maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[analyzer] Always include destructors in the analysis CFG. 

While destructors will continue to not be inlined (unless the analyzer
config option 'c++-inlining' is set to 'destructors'), leaving them out
of the CFG is an incomplete model of the behavior of an object, and
can cause false positive warnings (like PR13751, now working).

Destructors for temporaries are still not on by default, since
(a) we haven't actually checked this code to be sure it's fully correct
    (in particular, we probably need to be very careful with regard to
    lifetime-extension when a temporary is bound to a reference,
    C++11 [class.temporary]p5), and
(b) ExprEngine doesn't actually do anything when it sees a temporary
    destructor in the CFG -- not even invalidate the object region.

To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer
config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which
controlled all implicit destructors, has been removed.

llvm-svn: 163264
This commit is contained in:
Jordan Rose 2012-09-05 22:55:23 +00:00
parent e53314f7e3
commit 6d671cc34a
14 changed files with 60 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
clang/include/clang/Analysis/AnalysisContext.h
View File

@ -382,8 +382,9 @@ class AnalysisDeclContextManager {
public:
AnalysisDeclContextManager(bool useUnoptimizedCFG = false,
bool addImplicitDtors = false,
bool addInitializers = false);
bool addImplicitDtors = false,
bool addInitializers = false,
bool addTemporaryDtors = false);
~AnalysisDeclContextManager();

4
clang/include/clang/Analysis/CFG.h
View File

@ -568,6 +568,7 @@ public:
bool AddEHEdges;
bool AddInitializers;
bool AddImplicitDtors;
bool AddTemporaryDtors;
bool alwaysAdd(const Stmt *stmt) const {
return alwaysAddMask[stmt->getStmtClass()];
@ -587,7 +588,8 @@ public:
: forcedBlkExprs(0), PruneTriviallyFalseEdges(true)
,AddEHEdges(false)
,AddInitializers(false)
,AddImplicitDtors(false) {}
,AddImplicitDtors(false)
,AddTemporaryDtors(false) {}
};
/// \brief Provides a custom implementation of the iterator class to have the

2
clang/include/clang/Driver/CC1Options.td
View File

@ -37,8 +37,6 @@ def triple_EQ : Joined<"-triple=">, Alias<triple>;
def analysis_UnoptimizedCFG : Flag<"-unoptimized-cfg">,
HelpText<"Generate unoptimized CFGs for all analyses">;
def analysis_CFGAddImplicitDtors : Flag<"-cfg-add-implicit-dtors">,
HelpText<"Add C++ implicit destructors to CFGs for all analyses">;
def analyzer_store : Separate<"-analyzer-store">,
HelpText<"Source Code Analysis - Abstract Memory Store Models">;

11
clang/include/clang/StaticAnalyzer/Core/AnalyzerOptions.h
View File

@ -147,7 +147,6 @@ public:
unsigned visualizeExplodedGraphWithGraphViz : 1;
unsigned visualizeExplodedGraphWithUbiGraph : 1;
unsigned UnoptimizedCFG : 1;
unsigned CFGAddImplicitDtors : 1;
unsigned eagerlyTrimExplodedGraph : 1;
unsigned PrintStats : 1;
@ -172,9 +171,18 @@ public:
/// Returns the option controlling which C++ member functions will be
/// considered for inlining.
///
/// This is controlled by the 'c++-inlining' config option.
///
/// \sa CXXMemberInliningMode
bool mayInlineCXXMemberFunction(CXXInlineableMemberKind K) const;
/// Returns whether or not the destructors for C++ temporary objects should
/// be included in the CFG.
///
/// This is controlled by the 'cfg-temporary-dtors' config option. Any
/// non-empty value is considered to be 'true'.
bool includeTemporaryDtorsInCFG() const;
public:
AnalyzerOptions() : CXXMemberInliningMode() {
AnalysisStoreOpt = RegionStoreModel;
@ -191,7 +199,6 @@ public:
visualizeExplodedGraphWithGraphViz = 0;
visualizeExplodedGraphWithUbiGraph = 0;
UnoptimizedCFG = 0;
CFGAddImplicitDtors = 0;
eagerlyTrimExplodedGraph = 0;
PrintStats = 0;
NoRetryExhausted = 0;

6
clang/lib/Analysis/AnalysisDeclContext.cpp
View File

@ -62,11 +62,13 @@ AnalysisDeclContext::AnalysisDeclContext(AnalysisDeclContextManager *Mgr,
}
AnalysisDeclContextManager::AnalysisDeclContextManager(bool useUnoptimizedCFG,
bool addImplicitDtors,
bool addInitializers) {
bool addImplicitDtors,
bool addInitializers,
bool addTemporaryDtors) {
cfgBuildOptions.PruneTriviallyFalseEdges = !useUnoptimizedCFG;
cfgBuildOptions.AddImplicitDtors = addImplicitDtors;
cfgBuildOptions.AddInitializers = addInitializers;
cfgBuildOptions.AddTemporaryDtors = addTemporaryDtors;
}
void AnalysisDeclContextManager::clear() {

8
clang/lib/Analysis/CFG.cpp
View File

@ -706,7 +706,7 @@ CFGBlock *CFGBuilder::addInitializer(CXXCtorInitializer *I) {
IsReference = FD->getType()->isReferenceType();
HasTemporaries = isa<ExprWithCleanups>(Init);
if (BuildOpts.AddImplicitDtors && HasTemporaries) {
if (BuildOpts.AddTemporaryDtors && HasTemporaries) {
// Generate destructors for temporaries in initialization expression.
VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
IsReference);
@ -1617,7 +1617,7 @@ CFGBlock *CFGBuilder::VisitDeclSubExpr(DeclStmt *DS) {
IsReference = VD->getType()->isReferenceType();
HasTemporaries = isa<ExprWithCleanups>(Init);
if (BuildOpts.AddImplicitDtors && HasTemporaries) {
if (BuildOpts.AddTemporaryDtors && HasTemporaries) {
// Generate destructors for temporaries in initialization expression.
VisitForTemporaryDtors(cast<ExprWithCleanups>(Init)->getSubExpr(),
IsReference);
@ -2972,7 +2972,7 @@ CFGBlock *CFGBuilder::VisitCXXForRangeStmt(CXXForRangeStmt *S) {
CFGBlock *CFGBuilder::VisitExprWithCleanups(ExprWithCleanups *E,
AddStmtChoice asc) {
if (BuildOpts.AddImplicitDtors) {
if (BuildOpts.AddTemporaryDtors) {
// If adding implicit destructors visit the full expression for adding
// destructors of temporaries.
VisitForTemporaryDtors(E->getSubExpr());
@ -3052,6 +3052,8 @@ CFGBlock *CFGBuilder::VisitIndirectGotoStmt(IndirectGotoStmt *I) {
}
CFGBlock *CFGBuilder::VisitForTemporaryDtors(Stmt *E, bool BindToTemporary) {
assert(BuildOpts.AddImplicitDtors && BuildOpts.AddTemporaryDtors);
tryAgain:
if (!E) {
badCFG = true;

1
clang/lib/Frontend/CompilerInvocation.cpp
View File

@ -1130,7 +1130,6 @@ static bool ParseAnalyzerArgs(AnalyzerOptions &Opts, ArgList &Args,
Opts.eagerlyAssumeBinOpBifurcation = Args.hasArg(OPT_analyzer_eagerly_assume);
Opts.AnalyzeSpecificFunction = Args.getLastArgValue(OPT_analyze_function);
Opts.UnoptimizedCFG = Args.hasArg(OPT_analysis_UnoptimizedCFG);
Opts.CFGAddImplicitDtors = Args.hasArg(OPT_analysis_CFGAddImplicitDtors);
Opts.TrimGraph = Args.hasArg(OPT_trim_egraph);
Opts.MaxNodes = Args.getLastArgIntValue(OPT_analyzer_max_nodes, 150000,Diags);
Opts.maxBlockVisitOnPath = Args.getLastArgIntValue(OPT_analyzer_max_loop, 4, Diags);

5
clang/lib/StaticAnalyzer/Core/AnalysisManager.cpp
View File

@ -22,8 +22,9 @@ AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
CheckerManager *checkerMgr,
const AnalyzerOptions &Options)
: AnaCtxMgr(Options.UnoptimizedCFG,
Options.CFGAddImplicitDtors,
/*addInitializers=*/true),
/*AddImplicitDtors=*/true,
/*AddInitializers=*/true,
Options.includeTemporaryDtorsInCFG()),
Ctx(ctx),
Diags(diags),
LangOpts(lang),

4
clang/lib/StaticAnalyzer/Core/AnalyzerOptions.cpp
View File

@ -46,3 +46,7 @@ AnalyzerOptions::mayInlineCXXMemberFunction(CXXInlineableMemberKind K) const {
return CXXMemberInliningMode >= K;
}
bool AnalyzerOptions::includeTemporaryDtorsInCFG() const {
return !Config.lookup("cfg-temporary-dtors").empty();
}

2
clang/test/Analysis/auto-obj-dtors-cfg-output.cpp
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.DumpCFG -cfg-add-implicit-dtors %s > %t 2>&1
// RUN: %clang_cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.DumpCFG %s > %t 2>&1
// RUN: FileCheck --input-file=%t %s
// XPASS: *

2
clang/test/Analysis/dtor.cpp
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-ipa=inlining -analyzer-config c++-inlining=destructors -cfg-add-implicit-dtors -Wno-null-dereference -verify %s
// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.Malloc,debug.ExprInspection -analyzer-ipa=inlining -analyzer-config c++-inlining=destructors -Wno-null-dereference -verify %s
void clang_analyzer_eval(bool);
void clang_analyzer_checkInlined(bool);

2
clang/test/Analysis/dtors-in-dtor-cfg-output.cpp
View File

@ -1,4 +1,4 @@
// RUN: %clang_cc1 -analyze -analyzer-checker=debug.DumpCFG -cfg-add-implicit-dtors %s 2>&1 | FileCheck %s
// RUN: %clang_cc1 -analyze -analyzer-checker=debug.DumpCFG %s 2>&1 | FileCheck %s
// XPASS: *
class A {

25
clang/test/Analysis/malloc.cpp
View File

@ -6,6 +6,11 @@ void free(void *);
void *realloc(void *ptr, size_t size);
void *calloc(size_t nmemb, size_t size);
void checkThatMallocCheckerIsRunning() {
malloc(4); // expected-warning{{leak}}
}
// Test for radar://11110132.
struct Foo {
mutable void* m_data;
@ -35,3 +40,23 @@ void r11160612_3(CanFreeMemory* p) {
const_ptr_and_callback_def_param(0, x, 12, p->myFree);
}
namespace PR13751 {
class OwningVector {
void **storage;
size_t length;
public:
OwningVector();
~OwningVector();
void push_back(void *Item) {
storage[length++] = Item;
}
};
void testDestructors() {
OwningVector v;
v.push_back(malloc(4));
// no leak warning; freed in destructor
}
}

2
clang/test/Analysis/temp-obj-dtors-cfg-output.cpp
View File

@ -1,5 +1,5 @@
// RUN: rm -f %t
// RUN: %clang_cc1 -analyze -analyzer-checker=debug.DumpCFG -cfg-add-implicit-dtors %s > %t 2>&1
// RUN: %clang_cc1 -analyze -analyzer-checker=debug.DumpCFG -analyzer-config cfg-temporary-dtors=1 %s > %t 2>&1
// RUN: FileCheck --input-file=%t %s
// XPASS: *