51 +08:00
|
|
|
|
2009-03-27 13:06:10 +08:00
|
|
|
namespace {
|
2009-11-28 14:07:30 +08:00
|
|
|
class NodeMapClosure : public BugReport::NodeResolver {
|
2013-03-16 09:07:53 +08:00
|
|
|
InterExplodedGraphMap &M;
|
2009-04-01 04:22:36 +08:00
|
|
|
public:
|
2013-03-16 09:07:53 +08:00
|
|
|
NodeMapClosure(InterExplodedGraphMap &m) : M(m) {}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2014-03-15 12:29:04 +08:00
|
|
|
const ExplodedNode *getOriginalNode(const ExplodedNode *N) override {
|
2013-03-16 09:07:53 +08:00
|
|
|
return M.lookup(N);
|
2009-04-01 04:22:36 +08:00
|
|
|
}
|
|
|
|
|
};
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-11-28 14:07:30 +08:00
|
|
|
class PathDiagnosticBuilder : public BugReporterContext {
|
2009-04-01 04:22:36 +08:00
|
|
|
BugReport *R;
|
2011-09-26 08:51:36 +08:00
|
|
|
PathDiagnosticConsumer *PDC;
|
2009-04-01 04:22:36 +08:00
|
|
|
NodeMapClosure NMC;
|
2009-09-09 23:08:12 +08:00
|
|
|
public:
|
2012-02-24 15:12:52 +08:00
|
|
|
const LocationContext *LC;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-05-07 05:39:49 +08:00
|
|
|
PathDiagnosticBuilder(GRBugReporter &br,
|
2013-03-16 09:07:53 +08:00
|
|
|
BugReport *r, InterExplodedGraphMap &Backmap,
|
2011-09-26 08:51:36 +08:00
|
|
|
PathDiagnosticConsumer *pdc)
|
2009-05-07 05:39:49 +08:00
|
|
|
: BugReporterContext(br),
|
2012-02-24 15:12:52 +08:00
|
|
|
R(r), PDC(pdc), NMC(Backmap), LC(r->getErrorNode()->getLocationContext())
|
|
|
|
|
{}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-08-13 07:37:29 +08:00
|
|
|
PathDiagnosticLocation ExecutionContinues(const ExplodedNode *N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-08-13 07:37:29 +08:00
|
|
|
PathDiagnosticLocation ExecutionContinues(llvm::raw_string_ostream &os,
|
|
|
|
|
const ExplodedNode *N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-08-19 06:37:56 +08:00
|
|
|
BugReport *getBugReport() { return R; }
|
|
|
|
|
|
2010-09-16 11:50:38 +08:00
|
|
|
Decl const &getCodeDecl() { return R->getErrorNode()->getCodeDecl(); }
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-02-24 15:12:52 +08:00
|
|
|
ParentMap& getParentMap() { return LC->getParentMap(); }
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-02 01:18:21 +08:00
|
|
|
const Stmt *getParent(const Stmt *S) {
|
|
|
|
|
return getParentMap().getParent(S);
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2014-03-15 12:29:04 +08:00
|
|
|
NodeMapClosure& getNodeResolver() override { return NMC; }
|
2009-04-18 08:02:19 +08:00
|
|
|
|
2009-03-28 05:16:25 +08:00
|
|
|
PathDiagnosticLocation getEnclosingStmtLocation(const Stmt *S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-09-26 08:51:36 +08:00
|
|
|
PathDiagnosticConsumer::PathGenerationScheme getGenerationScheme() const {
|
|
|
|
|
return PDC ? PDC->getGenerationScheme() : PathDiagnosticConsumer::Extensive;
|
2009-04-01 04:22:36 +08:00
|
|
|
}
|
|
|
|
|
|
2009-03-27 13:06:10 +08:00
|
|
|
bool supportsLogicalOpControlFlow() const {
|
|
|
|
|
return PDC ? PDC->supportsLogicalOpControlFlow() : true;
|
2009-09-09 23:08:12 +08:00
|
|
|
}
|
2009-03-27 13:06:10 +08:00
|
|
|
};
|
|
|
|
|
} // end anonymous namespace
|
|
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
PathDiagnosticLocation
|
2011-08-13 07:37:29 +08:00
|
|
|
PathDiagnosticBuilder::ExecutionContinues(const ExplodedNode *N) {
|
2013-04-24 07:57:43 +08:00
|
|
|
if (const Stmt *S = PathDiagnosticLocation::getNextStmt(N))
|
2012-02-24 15:12:52 +08:00
|
|
|
return PathDiagnosticLocation(S, getSourceManager(), LC);
|
2009-03-28 04:55:39 +08:00
|
|
|
|
2011-09-17 03:18:30 +08:00
|
|
|
return PathDiagnosticLocation::createDeclEnd(N->getLocationContext(),
|
|
|
|
|
getSourceManager());
|
2009-03-13 02:41:53 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
PathDiagnosticLocation
|
2011-08-13 07:37:29 +08:00
|
|
|
PathDiagnosticBuilder::ExecutionContinues(llvm::raw_string_ostream &os,
|
|
|
|
|
const ExplodedNode *N) {
|
2009-03-27 13:06:10 +08:00
|
|
|
|
2008-05-07 02:11:09 +08:00
|
|
|
// Slow, but probably doesn't matter.
|
2009-02-24 06:44:26 +08:00
|
|
|
if (os.str().empty())
|
|
|
|
|
os << ' ';
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
const PathDiagnosticLocation &Loc = ExecutionContinues(N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
if (Loc.asStmt())
|
2009-02-24 06:44:26 +08:00
|
|
|
os << "Execution continues on line "
|
2011-07-26 05:09:52 +08:00
|
|
|
<< getSourceManager().getExpansionLineNumber(Loc.asLocation())
|
2009-05-07 05:39:49 +08:00
|
|
|
<< '.';
|
2009-12-05 04:34:31 +08:00
|
|
|
else {
|
|
|
|
|
os << "Execution jumps to the end of the ";
|
|
|
|
|
const Decl *D = N->getLocationContext()->getDecl();
|
|
|
|
|
if (isa<ObjCMethodDecl>(D))
|
|
|
|
|
os << "method";
|
|
|
|
|
else if (isa<FunctionDecl>(D))
|
|
|
|
|
os << "function";
|
|
|
|
|
else {
|
|
|
|
|
assert(isa<BlockDecl>(D));
|
|
|
|
|
os << "anonymous block";
|
|
|
|
|
}
|
|
|
|
|
os << '.';
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-13 02:41:53 +08:00
|
|
|
return Loc;
|
2008-05-07 02:11:09 +08:00
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
static const Stmt *getEnclosingParent(const Stmt *S, const ParentMap &PM) {
|
2009-05-15 09:50:15 +08:00
|
|
|
if (isa<Expr>(S) && PM.isConsumedExpr(cast<Expr>(S)))
|
2013-06-04 06:59:48 +08:00
|
|
|
return PM.getParentIgnoreParens(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-15 09:50:15 +08:00
|
|
|
const Stmt *Parent = PM.getParentIgnoreParens(S);
|
2013-06-04 06:59:48 +08:00
|
|
|
if (!Parent)
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
switch (Parent->getStmtClass()) {
|
|
|
|
|
case Stmt::ForStmtClass:
|
|
|
|
|
case Stmt::DoStmtClass:
|
|
|
|
|
case Stmt::WhileStmtClass:
|
|
|
|
|
case Stmt::ObjCForCollectionStmtClass:
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
case Stmt::CXXForRangeStmtClass:
|
2013-06-04 06:59:48 +08:00
|
|
|
return Parent;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2009-05-15 09:50:15 +08:00
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
static PathDiagnosticLocation
|
|
|
|
|
getEnclosingStmtLocation(const Stmt *S, SourceManager &SMgr, const ParentMap &P,
|
2013-06-04 06:59:53 +08:00
|
|
|
const LocationContext *LC, bool allowNestedContexts) {
|
2013-06-04 06:59:48 +08:00
|
|
|
if (!S)
|
|
|
|
|
return PathDiagnosticLocation();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
while (const Stmt *Parent = getEnclosingParent(S, P)) {
|
2009-03-28 11:37:59 +08:00
|
|
|
switch (Parent->getStmtClass()) {
|
2009-04-01 14:13:56 +08:00
|
|
|
case Stmt::BinaryOperatorClass: {
|
|
|
|
|
const BinaryOperator *B = cast<BinaryOperator>(Parent);
|
|
|
|
|
if (B->isLogicalOp())
|
2013-06-04 06:59:53 +08:00
|
|
|
return PathDiagnosticLocation(allowNestedContexts ? B : S, SMgr, LC);
|
2009-04-01 14:13:56 +08:00
|
|
|
break;
|
2009-09-09 23:08:12 +08:00
|
|
|
}
|
2009-03-28 11:37:59 +08:00
|
|
|
case Stmt::CompoundStmtClass:
|
|
|
|
|
case Stmt::StmtExprClass:
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-03-28 12:08:14 +08:00
|
|
|
case Stmt::ChooseExprClass:
|
|
|
|
|
// Similar to '?' if we are referring to condition, just have the edge
|
|
|
|
|
// point to the entire choose expression.
|
2013-06-04 06:59:53 +08:00
|
|
|
if (allowNestedContexts || cast<ChooseExpr>(Parent)->getCond() == S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(Parent, SMgr, LC);
|
2009-03-28 12:08:14 +08:00
|
|
|
else
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2011-02-17 18:25:35 +08:00
|
|
|
case Stmt::BinaryConditionalOperatorClass:
|
2009-03-28 12:08:14 +08:00
|
|
|
case Stmt::ConditionalOperatorClass:
|
|
|
|
|
// For '?', if we are referring to condition, just have the edge point
|
|
|
|
|
// to the entire '?' expression.
|
2013-06-04 06:59:53 +08:00
|
|
|
if (allowNestedContexts ||
|
|
|
|
|
cast<AbstractConditionalOperator>(Parent)->getCond() == S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(Parent, SMgr, LC);
|
2009-03-28 12:08:14 +08:00
|
|
|
else
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
case Stmt::CXXForRangeStmtClass:
|
|
|
|
|
if (cast<CXXForRangeStmt>(Parent)->getBody() == S)
|
|
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
|
|
|
|
break;
|
2009-03-28 11:37:59 +08:00
|
|
|
case Stmt::DoStmtClass:
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-03-28 11:37:59 +08:00
|
|
|
case Stmt::ForStmtClass:
|
|
|
|
|
if (cast<ForStmt>(Parent)->getBody() == S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-09-09 23:08:12 +08:00
|
|
|
break;
|
2009-03-28 11:37:59 +08:00
|
|
|
case Stmt::IfStmtClass:
|
|
|
|
|
if (cast<IfStmt>(Parent)->getCond() != S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-04-28 12:23:15 +08:00
|
|
|
break;
|
2009-03-28 11:37:59 +08:00
|
|
|
case Stmt::ObjCForCollectionStmtClass:
|
|
|
|
|
if (cast<ObjCForCollectionStmt>(Parent)->getBody() == S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-03-28 11:37:59 +08:00
|
|
|
break;
|
|
|
|
|
case Stmt::WhileStmtClass:
|
|
|
|
|
if (cast<WhileStmt>(Parent)->getCond() != S)
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-03-28 11:37:59 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2009-03-28 05:16:25 +08:00
|
|
|
S = Parent;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 05:16:25 +08:00
|
|
|
assert(S && "Cannot have null Stmt for PathDiagnosticLocation");
|
2009-05-12 06:19:32 +08:00
|
|
|
|
2011-09-15 09:08:34 +08:00
|
|
|
return PathDiagnosticLocation(S, SMgr, LC);
|
2009-03-28 05:16:25 +08:00
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
PathDiagnosticLocation
|
|
|
|
|
PathDiagnosticBuilder::getEnclosingStmtLocation(const Stmt *S) {
|
|
|
|
|
assert(S && "Null Stmt passed to getEnclosingStmtLocation");
|
2013-06-04 06:59:53 +08:00
|
|
|
return ::getEnclosingStmtLocation(S, getSourceManager(), getParentMap(), LC,
|
|
|
|
|
/*allowNestedContexts=*/false);
|
2013-06-04 06:59:48 +08:00
|
|
|
}
|
|
|
|
|
|
2012-09-22 09:24:56 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// "Visitors only" path diagnostic generation algorithm.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
2014-09-05 07:54:33 +08:00
|
|
|
static bool GenerateVisitorsOnlyPathDiagnostic(
|
|
|
|
|
PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N,
|
|
|
|
|
ArrayRef<std::unique_ptr<BugReporterVisitor>> visitors) {
|
2012-09-22 09:24:56 +08:00
|
|
|
// All path generation skips the very first node (the error node).
|
|
|
|
|
// This is because there is special handling for the end-of-path note.
|
|
|
|
|
N = N->getFirstPred();
|
|
|
|
|
if (!N)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
BugReport *R = PDB.getBugReport();
|
|
|
|
|
while (const ExplodedNode *Pred = N->getFirstPred()) {
|
2014-09-05 07:54:33 +08:00
|
|
|
for (auto &V : visitors) {
|
2012-09-22 09:24:56 +08:00
|
|
|
// Visit all the node pairs, but throw the path pieces away.
|
2014-09-05 07:54:33 +08:00
|
|
|
PathDiagnosticPiece *Piece = V->VisitNode(N, Pred, PDB, *R);
|
2012-09-22 09:24:56 +08:00
|
|
|
delete Piece;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
N = Pred;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return R->isValid();
|
|
|
|
|
}
|
|
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2009-04-01 07:00:32 +08:00
|
|
|
// "Minimal" path diagnostic generation algorithm.
|
2009-02-05 07:49:09 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
2012-03-17 07:24:20 +08:00
|
|
|
typedef std::pair<PathDiagnosticCallPiece*, const ExplodedNode*> StackDiagPair;
|
|
|
|
|
typedef SmallVector<StackDiagPair, 6> StackDiagVector;
|
|
|
|
|
|
2012-03-16 05:13:02 +08:00
|
|
|
static void updateStackPiecesWithMessage(PathDiagnosticPiece *P,
|
2012-03-17 07:24:20 +08:00
|
|
|
StackDiagVector &CallStack) {
|
2012-03-16 05:13:02 +08:00
|
|
|
// If the piece contains a special message, add it to all the call
|
|
|
|
|
// pieces on the active stack.
|
|
|
|
|
if (PathDiagnosticEventPiece *ep =
|
|
|
|
|
dyn_cast<PathDiagnosticEventPiece>(P)) {
|
|
|
|
|
|
2012-03-17 07:24:20 +08:00
|
|
|
if (ep->hasCallStackHint())
|
|
|
|
|
for (StackDiagVector::iterator I = CallStack.begin(),
|
|
|
|
|
E = CallStack.end(); I != E; ++I) {
|
|
|
|
|
PathDiagnosticCallPiece *CP = I->first;
|
|
|
|
|
const ExplodedNode *N = I->second;
|
2012-03-17 21:06:05 +08:00
|
|
|
std::string stackMsg = ep->getCallStackMessage(N);
|
2012-03-17 07:24:20 +08:00
|
|
|
|
2012-03-16 05:13:02 +08:00
|
|
|
// The last message on the path to final bug is the most important
|
|
|
|
|
// one. Since we traverse the path backwards, do not add the message
|
|
|
|
|
// if one has been previously added.
|
2012-03-17 07:24:20 +08:00
|
|
|
if (!CP->hasCallStackMessage())
|
|
|
|
|
CP->setCallStackMessage(stackMsg);
|
|
|
|
|
}
|
2012-03-16 05:13:02 +08:00
|
|
|
}
|
|
|
|
|
}
|
2009-02-05 07:49:09 +08:00
|
|
|
|
2012-03-02 09:27:31 +08:00
|
|
|
static void CompactPathDiagnostic(PathPieces &path, const SourceManager& SM);
|
2009-04-07 07:06:54 +08:00
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
static bool GenerateMinimalPathDiagnostic(
|
|
|
|
|
PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N,
|
|
|
|
|
LocationContextMap &LCM,
|
|
|
|
|
ArrayRef<std::unique_ptr<BugReporterVisitor>> visitors) {
|
2009-05-07 05:39:49 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
SourceManager& SMgr = PDB.getSourceManager();
|
2012-02-24 15:12:52 +08:00
|
|
|
const LocationContext *LC = PDB.LC;
|
2011-08-13 07:37:29 +08:00
|
|
|
const ExplodedNode *NextNode = N->pred_empty()
|
2014-05-27 10:45:47 +08:00
|
|
|
? nullptr : *(N->pred_begin());
|
2012-03-16 05:13:02 +08:00
|
|
|
|
2012-03-17 07:24:20 +08:00
|
|
|
StackDiagVector CallStack;
|
2012-03-16 05:13:02 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
while (NextNode) {
|
2009-09-09 23:08:12 +08:00
|
|
|
N = NextNode;
|
2012-02-24 15:12:52 +08:00
|
|
|
PDB.LC = N->getLocationContext();
|
2013-04-24 07:57:43 +08:00
|
|
|
NextNode = N->getFirstPred();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-03 12:42:52 +08:00
|
|
|
ProgramPoint P = N->getLocation();
|
2012-08-30 05:22:37 +08:00
|
|
|
|
|
|
|
|
do {
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<CallExitEnd> CE = P.getAs<CallExitEnd>()) {
|
2012-08-30 05:22:37 +08:00
|
|
|
PathDiagnosticCallPiece *C =
|
|
|
|
|
PathDiagnosticCallPiece::construct(N, *CE, SMgr);
|
2013-05-03 08:32:44 +08:00
|
|
|
// Record the mapping from call piece to LocationContext.
|
2013-05-04 09:13:01 +08:00
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(C);
|
|
|
|
|
PD.pushActivePath(&C->path);
|
|
|
|
|
CallStack.push_back(StackDiagPair(C, N));
|
|
|
|
|
break;
|
2012-03-15 02:58:28 +08:00
|
|
|
}
|
2012-07-27 04:04:05 +08:00
|
|
|
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<CallEnter> CE = P.getAs<CallEnter>()) {
|
2012-08-30 05:22:37 +08:00
|
|
|
// Flush all locations, and pop the active path.
|
|
|
|
|
bool VisitedEntireCall = PD.isWithinCall();
|
|
|
|
|
PD.popActivePath();
|
|
|
|
|
|
|
|
|
|
// Either we just added a bunch of stuff to the top-level path, or
|
|
|
|
|
// we have a previous CallExitEnd. If the former, it means that the
|
|
|
|
|
// path terminated within a function call. We must then take the
|
|
|
|
|
// current contents of the active path and place it within
|
|
|
|
|
// a new PathDiagnosticCallPiece.
|
|
|
|
|
PathDiagnosticCallPiece *C;
|
|
|
|
|
if (VisitedEntireCall) {
|
|
|
|
|
C = cast<PathDiagnosticCallPiece>(PD.getActivePath().front());
|
|
|
|
|
} else {
|
|
|
|
|
const Decl *Caller = CE->getLocationContext()->getDecl();
|
|
|
|
|
C = PathDiagnosticCallPiece::construct(PD.getActivePath(), Caller);
|
2013-05-03 08:32:44 +08:00
|
|
|
// Record the mapping from call piece to LocationContext.
|
2013-05-04 09:13:01 +08:00
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
2012-08-30 05:22:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
C->setCallee(*CE, SMgr);
|
|
|
|
|
if (!CallStack.empty()) {
|
|
|
|
|
assert(CallStack.back().first == C);
|
|
|
|
|
CallStack.pop_back();
|
|
|
|
|
}
|
|
|
|
|
break;
|
2012-03-16 05:13:02 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<BlockEdge> BE = P.getAs<BlockEdge>()) {
|
2012-08-30 05:22:37 +08:00
|
|
|
const CFGBlock *Src = BE->getSrc();
|
|
|
|
|
const CFGBlock *Dst = BE->getDst();
|
|
|
|
|
const Stmt *T = Src->getTerminator();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
if (!T)
|
|
|
|
|
break;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PathDiagnosticLocation Start =
|
|
|
|
|
PathDiagnosticLocation::createBegin(T, SMgr,
|
|
|
|
|
N->getLocationContext());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
switch (T->getStmtClass()) {
|
2008-04-03 12:42:52 +08:00
|
|
|
default:
|
|
|
|
|
break;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-03 12:42:52 +08:00
|
|
|
case Stmt::GotoStmtClass:
|
2009-09-09 23:08:12 +08:00
|
|
|
case Stmt::IndirectGotoStmtClass: {
|
2013-04-24 07:57:43 +08:00
|
|
|
const Stmt *S = PathDiagnosticLocation::getNextStmt(N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-03 12:42:52 +08:00
|
|
|
if (!S)
|
2012-08-30 05:22:37 +08:00
|
|
|
break;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-02-11 07:56:07 +08:00
|
|
|
std::string sbuf;
|
2009-09-09 23:08:12 +08:00
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-03-28 05:16:25 +08:00
|
|
|
const PathDiagnosticLocation &End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
os << "Control jumps to line "
|
2012-08-30 05:22:37 +08:00
|
|
|
<< End.asLocation().getExpansionLineNumber();
|
|
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2008-04-03 12:42:52 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
case Stmt::SwitchStmtClass: {
|
2008-04-03 12:42:52 +08:00
|
|
|
// Figure out what case arm we took.
|
2009-02-11 07:56:07 +08:00
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-08-13 07:37:29 +08:00
|
|
|
if (const Stmt *S = Dst->getLabel()) {
|
2011-09-15 09:08:34 +08:00
|
|
|
PathDiagnosticLocation End(S, SMgr, LC);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-24 07:35:07 +08:00
|
|
|
switch (S->getStmtClass()) {
|
2012-08-30 05:22:37 +08:00
|
|
|
default:
|
|
|
|
|
os << "No cases match in the switch statement. "
|
|
|
|
|
"Control jumps to line "
|
|
|
|
|
<< End.asLocation().getExpansionLineNumber();
|
|
|
|
|
break;
|
|
|
|
|
case Stmt::DefaultStmtClass:
|
|
|
|
|
os << "Control jumps to the 'default' case at line "
|
|
|
|
|
<< End.asLocation().getExpansionLineNumber();
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case Stmt::CaseStmtClass: {
|
|
|
|
|
os << "Control jumps to 'case ";
|
|
|
|
|
const CaseStmt *Case = cast<CaseStmt>(S);
|
|
|
|
|
const Expr *LHS = Case->getLHS()->IgnoreParenCasts();
|
|
|
|
|
|
|
|
|
|
// Determine if it is an enum.
|
|
|
|
|
bool GetRawInt = true;
|
|
|
|
|
|
|
|
|
|
if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(LHS)) {
|
|
|
|
|
// FIXME: Maybe this should be an assertion. Are there cases
|
|
|
|
|
// were it is not an EnumConstantDecl?
|
|
|
|
|
const EnumConstantDecl *D =
|
2010-07-20 14:22:24 +08:00
|
|
|
dyn_cast<EnumConstantDecl>(DR->getDecl());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
if (D) {
|
|
|
|
|
GetRawInt = false;
|
|
|
|
|
os << *D;
|
2008-04-24 07:35:07 +08:00
|
|
|
}
|
2012-08-30 05:22:37 +08:00
|
|
|
}
|
2009-04-27 03:04:51 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
if (GetRawInt)
|
|
|
|
|
os << LHS->EvaluateKnownConstInt(PDB.getASTContext());
|
2009-04-27 03:04:51 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
os << ":' at line "
|
|
|
|
|
<< End.asLocation().getExpansionLineNumber();
|
|
|
|
|
break;
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
2012-08-30 05:22:37 +08:00
|
|
|
}
|
|
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
2008-04-25 09:29:56 +08:00
|
|
|
else {
|
2008-09-13 02:17:46 +08:00
|
|
|
os << "'Default' branch taken. ";
|
2009-09-09 23:08:12 +08:00
|
|
|
const PathDiagnosticLocation &End = PDB.ExecutionContinues(os, N);
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2008-04-25 09:29:56 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-03 12:42:52 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-26 03:01:27 +08:00
|
|
|
case Stmt::BreakStmtClass:
|
|
|
|
|
case Stmt::ContinueStmtClass: {
|
2009-02-11 07:56:07 +08:00
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-03-28 04:55:39 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(os, N);
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2008-04-26 03:01:27 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
// Determine control-flow for ternary '?'.
|
2011-02-17 18:25:35 +08:00
|
|
|
case Stmt::BinaryConditionalOperatorClass:
|
2008-04-08 07:35:17 +08:00
|
|
|
case Stmt::ConditionalOperatorClass: {
|
2009-02-11 07:56:07 +08:00
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-03-28 12:08:14 +08:00
|
|
|
os << "'?' condition is ";
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-08 07:35:17 +08:00
|
|
|
if (*(Src->succ_begin()+1) == Dst)
|
2009-03-13 02:41:53 +08:00
|
|
|
os << "false";
|
2008-04-08 07:35:17 +08:00
|
|
|
else
|
2009-03-13 02:41:53 +08:00
|
|
|
os << "true";
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 04:55:39 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 12:08:14 +08:00
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-03-27 13:06:10 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
// Determine control-flow for short-circuited '&&' and '||'.
|
2009-03-27 13:06:10 +08:00
|
|
|
case Stmt::BinaryOperatorClass: {
|
|
|
|
|
if (!PDB.supportsLogicalOpControlFlow())
|
|
|
|
|
break;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2010-07-20 14:22:24 +08:00
|
|
|
const BinaryOperator *B = cast<BinaryOperator>(T);
|
2009-03-27 13:06:10 +08:00
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
|
|
|
|
os << "Left side of '";
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2010-08-25 19:45:40 +08:00
|
|
|
if (B->getOpcode() == BO_LAnd) {
|
2009-03-29 01:33:57 +08:00
|
|
|
os << "&&" << "' is ";
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-29 01:33:57 +08:00
|
|
|
if (*(Src->succ_begin()+1) == Dst) {
|
|
|
|
|
os << "false";
|
2011-09-15 09:08:34 +08:00
|
|
|
PathDiagnosticLocation End(B->getLHS(), SMgr, LC);
|
2011-09-17 03:18:30 +08:00
|
|
|
PathDiagnosticLocation Start =
|
2012-08-30 05:22:37 +08:00
|
|
|
PathDiagnosticLocation::createOperatorLoc(B, SMgr);
|
|
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-09-09 23:08:12 +08:00
|
|
|
}
|
2009-03-29 01:33:57 +08:00
|
|
|
else {
|
|
|
|
|
os << "true";
|
2011-09-15 09:08:34 +08:00
|
|
|
PathDiagnosticLocation Start(B->getLHS(), SMgr, LC);
|
2009-03-29 01:33:57 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-09-09 23:08:12 +08:00
|
|
|
}
|
2009-03-27 13:06:10 +08:00
|
|
|
}
|
|
|
|
|
else {
|
2010-08-25 19:45:40 +08:00
|
|
|
assert(B->getOpcode() == BO_LOr);
|
2009-03-29 01:33:57 +08:00
|
|
|
os << "||" << "' is ";
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-29 01:33:57 +08:00
|
|
|
if (*(Src->succ_begin()+1) == Dst) {
|
|
|
|
|
os << "false";
|
2011-09-15 09:08:34 +08:00
|
|
|
PathDiagnosticLocation Start(B->getLHS(), SMgr, LC);
|
2009-03-29 01:33:57 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-03-29 01:33:57 +08:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
os << "true";
|
2011-09-15 09:08:34 +08:00
|
|
|
PathDiagnosticLocation End(B->getLHS(), SMgr, LC);
|
2011-09-17 03:18:30 +08:00
|
|
|
PathDiagnosticLocation Start =
|
2012-08-30 05:22:37 +08:00
|
|
|
PathDiagnosticLocation::createOperatorLoc(B, SMgr);
|
|
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-03-29 01:33:57 +08:00
|
|
|
}
|
2009-03-27 13:06:10 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-04-08 07:35:17 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
case Stmt::DoStmtClass: {
|
2008-04-08 07:35:17 +08:00
|
|
|
if (*(Src->succ_begin()) == Dst) {
|
2009-02-11 07:56:07 +08:00
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2008-09-13 02:17:46 +08:00
|
|
|
os << "Loop condition is true. ";
|
2009-03-28 05:16:25 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(os, N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 05:16:25 +08:00
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-03-13 02:41:53 +08:00
|
|
|
}
|
|
|
|
|
else {
|
2009-03-28 04:55:39 +08:00
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-03-28 05:16:25 +08:00
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, "Loop condition is false. Exiting loop"));
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
case Stmt::WhileStmtClass:
|
2009-09-09 23:08:12 +08:00
|
|
|
case Stmt::ForStmtClass: {
|
2009-04-01 07:00:32 +08:00
|
|
|
if (*(Src->succ_begin()+1) == Dst) {
|
|
|
|
|
std::string sbuf;
|
|
|
|
|
llvm::raw_string_ostream os(sbuf);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
os << "Loop condition is false. ";
|
|
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(os, N);
|
|
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, os.str()));
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
|
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, "Loop condition is true. Entering loop body"));
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
case Stmt::IfStmtClass: {
|
|
|
|
|
PathDiagnosticLocation End = PDB.ExecutionContinues(N);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (const Stmt *S = End.asStmt())
|
|
|
|
|
End = PDB.getEnclosingStmtLocation(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (*(Src->succ_begin()+1) == Dst)
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, "Taking false branch"));
|
2009-09-09 23:08:12 +08:00
|
|
|
else
|
2012-08-30 05:22:37 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(
|
|
|
|
|
Start, End, "Taking true branch"));
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2012-08-30 05:22:37 +08:00
|
|
|
}
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2012-08-30 05:22:37 +08:00
|
|
|
} while(0);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
if (NextNode) {
|
2011-08-19 06:37:56 +08:00
|
|
|
// Add diagnostic pieces from custom visitors.
|
|
|
|
|
BugReport *R = PDB.getBugReport();
|
2014-09-05 07:54:33 +08:00
|
|
|
for (auto &V : visitors) {
|
|
|
|
|
if (PathDiagnosticPiece *p = V->VisitNode(N, NextNode, PDB, *R)) {
|
2012-02-24 14:00:00 +08:00
|
|
|
PD.getActivePath().push_front(p);
|
2012-03-16 05:13:02 +08:00
|
|
|
updateStackPiecesWithMessage(p, CallStack);
|
|
|
|
|
}
|
2009-05-07 08:45:33 +08:00
|
|
|
}
|
2009-05-07 05:39:49 +08:00
|
|
|
}
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-09-22 09:24:53 +08:00
|
|
|
if (!PDB.getBugReport()->isValid())
|
|
|
|
|
return false;
|
|
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
// After constructing the full PathDiagnostic, do a pass over it to compact
|
|
|
|
|
// PathDiagnosticPieces that occur within a macro.
|
2012-03-02 09:27:31 +08:00
|
|
|
CompactPathDiagnostic(PD.getMutablePieces(), PDB.getSourceManager());
|
2012-09-22 09:24:53 +08:00
|
|
|
return true;
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
2009-04-01 14:13:56 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// "Extensive" PathDiagnostic generation.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
static bool IsControlFlowExpr(const Stmt *S) {
|
|
|
|
|
const Expr *E = dyn_cast<Expr>(S);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 14:13:56 +08:00
|
|
|
if (!E)
|
|
|
|
|
return false;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
E = E->IgnoreParenCasts();
|
|
|
|
|
|
2011-02-17 18:25:35 +08:00
|
|
|
if (isa<AbstractConditionalOperator>(E))
|
2009-04-01 14:13:56 +08:00
|
|
|
return true;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 14:13:56 +08:00
|
|
|
if (const BinaryOperator *B = dyn_cast<BinaryOperator>(E))
|
|
|
|
|
if (B->isLogicalOp())
|
|
|
|
|
return true;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
return false;
|
2009-04-01 14:13:56 +08:00
|
|
|
}
|
|
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
namespace {
|
2009-11-28 14:07:30 +08:00
|
|
|
class ContextLocation : public PathDiagnosticLocation {
|
2009-05-02 00:08:09 +08:00
|
|
|
bool IsDead;
|
|
|
|
|
public:
|
|
|
|
|
ContextLocation(const PathDiagnosticLocation &L, bool isdead = false)
|
|
|
|
|
: PathDiagnosticLocation(L), IsDead(isdead) {}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
void markDead() { IsDead = true; }
|
2009-05-02 00:08:09 +08:00
|
|
|
bool isDead() const { return IsDead; }
|
|
|
|
|
};
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-05-03 09:16:26 +08:00
|
|
|
static PathDiagnosticLocation cleanUpLocation(PathDiagnosticLocation L,
|
|
|
|
|
const LocationContext *LC,
|
|
|
|
|
bool firstCharOnly = false) {
|
|
|
|
|
if (const Stmt *S = L.asStmt()) {
|
|
|
|
|
const Stmt *Original = S;
|
|
|
|
|
while (1) {
|
|
|
|
|
// Adjust the location for some expressions that are best referenced
|
|
|
|
|
// by one of their subexpressions.
|
|
|
|
|
switch (S->getStmtClass()) {
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
case Stmt::ParenExprClass:
|
|
|
|
|
case Stmt::GenericSelectionExprClass:
|
|
|
|
|
S = cast<Expr>(S)->IgnoreParens();
|
|
|
|
|
firstCharOnly = true;
|
|
|
|
|
continue;
|
|
|
|
|
case Stmt::BinaryConditionalOperatorClass:
|
|
|
|
|
case Stmt::ConditionalOperatorClass:
|
|
|
|
|
S = cast<AbstractConditionalOperator>(S)->getCond();
|
|
|
|
|
firstCharOnly = true;
|
|
|
|
|
continue;
|
|
|
|
|
case Stmt::ChooseExprClass:
|
|
|
|
|
S = cast<ChooseExpr>(S)->getCond();
|
|
|
|
|
firstCharOnly = true;
|
|
|
|
|
continue;
|
|
|
|
|
case Stmt::BinaryOperatorClass:
|
|
|
|
|
S = cast<BinaryOperator>(S)->getLHS();
|
|
|
|
|
firstCharOnly = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (S != Original)
|
|
|
|
|
L = PathDiagnosticLocation(S, L.getManager(), LC);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (firstCharOnly)
|
|
|
|
|
L = PathDiagnosticLocation::createSingleLocation(L);
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2013-05-03 09:16:26 +08:00
|
|
|
return L;
|
|
|
|
|
}
|
|
|
|
|
|
2009-11-28 14:07:30 +08:00
|
|
|
class EdgeBuilder {
|
2009-05-02 00:08:09 +08:00
|
|
|
std::vector<ContextLocation> CLocs;
|
|
|
|
|
typedef std::vector<ContextLocation>::iterator iterator;
|
2009-04-07 07:06:54 +08:00
|
|
|
PathDiagnostic &PD;
|
|
|
|
|
PathDiagnosticBuilder &PDB;
|
|
|
|
|
PathDiagnosticLocation PrevLoc;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-02 00:08:09 +08:00
|
|
|
bool IsConsumedExpr(const PathDiagnosticLocation &L);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
bool containsLocation(const PathDiagnosticLocation &Container,
|
|
|
|
|
const PathDiagnosticLocation &Containee);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
PathDiagnosticLocation getContextLocation(const PathDiagnosticLocation &L);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
void popLocation() {
|
2009-05-02 00:08:09 +08:00
|
|
|
if (!CLocs.back().isDead() && CLocs.back().asLocation().isFileID()) {
|
2009-04-23 04:36:26 +08:00
|
|
|
// For contexts, we only one the first character as the range.
|
2013-05-03 09:16:26 +08:00
|
|
|
rawAddEdge(cleanUpLocation(CLocs.back(), PDB.LC, true));
|
2009-04-23 04:36:26 +08:00
|
|
|
}
|
2009-04-07 07:06:54 +08:00
|
|
|
CLocs.pop_back();
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
public:
|
|
|
|
|
EdgeBuilder(PathDiagnostic &pd, PathDiagnosticBuilder &pdb)
|
|
|
|
|
: PD(pd), PDB(pdb) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-23 02:16:20 +08:00
|
|
|
// If the PathDiagnostic already has pieces, add the enclosing statement
|
|
|
|
|
// of the first piece as a context as well.
|
2012-02-08 12:32:34 +08:00
|
|
|
if (!PD.path.empty()) {
|
2013-04-30 07:12:59 +08:00
|
|
|
PrevLoc = (*PD.path.begin())->getLocation();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
if (const Stmt *S = PrevLoc.asStmt())
|
2009-05-06 07:13:38 +08:00
|
|
|
addExtendedContext(PDB.getEnclosingStmtLocation(S).asStmt());
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
~EdgeBuilder() {
|
|
|
|
|
while (!CLocs.empty()) popLocation();
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-04-23 02:16:20 +08:00
|
|
|
// Finally, add an initial edge from the start location of the first
|
|
|
|
|
// statement (if it doesn't already exist).
|
2011-09-17 03:18:30 +08:00
|
|
|
PathDiagnosticLocation L = PathDiagnosticLocation::createDeclBegin(
|
2012-02-24 15:12:52 +08:00
|
|
|
PDB.LC,
|
2011-09-17 03:18:30 +08:00
|
|
|
PDB.getSourceManager());
|
|
|
|
|
if (L.isValid())
|
|
|
|
|
rawAddEdge(L);
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
2012-02-07 10:26:17 +08:00
|
|
|
void flushLocations() {
|
|
|
|
|
while (!CLocs.empty())
|
|
|
|
|
popLocation();
|
|
|
|
|
PrevLoc = PathDiagnosticLocation();
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
void addEdge(PathDiagnosticLocation NewLoc, bool alwaysAdd = false,
|
|
|
|
|
bool IsPostJump = false);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-28 12:23:15 +08:00
|
|
|
void rawAddEdge(PathDiagnosticLocation NewLoc);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
void addContext(const Stmt *S);
|
2012-07-27 04:04:05 +08:00
|
|
|
void addContext(const PathDiagnosticLocation &L);
|
2009-05-06 07:13:38 +08:00
|
|
|
void addExtendedContext(const Stmt *S);
|
2009-09-09 23:08:12 +08:00
|
|
|
};
|
2009-04-07 07:06:54 +08:00
|
|
|
} // end anonymous namespace
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
PathDiagnosticLocation
|
|
|
|
|
EdgeBuilder::getContextLocation(const PathDiagnosticLocation &L) {
|
|
|
|
|
if (const Stmt *S = L.asStmt()) {
|
|
|
|
|
if (IsControlFlowExpr(S))
|
|
|
|
|
return L;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
return PDB.getEnclosingStmtLocation(S);
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
return L;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool EdgeBuilder::containsLocation(const PathDiagnosticLocation &Container,
|
|
|
|
|
const PathDiagnosticLocation &Containee) {
|
|
|
|
|
|
|
|
|
|
if (Container == Containee)
|
|
|
|
|
return true;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
if (Container.asDecl())
|
|
|
|
|
return true;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
if (const Stmt *S = Containee.asStmt())
|
|
|
|
|
if (const Stmt *ContainerS = Container.asStmt()) {
|
|
|
|
|
while (S) {
|
|
|
|
|
if (S == ContainerS)
|
|
|
|
|
return true;
|
|
|
|
|
S = PDB.getParent(S);
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Less accurate: compare using source ranges.
|
|
|
|
|
SourceRange ContainerR = Container.asRange();
|
|
|
|
|
SourceRange ContaineeR = Containee.asRange();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
SourceManager &SM = PDB.getSourceManager();
|
2011-07-26 00:49:02 +08:00
|
|
|
SourceLocation ContainerRBeg = SM.getExpansionLoc(ContainerR.getBegin());
|
|
|
|
|
SourceLocation ContainerREnd = SM.getExpansionLoc(ContainerR.getEnd());
|
|
|
|
|
SourceLocation ContaineeRBeg = SM.getExpansionLoc(ContaineeR.getBegin());
|
|
|
|
|
SourceLocation ContaineeREnd = SM.getExpansionLoc(ContaineeR.getEnd());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-07-26 05:09:52 +08:00
|
|
|
unsigned ContainerBegLine = SM.getExpansionLineNumber(ContainerRBeg);
|
|
|
|
|
unsigned ContainerEndLine = SM.getExpansionLineNumber(ContainerREnd);
|
|
|
|
|
unsigned ContaineeBegLine = SM.getExpansionLineNumber(ContaineeRBeg);
|
|
|
|
|
unsigned ContaineeEndLine = SM.getExpansionLineNumber(ContaineeREnd);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
assert(ContainerBegLine <= ContainerEndLine);
|
2009-09-09 23:08:12 +08:00
|
|
|
assert(ContaineeBegLine <= ContaineeEndLine);
|
|
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
return (ContainerBegLine <= ContaineeBegLine &&
|
|
|
|
|
ContainerEndLine >= ContaineeEndLine &&
|
|
|
|
|
(ContainerBegLine != ContaineeBegLine ||
|
2011-07-26 04:57:57 +08:00
|
|
|
SM.getExpansionColumnNumber(ContainerRBeg) <=
|
|
|
|
|
SM.getExpansionColumnNumber(ContaineeRBeg)) &&
|
2009-04-07 07:06:54 +08:00
|
|
|
(ContainerEndLine != ContaineeEndLine ||
|
2011-07-26 04:57:57 +08:00
|
|
|
SM.getExpansionColumnNumber(ContainerREnd) >=
|
2012-03-28 13:24:50 +08:00
|
|
|
SM.getExpansionColumnNumber(ContaineeREnd)));
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void EdgeBuilder::rawAddEdge(PathDiagnosticLocation NewLoc) {
|
|
|
|
|
if (!PrevLoc.isValid()) {
|
|
|
|
|
PrevLoc = NewLoc;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-05-03 09:16:26 +08:00
|
|
|
const PathDiagnosticLocation &NewLocClean = cleanUpLocation(NewLoc, PDB.LC);
|
|
|
|
|
const PathDiagnosticLocation &PrevLocClean = cleanUpLocation(PrevLoc, PDB.LC);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-09-21 08:09:11 +08:00
|
|
|
if (PrevLocClean.asLocation().isInvalid()) {
|
|
|
|
|
PrevLoc = NewLoc;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-05-12 03:50:47 +08:00
|
|
|
if (NewLocClean.asLocation() == PrevLocClean.asLocation())
|
2009-04-07 07:06:54 +08:00
|
|
|
return;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
// FIXME: Ignore intra-macro edges for now.
|
2011-07-26 00:49:02 +08:00
|
|
|
if (NewLocClean.asLocation().getExpansionLoc() ==
|
|
|
|
|
PrevLocClean.asLocation().getExpansionLoc())
|
2009-04-07 07:06:54 +08:00
|
|
|
return;
|
|
|
|
|
|
2012-02-24 14:00:00 +08:00
|
|
|
PD.getActivePath().push_front(new PathDiagnosticControlFlowPiece(NewLocClean, PrevLocClean));
|
2009-05-12 03:50:47 +08:00
|
|
|
PrevLoc = NewLoc;
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
void EdgeBuilder::addEdge(PathDiagnosticLocation NewLoc, bool alwaysAdd,
|
|
|
|
|
bool IsPostJump) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-23 02:16:20 +08:00
|
|
|
if (!alwaysAdd && NewLoc.asLocation().isMacroID())
|
|
|
|
|
return;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
const PathDiagnosticLocation &CLoc = getContextLocation(NewLoc);
|
|
|
|
|
|
|
|
|
|
while (!CLocs.empty()) {
|
2009-05-02 00:08:09 +08:00
|
|
|
ContextLocation &TopContextLoc = CLocs.back();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
// Is the top location context the same as the one for the new location?
|
|
|
|
|
if (TopContextLoc == CLoc) {
|
2009-05-02 00:08:09 +08:00
|
|
|
if (alwaysAdd) {
|
2013-04-12 08:44:01 +08:00
|
|
|
if (IsConsumedExpr(TopContextLoc))
|
|
|
|
|
TopContextLoc.markDead();
|
2009-05-02 00:08:09 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
rawAddEdge(NewLoc);
|
2009-05-02 00:08:09 +08:00
|
|
|
}
|
2009-04-07 07:06:54 +08:00
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
if (IsPostJump)
|
|
|
|
|
TopContextLoc.markDead();
|
2009-04-07 07:06:54 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (containsLocation(TopContextLoc, CLoc)) {
|
2009-05-02 00:08:09 +08:00
|
|
|
if (alwaysAdd) {
|
2009-04-07 07:06:54 +08:00
|
|
|
rawAddEdge(NewLoc);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
if (IsConsumedExpr(CLoc)) {
|
|
|
|
|
CLocs.push_back(ContextLocation(CLoc, /*IsDead=*/true));
|
2009-05-02 00:08:09 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
CLocs.push_back(ContextLocation(CLoc, /*IsDead=*/IsPostJump));
|
2009-09-09 23:08:12 +08:00
|
|
|
return;
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Context does not contain the location. Flush it.
|
|
|
|
|
popLocation();
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-23 04:36:26 +08:00
|
|
|
// If we reach here, there is no enclosing context. Just add the edge.
|
|
|
|
|
rawAddEdge(NewLoc);
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
2009-05-02 00:08:09 +08:00
|
|
|
bool EdgeBuilder::IsConsumedExpr(const PathDiagnosticLocation &L) {
|
|
|
|
|
if (const Expr *X = dyn_cast_or_null<Expr>(L.asStmt()))
|
|
|
|
|
return PDB.getParentMap().isConsumedExpr(X) && !IsControlFlowExpr(X);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-02 00:08:09 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-06 07:13:38 +08:00
|
|
|
void EdgeBuilder::addExtendedContext(const Stmt *S) {
|
|
|
|
|
if (!S)
|
|
|
|
|
return;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
const Stmt *Parent = PDB.getParent(S);
|
2009-05-06 07:13:38 +08:00
|
|
|
while (Parent) {
|
|
|
|
|
if (isa<CompoundStmt>(Parent))
|
|
|
|
|
Parent = PDB.getParent(Parent);
|
|
|
|
|
else
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (Parent) {
|
|
|
|
|
switch (Parent->getStmtClass()) {
|
|
|
|
|
case Stmt::DoStmtClass:
|
|
|
|
|
case Stmt::ObjCAtSynchronizedStmtClass:
|
|
|
|
|
addContext(Parent);
|
|
|
|
|
default:
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-06 07:13:38 +08:00
|
|
|
addContext(S);
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-07 07:06:54 +08:00
|
|
|
void EdgeBuilder::addContext(const Stmt *S) {
|
|
|
|
|
if (!S)
|
|
|
|
|
return;
|
|
|
|
|
|
2012-02-24 15:12:52 +08:00
|
|
|
PathDiagnosticLocation L(S, PDB.getSourceManager(), PDB.LC);
|
2012-07-27 04:04:05 +08:00
|
|
|
addContext(L);
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-07-27 04:04:05 +08:00
|
|
|
void EdgeBuilder::addContext(const PathDiagnosticLocation &L) {
|
2009-04-07 07:06:54 +08:00
|
|
|
while (!CLocs.empty()) {
|
|
|
|
|
const PathDiagnosticLocation &TopContextLoc = CLocs.back();
|
|
|
|
|
|
|
|
|
|
// Is the top location context the same as the one for the new location?
|
|
|
|
|
if (TopContextLoc == L)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (containsLocation(TopContextLoc, L)) {
|
|
|
|
|
CLocs.push_back(L);
|
2009-09-09 23:08:12 +08:00
|
|
|
return;
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Context does not contain the location. Flush it.
|
|
|
|
|
popLocation();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CLocs.push_back(L);
|
|
|
|
|
}
|
|
|
|
|
|
2012-05-02 08:31:29 +08:00
|
|
|
// Cone-of-influence: support the reverse propagation of "interesting" symbols
|
|
|
|
|
// and values by tracing interesting calculations backwards through evaluated
|
|
|
|
|
// expressions along a path. This is probably overly complicated, but the idea
|
|
|
|
|
// is that if an expression computed an "interesting" value, the child
|
|
|
|
|
// expressions are are also likely to be "interesting" as well (which then
|
|
|
|
|
// propagates to the values they in turn compute). This reverse propagation
|
|
|
|
|
// is needed to track interesting correlations across function call boundaries,
|
|
|
|
|
// where formal arguments bind to actual arguments, etc. This is also needed
|
|
|
|
|
// because the constraint solver sometimes simplifies certain symbolic values
|
|
|
|
|
// into constants when appropriate, and this complicates reasoning about
|
|
|
|
|
// interesting values.
|
|
|
|
|
typedef llvm::DenseSet<const Expr *> InterestingExprs;
|
|
|
|
|
|
|
|
|
|
static void reversePropagateIntererstingSymbols(BugReport &R,
|
|
|
|
|
InterestingExprs &IE,
|
|
|
|
|
const ProgramState *State,
|
|
|
|
|
const Expr *Ex,
|
|
|
|
|
const LocationContext *LCtx) {
|
|
|
|
|
SVal V = State->getSVal(Ex, LCtx);
|
|
|
|
|
if (!(R.isInteresting(V) || IE.count(Ex)))
|
|
|
|
|
return;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-05-02 08:31:29 +08:00
|
|
|
switch (Ex->getStmtClass()) {
|
|
|
|
|
default:
|
|
|
|
|
if (!isa<CastExpr>(Ex))
|
|
|
|
|
break;
|
|
|
|
|
// Fall through.
|
|
|
|
|
case Stmt::BinaryOperatorClass:
|
|
|
|
|
case Stmt::UnaryOperatorClass: {
|
2015-07-03 23:12:24 +08:00
|
|
|
for (const Stmt *SubStmt : Ex->children()) {
|
|
|
|
|
if (const Expr *child = dyn_cast_or_null<Expr>(SubStmt)) {
|
2012-05-02 08:31:29 +08:00
|
|
|
IE.insert(child);
|
|
|
|
|
SVal ChildV = State->getSVal(child, LCtx);
|
|
|
|
|
R.markInteresting(ChildV);
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-03-21 02:47:47 +08:00
|
|
|
break;
|
2012-05-02 08:31:29 +08:00
|
|
|
}
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-05-02 08:31:29 +08:00
|
|
|
R.markInteresting(V);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void reversePropagateInterestingSymbols(BugReport &R,
|
|
|
|
|
InterestingExprs &IE,
|
|
|
|
|
const ProgramState *State,
|
|
|
|
|
const LocationContext *CalleeCtx,
|
|
|
|
|
const LocationContext *CallerCtx)
|
|
|
|
|
{
|
2012-07-11 06:07:52 +08:00
|
|
|
// FIXME: Handle non-CallExpr-based CallEvents.
|
2012-05-02 08:31:29 +08:00
|
|
|
const StackFrameContext *Callee = CalleeCtx->getCurrentStackFrame();
|
|
|
|
|
const Stmt *CallSite = Callee->getCallSite();
|
2012-07-11 06:07:52 +08:00
|
|
|
if (const CallExpr *CE = dyn_cast_or_null<CallExpr>(CallSite)) {
|
2012-05-02 08:31:29 +08:00
|
|
|
if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(CalleeCtx->getDecl())) {
|
2015-09-08 11:50:52 +08:00
|
|
|
FunctionDecl::param_const_iterator PI = FD->param_begin(),
|
2012-05-02 08:31:29 +08:00
|
|
|
PE = FD->param_end();
|
|
|
|
|
CallExpr::const_arg_iterator AI = CE->arg_begin(), AE = CE->arg_end();
|
|
|
|
|
for (; AI != AE && PI != PE; ++AI, ++PI) {
|
|
|
|
|
if (const Expr *ArgE = *AI) {
|
|
|
|
|
if (const ParmVarDecl *PD = *PI) {
|
|
|
|
|
Loc LV = State->getLValue(PD, CalleeCtx);
|
|
|
|
|
if (R.isInteresting(LV) || R.isInteresting(State->getRawSVal(LV)))
|
|
|
|
|
IE.insert(ArgE);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-02-09 03:51:43 +08:00
|
|
|
|
2013-02-22 13:45:33 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Functions for determining if a loop was executed 0 times.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2013-05-07 09:18:10 +08:00
|
|
|
static bool isLoop(const Stmt *Term) {
|
2013-02-09 03:51:43 +08:00
|
|
|
switch (Term->getStmtClass()) {
|
|
|
|
|
case Stmt::ForStmtClass:
|
|
|
|
|
case Stmt::WhileStmtClass:
|
2013-03-14 04:03:31 +08:00
|
|
|
case Stmt::ObjCForCollectionStmtClass:
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
case Stmt::CXXForRangeStmtClass:
|
2013-05-07 09:18:10 +08:00
|
|
|
return true;
|
2013-02-09 03:51:43 +08:00
|
|
|
default:
|
|
|
|
|
// Note that we intentionally do not include do..while here.
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2013-05-07 09:18:10 +08:00
|
|
|
}
|
2013-02-09 03:51:43 +08:00
|
|
|
|
2013-05-07 09:18:10 +08:00
|
|
|
static bool isJumpToFalseBranch(const BlockEdge *BE) {
|
2013-02-09 03:51:43 +08:00
|
|
|
const CFGBlock *Src = BE->getSrc();
|
|
|
|
|
assert(Src->succ_size() == 2);
|
|
|
|
|
return (*(Src->succ_begin()+1) == BE->getDst());
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-07 09:18:10 +08:00
|
|
|
/// Return true if the terminator is a loop and the destination is the
|
|
|
|
|
/// false branch.
|
|
|
|
|
static bool isLoopJumpPastBody(const Stmt *Term, const BlockEdge *BE) {
|
|
|
|
|
if (!isLoop(Term))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
// Did we take the false branch?
|
|
|
|
|
return isJumpToFalseBranch(BE);
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-22 13:45:33 +08:00
|
|
|
static bool isContainedByStmt(ParentMap &PM, const Stmt *S, const Stmt *SubS) {
|
|
|
|
|
while (SubS) {
|
|
|
|
|
if (SubS == S)
|
|
|
|
|
return true;
|
|
|
|
|
SubS = PM.getParent(SubS);
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const Stmt *getStmtBeforeCond(ParentMap &PM, const Stmt *Term,
|
|
|
|
|
const ExplodedNode *N) {
|
|
|
|
|
while (N) {
|
|
|
|
|
Optional<StmtPoint> SP = N->getLocation().getAs<StmtPoint>();
|
|
|
|
|
if (SP) {
|
|
|
|
|
const Stmt *S = SP->getStmt();
|
|
|
|
|
if (!isContainedByStmt(PM, Term, S))
|
|
|
|
|
return S;
|
|
|
|
|
}
|
2013-04-24 07:57:43 +08:00
|
|
|
N = N->getFirstPred();
|
2013-02-22 13:45:33 +08:00
|
|
|
}
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2013-02-22 13:45:33 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool isInLoopBody(ParentMap &PM, const Stmt *S, const Stmt *Term) {
|
2014-05-27 10:45:47 +08:00
|
|
|
const Stmt *LoopBody = nullptr;
|
2013-02-22 13:45:33 +08:00
|
|
|
switch (Term->getStmtClass()) {
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
case Stmt::CXXForRangeStmtClass: {
|
|
|
|
|
const CXXForRangeStmt *FR = cast<CXXForRangeStmt>(Term);
|
|
|
|
|
if (isContainedByStmt(PM, FR->getInc(), S))
|
|
|
|
|
return true;
|
|
|
|
|
if (isContainedByStmt(PM, FR->getLoopVarStmt(), S))
|
|
|
|
|
return true;
|
|
|
|
|
LoopBody = FR->getBody();
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-02-22 13:45:33 +08:00
|
|
|
case Stmt::ForStmtClass: {
|
|
|
|
|
const ForStmt *FS = cast<ForStmt>(Term);
|
|
|
|
|
if (isContainedByStmt(PM, FS->getInc(), S))
|
|
|
|
|
return true;
|
|
|
|
|
LoopBody = FS->getBody();
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-03-14 04:03:31 +08:00
|
|
|
case Stmt::ObjCForCollectionStmtClass: {
|
|
|
|
|
const ObjCForCollectionStmt *FC = cast<ObjCForCollectionStmt>(Term);
|
|
|
|
|
LoopBody = FC->getBody();
|
|
|
|
|
break;
|
|
|
|
|
}
|
2013-02-22 13:45:33 +08:00
|
|
|
case Stmt::WhileStmtClass:
|
|
|
|
|
LoopBody = cast<WhileStmt>(Term)->getBody();
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return isContainedByStmt(PM, LoopBody, S);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Top-level logic for generating extensive path diagnostics.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
static bool GenerateExtensivePathDiagnostic(
|
|
|
|
|
PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N,
|
|
|
|
|
LocationContextMap &LCM,
|
|
|
|
|
ArrayRef<std::unique_ptr<BugReporterVisitor>> visitors) {
|
2009-04-07 07:06:54 +08:00
|
|
|
EdgeBuilder EB(PD, PDB);
|
2011-09-17 03:18:30 +08:00
|
|
|
const SourceManager& SM = PDB.getSourceManager();
|
2012-03-17 07:24:20 +08:00
|
|
|
StackDiagVector CallStack;
|
2012-05-02 08:31:29 +08:00
|
|
|
InterestingExprs IE;
|
2009-04-07 07:06:54 +08:00
|
|
|
|
2014-05-27 10:45:47 +08:00
|
|
|
const ExplodedNode *NextNode = N->pred_empty() ? nullptr : *(N->pred_begin());
|
2009-04-07 07:06:54 +08:00
|
|
|
while (NextNode) {
|
|
|
|
|
N = NextNode;
|
2013-04-24 07:57:43 +08:00
|
|
|
NextNode = N->getFirstPred();
|
2009-04-07 07:06:54 +08:00
|
|
|
ProgramPoint P = N->getLocation();
|
|
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
do {
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<PostStmt> PS = P.getAs<PostStmt>()) {
|
2012-05-02 08:31:29 +08:00
|
|
|
if (const Expr *Ex = PS->getStmtAs<Expr>())
|
|
|
|
|
reversePropagateIntererstingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(), Ex,
|
2012-05-02 08:31:29 +08:00
|
|
|
N->getLocationContext());
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<CallExitEnd> CE = P.getAs<CallExitEnd>()) {
|
2012-07-27 04:04:05 +08:00
|
|
|
const Stmt *S = CE->getCalleeContext()->getCallSite();
|
|
|
|
|
if (const Expr *Ex = dyn_cast_or_null<Expr>(S)) {
|
2012-07-11 06:07:52 +08:00
|
|
|
reversePropagateIntererstingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(), Ex,
|
2012-07-11 06:07:52 +08:00
|
|
|
N->getLocationContext());
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-07-27 04:04:05 +08:00
|
|
|
PathDiagnosticCallPiece *C =
|
|
|
|
|
PathDiagnosticCallPiece::construct(N, *CE, SM);
|
2013-05-04 09:13:01 +08:00
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
2012-07-27 04:04:05 +08:00
|
|
|
|
2013-04-12 08:44:01 +08:00
|
|
|
EB.addEdge(C->callReturn, /*AlwaysAdd=*/true, /*IsPostJump=*/true);
|
2012-07-27 04:04:05 +08:00
|
|
|
EB.flushLocations();
|
|
|
|
|
|
|
|
|
|
PD.getActivePath().push_front(C);
|
|
|
|
|
PD.pushActivePath(&C->path);
|
|
|
|
|
CallStack.push_back(StackDiagPair(C, N));
|
2012-02-07 10:26:17 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-02-24 14:00:00 +08:00
|
|
|
// Pop the call hierarchy if we are done walking the contents
|
|
|
|
|
// of a function call.
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<CallEnter> CE = P.getAs<CallEnter>()) {
|
2012-03-06 09:25:01 +08:00
|
|
|
// Add an edge to the start of the function.
|
|
|
|
|
const Decl *D = CE->getCalleeContext()->getDecl();
|
|
|
|
|
PathDiagnosticLocation pos =
|
|
|
|
|
PathDiagnosticLocation::createBegin(D, SM);
|
|
|
|
|
EB.addEdge(pos);
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-03-06 09:25:01 +08:00
|
|
|
// Flush all locations, and pop the active path.
|
2012-07-27 04:04:05 +08:00
|
|
|
bool VisitedEntireCall = PD.isWithinCall();
|
2012-03-03 05:16:22 +08:00
|
|
|
EB.flushLocations();
|
2012-02-24 14:00:00 +08:00
|
|
|
PD.popActivePath();
|
2012-03-03 05:16:22 +08:00
|
|
|
PDB.LC = N->getLocationContext();
|
2012-03-06 09:25:01 +08:00
|
|
|
|
2012-07-27 04:04:05 +08:00
|
|
|
// Either we just added a bunch of stuff to the top-level path, or
|
|
|
|
|
// we have a previous CallExitEnd. If the former, it means that the
|
2012-02-24 14:00:00 +08:00
|
|
|
// path terminated within a function call. We must then take the
|
|
|
|
|
// current contents of the active path and place it within
|
|
|
|
|
// a new PathDiagnosticCallPiece.
|
2012-07-27 04:04:05 +08:00
|
|
|
PathDiagnosticCallPiece *C;
|
|
|
|
|
if (VisitedEntireCall) {
|
|
|
|
|
C = cast<PathDiagnosticCallPiece>(PD.getActivePath().front());
|
|
|
|
|
} else {
|
|
|
|
|
const Decl *Caller = CE->getLocationContext()->getDecl();
|
2012-03-15 02:58:28 +08:00
|
|
|
C = PathDiagnosticCallPiece::construct(PD.getActivePath(), Caller);
|
2013-05-04 09:13:01 +08:00
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
2012-03-15 02:58:28 +08:00
|
|
|
}
|
2012-07-11 06:07:52 +08:00
|
|
|
|
2012-07-27 04:04:05 +08:00
|
|
|
C->setCallee(*CE, SM);
|
|
|
|
|
EB.addContext(C->getLocation());
|
2012-03-16 05:13:02 +08:00
|
|
|
|
|
|
|
|
if (!CallStack.empty()) {
|
2012-03-17 07:24:20 +08:00
|
|
|
assert(CallStack.back().first == C);
|
2012-03-16 05:13:02 +08:00
|
|
|
CallStack.pop_back();
|
|
|
|
|
}
|
2012-02-24 14:00:00 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-03-03 05:16:22 +08:00
|
|
|
// Note that is important that we update the LocationContext
|
|
|
|
|
// after looking at CallExits. CallExit basically adds an
|
|
|
|
|
// edge in the *caller*, so we don't want to update the LocationContext
|
|
|
|
|
// too soon.
|
|
|
|
|
PDB.LC = N->getLocationContext();
|
2012-02-07 10:26:17 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
// Block edges.
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<BlockEdge> BE = P.getAs<BlockEdge>()) {
|
2012-05-02 08:31:29 +08:00
|
|
|
// Does this represent entering a call? If so, look at propagating
|
|
|
|
|
// interesting symbols across call boundaries.
|
|
|
|
|
if (NextNode) {
|
|
|
|
|
const LocationContext *CallerCtx = NextNode->getLocationContext();
|
|
|
|
|
const LocationContext *CalleeCtx = PDB.LC;
|
|
|
|
|
if (CallerCtx != CalleeCtx) {
|
|
|
|
|
reversePropagateInterestingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(),
|
2012-05-02 08:31:29 +08:00
|
|
|
CalleeCtx, CallerCtx);
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
// Are we jumping to the head of a loop? Add a special diagnostic.
|
2012-09-12 14:22:18 +08:00
|
|
|
if (const Stmt *Loop = BE->getSrc()->getLoopTarget()) {
|
2012-02-24 15:12:52 +08:00
|
|
|
PathDiagnosticLocation L(Loop, SM, PDB.LC);
|
2014-05-27 10:45:47 +08:00
|
|
|
const CompoundStmt *CS = nullptr;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-09-12 14:22:18 +08:00
|
|
|
if (const ForStmt *FS = dyn_cast<ForStmt>(Loop))
|
|
|
|
|
CS = dyn_cast<CompoundStmt>(FS->getBody());
|
|
|
|
|
else if (const WhileStmt *WS = dyn_cast<WhileStmt>(Loop))
|
|
|
|
|
CS = dyn_cast<CompoundStmt>(WS->getBody());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
PathDiagnosticEventPiece *p =
|
|
|
|
|
new PathDiagnosticEventPiece(L,
|
2009-05-15 10:46:13 +08:00
|
|
|
"Looping back to the head of the loop");
|
2012-03-06 09:00:36 +08:00
|
|
|
p->setPrunable(true);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
EB.addEdge(p->getLocation(), true);
|
2012-02-24 14:00:00 +08:00
|
|
|
PD.getActivePath().push_front(p);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-15 09:50:15 +08:00
|
|
|
if (CS) {
|
2011-09-17 03:18:30 +08:00
|
|
|
PathDiagnosticLocation BL =
|
|
|
|
|
PathDiagnosticLocation::createEndBrace(CS, SM);
|
2009-05-15 10:46:13 +08:00
|
|
|
EB.addEdge(BL);
|
2009-05-07 08:45:33 +08:00
|
|
|
}
|
2009-04-28 12:23:15 +08:00
|
|
|
}
|
2013-02-09 03:51:43 +08:00
|
|
|
|
2013-02-22 13:45:33 +08:00
|
|
|
const CFGBlock *BSrc = BE->getSrc();
|
|
|
|
|
ParentMap &PM = PDB.getParentMap();
|
|
|
|
|
|
|
|
|
|
if (const Stmt *Term = BSrc->getTerminator()) {
|
2013-02-09 03:51:43 +08:00
|
|
|
// Are we jumping past the loop body without ever executing the
|
|
|
|
|
// loop (because the condition was false)?
|
2013-02-22 06:23:56 +08:00
|
|
|
if (isLoopJumpPastBody(Term, &*BE) &&
|
2013-02-22 13:45:33 +08:00
|
|
|
!isInLoopBody(PM,
|
|
|
|
|
getStmtBeforeCond(PM,
|
|
|
|
|
BSrc->getTerminatorCondition(),
|
|
|
|
|
N),
|
|
|
|
|
Term)) {
|
2013-02-09 03:51:43 +08:00
|
|
|
PathDiagnosticLocation L(Term, SM, PDB.LC);
|
|
|
|
|
PathDiagnosticEventPiece *PE =
|
2013-02-22 13:45:33 +08:00
|
|
|
new PathDiagnosticEventPiece(L, "Loop body executed 0 times");
|
2013-02-09 03:51:43 +08:00
|
|
|
PE->setPrunable(true);
|
|
|
|
|
|
|
|
|
|
EB.addEdge(PE->getLocation(), true);
|
|
|
|
|
PD.getActivePath().push_front(PE);
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-22 13:45:33 +08:00
|
|
|
// In any case, add the terminator as the current statement
|
|
|
|
|
// context for control edges.
|
2009-05-15 09:50:15 +08:00
|
|
|
EB.addContext(Term);
|
2013-02-09 03:51:43 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
break;
|
2009-04-28 12:23:15 +08:00
|
|
|
}
|
2009-04-07 07:06:54 +08:00
|
|
|
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<BlockEntrance> BE = P.getAs<BlockEntrance>()) {
|
2013-02-23 08:29:34 +08:00
|
|
|
Optional<CFGElement> First = BE->getFirstElement();
|
|
|
|
|
if (Optional<CFGStmt> S = First ? First->getAs<CFGStmt>() : None) {
|
|
|
|
|
const Stmt *stmt = S->getStmt();
|
2011-03-01 11:15:10 +08:00
|
|
|
if (IsControlFlowExpr(stmt)) {
|
2010-09-16 09:25:47 +08:00
|
|
|
// Add the proper context for '&&', '||', and '?'.
|
2011-03-01 11:15:10 +08:00
|
|
|
EB.addContext(stmt);
|
2010-09-16 09:25:47 +08:00
|
|
|
}
|
|
|
|
|
else
|
2011-03-01 11:15:10 +08:00
|
|
|
EB.addExtendedContext(PDB.getEnclosingStmtLocation(stmt).asStmt());
|
2009-05-07 08:45:33 +08:00
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
|
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
} while (0);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-05-07 08:45:33 +08:00
|
|
|
if (!NextNode)
|
2009-04-07 07:06:54 +08:00
|
|
|
continue;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-08-19 06:37:56 +08:00
|
|
|
// Add pieces from custom visitors.
|
|
|
|
|
BugReport *R = PDB.getBugReport();
|
2014-09-05 07:54:33 +08:00
|
|
|
for (auto &V : visitors) {
|
|
|
|
|
if (PathDiagnosticPiece *p = V->VisitNode(N, NextNode, PDB, *R)) {
|
2009-05-07 05:39:49 +08:00
|
|
|
const PathDiagnosticLocation &Loc = p->getLocation();
|
|
|
|
|
EB.addEdge(Loc, true);
|
2012-02-24 14:00:00 +08:00
|
|
|
PD.getActivePath().push_front(p);
|
2012-03-16 05:13:02 +08:00
|
|
|
updateStackPiecesWithMessage(p, CallStack);
|
|
|
|
|
|
2009-05-07 05:39:49 +08:00
|
|
|
if (const Stmt *S = Loc.asStmt())
|
2009-09-09 23:08:12 +08:00
|
|
|
EB.addExtendedContext(PDB.getEnclosingStmtLocation(S).asStmt());
|
2009-05-07 05:39:49 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
}
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
2012-09-22 09:24:53 +08:00
|
|
|
|
|
|
|
|
return PDB.getBugReport()->isValid();
|
2009-04-07 07:06:54 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-04 02:25:33 +08:00
|
|
|
/// \brief Adds a sanitized control-flow diagnostic edge to a path.
|
|
|
|
|
static void addEdgeToPath(PathPieces &path,
|
|
|
|
|
PathDiagnosticLocation &PrevLoc,
|
|
|
|
|
PathDiagnosticLocation NewLoc,
|
|
|
|
|
const LocationContext *LC) {
|
2013-05-04 09:13:01 +08:00
|
|
|
if (!NewLoc.isValid())
|
2013-05-04 02:25:33 +08:00
|
|
|
return;
|
|
|
|
|
|
2013-05-04 09:13:01 +08:00
|
|
|
SourceLocation NewLocL = NewLoc.asLocation();
|
2013-06-08 08:29:24 +08:00
|
|
|
if (NewLocL.isInvalid())
|
2013-05-04 02:25:33 +08:00
|
|
|
return;
|
|
|
|
|
|
2013-05-31 05:30:17 +08:00
|
|
|
if (!PrevLoc.isValid() || !PrevLoc.asLocation().isValid()) {
|
2013-05-04 02:25:33 +08:00
|
|
|
PrevLoc = NewLoc;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-06 08:12:37 +08:00
|
|
|
// Ignore self-edges, which occur when there are multiple nodes at the same
|
|
|
|
|
// statement.
|
|
|
|
|
if (NewLoc.asStmt() && NewLoc.asStmt() == PrevLoc.asStmt())
|
2013-05-04 02:25:33 +08:00
|
|
|
return;
|
|
|
|
|
|
2013-05-04 09:13:01 +08:00
|
|
|
path.push_front(new PathDiagnosticControlFlowPiece(NewLoc,
|
|
|
|
|
PrevLoc));
|
2013-05-04 02:25:33 +08:00
|
|
|
PrevLoc = NewLoc;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-21 08:34:40 +08:00
|
|
|
/// A customized wrapper for CFGBlock::getTerminatorCondition()
|
|
|
|
|
/// which returns the element for ObjCForCollectionStmts.
|
|
|
|
|
static const Stmt *getTerminatorCondition(const CFGBlock *B) {
|
|
|
|
|
const Stmt *S = B->getTerminatorCondition();
|
|
|
|
|
if (const ObjCForCollectionStmt *FS =
|
|
|
|
|
dyn_cast_or_null<ObjCForCollectionStmt>(S))
|
|
|
|
|
return FS->getElement();
|
|
|
|
|
return S;
|
|
|
|
|
}
|
|
|
|
|
|
2013-07-17 02:27:27 +08:00
|
|
|
static const char StrEnteringLoop[] = "Entering loop body";
|
|
|
|
|
static const char StrLoopBodyZero[] = "Loop body executed 0 times";
|
2013-11-08 09:15:30 +08:00
|
|
|
static const char StrLoopRangeEmpty[] =
|
|
|
|
|
"Loop body skipped when range is empty";
|
|
|
|
|
static const char StrLoopCollectionEmpty[] =
|
|
|
|
|
"Loop body skipped when collection is empty";
|
2013-06-01 00:56:54 +08:00
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
static bool GenerateAlternateExtensivePathDiagnostic(
|
|
|
|
|
PathDiagnostic &PD, PathDiagnosticBuilder &PDB, const ExplodedNode *N,
|
|
|
|
|
LocationContextMap &LCM,
|
|
|
|
|
ArrayRef<std::unique_ptr<BugReporterVisitor>> visitors) {
|
2013-05-04 02:25:33 +08:00
|
|
|
|
|
|
|
|
BugReport *report = PDB.getBugReport();
|
|
|
|
|
const SourceManager& SM = PDB.getSourceManager();
|
|
|
|
|
StackDiagVector CallStack;
|
|
|
|
|
InterestingExprs IE;
|
|
|
|
|
|
2013-05-25 05:43:05 +08:00
|
|
|
PathDiagnosticLocation PrevLoc = PD.getLocation();
|
2013-05-04 02:25:33 +08:00
|
|
|
|
|
|
|
|
const ExplodedNode *NextNode = N->getFirstPred();
|
|
|
|
|
while (NextNode) {
|
|
|
|
|
N = NextNode;
|
|
|
|
|
NextNode = N->getFirstPred();
|
|
|
|
|
ProgramPoint P = N->getLocation();
|
|
|
|
|
|
|
|
|
|
do {
|
2013-05-08 05:12:06 +08:00
|
|
|
// Have we encountered an entrance to a call? It may be
|
|
|
|
|
// the case that we have not encountered a matching
|
|
|
|
|
// call exit before this point. This means that the path
|
|
|
|
|
// terminated within the call itself.
|
|
|
|
|
if (Optional<CallEnter> CE = P.getAs<CallEnter>()) {
|
2013-05-31 05:30:17 +08:00
|
|
|
// Add an edge to the start of the function.
|
|
|
|
|
const StackFrameContext *CalleeLC = CE->getCalleeContext();
|
|
|
|
|
const Decl *D = CalleeLC->getDecl();
|
|
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc,
|
|
|
|
|
PathDiagnosticLocation::createBegin(D, SM),
|
|
|
|
|
CalleeLC);
|
|
|
|
|
|
2013-05-08 05:12:06 +08:00
|
|
|
// Did we visit an entire call?
|
|
|
|
|
bool VisitedEntireCall = PD.isWithinCall();
|
|
|
|
|
PD.popActivePath();
|
|
|
|
|
|
|
|
|
|
PathDiagnosticCallPiece *C;
|
|
|
|
|
if (VisitedEntireCall) {
|
2014-07-05 11:08:06 +08:00
|
|
|
PathDiagnosticPiece *P = PD.getActivePath().front().get();
|
2013-05-08 05:12:06 +08:00
|
|
|
C = cast<PathDiagnosticCallPiece>(P);
|
|
|
|
|
} else {
|
|
|
|
|
const Decl *Caller = CE->getLocationContext()->getDecl();
|
|
|
|
|
C = PathDiagnosticCallPiece::construct(PD.getActivePath(), Caller);
|
|
|
|
|
|
|
|
|
|
// Since we just transferred the path over to the call piece,
|
|
|
|
|
// reset the mapping from active to location context.
|
|
|
|
|
assert(PD.getActivePath().size() == 1 &&
|
|
|
|
|
PD.getActivePath().front() == C);
|
2014-05-27 10:45:47 +08:00
|
|
|
LCM[&PD.getActivePath()] = nullptr;
|
2013-05-08 05:12:06 +08:00
|
|
|
|
|
|
|
|
// Record the location context mapping for the path within
|
|
|
|
|
// the call.
|
2014-05-27 10:45:47 +08:00
|
|
|
assert(LCM[&C->path] == nullptr ||
|
2013-05-08 05:12:06 +08:00
|
|
|
LCM[&C->path] == CE->getCalleeContext());
|
|
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
|
|
|
|
|
|
|
|
|
// If this is the first item in the active path, record
|
|
|
|
|
// the new mapping from active path to location context.
|
|
|
|
|
const LocationContext *&NewLC = LCM[&PD.getActivePath()];
|
2013-05-25 05:43:05 +08:00
|
|
|
if (!NewLC)
|
2013-05-08 05:12:06 +08:00
|
|
|
NewLC = N->getLocationContext();
|
|
|
|
|
|
2013-05-25 05:43:05 +08:00
|
|
|
PDB.LC = NewLC;
|
2013-05-08 05:12:06 +08:00
|
|
|
}
|
|
|
|
|
C->setCallee(*CE, SM);
|
|
|
|
|
|
2013-05-25 05:43:05 +08:00
|
|
|
// Update the previous location in the active path.
|
|
|
|
|
PrevLoc = C->getLocation();
|
|
|
|
|
|
2013-05-08 05:12:06 +08:00
|
|
|
if (!CallStack.empty()) {
|
|
|
|
|
assert(CallStack.back().first == C);
|
|
|
|
|
CallStack.pop_back();
|
|
|
|
|
}
|
2013-05-04 02:25:33 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-08 05:12:06 +08:00
|
|
|
// Query the location context here and the previous location
|
|
|
|
|
// as processing CallEnter may change the active path.
|
|
|
|
|
PDB.LC = N->getLocationContext();
|
|
|
|
|
|
|
|
|
|
// Record the mapping from the active path to the location
|
|
|
|
|
// context.
|
|
|
|
|
assert(!LCM[&PD.getActivePath()] ||
|
|
|
|
|
LCM[&PD.getActivePath()] == PDB.LC);
|
|
|
|
|
LCM[&PD.getActivePath()] = PDB.LC;
|
|
|
|
|
|
2013-05-04 02:25:33 +08:00
|
|
|
// Have we encountered an exit from a function call?
|
|
|
|
|
if (Optional<CallExitEnd> CE = P.getAs<CallExitEnd>()) {
|
|
|
|
|
const Stmt *S = CE->getCalleeContext()->getCallSite();
|
|
|
|
|
// Propagate the interesting symbols accordingly.
|
|
|
|
|
if (const Expr *Ex = dyn_cast_or_null<Expr>(S)) {
|
|
|
|
|
reversePropagateIntererstingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(), Ex,
|
2013-05-04 02:25:33 +08:00
|
|
|
N->getLocationContext());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// We are descending into a call (backwards). Construct
|
|
|
|
|
// a new call piece to contain the path pieces for that call.
|
|
|
|
|
PathDiagnosticCallPiece *C =
|
|
|
|
|
PathDiagnosticCallPiece::construct(N, *CE, SM);
|
|
|
|
|
|
|
|
|
|
// Record the location context for this call piece.
|
2013-05-04 09:13:01 +08:00
|
|
|
LCM[&C->path] = CE->getCalleeContext();
|
2013-05-04 02:25:33 +08:00
|
|
|
|
|
|
|
|
// Add the edge to the return site.
|
2013-05-08 05:12:06 +08:00
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc, C->callReturn, PDB.LC);
|
|
|
|
|
PD.getActivePath().push_front(C);
|
2013-05-25 05:43:05 +08:00
|
|
|
PrevLoc.invalidate();
|
2013-05-04 02:25:33 +08:00
|
|
|
|
|
|
|
|
// Make the contents of the call the active path for now.
|
|
|
|
|
PD.pushActivePath(&C->path);
|
|
|
|
|
CallStack.push_back(StackDiagPair(C, N));
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-08 05:12:06 +08:00
|
|
|
if (Optional<PostStmt> PS = P.getAs<PostStmt>()) {
|
|
|
|
|
// For expressions, make sure we propagate the
|
|
|
|
|
// interesting symbols correctly.
|
|
|
|
|
if (const Expr *Ex = PS->getStmtAs<Expr>())
|
|
|
|
|
reversePropagateIntererstingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(), Ex,
|
2013-05-08 05:12:06 +08:00
|
|
|
N->getLocationContext());
|
2013-05-04 02:25:33 +08:00
|
|
|
|
2013-05-21 08:34:40 +08:00
|
|
|
// Add an edge. If this is an ObjCForCollectionStmt do
|
|
|
|
|
// not add an edge here as it appears in the CFG both
|
|
|
|
|
// as a terminator and as a terminator condition.
|
|
|
|
|
if (!isa<ObjCForCollectionStmt>(PS->getStmt())) {
|
|
|
|
|
PathDiagnosticLocation L =
|
|
|
|
|
PathDiagnosticLocation(PS->getStmt(), SM, PDB.LC);
|
|
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc, L, PDB.LC);
|
|
|
|
|
}
|
2013-05-04 02:25:33 +08:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Block edges.
|
|
|
|
|
if (Optional<BlockEdge> BE = P.getAs<BlockEdge>()) {
|
|
|
|
|
// Does this represent entering a call? If so, look at propagating
|
|
|
|
|
// interesting symbols across call boundaries.
|
|
|
|
|
if (NextNode) {
|
|
|
|
|
const LocationContext *CallerCtx = NextNode->getLocationContext();
|
|
|
|
|
const LocationContext *CalleeCtx = PDB.LC;
|
|
|
|
|
if (CallerCtx != CalleeCtx) {
|
|
|
|
|
reversePropagateInterestingSymbols(*PDB.getBugReport(), IE,
|
2014-07-05 11:08:06 +08:00
|
|
|
N->getState().get(),
|
2013-05-04 02:25:33 +08:00
|
|
|
CalleeCtx, CallerCtx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Are we jumping to the head of a loop? Add a special diagnostic.
|
|
|
|
|
if (const Stmt *Loop = BE->getSrc()->getLoopTarget()) {
|
|
|
|
|
PathDiagnosticLocation L(Loop, SM, PDB.LC);
|
2014-05-27 10:45:47 +08:00
|
|
|
const Stmt *Body = nullptr;
|
2013-05-09 14:55:41 +08:00
|
|
|
|
|
|
|
|
if (const ForStmt *FS = dyn_cast<ForStmt>(Loop))
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
Body = FS->getBody();
|
2013-05-09 14:55:41 +08:00
|
|
|
else if (const WhileStmt *WS = dyn_cast<WhileStmt>(Loop))
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
Body = WS->getBody();
|
2013-05-21 08:34:40 +08:00
|
|
|
else if (const ObjCForCollectionStmt *OFS =
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
dyn_cast<ObjCForCollectionStmt>(Loop)) {
|
|
|
|
|
Body = OFS->getBody();
|
|
|
|
|
} else if (const CXXForRangeStmt *FRS =
|
|
|
|
|
dyn_cast<CXXForRangeStmt>(Loop)) {
|
|
|
|
|
Body = FRS->getBody();
|
2013-05-21 08:34:40 +08:00
|
|
|
}
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
// do-while statements are explicitly excluded here
|
2013-05-04 02:25:33 +08:00
|
|
|
|
|
|
|
|
PathDiagnosticEventPiece *p =
|
|
|
|
|
new PathDiagnosticEventPiece(L, "Looping back to the head "
|
|
|
|
|
"of the loop");
|
|
|
|
|
p->setPrunable(true);
|
|
|
|
|
|
2013-05-08 05:12:06 +08:00
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc, p->getLocation(), PDB.LC);
|
2013-05-04 09:12:55 +08:00
|
|
|
PD.getActivePath().push_front(p);
|
2013-05-09 14:55:41 +08:00
|
|
|
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
if (const CompoundStmt *CS = dyn_cast_or_null<CompoundStmt>(Body)) {
|
2013-05-09 14:55:41 +08:00
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc,
|
|
|
|
|
PathDiagnosticLocation::createEndBrace(CS, SM),
|
|
|
|
|
PDB.LC);
|
|
|
|
|
}
|
2013-05-04 02:25:33 +08:00
|
|
|
}
|
2013-05-07 09:18:10 +08:00
|
|
|
|
2013-05-04 02:25:33 +08:00
|
|
|
const CFGBlock *BSrc = BE->getSrc();
|
|
|
|
|
ParentMap &PM = PDB.getParentMap();
|
|
|
|
|
|
|
|
|
|
if (const Stmt *Term = BSrc->getTerminator()) {
|
|
|
|
|
// Are we jumping past the loop body without ever executing the
|
|
|
|
|
// loop (because the condition was false)?
|
2013-05-07 09:18:10 +08:00
|
|
|
if (isLoop(Term)) {
|
2013-05-21 08:34:40 +08:00
|
|
|
const Stmt *TermCond = getTerminatorCondition(BSrc);
|
2013-05-07 09:18:10 +08:00
|
|
|
bool IsInLoopBody =
|
|
|
|
|
isInLoopBody(PM, getStmtBeforeCond(PM, TermCond, N), Term);
|
|
|
|
|
|
2014-05-27 10:45:47 +08:00
|
|
|
const char *str = nullptr;
|
2013-05-07 09:18:10 +08:00
|
|
|
|
|
|
|
|
if (isJumpToFalseBranch(&*BE)) {
|
|
|
|
|
if (!IsInLoopBody) {
|
2013-11-08 09:15:30 +08:00
|
|
|
if (isa<ObjCForCollectionStmt>(Term)) {
|
|
|
|
|
str = StrLoopCollectionEmpty;
|
|
|
|
|
} else if (isa<CXXForRangeStmt>(Term)) {
|
|
|
|
|
str = StrLoopRangeEmpty;
|
|
|
|
|
} else {
|
|
|
|
|
str = StrLoopBodyZero;
|
|
|
|
|
}
|
2013-05-07 09:18:10 +08:00
|
|
|
}
|
2013-07-17 02:27:27 +08:00
|
|
|
} else {
|
2013-06-01 00:56:54 +08:00
|
|
|
str = StrEnteringLoop;
|
2013-05-07 09:18:10 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (str) {
|
2013-05-30 09:05:58 +08:00
|
|
|
PathDiagnosticLocation L(TermCond ? TermCond : Term, SM, PDB.LC);
|
2013-05-07 09:18:10 +08:00
|
|
|
PathDiagnosticEventPiece *PE =
|
|
|
|
|
new PathDiagnosticEventPiece(L, str);
|
|
|
|
|
PE->setPrunable(true);
|
|
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc,
|
2013-05-08 05:12:06 +08:00
|
|
|
PE->getLocation(), PDB.LC);
|
2013-05-07 09:18:10 +08:00
|
|
|
PD.getActivePath().push_front(PE);
|
|
|
|
|
}
|
2013-07-17 02:27:27 +08:00
|
|
|
} else if (isa<BreakStmt>(Term) || isa<ContinueStmt>(Term) ||
|
|
|
|
|
isa<GotoStmt>(Term)) {
|
2013-05-08 05:11:54 +08:00
|
|
|
PathDiagnosticLocation L(Term, SM, PDB.LC);
|
2013-05-08 05:12:06 +08:00
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc, L, PDB.LC);
|
2013-05-08 05:11:54 +08:00
|
|
|
}
|
2013-05-04 02:25:33 +08:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} while (0);
|
|
|
|
|
|
|
|
|
|
if (!NextNode)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Add pieces from custom visitors.
|
2014-09-05 07:54:33 +08:00
|
|
|
for (auto &V : visitors) {
|
|
|
|
|
if (PathDiagnosticPiece *p = V->VisitNode(N, NextNode, PDB, *report)) {
|
2013-05-08 05:12:06 +08:00
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc, p->getLocation(), PDB.LC);
|
2013-05-04 09:12:55 +08:00
|
|
|
PD.getActivePath().push_front(p);
|
2013-05-04 02:25:33 +08:00
|
|
|
updateStackPiecesWithMessage(p, CallStack);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:45 +08:00
|
|
|
// Add an edge to the start of the function.
|
|
|
|
|
// We'll prune it out later, but it helps make diagnostics more uniform.
|
|
|
|
|
const StackFrameContext *CalleeLC = PDB.LC->getCurrentStackFrame();
|
|
|
|
|
const Decl *D = CalleeLC->getDecl();
|
|
|
|
|
addEdgeToPath(PD.getActivePath(), PrevLoc,
|
|
|
|
|
PathDiagnosticLocation::createBegin(D, SM),
|
|
|
|
|
CalleeLC);
|
|
|
|
|
|
2013-05-04 02:25:33 +08:00
|
|
|
return report->isValid();
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-23 23:53:44 +08:00
|
|
|
static const Stmt *getLocStmt(PathDiagnosticLocation L) {
|
2013-05-04 09:13:01 +08:00
|
|
|
if (!L.isValid())
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2013-05-04 09:13:08 +08:00
|
|
|
return L.asStmt();
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
static const Stmt *getStmtParent(const Stmt *S, const ParentMap &PM) {
|
2013-05-04 09:13:01 +08:00
|
|
|
if (!S)
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2013-05-17 14:48:27 +08:00
|
|
|
|
|
|
|
|
while (true) {
|
|
|
|
|
S = PM.getParentIgnoreParens(S);
|
|
|
|
|
|
|
|
|
|
if (!S)
|
|
|
|
|
break;
|
|
|
|
|
|
2013-05-22 05:38:02 +08:00
|
|
|
if (isa<ExprWithCleanups>(S) ||
|
|
|
|
|
isa<CXXBindTemporaryExpr>(S) ||
|
|
|
|
|
isa<SubstNonTypeTemplateParmExpr>(S))
|
2013-05-17 14:48:27 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return S;
|
2013-05-04 09:13:01 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-04 09:13:22 +08:00
|
|
|
static bool isConditionForTerminator(const Stmt *S, const Stmt *Cond) {
|
|
|
|
|
switch (S->getStmtClass()) {
|
2013-05-08 05:11:57 +08:00
|
|
|
case Stmt::BinaryOperatorClass: {
|
|
|
|
|
const BinaryOperator *BO = cast<BinaryOperator>(S);
|
|
|
|
|
if (!BO->isLogicalOp())
|
|
|
|
|
return false;
|
|
|
|
|
return BO->getLHS() == Cond || BO->getRHS() == Cond;
|
|
|
|
|
}
|
2013-05-07 15:30:07 +08:00
|
|
|
case Stmt::IfStmtClass:
|
|
|
|
|
return cast<IfStmt>(S)->getCond() == Cond;
|
2013-05-04 09:13:22 +08:00
|
|
|
case Stmt::ForStmtClass:
|
|
|
|
|
return cast<ForStmt>(S)->getCond() == Cond;
|
|
|
|
|
case Stmt::WhileStmtClass:
|
|
|
|
|
return cast<WhileStmt>(S)->getCond() == Cond;
|
|
|
|
|
case Stmt::DoStmtClass:
|
|
|
|
|
return cast<DoStmt>(S)->getCond() == Cond;
|
|
|
|
|
case Stmt::ChooseExprClass:
|
|
|
|
|
return cast<ChooseExpr>(S)->getCond() == Cond;
|
|
|
|
|
case Stmt::IndirectGotoStmtClass:
|
|
|
|
|
return cast<IndirectGotoStmt>(S)->getTarget() == Cond;
|
|
|
|
|
case Stmt::SwitchStmtClass:
|
|
|
|
|
return cast<SwitchStmt>(S)->getCond() == Cond;
|
|
|
|
|
case Stmt::BinaryConditionalOperatorClass:
|
|
|
|
|
return cast<BinaryConditionalOperator>(S)->getCond() == Cond;
|
2013-05-08 09:15:20 +08:00
|
|
|
case Stmt::ConditionalOperatorClass: {
|
|
|
|
|
const ConditionalOperator *CO = cast<ConditionalOperator>(S);
|
|
|
|
|
return CO->getCond() == Cond ||
|
|
|
|
|
CO->getLHS() == Cond ||
|
|
|
|
|
CO->getRHS() == Cond;
|
|
|
|
|
}
|
2013-05-04 09:13:22 +08:00
|
|
|
case Stmt::ObjCForCollectionStmtClass:
|
|
|
|
|
return cast<ObjCForCollectionStmt>(S)->getElement() == Cond;
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
case Stmt::CXXForRangeStmtClass: {
|
|
|
|
|
const CXXForRangeStmt *FRS = cast<CXXForRangeStmt>(S);
|
|
|
|
|
return FRS->getCond() == Cond || FRS->getRangeInit() == Cond;
|
|
|
|
|
}
|
2013-05-04 09:13:22 +08:00
|
|
|
default:
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-08 05:11:49 +08:00
|
|
|
static bool isIncrementOrInitInForLoop(const Stmt *S, const Stmt *FL) {
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
if (const ForStmt *FS = dyn_cast<ForStmt>(FL))
|
|
|
|
|
return FS->getInc() == S || FS->getInit() == S;
|
|
|
|
|
if (const CXXForRangeStmt *FRS = dyn_cast<CXXForRangeStmt>(FL))
|
|
|
|
|
return FRS->getInc() == S || FRS->getRangeStmt() == S ||
|
|
|
|
|
FRS->getLoopVarStmt() || FRS->getRangeInit() == S;
|
|
|
|
|
return false;
|
2013-05-08 01:02:41 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-04 09:13:22 +08:00
|
|
|
typedef llvm::DenseSet<const PathDiagnosticCallPiece *>
|
|
|
|
|
OptimizedCallsSet;
|
|
|
|
|
|
2013-06-04 06:59:48 +08:00
|
|
|
/// Adds synthetic edges from top-level statements to their subexpressions.
|
|
|
|
|
///
|
|
|
|
|
/// This avoids a "swoosh" effect, where an edge from a top-level statement A
|
|
|
|
|
/// points to a sub-expression B.1 that's not at the start of B. In these cases,
|
|
|
|
|
/// we'd like to see an edge from A to B, then another one from B to B.1.
|
|
|
|
|
static void addContextEdges(PathPieces &pieces, SourceManager &SM,
|
|
|
|
|
const ParentMap &PM, const LocationContext *LCtx) {
|
|
|
|
|
PathPieces::iterator Prev = pieces.end();
|
|
|
|
|
for (PathPieces::iterator I = pieces.begin(), E = Prev; I != E;
|
|
|
|
|
Prev = I, ++I) {
|
|
|
|
|
PathDiagnosticControlFlowPiece *Piece =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I);
|
|
|
|
|
|
|
|
|
|
if (!Piece)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
PathDiagnosticLocation SrcLoc = Piece->getStartLocation();
|
2013-06-04 06:59:53 +08:00
|
|
|
SmallVector<PathDiagnosticLocation, 4> SrcContexts;
|
|
|
|
|
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
PathDiagnosticLocation NextSrcContext = SrcLoc;
|
2014-05-27 10:45:47 +08:00
|
|
|
const Stmt *InnerStmt = nullptr;
|
2013-06-04 06:59:53 +08:00
|
|
|
while (NextSrcContext.isValid() && NextSrcContext.asStmt() != InnerStmt) {
|
|
|
|
|
SrcContexts.push_back(NextSrcContext);
|
|
|
|
|
InnerStmt = NextSrcContext.asStmt();
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
NextSrcContext = getEnclosingStmtLocation(InnerStmt, SM, PM, LCtx,
|
|
|
|
|
/*allowNested=*/true);
|
2013-06-04 06:59:53 +08:00
|
|
|
}
|
2013-06-04 06:59:48 +08:00
|
|
|
|
|
|
|
|
// Repeatedly split the edge as necessary.
|
|
|
|
|
// This is important for nested logical expressions (||, &&, ?:) where we
|
|
|
|
|
// want to show all the levels of context.
|
|
|
|
|
while (true) {
|
|
|
|
|
const Stmt *Dst = getLocStmt(Piece->getEndLocation());
|
|
|
|
|
|
|
|
|
|
// We are looking at an edge. Is the destination within a larger
|
|
|
|
|
// expression?
|
|
|
|
|
PathDiagnosticLocation DstContext =
|
2013-06-04 06:59:53 +08:00
|
|
|
getEnclosingStmtLocation(Dst, SM, PM, LCtx, /*allowNested=*/true);
|
2013-06-04 06:59:48 +08:00
|
|
|
if (!DstContext.isValid() || DstContext.asStmt() == Dst)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
// If the source is in the same context, we're already good.
|
2013-06-04 06:59:53 +08:00
|
|
|
if (std::find(SrcContexts.begin(), SrcContexts.end(), DstContext) !=
|
|
|
|
|
SrcContexts.end())
|
2013-06-04 06:59:48 +08:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
// Update the subexpression node to point to the context edge.
|
|
|
|
|
Piece->setStartLocation(DstContext);
|
|
|
|
|
|
|
|
|
|
// Try to extend the previous edge if it's at the same level as the source
|
|
|
|
|
// context.
|
|
|
|
|
if (Prev != E) {
|
|
|
|
|
PathDiagnosticControlFlowPiece *PrevPiece =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*Prev);
|
|
|
|
|
|
|
|
|
|
if (PrevPiece) {
|
|
|
|
|
if (const Stmt *PrevSrc = getLocStmt(PrevPiece->getStartLocation())) {
|
|
|
|
|
const Stmt *PrevSrcParent = getStmtParent(PrevSrc, PM);
|
|
|
|
|
if (PrevSrcParent == getStmtParent(getLocStmt(DstContext), PM)) {
|
|
|
|
|
PrevPiece->setEndLocation(DstContext);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Otherwise, split the current edge into a context edge and a
|
|
|
|
|
// subexpression edge. Note that the context statement may itself have
|
|
|
|
|
// context.
|
|
|
|
|
Piece = new PathDiagnosticControlFlowPiece(SrcLoc, DstContext);
|
|
|
|
|
I = pieces.insert(I, Piece);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// \brief Move edges from a branch condition to a branch target
|
|
|
|
|
/// when the condition is simple.
|
|
|
|
|
///
|
|
|
|
|
/// This restructures some of the work of addContextEdges. That function
|
|
|
|
|
/// creates edges this may destroy, but they work together to create a more
|
|
|
|
|
/// aesthetically set of edges around branches. After the call to
|
|
|
|
|
/// addContextEdges, we may have (1) an edge to the branch, (2) an edge from
|
|
|
|
|
/// the branch to the branch condition, and (3) an edge from the branch
|
|
|
|
|
/// condition to the branch target. We keep (1), but may wish to remove (2)
|
|
|
|
|
/// and move the source of (3) to the branch if the branch condition is simple.
|
|
|
|
|
///
|
|
|
|
|
static void simplifySimpleBranches(PathPieces &pieces) {
|
|
|
|
|
for (PathPieces::iterator I = pieces.begin(), E = pieces.end(); I != E; ++I) {
|
|
|
|
|
|
|
|
|
|
PathDiagnosticControlFlowPiece *PieceI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I);
|
|
|
|
|
|
|
|
|
|
if (!PieceI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
const Stmt *s1Start = getLocStmt(PieceI->getStartLocation());
|
|
|
|
|
const Stmt *s1End = getLocStmt(PieceI->getEndLocation());
|
|
|
|
|
|
|
|
|
|
if (!s1Start || !s1End)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
PathPieces::iterator NextI = I; ++NextI;
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
break;
|
|
|
|
|
|
2014-05-27 10:45:47 +08:00
|
|
|
PathDiagnosticControlFlowPiece *PieceNextI = nullptr;
|
2013-06-04 06:59:48 +08:00
|
|
|
|
|
|
|
|
while (true) {
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
PathDiagnosticEventPiece *EV = dyn_cast<PathDiagnosticEventPiece>(*NextI);
|
|
|
|
|
if (EV) {
|
|
|
|
|
StringRef S = EV->getString();
|
2013-11-08 09:15:30 +08:00
|
|
|
if (S == StrEnteringLoop || S == StrLoopBodyZero ||
|
|
|
|
|
S == StrLoopCollectionEmpty || S == StrLoopRangeEmpty) {
|
2013-06-04 06:59:48 +08:00
|
|
|
++NextI;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PieceNextI = dyn_cast<PathDiagnosticControlFlowPiece>(*NextI);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!PieceNextI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
const Stmt *s2Start = getLocStmt(PieceNextI->getStartLocation());
|
|
|
|
|
const Stmt *s2End = getLocStmt(PieceNextI->getEndLocation());
|
|
|
|
|
|
|
|
|
|
if (!s2Start || !s2End || s1End != s2Start)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// We only perform this transformation for specific branch kinds.
|
|
|
|
|
// We don't want to do this for do..while, for example.
|
|
|
|
|
if (!(isa<ForStmt>(s1Start) || isa<WhileStmt>(s1Start) ||
|
[analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.
In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.
One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.
<rdar://problem/14038483>
llvm-svn: 183449
2013-06-07 05:53:45 +08:00
|
|
|
isa<IfStmt>(s1Start) || isa<ObjCForCollectionStmt>(s1Start) ||
|
|
|
|
|
isa<CXXForRangeStmt>(s1Start)))
|
2013-06-04 06:59:48 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Is s1End the branch condition?
|
|
|
|
|
if (!isConditionForTerminator(s1Start, s1End))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Perform the hoisting by eliminating (2) and changing the start
|
|
|
|
|
// location of (3).
|
|
|
|
|
PieceNextI->setStartLocation(PieceI->getStartLocation());
|
|
|
|
|
I = pieces.erase(I);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-04 07:00:09 +08:00
|
|
|
/// Returns the number of bytes in the given (character-based) SourceRange.
|
2013-06-04 07:00:05 +08:00
|
|
|
///
|
|
|
|
|
/// If the locations in the range are not on the same line, returns None.
|
|
|
|
|
///
|
|
|
|
|
/// Note that this does not do a precise user-visible character or column count.
|
|
|
|
|
static Optional<size_t> getLengthOnSingleLine(SourceManager &SM,
|
|
|
|
|
SourceRange Range) {
|
|
|
|
|
SourceRange ExpansionRange(SM.getExpansionLoc(Range.getBegin()),
|
|
|
|
|
SM.getExpansionRange(Range.getEnd()).second);
|
|
|
|
|
|
|
|
|
|
FileID FID = SM.getFileID(ExpansionRange.getBegin());
|
|
|
|
|
if (FID != SM.getFileID(ExpansionRange.getEnd()))
|
|
|
|
|
return None;
|
|
|
|
|
|
|
|
|
|
bool Invalid;
|
|
|
|
|
const llvm::MemoryBuffer *Buffer = SM.getBuffer(FID, &Invalid);
|
|
|
|
|
if (Invalid)
|
|
|
|
|
return None;
|
|
|
|
|
|
|
|
|
|
unsigned BeginOffset = SM.getFileOffset(ExpansionRange.getBegin());
|
|
|
|
|
unsigned EndOffset = SM.getFileOffset(ExpansionRange.getEnd());
|
|
|
|
|
StringRef Snippet = Buffer->getBuffer().slice(BeginOffset, EndOffset);
|
|
|
|
|
|
|
|
|
|
// We're searching the raw bytes of the buffer here, which might include
|
|
|
|
|
// escaped newlines and such. That's okay; we're trying to decide whether the
|
|
|
|
|
// SourceRange is covering a large or small amount of space in the user's
|
|
|
|
|
// editor.
|
|
|
|
|
if (Snippet.find_first_of("\r\n") != StringRef::npos)
|
|
|
|
|
return None;
|
|
|
|
|
|
|
|
|
|
// This isn't Unicode-aware, but it doesn't need to be.
|
|
|
|
|
return Snippet.size();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// \sa getLengthOnSingleLine(SourceManager, SourceRange)
|
|
|
|
|
static Optional<size_t> getLengthOnSingleLine(SourceManager &SM,
|
|
|
|
|
const Stmt *S) {
|
|
|
|
|
return getLengthOnSingleLine(SM, S->getSourceRange());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Eliminate two-edge cycles created by addContextEdges().
|
|
|
|
|
///
|
|
|
|
|
/// Once all the context edges are in place, there are plenty of cases where
|
|
|
|
|
/// there's a single edge from a top-level statement to a subexpression,
|
|
|
|
|
/// followed by a single path note, and then a reverse edge to get back out to
|
|
|
|
|
/// the top level. If the statement is simple enough, the subexpression edges
|
|
|
|
|
/// just add noise and make it harder to understand what's going on.
|
|
|
|
|
///
|
|
|
|
|
/// This function only removes edges in pairs, because removing only one edge
|
|
|
|
|
/// might leave other edges dangling.
|
|
|
|
|
///
|
|
|
|
|
/// This will not remove edges in more complicated situations:
|
|
|
|
|
/// - if there is more than one "hop" leading to or from a subexpression.
|
|
|
|
|
/// - if there is an inlined call between the edges instead of a single event.
|
|
|
|
|
/// - if the whole statement is large enough that having subexpression arrows
|
|
|
|
|
/// might be helpful.
|
|
|
|
|
static void removeContextCycles(PathPieces &Path, SourceManager &SM,
|
|
|
|
|
ParentMap &PM) {
|
2013-06-04 07:00:00 +08:00
|
|
|
for (PathPieces::iterator I = Path.begin(), E = Path.end(); I != E; ) {
|
|
|
|
|
// Pattern match the current piece and its successor.
|
|
|
|
|
PathDiagnosticControlFlowPiece *PieceI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I);
|
|
|
|
|
|
|
|
|
|
if (!PieceI) {
|
|
|
|
|
++I;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const Stmt *s1Start = getLocStmt(PieceI->getStartLocation());
|
|
|
|
|
const Stmt *s1End = getLocStmt(PieceI->getEndLocation());
|
|
|
|
|
|
|
|
|
|
PathPieces::iterator NextI = I; ++NextI;
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
PathDiagnosticControlFlowPiece *PieceNextI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*NextI);
|
|
|
|
|
|
|
|
|
|
if (!PieceNextI) {
|
|
|
|
|
if (isa<PathDiagnosticEventPiece>(*NextI)) {
|
|
|
|
|
++NextI;
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
break;
|
|
|
|
|
PieceNextI = dyn_cast<PathDiagnosticControlFlowPiece>(*NextI);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!PieceNextI) {
|
|
|
|
|
++I;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const Stmt *s2Start = getLocStmt(PieceNextI->getStartLocation());
|
|
|
|
|
const Stmt *s2End = getLocStmt(PieceNextI->getEndLocation());
|
|
|
|
|
|
|
|
|
|
if (s1Start && s2Start && s1Start == s2End && s2Start == s1End) {
|
2013-06-04 07:00:05 +08:00
|
|
|
const size_t MAX_SHORT_LINE_LENGTH = 80;
|
|
|
|
|
Optional<size_t> s1Length = getLengthOnSingleLine(SM, s1Start);
|
|
|
|
|
if (s1Length && *s1Length <= MAX_SHORT_LINE_LENGTH) {
|
|
|
|
|
Optional<size_t> s2Length = getLengthOnSingleLine(SM, s2Start);
|
|
|
|
|
if (s2Length && *s2Length <= MAX_SHORT_LINE_LENGTH) {
|
|
|
|
|
Path.erase(I);
|
|
|
|
|
I = Path.erase(NextI);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-06-04 07:00:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
++I;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-22 05:38:05 +08:00
|
|
|
/// \brief Return true if X is contained by Y.
|
|
|
|
|
static bool lexicalContains(ParentMap &PM,
|
|
|
|
|
const Stmt *X,
|
|
|
|
|
const Stmt *Y) {
|
|
|
|
|
while (X) {
|
|
|
|
|
if (X == Y)
|
|
|
|
|
return true;
|
|
|
|
|
X = PM.getParent(X);
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-23 02:52:35 +08:00
|
|
|
// Remove short edges on the same line less than 3 columns in difference.
|
|
|
|
|
static void removePunyEdges(PathPieces &path,
|
|
|
|
|
SourceManager &SM,
|
|
|
|
|
ParentMap &PM) {
|
|
|
|
|
|
|
|
|
|
bool erased = false;
|
|
|
|
|
|
|
|
|
|
for (PathPieces::iterator I = path.begin(), E = path.end(); I != E;
|
|
|
|
|
erased ? I : ++I) {
|
|
|
|
|
|
|
|
|
|
erased = false;
|
|
|
|
|
|
|
|
|
|
PathDiagnosticControlFlowPiece *PieceI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I);
|
|
|
|
|
|
|
|
|
|
if (!PieceI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
const Stmt *start = getLocStmt(PieceI->getStartLocation());
|
|
|
|
|
const Stmt *end = getLocStmt(PieceI->getEndLocation());
|
|
|
|
|
|
|
|
|
|
if (!start || !end)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
const Stmt *endParent = PM.getParent(end);
|
|
|
|
|
if (!endParent)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (isConditionForTerminator(end, endParent))
|
|
|
|
|
continue;
|
|
|
|
|
|
2013-06-04 07:00:05 +08:00
|
|
|
SourceLocation FirstLoc = start->getLocStart();
|
|
|
|
|
SourceLocation SecondLoc = end->getLocStart();
|
2013-05-23 02:52:35 +08:00
|
|
|
|
2013-08-22 08:27:10 +08:00
|
|
|
if (!SM.isWrittenInSameFile(FirstLoc, SecondLoc))
|
2013-05-23 02:52:35 +08:00
|
|
|
continue;
|
2013-06-04 07:00:05 +08:00
|
|
|
if (SM.isBeforeInTranslationUnit(SecondLoc, FirstLoc))
|
|
|
|
|
std::swap(SecondLoc, FirstLoc);
|
2013-05-23 02:52:35 +08:00
|
|
|
|
2013-06-04 07:00:05 +08:00
|
|
|
SourceRange EdgeRange(FirstLoc, SecondLoc);
|
|
|
|
|
Optional<size_t> ByteWidth = getLengthOnSingleLine(SM, EdgeRange);
|
2013-05-23 02:52:35 +08:00
|
|
|
|
2013-06-04 07:00:05 +08:00
|
|
|
// If the statements are on different lines, continue.
|
|
|
|
|
if (!ByteWidth)
|
2013-05-23 02:52:35 +08:00
|
|
|
continue;
|
|
|
|
|
|
2013-06-04 07:00:05 +08:00
|
|
|
const size_t MAX_PUNY_EDGE_LENGTH = 2;
|
|
|
|
|
if (*ByteWidth <= MAX_PUNY_EDGE_LENGTH) {
|
|
|
|
|
// FIXME: There are enough /bytes/ between the endpoints of the edge, but
|
|
|
|
|
// there might not be enough /columns/. A proper user-visible column count
|
|
|
|
|
// is probably too expensive, though.
|
2013-05-23 03:25:03 +08:00
|
|
|
I = path.erase(I);
|
2013-05-23 02:52:35 +08:00
|
|
|
erased = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-23 03:10:41 +08:00
|
|
|
static void removeIdenticalEvents(PathPieces &path) {
|
|
|
|
|
for (PathPieces::iterator I = path.begin(), E = path.end(); I != E; ++I) {
|
|
|
|
|
PathDiagnosticEventPiece *PieceI =
|
|
|
|
|
dyn_cast<PathDiagnosticEventPiece>(*I);
|
|
|
|
|
|
|
|
|
|
if (!PieceI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
PathPieces::iterator NextI = I; ++NextI;
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
PathDiagnosticEventPiece *PieceNextI =
|
2013-05-23 14:41:58 +08:00
|
|
|
dyn_cast<PathDiagnosticEventPiece>(*NextI);
|
2013-05-23 03:10:41 +08:00
|
|
|
|
|
|
|
|
if (!PieceNextI)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
// Erase the second piece if it has the same exact message text.
|
|
|
|
|
if (PieceI->getString() == PieceNextI->getString()) {
|
|
|
|
|
path.erase(NextI);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-04 09:13:22 +08:00
|
|
|
static bool optimizeEdges(PathPieces &path, SourceManager &SM,
|
|
|
|
|
OptimizedCallsSet &OCS,
|
2013-05-18 10:26:50 +08:00
|
|
|
LocationContextMap &LCM) {
|
2013-05-04 09:13:01 +08:00
|
|
|
bool hasChanges = false;
|
|
|
|
|
const LocationContext *LC = LCM[&path];
|
|
|
|
|
assert(LC);
|
2013-05-23 02:52:35 +08:00
|
|
|
ParentMap &PM = LC->getParentMap();
|
2013-05-04 09:13:01 +08:00
|
|
|
|
2013-05-07 05:59:37 +08:00
|
|
|
for (PathPieces::iterator I = path.begin(), E = path.end(); I != E; ) {
|
2013-05-04 09:13:01 +08:00
|
|
|
// Optimize subpaths.
|
|
|
|
|
if (PathDiagnosticCallPiece *CallI = dyn_cast<PathDiagnosticCallPiece>(*I)){
|
2013-05-07 05:59:37 +08:00
|
|
|
// Record the fact that a call has been optimized so we only do the
|
|
|
|
|
// effort once.
|
2013-05-04 09:13:22 +08:00
|
|
|
if (!OCS.count(CallI)) {
|
2013-05-18 10:26:50 +08:00
|
|
|
while (optimizeEdges(CallI->path, SM, OCS, LCM)) {}
|
2013-05-04 09:13:22 +08:00
|
|
|
OCS.insert(CallI);
|
|
|
|
|
}
|
2013-05-07 05:59:37 +08:00
|
|
|
++I;
|
2013-05-04 09:13:01 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Pattern match the current piece and its successor.
|
|
|
|
|
PathDiagnosticControlFlowPiece *PieceI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*I);
|
|
|
|
|
|
2013-05-07 05:59:37 +08:00
|
|
|
if (!PieceI) {
|
|
|
|
|
++I;
|
2013-05-04 09:13:01 +08:00
|
|
|
continue;
|
2013-05-07 05:59:37 +08:00
|
|
|
}
|
2013-05-04 09:13:01 +08:00
|
|
|
|
2013-05-04 09:13:08 +08:00
|
|
|
const Stmt *s1Start = getLocStmt(PieceI->getStartLocation());
|
|
|
|
|
const Stmt *s1End = getLocStmt(PieceI->getEndLocation());
|
|
|
|
|
const Stmt *level1 = getStmtParent(s1Start, PM);
|
|
|
|
|
const Stmt *level2 = getStmtParent(s1End, PM);
|
|
|
|
|
|
2013-05-04 09:13:22 +08:00
|
|
|
PathPieces::iterator NextI = I; ++NextI;
|
|
|
|
|
if (NextI == E)
|
|
|
|
|
break;
|
|
|
|
|
|
2013-05-04 09:13:01 +08:00
|
|
|
PathDiagnosticControlFlowPiece *PieceNextI =
|
|
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(*NextI);
|
|
|
|
|
|
2013-05-07 05:59:37 +08:00
|
|
|
if (!PieceNextI) {
|
|
|
|
|
++I;
|
2013-05-04 09:13:01 +08:00
|
|
|
continue;
|
2013-05-07 05:59:37 +08:00
|
|
|
}
|
2013-05-04 09:13:01 +08:00
|
|
|
|
2013-05-04 09:13:08 +08:00
|
|
|
const Stmt *s2Start = getLocStmt(PieceNextI->getStartLocation());
|
|
|
|
|
const Stmt *s2End = getLocStmt(PieceNextI->getEndLocation());
|
|
|
|
|
const Stmt *level3 = getStmtParent(s2Start, PM);
|
|
|
|
|
const Stmt *level4 = getStmtParent(s2End, PM);
|
2013-05-04 09:13:01 +08:00
|
|
|
|
|
|
|
|
// Rule I.
|
|
|
|
|
//
|
|
|
|
|
// If we have two consecutive control edges whose end/begin locations
|
2013-05-07 05:59:37 +08:00
|
|
|
// are at the same level (e.g. statements or top-level expressions within
|
|
|
|
|
// a compound statement, or siblings share a single ancestor expression),
|
|
|
|
|
// then merge them if they have no interesting intermediate event.
|
2013-05-04 09:13:01 +08:00
|
|
|
//
|
|
|
|
|
// For example:
|
|
|
|
|
//
|
|
|
|
|
// (1.1 -> 1.2) -> (1.2 -> 1.3) becomes (1.1 -> 1.3) because the common
|
2013-05-07 05:59:37 +08:00
|
|
|
// parent is '1'. Here 'x.y.z' represents the hierarchy of statements.
|
2013-05-04 09:13:01 +08:00
|
|
|
//
|
|
|
|
|
// NOTE: this will be limited later in cases where we add barriers
|
|
|
|
|
// to prevent this optimization.
|
2013-05-04 09:13:08 +08:00
|
|
|
//
|
2013-05-07 05:59:37 +08:00
|
|
|
if (level1 && level1 == level2 && level1 == level3 && level1 == level4) {
|
2013-05-04 09:13:01 +08:00
|
|
|
PieceI->setEndLocation(PieceNextI->getEndLocation());
|
|
|
|
|
path.erase(NextI);
|
|
|
|
|
hasChanges = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2013-05-04 09:13:05 +08:00
|
|
|
|
|
|
|
|
// Rule II.
|
|
|
|
|
//
|
2013-05-07 15:30:07 +08:00
|
|
|
// Eliminate edges between subexpressions and parent expressions
|
|
|
|
|
// when the subexpression is consumed.
|
2013-05-04 09:13:08 +08:00
|
|
|
//
|
|
|
|
|
// NOTE: this will be limited later in cases where we add barriers
|
|
|
|
|
// to prevent this optimization.
|
|
|
|
|
//
|
2013-05-08 05:11:49 +08:00
|
|
|
if (s1End && s1End == s2Start && level2) {
|
2013-05-22 05:38:05 +08:00
|
|
|
bool removeEdge = false;
|
|
|
|
|
// Remove edges into the increment or initialization of a
|
|
|
|
|
// loop that have no interleaving event. This means that
|
|
|
|
|
// they aren't interesting.
|
|
|
|
|
if (isIncrementOrInitInForLoop(s1End, level2))
|
|
|
|
|
removeEdge = true;
|
|
|
|
|
// Next only consider edges that are not anchored on
|
|
|
|
|
// the condition of a terminator. This are intermediate edges
|
|
|
|
|
// that we might want to trim.
|
|
|
|
|
else if (!isConditionForTerminator(level2, s1End)) {
|
|
|
|
|
// Trim edges on expressions that are consumed by
|
|
|
|
|
// the parent expression.
|
|
|
|
|
if (isa<Expr>(s1End) && PM.isConsumedExpr(cast<Expr>(s1End))) {
|
2015-09-08 11:50:52 +08:00
|
|
|
removeEdge = true;
|
2013-05-22 05:38:05 +08:00
|
|
|
}
|
|
|
|
|
// Trim edges where a lexical containment doesn't exist.
|
|
|
|
|
// For example:
|
|
|
|
|
//
|
|
|
|
|
// X -> Y -> Z
|
|
|
|
|
//
|
|
|
|
|
// If 'Z' lexically contains Y (it is an ancestor) and
|
|
|
|
|
// 'X' does not lexically contain Y (it is a descendant OR
|
|
|
|
|
// it has no lexical relationship at all) then trim.
|
|
|
|
|
//
|
|
|
|
|
// This can eliminate edges where we dive into a subexpression
|
|
|
|
|
// and then pop back out, etc.
|
|
|
|
|
else if (s1Start && s2End &&
|
|
|
|
|
lexicalContains(PM, s2Start, s2End) &&
|
|
|
|
|
!lexicalContains(PM, s1End, s1Start)) {
|
|
|
|
|
removeEdge = true;
|
|
|
|
|
}
|
2013-06-04 07:00:09 +08:00
|
|
|
// Trim edges from a subexpression back to the top level if the
|
|
|
|
|
// subexpression is on a different line.
|
|
|
|
|
//
|
|
|
|
|
// A.1 -> A -> B
|
|
|
|
|
// becomes
|
|
|
|
|
// A.1 -> B
|
|
|
|
|
//
|
|
|
|
|
// These edges just look ugly and don't usually add anything.
|
|
|
|
|
else if (s1Start && s2End &&
|
|
|
|
|
lexicalContains(PM, s1Start, s1End)) {
|
|
|
|
|
SourceRange EdgeRange(PieceI->getEndLocation().asLocation(),
|
|
|
|
|
PieceI->getStartLocation().asLocation());
|
|
|
|
|
if (!getLengthOnSingleLine(SM, EdgeRange).hasValue())
|
|
|
|
|
removeEdge = true;
|
|
|
|
|
}
|
2013-05-22 05:38:05 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (removeEdge) {
|
2013-05-08 05:11:49 +08:00
|
|
|
PieceI->setEndLocation(PieceNextI->getEndLocation());
|
|
|
|
|
path.erase(NextI);
|
|
|
|
|
hasChanges = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2013-05-04 09:13:08 +08:00
|
|
|
}
|
2013-05-07 05:59:37 +08:00
|
|
|
|
2013-05-21 08:34:40 +08:00
|
|
|
// Optimize edges for ObjC fast-enumeration loops.
|
|
|
|
|
//
|
|
|
|
|
// (X -> collection) -> (collection -> element)
|
|
|
|
|
//
|
|
|
|
|
// becomes:
|
|
|
|
|
//
|
|
|
|
|
// (X -> element)
|
|
|
|
|
if (s1End == s2Start) {
|
|
|
|
|
const ObjCForCollectionStmt *FS =
|
|
|
|
|
dyn_cast_or_null<ObjCForCollectionStmt>(level3);
|
|
|
|
|
if (FS && FS->getCollection()->IgnoreParens() == s2Start &&
|
|
|
|
|
s2End == FS->getElement()) {
|
|
|
|
|
PieceI->setEndLocation(PieceNextI->getEndLocation());
|
|
|
|
|
path.erase(NextI);
|
|
|
|
|
hasChanges = true;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-05-07 05:59:37 +08:00
|
|
|
// No changes at this index? Move to the next one.
|
|
|
|
|
++I;
|
2013-05-04 09:13:01 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-23 02:52:35 +08:00
|
|
|
if (!hasChanges) {
|
2013-06-04 06:59:48 +08:00
|
|
|
// Adjust edges into subexpressions to make them more uniform
|
|
|
|
|
// and aesthetically pleasing.
|
|
|
|
|
addContextEdges(path, SM, PM, LC);
|
2013-06-04 07:00:00 +08:00
|
|
|
// Remove "cyclical" edges that include one or more context edges.
|
2013-06-04 07:00:05 +08:00
|
|
|
removeContextCycles(path, SM, PM);
|
2013-06-04 06:59:48 +08:00
|
|
|
// Hoist edges originating from branch conditions to branches
|
|
|
|
|
// for simple branches.
|
|
|
|
|
simplifySimpleBranches(path);
|
2013-05-23 02:52:35 +08:00
|
|
|
// Remove any puny edges left over after primary optimization pass.
|
|
|
|
|
removePunyEdges(path, SM, PM);
|
2013-05-23 03:10:41 +08:00
|
|
|
// Remove identical events.
|
|
|
|
|
removeIdenticalEvents(path);
|
2013-05-23 02:52:35 +08:00
|
|
|
}
|
|
|
|
|
|
2013-05-04 09:13:01 +08:00
|
|
|
return hasChanges;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-04 06:59:45 +08:00
|
|
|
/// Drop the very first edge in a path, which should be a function entry edge.
|
2013-06-06 08:12:41 +08:00
|
|
|
///
|
|
|
|
|
/// If the first edge is not a function entry edge (say, because the first
|
|
|
|
|
/// statement had an invalid source location), this function does nothing.
|
|
|
|
|
// FIXME: We should just generate invalid edges anyway and have the optimizer
|
|
|
|
|
// deal with them.
|
2013-06-04 06:59:45 +08:00
|
|
|
static void dropFunctionEntryEdge(PathPieces &Path,
|
|
|
|
|
LocationContextMap &LCM,
|
|
|
|
|
SourceManager &SM) {
|
|
|
|
|
const PathDiagnosticControlFlowPiece *FirstEdge =
|
2013-06-06 08:12:41 +08:00
|
|
|
dyn_cast<PathDiagnosticControlFlowPiece>(Path.front());
|
|
|
|
|
if (!FirstEdge)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
const Decl *D = LCM[&Path]->getDecl();
|
|
|
|
|
PathDiagnosticLocation EntryLoc = PathDiagnosticLocation::createBegin(D, SM);
|
|
|
|
|
if (FirstEdge->getStartLocation() != EntryLoc)
|
|
|
|
|
return;
|
2013-06-04 06:59:45 +08:00
|
|
|
|
|
|
|
|
Path.pop_front();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Methods for BugType and subclasses.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
2013-10-04 08:25:24 +08:00
|
|
|
void BugType::anchor() { }
|
2011-02-23 08:16:01 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
void BugType::FlushReports(BugReporter &BR) {}
|
|
|
|
|
|
2011-12-20 10:48:34 +08:00
|
|
|
void BuiltinBug::anchor() {}
|
|
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Methods for BugReport and subclasses.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
2011-08-18 07:00:25 +08:00
|
|
|
|
2011-12-20 10:48:34 +08:00
|
|
|
void BugReport::NodeResolver::anchor() {}
|
|
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
void BugReport::addVisitor(std::unique_ptr<BugReporterVisitor> visitor) {
|
2011-08-19 06:37:56 +08:00
|
|
|
if (!visitor)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
llvm::FoldingSetNodeID ID;
|
|
|
|
|
visitor->Profile(ID);
|
|
|
|
|
void *InsertPos;
|
|
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
if (CallbacksSet.FindNodeOrInsertPos(ID, InsertPos))
|
2011-08-19 06:37:56 +08:00
|
|
|
return;
|
|
|
|
|
|
2014-09-05 07:54:33 +08:00
|
|
|
CallbacksSet.InsertNode(visitor.get(), InsertPos);
|
|
|
|
|
Callbacks.push_back(std::move(visitor));
|
2012-03-24 11:03:29 +08:00
|
|
|
++ConfigurationChangeToken;
|
2011-08-19 06:37:56 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BugReport::~BugReport() {
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
while (!interestingSymbols.empty()) {
|
|
|
|
|
popInterestingSymbolsAndRegions();
|
|
|
|
|
}
|
2011-08-19 06:37:56 +08:00
|
|
|
}
|
2011-08-18 07:00:25 +08:00
|
|
|
|
2012-04-05 02:11:35 +08:00
|
|
|
const Decl *BugReport::getDeclWithIssue() const {
|
|
|
|
|
if (DeclWithIssue)
|
|
|
|
|
return DeclWithIssue;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2012-04-05 02:11:35 +08:00
|
|
|
const ExplodedNode *N = getErrorNode();
|
|
|
|
|
if (!N)
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
|
|
|
|
|
2012-04-05 02:11:35 +08:00
|
|
|
const LocationContext *LC = N->getLocationContext();
|
|
|
|
|
return LC->getCurrentStackFrame()->getDecl();
|
|
|
|
|
}
|
|
|
|
|
|
2011-08-18 07:00:25 +08:00
|
|
|
void BugReport::Profile(llvm::FoldingSetNodeID& hash) const {
|
|
|
|
|
hash.AddPointer(&BT);
|
|
|
|
|
hash.AddString(Description);
|
2013-01-08 08:25:29 +08:00
|
|
|
PathDiagnosticLocation UL = getUniqueingLocation();
|
|
|
|
|
if (UL.isValid()) {
|
|
|
|
|
UL.Profile(hash);
|
2012-02-24 05:38:21 +08:00
|
|
|
} else if (Location.isValid()) {
|
2011-09-21 05:38:35 +08:00
|
|
|
Location.Profile(hash);
|
|
|
|
|
} else {
|
|
|
|
|
assert(ErrorNode);
|
|
|
|
|
hash.AddPointer(GetCurrentOrPreviousStmt(ErrorNode));
|
|
|
|
|
}
|
2011-08-18 07:00:25 +08:00
|
|
|
|
2015-10-04 12:53:55 +08:00
|
|
|
for (SourceRange range : Ranges) {
|
2011-08-18 07:00:25 +08:00
|
|
|
if (!range.isValid())
|
|
|
|
|
continue;
|
|
|
|
|
hash.AddInteger(range.getBegin().getRawEncoding());
|
|
|
|
|
hash.AddInteger(range.getEnd().getRawEncoding());
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-04-01 07:00:32 +08:00
|
|
|
|
2012-03-09 09:13:14 +08:00
|
|
|
void BugReport::markInteresting(SymbolRef sym) {
|
|
|
|
|
if (!sym)
|
|
|
|
|
return;
|
2012-03-24 11:03:29 +08:00
|
|
|
|
|
|
|
|
// If the symbol wasn't already in our set, note a configuration change.
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
if (getInterestingSymbols().insert(sym).second)
|
2012-03-24 11:03:29 +08:00
|
|
|
++ConfigurationChangeToken;
|
2012-03-16 06:45:29 +08:00
|
|
|
|
|
|
|
|
if (const SymbolMetadata *meta = dyn_cast<SymbolMetadata>(sym))
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
getInterestingRegions().insert(meta->getRegion());
|
2012-03-09 09:13:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BugReport::markInteresting(const MemRegion *R) {
|
|
|
|
|
if (!R)
|
|
|
|
|
return;
|
2012-03-24 11:03:29 +08:00
|
|
|
|
|
|
|
|
// If the base region wasn't already in our set, note a configuration change.
|
2012-03-09 09:13:14 +08:00
|
|
|
R = R->getBaseRegion();
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
if (getInterestingRegions().insert(R).second)
|
2012-03-24 11:03:29 +08:00
|
|
|
++ConfigurationChangeToken;
|
2012-03-16 06:45:29 +08:00
|
|
|
|
2012-03-09 09:13:14 +08:00
|
|
|
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
getInterestingSymbols().insert(SR->getSymbol());
|
2012-03-09 09:13:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BugReport::markInteresting(SVal V) {
|
|
|
|
|
markInteresting(V.getAsRegion());
|
|
|
|
|
markInteresting(V.getAsSymbol());
|
|
|
|
|
}
|
|
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
void BugReport::markInteresting(const LocationContext *LC) {
|
|
|
|
|
if (!LC)
|
|
|
|
|
return;
|
|
|
|
|
InterestingLocationContexts.insert(LC);
|
|
|
|
|
}
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
bool BugReport::isInteresting(SVal V) {
|
2012-03-09 09:13:14 +08:00
|
|
|
return isInteresting(V.getAsRegion()) || isInteresting(V.getAsSymbol());
|
|
|
|
|
}
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
bool BugReport::isInteresting(SymbolRef sym) {
|
2012-03-09 09:13:14 +08:00
|
|
|
if (!sym)
|
|
|
|
|
return false;
|
2012-03-16 06:45:29 +08:00
|
|
|
// We don't currently consider metadata symbols to be interesting
|
|
|
|
|
// even if we know their region is interesting. Is that correct behavior?
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
return getInterestingSymbols().count(sym);
|
2012-03-09 09:13:14 +08:00
|
|
|
}
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
bool BugReport::isInteresting(const MemRegion *R) {
|
2012-03-09 09:13:14 +08:00
|
|
|
if (!R)
|
|
|
|
|
return false;
|
|
|
|
|
R = R->getBaseRegion();
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
bool b = getInterestingRegions().count(R);
|
2012-03-09 09:13:14 +08:00
|
|
|
if (b)
|
|
|
|
|
return true;
|
|
|
|
|
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
return getInterestingSymbols().count(SR->getSymbol());
|
2012-03-09 09:13:14 +08:00
|
|
|
return false;
|
|
|
|
|
}
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
|
2012-08-30 05:22:37 +08:00
|
|
|
bool BugReport::isInteresting(const LocationContext *LC) {
|
|
|
|
|
if (!LC)
|
|
|
|
|
return false;
|
|
|
|
|
return InterestingLocationContexts.count(LC);
|
|
|
|
|
}
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
void BugReport::lazyInitializeInterestingSets() {
|
|
|
|
|
if (interestingSymbols.empty()) {
|
|
|
|
|
interestingSymbols.push_back(new Symbols());
|
|
|
|
|
interestingRegions.push_back(new Regions());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BugReport::Symbols &BugReport::getInterestingSymbols() {
|
|
|
|
|
lazyInitializeInterestingSets();
|
|
|
|
|
return *interestingSymbols.back();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
BugReport::Regions &BugReport::getInterestingRegions() {
|
|
|
|
|
lazyInitializeInterestingSets();
|
|
|
|
|
return *interestingRegions.back();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BugReport::pushInterestingSymbolsAndRegions() {
|
|
|
|
|
interestingSymbols.push_back(new Symbols(getInterestingSymbols()));
|
|
|
|
|
interestingRegions.push_back(new Regions(getInterestingRegions()));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BugReport::popInterestingSymbolsAndRegions() {
|
2013-08-24 00:11:15 +08:00
|
|
|
delete interestingSymbols.pop_back_val();
|
|
|
|
|
delete interestingRegions.pop_back_val();
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
}
|
2012-03-09 09:13:14 +08:00
|
|
|
|
2011-08-13 07:37:29 +08:00
|
|
|
const Stmt *BugReport::getStmt() const {
|
2011-08-18 07:00:25 +08:00
|
|
|
if (!ErrorNode)
|
2014-05-27 10:45:47 +08:00
|
|
|
return nullptr;
|
2011-08-18 07:00:25 +08:00
|
|
|
|
2010-09-16 11:50:38 +08:00
|
|
|
ProgramPoint ProgP = ErrorNode->getLocation();
|
2014-05-27 10:45:47 +08:00
|
|
|
const Stmt *S = nullptr;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-02-22 06:23:56 +08:00
|
|
|
if (Optional<BlockEntrance> BE = ProgP.getAs<BlockEntrance>()) {
|
2009-08-20 09:23:34 +08:00
|
|
|
CFGBlock &Exit = ProgP.getLocationContext()->getCFG()->getExit();
|
2009-08-18 16:46:04 +08:00
|
|
|
if (BE->getBlock() == &Exit)
|
2010-09-16 11:50:38 +08:00
|
|
|
S = GetPreviousStmt(ErrorNode);
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2009-07-23 06:35:28 +08:00
|
|
|
if (!S)
|
2013-04-24 07:57:43 +08:00
|
|
|
S = PathDiagnosticLocation::getStmt(ErrorNode);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
return S;
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
2015-02-07 01:25:10 +08:00
|
|
|
llvm::iterator_range<BugReport::ranges_iterator> BugReport::getRanges() {
|
|
|
|
|
// If no custom ranges, add the range of the statement corresponding to
|
|
|
|
|
// the error node.
|
|
|
|
|
if (Ranges.empty()) {
|
|
|
|
|
if (const Expr *E = dyn_cast_or_null<Expr>(getStmt()))
|
|
|
|
|
addRange(E->getSourceRange());
|
|
|
|
|
else
|
|
|
|
|
return llvm::make_range(ranges_iterator(), ranges_iterator());
|
|
|
|
|
}
|
2011-08-18 07:00:25 +08:00
|
|
|
|
2015-02-07 01:25:10 +08:00
|
|
|
// User-specified absence of range info.
|
|
|
|
|
if (Ranges.size() == 1 && !Ranges.begin()->isValid())
|
|
|
|
|
return llvm::make_range(ranges_iterator(), ranges_iterator());
|
2011-08-25 04:31:06 +08:00
|
|
|
|
2015-12-06 13:07:12 +08:00
|
|
|
return llvm::make_range(Ranges.begin(), Ranges.end());
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
2011-09-21 05:38:35 +08:00
|
|
|
PathDiagnosticLocation BugReport::getLocation(const SourceManager &SM) const {
|
2011-08-18 07:21:23 +08:00
|
|
|
if (ErrorNode) {
|
2011-09-21 05:38:35 +08:00
|
|
|
assert(!Location.isValid() &&
|
2011-08-18 07:21:23 +08:00
|
|
|
"Either Location or ErrorNode should be specified but not both.");
|
2013-04-24 07:57:43 +08:00
|
|
|
return PathDiagnosticLocation::createEndOfPath(ErrorNode, SM);
|
2011-08-18 07:21:23 +08:00
|
|
|
}
|
|
|
|
|
|
2014-03-06 13:37:28 +08:00
|
|
|
assert(Location.isValid());
|
|
|
|
|
return Location;
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Methods for BugReporter and subclasses.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2015-10-20 21:23:58 +08:00
|
|
|
BugReportEquivClass::~BugReportEquivClass() { }
|
|
|
|
|
GRBugReporter::~GRBugReporter() { }
|
|
|
|
|
BugReporterData::~BugReporterData() {}
|
2009-04-01 07:00:32 +08:00
|
|
|
|
2009-08-06 14:28:40 +08:00
|
|
|
ExplodedGraph &GRBugReporter::getGraph() { return Eng.getGraph(); }
|
2009-04-01 07:00:32 +08:00
|
|
|
|
2011-08-16 06:09:50 +08:00
|
|
|
ProgramStateManager&
|
2009-04-01 07:00:32 +08:00
|
|
|
GRBugReporter::getStateManager() { return Eng.getStateManager(); }
|
|
|
|
|
|
2011-08-19 09:57:09 +08:00
|
|
|
BugReporter::~BugReporter() {
|
|
|
|
|
FlushReports();
|
|
|
|
|
|
|
|
|
|
// Free the bug reports we are tracking.
|
|
|
|
|
typedef std::vector<BugReportEquivClass *> ContTy;
|
|
|
|
|
for (ContTy::iterator I = EQClassesVector.begin(), E = EQClassesVector.end();
|
|
|
|
|
I != E; ++I) {
|
|
|
|
|
delete *I;
|
|
|
|
|
}
|
|
|
|
|
}
|
2009-04-01 07:00:32 +08:00
|
|
|
|
|
|
|
|
void BugReporter::FlushReports() {
|
|
|
|
|
if (BugTypes.isEmpty())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
// First flush the warnings for each BugType. This may end up creating new
|
2011-02-23 08:16:01 +08:00
|
|
|
// warnings and new BugTypes.
|
|
|
|
|
// FIXME: Only NSErrorChecker needs BugType's FlushReports.
|
|
|
|
|
// Turn NSErrorChecker into a proper checker and remove this.
|
2015-02-18 00:48:30 +08:00
|
|
|
SmallVector<const BugType *, 16> bugTypes(BugTypes.begin(), BugTypes.end());
|
2013-07-04 11:08:24 +08:00
|
|
|
for (SmallVectorImpl<const BugType *>::iterator
|
2011-02-23 08:16:01 +08:00
|
|
|
I = bugTypes.begin(), E = bugTypes.end(); I != E; ++I)
|
2009-04-01 07:00:32 +08:00
|
|
|
const_cast<BugType*>(*I)->FlushReports(*this);
|
|
|
|
|
|
2012-08-03 07:41:05 +08:00
|
|
|
// We need to flush reports in deterministic order to ensure the order
|
|
|
|
|
// of the reports is consistent between runs.
|
2012-08-02 08:41:43 +08:00
|
|
|
typedef std::vector<BugReportEquivClass *> ContVecTy;
|
|
|
|
|
for (ContVecTy::iterator EI=EQClassesVector.begin(), EE=EQClassesVector.end();
|
|
|
|
|
EI != EE; ++EI){
|
|
|
|
|
BugReportEquivClass& EQ = **EI;
|
2011-02-23 08:16:01 +08:00
|
|
|
FlushReport(EQ);
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
2011-02-23 08:16:01 +08:00
|
|
|
// BugReporter owns and deletes only BugTypes created implicitly through
|
|
|
|
|
// EmitBasicReport.
|
|
|
|
|
// FIXME: There are leaks from checkers that assume that the BugTypes they
|
|
|
|
|
// create will be destroyed by the BugReporter.
|
2014-02-20 07:44:52 +08:00
|
|
|
llvm::DeleteContainerSeconds(StrBugTypes);
|
2011-02-23 08:16:01 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Remove all references to the BugType objects.
|
2010-11-24 08:54:37 +08:00
|
|
|
BugTypes = F.getEmptySet();
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// PathDiagnostics generation.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
2013-03-16 09:07:58 +08:00
|
|
|
namespace {
|
|
|
|
|
/// A wrapper around a report graph, which contains only a single path, and its
|
|
|
|
|
/// node maps.
|
|
|
|
|
class ReportGraph {
|
|
|
|
|
public:
|
|
|
|
|
InterExplodedGraphMap BackMap;
|
2014-03-08 04:03:18 +08:00
|
|
|
std::unique_ptr<ExplodedGraph> Graph;
|
2013-03-23 05:15:28 +08:00
|
|
|
const ExplodedNode *ErrorNode;
|
2013-03-16 09:07:58 +08:00
|
|
|
size_t Index;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/// A wrapper around a trimmed graph and its node maps.
|
|
|
|
|
class TrimmedGraph {
|
|
|
|
|
InterExplodedGraphMap InverseMap;
|
2013-03-20 08:35:37 +08:00
|
|
|
|
|
|
|
|
typedef llvm::DenseMap<const ExplodedNode *, unsigned> PriorityMapTy;
|
|
|
|
|
PriorityMapTy PriorityMap;
|
|
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
typedef std::pair<const ExplodedNode *, size_t> NodeIndexPair;
|
|
|
|
|
SmallVector<NodeIndexPair, 32> ReportNodes;
|
|
|
|
|
|
2014-03-08 04:03:18 +08:00
|
|
|
std::unique_ptr<ExplodedGraph> G;
|
2013-03-23 05:15:28 +08:00
|
|
|
|
|
|
|
|
/// A helper class for sorting ExplodedNodes by priority.
|
|
|
|
|
template <bool Descending>
|
|
|
|
|
class PriorityCompare {
|
|
|
|
|
const PriorityMapTy &PriorityMap;
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
PriorityCompare(const PriorityMapTy &M) : PriorityMap(M) {}
|
|
|
|
|
|
|
|
|
|
bool operator()(const ExplodedNode *LHS, const ExplodedNode *RHS) const {
|
|
|
|
|
PriorityMapTy::const_iterator LI = PriorityMap.find(LHS);
|
|
|
|
|
PriorityMapTy::const_iterator RI = PriorityMap.find(RHS);
|
|
|
|
|
PriorityMapTy::const_iterator E = PriorityMap.end();
|
|
|
|
|
|
|
|
|
|
if (LI == E)
|
|
|
|
|
return Descending;
|
|
|
|
|
if (RI == E)
|
|
|
|
|
return !Descending;
|
|
|
|
|
|
|
|
|
|
return Descending ? LI->second > RI->second
|
|
|
|
|
: LI->second < RI->second;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool operator()(const NodeIndexPair &LHS, const NodeIndexPair &RHS) const {
|
|
|
|
|
return (*this)(LHS.first, RHS.first);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2013-03-16 09:07:58 +08:00
|
|
|
public:
|
|
|
|
|
TrimmedGraph(const ExplodedGraph *OriginalGraph,
|
2013-03-20 08:35:37 +08:00
|
|
|
ArrayRef<const ExplodedNode *> Nodes);
|
2013-03-16 09:07:58 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
bool popNextReportGraph(ReportGraph &GraphWrapper);
|
2013-03-16 09:07:58 +08:00
|
|
|
};
|
2015-06-23 07:07:51 +08:00
|
|
|
}
|
2013-03-16 09:07:58 +08:00
|
|
|
|
2013-03-20 08:35:37 +08:00
|
|
|
TrimmedGraph::TrimmedGraph(const ExplodedGraph *OriginalGraph,
|
|
|
|
|
ArrayRef<const ExplodedNode *> Nodes) {
|
|
|
|
|
// The trimmed graph is created in the body of the constructor to ensure
|
|
|
|
|
// that the DenseMaps have been initialized already.
|
2013-03-23 05:15:28 +08:00
|
|
|
InterExplodedGraphMap ForwardMap;
|
2014-09-05 08:04:19 +08:00
|
|
|
G = OriginalGraph->trim(Nodes, &ForwardMap, &InverseMap);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Find the (first) error node in the trimmed graph. We just need to consult
|
2013-03-16 09:07:58 +08:00
|
|
|
// the node map which maps from nodes in the original graph to nodes
|
2009-04-01 07:00:32 +08:00
|
|
|
// in the new graph.
|
2013-03-23 05:15:28 +08:00
|
|
|
llvm::SmallPtrSet<const ExplodedNode *, 32> RemainingNodes;
|
2009-04-01 07:00:32 +08:00
|
|
|
|
2013-03-16 09:07:58 +08:00
|
|
|
for (unsigned i = 0, count = Nodes.size(); i < count; ++i) {
|
2013-03-23 05:15:28 +08:00
|
|
|
if (const ExplodedNode *NewNode = ForwardMap.lookup(Nodes[i])) {
|
|
|
|
|
ReportNodes.push_back(std::make_pair(NewNode, i));
|
|
|
|
|
RemainingNodes.insert(NewNode);
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2010-12-03 14:52:30 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
assert(!RemainingNodes.empty() && "No error node found in the trimmed graph");
|
|
|
|
|
|
|
|
|
|
// Perform a forward BFS to find all the shortest paths.
|
|
|
|
|
std::queue<const ExplodedNode *> WS;
|
|
|
|
|
|
|
|
|
|
assert(G->num_roots() == 1);
|
|
|
|
|
WS.push(*G->roots_begin());
|
|
|
|
|
unsigned Priority = 0;
|
2009-04-01 07:00:32 +08:00
|
|
|
|
|
|
|
|
while (!WS.empty()) {
|
2013-03-23 05:15:28 +08:00
|
|
|
const ExplodedNode *Node = WS.front();
|
2009-04-01 07:00:32 +08:00
|
|
|
WS.pop();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-20 08:35:37 +08:00
|
|
|
PriorityMapTy::iterator PriorityEntry;
|
|
|
|
|
bool IsNew;
|
2014-03-02 21:01:17 +08:00
|
|
|
std::tie(PriorityEntry, IsNew) =
|
2013-03-20 08:35:37 +08:00
|
|
|
PriorityMap.insert(std::make_pair(Node, Priority));
|
2013-03-23 05:15:28 +08:00
|
|
|
++Priority;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-20 08:35:37 +08:00
|
|
|
if (!IsNew) {
|
|
|
|
|
assert(PriorityEntry->second <= Priority);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
if (RemainingNodes.erase(Node))
|
|
|
|
|
if (RemainingNodes.empty())
|
|
|
|
|
break;
|
2013-03-19 07:34:37 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
for (ExplodedNode::const_pred_iterator I = Node->succ_begin(),
|
|
|
|
|
E = Node->succ_end();
|
2013-03-20 08:35:37 +08:00
|
|
|
I != E; ++I)
|
2013-03-23 05:15:28 +08:00
|
|
|
WS.push(*I);
|
2013-03-20 06:10:35 +08:00
|
|
|
}
|
2013-03-20 08:35:37 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
// Sort the error paths from longest to shortest.
|
|
|
|
|
std::sort(ReportNodes.begin(), ReportNodes.end(),
|
|
|
|
|
PriorityCompare<true>(PriorityMap));
|
|
|
|
|
}
|
2013-03-20 08:35:37 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
bool TrimmedGraph::popNextReportGraph(ReportGraph &GraphWrapper) {
|
|
|
|
|
if (ReportNodes.empty())
|
|
|
|
|
return false;
|
2013-03-20 08:35:37 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
const ExplodedNode *OrigN;
|
2014-03-02 21:01:17 +08:00
|
|
|
std::tie(OrigN, GraphWrapper.Index) = ReportNodes.pop_back_val();
|
2013-03-23 05:15:28 +08:00
|
|
|
assert(PriorityMap.find(OrigN) != PriorityMap.end() &&
|
|
|
|
|
"error node not accessible from root");
|
2013-03-20 08:35:37 +08:00
|
|
|
|
|
|
|
|
// Create a new graph with a single path. This is the graph
|
|
|
|
|
// that will be returned to the caller.
|
2014-09-05 08:11:25 +08:00
|
|
|
auto GNew = llvm::make_unique<ExplodedGraph>();
|
2013-03-23 05:15:28 +08:00
|
|
|
GraphWrapper.BackMap.clear();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
// Now walk from the error node up the BFS path, always taking the
|
|
|
|
|
// predeccessor with the lowest number.
|
2014-05-27 10:45:47 +08:00
|
|
|
ExplodedNode *Succ = nullptr;
|
2013-03-23 05:15:28 +08:00
|
|
|
while (true) {
|
2009-04-01 07:00:32 +08:00
|
|
|
// Create the equivalent node in the new graph with the same state
|
|
|
|
|
// and location.
|
2016-06-23 23:47:12 +08:00
|
|
|
ExplodedNode *NewN = GNew->createUncachedNode(OrigN->getLocation(), OrigN->getState(),
|
2013-04-06 09:42:02 +08:00
|
|
|
OrigN->isSink());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Store the mapping to the original node.
|
2013-03-23 05:15:28 +08:00
|
|
|
InterExplodedGraphMap::const_iterator IMitr = InverseMap.find(OrigN);
|
2009-04-01 07:00:32 +08:00
|
|
|
assert(IMitr != InverseMap.end() && "No mapping to original node.");
|
2013-03-16 09:07:58 +08:00
|
|
|
GraphWrapper.BackMap[NewN] = IMitr->second;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Link up the new node with the previous node.
|
2013-03-23 05:15:28 +08:00
|
|
|
if (Succ)
|
|
|
|
|
Succ->addPredecessor(NewN, *GNew);
|
|
|
|
|
else
|
|
|
|
|
GraphWrapper.ErrorNode = NewN;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
Succ = NewN;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Are we at the final node?
|
2013-03-23 05:15:28 +08:00
|
|
|
if (OrigN->pred_empty()) {
|
|
|
|
|
GNew->addRoot(NewN);
|
2009-04-01 07:00:32 +08:00
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
// Find the next predeccessor node. We choose the node that is marked
|
2013-03-20 08:35:37 +08:00
|
|
|
// with the lowest BFS number.
|
2013-03-23 05:15:28 +08:00
|
|
|
OrigN = *std::min_element(OrigN->pred_begin(), OrigN->pred_end(),
|
|
|
|
|
PriorityCompare<false>(PriorityMap));
|
2013-03-20 08:35:37 +08:00
|
|
|
}
|
|
|
|
|
|
2014-09-05 08:11:25 +08:00
|
|
|
GraphWrapper.Graph = std::move(GNew);
|
|
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
return true;
|
2013-03-20 08:35:37 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
/// CompactPathDiagnostic - This function postprocesses a PathDiagnostic object
|
|
|
|
|
/// and collapses PathDiagosticPieces that are expanded by macros.
|
2012-03-02 09:27:31 +08:00
|
|
|
static void CompactPathDiagnostic(PathPieces &path, const SourceManager& SM) {
|
2012-02-24 14:00:00 +08:00
|
|
|
typedef std::vector<std::pair<IntrusiveRefCntPtr<PathDiagnosticMacroPiece>,
|
|
|
|
|
SourceLocation> > MacroStackTy;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2012-02-20 22:00:23 +08:00
|
|
|
typedef std::vector<IntrusiveRefCntPtr<PathDiagnosticPiece> >
|
2009-04-01 07:00:32 +08:00
|
|
|
PiecesTy;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
MacroStackTy MacroStack;
|
|
|
|
|
PiecesTy Pieces;
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-04-30 07:12:59 +08:00
|
|
|
for (PathPieces::const_iterator I = path.begin(), E = path.end();
|
2012-02-24 14:00:00 +08:00
|
|
|
I!=E; ++I) {
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2014-07-05 11:08:06 +08:00
|
|
|
PathDiagnosticPiece *piece = I->get();
|
2012-03-02 09:27:31 +08:00
|
|
|
|
|
|
|
|
// Recursively compact calls.
|
|
|
|
|
if (PathDiagnosticCallPiece *call=dyn_cast<PathDiagnosticCallPiece>(piece)){
|
|
|
|
|
CompactPathDiagnostic(call->path, SM);
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Get the location of the PathDiagnosticPiece.
|
2012-03-02 09:27:31 +08:00
|
|
|
const FullSourceLoc Loc = piece->getLocation().asLocation();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Determine the instantiation location, which is the location we group
|
|
|
|
|
// related PathDiagnosticPieces.
|
2009-09-09 23:08:12 +08:00
|
|
|
SourceLocation InstantiationLoc = Loc.isMacroID() ?
|
2011-07-26 00:49:02 +08:00
|
|
|
SM.getExpansionLoc(Loc) :
|
2009-04-01 07:00:32 +08:00
|
|
|
SourceLocation();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (Loc.isFileID()) {
|
|
|
|
|
MacroStack.clear();
|
2012-03-02 09:27:31 +08:00
|
|
|
Pieces.push_back(piece);
|
2009-04-01 07:00:32 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
2008-04-08 07:35:17 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
assert(Loc.isMacroID());
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Is the PathDiagnosticPiece within the same macro group?
|
|
|
|
|
if (!MacroStack.empty() && InstantiationLoc == MacroStack.back().second) {
|
2012-03-02 09:27:31 +08:00
|
|
|
MacroStack.back().first->subPieces.push_back(piece);
|
2009-04-01 07:00:32 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
2009-03-28 05:16:25 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// We aren't in the same group. Are we descending into a new macro
|
|
|
|
|
// or are part of an old one?
|
2012-02-20 22:00:23 +08:00
|
|
|
IntrusiveRefCntPtr<PathDiagnosticMacroPiece> MacroGroup;
|
2009-03-28 05:16:25 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
SourceLocation ParentInstantiationLoc = InstantiationLoc.isMacroID() ?
|
2011-07-26 00:49:02 +08:00
|
|
|
SM.getExpansionLoc(Loc) :
|
2009-04-01 07:00:32 +08:00
|
|
|
SourceLocation();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Walk the entire macro stack.
|
|
|
|
|
while (!MacroStack.empty()) {
|
|
|
|
|
if (InstantiationLoc == MacroStack.back().second) {
|
|
|
|
|
MacroGroup = MacroStack.back().first;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (ParentInstantiationLoc == MacroStack.back().second) {
|
|
|
|
|
MacroGroup = MacroStack.back().first;
|
|
|
|
|
break;
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
MacroStack.pop_back();
|
2008-04-09 08:20:43 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (!MacroGroup || ParentInstantiationLoc == MacroStack.back().second) {
|
|
|
|
|
// Create a new macro group and add it to the stack.
|
2011-09-21 05:38:35 +08:00
|
|
|
PathDiagnosticMacroPiece *NewGroup =
|
|
|
|
|
new PathDiagnosticMacroPiece(
|
2012-03-02 09:27:31 +08:00
|
|
|
PathDiagnosticLocation::createSingleLocation(piece->getLocation()));
|
2008-04-24 07:35:07 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
if (MacroGroup)
|
2012-02-08 12:32:34 +08:00
|
|
|
MacroGroup->subPieces.push_back(NewGroup);
|
2009-04-01 07:00:32 +08:00
|
|
|
else {
|
|
|
|
|
assert(InstantiationLoc.isFileID());
|
|
|
|
|
Pieces.push_back(NewGroup);
|
|
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
MacroGroup = NewGroup;
|
|
|
|
|
MacroStack.push_back(std::make_pair(MacroGroup, InstantiationLoc));
|
2009-04-01 04:22:36 +08:00
|
|
|
}
|
2009-04-01 07:00:32 +08:00
|
|
|
|
|
|
|
|
// Finally, add the PathDiagnosticPiece to the group.
|
2012-03-02 09:27:31 +08:00
|
|
|
MacroGroup->subPieces.push_back(piece);
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-04-01 07:00:32 +08:00
|
|
|
// Now take the pieces and construct a new PathDiagnostic.
|
2012-03-02 09:27:31 +08:00
|
|
|
path.clear();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2015-02-18 00:48:30 +08:00
|
|
|
path.insert(path.end(), Pieces.begin(), Pieces.end());
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
|
|
|
|
|
2012-09-22 09:24:53 +08:00
|
|
|
bool GRBugReporter::generatePathDiagnostic(PathDiagnostic& PD,
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
PathDiagnosticConsumer &PC,
|
|
|
|
|
ArrayRef<BugReport *> &bugReports) {
|
2010-12-03 14:52:30 +08:00
|
|
|
assert(!bugReports.empty());
|
2012-09-22 09:24:53 +08:00
|
|
|
|
2013-03-16 09:07:47 +08:00
|
|
|
bool HasValid = false;
|
2013-03-23 05:15:28 +08:00
|
|
|
bool HasInvalid = false;
|
2013-03-16 05:41:55 +08:00
|
|
|
SmallVector<const ExplodedNode *, 32> errorNodes;
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
for (ArrayRef<BugReport*>::iterator I = bugReports.begin(),
|
2013-03-16 09:07:47 +08:00
|
|
|
E = bugReports.end(); I != E; ++I) {
|
|
|
|
|
if ((*I)->isValid()) {
|
|
|
|
|
HasValid = true;
|
|
|
|
|
errorNodes.push_back((*I)->getErrorNode());
|
|
|
|
|
} else {
|
2013-03-23 05:15:28 +08:00
|
|
|
// Keep the errorNodes list in sync with the bugReports list.
|
|
|
|
|
HasInvalid = true;
|
2014-05-27 10:45:47 +08:00
|
|
|
errorNodes.push_back(nullptr);
|
2013-03-16 09:07:47 +08:00
|
|
|
}
|
2010-12-03 14:52:30 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2013-03-16 09:07:47 +08:00
|
|
|
// If all the reports have been marked invalid by a previous path generation,
|
|
|
|
|
// we're done.
|
|
|
|
|
if (!HasValid)
|
|
|
|
|
return false;
|
|
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
typedef PathDiagnosticConsumer::PathGenerationScheme PathGenerationScheme;
|
|
|
|
|
PathGenerationScheme ActiveScheme = PC.getGenerationScheme();
|
|
|
|
|
|
2013-05-04 02:25:33 +08:00
|
|
|
if (ActiveScheme == PathDiagnosticConsumer::Extensive) {
|
2013-05-17 06:30:45 +08:00
|
|
|
AnalyzerOptions &options = getAnalyzerOptions();
|
2013-06-04 07:00:19 +08:00
|
|
|
if (options.getBooleanOption("path-diagnostics-alternate", true)) {
|
2013-05-04 02:25:33 +08:00
|
|
|
ActiveScheme = PathDiagnosticConsumer::AlternateExtensive;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-16 09:07:58 +08:00
|
|
|
TrimmedGraph TrimG(&getGraph(), errorNodes);
|
2013-03-23 05:15:28 +08:00
|
|
|
ReportGraph ErrorGraph;
|
2013-03-16 09:07:58 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
while (TrimG.popNextReportGraph(ErrorGraph)) {
|
2013-03-16 05:41:55 +08:00
|
|
|
// Find the BugReport with the original location.
|
2013-03-16 09:07:58 +08:00
|
|
|
assert(ErrorGraph.Index < bugReports.size());
|
|
|
|
|
BugReport *R = bugReports[ErrorGraph.Index];
|
2013-03-16 05:41:55 +08:00
|
|
|
assert(R && "No original report found for sliced graph.");
|
|
|
|
|
assert(R->isValid() && "Report selected by trimmed graph marked invalid.");
|
|
|
|
|
|
|
|
|
|
// Start building the path diagnostic...
|
2013-03-16 09:07:58 +08:00
|
|
|
PathDiagnosticBuilder PDB(*this, R, ErrorGraph.BackMap, &PC);
|
|
|
|
|
const ExplodedNode *N = ErrorGraph.ErrorNode;
|
2013-03-16 05:41:55 +08:00
|
|
|
|
|
|
|
|
// Register additional node visitors.
|
2014-09-05 07:54:33 +08:00
|
|
|
R->addVisitor(llvm::make_unique<NilReceiverBRVisitor>());
|
|
|
|
|
R->addVisitor(llvm::make_unique<ConditionBRVisitor>());
|
|
|
|
|
R->addVisitor(llvm::make_unique<LikelyFalsePositiveSuppressionBRVisitor>());
|
2016-07-22 07:42:31 +08:00
|
|
|
R->addVisitor(llvm::make_unique<CXXSelfAssignmentBRVisitor>());
|
2013-03-16 05:41:55 +08:00
|
|
|
|
|
|
|
|
BugReport::VisitorList visitors;
|
|
|
|
|
unsigned origReportConfigToken, finalReportConfigToken;
|
2013-05-03 08:32:44 +08:00
|
|
|
LocationContextMap LCM;
|
2013-03-16 05:41:55 +08:00
|
|
|
|
|
|
|
|
// While generating diagnostics, it's possible the visitors will decide
|
|
|
|
|
// new symbols and regions are interesting, or add other visitors based on
|
|
|
|
|
// the information they find. If they do, we need to regenerate the path
|
|
|
|
|
// based on our new report configuration.
|
|
|
|
|
do {
|
|
|
|
|
// Get a clean copy of all the visitors.
|
|
|
|
|
for (BugReport::visitor_iterator I = R->visitor_begin(),
|
|
|
|
|
E = R->visitor_end(); I != E; ++I)
|
|
|
|
|
visitors.push_back((*I)->clone());
|
|
|
|
|
|
|
|
|
|
// Clear out the active path from any previous work.
|
|
|
|
|
PD.resetPath();
|
|
|
|
|
origReportConfigToken = R->getConfigurationChangeToken();
|
|
|
|
|
|
2015-09-08 11:50:52 +08:00
|
|
|
// Generate the very last diagnostic piece - the piece is visible before
|
2013-03-16 05:41:55 +08:00
|
|
|
// the trace is expanded.
|
2014-04-24 00:54:52 +08:00
|
|
|
std::unique_ptr<PathDiagnosticPiece> LastPiece;
|
2013-03-16 05:41:55 +08:00
|
|
|
for (BugReport::visitor_iterator I = visitors.begin(), E = visitors.end();
|
|
|
|
|
I != E; ++I) {
|
2014-08-30 02:18:43 +08:00
|
|
|
if (std::unique_ptr<PathDiagnosticPiece> Piece =
|
|
|
|
|
(*I)->getEndPath(PDB, N, *R)) {
|
2013-03-16 05:41:55 +08:00
|
|
|
assert (!LastPiece &&
|
|
|
|
|
"There can only be one final piece in a diagnostic.");
|
2014-08-30 02:18:43 +08:00
|
|
|
LastPiece = std::move(Piece);
|
2013-03-16 05:41:55 +08:00
|
|
|
}
|
2012-03-24 11:03:29 +08:00
|
|
|
}
|
2013-01-31 03:12:34 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
if (ActiveScheme != PathDiagnosticConsumer::None) {
|
|
|
|
|
if (!LastPiece)
|
2014-08-30 02:18:43 +08:00
|
|
|
LastPiece = BugReporterVisitor::getDefaultEndPath(PDB, N, *R);
|
2013-03-16 05:41:55 +08:00
|
|
|
assert(LastPiece);
|
2014-08-30 02:18:47 +08:00
|
|
|
PD.setEndOfPath(std::move(LastPiece));
|
2012-09-22 09:24:53 +08:00
|
|
|
}
|
2013-03-16 05:41:55 +08:00
|
|
|
|
2013-05-03 08:32:44 +08:00
|
|
|
// Make sure we get a clean location context map so we don't
|
|
|
|
|
// hold onto old mappings.
|
|
|
|
|
LCM.clear();
|
|
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
switch (ActiveScheme) {
|
2013-05-04 02:25:33 +08:00
|
|
|
case PathDiagnosticConsumer::AlternateExtensive:
|
|
|
|
|
GenerateAlternateExtensivePathDiagnostic(PD, PDB, N, LCM, visitors);
|
|
|
|
|
break;
|
2013-03-16 05:41:55 +08:00
|
|
|
case PathDiagnosticConsumer::Extensive:
|
2013-05-03 08:32:44 +08:00
|
|
|
GenerateExtensivePathDiagnostic(PD, PDB, N, LCM, visitors);
|
2013-03-16 05:41:55 +08:00
|
|
|
break;
|
|
|
|
|
case PathDiagnosticConsumer::Minimal:
|
2013-05-03 08:32:44 +08:00
|
|
|
GenerateMinimalPathDiagnostic(PD, PDB, N, LCM, visitors);
|
2013-03-16 05:41:55 +08:00
|
|
|
break;
|
|
|
|
|
case PathDiagnosticConsumer::None:
|
|
|
|
|
GenerateVisitorsOnlyPathDiagnostic(PD, PDB, N, visitors);
|
|
|
|
|
break;
|
2012-09-22 09:24:56 +08:00
|
|
|
}
|
2012-03-24 11:03:29 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
// Clean up the visitors we used.
|
2014-09-05 07:54:33 +08:00
|
|
|
visitors.clear();
|
2012-03-24 11:03:29 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
// Did anything change while generating this path?
|
|
|
|
|
finalReportConfigToken = R->getConfigurationChangeToken();
|
|
|
|
|
} while (finalReportConfigToken != origReportConfigToken);
|
2012-03-24 11:03:29 +08:00
|
|
|
|
2013-03-23 05:15:28 +08:00
|
|
|
if (!R->isValid())
|
2013-03-16 05:41:55 +08:00
|
|
|
continue;
|
2012-10-26 06:07:10 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
// Finally, prune the diagnostic path of uninteresting stuff.
|
|
|
|
|
if (!PD.path.empty()) {
|
2013-05-17 06:30:45 +08:00
|
|
|
if (R->shouldPrunePath() && getAnalyzerOptions().shouldPrunePaths()) {
|
2013-05-03 08:32:44 +08:00
|
|
|
bool stillHasNotes = removeUnneededCalls(PD.getMutablePieces(), R, LCM);
|
2013-03-16 05:41:55 +08:00
|
|
|
assert(stillHasNotes);
|
|
|
|
|
(void)stillHasNotes;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-07 06:02:58 +08:00
|
|
|
// Redirect all call pieces to have valid locations.
|
2013-03-16 05:41:55 +08:00
|
|
|
adjustCallLocations(PD.getMutablePieces());
|
2013-06-07 06:02:58 +08:00
|
|
|
removePiecesWithInvalidLocations(PD.getMutablePieces());
|
|
|
|
|
|
2013-05-04 09:13:01 +08:00
|
|
|
if (ActiveScheme == PathDiagnosticConsumer::AlternateExtensive) {
|
2013-05-08 09:15:24 +08:00
|
|
|
SourceManager &SM = getSourceManager();
|
|
|
|
|
|
|
|
|
|
// Reduce the number of edges from a very conservative set
|
|
|
|
|
// to an aesthetically pleasing subset that conveys the
|
|
|
|
|
// necessary information.
|
2013-05-04 09:13:22 +08:00
|
|
|
OptimizedCallsSet OCS;
|
2013-05-18 10:26:50 +08:00
|
|
|
while (optimizeEdges(PD.getMutablePieces(), SM, OCS, LCM)) {}
|
2013-05-08 09:15:24 +08:00
|
|
|
|
2013-06-04 06:59:45 +08:00
|
|
|
// Drop the very first function-entry edge. It's not really necessary
|
|
|
|
|
// for top-level functions.
|
|
|
|
|
dropFunctionEntryEdge(PD.getMutablePieces(), LCM, SM);
|
2013-05-04 09:13:01 +08:00
|
|
|
}
|
2013-06-06 08:12:37 +08:00
|
|
|
|
2013-10-17 01:45:35 +08:00
|
|
|
// Remove messages that are basically the same, and edges that may not
|
|
|
|
|
// make sense.
|
2013-06-06 08:12:37 +08:00
|
|
|
// We have to do this after edge optimization in the Extensive mode.
|
|
|
|
|
removeRedundantMsgs(PD.getMutablePieces());
|
2013-10-17 01:45:35 +08:00
|
|
|
removeEdgesToDefaultInitializers(PD.getMutablePieces());
|
2012-10-26 06:07:10 +08:00
|
|
|
}
|
2012-12-08 03:56:29 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
// We found a report and didn't suppress it.
|
|
|
|
|
return true;
|
2012-05-31 14:03:17 +08:00
|
|
|
}
|
2012-09-22 09:24:53 +08:00
|
|
|
|
2013-03-16 05:41:55 +08:00
|
|
|
// We suppressed all the reports in this equivalence class.
|
2013-03-23 05:15:28 +08:00
|
|
|
assert(!HasInvalid && "Inconsistent suppression");
|
|
|
|
|
(void)HasInvalid;
|
2013-03-16 05:41:55 +08:00
|
|
|
return false;
|
2009-04-01 07:00:32 +08:00
|
|
|
}
|
2008-05-23 07:45:19 +08:00
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
void BugReporter::Register(BugType *BT) {
|
2010-11-24 08:54:37 +08:00
|
|
|
BugTypes = F.add(BugTypes, BT);
|
2008-05-17 02:33:14 +08:00
|
|
|
}
|
|
|
|
|
|
2015-06-23 21:15:32 +08:00
|
|
|
void BugReporter::emitReport(std::unique_ptr<BugReport> R) {
|
2013-08-02 06:16:30 +08:00
|
|
|
if (const ExplodedNode *E = R->getErrorNode()) {
|
2015-09-17 06:03:05 +08:00
|
|
|
// An error node must either be a sink or have a tag, otherwise
|
|
|
|
|
// it could get reclaimed before the path diagnostic is created.
|
|
|
|
|
assert((E->isSink() || E->getLocation().getTag()) &&
|
|
|
|
|
"Error node must either be a sink or have a tag");
|
|
|
|
|
|
Add support for the static analyzer to synthesize function implementations from external model files.
Currently the analyzer lazily models some functions using 'BodyFarm',
which constructs a fake function implementation that the analyzer
can simulate that approximates the semantics of the function when
it is called. BodyFarm does this by constructing the AST for
such definitions on-the-fly. One strength of BodyFarm
is that all symbols and types referenced by synthesized function
bodies are contextual adapted to the containing translation unit.
The downside is that these ASTs are hardcoded in Clang's own
source code.
A more scalable model is to allow these models to be defined as source
code in separate "model" files and have the analyzer use those
definitions lazily when a function body is needed. Among other things,
it will allow more customization of the analyzer for specific APIs
and platforms.
This patch provides the initial infrastructure for this feature.
It extends BodyFarm to use an abstract API 'CodeInjector' that can be
used to synthesize function bodies. That 'CodeInjector' is
implemented using a new 'ModelInjector' in libFrontend, which lazily
parses a model file and injects the ASTs into the current translation
unit.
Models are currently found by specifying a 'model-path' as an
analyzer option; if no path is specified the CodeInjector is not
used, thus defaulting to the current behavior in the analyzer.
Models currently contain a single function definition, and can
be found by finding the file <function name>.model. This is an
initial starting point for something more rich, but it bootstraps
this feature for future evolution.
This patch was contributed by Gábor Horváth as part of his
Google Summer of Code project.
Some notes:
- This introduces the notion of a "model file" into
FrontendAction and the Preprocessor. This nomenclature
is specific to the static analyzer, but possibly could be
generalized. Essentially these are sources pulled in
exogenously from the principal translation.
Preprocessor gets a 'InitializeForModelFile' and
'FinalizeForModelFile' which could possibly be hoisted out
of Preprocessor if Preprocessor exposed a new API to
change the PragmaHandlers and some other internal pieces. This
can be revisited.
FrontendAction gets a 'isModelParsingAction()' predicate function
used to allow a new FrontendAction to recycle the Preprocessor
and ASTContext. This name could probably be made something
more general (i.e., not tied to 'model files') at the expense
of losing the intent of why it exists. This can be revisited.
- This is a moderate sized patch; it has gone through some amount of
offline code review. Most of the changes to the non-analyzer
parts are fairly small, and would make little sense without
the analyzer changes.
- Most of the analyzer changes are plumbing, with the interesting
behavior being introduced by ModelInjector.cpp and
ModelConsumer.cpp.
- The new functionality introduced by this change is off-by-default.
It requires an analyzer config option to enable.
llvm-svn: 216550
2014-08-27 23:14:15 +08:00
|
|
|
const AnalysisDeclContext *DeclCtx =
|
|
|
|
|
E->getLocationContext()->getAnalysisDeclContext();
|
|
|
|
|
// The source of autosynthesized body can be handcrafted AST or a model
|
|
|
|
|
// file. The locations from handcrafted ASTs have no valid source locations
|
|
|
|
|
// and have to be discarded. Locations from model files should be preserved
|
|
|
|
|
// for processing and reporting.
|
|
|
|
|
if (DeclCtx->isBodyAutosynthesized() &&
|
|
|
|
|
!DeclCtx->isBodyAutosynthesizedFromModelFile())
|
2013-08-02 06:16:30 +08:00
|
|
|
return;
|
|
|
|
|
}
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2013-08-02 06:16:30 +08:00
|
|
|
bool ValidSourceLoc = R->getLocation(getSourceManager()).isValid();
|
|
|
|
|
assert(ValidSourceLoc);
|
|
|
|
|
// If we mess up in a release build, we'd still prefer to just drop the bug
|
|
|
|
|
// instead of trying to go on.
|
|
|
|
|
if (!ValidSourceLoc)
|
|
|
|
|
return;
|
|
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
// Compute the bug report's hash to determine its equivalence class.
|
|
|
|
|
llvm::FoldingSetNodeID ID;
|
|
|
|
|
R->Profile(ID);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
|
|
|
|
// Lookup the equivance class. If there isn't one, create it.
|
2009-02-05 07:49:09 +08:00
|
|
|
BugType& BT = R->getBugType();
|
|
|
|
|
Register(&BT);
|
|
|
|
|
void *InsertPos;
|
2011-02-23 08:16:01 +08:00
|
|
|
BugReportEquivClass* EQ = EQClasses.FindNodeOrInsertPos(ID, InsertPos);
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
if (!EQ) {
|
2015-06-23 21:15:32 +08:00
|
|
|
EQ = new BugReportEquivClass(std::move(R));
|
2011-02-23 08:16:01 +08:00
|
|
|
EQClasses.InsertNode(EQ, InsertPos);
|
2011-08-19 09:57:09 +08:00
|
|
|
EQClassesVector.push_back(EQ);
|
2014-08-30 03:57:52 +08:00
|
|
|
} else
|
2015-06-23 21:15:32 +08:00
|
|
|
EQ->AddReport(std::move(R));
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
|
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
// Emitting reports in equivalence classes.
|
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
|
|
namespace {
|
2009-11-28 14:07:30 +08:00
|
|
|
struct FRIEC_WLItem {
|
2009-09-15 06:01:32 +08:00
|
|
|
const ExplodedNode *N;
|
|
|
|
|
ExplodedNode::const_succ_iterator I, E;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
FRIEC_WLItem(const ExplodedNode *n)
|
|
|
|
|
: N(n), I(N->succ_begin()), E(N->succ_end()) {}
|
2015-09-08 11:50:52 +08:00
|
|
|
};
|
2009-09-15 06:01:32 +08:00
|
|
|
}
|
|
|
|
|
|
2010-09-10 03:05:34 +08:00
|
|
|
static BugReport *
|
|
|
|
|
FindReportInEquivalenceClass(BugReportEquivClass& EQ,
|
2011-07-23 18:55:15 +08:00
|
|
|
SmallVectorImpl<BugReport*> &bugReports) {
|
2010-09-10 03:05:34 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
BugReportEquivClass::iterator I = EQ.begin(), E = EQ.end();
|
|
|
|
|
assert(I != E);
|
2012-04-02 03:30:51 +08:00
|
|
|
BugType& BT = I->getBugType();
|
2010-09-10 03:05:34 +08:00
|
|
|
|
2010-12-03 14:52:30 +08:00
|
|
|
// If we don't need to suppress any of the nodes because they are
|
|
|
|
|
// post-dominated by a sink, simply add all the nodes in the equivalence class
|
|
|
|
|
// to 'Nodes'. Any of the reports will serve as a "representative" report.
|
2010-09-10 03:05:34 +08:00
|
|
|
if (!BT.isSuppressOnSink()) {
|
2015-11-07 07:04:58 +08:00
|
|
|
BugReport *R = &*I;
|
2010-09-10 03:05:34 +08:00
|
|
|
for (BugReportEquivClass::iterator I=EQ.begin(), E=EQ.end(); I!=E; ++I) {
|
2011-08-13 07:37:29 +08:00
|
|
|
const ExplodedNode *N = I->getErrorNode();
|
2010-09-10 03:05:34 +08:00
|
|
|
if (N) {
|
2015-11-07 07:04:58 +08:00
|
|
|
R = &*I;
|
2010-12-03 14:52:30 +08:00
|
|
|
bugReports.push_back(R);
|
2010-09-10 03:05:34 +08:00
|
|
|
}
|
|
|
|
|
}
|
2009-09-15 06:01:32 +08:00
|
|
|
return R;
|
2010-09-10 03:05:34 +08:00
|
|
|
}
|
|
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
// For bug reports that should be suppressed when all paths are post-dominated
|
|
|
|
|
// by a sink node, iterate through the reports in the equivalence class
|
|
|
|
|
// until we find one that isn't post-dominated (if one exists). We use a
|
|
|
|
|
// DFS traversal of the ExplodedGraph to find a non-sink node. We could write
|
|
|
|
|
// this as a recursive function, but we don't want to risk blowing out the
|
|
|
|
|
// stack for very long paths.
|
2014-05-27 10:45:47 +08:00
|
|
|
BugReport *exampleReport = nullptr;
|
2010-09-10 03:05:34 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
for (; I != E; ++I) {
|
2012-04-02 03:30:51 +08:00
|
|
|
const ExplodedNode *errorNode = I->getErrorNode();
|
2009-09-15 06:01:32 +08:00
|
|
|
|
2010-12-03 14:52:30 +08:00
|
|
|
if (!errorNode)
|
2009-09-15 06:01:32 +08:00
|
|
|
continue;
|
2010-12-03 14:52:30 +08:00
|
|
|
if (errorNode->isSink()) {
|
2011-09-23 13:06:16 +08:00
|
|
|
llvm_unreachable(
|
2009-09-15 06:01:32 +08:00
|
|
|
"BugType::isSuppressSink() should not be 'true' for sink end nodes");
|
|
|
|
|
}
|
2010-09-10 03:05:34 +08:00
|
|
|
// No successors? By definition this nodes isn't post-dominated by a sink.
|
2010-12-03 14:52:30 +08:00
|
|
|
if (errorNode->succ_empty()) {
|
2015-11-07 07:04:58 +08:00
|
|
|
bugReports.push_back(&*I);
|
2010-12-03 14:52:30 +08:00
|
|
|
if (!exampleReport)
|
2015-11-07 07:04:58 +08:00
|
|
|
exampleReport = &*I;
|
2010-09-10 03:05:34 +08:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
// At this point we know that 'N' is not a sink and it has at least one
|
2015-09-08 11:50:52 +08:00
|
|
|
// successor. Use a DFS worklist to find a non-sink end-of-path node.
|
2009-09-15 06:01:32 +08:00
|
|
|
typedef FRIEC_WLItem WLItem;
|
2011-07-23 18:55:15 +08:00
|
|
|
typedef SmallVector<WLItem, 10> DFSWorkList;
|
2009-09-15 06:01:32 +08:00
|
|
|
llvm::DenseMap<const ExplodedNode *, unsigned> Visited;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
DFSWorkList WL;
|
2010-12-03 14:52:30 +08:00
|
|
|
WL.push_back(errorNode);
|
|
|
|
|
Visited[errorNode] = 1;
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
while (!WL.empty()) {
|
|
|
|
|
WLItem &WI = WL.back();
|
|
|
|
|
assert(!WI.N->succ_empty());
|
2015-09-08 11:50:52 +08:00
|
|
|
|
2009-09-15 06:01:32 +08:00
|
|
|
for (; WI.I != WI.E; ++WI.I) {
|
2015-09-08 11:50:52 +08:00
|
|
|
const ExplodedNode *Succ = *WI.I;
|
2009-09-15 06:01:32 +08:00
|
|
|
// End-of-path node?
|
|
|
|
|
if (Succ->succ_empty()) {
|
2010-09-10 03:05:34 +08:00
|
|
|
// If we found an end-of-path node that is not a sink.
|
|
|
|
|
if (!Succ->isSink()) {
|
2015-11-07 07:04:58 +08:00
|
|
|
bugReports.push_back(&*I);
|
2010-12-03 14:52:30 +08:00
|
|
|
if (!exampleReport)
|
2015-11-07 07:04:58 +08:00
|
|
|
exampleReport = &*I;
|
2010-09-10 03:05:34 +08:00
|
|
|
WL.clear();
|
|
|
|
|
break;
|
|
|
|
|
}
|
2009-09-15 06:01:32 +08:00
|
|
|
// Found a sink? Continue on to the next successor.
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// Mark the successor as visited. If it hasn't been explored,
|
|
|
|
|
// enqueue it to the DFS worklist.
|
|
|
|
|
unsigned &mark = Visited[Succ];
|
|
|
|
|
if (!mark) {
|
|
|
|
|
mark = 1;
|
|
|
|
|
WL.push_back(Succ);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-09-10 03:05:34 +08:00
|
|
|
|
|
|
|
|
// The worklist may have been cleared at this point. First
|
|
|
|
|
// check if it is empty before checking the last item.
|
|
|
|
|
if (!WL.empty() && &WL.back() == &WI)
|
2009-09-15 06:01:32 +08:00
|
|
|
WL.pop_back();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-09-10 03:05:34 +08:00
|
|
|
// ExampleReport will be NULL if all the nodes in the equivalence class
|
|
|
|
|
// were post-dominated by sinks.
|
2010-12-03 14:52:30 +08:00
|
|
|
return exampleReport;
|
2010-09-10 03:05:34 +08:00
|
|
|
}
|
2009-09-19 06:37:37 +08:00
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
void BugReporter::FlushReport(BugReportEquivClass& EQ) {
|
2011-07-23 18:55:15 +08:00
|
|
|
SmallVector<BugReport*, 10> bugReports;
|
2010-12-03 14:52:30 +08:00
|
|
|
BugReport *exampleReport = FindReportInEquivalenceClass(EQ, bugReports);
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
if (exampleReport) {
|
2014-03-11 01:55:02 +08:00
|
|
|
for (PathDiagnosticConsumer *PDC : getPathDiagnosticConsumers()) {
|
|
|
|
|
FlushReport(exampleReport, *PDC, bugReports);
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void BugReporter::FlushReport(BugReport *exampleReport,
|
|
|
|
|
PathDiagnosticConsumer &PD,
|
|
|
|
|
ArrayRef<BugReport*> bugReports) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2009-02-05 07:49:09 +08:00
|
|
|
// FIXME: Make sure we use the 'R' for the path that was actually used.
|
2009-09-09 23:08:12 +08:00
|
|
|
// Probably doesn't make a difference in practice.
|
2010-12-03 14:52:30 +08:00
|
|
|
BugType& BT = exampleReport->getBugType();
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2014-03-08 04:03:18 +08:00
|
|
|
std::unique_ptr<PathDiagnostic> D(new PathDiagnostic(
|
|
|
|
|
exampleReport->getBugType().getCheckName(),
|
|
|
|
|
exampleReport->getDeclWithIssue(), exampleReport->getBugType().getName(),
|
|
|
|
|
exampleReport->getDescription(),
|
|
|
|
|
exampleReport->getShortDescription(/*Fallback=*/false), BT.getCategory(),
|
|
|
|
|
exampleReport->getUniqueingLocation(),
|
|
|
|
|
exampleReport->getUniqueingDecl()));
|
2009-04-30 05:58:13 +08:00
|
|
|
|
2013-03-16 05:41:53 +08:00
|
|
|
MaxBugClassSize = std::max(bugReports.size(),
|
|
|
|
|
static_cast<size_t>(MaxBugClassSize));
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
// Generate the full path diagnostic, using the generation scheme
|
2012-09-22 09:24:56 +08:00
|
|
|
// specified by the PathDiagnosticConsumer. Note that we have to generate
|
|
|
|
|
// path diagnostics even for consumers which do not support paths, because
|
|
|
|
|
// the BugReporterVisitors may mark this bug as a false positive.
|
|
|
|
|
if (!bugReports.empty())
|
|
|
|
|
if (!generatePathDiagnostic(*D.get(), PD, bugReports))
|
|
|
|
|
return;
|
2009-01-24 08:55:43 +08:00
|
|
|
|
2013-03-16 05:41:53 +08:00
|
|
|
MaxValidBugClassSize = std::max(bugReports.size(),
|
|
|
|
|
static_cast<size_t>(MaxValidBugClassSize));
|
|
|
|
|
|
2013-05-17 06:30:45 +08:00
|
|
|
// Examine the report and see if the last piece is in a header. Reset the
|
|
|
|
|
// report location to the last piece in the main source file.
|
|
|
|
|
AnalyzerOptions& Opts = getAnalyzerOptions();
|
|
|
|
|
if (Opts.shouldReportIssuesInMainSourceFile() && !Opts.AnalyzeAll)
|
|
|
|
|
D->resetDiagnosticLocationToMainFile();
|
|
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
// If the path is empty, generate a single step path with the location
|
|
|
|
|
// of the issue.
|
2012-02-08 12:32:34 +08:00
|
|
|
if (D->path.empty()) {
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
PathDiagnosticLocation L = exampleReport->getLocation(getSourceManager());
|
2014-08-30 02:18:47 +08:00
|
|
|
auto piece = llvm::make_unique<PathDiagnosticEventPiece>(
|
|
|
|
|
L, exampleReport->getDescription());
|
2015-10-04 12:53:55 +08:00
|
|
|
for (SourceRange Range : exampleReport->getRanges())
|
2015-02-07 01:25:10 +08:00
|
|
|
piece->addRange(Range);
|
2014-08-30 02:18:47 +08:00
|
|
|
D->setEndOfPath(std::move(piece));
|
2009-01-24 08:55:43 +08:00
|
|
|
}
|
2009-09-09 23:08:12 +08:00
|
|
|
|
Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the same time.
This fixes several issues:
- removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer,
but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer
was used by itself.
- emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special
case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings,
as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation
unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine).
As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped,
just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now
the tests have higher fidelity with what users will see.
There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph)
once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the
logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue)
for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular
consumer expects.
llvm-svn: 162028
2012-08-17 01:45:23 +08:00
|
|
|
// Get the meta data.
|
|
|
|
|
const BugReport::ExtraTextList &Meta = exampleReport->getExtraText();
|
|
|
|
|
for (BugReport::ExtraTextList::const_iterator i = Meta.begin(),
|
|
|
|
|
e = Meta.end(); i != e; ++i) {
|
|
|
|
|
D->addMeta(*i);
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-30 04:06:10 +08:00
|
|
|
PD.HandlePathDiagnostic(std::move(D));
|
2008-04-03 12:42:52 +08:00
|
|
|
}
|
2008-07-15 01:40:50 +08:00
|
|
|
|
2012-04-05 02:11:35 +08:00
|
|
|
void BugReporter::EmitBasicReport(const Decl *DeclWithIssue,
|
2014-02-12 05:49:21 +08:00
|
|
|
const CheckerBase *Checker,
|
|
|
|
|
StringRef Name, StringRef Category,
|
|
|
|
|
StringRef Str, PathDiagnosticLocation Loc,
|
|
|
|
|
ArrayRef<SourceRange> Ranges) {
|
|
|
|
|
EmitBasicReport(DeclWithIssue, Checker->getCheckName(), Name, Category, Str,
|
|
|
|
|
Loc, Ranges);
|
|
|
|
|
}
|
|
|
|
|
void BugReporter::EmitBasicReport(const Decl *DeclWithIssue,
|
|
|
|
|
CheckName CheckName,
|
|
|
|
|
StringRef name, StringRef category,
|
2011-09-21 05:38:35 +08:00
|
|
|
StringRef str, PathDiagnosticLocation Loc,
|
2013-10-08 01:16:59 +08:00
|
|
|
ArrayRef<SourceRange> Ranges) {
|
2009-09-09 23:08:12 +08:00
|
|
|
|
2011-02-23 08:16:01 +08:00
|
|
|
// 'BT' is owned by BugReporter.
|
2014-02-12 05:49:21 +08:00
|
|
|
BugType *BT = getBugTypeForName(CheckName, name, category);
|
2015-06-23 21:15:32 +08:00
|
|
|
auto R = llvm::make_unique<BugReport>(*BT, str, Loc);
|
2012-04-05 02:11:35 +08:00
|
|
|
R->setDeclWithIssue(DeclWithIssue);
|
2013-10-08 01:16:59 +08:00
|
|
|
for (ArrayRef<SourceRange>::iterator I = Ranges.begin(), E = Ranges.end();
|
|
|
|
|
I != E; ++I)
|
|
|
|
|
R->addRange(*I);
|
2015-06-23 21:15:32 +08:00
|
|
|
emitReport(std::move(R));
|
2009-01-24 04:28:53 +08:00
|
|
|
}
|
2011-02-23 08:16:01 +08:00
|
|
|
|
2014-02-12 05:49:21 +08:00
|
|
|
BugType *BugReporter::getBugTypeForName(CheckName CheckName, StringRef name,
|
2011-07-23 18:55:15 +08:00
|
|
|
StringRef category) {
|
2012-02-05 10:13:05 +08:00
|
|
|
SmallString<136> fullDesc;
|
2014-02-12 05:49:21 +08:00
|
|
|
llvm::raw_svector_ostream(fullDesc) << CheckName.getName() << ":" << name
|
|
|
|
|
<< ":" << category;
|
2014-11-19 11:06:06 +08:00
|
|
|
BugType *&BT = StrBugTypes[fullDesc];
|
|
|
|
|
if (!BT)
|
2014-02-12 05:49:21 +08:00
|
|
|
BT = new BugType(CheckName, name, category);
|
2011-02-23 08:16:01 +08:00
|
|
|
return BT;
|
|
|
|
|
}
|
2013-06-06 09:57:19 +08:00
|
|
|
|
2014-01-04 21:47:14 +08:00
|
|
|
LLVM_DUMP_METHOD void PathPieces::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
unsigned index = 0;
|
|
|
|
|
for (PathPieces::const_iterator I = begin(), E = end(); I != E; ++I) {
|
|
|
|
|
llvm::errs() << "[" << index++ << "] ";
|
|
|
|
|
(*I)->dump();
|
|
|
|
|
llvm::errs() << "\n";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-30 03:38:18 +08:00
|
|
|
LLVM_DUMP_METHOD void PathDiagnosticCallPiece::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
llvm::errs() << "CALL\n--------------\n";
|
|
|
|
|
|
|
|
|
|
if (const Stmt *SLoc = getLocStmt(getLocation()))
|
|
|
|
|
SLoc->dump();
|
|
|
|
|
else if (const NamedDecl *ND = dyn_cast<NamedDecl>(getCallee()))
|
|
|
|
|
llvm::errs() << *ND << "\n";
|
|
|
|
|
else
|
|
|
|
|
getLocation().dump();
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-30 03:38:18 +08:00
|
|
|
LLVM_DUMP_METHOD void PathDiagnosticEventPiece::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
llvm::errs() << "EVENT\n--------------\n";
|
|
|
|
|
llvm::errs() << getString() << "\n";
|
|
|
|
|
llvm::errs() << " ---- at ----\n";
|
|
|
|
|
getLocation().dump();
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-30 03:38:18 +08:00
|
|
|
LLVM_DUMP_METHOD void PathDiagnosticControlFlowPiece::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
llvm::errs() << "CONTROL\n--------------\n";
|
|
|
|
|
getStartLocation().dump();
|
|
|
|
|
llvm::errs() << " ---- to ----\n";
|
|
|
|
|
getEndLocation().dump();
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-30 03:38:18 +08:00
|
|
|
LLVM_DUMP_METHOD void PathDiagnosticMacroPiece::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
llvm::errs() << "MACRO\n--------------\n";
|
|
|
|
|
// FIXME: Print which macro is being invoked.
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-30 03:38:18 +08:00
|
|
|
LLVM_DUMP_METHOD void PathDiagnosticLocation::dump() const {
|
2013-06-06 09:57:19 +08:00
|
|
|
if (!isValid()) {
|
|
|
|
|
llvm::errs() << "<INVALID>\n";
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (K) {
|
|
|
|
|
case RangeK:
|
|
|
|
|
// FIXME: actually print the range.
|
|
|
|
|
llvm::errs() << "<range>\n";
|
|
|
|
|
break;
|
|
|
|
|
case SingleLocK:
|
|
|
|
|
asLocation().dump();
|
|
|
|
|
llvm::errs() << "\n";
|
|
|
|
|
break;
|
|
|
|
|
case StmtK:
|
|
|
|
|
if (S)
|
|
|
|
|
S->dump();
|
|
|
|
|
else
|
|
|
|
|
llvm::errs() << "<NULL STMT>\n";
|
|
|
|
|
break;
|
|
|
|
|
case DeclK:
|
|
|
|
|
if (const NamedDecl *ND = dyn_cast_or_null<NamedDecl>(D))
|
|
|
|
|
llvm::errs() << *ND << "\n";
|
|
|
|
|
else if (isa<BlockDecl>(D))
|
|
|
|
|
// FIXME: Make this nicer.
|
|
|
|
|
llvm::errs() << "<block>\n";
|
|
|
|
|
else if (D)
|
|
|
|
|
llvm::errs() << "<unknown decl>\n";
|
|
|
|
|
else
|
|
|
|
|
llvm::errs() << "<NULL DECL>\n";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|