Commit Graph

2757 Commits

Author SHA1 Message Date
Jordan Rose 398fb00e1e [analyzer] Fix a CFG printing bug.
Also, add several destructor-related tests. Most of them don't work yet, but it's
good to have them recorded.

Patch by Alex McCarthy!

llvm-svn: 205326
2014-04-01 16:39:33 +00:00
Ted Kremenek ab57a1555a [-Wunreachable-code] Expand paren-suppression heuristic to C++/ObjC bools.
llvm-svn: 205074
2014-03-29 04:49:20 +00:00
Ted Kremenek ec3bbf4933 Improve -Wunreachable-code to provide a means to indicate code is intentionally marked dead via if((0)).
Taking a hint from -Wparentheses, use an extra '()' as a sigil that
a dead condition is intentionally dead.  For example:

  if ((0)) { dead }

When this sigil is found, do not emit a dead code warning.  When the
analysis sees:

  if (0)

it suggests inserting '()' as a Fix-It.

llvm-svn: 205069
2014-03-29 00:35:20 +00:00
Nuno Lopes fb744589bc remove a bunch of unused private methods
found with a smarter version of -Wunused-member-function that I'm playwing with.
Appologies in advance if I removed someone's WIP code.

 ARCMigrate/TransProperties.cpp                  |    8 -----
 AST/MicrosoftMangle.cpp                         |    1 
 Analysis/AnalysisDeclContext.cpp                |    5 ---
 Analysis/LiveVariables.cpp                      |   14 ----------
 Index/USRGeneration.cpp                         |   10 -------
 Sema/Sema.cpp                                   |   33 +++++++++++++++++++++---
 Sema/SemaChecking.cpp                           |    3 --
 Sema/SemaDecl.cpp                               |   20 ++------------
 StaticAnalyzer/Checkers/GenericTaintChecker.cpp |    1 
 9 files changed, 34 insertions(+), 61 deletions(-)

llvm-svn: 204561
2014-03-23 17:12:37 +00:00
Aaron Ballman df115d9bf3 The release_capability, release_shared_capability and release_generic_capability functions are now functionally distinct for capability analysis. The unlock_function attribute maps directly to release_generic_capability.
llvm-svn: 204469
2014-03-21 14:48:48 +00:00
Ted Kremenek 1421037ece [-Wunreachable-code] add a specialized diagnostic for unreachable increment expressions of loops.
llvm-svn: 204430
2014-03-21 06:02:36 +00:00
DeLesley Hutchins d7fa5bd431 Consumed Analysis: IgnoreParens bugfix.
llvm-svn: 204395
2014-03-20 20:39:20 +00:00
Ted Kremenek d4576318b4 [-Wunreachable-code] Tweak isTrivialDoWhile() to handle implicit casts.
llvm-svn: 204376
2014-03-20 18:47:53 +00:00
Aaron Ballman 18d85aed39 Replacing the exclusive_lock_function, shared_lock_function and unlock_function attributes with the acquire_capability and release_capability attributes. The old spellings will continue to work, but the underlying semantic attributes have been replaced.
Downgraded the capability diagnostics from error to warning to match the desired behavior, and updated the existing test cases.

llvm-svn: 204350
2014-03-20 16:02:49 +00:00
Ted Kremenek f5ae0bc671 [-Wunreachable-code] Look through member accesses for 'static const bool' configuration values.
llvm-svn: 204315
2014-03-20 06:44:35 +00:00
Ted Kremenek 2766ad27e8 [-Wunreachable-code] constexpr functions can be used as configuration values.
llvm-svn: 204308
2014-03-20 06:07:35 +00:00
Ted Kremenek f3c93bb61b [-Wunreachable-code] Simplify and broad -Wunreachable-code-return, including nontrivial returns.
The exception is return statements that include control-flow,
which are clearly doing something "interesting".

99% of the cases I examined for -Wunreachable-code that fired
on return statements were not interesting enough to warrant
being in -Wunreachable-code by default.  Thus the move to
include them in -Wunreachable-code-return.

This simplifies a bunch of logic, including removing the ad hoc
logic to look for std::string literals.

llvm-svn: 204307
2014-03-20 06:07:30 +00:00
Jordan Rose 177b0a3600 scanf format checking: include the buffer length in the fix-it for %s.
Patch by Zach Davis!

llvm-svn: 204300
2014-03-20 03:32:39 +00:00
Aaron Ballman c7e4e219b5 [C++11] Replacing CompoundStmt iterators body_begin() and body_end() with iterator_range body(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 204040
2014-03-17 14:19:37 +00:00
Benjamin Kramer 8cef8867ee Remove dead functions from unreachable code analysis.
llvm-svn: 204004
2014-03-15 10:20:49 +00:00
Ted Kremenek 9dfe400dc2 -Wunreachable-code: treat 'const bool' locals as control values.
llvm-svn: 204001
2014-03-15 06:47:45 +00:00
Ted Kremenek ad8753c00e Further refine -Wunreachable-code groups so that -Wno-unreachable-code-break doesn't turn off all unreachable code warnings.
Also relax unreachable 'break' and 'return' to not check for being
preceded by a call to 'noreturn'.  That turns out to not be so
interesting in practice.

llvm-svn: 204000
2014-03-15 05:47:06 +00:00
Ted Kremenek 1a8641c1e7 Start breaking -Wunreachable-code up into different diagnostic groups.
Recent work on -Wunreachable-code has focused on suppressing uninteresting
unreachable code that center around "configuration values", but
there are still some set of cases that are sometimes interesting
or uninteresting depending on the codebase.  For example, a dead
"break" statement may not be interesting for a particular codebase,
potentially because it is auto-generated or simply because code
is written defensively.

To address these workflow differences, -Wunreachable-code is now
broken into several diagnostic groups:

-Wunreachable-code: intended to be a reasonable "default" for
most users.

and then other groups that turn on more aggressive checking:

-Wunreachable-code-break: warn about dead break statements

-Wunreachable-code-trivial-return: warn about dead return statements
that return "trivial" values (e.g., return 0).  Other return
statements that return non-trivial values are still reported
under -Wunreachable-code (this is an area subject to more refinement).

-Wunreachable-code-aggressive: supergroup that enables all these
groups.

The goal is to eventually make -Wunreachable-code good enough to
either be in -Wall or on-by-default, thus finessing these warnings
into different groups helps achieve maximum signal for more users.

TODO: the tests need to be updated to reflect this extra control
via diagnostic flags.

llvm-svn: 203994
2014-03-15 01:26:32 +00:00
Aaron Ballman 9371dd2287 [C++11] Replacing BlockDecl iterators capture_begin() and capture_end() with iterator_range captures(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203958
2014-03-14 18:34:04 +00:00
Aaron Ballman 535bbcccb1 [C++11] Replacing DeclStmt iterators decl_begin() and decl_end() with iterator_range decls(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203947
2014-03-14 17:01:24 +00:00
Aaron Ballman d85eff49a3 [C++11] Replacing ObjCCategoryDecl iterators propimpl_begin() and propimpl_end() with iterator_range property_impls(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203930
2014-03-14 15:02:45 +00:00
Craig Topper b45acb8a16 [C++11] Add 'override' keyword to virtual methods that override their base class.
llvm-svn: 203893
2014-03-14 06:02:07 +00:00
Aaron Ballman 0ad78303de [C++11] Replacing CXXRecordDecl iterators init_begin() and init_end() with iterator_range inits(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203819
2014-03-13 17:34:31 +00:00
Aaron Ballman 445a939db8 [C++11] Replacing CXXRecordDecl iterators vbases_begin() and vbases_end() with iterator_range vbases(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203808
2014-03-13 16:15:17 +00:00
Aaron Ballman 574705ed7f [C++11] Replacing CXXRecordDecl iterators bases_begin() and bases_end() with iterator_range bases(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203803
2014-03-13 15:41:46 +00:00
DeLesley Hutchins d1c9b37db9 Thread safety analysis: move smart pointer checks from -Wthread-safety-beta
to -Wthread-safety.

llvm-svn: 203510
2014-03-10 23:03:49 +00:00
Aaron Ballman be22bcb180 [C++11] Replacing DeclBase iterators specific_attr_begin() and specific_attr_end() with iterator_range specific_attrs(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203474
2014-03-10 17:08:28 +00:00
Ahmed Charles dfca6f97bc [C++11] Replace OwningPtr include with <memory>.
llvm-svn: 203389
2014-03-09 11:36:40 +00:00
Ted Kremenek 2dd810a331 [-Wunreachable-code] Handle Objective-C bool literals in 'isConfigurationValue'.
This includes special casing 'YES' and 'NO', which are constants
defined as macros.

llvm-svn: 203380
2014-03-09 08:13:49 +00:00
Ted Kremenek c980afc578 [-Wunreachable-code] Tweak heuristic for configuration values to include arithmetic operations involving sizeof(), but not raw integers.
This case was motivated by a false positive with the
llvm::AlignOf<> specialization in LLVM.

llvm-svn: 203363
2014-03-08 23:20:11 +00:00
Aaron Ballman e8a8baef44 [C++11] Replacing RecordDecl iterators field_begin() and field_end() with iterator_range fields(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203355
2014-03-08 20:12:42 +00:00
Ted Kremenek efea63450b [-Wunreachabe-code] Don't warn about unreachable destructors for temporaries.
This can possibly be refined later, but right now the experience
is so incomprehensible for a user to understand what is going on
this isn't a useful warning.

llvm-svn: 203336
2014-03-08 02:22:32 +00:00
Ted Kremenek fcc1417fad Fix CFG bug where the 'isTemporaryDtorsBranch' bit was silently lost for terminators.
llvm-svn: 203335
2014-03-08 02:22:29 +00:00
Ted Kremenek ff909f907c [CFG] Record would-be successor for noreturn destructor.
llvm-svn: 203334
2014-03-08 02:22:25 +00:00
Ted Kremenek 04bfbeea04 [-Wunreachable-code] Handle 'return' with no argument dominated by 'noreturn' function.
llvm-svn: 203333
2014-03-08 02:22:23 +00:00
Benjamin Kramer 4cadf292a5 [C++11] Revert uses of lambdas with array_pod_sort.
Looks like GCC implements the lambda->function pointer conversion differently.

llvm-svn: 203293
2014-03-07 21:51:58 +00:00
Benjamin Kramer 15ae783e14 [C++11] Convert sort predicates into lambdas.
No functionality change.

llvm-svn: 203289
2014-03-07 21:35:40 +00:00
Ted Kremenek 94d1617a1f [-Wunreachable-code] Treat constant globals as configuration values in unreachable code heuristics.
This one could possibly be refined even further; e.g. looking
at the initializer and see if it is truly a configuration value.

llvm-svn: 203283
2014-03-07 20:51:13 +00:00
Ahmed Charles b89843299a Replace OwningPtr with std::unique_ptr.
This compiles cleanly with lldb/lld/clang-tools-extra/llvm.

llvm-svn: 203279
2014-03-07 20:03:18 +00:00
Aaron Ballman 629afaefe0 [C++11] Replacing DeclBase iterators decls_begin() and decls_end() with iterator_range decls(). The same is true for the noload versions of these APIs. Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203278
2014-03-07 19:56:05 +00:00
Ahmed Charles 9a16beb8bc Change OwningPtr::take() to OwningPtr::release().
This is a precursor to moving to std::unique_ptr.

llvm-svn: 203275
2014-03-07 19:33:25 +00:00
Aaron Ballman f6bf62e2d0 [C++11] Replacing FunctionDecl iterators param_begin() and param_end() with iterator_range params(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203248
2014-03-07 15:12:56 +00:00
Ted Kremenek 7d47cace55 Fix recent regressions in -Wreturn-type caused by heuristics to -Wunreachable-code.
I had forgotten that the same reachability code is used by both -Wreturn-type
and -Wunreachable-code, so the heuristics applied to the latter were indirectly
impacting the former.

To address this, the reachability code is more refactored so that whiled
the logic at its core is shared, the intention of the clients are better
captured and segregated in helper APIs.

Fixes PR19074, and also some false positives reported offline to me
by Nick Lewycky.

llvm-svn: 203209
2014-03-07 07:14:36 +00:00
Ted Kremenek 782f003c62 [-Wunreachable-code] Correctly expand artificial reachability to pruned '&&' and '||' branches involving configuration values.
llvm-svn: 203194
2014-03-07 02:25:53 +00:00
Ted Kremenek c10830b308 [-Wunreachable-code] Teach reachable code analysis heuristics about more literal types.
llvm-svn: 203193
2014-03-07 02:25:50 +00:00
Aaron Ballman 69bb592ad1 Based on usage, the NamedDecl is always set when constructing a CallingContext, but none of the other optional parameters are. Removing the optional parameters, and making the NamedDecl required.
No functional changes intended.

llvm-svn: 203149
2014-03-06 19:37:24 +00:00
Aaron Ballman 19842c437a Refactored to use a simple helper function that wraps the logic of creating an SExprNode and returning the position in which it was inserted.
No functional change intended.

llvm-svn: 203148
2014-03-06 19:25:11 +00:00
Aaron Ballman cea2609b59 Very minor simplification and typo correction; no functional changes intended.
llvm-svn: 203144
2014-03-06 19:10:16 +00:00
Ted Kremenek 6999d02587 [-Wunreachable-code] Refine treating all branches of 'switch' as reachable, which includes those with all cases covered but with no 'default:'.
llvm-svn: 203094
2014-03-06 08:09:00 +00:00
Ted Kremenek ec2dc73e86 [-Wunreachable-code] don't warn about dead 'return <string literal>' dominated by a 'noreturn' call, where literal becomes an std::string.
I have mixed feelings about this one.  It's used all over the codebase,
and is analogous to the current heuristic for ordinary C string literals.

This requires some ad hoc pattern matching of the AST.  While the
test case mirrors what we see std::string in libc++, it's not really
testing the libc++ headers.

llvm-svn: 203091
2014-03-06 06:50:46 +00:00
Ted Kremenek 7549f0f9bf [-Wunreachable-code] Handle idiomatic do...while() with an uninteresting condition.
Sometimes do..while() is used to create a scope that can be left early.
In such cases, the unreachable 'while()' test is not usually interesting
unless it actually does something that is observable.

llvm-svn: 203051
2014-03-06 01:09:45 +00:00
Ted Kremenek 1de2e14f2f [-Wunreachable-code] Handle idiomatic do...while() with an uninteresting condition.
Sometimes do..while() is used to create a scope that can be left early.
In such cases, the unreachable 'while()' test is not usually interesting
unless it actually does something that is observable.

llvm-svn: 203036
2014-03-06 00:17:44 +00:00
Ted Kremenek 0a69cabd35 [-Wunreachable-code] generalize pruning out warning on trivial returns.
Previously we only pruned dead returns preceded by a call to a
'noreturn' function.  After looking at the results of the LLVM codebase,
there are many others that should be pruned as well.

llvm-svn: 203029
2014-03-05 23:46:07 +00:00
Ted Kremenek 01a39b601f [-Wunreachable-code] include some enum constants in "configuration value" heuristic
llvm-svn: 203026
2014-03-05 23:38:41 +00:00
Ted Kremenek 3cdbc39a6e [-Wunreachable-code] generalize configuration value checking to all comparison operators.
llvm-svn: 203016
2014-03-05 22:32:39 +00:00
Ted Kremenek 6d9bb56cd3 [-Wunreachable-code] Don't warn about dead code guarded by a "configuration value".
Some unreachable code is only "sometimes unreachable" because it
is guarded by a configuration value that is determined at compile
time and is always constant.  Sometimes those represent real bugs,
but often they do not.  This patch causes the reachability analysis
to cover such branches even if they are technically unreachable
in the CFG itself.  There are some conservative heuristics at
play here to determine a "configuration value"; these are intended
to be refined over time.

llvm-svn: 202912
2014-03-05 00:01:17 +00:00
David Blaikie 9afd5daea3 Remove some unnecessary qualification
llvm-svn: 202909
2014-03-04 23:39:18 +00:00
Ted Kremenek 5a09527d0d [CFG] Tweak "?:" CFG construction to record the unreachable blocks.
llvm-svn: 202898
2014-03-04 21:53:26 +00:00
Ted Kremenek eb862849a1 [-Wunreachable-code] handle cases where a dead 'return' may have a valid predecessor.
Fies PR19040.

llvm-svn: 202892
2014-03-04 21:41:38 +00:00
Benjamin Kramer 867ea1d426 [C++11] Replace llvm::tie with std::tie.
llvm-svn: 202639
2014-03-02 13:01:17 +00:00
Ted Kremenek 08da97819a [-Wunreachable-code] always treat 'case:' and 'default:' cases as reachable.
This is a heuristic.  Many switch statements, although they look covered
over an enum, may actually handle at runtime more values than in the enum.

This is overly conservative, as there are some cases that clearly
can be ruled as being clearly unreachable, e.g. 'switch (42) { case 1: ... }'.
We can refine this later.

llvm-svn: 202436
2014-02-27 21:56:47 +00:00
Ted Kremenek 9238c5c878 [CFG] record the original (now unreachable) block of 'case:' and 'default:' cases.
llvm-svn: 202435
2014-02-27 21:56:44 +00:00
Ted Kremenek 5441c18824 [-Wunreachable-code] Don't warn about trivially unreachable return statements preceded by 'noreturn' functions.
llvm-svn: 202352
2014-02-27 06:32:32 +00:00
Ted Kremenek 35883155bb [-Wunreachable-code] Don't warn about unreachable 'default:' cases.
They are covered by -Wcovered-switch-default.

llvm-svn: 202349
2014-02-27 05:42:07 +00:00
Ted Kremenek cc893386bc [-Wunreachable-code] Prune out unreachable warnings where a 'break' is preceded by a call to a 'noreturn' function.
For example:

	unreachable();
    break;

This code is idiomatic and defensive.  The fact that 'break' is
unreachable here is not interesting.  This occurs frequently
in LLVM/Clang itself.

llvm-svn: 202328
2014-02-27 00:24:08 +00:00
Ted Kremenek f353919e8e [CFG] encode unreachable block information for would-have-been successors for calls to 'noreturn' functions.
llvm-svn: 202327
2014-02-27 00:24:05 +00:00
Ted Kremenek f389861052 [CFG] Encode unreachable block information for successors when visiting 'if' statements.
llvm-svn: 202326
2014-02-27 00:24:03 +00:00
Ted Kremenek 4b6fee6cc4 Rework CFG edges to encode potentially unreachable edges, instead of just making them NULL.
This is to support some analyses, like -Wunreachable-code, that
will need to recover the original unprunned CFG edges in order
to suppress issues that aren't really bugs in practice.

There are two important changes here:

- AdjacentBlock replaces CFGBlock* for CFG successors/predecessors.
  This has the size of 2 pointers, instead of 1.  This is unlikely
  to have a significant memory impact on Sema since a single
  CFG usually exists at one time, but could impact the memory
  usage of the static analyzer.  This could possibly be optimized
  down to a single pointer with some cleverness.

- Predecessors can now contain null predecessors, which means
  some analyses doing a reverse traversal will need to take into
  account.  This already exists for successors, which contain
  successor slots for specific branch kinds (e.g., 'if') that
  expect a fixed number of successors, even if a branch is
  not reachable.

llvm-svn: 202325
2014-02-27 00:24:00 +00:00
NAKAMURA Takumi 9698686505 [CMake] Use LINK_LIBS instead of target_link_libraries().
llvm-svn: 202238
2014-02-26 06:41:29 +00:00
NAKAMURA Takumi 7da9487dd4 [CMake] Get rid of explicit dependencies to include/clang/*.inc and introduce CLANG_TABLEGEN_TARGETS.
This does;
  - clang_tablegen() adds each tblgen'd target to global property CLANG_TABLEGEN_TARGETS as list.
  - List of targets is added to LLVM_COMMON_DEPENDS.
  - all clang libraries and targets depend on generated headers.

You might wonder this would be regression, but in fact, this is little loss.
  - Almost all of clang libraries depend on tblgen'd files and clang-tblgen.
  - clang-tblgen may cause short stall-out but doesn't cause unconditional rebuild.
  - Each library's dependencies to tblgen'd files might vary along headers' structure.
    It made hard to track and update *really optimal* dependencies.

Each dependency to intrinsics_gen and ClangSACheckers is left as DEPENDS.

llvm-svn: 201842
2014-02-21 07:59:59 +00:00
Reid Kleckner 588c937228 Use llvm::DeleteContainerSeconds when possible
llvm-svn: 201739
2014-02-19 23:44:52 +00:00
Aaron Ballman efe348ec44 DeLesley Hutchins (who wrote the original thread-safety attribute functionality) and I have agreed to start migrating from lock-specific terminology to "capability"-specific terminology. This opens the door for future threading-related analysis passes so that a common nomenclature can be used.
The following attributes have been (silently) deprecated, with their replacements listed:

lockable => capability
exclusive_locks_required => requires_capability
shared_locks_required => requires_shared_capability
locks_excluded => requires_capability

There are no functional changes intended.

llvm-svn: 201585
2014-02-18 17:36:50 +00:00
Anton Yartsev 6a61922239 [analyzer] Improved checker naming in CFG dump.
This implements FIXME from Checker.cpp (FIXME: We want to return the package + name of the checker here.) and replaces hardcoded checker names with the new ones obtained via getCheckName().getName().

llvm-svn: 201525
2014-02-17 18:25:34 +00:00
Alp Toker 314cc81b8c Rename getResultType() on function and method declarations to getReturnType()
A return type is the declared or deduced part of the function type specified in
the declaration.

A result type is the (potentially adjusted) type of the value of an expression
that calls the function.

Rule of thumb:

  * Declarations have return types and parameters.
  * Expressions have result types and arguments.

llvm-svn: 200082
2014-01-25 16:55:45 +00:00
Jordan Rose ddf1966cc3 [analyzer] Tighten up sanity checks on Objective-C property getter synthesis.
If there are non-trivially-copyable types /other/ than C++ records, we
won't have a synthesized copy expression, but we can't just use a simple
load/return.

Also, add comments and shore up tests, making sure to test in both ARC
and non-ARC.

llvm-svn: 199869
2014-01-23 03:59:10 +00:00
Alp Toker 9cacbabd33 Rename FunctionProtoType accessors from 'arguments' to 'parameters'
Fix a perennial source of confusion in the clang type system: Declarations and
function prototypes have parameters to which arguments are supplied, so calling
these 'arguments' was a stretch even in C mode, let alone C++ where default
arguments, templates and overloading make the distinction important to get
right.

Readability win across the board, especially in the casting, ADL and
overloading implementations which make a lot more sense at a glance now.

Will keep an eye on the builders and update dependent projects shortly.

No functional change.

llvm-svn: 199686
2014-01-20 20:26:09 +00:00
DeLesley Hutchins 80a38428e5 Consumed analysis: bugfix for operator calls. Also fixes some formatting
issues, a few testcases, and kills fish.

llvm-svn: 199436
2014-01-16 23:07:16 +00:00
Jordan Rose 6f5f719806 CFG: use Visit instead of VisitStmt to look through parens.
PR18472

llvm-svn: 199227
2014-01-14 17:29:12 +00:00
Jordan Rose a3f2781259 [analyzer] Use synthesized ASTs for property getters when available.
This allows the analyzer to handle properties with C++ class type,
finishing up the FIXME from r198953.

llvm-svn: 199226
2014-01-14 17:29:06 +00:00
DeLesley Hutchins f28bbec90e Consumed analysis: add two new attributes which fine-tune the behavior of
consumable objects.  These are useful for implementing error codes that
must be checked.  Patch also includes some significant refactoring, which was
necesary to implement the new behavior.

llvm-svn: 199169
2014-01-14 00:36:53 +00:00
Jordan Rose c9176072e6 [analyzer] Add a CFG node for the allocator call in a C++ 'new' expression.
In an expression like "new (a, b) Foo(x, y)", two things happen:
- Memory is allocated by calling a function named 'operator new'.
- The memory is initialized using the constructor for 'Foo'.

Currently the analyzer only models the second event, though it has special
cases for both the default and placement forms of operator new. This patch
is the first step towards properly modeling both events: it changes the CFG
so that the above expression now generates the following elements.

1. a
2. b
3. (CFGNewAllocator)
4. x
5. y
6. Foo::Foo

The analyzer currently ignores the CFGNewAllocator element, but the next
step is to treat that as a call like any other.

The CFGNewAllocator element is not added to the CFG for analysis-based
warnings, since none of them take advantage of it yet.

llvm-svn: 199123
2014-01-13 17:59:19 +00:00
Jordan Rose 1a866cd54b [analyzer] Model getters of known-@synthesized Objective-C properties.
...by synthesizing their body to be "return self->_prop;", with an extra
nudge to RetainCountChecker to still treat the value as +0 if we have no
other information.

This doesn't handle weak properties, but that's mostly correct anyway,
since they can go to nil at any time. This also doesn't apply to properties
whose implementations we can't see, since they may not be backed by an
ivar at all. And finally, this doesn't handle properties of C++ class type,
because we can't invoke the copy constructor. (Sema has actually done this
work already, but the AST it synthesizes is one the analyzer doesn't quite
handle -- it has an rvalue DeclRefExpr.)

Modeling setters is likely to be more difficult (since it requires
handling strong/copy), but not impossible.

<rdar://problem/11956898>

llvm-svn: 198953
2014-01-10 20:06:06 +00:00
Chandler Carruth 5553d0d4ca Sort all the #include lines with LLVM's utils/sort_includes.py which
encodes the canonical rules for LLVM's style. I noticed this had drifted
quite a bit when cleaning up LLVM, so wanted to clean up Clang as well.

llvm-svn: 198686
2014-01-07 11:51:46 +00:00
Alp Toker ef6b007dc5 Only mark dump() function definitions 'used' in debug builds
This has the dual effect of (1) enabling more dead-stripping in release builds
and (2) ensuring that debug helper functions aren't stripped away in debug
builds, as they're intended to be called from the debugger.

Note that the attribute is applied to definitions rather than declarations in
headers going forward because it's now conditional on NDEBUG:

  /// \brief Mark debug helper function definitions like dump() that should not be
  /// stripped from debug builds.

Requires corresponding macro added in LLVM r198456.

llvm-svn: 198489
2014-01-04 13:47:14 +00:00
Aaron Ballman ee58e6d6d2 Switching getAttrs calls over to using a specific_attr_iterator. No functional changes intended.
llvm-svn: 197681
2013-12-19 15:35:31 +00:00
Aaron Ballman b06f2ef33c Switched code from using hasAttr followed by getAttr to simply call getAttr directly and check the resulting value. Also fixes some minor formatting issues surrounding the getAttr code.
No functional changes intended.

llvm-svn: 197649
2013-12-19 02:58:51 +00:00
Aaron Ballman 9ead1243a5 Replacing calls to getAttr with calls to hasAttr for clarity. No functional change intended -- this only replaces Boolean uses of getAttr.
llvm-svn: 197648
2013-12-19 02:39:40 +00:00
Richard Trieu c689691618 For -Wconsumed, walk the namespaces to find if the top most namespace is "std"
to determine if a move function is the std::move function.  This allows functions
like std::__1::move to also be treated a the move function.

llvm-svn: 197445
2013-12-17 00:40:40 +00:00
Richard Trieu 31f3a713ae Fix PR18260 - Make std::move handling in -Wconsumed only trigger on std::move
llvm-svn: 197428
2013-12-16 21:41:30 +00:00
Ted Kremenek 5d0fb1ea1c Add CFG tests for switch's involving "extended" enum.
llvm-svn: 197094
2013-12-11 23:44:05 +00:00
NAKAMURA Takumi 65d42bcc2b [CMake] clang/lib: Satisfy dependencies to add *actually used* libraries on target_link_libraries() and LLVM_LINK_COMPONENTS.
I will prune redundant dependencies later.

llvm-svn: 196800
2013-12-09 19:04:43 +00:00
Anna Zaks cf8d2165ff Revert "[analyzer] Refactor conditional expression evaluating code"
This reverts commit r189090.

The original patch introduced regressions (see the added live-variables.* tests). The patch depends on the correctness of live variable analyses, which are not computed correctly. I've opened PR18159 to track the proper resolution to this problem.

The patch was a stepping block to r189746. This is why part of the patch reverts temporary destructor tests that started crashing. The temporary destructors feature is disabled by default.

llvm-svn: 196593
2013-12-06 18:56:29 +00:00
Alp Toker f6a24ce40f Fix a tranche of comment, test and doc typos
llvm-svn: 196510
2013-12-05 16:25:25 +00:00
Alp Toker d473363876 Correct hyphenations in comments and assert messages
This patch tries to avoid unrelated changes other than fixing a few
hyphen-related ambiguities in nearby lines.

llvm-svn: 196466
2013-12-05 04:47:09 +00:00
DeLesley Hutchins 39b804f8a4 Thread safety analysis: fix ICE due to missing null check on dyn_cast.
llvm-svn: 195777
2013-11-26 19:45:21 +00:00
Aaron Ballman ff924b08dd The code using the StmtPrinterHelper object failed to account for a null object in many cases, which could have led to crashes were it ever to be null. Now passing the object by reference instead of by pointer because it is never null in practice. No functional changes intended.
llvm-svn: 195043
2013-11-18 20:11:50 +00:00
DeLesley Hutchins 68cc3f13c2 Consumed analysis: track state of temporary objects.
Earlier versions discarded the state too soon, and did not track state changes,
e.g. when passing a temporary to a move constructor.  Patch by
chris.wailes@gmail.com; review and minor fixes by delesley.

llvm-svn: 194900
2013-11-16 00:22:43 +00:00
DeLesley Hutchins e73d6b605c Thread-safety analysis: check guarded_by and pt_guarded_by on array access.
Currently supported only with -Wthread-safety-beta.

llvm-svn: 194275
2013-11-08 19:42:01 +00:00
DeLesley Hutchins 05b7b37021 Thread safety analysis: minor bugfix to smart pointer handling, and expanded
test case.

llvm-svn: 194157
2013-11-06 18:40:01 +00:00
DeLesley Hutchins 5ede5cc9ba Thread safety analysis: check pt_guarded_by attribute when calling -> and *
on smart pointers.  -Wthread-safety-beta only.

llvm-svn: 194103
2013-11-05 23:09:56 +00:00
Chris Wailes 93edffa8fe Fixed bug with checking the kind of types.
The isLValueReferenceType function checks to see if the QualType's
canonical type is an LValue reference, and not if the QualType
itself is an LValue reference.  This caused a segfault when trying
to cast the QualType's Type to a LValueReference.  This is now
fixed by casting the result of getCanonicalType().

In addition, a test was added to isConsumableType to prevent
segfaults when a type being tested by the analysis is a reference
to a pointer or a pointer to a reference.

llvm-svn: 193751
2013-10-31 15:38:12 +00:00
Chris Wailes 9385f9f7c3 Changed tests_typestate to test_typestate for consistency.
llvm-svn: 193648
2013-10-29 20:28:41 +00:00
Chris Wailes 2dc8c4283b Used OwningPtr to clean up some memory management in Consumed.cpp.
llvm-svn: 193414
2013-10-25 15:33:28 +00:00
Chris Wailes 44930884b7 Replaced duplicate code with calls to forwardInfo.
Also made move constructor handling safer.

llvm-svn: 193347
2013-10-24 14:28:17 +00:00
Jordan Rose 69d0aed6f1 CFG: Properly print delegating initializer CFG elements.
...rather than segfaulting.

Patch by Enrico P!

llvm-svn: 193208
2013-10-22 23:19:47 +00:00
Rafael Espindola 7b56f6c3c2 Simplify some implementations of get*Decl.
* NamedDecl and CXXMethodDecl were missing getMostRecentDecl.
* The const version can just forward to the non const.
* getMostRecentDecl can use cast instead of cast_or_null.

This then removes some casts from the callers.

llvm-svn: 193039
2013-10-19 16:55:03 +00:00
DeLesley Hutchins 8121866bdb Consumed analysis: fix assert failure.
llvm-svn: 193010
2013-10-18 23:11:49 +00:00
DeLesley Hutchins 0bd25897ef Consumed analysis: assume that non-const reference parameters are initially
in the "uknown" state.  Patch by chris.wailes@gmail.com.  Reviewed by delesley.

llvm-svn: 192995
2013-10-18 19:25:18 +00:00
DeLesley Hutchins 11a66c1240 Consumed analysis: All the return_typestate parameter to be attached to the
default constructor.  Patch by chris.wailes@gmail.com, reviewed by delesley.

llvm-svn: 192991
2013-10-18 18:36:21 +00:00
DeLesley Hutchins 6939177cea Consumed analysis: Add param_typestate attribute, which specifies that
function parameters must be in a particular state.  Patch by
chris.wailes@gmail.com.  Reviewed by delesley@google.com.

llvm-svn: 192934
2013-10-17 23:23:53 +00:00
DeLesley Hutchins 36ea1dd4fc Consumed Analysis: Allow parameters that are passed by non-const reference
to be treated as return values, and marked with the "returned_typestate"
attribute.  Patch by chris.wailes@gmail.com; reviewed by delesley@google.com.

llvm-svn: 192932
2013-10-17 22:53:04 +00:00
DeLesley Hutchins 6501320e72 Consumed analysis: fix ICE in handling of loop source locations.
llvm-svn: 192911
2013-10-17 18:19:31 +00:00
DeLesley Hutchins 33a293433f Consumed analysis: replace the consumes attribute with a set_typestate
attribute.  Patch by chris.wailes@gmail.com; reviewed and edited by delesley.

llvm-svn: 192515
2013-10-11 23:03:26 +00:00
DeLesley Hutchins 8d41d99502 Consumed analysis: switch from tests_consumed/unconsumed to a general
tests_typestate attribute.  Patch by chris.wailes@gmail.com.

llvm-svn: 192513
2013-10-11 22:30:48 +00:00
DeLesley Hutchins fbdee4e3c2 Consumed analysis: check destructor calls.
This allows the callable_when attribute to be attached to destructors.
Original patch by chris.wailes@gmail.com, reviewed and edited by delesley.

llvm-svn: 192508
2013-10-11 21:55:33 +00:00
DeLesley Hutchins 3277a6129b Consumed analysis: improve loop handling. The prior version of the analysis
marked all variables as "unknown" at the start of a loop.  The new version
keeps the initial state of variables unchanged, but issues a warning if the
state at the end of the loop is different from the state at the beginning.
This patch will eventually be replaced with a more precise analysis.

Initial patch by chris.wailes@gmail.com.  Reviewed and edited by
delesley@google.com.

llvm-svn: 192314
2013-10-09 18:30:24 +00:00
DeLesley Hutchins 210791a021 Consumed Analysis: Change callable_when so that it can take a list of states
that a function can be called in.  This reduced the total number of annotations
needed and makes writing more complicated behaviour less burdensome.
Patch by chriswails@gmail.com.

llvm-svn: 191983
2013-10-04 21:28:06 +00:00
Benjamin Kramer b8f33f1690 Make sort predicate match the qsort convention.
llvm-svn: 191177
2013-09-22 15:02:02 +00:00
Benjamin Kramer 04bf187e12 Fix array_pod_sort predicates after LLVM change.
llvm-svn: 191176
2013-09-22 14:10:29 +00:00
Richard Smith ba8071ec81 PR16054: Slight strengthening for -Wsometimes-uninitialized: if we use a
variable uninitialized every time we reach its (reachable) declaration, or
every time we call the surrounding function, promote the warning from
-Wmaybe-uninitialized to -Wsometimes-uninitialized.

This is still slightly weaker than desired: we should, in general, warn
if a use is uninitialized the first time it is evaluated.

llvm-svn: 190623
2013-09-12 18:49:10 +00:00
DeLesley Hutchins 85c07d9a93 Fix ICE in consumed analysis when CFG is null.
llvm-svn: 190447
2013-09-10 23:10:10 +00:00
Matt Beaumont-Gay 093f240a73 Fix a crash introduced in r189828.
The predicates in CXXRecordDecl which test various properties of special
members can't be called on incomplete decls.

llvm-svn: 190353
2013-09-09 21:07:58 +00:00
Pavel Labath 921e7650d4 Avoid double edges when constructing CFGs
Summary:
If a noreturn destructor is executed while returning a value from a function,
the resulting CFG has had two edges to the exit block. This crashed the analyzer,
because it expects that blocks with no terminators have only one outgoing edge.
I added code to avoid creating the second edge in this case.

PS: The crashes did not manifest themselves always, as usually the
NoReturnFunctionChecker would stop program evaluation before the analyzer hit
the assertion, but in the case of lifetime extended temporaries, the checker
failed to do that (which is a separate bug in itself).

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1513

llvm-svn: 190125
2013-09-06 08:12:48 +00:00
David Blaikie 16f76d27ae Consumed Analysis: The 'consumable' attribute now takes a identifier specifying the default assumed state for objects of this class
This information is used for return states and pass-by-value parameter
states.

Patch by Chris Wailes.

Review by DeLesley Hutchins and Aaron Ballman.

llvm-svn: 190116
2013-09-06 01:28:43 +00:00
Eric Christopher de156243e1 Fix non-void return warning, and format.
llvm-svn: 189845
2013-09-03 20:43:00 +00:00
DeLesley Hutchins fc368259af Consumed analysis: add return_typestate attribute.
Patch by chris.wailes@gmail.com

Functions can now declare what state the consumable type the are returning will
be in. This is then used on the caller side and checked on the callee side.
Constructors now use this attribute instead of the 'consumes' attribute.

llvm-svn: 189843
2013-09-03 20:11:38 +00:00
Jordan Rose d2f4079db9 Add an implicit dtor CFG node just before C++ 'delete' expressions.
This paves the way for adding support for modeling the destructor of a
region before it is deleted. The statement "delete <expr>" now generates
this series of CFG elements:

  1. <expr>
  2. [B1.1]->~Foo() (Implicit destructor)
  3. delete [B1.1]

Patch by Karthik Bhat!

llvm-svn: 189828
2013-09-03 17:00:57 +00:00
Pavel Labath d527cf89e6 [analyzer] Add very limited support for temporary destructors
This is an improved version of r186498. It enables ExprEngine to reason about
temporary object destructors.  However, these destructor calls are never
inlined, since this feature is still broken. Still, this is sufficient to
properly handle noreturn temporary destructors.

Now, the analyzer correctly handles expressions like "a || A()", and executes the
destructor of "A" only on the paths where "a" evaluted to false.

Temporary destructor processing is still off by default and one has to
explicitly request it by setting cfg-temporary-dtors=true.

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1259

llvm-svn: 189746
2013-09-02 09:09:15 +00:00
DeLesley Hutchins 5a715c4f00 Consumed analysis: add 'consumable' class attribute.
Patch by chris.wailes@gmail.com

Adds the 'consumable' attribute that can be attached to classes.  This replaces
the previous method of scanning a class's methods to see if any of them have
consumed analysis attributes attached to them.  If consumed analysis attributes
are attached to methods of a class that isn't marked 'consumable' a warning
is generated.

llvm-svn: 189702
2013-08-30 22:56:34 +00:00
DeLesley Hutchins b570c13574 Consumed analysis: track function parameters.
Patch by chris.wailes@gmail.com.

llvm-svn: 189616
2013-08-29 22:36:05 +00:00
DeLesley Hutchins 7fa60edb47 Consumed analysis: non-const methods no longer transfer an object into an
unknown state.  Patch by chris.wailes@gmail.com.

llvm-svn: 189612
2013-08-29 21:17:25 +00:00
Aaron Ballman a21f4b8ddd Silencing the warning from r189605 in a more conformant manner.
llvm-svn: 189606
2013-08-29 20:36:09 +00:00
Aaron Ballman 130db36d80 Silencing a rather spurious warning from MSVC 11 about not all control paths returning a value (hint: they do).
llvm-svn: 189605
2013-08-29 20:25:14 +00:00
Eric Christopher f8a1baab9d Fix warning about anonymous structs in anonymous unions.
llvm-svn: 189596
2013-08-29 18:00:58 +00:00
DeLesley Hutchins 5533ec5c55 Consumed analysis: improve handling of conditionals.
Patch by chris.wailes@gmail.com.

* The TestedVarsVisitor was folded into the ConsumedStmtVisitor.
* The VarTestResult class was updated to allow these changes.
* The PropagationInfo class was updated for the same reasons.
* Correctly handle short-circuiting of Boolean operations.
* Blocks are now marked as unreachable when we can statically prove we will
  never branch to them.
* Unreachable blocks are skipped by the analysis.

llvm-svn: 189594
2013-08-29 17:26:57 +00:00
DeLesley Hutchins 2445b1212a Consumed analyis: Renamed *PStatus to *PInfo.
The change was made for readability, as the PropagationInfo objects don't
always contain a status.  This is submitted as a separate patch because it
touches a lot of lines and I don't want it cluttering up the next patch.
Patch by chris.wailes@gmail.com.

llvm-svn: 189278
2013-08-26 20:34:59 +00:00
Robert Wilhelm 25284cc95b Use pop_back_val() instead of both back() and pop_back().
No functionality change intended.

llvm-svn: 189112
2013-08-23 16:11:15 +00:00
Pavel Labath 02b64d46a0 [analyzer] Refactor conditional expression evaluating code
Summary:
Instead of digging through the ExplodedGraph, to figure out which edge brought
us here, I compute the value of conditional expression by looking at the
sub-expression values.

To do this, I needed to change the liveness algorithm a bit -- now, the full
conditional expression also depends on all atomic sub-expressions, not only the
outermost ones.

Reviewers: jordan_rose

CC: cfe-commits

Differential Revision: http://llvm-reviews.chandlerc.com/D1340

llvm-svn: 189090
2013-08-23 07:19:22 +00:00
DeLesley Hutchins c2ecf0d815 Update to consumed analysis.
Patch by chris.wailes@gmail.com.  The following functionality was added:

* The same functionality is now supported for both CXXOperatorCallExprs and CXXMemberCallExprs.
* Factored out some code in StmtVisitor.
* Removed variables from the state map when their destructors are encountered.
* Started adding documentation for the consumed analysis attributes.

llvm-svn: 189059
2013-08-22 20:44:47 +00:00
David Majnemer a39da8e236 Analysis: Make %I in printf more reasonable, add more tests
llvm-svn: 188992
2013-08-22 07:53:21 +00:00
David Majnemer 3cba495abc Analysis: Add support for MS specific printf format specifiers
Summary: Adds support for %I, %I32 and %I64.

Reviewers: hans, jordan_rose, rnk, majnemer

Reviewed By: majnemer

CC: cfe-commits, cdavis5x

Differential Revision: http://llvm-reviews.chandlerc.com/D1456

llvm-svn: 188937
2013-08-21 21:54:46 +00:00
Jordan Rose 5374c07ab9 Omit arguments of __builtin_object_size from the CFG.
This builtin does not actually evaluate its arguments for side effects,
so we shouldn't include them in the CFG. In the analyzer, rely on the
constant expression evaluator to get the proper semantics, at least for
now. (In the future, we could get ambitious and try to provide path-
sensitive size values.)

In theory, this does pose a problem for liveness analysis: a variable can
be used within the __builtin_object_size argument expression but not show
up as live. However, it is very unlikely that such a value would be used
to compute the object size and not used to access the object in some way.

<rdar://problem/14760817>

llvm-svn: 188679
2013-08-19 16:27:28 +00:00
DeLesley Hutchins 9f5193cf61 Thread Safety Analysis: fix bug when using TryLock with && and || expressions.
llvm-svn: 188505
2013-08-15 23:06:33 +00:00
Eli Friedman 89fe0d5842 Properly track l-paren of a CXXFucntionalCastExpr.
In addition to storing more useful information in the AST, this
fixes a semantic check in template instantiation which checks whether
the l-paren location is valid.

Fixes PR16903.

llvm-svn: 188495
2013-08-15 22:02:56 +00:00
DeLesley Hutchins 16b4ff5c4d Thread safety analysis: move warnings within lock/unlock functions out of beta.
llvm-svn: 188465
2013-08-15 15:31:25 +00:00
Reid Kleckner 6454d0a0fa Silence a warning from MSVC about not returning a value
llvm-svn: 188237
2013-08-13 00:11:59 +00:00
Reid Kleckner e846deae3c Remove Sema includes from Analysis code to fix layering
This moves a header-only class from Sema to Analysis and puts the option
check in Sema.

Patch by Chris Wailes!

llvm-svn: 188230
2013-08-12 23:49:39 +00:00
Hans Wennborg 812a9ec9c2 Speculative build fix for r188206.
The cmake-clang-x86_64 was upset:
error: 'template<class ImplClass, class RetTy> class clang::ConstStmtVisitor' used without template parameters

llvm-svn: 188211
2013-08-12 22:02:09 +00:00
DeLesley Hutchins 48a317663f Patch by Chris Wailes <chris.wailes@gmail.com>.
Reviewed by delesley, dblaikie.

Add the annotations and code needed to support a basic 'consumed' analysis.

Summary:
This new analysis is based on academic literature on linear types.  It tracks
the state of a value, either as unconsumed, consumed, or unknown.  Methods are
then annotated as CallableWhenUnconsumed, and when an annotated method is
called while the value is in the 'consumed' state a warning is issued.  A value
may be tested in the conditional statement of an if-statement; when this occurs
we know the state of the value in the different branches, and this information
is added to our analysis.  The code is still highly experimental, and the names
of annotations or the algorithm may be subject to change.

llvm-svn: 188206
2013-08-12 21:20:55 +00:00
Jordan Rose e9c57229f9 [analyzer] Include analysis stack in crash traces.
Sample output:

0.     Program arguments: ...
1.     <eof> parser at end of file
2.     While analyzing stack:
       #0 void inlined()
       #1 void test()
3.     crash-trace.c:6:3: Error evaluating statement

llvm-svn: 186639
2013-07-19 00:59:08 +00:00
Richard Smith 5a0ef78cd7 Remove bogus VarDecl::extendsLifetimeOfTemporary function and inline it into
its only caller with a FIXME explaining why it's bogus.

llvm-svn: 185109
2013-06-27 21:43:17 +00:00
Aaron Ballman fcd5b7e76e Updating a link in the comments; no functional change.
llvm-svn: 185013
2013-06-26 19:17:19 +00:00
Anna Zaks 56b4975bad [CFG] Set the “loop target” (back edge) for VisitObjCForCollectionStmt loops
Add the back edge info by creating a basic block, marked as loop target. This is
consistent with how other loops are processed, but was omitted from
VisitObjCForCollectionStmt.

llvm-svn: 184617
2013-06-22 00:23:20 +00:00
Jordan Rose cf10ea8cb2 [analyzer; new edges] Simplify edges in a C++11 for-range loop.
Previously our edges were completely broken here; now, the final result
is a very simple set of edges in most cases: one up to the "for" keyword
for context, and one into the body of the loop. This matches the behavior
for ObjC for-in loops.

In the AST, however, CXXForRangeStmts are handled very differently from
ObjCForCollectionStmts. Since they are specified in terms of equivalent
statements in the C++ standard, we actually have implicit AST nodes for
all of the semantic statements. This makes evaluation very easy, but
diagnostic locations a bit trickier. Fortunately, the problem can be
generally defined away by marking all of the implicit statements as
part of the top-level for-range statement.

One of the implicit statements in a for-range statement is the declaration
of implicit iterators __begin and __end. The CFG synthesizes two
separate DeclStmts to match each of these decls, but until now these
synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG
keeps track of its synthetic statements, and the AnalysisDeclContext will
make sure to add them to the ParentMap.

<rdar://problem/14038483>

llvm-svn: 183449
2013-06-06 21:53:45 +00:00
David Majnemer f69ce86048 Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully covered
Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered()
as well as having no cases at all (i.e. the enum it covers has no
enumerators).

In this case, we should add a successor to repair the CFG.

This fixes PR16212.

llvm-svn: 183237
2013-06-04 17:38:44 +00:00
Jordan Rose 5250b873bb CFG: In a DeclStmt, skip anything that's not a VarDecl.
Neither the compiler nor the analyzer are doing anything with non-VarDecl
decls in the CFG, and having them there creates extra nodes in the
analyzer's path diagnostics. Simplify the CFG (and the path edges) by
simply leaving them out. We can always add interesting decls back in when
they become relevant.

Note that this only affects decls declared in a DeclStmt, and then only
those that appear within a function body.

llvm-svn: 183157
2013-06-03 22:59:41 +00:00
DeLesley Hutchins 3b2c66bbda Thread safety analysis: fix use after free bug reported by Evgeniy Stepanov.
llvm-svn: 182305
2013-05-20 17:57:55 +00:00
Jordan Rose 433b0f5455 Revert "[analyzer; alternate edges] improve support for edges with PseudoObjectExprs."
Ted and I spent a long time discussing this today and found out that neither
the existing code nor the new code was doing what either of us thought it
was, which is never good. The good news is we found a much simpler way to
fix the motivating test case (an ObjCSubscriptExpr).

This reverts r182083, but pieces of it will come back in subsequent commits.

llvm-svn: 182185
2013-05-18 02:26:50 +00:00
DeLesley Hutchins b682431775 Thread safety analysis: add two new attributes to the thread safety analysis:
assert_exclusive_lock and assert_shared_lock.  These attributes are used to
mark functions that dynamically check (i.e. assert) that a lock is held.

llvm-svn: 182170
2013-05-17 23:02:59 +00:00
Ted Kremenek 35de14540f [analyzer; alternate edges] improve support for edges with PseudoObjectExprs.
This optimizes some spurious edges resulting from PseudoObjectExprs.
This required far more changes than I anticipated.  The current
ParentMap does not record any hierarchy information between
a PseudoObjectExpr and its *semantic* expressions that may be
wrapped in OpaqueValueExprs, which are the expressions actually
laid out in the CFG.  This means the arrow pruning logic could
not map from an expression to its containing PseudoObjectExprs.

To solve this, this patch adds a variant of ParentMap that
returns the "semantic" parentage of expressions (essentially
as they are viewed by the CFG).  This alternate ParentMap is then
used by the arrow reducing logic to identify edges into pseudo
object expressions, and then eliminate them.

llvm-svn: 182083
2013-05-17 09:41:40 +00:00
Jordan Rose a7f94ce8a3 Remove unused, awkward CFGStmtVisitor and subclasses.
This class is a StmtVisitor that distinguishes between block-level and
non-block-level statements in a CFG. However, it does so using a hard-coded
idea of which statements might be block-level, which probably isn't accurate
anymore. The only implementer of the CFGStmtVisitor hierarchy was the
analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG
anyway (every non-trivial statement is a block-level statement).

This also allows us to remove the block-expr map ("BlkExprMap"), which
mapped statements to positions in the CFG. Apart from having a helper type
that really should have just been Optional<unsigned>, it was only being
used to ask /if/ a particular expression was block-level, for traversal
purposes in CFGStmtVisitor.

llvm-svn: 181945
2013-05-15 23:22:55 +00:00
David Blaikie 7d17010db5 Use only explicit bool conversion operator
The most common (non-buggy) case are where such objects are used as
return expressions in bool-returning functions or as boolean function
arguments. In those cases I've used (& added if necessary) a named
function to provide the equivalent (or sometimes negative, depending on
convenient wording) test.

DiagnosticBuilder kept its implicit conversion operator owing to the
prevalent use of it in return statements.

One bug was found in ExprConstant.cpp involving a comparison of two
PointerUnions (PointerUnion did not previously have an operator==, so
instead both operands were converted to bool & then compared). A test
is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix
(adding operator== to PointerUnion in LLVM).

llvm-svn: 181869
2013-05-15 07:37:26 +00:00
Hans Wennborg 0d81e01916 Add support for __wchar_t in -fms-extensions mode.
MSVC provides __wchar_t. This is the same as the built-in wchar_t type
from C++, but it is also available with -fno-wchar and in C.

The commit changes ASTContext to have two different types for this:

  - WCharTy is the built-in type used for wchar_t in C++ and __wchar_t.

  - WideCharTy is the type of a wide character literal. In C++ this is
    the same as WCharTy, and in C  it is an integer type compatible with
    the type in <stddef.h>.

This fixes PR15815.

llvm-svn: 181587
2013-05-10 10:08:40 +00:00
Dmitri Gribenko 44ebbd5436 Replace ArrayRef<T>() with None, now that we have an implicit ArrayRef constructor from None
Patch by Robert Wilhelm.

llvm-svn: 181139
2013-05-05 00:41:58 +00:00
Richard Smith 852c9db72b C++1y: Allow aggregates to have default initializers.
Add a CXXDefaultInitExpr, analogous to CXXDefaultArgExpr, and use it both in
CXXCtorInitializers and in InitListExprs to represent a default initializer.

There's an additional complication here: because the default initializer can
refer to the initialized object via its 'this' pointer, we need to make sure
that 'this' points to the right thing within the evaluation.

llvm-svn: 179958
2013-04-20 22:23:05 +00:00
DeLesley Hutchins fd374bb3dd Thread safety analysis: turn on checking within lock and unlock functions.
These checks are enabled with the -Wthread-safety-beta flag.

llvm-svn: 179046
2013-04-08 20:11:11 +00:00
DeLesley Hutchins c105ba19e9 Thread safety analysis: Turn on checking for non-scalar types by default.
These were previously enabled as a "beta" feature, but they have now been
extensively tested.

llvm-svn: 178478
2013-04-01 17:47:37 +00:00
Jordan Rose 6fdef11c17 [analyzer] Add debug helper LocationContext::dumpStack().
Sample output:
  #0 void construct(pointer __p, llvm::ImutAVLTree<llvm::ImutContainerInfo<clang::ento::BugType *> > *const &__val)
  #1 void push_back(const value_type &__x)
  #2 void destroy()
  #3 void release()
  #4 void ~ImmutableSet()

llvm-svn: 178400
2013-03-30 01:31:35 +00:00
Ted Kremenek f82d578f9d [cfg] Always guard (when AddStaticInitBranches == true) DeclStmts for static variables, not just ones with explicit initializers
llvm-svn: 178322
2013-03-29 00:42:56 +00:00
Ted Kremenek 338c3aa8d1 Add static analyzer support for conditionally executing static initializers.
llvm-svn: 178318
2013-03-29 00:09:28 +00:00
Ted Kremenek 233c1b0c77 Add configuration plumbing to enable static initializer branching in the CFG for the analyzer.
This setting still isn't enabled yet in the analyzer.  This is
just prep work.

llvm-svn: 178317
2013-03-29 00:09:22 +00:00
Ted Kremenek 0dd8feee93 Add CFG logic to create a conditional branch for modeling static initializers.
This is an optional variant of the CFG.  This allows analyses to model whether
or not a static initializer has run, e.g.:

  static Foo x = bar();

For basic dataflow analysis in Sema we will just assume that the initializer
always runs.  For the static analyzer we can use this branch to accurately
track whether or not initializers are on.

This patch just adds the (opt-in) functionality to the CFG.  The
static analyzer still needs to be modified to adopt this feature.

llvm-svn: 178263
2013-03-28 18:43:15 +00:00
Rafael Espindola 210de57694 Add const in preparation for a simplify_type change in llvm.
llvm-svn: 178146
2013-03-27 15:37:54 +00:00
David Blaikie 00be69ab5c Remove the CFGElement "Invalid" state.
Use Optional<CFG*> where invalid states were needed previously. In the one case
where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy
CFGAutomaticObjDtor.

Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek
and Doug Gregor.

Post commit code review feedback on r175796 by Ted Kremenek.

llvm-svn: 175938
2013-02-23 00:29:34 +00:00
David Blaikie 2a01f5d426 Replace CFGElement llvm::cast support to be well-defined.
See r175462 for another example/more details.

llvm-svn: 175796
2013-02-21 20:58:29 +00:00
David Blaikie 7a30dc53c5 Use None rather than Optional<T>() where possible.
llvm-svn: 175705
2013-02-21 01:47:18 +00:00
David Blaikie 05785d1622 Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.

llvm-svn: 175679
2013-02-20 22:23:23 +00:00
Jordan Rose a7d03840e6 Excise <cctype> from Clang (except clang-tblgen) in favor of CharInfo.h.
Nearly all of these changes are one-to-one replacements; the few that
aren't have to do with custom identifier validation.

llvm-svn: 174768
2013-02-08 22:30:41 +00:00
Ted Kremenek 7d86b9ce1e Add note why we used a switch.
llvm-svn: 174449
2013-02-05 22:03:14 +00:00
Ted Kremenek 8ae67871b4 Change subexpressions to be visited in the CFG from left-to-right.
This is a more natural order of evaluation, and it is very important
for visualization in the static analyzer.  Within Xcode, the arrows
will not jump from right to left, which looks very visually jarring.
It also provides a more natural location for dataflow-based diagnostics.

Along the way, we found a case in the analyzer diagnostics where we
needed to indicate that a variable was "captured" by a block.

-fsyntax-only timings on sqlite3.c show no visible performance change,
although this is just one test case.

Fixes <rdar://problem/13016513>

llvm-svn: 174447
2013-02-05 22:00:19 +00:00
Anna Zaks 064185a8ce [analyzer] add comment
llvm-svn: 174435
2013-02-05 19:52:26 +00:00
NAKAMURA Takumi cc4aaef0f2 clang/Analysis: Fix r174245, a valgrind error in AnalysisDeclContext::getBody(bool &IsAutosynthesized), to initialize IsAutosynthesized explicitly.
llvm-svn: 174303
2013-02-04 05:06:21 +00:00
Anna Zaks 00c69a597c [analyzer] Always inline functions with bodies generated by BodyFarm.
Inlining these functions is essential for correctness. We often have
cases where we do not inline calls. For example, the shallow mode and
when reanalyzing previously inlined ObjC methods as top level.

llvm-svn: 174245
2013-02-02 00:30:04 +00:00
Ted Kremenek 7ba78c679c -Wuninitialized: warn about uninitialized values resulting from ?: that evaluate to lvalues (in C++).
llvm-svn: 172875
2013-01-19 00:25:06 +00:00
DeLesley Hutchins 9fa426a666 Thread-safety analysis: ignore edges from throw expressions in CFG.
llvm-svn: 172858
2013-01-18 22:15:45 +00:00
Jordan Rose 1eb342920b Format strings: don't ever convert %+d to %lu.
Presumably, if the printf format has the sign explicitly requested, the user
wants to treat the data as signed.

This is a fix-up for r172739, and also includes several test changes that
didn't make it into that commit.

llvm-svn: 172762
2013-01-17 22:34:10 +00:00
Jordan Rose aa7a3b3e75 Format strings: correct signedness if already correcting width (%d,%u).
It is valid to do this:
  printf("%u", (int)x);

But if we see this:
  printf("%lu", (int)x);

...our fixit should suggest %d, not %u.

llvm-svn: 172739
2013-01-17 18:47:16 +00:00
Richard Smith 10876ef571 Implement C++11 semantics for [[noreturn]] attribute. This required splitting
it apart from [[gnu::noreturn]] / __attribute__((noreturn)), since their
semantics are not equivalent (for instance, we treat [[gnu::noreturn]] as
affecting the function type, whereas [[noreturn]] does not).

llvm-svn: 172691
2013-01-17 01:30:42 +00:00
Dmitri Gribenko f857950d39 Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h

llvm-svn: 172323
2013-01-12 19:30:44 +00:00
Enea Zaffanella 392291f7dc Test commit.
llvm-svn: 172195
2013-01-11 11:37:08 +00:00
Will Dietz df9a2bbcb1 CFG.cpp: Fix wrapping logic when printing block preds/succs.
First check only wrapped with i==8, second wrapped at i==2,8,18,28,...
This fix restores the intended behavior: i==8,18,28,...

Found with -fsanitize=integer.

llvm-svn: 171718
2013-01-07 09:51:17 +00:00
Richard Smith 2bf7fdb723 s/CPlusPlus0x/CPlusPlus11/g
llvm-svn: 171367
2013-01-02 11:42:31 +00:00
Nico Weber a2a0eb940a ArrayRefize a CompoundStmt constructor.
llvm-svn: 171238
2012-12-29 20:03:39 +00:00
Anna Zaks 4127750ed8 [analyzer] Fix typos.
llvm-svn: 170907
2012-12-21 17:27:04 +00:00
Anna Zaks 1ee76c1bae [analyzer] Re-apply r170826 and make the dumping of the GallGraph
deterministic.

Commit message for r170826:

[analyzer] Traverse the Call Graph in topological order.

Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.

Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.

Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.

llvm-svn: 170906
2012-12-21 17:27:01 +00:00
Rafael Espindola e7ec558f25 Revert r170826. The output of
./bin/clang -cc1 -internal-isystem /home/espindola/llvm/build/lib/clang/3.3/include/ -analyze -analyzer-checker=debug.DumpCallGraph /home/espindola/llvm/clang/test/Analysis/debug-CallGraph.c -fblocks

changes in each run.

llvm-svn: 170829
2012-12-21 01:30:23 +00:00
Anna Zaks 77ca7f1bbe [analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.

Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.

Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.

llvm-svn: 170826
2012-12-21 01:19:22 +00:00
Anna Zaks 5c32dfc5fb [analyzer] Add blocks and ObjC messages to the call graph.
This paves the road for constructing a better function dependency graph.
If we analyze a function before the functions it calls and inlines,
there is more opportunity for optimization.

Note, we add call edges to the called methods that correspond to
function definitions (declarations with bodies).

llvm-svn: 170825
2012-12-21 01:19:15 +00:00
DeLesley Hutchins 0cfa1a5a1d Thread-safety analysis: check member access on guarded non-primitive types.
llvm-svn: 169669
2012-12-08 03:46:30 +00:00
Ted Kremenek 3e871d8cf6 Use the BlockDecl captures list to infer the direct captures for a BlockDataRegion. Fixes <rdar://problem/12415065>.
We still need to do a recursive walk to determine all static/global variables
referenced by a block, which is needed for region invalidation.

llvm-svn: 169481
2012-12-06 07:17:26 +00:00