Commit Graph

37 Commits

Author SHA1 Message Date
Chandler Carruth 3a02247dc9 Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.

This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.

I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.

llvm-svn: 169237
2012-12-04 09:13:33 +00:00
Jordan Rose 199fdd825f [analyzer] Use the CallEnter node to get a value for tracked null arguments.
Additionally, don't collect PostStore nodes -- they are often used in
path diagnostics.

Previously, we tried to track null arguments in the same way as any other
null values, but in many cases the necessary nodes had already been
collected (a memory optimization in ExplodedGraph). Now, we fall back to
using the value of the argument at the time of the call, which may not
always match the actual contents of the region, but often will.

This is a precursor to improving our suppression heuristic.
<rdar://problem/12350829>

llvm-svn: 166940
2012-10-29 17:31:53 +00:00
Jordan Rose 746c06d0bc [analyzer] Replace -analyzer-no-eagerly-trim-egraph with graph-trim-interval.
After every 1000 CFGElements processed, the ExplodedGraph trims out nodes
that satisfy a number of criteria for being "boring" (single predecessor,
single successor, and more). Rather than controlling this with a cc1 option,
which can only disable this behavior, we now have an analyzer-config option,
'graph-trim-interval', which can change this interval from 1000 to something
else. Setting the value to 0 disables reclamation.

The next commit relies on this behavior to actually test anything.

llvm-svn: 166528
2012-10-23 23:59:05 +00:00
Jordan Rose 5a751b993f [analyzer] Allow a BugReport to be marked "invalid" during path generation.
This is intended to allow visitors to make decisions about whether a
BugReport is likely a false positive. Currently there are no visitors
making use of this feature, so there are no tests.

When a BugReport is marked invalid, the invalidator must provide a key
that identifies the invaliation (intended to be the visitor type and a
context pointer of some kind). This allows us to reverse the decision
later on. Being able to reverse a decision about invalidation gives us more
flexibility, and allows us to formulate conditions like "this report is
invalid UNLESS the original argument is 'foo'". We can use this to
fine-tune our false-positive suppression (coming soon).

llvm-svn: 164446
2012-09-22 01:24:53 +00:00
Anna Zaks 67e0062b7c [analyzer] Explain why we need condition 8.
llvm-svn: 163394
2012-09-07 16:22:09 +00:00
Ted Kremenek 891bcdb644 ExplodedGraph::shouldCollectNode() should not collect nodes for non-Expr Stmts
(as this previously was the case before this was refactored).  We also shouldn't
need to specially handle BinaryOperators since the eagerly-assume heuristic tags
such nodes.

llvm-svn: 163374
2012-09-07 06:56:18 +00:00
Jordan Rose e537cc05f5 [analyzer] Rename CallEvent::mayBeInlined to CallEvent::isCallStmt.
The two callers are using this in order to be conservative, so let's just
clarify the information that's actually being provided here. This is not
related to inlining decisions in any way.

No functionality change.

llvm-svn: 162717
2012-08-28 00:50:38 +00:00
Jordan Rose 2b10f3f8a9 [analyzer] Add comments to ExplodedNode::NodeGroup.
No functionality change.

llvm-svn: 162216
2012-08-20 18:59:46 +00:00
Jordan Rose 80547386b8 [analyzer] Use PointerUnion to implement ExplodedNode::NodeGroup.
We shouldn't be reinventing our own wheels. This also paves the way for
marking different kinds of sinks.

No functionality change.

llvm-svn: 162154
2012-08-18 00:30:10 +00:00
Jordan Rose 4f7df9be69 [analyzer] Rename Calls.{h,cpp} to CallEvent.{h,cpp}. No functionality change.
llvm-svn: 160815
2012-07-26 21:39:41 +00:00
Jordan Rose 681cce9908 [analyzer] Add new PreImplicitCall and PostImplicitCall ProgramPoints.
These are currently unused, but are intended to be used in lieu of PreStmt
and PostStmt when the call is implicit (e.g. an automatic object destructor).

This also modifies the Data1 field of ProgramPoints to allow storing any
pointer-sized value, as opposed to only aligned pointers. This is necessary
to store SourceLocations.

There is currently no BugReporter support for these; they should be skipped
over in any diagnostic output.

This commit also tags checkers that currently rely on function calls only
occurring at StmtPoints.

llvm-svn: 160019
2012-07-10 22:07:42 +00:00
Jordan Rose 7ab0182e33 [analyzer] Move the last bits of CallOrObjCMessage over to CallEvent.
This involved refactoring some common pointer-escapes code onto CallEvent,
then having MallocChecker use those callbacks for whether or not to consider
a pointer's /ownership/ as escaping. This still needs to be pinned down, and
probably we want to make the new argumentsMayEscape() function a little more
discerning (content invalidation vs. ownership/metadata invalidation), but
this is a good improvement.

As a bonus, also remove CallOrObjCMessage from the source completely.

llvm-svn: 159557
2012-07-02 19:27:51 +00:00
Anna Zaks 301e0d6074 [analyzer] Remove a statistic - it's too expensive.
(Committed in r159038 by mistake.)

llvm-svn: 159040
2012-06-22 22:24:45 +00:00
Anna Zaks 7aa3687bb6 [analyzer]scan-build: report the total number of steps analyzer performs
This would be useful to investigate performance issues.

llvm-svn: 159038
2012-06-22 22:08:12 +00:00
Anna Zaks 7ba2615047 [analyzer] Rely on canBeInlined utility instead of checking CallExpr
explicitly.

This will make it easier to add inlining support to more expressions.

llvm-svn: 157870
2012-06-02 00:40:52 +00:00
Anna Zaks bec49efdf2 [analyzer] Fix a spurious undef value warning.
When we timeout or exceed a max number of blocks within an inlined
function, we retry with no inlining starting from a node right before
the CallEnter node. We assume the state of that node is the state of the
program before we start evaluating the call. However, the node pruning
removes this node as unimportant. 

Teach the node pruning to keep the predecessors of the call enter nodes.

llvm-svn: 157860
2012-06-01 23:48:44 +00:00
Anna Zaks 7e53bd6fb0 [analyzer] Run remove dead bindings right before leaving a function.
This is needed to ensure that we always report issues in the correct
function. For example, leaks are identified when we call remove dead
bindings. In order to make sure we report a callee's leak in the callee,
we have to run the operation in the callee's context.

This change required quite a bit of infrastructure work since:
 - We used to only run remove dead bindings before a given statement;
here we need to run it after the last statement in the function. For
this, we added additional Program Point and special mode in the
SymbolReaper to remove all symbols in context lower than the current
one.
 - The call exit operation turned into a sequence of nodes, which are
now guarded by CallExitBegin and CallExitEnd nodes for clarity and
convenience.

(Sorry for the long diff.)

llvm-svn: 155244
2012-04-20 21:59:08 +00:00
Ted Kremenek 35e55fe49f Revert "Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change."
llvm-svn: 150722
2012-02-16 20:48:04 +00:00
Ted Kremenek ea8dbdeefd Move ExplodedNode reclaimation out of ExprEngine and into CoreEngine. Also have it based on adding predecessors/successors, not node allocation. No measurable performance change.
llvm-svn: 150720
2012-02-16 20:19:30 +00:00
Ted Kremenek a2aa929e74 Minor cleanup to node data structures in ExplodedGraph. No functionality change.
llvm-svn: 150719
2012-02-16 20:19:25 +00:00
Dylan Noblesmith e27789991d Basic: import OwningPtr<> into clang namespace
llvm-svn: 149798
2012-02-05 02:12:40 +00:00
Ted Kremenek 1dd7fd7106 Minor refactor within ExplodedGraph::reclaimRecentlyAllocatedNodes(). No functionality change.
llvm-svn: 149320
2012-01-31 01:20:02 +00:00
Ted Kremenek 49b1e38e4b Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.
At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.

llvm-svn: 149081
2012-01-26 21:29:00 +00:00
Ted Kremenek 44d2973b6f Reduce peak memory usage of the static analyzer on sqlite3 (when using inlining) by 30%.
This is accomplished by periodically reclaiming nodes in the graph.  This was an optimization
done before the CFG was linearized, but the CFG linearization destroyed that optimization since each
freshly created node couldn't be reclaimed and we only looked at a window of nodes created between
each ProcessStmt.  This optimization can be reclaimed my merely expanding the window to N number of nodes.

llvm-svn: 148888
2012-01-25 00:35:05 +00:00
Ted Kremenek 3f406ba4bf Remove '#if 0' from ExprEngine::InlineCall(), and start fresh by wiring up inlining for straight C calls.
My hope is to reimplement this from first principles based on the simplifications of removing unneeded node builders
and re-evaluating how C++ calls are handled in the CFG.  The hope is to turn inlining "on-by-default" as soon as possible
with a core set of things working well, and then expand over time.

llvm-svn: 147904
2012-01-11 01:06:27 +00:00
David Blaikie 68e081d606 Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch
llvm-svn: 146959
2011-12-20 02:48:34 +00:00
Anna Zaks 49ea5bf562 [analyzer] Make sink attribute part of the node profile.
This prevents caching out on nodes with different sink flag.
(This is a cleaner fix for radar://10376675).

llvm-svn: 143517
2011-11-01 22:41:19 +00:00
Ted Kremenek 9815709cd2 [analyzer] Remove PostStmtCustom ProgramPoint. It can be represented using tagged PostStmts.
llvm-svn: 137697
2011-08-16 00:49:19 +00:00
Ted Kremenek 001fd5b498 Rename GRState to ProgramState, and cleanup some code formatting along the way.
llvm-svn: 137665
2011-08-15 22:09:50 +00:00
Ted Kremenek 5ef32dbf2a Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
Chris Lattner 0e62c1cc0b remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.

llvm-svn: 135852
2011-07-23 10:55:15 +00:00
Chris Lattner 57540c5be0 fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!

llvm-svn: 129559
2011-04-15 05:22:18 +00:00
Ted Kremenek ff6fd0f4b0 Change 'StoreRef' back to 'Store' in GRState, shrinking the size of GRState back by one pointer.
llvm-svn: 126020
2011-02-19 03:56:19 +00:00
Ted Kremenek 75e4564140 static analyzer: Make GRStates reference counted, with reference counts managed by ExplodedNodes.
This reduces memory usage of the analyzer on sqlite by another 5%.

llvm-svn: 125260
2011-02-10 02:21:52 +00:00
Ted Kremenek f8cbac4b91 Split 'include/clang/StaticAnalyzer' into 'include/clang/StaticAnalyzer/Core' and 'include/clang/StaticAnalyzer/Checkers'.
This layout matches lib/StaticAnalyzer, which corresponds to two StaticAnalyzer libraries.

llvm-svn: 125251
2011-02-10 01:03:03 +00:00
Ted Kremenek a40f8ebc83 static analyzer: Further reduce the analyzer's memory usage when analyzing sqlite3 by 7-10% by recylcing "uninteresting" ExplodedNodes.
The optimization involves eagerly pruning ExplodedNodes from the ExplodedGraph that contain
practically no difference between the predecessor and successor nodes.  For example, if
the state is different between a predecessor and a node, the node is left in.  Only for
the 'environment' component of the state do we not care if the ExplodedNodes are different.
This paves the way for future optimizations where we can reclaim the environment objects.

llvm-svn: 125154
2011-02-09 01:27:33 +00:00
Argyrios Kyrtzidis fa0734ec4f [analyzer] Move the files in lib/StaticAnalyzer to lib/StaticAnalyzer/Core.
Eventually there will also be a lib/StaticAnalyzer/Frontend that will handle initialization and checker registration.
Yet another library to avoid cyclic dependencies between Core and Checkers.

llvm-svn: 125124
2011-02-08 22:30:36 +00:00