Commit Graph

99 Commits

Author SHA1 Message Date
Ted Kremenek 4b6fee6cc4 Rework CFG edges to encode potentially unreachable edges, instead of just making them NULL.
This is to support some analyses, like -Wunreachable-code, that
will need to recover the original unprunned CFG edges in order
to suppress issues that aren't really bugs in practice.

There are two important changes here:

- AdjacentBlock replaces CFGBlock* for CFG successors/predecessors.
  This has the size of 2 pointers, instead of 1.  This is unlikely
  to have a significant memory impact on Sema since a single
  CFG usually exists at one time, but could impact the memory
  usage of the static analyzer.  This could possibly be optimized
  down to a single pointer with some cleverness.

- Predecessors can now contain null predecessors, which means
  some analyses doing a reverse traversal will need to take into
  account.  This already exists for successors, which contain
  successor slots for specific branch kinds (e.g., 'if') that
  expect a fixed number of successors, even if a branch is
  not reachable.

llvm-svn: 202325
2014-02-27 00:24:00 +00:00
Richard Smith ba8071ec81 PR16054: Slight strengthening for -Wsometimes-uninitialized: if we use a
variable uninitialized every time we reach its (reachable) declaration, or
every time we call the surrounding function, promote the warning from
-Wmaybe-uninitialized to -Wsometimes-uninitialized.

This is still slightly weaker than desired: we should, in general, warn
if a use is uninitialized the first time it is evaluated.

llvm-svn: 190623
2013-09-12 18:49:10 +00:00
Robert Wilhelm 25284cc95b Use pop_back_val() instead of both back() and pop_back().
No functionality change intended.

llvm-svn: 189112
2013-08-23 16:11:15 +00:00
Jordan Rose a7f94ce8a3 Remove unused, awkward CFGStmtVisitor and subclasses.
This class is a StmtVisitor that distinguishes between block-level and
non-block-level statements in a CFG. However, it does so using a hard-coded
idea of which statements might be block-level, which probably isn't accurate
anymore. The only implementer of the CFGStmtVisitor hierarchy was the
analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG
anyway (every non-trivial statement is a block-level statement).

This also allows us to remove the block-expr map ("BlkExprMap"), which
mapped statements to positions in the CFG. Apart from having a helper type
that really should have just been Optional<unsigned>, it was only being
used to ask /if/ a particular expression was block-level, for traversal
purposes in CFGStmtVisitor.

llvm-svn: 181945
2013-05-15 23:22:55 +00:00
David Blaikie 00be69ab5c Remove the CFGElement "Invalid" state.
Use Optional<CFG*> where invalid states were needed previously. In the one case
where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy
CFGAutomaticObjDtor.

Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek
and Doug Gregor.

Post commit code review feedback on r175796 by Ted Kremenek.

llvm-svn: 175938
2013-02-23 00:29:34 +00:00
David Blaikie 2a01f5d426 Replace CFGElement llvm::cast support to be well-defined.
See r175462 for another example/more details.

llvm-svn: 175796
2013-02-21 20:58:29 +00:00
David Blaikie 7a30dc53c5 Use None rather than Optional<T>() where possible.
llvm-svn: 175705
2013-02-21 01:47:18 +00:00
David Blaikie 05785d1622 Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.

llvm-svn: 175679
2013-02-20 22:23:23 +00:00
Ted Kremenek 7ba78c679c -Wuninitialized: warn about uninitialized values resulting from ?: that evaluate to lvalues (in C++).
llvm-svn: 172875
2013-01-19 00:25:06 +00:00
Dmitri Gribenko f857950d39 Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h

llvm-svn: 172323
2013-01-12 19:30:44 +00:00
Enea Zaffanella 392291f7dc Test commit.
llvm-svn: 172195
2013-01-11 11:37:08 +00:00
Benjamin Kramer ea70eb30a0 Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.
Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.

llvm-svn: 169092
2012-12-01 15:09:41 +00:00
Ted Kremenek 778a6ed358 Further reduce "-fsyntax-only -Wuninitialized" time on sqlite3.c by another 2.5% using intelligent pruning of blocks during the final reporting pass.
llvm-svn: 168257
2012-11-17 07:18:30 +00:00
Ted Kremenek 4431a03928 Switch -Wuninitialized to use a reverse-post order traversal as
an initial baseline for enqueued blocks, but use a simple DFS stack
for propagating changes quickly up back edges.

This provides a 3.5% reduction in -fsyntax-only time on sqlite3.c.

llvm-svn: 168241
2012-11-17 02:00:00 +00:00
Benjamin Kramer 5721daae02 Avoid malloc thrashing in the uninitialized value analysis.
- The size of the packed vector is often small, save mallocs using SmallBitVector.
- Copying SmallBitVectors is also cheap, remove a level of indirection.

llvm-svn: 164827
2012-09-28 16:44:29 +00:00
Ted Kremenek edf22edca0 Teach -Wuninitialized to recognize common "noreturn" idioms in
Objective-C related to NSException.

Fixes <rdar://problem/12287498>

I debated whether or not this logic should be sunk into the CFG
itself.  It's not clear if we should, as different analyses may
wish to have different policies.  We can re-evaluate this in the
future.

llvm-svn: 163760
2012-09-13 00:21:35 +00:00
Ted Kremenek 7979ccf35a Teach -Wuninitialized to recognize __attribute__((analyzer_noreturn))
for halting the propagation of uninitialized value tracking along
a path.  Unlike __attribute__((noreturn)), this attribute (which
is used by clients of the static analyzer) can be used to annotate
functions that essentially never return, but in rare cares may be
allowed to return for (special) debugging purposes.  This attribute
has been shown in reducing false positives in the static analyzer
by pruning false postives, and is equally applicable here.

Handling this attribute in the CFG itself is another option, but
this is not something all clients (e.g., possibly -Wunreachable-code)
would want to see.

Addresses <rdar://problem/12281583>.

llvm-svn: 163681
2012-09-12 05:53:43 +00:00
Ted Kremenek 6080d32194 Simplify UninitializedValues.cpp by removing logic to handle the previous (imprecise) representation
of '&&' and '||' in the CFG.  This is no longer needed, and greatly simplifies the code.

llvm-svn: 160494
2012-07-19 04:59:05 +00:00
Richard Smith b21dd02e61 Uninitialized variables: two little changes:
* Treat compound assignment as a use, at Jordy's request.
 * Always add compound assignments into the CFG, so we can correctly diagnose the use in 'return x += 1;'

llvm-svn: 160334
2012-07-17 01:27:33 +00:00
Richard Smith 6376d1fd9c -Wuninitialized: Split the classification of DeclRefExprs as initialization or
use out of TransferFunctions, and compute it in advance rather than on-the-fly.

This allows us to handle compound assignments with DeclRefExprs on the RHS
correctly, and also makes it trivial to treat const& function parameters as not
initializing the argument. The patch also makes both of those changes.

llvm-svn: 160330
2012-07-17 00:06:14 +00:00
Richard Smith 130b8d4e97 PR13360: When deciding the earliest point which inevitably leads to an
uninitialized variable use, walk back over branches where we've reached all the
non-null successors, not just cases where we've reached all successors.

llvm-svn: 160206
2012-07-13 23:33:44 +00:00
Richard Smith b721e301df -Wuninitialized: assume that an __attribute__((returns_twice)) function might
initialize any variable. This is extremely conservative, but is sufficient for
now.

llvm-svn: 159620
2012-07-02 23:23:04 +00:00
Richard Smith a8d4f229a6 -Wuninitialized bugfix: when entering the scope of a variable with no
initializer, it is uninitialized, even if we may be coming from somewhere where
it was initialized.

llvm-svn: 158611
2012-06-16 23:34:14 +00:00
David Blaikie 40ed29730b Revert Decl's iterators back to pointer value_type rather than reference value_type
In addition, I've made the pointer and reference typedef 'void' rather than T*
just so they can't get misused. I would've omitted them entirely but
std::distance likes them to be there even if it doesn't use them.

This rolls back r155808 and r155869.

Review by Doug Gregor incorporating feedback from Chandler Carruth.

llvm-svn: 158104
2012-06-06 20:45:41 +00:00
Richard Smith 4323bf8e2e Split a chunk of -Wconditional-uninitialized warnings out into a separate flag,
-Wsometimes-uninitialized. This detects cases where an explicitly-written branch
inevitably leads to an uninitialized variable use (so either the branch is dead
code or there is an uninitialized use bug).

This chunk of warnings tentatively lives within -Wuninitialized, in order to
give it more visibility to existing Clang users.

llvm-svn: 157458
2012-05-25 02:17:09 +00:00
Richard Smith 3d31e8b280 Some cleanups around the uninitialized variables warning, and a FIXME. No functional change.
llvm-svn: 157440
2012-05-24 23:45:35 +00:00
David Blaikie 2d7c57ec1d Remove the ref/value inconsistency in filter_decl_iterator.
filter_decl_iterator had a weird mismatch where both op* and op-> returned T*
making it difficult to generalize this filtering behavior into a reusable
library of any kind.

This change errs on the side of value, making op-> return T* and op* return
T&.

(reviewed by Richard Smith)

llvm-svn: 155808
2012-04-30 02:36:29 +00:00
Richard Smith 6a52771823 PR11926 + duplicates: Fix crash in -Wuninitialized when using a compiler like
g++4.7, which reuses stack space allocated for temporaries. CFGElement::getAs
returns a suitably-cast version of 'this'. Patch by Markus Trippelsdorf!

No test: this code has the same observable behavior as the old code when built
with most compilers, and the tests were already failing when built with a
compiler for which this produced a broken binary.

llvm-svn: 155803
2012-04-30 00:16:51 +00:00
Argyrios Kyrtzidis 981a961d03 Move llvm/ADT/SaveAndRestore.h -> llvm/Support/SaveAndRestore.h.
Needs llvm update.

llvm-svn: 151829
2012-03-01 19:45:56 +00:00
Argyrios Kyrtzidis bb5abc7b49 Move "clang/Analysis/Support/SaveAndRestore.h" to "llvm/ADT/SaveAndRestore.h"
to make it more widely available.

Depends on llvm commit r151564

llvm-svn: 151566
2012-02-27 21:09:45 +00:00
Ted Kremenek 81ce1c8a99 Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
llvm-svn: 142782
2011-10-24 01:32:45 +00:00
Ted Kremenek 596fa16dd3 Tweak -Wuninitialized's handling of 'int x = x' to report that as the root cause of an uninitialized variable IFF there are other uses of that uninitialized variable. Fixes <rdar://problem/9259237>.
llvm-svn: 141881
2011-10-13 18:50:06 +00:00
Ted Kremenek f8fd4d4962 Fix infinite loop in -Wuninitialized reported in PR 11069.
llvm-svn: 141345
2011-10-07 00:42:48 +00:00
Ted Kremenek aed4677a1c -Wuninitialized: fix insidious bug resulting from interplay of blocks and dead code. Fixes <rdar://problem/10060250>.
llvm-svn: 139027
2011-09-02 19:39:26 +00:00
Ted Kremenek adfb445466 Constify the result of CFGStmt::getStmt().
llvm-svn: 138408
2011-08-23 23:05:04 +00:00
Ted Kremenek 417d566775 Remove dead code.
llvm-svn: 138183
2011-08-20 01:15:28 +00:00
Chad Rosier 6fdf38bfbd Fix else style. No functionality change intended.
llvm-svn: 137896
2011-08-17 23:08:45 +00:00
Ted Kremenek 5ef32dbf2a Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
Ted Kremenek a0cdf58b0c Fix another -Wuninitialized assertion failure (this one involving bit casts) resulting from the recent -Wuninitialized changes.
llvm-svn: 137068
2011-08-08 21:43:08 +00:00
Ted Kremenek 75842e4946 Fix assertion failure in -Wuninitialized involving no-op casts. Fixes PR 10577.
llvm-svn: 136939
2011-08-04 22:40:57 +00:00
Chris Lattner 0e62c1cc0b remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.

llvm-svn: 135852
2011-07-23 10:55:15 +00:00
Chandler Carruth 4dd6c043ae Move duplicate uninitialized warning suppression into the
AnalysisBasedWarnings Sema layer and out of the Analysis library itself.
This returns the uninitialized values analysis to a more pure form,
allowing its original logic to correctly detect some categories of
definitely uninitialized values. Fixes PR10358 (again).

Thanks to Ted for reviewing and updating this patch after his rewrite of
several portions of this analysis.

llvm-svn: 135748
2011-07-22 05:27:52 +00:00
Ted Kremenek 81383c20e4 Fix -Wuninitialized regression involving functions invalidating parameters passed by reference.
llvm-svn: 135610
2011-07-20 19:49:47 +00:00
Ted Kremenek 65b3e0649c Fix false negative in -Wuninitialized involving a () wrapping an lvalue-to-rvalue conversion in a DeclStmt.
llvm-svn: 135525
2011-07-19 21:41:51 +00:00
Ted Kremenek 5d855bf7f2 Fix assertion failure in UninitializedValues.cpp where an lvalue to rvalue conversion is wrapped in a parenthesis.
llvm-svn: 135519
2011-07-19 20:33:49 +00:00
Ted Kremenek 9e100ea1a8 Reduce -Wuninitialized time by 22% (on sqlite) by removing the recursive AST crawl.
This is accomplished by forcing the needed expressions for -Wuninitialized to always be CFGElements in the CFG.
This allows us to remove a fair amount of the code for -Wuninitialized.

Some fallout:
- AnalysisBasedWarnings.cpp now specifically toggles the CFGBuilder to create a CFG that is suitable for -Wuninitialized.  This
is a layering violation, since the logic for -Wuninitialized is in libAnalysis.  This can be fixed with the proper refactoring.
- Some of the source locations for -Wunreachable-code warnings have shifted.  While not ideal, this is okay because that analysis
already needs some serious reworking.

llvm-svn: 135480
2011-07-19 14:18:48 +00:00
Chandler Carruth 7cf5a37605 Revert r135217, which wasn't the correct fix for PR10358. With this
patch, we actually move the state-machine for the value set backwards
one step. This can pretty easily lead to infinite loops where we
continually try to propagate a bit, succeed for one iteration, but then
back up because we find an uninitialized use.

A reduced test case from PR10379 is included.

llvm-svn: 135359
2011-07-16 22:27:02 +00:00
Ted Kremenek f0b28d7fe5 Fix false negative reported in PR 10358 by using 'Unknown' in -Wuninitialized to avoid cascading warnings. Patch by Kaelyn Uhrain.
llvm-svn: 135217
2011-07-14 23:43:06 +00:00
Chandler Carruth a532863131 Make the worklist in the uninitialized values checker actually a queue.
Previously, despite the names 'enqueue' and 'dequeue', it behaved as
a stack and visited blocks in a LIFO fashion. This interacts badly with
extremely broad CFGs *inside* of a loop (such as a large switch inside
a state machine) where every block updates a different variable.

When encountering such a CFG, the checker visited blocks in essentially
a "depth first" order due to the stack-like behavior of the work list.
Combined with each block updating a different variable, the saturation
logic of the checker caused it to re-traverse blocks [1,N-1] of the
broad CFG inside the loop after traversing block N. These re-traversals
were to propagate the variable values derived from block N. Assuming
approximately the same number of variables as inner blocks exist, the
end result is O(N^2) updates. By making this a queue, we also make the
traversal essentially "breadth-first" across each of the N inner blocks
of the loop. Then all of this state is propagated around to all N inner
blocks of the loop. The result is O(N) updates.

The truth is in the numbers:
Before, gcc.c:   96409 block visits  (max: 61546,   avg: 591)
After,  gcc.c:   69958 block visits  (max: 33090,   avg: 429)
Before, PR10183: 2540494 block vists (max: 2536495, avg: 37360)
After,  PR10183: 137803 block visits (max: 134406,  avg: 2026)

The nearly 20x reduction in work for PR10183 corresponds to a roughly
100x speedup in compile time.

I've tested it on all the code I can get my hands on, and I've seen no
slowdowns due to this change. Where I've collected stats, the ammount of
work done is on average less. I'll also commit shortly some synthetic
test cases useful in analyzing the performance of CFG-based warnings.

Submitting this based on Doug's feedback that post-commit review should
be good. Ted, please review! Hopefully this helps compile times until
then.

llvm-svn: 134697
2011-07-08 11:19:06 +00:00
Chandler Carruth b4836ea7a8 Build up statistics about the work done for analysis based warnings.
Special detail is added for uninitialized variable analysis as this has
serious performance problems than need to be tracked.

Computing some of this data is expensive, for example walking the CFG to
determine its size. To avoid doing that unless the stats data is going
to be used, we thread a bit into the Sema object to track whether
detailed stats should be collected or not. This bit is used to avoid
computations whereever the computations are likely to be more expensive
than checking the state of the flag. Thus, counters are in some cases
unconditionally updated, but the more expensive (and less frequent)
aggregation steps are skipped.

With this patch, we're able to see that for 'gcc.c':
*** Analysis Based Warnings Stats:
232 functions analyzed (0 w/o CFGs).
  7151 CFG blocks built.
  30 average CFG blocks per function.
  1167 max CFG blocks per function.
163 functions analyzed for uninitialiazed variables
  640 variables analyzed.
  3 average variables per function.
  94 max variables per function.
  96409 block visits.
  591 average block visits per function.
  61546 max block visits per function.

And for the reduced testcase in PR10183:
*** Analysis Based Warnings Stats:
98 functions analyzed (0 w/o CFGs).
  8526 CFG blocks built.
  87 average CFG blocks per function.
  7277 max CFG blocks per function.
68 functions analyzed for uninitialiazed variables
  1359 variables analyzed.
  19 average variables per function.
  1196 max variables per function.
  2540494 block visits.
  37360 average block visits per function.
  2536495 max block visits per function.

That last number is the somewhat scary one that indicates the problem in
PR10183.

llvm-svn: 134494
2011-07-06 16:21:37 +00:00