Commit Graph

2736 Commits

Author SHA1 Message Date
Hans Wennborg 6073e31baa scanf: parse the 'm' length modifier, and check that the right arguments
are used with that and the 'a' length modifier.

llvm-svn: 148029
2012-01-12 17:11:12 +00:00
Hans Wennborg fd950878fa scanf analysis: the 'a' length modifier is valid with a scanlist
Before r148025 we (accidentally) didn't check whether a length modifier is
appropriate for a scanlist, but now we do.

llvm-svn: 148026
2012-01-12 15:07:16 +00:00
Hans Wennborg 32f115f9c1 scanf analysis: don't bail out after successful parse of scanlist
llvm-svn: 148025
2012-01-12 14:44:54 +00:00
Zhongxing Xu f0cb43f561 Add elidable CXXConstructExpr as block-level expr. It converts an lvalue to a rvalue, which is a useful step during AST evaluation.
llvm-svn: 147918
2012-01-11 02:39:07 +00:00
DeLesley Hutchins 9d53033de6 Thread safety analysis: added support for trylock attribute.
llvm-svn: 147672
2012-01-06 19:16:50 +00:00
DeLesley Hutchins 9b7022e570 Added LocalVariableMap
llvm-svn: 147670
2012-01-06 18:36:09 +00:00
Ted Kremenek 990464cb30 Teach the static analyzer to not treat XPC types as CF types.
llvm-svn: 147506
2012-01-04 00:35:48 +00:00
DeLesley Hutchins 714296cb31 Support for thread safety attributes on functions
llvm-svn: 147331
2011-12-29 00:56:48 +00:00
Hans Wennborg e5f554ac48 Support the 'a' scanf length modifier as an extension in C++.
It should not be supported in C++11, since that uses the C99 standard
library, in which 'a' is a format specifier.

llvm-svn: 147310
2011-12-28 13:10:50 +00:00
Zhongxing Xu 86a68d078c Enable the user to control whether CXXConstructExpr will be added as a
block-level expr. Currently CXXConstructExpr is always added as a block-level
expr. This caused two problems for the analyzer (and potentially for the
CFG-based codegen).
1. We have no way to know whether a ctor call is base or complete.
2. We have no way to know the destination object being contructed.

llvm-svn: 147306
2011-12-28 04:38:46 +00:00
Ted Kremenek 72be32af88 Colorize and condense CFG pretty-printing.
llvm-svn: 147203
2011-12-22 23:33:52 +00:00
Ted Kremenek 299cfb7a02 Enhance AnalysisDeclContext::getReferencedBlockVars() to understand PseudoObjExprs. It turns out
that the information collected by this method is a super set of the captured variables in BlockDecl.

llvm-svn: 147122
2011-12-22 01:30:46 +00:00
Ted Kremenek c177d9faf5 Fix regression in LiveVariables when reasoning about variables captured by blocks.
llvm-svn: 147116
2011-12-22 00:46:32 +00:00
Ted Kremenek 1a7648b666 Improve CFG pretty-printing for CXXConstructExprs.
llvm-svn: 147068
2011-12-21 19:39:59 +00:00
Ted Kremenek 0ffba93e51 Improve CFG pretty-printing of CastExprs.
llvm-svn: 147066
2011-12-21 19:32:38 +00:00
Chandler Carruth 1c032e0dc0 Update the CMake build for r146959's new files.
llvm-svn: 146967
2011-12-20 08:42:15 +00:00
David Blaikie 68e081d606 Unweaken vtables as per http://llvm.org/docs/CodingStandards.html#ll_virtual_anch
llvm-svn: 146959
2011-12-20 02:48:34 +00:00
Douglas Gregor dc9166c8e1 Keep track of all declarations of an Objective-C class (both forward
declarations and definitions) as ObjCInterfaceDecls within the same
redeclaration chain. This new representation matches what we do for
C/C++ variables/functions/classes/templates/etc., and makes it
possible to answer the query "where are all of the declarations of
this class?"

llvm-svn: 146679
2011-12-15 20:29:51 +00:00
Hans Wennborg 23926bd2d7 Support the 'a' length modifier in scanf format strings as a C90
extension.

This fixes gcc.dg/format/c90-scanf-3.c and ext-4.c (test for excess
errors).

llvm-svn: 146649
2011-12-15 10:25:47 +00:00
Hans Wennborg b1a5e09f6f Check that arguments to a scanf call match the format specifier,
and offer fixits when there is a mismatch.

llvm-svn: 146326
2011-12-10 13:20:11 +00:00
Hans Wennborg 0c35326302 Remove unnecessary braces from my previous commit.
llvm-svn: 146259
2011-12-09 15:57:33 +00:00
Hans Wennborg a5b1aa99c7 Make printf warnings refer to wint_t and wchar_t by name
in addition to underlying type.

llvm-svn: 146254
2011-12-09 12:22:12 +00:00
Hans Wennborg a8b042d31a Move definition of ConversionSpecifier::toString() to FormatString.cpp
It's declared in FormatString.h, so it shouldn't be defined in
PrintfFormatString.cpp.

llvm-svn: 146253
2011-12-09 11:11:07 +00:00
Hans Wennborg 2027de3be9 fix format specifier fixit for printf("%ld", "foo");
It should reset the length modifier (unless it's a wchar_t string).

llvm-svn: 146252
2011-12-09 10:51:29 +00:00
DeLesley Hutchins f7faa6a69b This patch extends thread safety analysis with support for the scoped_lockable attribute.
llvm-svn: 146174
2011-12-08 20:23:06 +00:00
Hans Wennborg 772e9270f6 Make printf warnings refer to intmax_t et al. by name
in addition to underlying type.

For example, the warning for printf("%zu", 42.0);
changes from "conversion specifies type 'unsigned long'" to "conversion
specifies type 'size_t' (aka 'unsigned long')"

(This is a second attempt after r145697, which got reverted.)

llvm-svn: 146032
2011-12-07 10:33:11 +00:00
Anna Zaks 02a1fc1da6 [analyzer] Rely on LLVM Dominators in Clang dominator computation.
(Previously, Clang used it's implementation of dominators.)

The patch is contributed by Guoping Long!

llvm-svn: 145858
2011-12-05 21:33:11 +00:00
Nick Lewycky 45ccba64ab Revert r145697 and dependent patch r145702. It added a dependency from
lib/Analysis to lib/Sema which is cyclical.

llvm-svn: 145724
2011-12-02 23:21:43 +00:00
Hans Wennborg 4d99c7a6dd Make r145697 actually work.
Use the canonical type of the typedef to compare with the underlying type.

llvm-svn: 145702
2011-12-02 20:32:01 +00:00
Hans Wennborg 70f7213d2c Make conversion specifier warning refer to typedef if possible.
For example, the warning for printf("%zu", 42.0);
changes from "conversion specifies type 'unsigned long'" to "conversion
specifies type 'size_t' (aka 'unsigned long')"

llvm-svn: 145697
2011-12-02 19:22:15 +00:00
Douglas Gregor 6c8f07ff46 Teach the CFG builder how to properly destroy temporaries who
lifetimes have been extended via reference binding. The type of the
reference and the type of the temporary are not necessarily the same,
which could cause a crash. Fixes <rdar://problem/10398199>.

llvm-svn: 144646
2011-11-15 15:29:30 +00:00
Ted Kremenek b39fcfaa19 [analyzer] teach AnalysisDeclContext::getSelfDecl() about blocks that capture the 'self' variable of the enclosing ObjC method decl. Fixes <rdar://problem/10380300>.
llvm-svn: 144556
2011-11-14 19:36:08 +00:00
John McCall 29928fc563 We don't add ExprWithCleanups to the CFG, and getSVal looks
through it, so we should look through it for the live-values
analysis as well.

llvm-svn: 144190
2011-11-09 17:10:36 +00:00
John McCall fe96e0b6be Change the AST representation of operations on Objective-C
property references to use a new PseudoObjectExpr
expression which pairs a syntactic form of the expression
with a set of semantic expressions implementing it.
This should significantly reduce the complexity required
elsewhere in the compiler to deal with these kinds of
expressions (e.g. IR generation's special l-value kind,
the static analyzer's Message abstraction), at the lower
cost of specifically dealing with the odd AST structure
of these expressions.  It should also greatly simplify
efforts to implement similar language features in the
future, most notably Managed C++'s properties and indexed
properties.

Most of the effort here is in dealing with the various
clients of the AST.  I've gone ahead and simplified the
ObjC rewriter's use of properties;  other clients, like
IR-gen and the static analyzer, have all the old
complexity *and* all the new complexity, at least
temporarily.  Many thanks to Ted for writing and advising
on the necessary changes to the static analyzer.

I've xfailed a small diagnostics regression in the static
analyzer at Ted's request.

llvm-svn: 143867
2011-11-06 09:01:30 +00:00
Ted Kremenek 977e30d1c4 Tweak LookThroughStmt() in LiveVariables to properly look through alternativing ParenExprs and OpaqueValueExprs. Thanks to Anna and Argiris for iterating on this function. My original patch embarssingly didn't even pass the Clang tests.
llvm-svn: 143797
2011-11-05 07:34:28 +00:00
Argyrios Kyrtzidis c843fd2afb LookThroughStmt GM release.
llvm-svn: 143796
2011-11-05 07:09:40 +00:00
Argyrios Kyrtzidis e2cbe86dc4 LookThroughStmt v4.6.3
llvm-svn: 143795
2011-11-05 07:06:54 +00:00
Argyrios Kyrtzidis 6b4fa1b4d6 Simplify LookThroughStmt in LiveVariables.cpp
llvm-svn: 143794
2011-11-05 07:03:54 +00:00
Anna Zaks 04994959a3 Another correction to the LiveVariables commit (r143767, r143780).
Make test/Analysis/misc-ps.c test pass.

llvm-svn: 143790
2011-11-05 05:20:59 +00:00
Argyrios Kyrtzidis 3c89fdae03 Fix infinite loop in LiveVariables due to a misplaced 'break' (it would break out of
switch statement, not the while loop).

llvm-svn: 143780
2011-11-05 04:03:43 +00:00
Ted Kremenek 5717049d8e Teach LiveVariables to look through OpaqueValueExprs for extending Stmt liveness.
llvm-svn: 143767
2011-11-05 00:26:53 +00:00
Ted Kremenek 04268232df Per discussion with John McCall, don't add OpaqueValueExprs to the CFG.
llvm-svn: 143766
2011-11-05 00:10:15 +00:00
Richard Smith 7b553f1b19 Rename Expr::Evaluate to Expr::EvaluateAsRValue to make it clear that it will
implicitly perform an lvalue-to-rvalue conversion if used on an lvalue
expression. Also improve the documentation of Expr::Evaluate* to indicate which
of them will accept expressions with side-effects.

llvm-svn: 143263
2011-10-29 00:50:52 +00:00
Hans Wennborg 27541dbe1a Teach format string analysis that "%zu" means size_t.
The code had it backwards, thinking size_t was signed, and using that for "%zd".

Also let the analysis get the types for (u)intmax_t while we are at it.

llvm-svn: 143099
2011-10-27 08:29:09 +00:00
Ted Kremenek 74e82bd190 Tweak printf format string parsing to accept 'hh' conversion specifier to accept any char, not just signed char. Fixes <rdar://problem/10303638>.
llvm-svn: 142908
2011-10-25 04:20:41 +00:00
Ted Kremenek 0062e74961 Add source-level dominators analysis. Patch by Guoping Long!
llvm-svn: 142885
2011-10-25 00:25:24 +00:00
Chandler Carruth 6f2e6522d9 Actually rename the file AnalysisContext.cpp -> AnalysisDeclContext.cpp
to match the CMakeLists.txt change in r142782; this should fix the CMake
build.

llvm-svn: 142784
2011-10-24 01:47:37 +00:00
Ted Kremenek 81ce1c8a99 Rename AnalysisContext to AnalysisDeclContext. Not only is this name more accurate, but it frees up the name AnalysisContext for other uses.
llvm-svn: 142782
2011-10-24 01:32:45 +00:00
Ted Kremenek 142adc492b [analyzer] Remove LocationContext creation methods from AnalysisManager, and change clients to use AnalysisContext instead.
WIP to remove/reduce ExprEngine's usage of AnalysisManager.

llvm-svn: 142739
2011-10-23 02:31:52 +00:00
Ted Kremenek 4b4c51c323 Refactor ThreadSafety to use PostOrderCFGView instead of its own copy (of TopologicallySortedCFG).
llvm-svn: 142714
2011-10-22 02:14:27 +00:00
Ted Kremenek 5abde7cd5e Pull TopologicallySortedCFG out of LiveVariables into its own analysis: PostOrderCFGView.
llvm-svn: 142713
2011-10-22 02:14:23 +00:00
DeLesley Hutchins f893e8ab87 Added support for thread safety attributes on destructors.
llvm-svn: 142685
2011-10-21 20:51:27 +00:00
DeLesley Hutchins c20905110a Thread safety analysis refactoring: invalid lock expressions.
llvm-svn: 142666
2011-10-21 18:10:14 +00:00
DeLesley Hutchins db917bdea2 Thread safety analysis: add support for attributes on constructors.
llvm-svn: 142665
2011-10-21 18:06:53 +00:00
DeLesley Hutchins 3d312b175a Refactoring and code cleanup.
llvm-svn: 142654
2011-10-21 16:14:33 +00:00
John McCall 59207978e6 More metaprogramming with builtin types.
llvm-svn: 142433
2011-10-18 22:28:37 +00:00
Hans Wennborg f99d04f841 Suggest %zu for size_t args to printf.
For PR11152. Make PrintSpecifier::fixType() suggest "%zu" for size_t, etc.
rather than looking at the underlying type and suggesting "%llu" or other
platform-specific length modifiers. Applies to C99 and C++11.

llvm-svn: 142342
2011-10-18 08:10:06 +00:00
DeLesley Hutchins 30abeb1680 Substitute for arguments in method calls -- functionality
llvm-svn: 142267
2011-10-17 21:38:02 +00:00
DeLesley Hutchins a088f67bee Substitute for arguments in method calls -- refactoring
llvm-svn: 142260
2011-10-17 21:33:35 +00:00
John McCall 8a6b59ad97 Add a new placeholder type to represent "unbridged"
casts in ARC.

No semantic analysis yet.

llvm-svn: 142208
2011-10-17 18:09:15 +00:00
Anton Korobeynikov f0c267e6e0 Provide half floating point support as a storage only type.
Lack of half FP was a regression compared to llvm-gcc.

llvm-svn: 142016
2011-10-14 23:23:15 +00:00
Richard Smith faa32a9b83 Refactor static analyzer to use simpler interface to constant expression evaluation.
llvm-svn: 141983
2011-10-14 20:22:00 +00:00
Ted Kremenek 596fa16dd3 Tweak -Wuninitialized's handling of 'int x = x' to report that as the root cause of an uninitialized variable IFF there are other uses of that uninitialized variable. Fixes <rdar://problem/9259237>.
llvm-svn: 141881
2011-10-13 18:50:06 +00:00
Ted Kremenek dccc2b2277 Remove AnalysisContext::getLiveVariables(), and introduce a templatized mechanism to lazily create analyses that are attached to AnalysisContext objects.
llvm-svn: 141425
2011-10-07 22:21:02 +00:00
Anna Zaks 8de8cfdd21 ProgramPoint cleanup after the previous commit r141408 (remove the copy constructor, mark withTag const).
Move getProgramPoint() utility from CoreEngine.cpp into ProgramPoint.

llvm-svn: 141414
2011-10-07 21:01:38 +00:00
Ted Kremenek f8fd4d4962 Fix infinite loop in -Wuninitialized reported in PR 11069.
llvm-svn: 141345
2011-10-07 00:42:48 +00:00
Ted Kremenek b7531d622d [static analyzer] Fix crash in LiveVariables and Environment::getSVal() when analyzing C++ pointer-to-member calls. Fixes <rdar://problem/10243398>.
llvm-svn: 141312
2011-10-06 20:53:28 +00:00
Ted Kremenek c8f008ac31 Fix another major performance regression in LiveVariables by not canonicalizing the underlying ImmutableSets on every analyzed statement (just at merges). Fixes <rdar://problem/10087538>.
llvm-svn: 140958
2011-10-02 01:45:37 +00:00
Ted Kremenek 2a14c695eb Fix LiveVariables analysis bug with MaterializeTemporaryExpr and fix handling in ExprEngine. Fixes <rdar://problem/10201666>.
llvm-svn: 140956
2011-10-02 00:54:48 +00:00
John McCall 525f05597f Tweak the interface for analyzing the CF conventions for a name
to take a FunctionDecl* instead of an llvm::StringRef.  Eventually
we might push more logic in there, like using slightly different
conventions for C++ methods.

Also, fix a bug where 'copy' and 'create' were being caught in 
non-camel-cased strings.  We want copyFoo and CopyFoo and XCopy
but not Xcopy or xcopy.

llvm-svn: 140911
2011-10-01 00:48:56 +00:00
David Blaikie aa347f9392 Removing a bunch of dead returns/breaks after llvm_unreachables.
llvm-svn: 140407
2011-09-23 20:26:49 +00:00
David Blaikie 83d382b1ca Switch assert(0/false) llvm_unreachable.
llvm-svn: 140367
2011-09-23 05:06:16 +00:00
DeLesley Hutchins 08e094aee3 Test commit
llvm-svn: 140149
2011-09-20 17:25:59 +00:00
Anna Zaks c2b3c1f14b [analyzer] Constify a method.
llvm-svn: 140091
2011-09-19 23:17:48 +00:00
Ted Kremenek 459597a6eb Fix massive LiveVariables regression (due to LiveVariables rewrite) by addressing two performance problems:
- Speed of "merge()", which merged data flow facts.  This was doing a set canonicalization on every insertion, which was super slow.
  To fix this, we use ImmutableSetRef.

- Visit CFGBlocks in reverse postorder.  This is a huge speedup, as on some test cases the algorithm would take many iterations
  to converge.

This contains a bunch of copy-paste from UninitializedValues.cpp and ThreadSafety.cpp.  The idea
was to get something working first, and then refactor the common logic for all three files into
a separate analysis/library entry point.

llvm-svn: 139968
2011-09-16 23:01:39 +00:00
Caitlin Sadowski 086fb95da5 Thread safety: Adding FIXMEs and a couple cleanups
llvm-svn: 139894
2011-09-16 00:35:54 +00:00
Caitlin Sadowski 6525fb25cb Thread safety: completeing the implementation of shared/exclusive locks required attributes
llvm-svn: 139804
2011-09-15 17:43:08 +00:00
Caitlin Sadowski af9b7c5f8b Thread safety: refactoring various out of scope warnings to use the same inteface. This eliminates a lot of unnecessary duplicated code.
llvm-svn: 139801
2011-09-15 17:25:19 +00:00
Caitlin Sadowski 5b34a2fd6e Thread safety: adding additional documentation to the main thread safety interface, and making the destructor for the thread safety handler pure virtual
llvm-svn: 139722
2011-09-14 20:05:09 +00:00
Caitlin Sadowski 787c2a1b09 Thread safety: adding test cases for unparseable lock expressions and expanding the handling of these expressions
llvm-svn: 139720
2011-09-14 20:00:24 +00:00
Chandler Carruth 75d78232fd Add a bit to the CFGBlock to track when it contains a no-return
CFGElement. This will allow greatly simplifying the logic in
-Wreturn-type.

llvm-svn: 139593
2011-09-13 09:53:55 +00:00
Chandler Carruth a70991bb3f Consolidate the logic for building a no-return CFG block into a single
location with a single comment rather than scattering it in three
places.

llvm-svn: 139592
2011-09-13 09:13:49 +00:00
Chandler Carruth ad74725ab5 Enhance the CFG construction to detect no-return destructors for
temporary objects and local variables. When detected, these split the
block, marking the new one as having only the exit block as a successor.
This prevents a large number of false positives in warnings sensitive to
no-return constructs such as -Wreturn-type, and fixes the remainder of
PR10063 along with several variations of this bug that had not been
reported. The test cases are extended across the board to cover these
patterns.

This also checks in a stress test for these types of CFGs. The stress
test declares some 32k variables, a mixture of no-return and normal
destructors. Previously, this resulted in roughly 2500 CFG blocks, but
didn't model any of the no-return destructors. With this patch, it
results in over 33k blocks, many of them now unreachable.

The nice thing about how the analyzer is set up? This causes *no*
regression in performance of building the CFG. It actually in some cases
makes it faster, as best I can benchmark. The analysis for -Wreturn-type
(and any other that cares about no-return code paths) is technically
slower now as it has to look at many more candidate blocks, but it
computes the correct answer. I have more test cases to follow, I think
they all work now. Also I have further work that should dramatically
simplify analyses in the presence of no-return.

llvm-svn: 139586
2011-09-13 06:09:01 +00:00
Caitlin Sadowski eecd273951 Thread safety: small formatting change
llvm-svn: 139548
2011-09-12 22:28:41 +00:00
Benjamin Kramer 8a8051f2cd Silence "end of non-void function" warnings with llvm_unreachable and add an assert.
llvm-svn: 139474
2011-09-10 21:52:04 +00:00
Chandler Carruth a626d645d5 Extend the Stmt AST to make it easier to look through label, default,
and case statements. Use this to make the logic in the CFG builder more
robust at finding the actual statements within a compound statement,
even when there are many layers of labels obscuring it.

Also extend the test cases for a large chunk of PR10063. Still more work
to do here though.

llvm-svn: 139437
2011-09-10 00:02:34 +00:00
Caitlin Sadowski 82e2de512e Thread safety: removing unnecessary import and reordering import list
llvm-svn: 139426
2011-09-09 23:00:59 +00:00
Caitlin Sadowski 0bef2279fb Thread safety: removing unnecessary import
llvm-svn: 139425
2011-09-09 22:49:12 +00:00
Caitlin Sadowski ff2f3f8105 Thread safety: This patch deals with previously unhandled cases when building lock expressions. We now resolve this expressions, avoid crashing when encountering cast expressions, and have a diagnostic for unresolved lock expressions
llvm-svn: 139370
2011-09-09 16:21:55 +00:00
Caitlin Sadowski 33208340bd Thread Safety: Moving the analysis to a new file
llvm-svn: 139369
2011-09-09 16:11:56 +00:00
Ted Kremenek aed4677a1c -Wuninitialized: fix insidious bug resulting from interplay of blocks and dead code. Fixes <rdar://problem/10060250>.
llvm-svn: 139027
2011-09-02 19:39:26 +00:00
Nico Weber 1fb82667dd Warn on missing [super finalize] calls.
This matches gcc's logic. Second half of PR10661.

llvm-svn: 138730
2011-08-28 22:35:17 +00:00
Ted Kremenek 1b7f49c2d6 Teach -Wunreachable-code about dead code caused by macro expansions. This should suppress false positives resulting from 'assert' and friends.
llvm-svn: 138576
2011-08-25 19:28:55 +00:00
Ted Kremenek bd91371381 Start reworking -Wunreachable-code. The original analysis had serious flaws with how it
handled SCC's of dead code, or simply having false negatives by overly suppressing warnings.

WIP.

llvm-svn: 138410
2011-08-23 23:05:11 +00:00
Ted Kremenek 6b9964d237 CFG: record set of C++ 'try' dispatch blocks, which could be of interest to various analyses (e.g., reachability).
llvm-svn: 138409
2011-08-23 23:05:07 +00:00
Ted Kremenek adfb445466 Constify the result of CFGStmt::getStmt().
llvm-svn: 138408
2011-08-23 23:05:04 +00:00
Ted Kremenek ee9848e20d Fix regression in -Wuninitialized involving VLAs. It turns out that we were modeling sizeof(VLAs)
incorrectly in the CFG, and also the static analyzer.  This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.

Fixes <rdar://problem/10008112>.

llvm-svn: 138372
2011-08-23 20:30:50 +00:00
Ted Kremenek 417d566775 Remove dead code.
llvm-svn: 138183
2011-08-20 01:15:28 +00:00
Chad Rosier 6fdf38bfbd Fix else style. No functionality change intended.
llvm-svn: 137896
2011-08-17 23:08:45 +00:00
Ted Kremenek c14efa7122 Fix a handful of dead stores found by Clang's static analyzer. There's a bunch of others I haven't touched.
llvm-svn: 137867
2011-08-17 21:04:19 +00:00
Ted Kremenek 5ef32dbf2a Cleanup various declarations of 'Stmt*' to be 'Stmt *', etc. in libAnalyzer and libStaticAnalyzer[*]. It was highly inconsistent, and very ugly to look at.
llvm-svn: 137537
2011-08-12 23:37:29 +00:00
Ted Kremenek e8f7316fee [analyzer] change "tag" in ProgramPoint from "void*" to a ProgramPointTag*.
Having a notion of an actual ProgramPointTag will aid in introspection of the analyzer's behavior.
For example, the GraphViz output of the analyzer will pretty-print the tags in a useful manner.

llvm-svn: 137529
2011-08-12 23:04:46 +00:00
Ted Kremenek 50aa2d480c Revert "Fix crash in CFGBuilder involving implicit destructor calls and gotos jumping after an object was declared. Fixes PR 10620."
llvm-svn: 137459
2011-08-12 14:41:23 +00:00
Ted Kremenek 06b8cd7324 Fix crash in CFGBuilder involving implicit destructor calls and gotos jumping after an object was declared. Fixes PR 10620.
llvm-svn: 137426
2011-08-12 04:09:00 +00:00
Ted Kremenek a0cdf58b0c Fix another -Wuninitialized assertion failure (this one involving bit casts) resulting from the recent -Wuninitialized changes.
llvm-svn: 137068
2011-08-08 21:43:08 +00:00
Ted Kremenek 84a1ca5280 [analyzer] Simplify logic for ExprEngine::VisitUnaryExprOrTypeTraitExpr to avoid recursion to subexpression.
This exposed bugs in the live variables analysis, and a latent analyzer bug in the SymbolReaper.

llvm-svn: 137006
2011-08-06 00:30:00 +00:00
Ted Kremenek 75842e4946 Fix assertion failure in -Wuninitialized involving no-op casts. Fixes PR 10577.
llvm-svn: 136939
2011-08-04 22:40:57 +00:00
Benjamin Kramer 3c05b7c161 Make helper functions static.
llvm-svn: 136679
2011-08-02 04:50:49 +00:00
Ted Kremenek e9fda1e48a [analyzer] Overhaul how the static analyzer expects CFGs by forcing CFGs to be linearized only when used by the static analyzer. This required a rewrite of LiveVariables, and exposed a ton of subtle bugs.
The motivation of this large change is to drastically simplify the logic in ExprEngine going forward.

Some fallout is that the output of some BugReporterVisitors is not as accurate as before; those will
need to be fixed over time.  There is also some possible performance regression as RemoveDeadBindings
will be called frequently; this can also be improved over time.

llvm-svn: 136419
2011-07-28 23:07:59 +00:00
Chris Lattner 0e62c1cc0b remove unneeded llvm:: namespace qualifiers on some core types now that LLVM.h imports
them into the clang namespace.

llvm-svn: 135852
2011-07-23 10:55:15 +00:00
Chandler Carruth 4dd6c043ae Move duplicate uninitialized warning suppression into the
AnalysisBasedWarnings Sema layer and out of the Analysis library itself.
This returns the uninitialized values analysis to a more pure form,
allowing its original logic to correctly detect some categories of
definitely uninitialized values. Fixes PR10358 (again).

Thanks to Ted for reviewing and updating this patch after his rewrite of
several portions of this analysis.

llvm-svn: 135748
2011-07-22 05:27:52 +00:00
Ted Kremenek 189ecec4db Simplify passing of CFGBuildOptions around for AnalysisContext. No functionality change.
llvm-svn: 135666
2011-07-21 05:22:47 +00:00
Ted Kremenek 81383c20e4 Fix -Wuninitialized regression involving functions invalidating parameters passed by reference.
llvm-svn: 135610
2011-07-20 19:49:47 +00:00
Ted Kremenek 65b3e0649c Fix false negative in -Wuninitialized involving a () wrapping an lvalue-to-rvalue conversion in a DeclStmt.
llvm-svn: 135525
2011-07-19 21:41:51 +00:00
Ted Kremenek 5d855bf7f2 Fix assertion failure in UninitializedValues.cpp where an lvalue to rvalue conversion is wrapped in a parenthesis.
llvm-svn: 135519
2011-07-19 20:33:49 +00:00
Ted Kremenek 9e100ea1a8 Reduce -Wuninitialized time by 22% (on sqlite) by removing the recursive AST crawl.
This is accomplished by forcing the needed expressions for -Wuninitialized to always be CFGElements in the CFG.
This allows us to remove a fair amount of the code for -Wuninitialized.

Some fallout:
- AnalysisBasedWarnings.cpp now specifically toggles the CFGBuilder to create a CFG that is suitable for -Wuninitialized.  This
is a layering violation, since the logic for -Wuninitialized is in libAnalysis.  This can be fixed with the proper refactoring.
- Some of the source locations for -Wunreachable-code warnings have shifted.  While not ideal, this is okay because that analysis
already needs some serious reworking.

llvm-svn: 135480
2011-07-19 14:18:48 +00:00
Ted Kremenek 8b46c00b5f Add hooks into the CFG builder to force that specific expressions are always CFGElements.
llvm-svn: 135479
2011-07-19 14:18:43 +00:00
Chandler Carruth 7cf5a37605 Revert r135217, which wasn't the correct fix for PR10358. With this
patch, we actually move the state-machine for the value set backwards
one step. This can pretty easily lead to infinite loops where we
continually try to propagate a bit, succeed for one iteration, but then
back up because we find an uninitialized use.

A reduced test case from PR10379 is included.

llvm-svn: 135359
2011-07-16 22:27:02 +00:00
Ted Kremenek 6dcbbe8547 [analyzer] Per discussions with the Cocoa team, extend CF naming conventions to extend to camel case functions instead of just title case functions. Fixes <rdar://problem/9732321>.
llvm-svn: 135350
2011-07-16 19:50:36 +00:00
Ted Kremenek c85964ed90 [analyzer] Place checking for Core Foundation "Create" rule into a proper API. No functionality change.
llvm-svn: 135349
2011-07-16 19:50:32 +00:00
Ted Kremenek f0b28d7fe5 Fix false negative reported in PR 10358 by using 'Unknown' in -Wuninitialized to avoid cascading warnings. Patch by Kaelyn Uhrain.
llvm-svn: 135217
2011-07-14 23:43:06 +00:00
Ted Kremenek d0c2afd2c3 Revert r135147 and r135075. The consensus was that this wasn't the right thing to do.
llvm-svn: 135152
2011-07-14 17:05:32 +00:00
Ted Kremenek 2df6485d51 Add extra sanity checking in FormatString::matchesType() that we are comparing integers to integers. This happens not to be an issue now, but the extra check helps future proof in case of future refactorings.
llvm-svn: 135147
2011-07-14 15:43:21 +00:00
Ted Kremenek ba84cf53bc Reapply r135075, but modify format-strings.c and format-strings-fixit.c test cases to be more portable with an explicit target triple.
llvm-svn: 135134
2011-07-14 06:49:52 +00:00
NAKAMURA Takumi 91d831bc2d Revert r135075, "format string checking: long and int have the same widths on 32-bit, so we shouldn't warn about using"
It fails on freebsd, mingw and msvc10.

llvm-svn: 135129
2011-07-14 05:16:18 +00:00
Ted Kremenek 60654d697a format string checking: long and int have the same widths on 32-bit, so we shouldn't warn about using
an "int" format specifier with a "long" type in 32-bit.

llvm-svn: 135075
2011-07-13 20:20:58 +00:00
Ted Kremenek cc47e0fad1 Re-relax conversion specifier checking for printf format strings and conversion specifiers. My recent change was a mistake.
llvm-svn: 135048
2011-07-13 17:35:14 +00:00
Ted Kremenek 1d3fb8af68 Fix inversion in argument type checking for format strings with conversion specifiers for character types.
llvm-svn: 135046
2011-07-13 17:25:47 +00:00
Chandler Carruth a532863131 Make the worklist in the uninitialized values checker actually a queue.
Previously, despite the names 'enqueue' and 'dequeue', it behaved as
a stack and visited blocks in a LIFO fashion. This interacts badly with
extremely broad CFGs *inside* of a loop (such as a large switch inside
a state machine) where every block updates a different variable.

When encountering such a CFG, the checker visited blocks in essentially
a "depth first" order due to the stack-like behavior of the work list.
Combined with each block updating a different variable, the saturation
logic of the checker caused it to re-traverse blocks [1,N-1] of the
broad CFG inside the loop after traversing block N. These re-traversals
were to propagate the variable values derived from block N. Assuming
approximately the same number of variables as inner blocks exist, the
end result is O(N^2) updates. By making this a queue, we also make the
traversal essentially "breadth-first" across each of the N inner blocks
of the loop. Then all of this state is propagated around to all N inner
blocks of the loop. The result is O(N) updates.

The truth is in the numbers:
Before, gcc.c:   96409 block visits  (max: 61546,   avg: 591)
After,  gcc.c:   69958 block visits  (max: 33090,   avg: 429)
Before, PR10183: 2540494 block vists (max: 2536495, avg: 37360)
After,  PR10183: 137803 block visits (max: 134406,  avg: 2026)

The nearly 20x reduction in work for PR10183 corresponds to a roughly
100x speedup in compile time.

I've tested it on all the code I can get my hands on, and I've seen no
slowdowns due to this change. Where I've collected stats, the ammount of
work done is on average less. I'll also commit shortly some synthetic
test cases useful in analyzing the performance of CFG-based warnings.

Submitting this based on Doug's feedback that post-commit review should
be good. Ted, please review! Hopefully this helps compile times until
then.

llvm-svn: 134697
2011-07-08 11:19:06 +00:00
Chandler Carruth b4836ea7a8 Build up statistics about the work done for analysis based warnings.
Special detail is added for uninitialized variable analysis as this has
serious performance problems than need to be tracked.

Computing some of this data is expensive, for example walking the CFG to
determine its size. To avoid doing that unless the stats data is going
to be used, we thread a bit into the Sema object to track whether
detailed stats should be collected or not. This bit is used to avoid
computations whereever the computations are likely to be more expensive
than checking the state of the flag. Thus, counters are in some cases
unconditionally updated, but the more expensive (and less frequent)
aggregation steps are skipped.

With this patch, we're able to see that for 'gcc.c':
*** Analysis Based Warnings Stats:
232 functions analyzed (0 w/o CFGs).
  7151 CFG blocks built.
  30 average CFG blocks per function.
  1167 max CFG blocks per function.
163 functions analyzed for uninitialiazed variables
  640 variables analyzed.
  3 average variables per function.
  94 max variables per function.
  96409 block visits.
  591 average block visits per function.
  61546 max block visits per function.

And for the reduced testcase in PR10183:
*** Analysis Based Warnings Stats:
98 functions analyzed (0 w/o CFGs).
  8526 CFG blocks built.
  87 average CFG blocks per function.
  7277 max CFG blocks per function.
68 functions analyzed for uninitialiazed variables
  1359 variables analyzed.
  19 average variables per function.
  1196 max variables per function.
  2540494 block visits.
  37360 average block visits per function.
  2536495 max block visits per function.

That last number is the somewhat scary one that indicates the problem in
PR10183.

llvm-svn: 134494
2011-07-06 16:21:37 +00:00
Douglas Gregor 5c70b06feb Teach the static analyzer's interpretation of Cocoa conventions to
obey the objc_method_family attribute when provided. Fixes
<rdar://problem/9726279>.

llvm-svn: 134493
2011-07-06 16:00:34 +00:00
Fariborz Jahanian 76b9d4da16 Added a missing case label.
llvm-svn: 134454
2011-07-06 00:29:51 +00:00
Daniel Dunbar 421bb42c9f Revert r133024, "[format strings] correctly suggest correct type for '%@'
specifiers.  Fixes <rdar://problem/9607158>." because it causes false positives
on some code that uses CF toll free bridging.
 - I'll let Doug or Ted figure out the right fix here, possibly just to accept
   any pointer type.

llvm-svn: 134041
2011-06-28 23:33:55 +00:00
Douglas Gregor fe31481f68 Introduce a new AST node describing reference binding to temporaries.
MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given

  const int& r = 1.0;

The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value. 

IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.

llvm-svn: 133521
2011-06-21 17:03:29 +00:00
Francois Pichet ea22bab7a5 Finish 2 sentences.
llvm-svn: 133214
2011-06-16 23:19:36 +00:00
John McCall 31168b077c Automatic Reference Counting.
Language-design credit goes to a lot of people, but I particularly want
to single out Blaine Garst and Patrick Beard for their contributions.

Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself,
in no particular order.

llvm-svn: 133103
2011-06-15 23:02:42 +00:00
Ted Kremenek 192ed0b7ee [format strings] correctly suggest correct type for '%@' specifiers. Fixes <rdar://problem/9607158>.
llvm-svn: 133024
2011-06-14 22:56:51 +00:00
Douglas Gregor 33823727c8 Implement Objective-C Related Result Type semantics.
Related result types apply Cocoa conventions to the type of message
sends and property accesses to Objective-C methods that are known to
always return objects whose type is the same as the type of the
receiving class (or a subclass thereof), such as +alloc and
-init. This tightens up static type safety for Objective-C, so that we
now diagnose mistakes like this:

t.m:4:10: warning: incompatible pointer types initializing 'NSSet *'
with an
      expression of type 'NSArray *' [-Wincompatible-pointer-types]
  NSSet *array = [[NSArray alloc] init];
         ^       ~~~~~~~~~~~~~~~~~~~~~~
/System/Library/Frameworks/Foundation.framework/Headers/NSObject.h:72:1:
note: 
      instance method 'init' is assumed to return an instance of its
      receiver
      type ('NSArray *')
- (id)init;
^

It also means that we get decent type inference when writing code in
Objective-C++0x:

  auto array = [[NSMutableArray alloc] initWithObjects:@"one",  @"two",nil];
  //    ^ now infers NSMutableArray* rather than id

llvm-svn: 132868
2011-06-11 01:09:30 +00:00
Jordy Rose 1734737d9f [analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary.
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.

llvm-svn: 132840
2011-06-10 08:49:37 +00:00
Jordy Rose 891d613289 [analyzer] Ignore parentheses around block-level expressions when computing liveness. Fixes the other half of PR8962.
llvm-svn: 132769
2011-06-09 05:44:04 +00:00
Argyrios Kyrtzidis b3483b3d91 Utilize PackedVector, introduced with llvm commit r132325.
llvm-svn: 132326
2011-05-31 03:56:09 +00:00
Ted Kremenek 3a60114085 Add explicit CFG support for ignoring static_asserts.
llvm-svn: 132001
2011-05-24 20:41:31 +00:00
Peter Collingbourne e92006860d Refactoring of constant expression evaluator
This introduces a generic base class for the expression evaluator
classes, which handles a few common expression types which were
previously handled separately in each class.  Also, the expression
evaluator now uses ConstStmtVisitor.

llvm-svn: 131281
2011-05-13 03:29:01 +00:00
John McCall c67067f43e Teach CFG building how to deal with CXXMemberCallExprs and BoundMemberTy,
then teach -Wreturn-type to handle the same.  Net effect:  we now correctly
handle noreturn attributes on member calls in the CFG.

llvm-svn: 131178
2011-05-11 07:19:11 +00:00
Ted Kremenek efdb7fe53b Fix crash in -Wuninitialized when using switch statments whose condition is a logical operation.
llvm-svn: 131158
2011-05-10 22:10:35 +00:00
Ted Kremenek 6878c36328 Elide __label__ declarations from the CFG. This resolves a crash in CFGRecStmtDeclVisitor (crash in static analyzer).
llvm-svn: 131141
2011-05-10 18:42:15 +00:00
Chandler Carruth 6e1f9babcd Silence more -Wnon-pod-memset given its current implementation. I may be
able to revert these based on a patch I'm working on, but no reason for
people to be spammed with warnings in the interim.

llvm-svn: 130394
2011-04-28 08:19:45 +00:00
Ted Kremenek f8ac5288a3 Remove unused method CFGBlock::hasBinaryBranchTerminator().
llvm-svn: 130336
2011-04-27 22:16:58 +00:00
Eli Friedman 7ec652a7a2 Don't print fixits for format specifiers in cases where the fixit does not actually fix the warning. PR8781.
I'm not sure what the preferred way to write a test for whether a fixit is emitted.

llvm-svn: 130335
2011-04-27 22:06:20 +00:00
Ted Kremenek 8dcc466886 When generating printf fixits, preserve the original formating for unsigned integers (e.g., 'x', 'o').
llvm-svn: 130164
2011-04-25 22:32:59 +00:00
Richard Smith 0c502d2a62 Fix PR9741. The implicit declarations created for range-based for loops weren't being added to the DeclContext (nor were they being marked as implicit). Also, the declarations were being emitted in the wrong order when building the CFG.
llvm-svn: 129700
2011-04-18 15:49:25 +00:00
Chris Lattner 57540c5be0 fix a bunch of comment typos found by codespell. Patch by
Luis Felipe Strano Moraes!

llvm-svn: 129559
2011-04-15 05:22:18 +00:00
Douglas Gregor 40965fa78a When we transform a C++ exception declaration (e.g., for template
instantiation), be sure to add the transformed declaration into the
current DeclContext. Also, remove the -Wuninitialized hack that works
around this bug. Fixes <rdar://problem/9200676>.

llvm-svn: 129544
2011-04-14 22:32:28 +00:00
Richard Smith 02e85f3bc5 Add support for C++0x's range-based for loops, as specified by the C++11 draft standard (N3291).
llvm-svn: 129541
2011-04-14 22:09:26 +00:00
Ted Kremenek 9eb0b7d2f1 Return the correct lastly populated block from CFGBuilder::VisitUnaryExprOrTypeTraitExpr().
llvm-svn: 129499
2011-04-14 01:50:50 +00:00
Chandler Carruth 0a7aa3b60b Teach -Wuninitialized about C++'s typeid expression, including both the
evaluated and unevaluated contexts. Add some testing of sizeof and
typeid.

Both of the typeid tests added here were triggering warnings previously.
Now the one false positive is suppressed without suppressing the warning
on actually buggy code.

llvm-svn: 129431
2011-04-13 08:18:42 +00:00
Ted Kremenek 97c393807b Teach -Wuninitialized to not warn about variables declared in C++ catch statements.
llvm-svn: 129102
2011-04-07 20:02:56 +00:00
Chandler Carruth 78c7e34485 Commit a bit of a hack to fully handle the situation where variables are
marked explicitly as uninitialized through direct self initialization:

  int x = x;

With r128894 we prevented warnings about this code, and this patch
teaches the analysis engine to continue analyzing subsequent uses of
'x'. This should wrap up PR9624.

There is still an open question of whether we should suppress the
maybe-uninitialized warnings resulting from variables initialized in
this fashion. The definitely-uninitialized uses should always be warned.

llvm-svn: 128932
2011-04-05 21:36:30 +00:00
Ted Kremenek 378819342e Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with numerous CFG and UninitializedValues analysis changes:
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.

The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.

llvm-svn: 128858
2011-04-04 23:29:12 +00:00
Ted Kremenek 352a7081a8 -Wuninitialized: don't warn about uninitialized variables in unreachable code.
llvm-svn: 128840
2011-04-04 20:30:58 +00:00
Nico Weber cc2b8717c5 Make -Wheader-hygiene not complain about USING_NAMESPACE_THROUGH_MACRO in a non-header file.
llvm-svn: 128780
2011-04-02 19:45:15 +00:00
Ted Kremenek 77361761fb -Wuninitialized should not warn about variables captured by blocks as byref.
Note this can potentially be enhanced to detect if the __block variable
is actually written by the block, or only when the block "escapes" or
is actually used, but that requires more analysis than it is probably worth
for this simple check.

llvm-svn: 128681
2011-03-31 22:32:41 +00:00
Ted Kremenek 03325c4be9 Add workaround for Sema issue found in <rdar://problem/9188004>, which leads to an assertion failure in the uninitialized variables analysis. The problem is that Sema isn't properly registering a variable in a DeclContext (which -Wuninitialized relies on), but
my expertise on the template instantiation logic isn't good enough to fix this problem for real.  This patch worksaround the
problem in -Wuninitialized, but we should fix it for real later.

llvm-svn: 128443
2011-03-29 01:40:00 +00:00
Benjamin Kramer 8aef596dec Make helpers static.
llvm-svn: 128339
2011-03-26 12:38:21 +00:00
Ted Kremenek dcc4c38970 Fix CFG-construction bug when run from AnalysisBasedWarnings::IssueWarnings() where block-level expressions that need
to be recorded in the Stmt*->CFGBlock* map were not always done so.  Fixes <rdar://problem/9171946>.

llvm-svn: 128170
2011-03-23 21:33:21 +00:00
Ted Kremenek ddc06d0bd0 Rename class 'CFGReachabilityAnalysis' to 'CFGReverseBlockReachabilityAnalysis'.
This rename serves two purposes:

- It reflects the actual functionality of this analysis.
- We will have more than one reachability analysis.

llvm-svn: 127930
2011-03-19 01:00:33 +00:00
Ted Kremenek c15a4e4b37 Extend -Wuninitialized to support vector types.
llvm-svn: 127794
2011-03-17 03:06:11 +00:00
Ted Kremenek 35c70f64db Teach CFGBuilder that the 'default' branch of a switch statement is dead if all enum values in a switch conditioned are handled.
llvm-svn: 127727
2011-03-16 04:32:01 +00:00
Ted Kremenek e3ae0a4c47 Appease GCC. I'm surprised Clang accepted this.
llvm-svn: 127672
2011-03-15 05:30:12 +00:00
Ted Kremenek 1a47f366b7 Split warnings from -Wuninitialized-experimental into "must-be-initialized" and "may-be-initialized" warnings, each controlled by different flags.
llvm-svn: 127669
2011-03-15 05:22:28 +00:00
Ted Kremenek c8c4e5f371 Split warnings from -Wuninitialized-experimental into "must-be-initialized" and "may-be-initialized" warnings, each controlled by different flags.
llvm-svn: 127666
2011-03-15 04:57:38 +00:00
Ted Kremenek 9b15c962a9 UninitializedValues: introduce ValueVector:reference class to forward to llvm::BitVector. No real functionality change, but this is a stepping stone to moving to tri-state logic.
llvm-svn: 127665
2011-03-15 04:57:32 +00:00
Ted Kremenek d3def3841f UninitializedValues: wrap BitVector references in a new class ValueVector. No functionality change. This defines the minimum interface that ValueVector needs to support when we no longer base it strictly on a direct interpretation of BitVector.
llvm-svn: 127664
2011-03-15 04:57:29 +00:00
Ted Kremenek a895fe999d Substitue term "BitVector" with "ValueVector" to prep for further revisions. No functionality change.
llvm-svn: 127663
2011-03-15 04:57:27 +00:00
Ted Kremenek a0a5ca14d0 Rename UninitializedValuesV2 to UninitializedValues.
llvm-svn: 127657
2011-03-15 03:17:07 +00:00
Ted Kremenek 792798549f Remove old UninitializedValues analysis.
llvm-svn: 127656
2011-03-15 03:17:01 +00:00
Sebastian Redl 31ad754c96 Instead of storing an ASTContext* in FunctionProtoTypes with computed noexcept specifiers, unique FunctionProtoTypes with a ContextualFoldingSet, as suggested by John McCall.
llvm-svn: 127568
2011-03-13 17:09:40 +00:00
Ted Kremenek 53e6538fa8 Fix CFG assertion failure reported in PR 9467. This was due to recent changes in optimizing CFGs for switch statements.
llvm-svn: 127563
2011-03-13 03:48:04 +00:00
Sebastian Redl fa453cfdc3 Propagate the new exception information to FunctionProtoType.
Change the interface to expose the new information and deal with the enormous fallout.
Introduce the new ExceptionSpecificationType value EST_DynamicNone to more easily deal with empty throw specifications.
Update the tests for noexcept and fix the various bugs uncovered, such as lack of tentative parsing support.

llvm-svn: 127537
2011-03-12 11:50:43 +00:00
Peter Collingbourne e190dee7a5 Add support for the OpenCL vec_step operator, by generalising and
extending the existing support for sizeof and alignof.  Original
patch by Guy Benyei.

llvm-svn: 127475
2011-03-11 19:24:49 +00:00
Ted Kremenek a099c595bf When doing reachability analysis for warnings issued under DiagRuntimeBehavior, don't construct a ParentMap or CFGStmtMap.
Instead, create a small set of Stmt* -> CFGBlock* mappings during CFG construction for only the statements we care about
relating to the diagnostics we want to check for reachability.

llvm-svn: 127396
2011-03-10 03:50:34 +00:00
Ted Kremenek 7c58d35240 Require AddStmtChoice::alwaysAdd() to take a CFGBuilder& and Stmt*. Prep for functionality changes.
llvm-svn: 127387
2011-03-10 01:14:11 +00:00
Ted Kremenek 2866bab5fa Remove unused 'AddStmtChoice' argument to CFGBuilder::appendStmt().
llvm-svn: 127386
2011-03-10 01:14:08 +00:00
Ted Kremenek f9d8290af1 Rework interaction between AnalysisContext and CFG::BuildOptions to keep a BuildOptions object around instead of keeping a copy of the flags.
Moreover, change AnalysisContext to use an OwningPtr for created analysis objects instead
of directly managing them.

Finally, add a 'forcedBlkExprs' entry to CFG::BuildOptions that will be used by the
CFGBuilder to force specific expressions to be block-level expressions.

llvm-svn: 127385
2011-03-10 01:14:05 +00:00
Ted Kremenek 897947434e Fix null dereference in CFGBlock::FilterEdge that was reported in PR 9412.
llvm-svn: 127176
2011-03-07 22:04:39 +00:00
Ted Kremenek be52871b1a Correctly handle nested switch statements in CFGBuilder when on switch statement has a condition that evaluates to a constant.
llvm-svn: 126977
2011-03-04 01:03:41 +00:00
Ted Kremenek 8cfe207861 Teach CFGImplicitDtor::getDestructorDecl() about arrays of objects with destructors.
llvm-svn: 126910
2011-03-03 01:21:32 +00:00
Ted Kremenek 1676a042e3 Teach CFGImplicitDtor::getDestructorDecl() about reference types.
llvm-svn: 126909
2011-03-03 01:01:03 +00:00
Matt Beaumont-Gay 86b900baca Let's go with John and Ted's preferred fix.
llvm-svn: 126907
2011-03-03 00:48:05 +00:00
Matt Beaumont-Gay 0532897f37 Keep GCC from complaining about falling off the end of the function.
llvm-svn: 126897
2011-03-02 23:25:06 +00:00
Ted Kremenek e06a55c6b9 Introduce CFGImplicitDtor::isNoReturn() to query whether a destructor actually returns. Use this for -Wreturn-type to prune false positives reported in PR 6884.
llvm-svn: 126875
2011-03-02 20:32:29 +00:00
John McCall b4526252db Move some of the logic about classifying Objective-C methods into
conventional categories into Basic and AST.  Update the self-init checker
to use this logic;  CFRefCountChecker is complicated enough that I didn't
want to touch it.

llvm-svn: 126817
2011-03-02 01:50:55 +00:00
Ted Kremenek eff9a7ff91 Teach CFGBuilder to prune trivially unreachable case statements.
llvm-svn: 126797
2011-03-01 23:12:55 +00:00
Ted Kremenek 96a7a59119 In preparation for fixing PR 6884, rework CFGElement to have getAs<> return pointers instead of fresh CFGElements.
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.

llvm-svn: 126738
2011-03-01 03:15:10 +00:00
Anders Carlsson 6dc07d4e56 Get rid of the areExceptionsEnabled() getter from LangOptions.
llvm-svn: 126598
2011-02-28 00:33:03 +00:00
Ted Kremenek d813801384 Fix tiny error in CFG construction for BinaryConditionalOperators, making sure the branch always has two successors. Also teach Environment::getSVal() about OpaqueValueExprs.
This fixes a crash reported in PR9287, and also fixes a false positive involving the value of such ternary
expressions not properly getting propagated.

llvm-svn: 126362
2011-02-24 03:09:15 +00:00
Ted Kremenek 1a241d1619 Teach CFGBuilder about null pointer constants in conditionals, and how they can be used to prune branches. Fixes false null pointer dereference warning in PR 8183.
llvm-svn: 126305
2011-02-23 05:11:46 +00:00
Ted Kremenek 80861ca9b5 Migrate CFGReachabilityAnalysis out of the IdempotentOperationsChecker and into its own analysis file.
llvm-svn: 126289
2011-02-23 01:51:59 +00:00
Ted Kremenek cc7f1f8c2e Have IdempotentOperationsChecker pull its CFGStmtMap from AnalysisContext.
llvm-svn: 126288
2011-02-23 01:51:53 +00:00
Ted Kremenek 828f631af1 Fix a CFGBuilder bug exposed on convoluted control-flow in the Linux kernel.
llvm-svn: 126149
2011-02-21 22:11:26 +00:00
Anders Carlsson 08ce5ed1b1 Add a LangOptions::areExceptionsEnabled and start using it.
llvm-svn: 126062
2011-02-20 00:20:27 +00:00
John McCall 68cc3350a8 Fix a -Wuninitialized warning; it's actually a false positive,
but it's not reasonable for the diagnostic to figure that out.
Pointed out by Benjamin Kramer.

Also clarify the logic here.

llvm-svn: 126017
2011-02-19 03:13:26 +00:00
John McCall c07a0c7e48 Change the representation of GNU ?: expressions to use a different expression
class and to bind the shared value using OpaqueValueExpr.  This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait;  or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.

Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.

This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here.  In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.

I've tried to update the analyzer to deal with this in at least some          
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.

llvm-svn: 125744
2011-02-17 10:25:35 +00:00
Chris Lattner c8e630e4db Step #1/N of implementing support for __label__: split labels into
LabelDecl and LabelStmt.  There is a 1-1 correspondence between the
two, but this simplifies a bunch of code by itself.  This is because
labels are the only place where we previously had references to random
other statements, causing grief for AST serialization and other stuff.

This does cause one regression (attr(unused) doesn't silence unused
label warnings) which I'll address next.

This does fix some minor bugs:
1. "The only valid attribute " diagnostic was capitalized.
2. Various diagnostics printed as ''labelname'' instead of 'labelname'
3. This reduces duplication of label checking between functions and blocks.

Review appreciated, particularly for the cindex and template bits.

llvm-svn: 125733
2011-02-17 07:39:24 +00:00
Ted Kremenek c7bfdcd4f5 Fix memory leak in CFGBuilder resulting from tracking scope information using SmallVectors.
llvm-svn: 125550
2011-02-15 02:47:45 +00:00
John McCall 8322c3a197 Give some convenient idiomatic accessors to Stmt::child_range and
Stmt::const_child_range, then make a bunch of places use them instead
of the individual iterator accessors.

llvm-svn: 125450
2011-02-13 04:07:26 +00:00
Ted Kremenek 9865d7f0e6 Don't report dead stores on unreachable code paths. Fixes <rdar://problem/8405222>.
llvm-svn: 125415
2011-02-11 23:24:26 +00:00
NAKAMURA Takumi 98dd73d66c CMake: LLVM_NO_RTTI must be obsolete now!
llvm-svn: 125275
2011-02-10 09:15:32 +00:00
Ted Kremenek ba357296e7 Enhance -Wuninitialized to better reason about || and &&, tracking dual dataflow facts and properly merging them.
Fixes PR 9076.

llvm-svn: 124666
2011-02-01 17:43:18 +00:00
Ted Kremenek 1be4a59a11 Teach -Wuninitialized about indirect goto. Fixes PR 9071.
llvm-svn: 124394
2011-01-27 18:51:39 +00:00
NAKAMURA Takumi f9cbcc4cc2 Fix whitespace.
llvm-svn: 124364
2011-01-27 07:10:08 +00:00
NAKAMURA Takumi 7c2888689d 7bit-ize.
llvm-svn: 124363
2011-01-27 07:09:49 +00:00
Ted Kremenek 93a313869f Teach -Wuninitialized not to assert when analyzing
blocks that reference captured variables.

llvm-svn: 124348
2011-01-27 02:29:34 +00:00
Ted Kremenek 4058d87ad5 Teach -Wuninitialized about ObjC fast enumeration loops.
llvm-svn: 124347
2011-01-27 02:01:31 +00:00
Ted Kremenek 33ddd9692d Tweak -Wuninitialized-experimental to not emit
a warning for uses of an uninitialized variable
when the use is a void cast, e.g. (void) x.

llvm-svn: 124278
2011-01-26 04:49:43 +00:00
Ted Kremenek bcf848f70a Teach -Wuninitialized-experimental to also warn
about uninitialized variables captured by blocks.

llvm-svn: 124213
2011-01-25 19:13:48 +00:00
Ted Kremenek 8f01420d9d Teach -Wuninitialized-experimental about sizeof().
llvm-svn: 124076
2011-01-23 17:53:04 +00:00
Ted Kremenek 14cf0aba4d Removing debug printing logic from UninitializedValuesV2.
llvm-svn: 123944
2011-01-20 21:25:34 +00:00
Ted Kremenek cdca8fa97d Relax CFG assertions in UninitializedValuesV2 when
handling pseudo-path sensitivity, and instead
use those assertion conditions as dynamic checks.
These assertions would be violated when analyzing
a CFG where some branches where optimized away
during CFG construction because their branch
conditions could be trivially determined.

llvm-svn: 123943
2011-01-20 21:25:31 +00:00
Ted Kremenek b82ddd6ada Add rudimentary path-sensitivity to UnintializedValuesV2
analysis for short-circuited operations.  For branch written like "if (x && y)",
we maintain two sets of dataflow values for the outgoing
branches.  This suppresses some common false positives
for -Wuninitialized-experimental.

This change introduces some assertion failures
when running on the LLVM codebase.  WIP.

llvm-svn: 123923
2011-01-20 17:37:17 +00:00
John McCall 424cec97bd Change QualType::getTypePtr() to return a const pointer, then change a
thousand other things which were (generally inadvertantly) relying on that.

llvm-svn: 123814
2011-01-19 06:33:43 +00:00
Ted Kremenek b63931eef6 Teach UninitializedValuesV2 to implicitly reason about C++
references by monitoring whether an access to
a variable is solely to compute it's lvalue or
to do an lvalue-to-rvalue conversion (i.e., a load).

llvm-svn: 123777
2011-01-18 21:18:58 +00:00
Ted Kremenek c8d55da05a Correctly enable test/Sema/unit-variables.c,
thus identifying a minor logical flaw in
UninitializedValuesV2.cpp.

llvm-svn: 123734
2011-01-18 05:00:42 +00:00
Ted Kremenek cab479f0ee Teach UninitializedValuesV2 about "int x = x" and
also properly handle confluence of loops.

llvm-svn: 123733
2011-01-18 04:53:25 +00:00
Anders Carlsson 36ecb1f208 Add AnalysisContext::dumpCFG.
llvm-svn: 123602
2011-01-16 22:05:23 +00:00
Francois Pichet 07a2e14f44 Unbreak the MSVC build again: replace bzero by memset.
llvm-svn: 123538
2011-01-15 13:27:47 +00:00
Ted Kremenek b749a6d62a Add initial prototype for implementation of
-Wuninitialized based on CFG dataflow analysis.  WIP.

llvm-svn: 123512
2011-01-15 02:58:47 +00:00
Argyrios Kyrtzidis 52f04650ae [analyzer] Add 'bool ignorePrefix' parameter to cocoa::deriveNamingConvention to control whether
the prefix should be ignored.

E.g. if ignorePrefix is true, "_init" and "init" selectors will both be result in InitRule, but if
ignorePrefix is false, only "init" will return InitRule.

llvm-svn: 123262
2011-01-11 19:45:16 +00:00
Alexis Hunt 1d7926502f Renamed CXXBaseOrMemberInitializer to CXXCtorInitializer. This is both shorter,
more accurate, and makes it make sense for it to hold a delegating constructor
call.

llvm-svn: 123084
2011-01-08 20:30:50 +00:00
Chandler Carruth b35635e942 Remove a kludge from analysis based warnings that used to detect
temporaries with no-return destructors. The CFG now properly supports
temporaries and implicit destructors which both makes this kludge no
longer work, and conveniently removes the need for it.

Turn on CFG handling of implicit destructors and initializers. Several
ad-hoc benchmarks don't indicate any measurable performance impact from
growing the CFG, and it fixes real correctness problems with warnings.

As a result of turning on these CFG elements, we started to tickle an
inf-loop in the unreachable code logic used for warnings. The fix is
trivial.

llvm-svn: 123056
2011-01-08 06:54:40 +00:00
Ted Kremenek bf4832cda8 Add semantic checking that the "thousands grouping"
prefix in a printf format string is matched
with the appropriate conversion specifier.

llvm-svn: 123055
2011-01-08 05:28:46 +00:00
Ted Kremenek a322cae011 Add printf format string parsing support for '
prefix to format conversions (POSIX extension).

llvm-svn: 123054
2011-01-08 05:28:38 +00:00
Ted Kremenek ef81e9e243 Fix crash in CFGBuilder on invalid code. We still need
to reject this code, but at least clang doesn't
crash anymore.

Crash reported in PR 8880.

llvm-svn: 123017
2011-01-07 19:37:16 +00:00
Chris Lattner ad3467ee89 The -fshort-wchar option causes wchar_t to become unsigned, in addition to being
16-bits in size.  Implement this by splitting WChar into two enums, like we have
for char.  This fixes a miscompmilation of XULRunner, PR8856.

llvm-svn: 122558
2010-12-25 23:25:43 +00:00
Ted Kremenek 98857c9860 Rename static analyzer namespace 'GR' to 'ento'.
llvm-svn: 122492
2010-12-23 07:20:52 +00:00
Argyrios Kyrtzidis ca08fba414 [analyzer] Refactoring: Move stuff into namespace 'GR'.
llvm-svn: 122423
2010-12-22 18:53:20 +00:00
Ted Kremenek b44f0f9abe Fix assertion failure in cocoa::deriveNamingConvention()
when the selector is the string 'mutable'.

llvm-svn: 122046
2010-12-17 07:11:57 +00:00
Ted Kremenek 853da96736 Move CocoaConventions.[h,cpp] from libChecker
to libAnalysis.  Similar to Format (format string checking), 
CocoaConventions has the
potential to serve clients other than the
static analyzer.

llvm-svn: 122040
2010-12-17 05:21:58 +00:00
Ted Kremenek 3a9a2a551c Rename several methods/functions in the analyzer
to start with lowercase characters.  No
functionality change.

llvm-svn: 122035
2010-12-17 04:44:39 +00:00
Ted Kremenek 8219b82125 Start migration of static analyzer to using the
implicit lvalue-to-rvalue casts that John McCall
recently introduced.  This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish.  It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).

The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST.  The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.

Some highlights of this patch include:

- CFG no longer requires an lvalue bit for
  CFGElements
- StackFrameContext doesn't need an 'asLValue'
  flag
- The "VisitLValue" path from GRExprEngine has
  been eliminated.

Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.

llvm-svn: 121960
2010-12-16 07:46:53 +00:00
John McCall 5d41378146 Rename CXXExprWithTemporaries -> ExprWithCleanups; there's no theoretical
reason this is limited to C++, and it's certainly not limited to temporaries.

llvm-svn: 120996
2010-12-06 08:20:24 +00:00
Francois Pichet d583da04d0 More anonymous struct/union redesign. This one deals with anonymous field used in a constructor initializer list:
struct X {
  X() : au_i1(123) {}
  union {
    int au_i1;
    float au_f1;
  };
};

clang will now deal with au_i1 explicitly as an IndirectFieldDecl.

llvm-svn: 120900
2010-12-04 09:14:42 +00:00
John McCall 34376a68c4 Although we currently have explicit lvalue-to-rvalue conversions, they're
not actually frequently used, because ImpCastExprToType only creates a node
if the types differ.  So explicitly create an ICE in the lvalue-to-rvalue
conversion code in DefaultFunctionArrayLvalueConversion() as well as several
other new places, and consistently deal with the consequences throughout the
compiler.

In addition, introduce a new cast kind for loading an ObjCProperty l-value,
and make sure we emit those nodes whenever an ObjCProperty l-value appears
that's not on the LHS of an assignment operator.

This breaks a couple of rewriter tests, which I've x-failed until future
development occurs on the rewriter.

Ted Kremenek kindly contributed the analyzer workarounds in this patch.

llvm-svn: 120890
2010-12-04 03:47:34 +00:00
Ted Kremenek 9e618ed1c9 Fix range in printf warnings for invalid conversion specifiers.
llvm-svn: 120735
2010-12-02 20:57:51 +00:00
Zhongxing Xu a1a9ba11b7 Let StackFrameContext represent if the call expr is evaluated as lvalue.
This is required for supporting const reference to temporary objects.

llvm-svn: 120093
2010-11-24 13:08:51 +00:00
Zhongxing Xu 9b6e6b087f print asLValue attribute of CFGStmt.
llvm-svn: 120086
2010-11-24 06:33:02 +00:00
Zhanyong Wan b5d11c127a Refactor AddStmtChoice to make it easier to use; also add comments on how the class works. Reviewed by kremenek.
llvm-svn: 120080
2010-11-24 03:28:53 +00:00
Zhanyong Wan 59f09c7483 Stylistic changes to CFG.cpp:
1. "no 'else' after 'return'" -- this is for conformance with the
coding standards.

2. move 'else' to the line of the previous '}' -- this is for consistency.

Reviewed by kremenek.

llvm-svn: 119983
2010-11-22 19:32:14 +00:00
Zhanyong Wan 6dace61730 Fix PR8419. Reviewed by kremenek and xuzhongxing.
llvm-svn: 119960
2010-11-22 08:45:56 +00:00
Anders Carlsson a369f8dc3a The 'X' printf type has a valid alternative form. Fixes PR8641.
llvm-svn: 119946
2010-11-21 18:34:21 +00:00
Ted Kremenek 18fb1665bf Remove invalid assertion from CFG builder. When building the CFG pieces for a ternary '?' expression,
it is possible for the confluence block to only have a single predecessor due to calls to 'noreturn'
functions.  Fixes assertion failure reported in PR 8619.

llvm-svn: 119284
2010-11-15 22:59:22 +00:00
Zhongxing Xu fee455fcf5 Revert r118991.
Elidable CXXConstructExpr should inhibit calling destructor for temporary 
that is copied, not the one created. This is because eliding copy constructor 
means that the object that was to be copied will be constructed directly in 
memory the copy would be constructed in.

llvm-svn: 119044
2010-11-14 15:23:50 +00:00
Zhongxing Xu 1b038fa00f Do not add implicit dtors for CXXBindTemporaryExpr with elidable
CXXConstructExpr.

llvm-svn: 118991
2010-11-13 07:30:59 +00:00
Anders Carlsson 3fd50319d3 Don't warn when matching %p to nullptr.
llvm-svn: 118344
2010-11-06 14:58:53 +00:00
Zhongxing Xu fb2f8164ae Do not add elidable CXXConstructExpr as block-level expr.
llvm-svn: 118165
2010-11-03 11:14:06 +00:00
Marcin Swiderski 3ab17ad8ec Added generating destructors for temporary objects. Two cases I know of, that are not handled properly:
1. For statement: const C& c = C(0) ?: C(1) destructors generated for condition will not differ from those generated for case without prolonged lifetime of temporary,
2. There will be no destructor for constant reference member bound to temporary at the exit from constructor.

llvm-svn: 118158
2010-11-03 06:19:35 +00:00
Zhongxing Xu e1dbeb28da Explicitly handle CXXBindTemporaryExpr, CXXFunctionalCastExpr,
and ImplicitCastExpr to propagate asLValue AddStmtChoice property.
But do not propagate AlwaysAdd property.

llvm-svn: 117909
2010-11-01 13:04:58 +00:00
Zhongxing Xu 0b51d4db8c Make all CXXConstructExpr's block-level expressions. This is required by
method inlining. Temporarily fail a test case.

llvm-svn: 117907
2010-11-01 06:46:05 +00:00
Marcin Swiderski a7d84a7615 Added CFGTerminator class, that holds information about CFGBlock terminator statement.
llvm-svn: 117642
2010-10-29 05:21:47 +00:00
Zhongxing Xu d95ccd58a9 If visiting RHS causes us to finish 'Block', e.g. the RHS is a StmtExpr
containing a DoStmt, and the LHS doesn't create a new block, then we should
return RBlock.  Otherwise we'll incorrectly return NULL.

Also relax an assertion in VisitWhileStmt(). Reset 'Block' when it is finished.

llvm-svn: 117436
2010-10-27 03:23:10 +00:00
Marcin Swiderski 01769904d3 Added generation of destructors for member constant size arrays.
There's only one destructor call generated for each not empty array (at least for now this should be enough).

llvm-svn: 117252
2010-10-25 07:05:54 +00:00
Marcin Swiderski 52e4bc1fed Added generation of destructors for constant size arrays.
There's only one destructor call generated for each not empty array (at least for now this should be enough).

llvm-svn: 117251
2010-10-25 07:00:40 +00:00
Marcin Swiderski 772324971d - Fixed subexpressions evaluation order for binary operators to match order in code generated with the compiler,
- Fixed test cases for unreachable code warnings produced by Sema.

llvm-svn: 117220
2010-10-24 08:21:40 +00:00
Ted Kremenek 12a37de003 Previously, the printf warnings would say your arguments type was 'int' when it was really a 'char'
or a 'short'. This fixes that and allows the hints to suggest 'h' modifiers for small ints.

Patch by Justin Bogner!

llvm-svn: 116996
2010-10-21 04:00:58 +00:00
John McCall 1c9c3fd50a Death to blocks, or at least the word "block" in one particular obnoxiously
ambiguous context.

llvm-svn: 116567
2010-10-15 04:57:14 +00:00
Zhongxing Xu 614e17dddf * Simplify code
* Fix dump() to make it consistent with the test case.

llvm-svn: 115609
2010-10-05 08:38:06 +00:00
Marcin Swiderski 20b88739ed Added support for base and member destructors in destructor.
llvm-svn: 115592
2010-10-05 05:37:00 +00:00
Marcin Swiderski 87b1bb6fd2 Added support for C++ initializers in CFG.
llvm-svn: 115493
2010-10-04 03:38:22 +00:00
Zhongxing Xu b06a2cdd2b Now the whether adding implicit dtors is controlled by cmd option.
llvm-svn: 115275
2010-10-01 03:31:06 +00:00
Zhongxing Xu 6d372f7c0f The return value is never used.
llvm-svn: 115272
2010-10-01 03:22:39 +00:00
Zhongxing Xu 307701e1b4 Use default augument.
llvm-svn: 115271
2010-10-01 03:09:09 +00:00
Zhongxing Xu 81714f2196 Simplify interface for addLocalScopeForStmt().
llvm-svn: 115270
2010-10-01 03:00:16 +00:00
Zhongxing Xu ea360a3b1a The old logic would add non-struct and non C++ struct variables to the local
scope. Now we only add C++ struct with non-trivial destructor variables to the
local scope.

llvm-svn: 115269
2010-10-01 02:47:11 +00:00
Marcin Swiderski 3546b1aea1 Added generating CFGAutomaticObjDtors for exception variable in catch statement.
llvm-svn: 115266
2010-10-01 01:46:52 +00:00
Marcin Swiderski 6d5ee0c7f9 Added generating CFGAutomaticObjDtors for init statement, condition variable and implicit scope in for statement.
llvm-svn: 115265
2010-10-01 01:38:14 +00:00
Marcin Swiderski e407a3ba1e dded generating CFGAutomaticObjDtors for condition variable and implicit scopes in switch statement.
llvm-svn: 115264
2010-10-01 01:24:41 +00:00
Marcin Swiderski 1f4e15c56f Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in while and do statements.
llvm-svn: 115262
2010-10-01 01:14:17 +00:00
Marcin Swiderski f883ade880 Added generating CFGAutomaticObjDtors for condition variable and implicit scopes in if statement.
llvm-svn: 115256
2010-10-01 00:52:17 +00:00
Marcin Swiderski e84cb97997 Fixed checking for trivial destructor in CFGBuilder::addLocalScopeForVarDecl. Checked type does not have to represent C++ class.
llvm-svn: 115254
2010-10-01 00:31:22 +00:00
Marcin Swiderski 667ffecd9e Added:
- Adding LocalScope for CompoundStmt,
- Adding CFGAutomaticObjDtors for end of scope, return, goto, break, continue,
- Regression tests for above cases.

llvm-svn: 115252
2010-10-01 00:23:17 +00:00
Marcin Swiderski 5e41573d26 Added methods for adding LocalScopes and CFGAutomaticObjDtors.
llvm-svn: 115237
2010-09-30 23:05:00 +00:00
Marcin Swiderski 321a707c9c Added methods for inserting CFGAutomaticObjDtors to CFGBlocks,
Fixed some misspells in comments.

llvm-svn: 115236
2010-09-30 22:54:37 +00:00
Marcin Swiderski e9862ce90a Added:
- post-increament, distance and bool conversion methods to LocalScope::const_iterator,
- adding VarDecl to LocalScope.

Fixed some misspells in comments.

llvm-svn: 115227
2010-09-30 22:42:32 +00:00
Marcin Swiderski 99a9040a1f Added two new command line arguments:
-cfg-add-implicit-dtors - sets CFG::BuildOptions::AddImplicitDtors for AnalysisCosumer to true,
-cfg-add-initializers - sets CFG::BuildOptions::AddInitializers for AnalysisCosumer to true.

llvm-svn: 115142
2010-09-30 07:41:24 +00:00
Marcin Swiderski 8b99b8a782 In preparation for adding generation of destructors for objects with automatic storage added:
- LocalScope class with iterator used to pointing into it,
- fat doxygen comment for LocalScope indended usage,
- BlockScopePosPair class used for storing jump targets/sources (for: goto, break, continue), that replaces raw CFGBlock pointer used earlier for this purpose.

llvm-svn: 114790
2010-09-25 11:05:21 +00:00
Marcin Swiderski c0ca7316bc Added:
- definitions of interfaces for CFGInitializer and CFGAutomaticObjDtor,
- support for above classes to print_elem function (renamed print_stmt),
- support for VarDecls in StmtPrinterHelper.

llvm-svn: 114403
2010-09-21 05:58:15 +00:00
Zhongxing Xu d38fb8466c Tidy up.
llvm-svn: 114062
2010-09-16 03:28:18 +00:00
Zhongxing Xu 2cd7a78c76 Introduce new CFGElement hierarchy to support C++ CFG, based on Marcin's patch
and discussions with Ted and Jordy.

llvm-svn: 114056
2010-09-16 01:25:47 +00:00
Ted Kremenek 7b31a61d10 Relax assertion in CFG builder when processing ForStmts. This fixes an assertion failure
on code containing GNU statement expressions reported in PR 8141.

llvm-svn: 113953
2010-09-15 07:01:20 +00:00
Ted Kremenek e97b1ebef1 Add CFG::BuildOptions class to pass in CFG builder options under on parameter. Patch by Marcin Świderski!
llvm-svn: 113898
2010-09-14 23:41:16 +00:00
Ted Kremenek 8abff774aa Fix CFGBuilder crash reported in PR 8141.
llvm-svn: 113826
2010-09-14 01:13:32 +00:00
Michael J. Spencer 09476212de Revert "CMake: Update to use standard CMake dependency tracking facilities instead"
This reverts commit r113631

Conflicts:

	CMakeLists.txt
	lib/CodeGen/CMakeLists.txt

llvm-svn: 113817
2010-09-13 23:54:41 +00:00
Ted Kremenek 35965b972e Remove from the CFG the half-implemented support for scoping information. We decided that scope information doesn't belong in the CFG at all, since it is a lexical construct.
Patch by Marcin Świderski!

llvm-svn: 113798
2010-09-13 22:25:54 +00:00
Michael J. Spencer 0881f4a367 CMake: Update to use standard CMake dependency tracking facilities instead
of whatever we were using before...

llvm-svn: 113631
2010-09-10 21:13:16 +00:00
Ted Kremenek ed12f1b9f9 Add ObjCAtSynchronizedStmt to the CFG and add GRExprEngine support (PreVisit for checkers).
llvm-svn: 113572
2010-09-10 03:05:33 +00:00
Douglas Gregor c9199f522f Clean up CMake dependencies
llvm-svn: 113489
2010-09-09 15:44:58 +00:00
Ted Kremenek f146cd1fa3 Remove stray ';' and convert tabs to spaces.
llvm-svn: 113466
2010-09-09 02:57:48 +00:00
Ted Kremenek f2b0a1bfa0 Enhance -Wunreachable-code to not consider the 'default:' branch of a switch statement live if a switch on an enum value has
explicit 'case:' statements for each enum value.

llvm-svn: 113451
2010-09-09 00:06:10 +00:00
Ted Kremenek b037185b52 Add 'filtered_pred_iterator' and 'filtered_succ_iterator' to CFGBlock. This allows a client
to selectively walk successors/predecessors based on commonly used filters.  For starters, add
a filter to ignore 'default:' cases for SwitchStmts when all enum values are covered by CaseStmts.

llvm-svn: 113449
2010-09-09 00:06:04 +00:00
Zhongxing Xu 33dfc07b00 FinishBlock() is essentially doing nothing except returning '!badCFG'.
llvm-svn: 113149
2010-09-06 07:32:31 +00:00
Zhongxing Xu b1e10aa670 Simplify CFG construction: bail out early when we have a bad CFG.
llvm-svn: 113148
2010-09-06 07:04:06 +00:00
Ted Kremenek 0f5d8bc5fc Improve CFG printing support for CXXOperatorCallExpr and CXXBindTemporaryExpr.
llvm-svn: 112619
2010-08-31 18:47:37 +00:00
Ted Kremenek 128d04dfe8 Explicitly handle CXXOperatorCallExpr when building CFGs. We should treat it the same as CallExprs.
Fixes: <rdar://problem/8375510> [Boost] CFGBuilder crash in Boost.Graph
llvm-svn: 112618
2010-08-31 18:47:34 +00:00
Douglas Gregor 79a2788512 Revert my lame attempt at appeasing the CFGBuilder
llvm-svn: 112580
2010-08-31 05:36:56 +00:00
Douglas Gregor f5d453d067 Teach the CFGBuilder not do die on CXXBindTemporaryExpr, CXXOperatorCallExpr. Fixes a Boost.Graph crasher.
llvm-svn: 112578
2010-08-31 05:10:27 +00:00
Ted Kremenek 52ac860d9c Delete the relaxedLiveness object in the dtor of AnalysisContext.
llvm-svn: 112380
2010-08-28 18:59:04 +00:00
Ted Kremenek 82bfc86792 Explicitly handle CXXExprWithTemporaries during CFG construction by just visiting the subexpression. While we don't do anything intelligent right now, this obviates a bogus -Wunreahable-code warning reported in PR 6130.
llvm-svn: 112334
2010-08-28 00:19:02 +00:00
Tom Care e5aa30c722 Add alternate version of LiveVariables analysis that does not kill liveness at assignments. This 'relaxed' liveness is useful in path sensitive analysis for situations where the resulting extended liveness allows us to find some bugs.
- Added killAtAssign flag to LiveVariables
- Added relaxed LiveVariables to AnalysisContext with an accessor

llvm-svn: 112306
2010-08-27 22:30:10 +00:00
Tom Care 9a68bccd0c Add missing null checks in PseudoConstantAnalysis
llvm-svn: 112100
2010-08-25 22:46:03 +00:00
Tom Care 82b2a1dada Improved the handling of blocks and block variables in PseudoConstantAnalysis
- Removed the assumption that __block vars are all non-constant
- Simplified some repetitive code in RunAnalysis
- Added block walking support
- Code/comments cleanup
- Separated out test for block pseudoconstants

llvm-svn: 112098
2010-08-25 22:37:26 +00:00
John McCall e302792b61 GCC didn't care for my attempt at API compatibility, so brute-force everything
to the new constants.

llvm-svn: 112047
2010-08-25 11:45:40 +00:00
Ted Kremenek 5f0c066062 Fix printf format string checking for '%lc' (which expects a wint_t or compatible argument). Fixes PR 7981.
llvm-svn: 111978
2010-08-24 22:24:51 +00:00
Tom Care a460311710 Improvements to IdempotentOperationChecker and its use of PseudoConstantAnalysis
- Added wasReferenced function to PseudoConstantAnalysis to determine if a variable was ever referenced in a function (outside of a self-assignment)
- BlockDeclRefExpr referenced variables are now explicitly added to the non-constant list
- Remove unnecessary ignore of implicit casts
- Generalized parameter self-assign detection to detect deliberate self-assigns of variables to avoid unused variable warnings
- Updated test cases with deliberate self-assignments
- Fixed bug with C++ references and pseudoconstants
- Added test case for C++ references and pseudoconstants

llvm-svn: 111965
2010-08-24 21:09:07 +00:00
Tom Care e332c3b762 Several small changes to PseudoConstantAnalysis and the way IdempotentOperationChecker uses it.
- Psuedo -> Pseudo (doh...)
- C++ reference support
- Added pseudoconstant test case for __block vars
- Separated out static local checking from pseudoconstant analysis and generalized to non-local checking
- Added missing test cases for storage false positives

llvm-svn: 111832
2010-08-23 19:51:57 +00:00
Eli Friedman 04831926ec Detabify.
llvm-svn: 111768
2010-08-22 01:00:03 +00:00
Tom Care b9933f365e Added psuedo-constant analysis and integrated it into the false positive reduction stage in IdempotentOperationChecker.
- Renamed IdempotentOperationChecker::isConstant to isConstantOrPseudoConstant to better reflect the function
- Changed IdempotentOperationChecker::PreVisitBinaryOperator to only run 'CanVary' once on undefined assumptions
- Created new PsuedoConstantAnalysis class and added it to AnalysisContext
- Changed IdempotentOperationChecker to exploit the new analysis
- Updated tests with psuedo-constants
- Added check to IdempotentOperationChecker to see if a Decl is const qualified

llvm-svn: 111426
2010-08-18 21:17:24 +00:00
Ted Kremenek 4f2ab5a549 Fix horrible CFG bug caused by a series of NullStmts appearing at the beginning of a do...while loop. This would cause
the body of the DoStmt to be disconnected from the preceding code.

llvm-svn: 111283
2010-08-17 21:00:06 +00:00
Ted Kremenek 110974dfa4 CFGBuilder: don't create the empty "loop back" block for DoStmts if the loop edge can never be taken.
llvm-svn: 111282
2010-08-17 20:59:56 +00:00
Tom Care ec389da6f2 Fix a bug where child statements could not be identified as being in a CFGBlock in CFGStmtMap::getBlock.
llvm-svn: 110881
2010-08-11 23:36:58 +00:00
Ted Kremenek 8a297e9f27 Remove bonehead redeclaration.
llvm-svn: 110288
2010-08-05 00:03:46 +00:00
Ted Kremenek 60fa657aa2 Fix CFGBuilder to not blow out the stack when processing deeply nested CaseStmts. Fixes <rdar://problem/8268753>.
llvm-svn: 110286
2010-08-04 23:54:30 +00:00
Ted Kremenek 0950212b50 Add CFGStmtMap, which defines a mapping from Stmt* to CFGBlock*. The immediate intended use is in the unreachable code analysis.
llvm-svn: 110230
2010-08-04 18:23:15 +00:00
Ted Kremenek 4a2b237967 Add -cc1 option '-unoptimized-cfg' to toggle using a CFG (for static analysis) that doesn't prune CFG edges.
llvm-svn: 110087
2010-08-03 00:09:51 +00:00
Ted Kremenek dc03bd0894 Add 'AnalysisContext::getUnoptimizedCFG()' to allow clients to get access to the original
CFG without any edges pruned out because of trivially solvable conditions (e.g., 'if (0)').

llvm-svn: 110085
2010-08-02 23:46:59 +00:00
Michael J. Spencer 2c35bc1232 Revert r109428 "Hoist argument type checking into CheckFormatHandler. This is prep for scanf format"
Got errors about ASTContext being undefined with Visual Studio 2010.

llvm-svn: 109491
2010-07-27 04:46:02 +00:00
Dan Gohman 28ade550f4 Fix namespace polution.
llvm-svn: 109440
2010-07-26 21:25:24 +00:00
Ted Kremenek df4472bca0 Hoist argument type checking into CheckFormatHandler. This is prep for scanf format
string argument type checking.

llvm-svn: 109428
2010-07-26 19:45:54 +00:00
Zhongxing Xu adf644d05e Make a bunch of new data structures for the new analysis
engine of the new translation unit. State marshal is there but no real
work is done. End nodes are passed back.

llvm-svn: 109105
2010-07-22 13:52:13 +00:00
Ted Kremenek 4407ea4948 Hookup checking for invalid length modifiers in scanf format strings.
llvm-svn: 108907
2010-07-20 20:04:47 +00:00
Ted Kremenek ea28f83a5f Move 'hasValidLengthModifier' from PrintfFormatSpecifier to FormatSpecifier.
llvm-svn: 108906
2010-07-20 20:04:42 +00:00
Ted Kremenek 36521956f7 Cleanup whitespace in switch statement. No functionality change.
llvm-svn: 108905
2010-07-20 20:04:36 +00:00
Ted Kremenek f03e6d85a1 Add 'ConversionSpecifier' root class in 'analyze_format_string' namespace and
derived 'PrintfConversionSpecifier' from this class.  We will do the same for
'ScanfConversionSpecifier'.

llvm-svn: 108903
2010-07-20 20:04:27 +00:00
Ted Kremenek 348d1499c1 Rename 'UnicodeStrArg' to 'SArg'.
llvm-svn: 108901
2010-07-20 20:04:15 +00:00
Ted Kremenek 516ef222ba Rename 'ConsumedSoFarArg' -> 'nArg' and 'OutIntPtrArg' to 'nArg' (scanf and printf checking).
llvm-svn: 108900
2010-07-20 20:04:10 +00:00
Ted Kremenek 1ce32be36a Rename 'VoidPtrArg' to 'pArg' in printf/scanf checking.
llvm-svn: 108899
2010-07-20 20:04:04 +00:00
Ted Kremenek 563e3edbc2 Rename 'CStrArg' to 'sArg' for printf checking to match with the analagous enum for scanf checking.
llvm-svn: 108898
2010-07-20 20:03:58 +00:00
Ted Kremenek ab0fe8a48d Rename analyze_printf::ConversionSpecifier::IntAsCharArg to 'cArg' to match
analagous enum in analyze_scanf.  This is prep for refactoring the logic for handling
ConversionSpecifiers for both scanf and printf.

llvm-svn: 108897
2010-07-20 20:03:49 +00:00
Ted Kremenek 5c3e1b9a54 Add missing conversion specifier parsing for 'u', 'x', 'o', and 's'. Fixes <rdar://problem/8204052>.
llvm-svn: 108742
2010-07-19 19:47:40 +00:00
Zhongxing Xu 84f65e0692 Reapply r108617.
llvm-svn: 108668
2010-07-19 01:31:21 +00:00
Chris Lattner ad4f38b1a9 BUILD_ARCHIVE is the default for libraries, no need to set it.
llvm-svn: 108633
2010-07-18 00:14:47 +00:00
Benjamin Kramer e2e031ed6f Revert r108617, it broke the build.
llvm-svn: 108621
2010-07-17 13:51:58 +00:00
Zhongxing Xu 4ca4a999b1 Prepare the analyzer for the callee in another translation unit:
Let AnalysisContext contain a TranslationUnit.
  Let CallEnter refer to an AnalysisContext instead of a FunctionDecl.

llvm-svn: 108617
2010-07-17 11:12:42 +00:00
Ted Kremenek d7b31cc60d Hook up warning for an incomplete scanlist in scanf format strings.
llvm-svn: 108542
2010-07-16 18:28:03 +00:00
Ted Kremenek a1ef09407d Add the main scanf-parsing logic that I meant to include in my previous commit.
llvm-svn: 108502
2010-07-16 02:11:31 +00:00
Ted Kremenek 575e89dda1 Add missing header file.
llvm-svn: 108501
2010-07-16 02:11:26 +00:00
Ted Kremenek 0208793e41 Add most of the boilerplate support for scanf format string checking. This includes
handling the parsing of scanf format strings and hooking the checking into Sema.
Most of this checking logic piggybacks on what was already there for checking printf format
strings, but the checking logic has been refactored to support both.

What is left to be done is to support argument type checking in format strings and of course
fix the usual tail of bugs that will follow.

llvm-svn: 108500
2010-07-16 02:11:22 +00:00
Douglas Gregor 49b4d73451 Type Type::isRealFloatingType() that vectors are not floating-point
types, updating callers of both isFloatingType() and
isRealFloatingType() accordingly. Caught at least one issue where we
allowed one to declare a vector of vectors (!), along with cleaning up
the standard-conversion logic for C++.

llvm-svn: 106595
2010-06-22 23:07:26 +00:00
Tom Care 6e4ea2db7f Printf format strings: Added some more tests and fixed some minor bugs.
- Precision toStrings shouldn't print a dot when they have no value.
- Length of char length modifier is now returned correctly.
- Added several fixit tests.

Note: fixit tests are currently broken due to a bug in HighlightRange. Marking as XFAIL for now.

M    test/Sema/format-strings-fixit.c
M    include/clang/Analysis/Analyses/PrintfFormatString.h
M    lib/Analysis/PrintfFormatString.cpp

llvm-svn: 106275
2010-06-18 03:02:16 +00:00
Tom Care 9eee328dac Bug 7394 - Fixed toString representation of Precisions in format strings.
M    include/clang/Analysis/Analyses/PrintfFormatString.h
M    lib/Analysis/PrintfFormatString.cpp

llvm-svn: 106245
2010-06-17 22:55:40 +00:00
Tom Care b49ec6907b Bug 7377: Fixed several bad printf format string bugs.
- Added warning for undefined behavior when using field specifier
- Added warning for undefined behavior when using length modifier
- Fixed warnings for invalid flags
- Added warning for ignored flags
- Added fixits for the above warnings
- Fixed accuracy of detecting several undefined behavior conditions
- Receive normal warnings in addition to security warnings when using %n
- Fix bug where '+' flag would remain on unsigned conversion suggestions

Summary of changes:
- Added expanded tests
- Added/expanded warnings
- Added position info to OptionalAmounts for fixits
- Extracted optional flags to a wrapper class with position info for fixits
- Added several methods to validate a FormatSpecifier by component, each checking for undefined behavior
- Fixed conversion specifier checking to conform to C99 standard
- Added hooks to detect the invalid states in CheckPrintfHandler::HandleFormatSpecifier

Note: warnings involving the ' ' (space) flag are temporarily disabled until whitespace highlighting no longer triggers assertions. I will make a post about this on cfe-dev shortly.

M    test/Sema/format-strings.c
M    include/clang/Basic/DiagnosticSemaKinds.td
M    include/clang/Analysis/Analyses/PrintfFormatString.h
M    lib/Analysis/PrintfFormatString.cpp
M    lib/Sema/SemaChecking.cpp

llvm-svn: 106233
2010-06-17 19:00:27 +00:00
Alexis Hunt c675ec09f0 Update CMake build for new attribute changes.
llvm-svn: 106188
2010-06-17 00:37:02 +00:00
Ted Kremenek 64c235e4c6 Extend format string type-checking to include '%p'. Fixes remaining cases PR 4468.
llvm-svn: 106151
2010-06-16 21:23:04 +00:00
Tom Care 00554634db Small fixes regarding printf fix suggestions.
- Added some handling of flags that become invalid when changing the conversion specifier.
- Changed fixit behavior to remove unnecessary length modifiers.
- Separated some tests out and added some comments.

modified:
  lib/Analysis/PrintfFormatString.cpp
  test/Sema/format-strings-fixit.c

llvm-svn: 105807
2010-06-11 04:22:02 +00:00
Douglas Gregor b4e3533ce1 Fix a typo that breaks the GCC build. Turns out that Clang isn't
diagnosing this code as an error when it should, so I've filed
http://llvm.org/bugs/show_bug.cgi?id=7325. 

llvm-svn: 105683
2010-06-09 05:25:34 +00:00
Tom Care b704270779 Added FixIt support to printf format string checking.
- Refactored LengthModifier to be a class.
- Added toString methods in all member classes of FormatSpecifier.
- FixIt suggestions keep user specified flags unless incorrect.

Limitations:
- The suggestions are not conversion specifier sensitive. For example, if we have a 'pad with zeroes' flag, and the correction is a string conversion specifier, we do not remove the flag. Clang will warn us on the next compilation.

A    test/Sema/format-strings-fixit.c
M    include/clang/Analysis/Analyses/PrintfFormatString.h
M    lib/Analysis/PrintfFormatString.cpp
M    lib/Sema/SemaChecking.cpp

llvm-svn: 105680
2010-06-09 04:11:11 +00:00
Daniel Dunbar ee6b692551 Makefiles: Set Clang CPP compiler flags in a single location, instead of scattered throughout the project Makefiles.
llvm-svn: 105638
2010-06-08 20:44:43 +00:00
Daniel Dunbar e6c1daa8fd Makefile: Switch Clang Makefiles to always include the top-level Clang Makefile.
- This eliminates most dependencies on how Clang is installed relative to LLVM.

llvm-svn: 105637
2010-06-08 20:34:18 +00:00
Jordy Rose 2e22268904 Assignments to reference variables shouldn't kill the variable.
llvm-svn: 105452
2010-06-04 01:14:56 +00:00
Zhongxing Xu ea9fcffe03 Make addStmt always add stmt. Delegate other cases to Visit() directly.
llvm-svn: 105384
2010-06-03 06:43:23 +00:00
Zhongxing Xu 41cdf585c2 CFG: add all LHS of assingments as lvalue. This improves support for C++ reference. Patch by Jordy.
llvm-svn: 105383
2010-06-03 06:23:18 +00:00
Alexis Hunt ed05325dbe Convert DeclNodes to use TableGen.
The macros required for DeclNodes use have changed to match the use of
StmtNodes. The FooFirst enumerator constants have been named firstFoo
to match usage elsewhere.

llvm-svn: 105165
2010-05-30 07:21:58 +00:00
Ted Kremenek 304a9537e1 Fix crash in CFG construction for 'break' statements appearing in statement expressions
within the increment code of a for loop.

llvm-svn: 104375
2010-05-21 20:30:15 +00:00
Ted Kremenek ecc31c93c2 Don't add a null successor to a CFGBlock when the contents of an @synchronized statement is empty.
Fixes <rdar://problem/7979430>.

llvm-svn: 103717
2010-05-13 16:38:08 +00:00
Douglas Gregor ecc60b99f9 Unbreak CMake build.
llvm-svn: 103077
2010-05-05 05:41:05 +00:00
Ted Kremenek bc1416dcad Add null check in CFGBuilder::VisitStmt() to make CFG construction
more resilient to bad code.

llvm-svn: 102793
2010-04-30 22:25:53 +00:00
Ted Kremenek 989da5eeff Fix CFG crasher involving statement expressions reported in PR 6938.
llvm-svn: 102576
2010-04-29 01:10:26 +00:00
Zhongxing Xu b5e94ac97d Use direct assignment instead of user defined conversion.
llvm-svn: 101236
2010-04-14 05:50:04 +00:00
Zhongxing Xu 7e61217d86 CFGBuilder: always add C++ member call expr as block-level expr.
llvm-svn: 101127
2010-04-13 09:38:01 +00:00
Ted Kremenek 5868ec6e3d Fix CFG bug where bases of member expressions were not always evaluated in a lvalue context. Fixes <rdar://problem/7813989>.
llvm-svn: 100966
2010-04-11 17:02:10 +00:00
Ted Kremenek 66de60376c Fix bug in AddStmtChoice:asLValue() where 'AsLValueNotAlwaysAdd' would not be treated as indicating an lvalue.
llvm-svn: 100965
2010-04-11 17:02:04 +00:00
Ted Kremenek d2ba1f9ff0 Sort visitor methods. No functionality change.
llvm-svn: 100964
2010-04-11 17:01:59 +00:00
Rafael Espindola c50c27cca8 the big refactoring bits of PR3782.
This introduces FunctionType::ExtInfo to hold the calling convention and the
noreturn attribute. The next patch will extend it to include the regparm
attribute and fix the bug.

llvm-svn: 99920
2010-03-30 20:24:48 +00:00
Rafael Espindola 8756268ee5 Be a bit more consistent in using operator->
This patch moves some methods from QualType to Type and changes the users to
use -> instead of .

llvm-svn: 99805
2010-03-29 03:39:46 +00:00
Ted Kremenek 186508c7d6 Fix '+=' accumulation error when parsing numeric amounts in a format string.
llvm-svn: 99479
2010-03-25 03:59:09 +00:00
Ted Kremenek 0b40532b5e Only perform CFG-based warnings on 'static inline' functions that
are called (transitively) by regular functions/blocks within a
translation untion.

llvm-svn: 99233
2010-03-23 00:13:23 +00:00
Jeffrey Yasskin f6442f80cb Allow users to set CPPFLAGS and CXXFLAGS on the make command line.
Tested: make CPPFLAGS=-m64 CXXFLAGS=-m64 -j8 && (cd tools/clang;make test)
llvm-svn: 98399
2010-03-12 22:55:16 +00:00
Ted Kremenek 575398e29b When computing in AnalysisContext the variables referenced
by a block, also look at the contained blocks.

llvm-svn: 98111
2010-03-10 00:18:11 +00:00
Benjamin Kramer a3b13411fa Simplify code a bit and remove unneeded semicolons.
llvm-svn: 97654
2010-03-03 16:28:47 +00:00
Ted Kremenek 0f0883b918 Fix an algorithmic bug in LiveVariables pointed out by Zhongxing.
If an initializer in a DeclStmt references the declared variable, that
extends the liveness of that variable.

llvm-svn: 97624
2010-03-03 01:17:41 +00:00
Ted Kremenek 5d2bb1b9b3 [CFG]
After discussion with Zhongxing, don't force the initializer of DeclStmts to be
block-level expressions.

This led to some interesting fallout:

[UninitializedValues]

Always visit the initializer of DeclStmts (do not assume they are block-level expressions).

[BasicStore]

With initializers of DeclStmts no longer block-level expressions, this causes self-referencing initializers (e.g. 'int x = x') to no longer cause the initialized variable to be live before the DeclStmt.  While this is correct, it caused BasicStore::RemoveDeadBindings() to prune off the values of these variables from the initial store (where they are set to uninitialized).  The fix is to back-port some (and only some) of the lazy-binding logic from RegionStore to
BasicStore.  Now the default values of local variables are determined lazily as opposed
to explicitly initialized.

llvm-svn: 97591
2010-03-02 21:43:54 +00:00
Zhongxing Xu d497e126cb Register all parameters even if they didn't occur in the function body.
We may query their liveness because they are added to store when passing
argument values.

llvm-svn: 97562
2010-03-02 10:08:30 +00:00
Ted Kremenek 80263e5905 Allow a '0' precision in format strings (as the man page says it is okay).
Fixes <rdar://problem/7700339>.

llvm-svn: 97482
2010-03-01 19:22:33 +00:00
Ted Kremenek d166819c26 For printf format string checking, add support for positional format strings.
Along the way, coelesce some of the diagnostics.

llvm-svn: 97297
2010-02-27 01:41:03 +00:00
Ted Kremenek 4a49d9818b For printf format string checking, move the tracking of the data argument index out of
Sema and into analyze_printf::ParseFormatString().  Also use a bitvector to determine
what arguments have been covered (instead of just checking to see if the last argument consumed is the max argument).  This is prep. for support positional arguments (an IEEE extension).

llvm-svn: 97248
2010-02-26 19:18:41 +00:00
Zhongxing Xu a396e617b5 Always add CallExpr as block-level expression. Inline-based interprocedural
analysis needs this.

llvm-svn: 97014
2010-02-24 02:19:28 +00:00
Ted Kremenek 74a4ce7f1e Add support for '%C' and '%S' printf conversion specifiers.
llvm-svn: 97005
2010-02-24 00:05:54 +00:00
Ted Kremenek 552eeaa93e Move the rest of the unreachable code analysis from libSema
to libAnalysis (with only the error reporting in libSema).

llvm-svn: 96893
2010-02-23 05:59:20 +00:00
Ted Kremenek 7296de9ae3 Start moving some of the logic for the unreachable code analysis out of libSema
and into libAnalysis.

llvm-svn: 96872
2010-02-23 02:39:16 +00:00
Daniel Dunbar 260918ce5c Revert "Simplify code: Succ is guaranteed to be not NULL.", which turns out to
not be guaranteed.

llvm-svn: 96782
2010-02-22 05:58:59 +00:00
Zhongxing Xu d39620c451 Simplify code: Succ is guaranteed to be not NULL.
llvm-svn: 96772
2010-02-22 02:59:27 +00:00
Zhongxing Xu 86bab2cddd Add a utility method.
llvm-svn: 96471
2010-02-17 08:45:06 +00:00
Ted Kremenek c8b188d541 Refactor the logic for printf argument type-checking into analyze_printf::ArgTypeResult.
Implement printf argument type checking for '%s'.

Fixes <rdar://problem/3065808>.

llvm-svn: 96310
2010-02-16 01:46:59 +00:00
Ted Kremenek 2a0cd59f8e Convert tabs to spaces.
llvm-svn: 95621
2010-02-09 00:04:09 +00:00
Ted Kremenek 5abd69d946 Teach RegionStore::InvalidateRegions() to also invalidate static variables referenced by blocks.
llvm-svn: 95459
2010-02-06 00:30:00 +00:00
Ted Kremenek 1de1707bfc Move ParseFormatString() and FormatStringHandler back into the analyze_printf namespace.
llvm-svn: 95324
2010-02-04 20:46:58 +00:00
Ted Kremenek 016b605266 Add format string type checking support for 'long double'.
llvm-svn: 95026
2010-02-01 23:23:50 +00:00
Daniel Dunbar 19b70bd46c Recognize 'q' as a format length modifier (from BSD).
llvm-svn: 94894
2010-01-30 15:49:20 +00:00
Ted Kremenek 9ff02052dd Add format string checking of 'double' arguments. Fixes <rdar://problem/6931734>.
llvm-svn: 94867
2010-01-30 01:02:18 +00:00
Ted Kremenek ba775fe5c7 Fix spacing.
llvm-svn: 94852
2010-01-29 23:00:35 +00:00
Ted Kremenek 79db7b7b17 Per a suggestion from Cristian Draghici, add a method to FormatSpecifier that returns the expected type of the matching data argument. It isn't complete, but should handle several of the important cases.
llvm-svn: 94851
2010-01-29 22:59:32 +00:00
Ted Kremenek 23a71a1cdf Enhancements to the alternate (WIP) format string checking:
- Add ConversionSpecifier::consumesDataArgument() as a helper method
  to determine if a conversion specifier requires a matching argument.
- Add support for glibc-specific '%m' conversion
- Add an extra callback to HandleNull() for locations within the
  format specifier that have a null character

llvm-svn: 94834
2010-01-29 20:29:53 +00:00
Ted Kremenek c22f78ddfd Alternate format string checking: issue warnings for incomplete format specifiers.
In addition, move ParseFormatString() and FormatStringHandler() from
the clang::analyze_printf to the clang namespace.  Hopefully this will
resolve some link errors on Linux.

llvm-svn: 94794
2010-01-29 03:16:21 +00:00
Ted Kremenek 94af575e9c Alternate format string checking: issue a warning for invalid conversion specifiers.
llvm-svn: 94792
2010-01-29 02:40:24 +00:00
Ted Kremenek 176f7d6ef0 Yet another attempt to make the Linux buildbots happy. Apparently there are differences on how nested namespaces are handled...
llvm-svn: 94790
2010-01-29 02:13:53 +00:00
Ted Kremenek 559d89a02a Move definition of FormatStringHandler::~FormatStringHandler() within namespace directives. Hopefully this will make the Linux buildbots happy.
llvm-svn: 94784
2010-01-29 01:37:52 +00:00
Ted Kremenek 5739de77fa Add precision/field width checking to AlternateCheckPrintfString().
llvm-svn: 94774
2010-01-29 01:06:55 +00:00
Ted Kremenek b5c98ef61e Fix off-by-one error in ParseFormatSpecifier() when reporting the location of a null character.
llvm-svn: 94762
2010-01-28 23:56:52 +00:00
Ted Kremenek fee0e96c82 Add position of conversion specifier character to 'ConversionSpecifier'.
llvm-svn: 94739
2010-01-28 02:46:17 +00:00
Ted Kremenek 08ad1cceb3 Rename namespace clang::printf to clang::analyze_printf to avoid problems where the reference to 'printf' is ambiguous.
llvm-svn: 94733
2010-01-28 02:02:59 +00:00
Ted Kremenek bcbdaea703 Allow HandleFormatSpecifier() to indicate that no more processing of the format string is desired.
llvm-svn: 94715
2010-01-28 01:00:59 +00:00
Ted Kremenek c06ead62f0 Add '@' conversion specifier.
llvm-svn: 94713
2010-01-28 00:55:28 +00:00
Ted Kremenek fa784e88e8 Remove invalid conversion specifiers from format string checking.
llvm-svn: 94707
2010-01-28 00:17:51 +00:00
Ted Kremenek c8d9c01f04 Add a few more conversion specifiers to ParseFormatSpecifier (these appear in SemaChecking).
llvm-svn: 94704
2010-01-28 00:02:05 +00:00
Ted Kremenek a2e77b41f3 Add skeleton for a more structured way to analyzing pring format
strings than what we currently have in Sema.  This is both an
experiment and a WIP.

The idea is simple: parse the format string incrementally,
constructing a well-structure representation of each format specifier.
Each format specifier is then handed back one-by-one to a client via a
callback.  Malformed format strings are also handled with callbacks.
The idea is to separate the parsing of the format string from the
emission of diagnostics.  Currently what we have in Sema for handling
format strings is a mongrel of both that is hard to follow and
difficult to modify (I can apply this label since I'm the original
author of that code).

This is in libAnalysis as it is reasonable generic and can potentially
be used both by libSema and libChecker.

Comments welcome.

llvm-svn: 94702
2010-01-27 23:43:25 +00:00
Ted Kremenek d6b8708643 Split libAnalysis into two libraries: libAnalysis and libChecker.
(1) libAnalysis is a generic analysis library that can be used by
    Sema.  It defines the CFG, basic dataflow analysis primitives, and
    inexpensive flow-sensitive analyses (e.g. LiveVariables).

(2) libChecker contains the guts of the static analyzer, incuding the
    path-sensitive analysis engine and domain-specific checks.

Now any clients that want to use the frontend to build their own tools
don't need to link in the entire static analyzer.

This change exposes various obvious cleanups that can be made to the
layout of files and headers in libChecker.  More changes pending.  :)

This change also exposed a layering violation between AnalysisContext
and MemRegion.  BlockInvocationContext shouldn't explicitly know about
BlockDataRegions.  For now I've removed the BlockDataRegion* from
BlockInvocationContext (removing context-sensitivity; although this
wasn't used yet).  We need to have a better way to extend
BlockInvocationContext (and any LocationContext) to add
context-sensitivty.

llvm-svn: 94406
2010-01-25 04:41:41 +00:00
Chris Lattner 0bcc858a2b -fno-rtti is now the default.
llvm-svn: 94379
2010-01-24 20:43:31 +00:00
Zhongxing Xu a1293a67cd Process cast according to the cast kind. Prepare for more specific cast
handling (for C++). No functionality change for now.

llvm-svn: 94153
2010-01-22 04:30:00 +00:00
Mike Stump cc3a853df7 Improve unreachable code warnings with respect to dead binary and
unary operators.

llvm-svn: 94084
2010-01-21 17:21:23 +00:00
Mike Stump 04c6851cd6 Speed up compilation by avoiding generating exceptional edges from
CallExprs as those edges help cause a n^2 explosion in the number of
destructor calls.  Other consumers, such as static analysis, that
would like to have more a more complete CFG can select the inclusion
of those edges as CFG build time.

This also fixes up the two compilation users of CFGs to be tolerant of
having or not having those edges.  All catch code is assumed be to
live if we didn't generate the exceptional edges for CallExprs.

llvm-svn: 94074
2010-01-21 15:20:48 +00:00
Mike Stump 6bf1c08e99 Add infrastructure to add base initializers and member initializers to
the CFG.  WIP.

llvm-svn: 94062
2010-01-21 02:21:40 +00:00
Zhongxing Xu eb76a85af0 Correct comments.
llvm-svn: 93999
2010-01-20 07:57:45 +00:00
Mike Stump 845384a938 Wire up the EH context for the catch clauses to the outer EH context. WIP.
llvm-svn: 93963
2010-01-20 01:30:58 +00:00
Mike Stump 0bdba6cdd8 Add an exceptional edge from the try terminated block to the outer EH
context (try or the Exit block) when there isn't a catch (...).

Improve CFG printing for catch (...).

llvm-svn: 93962
2010-01-20 01:15:34 +00:00
Mike Stump 92244b00c7 Add CFG support for the start and end of scopes and infrastructure for
implicit destructor calls.  WIP.

llvm-svn: 93922
2010-01-19 22:00:14 +00:00
Ted Kremenek 60983dc3ad Tighten code and rework indentation of some if() branches (for readability). No functionality change.
llvm-svn: 93904
2010-01-19 20:52:05 +00:00
Ted Kremenek 1362b8bbe6 Remove extra space in uses of 'assert()'.
llvm-svn: 93903
2010-01-19 20:46:35 +00:00
Ted Kremenek b27378c82f Re-alphabetize cases in switch statement.
llvm-svn: 93902
2010-01-19 20:40:33 +00:00
Zhongxing Xu cd17954dbe Fix a serious bug: Tmp3 is the wrong destination set. We should create a new
intermediate destination set Tmp4.

llvm-svn: 93873
2010-01-19 09:25:53 +00:00
Mike Stump bbf5ba66a9 Add try/catch CFG support. Also improve throw CFG support. WIP.
llvm-svn: 93840
2010-01-19 02:20:09 +00:00
Zhongxing Xu 228b0d4def Add support for computing size in elements for symbolic regions obtained from
malloc().

llvm-svn: 93722
2010-01-18 08:54:31 +00:00
Zhongxing Xu e2bdb9a6e2 If the symbol has not been tracked, do not free it. This is possible when free
is called on a pointer that does not get its value directly from malloc.

llvm-svn: 93706
2010-01-18 03:27:34 +00:00
Ted Kremenek abf6ba1612 Don't suggest the developer use 'arc4random' instead of 'rand' when that function is not available. Fixes PR 6012.
llvm-svn: 93508
2010-01-15 08:20:31 +00:00
Ted Kremenek d74cc397c8 Teach BugReporter to "escape" the occurance of '%' characters in diagnostic messages when emitted results to the standard Diagnostics output. Fixes PR 6033.
llvm-svn: 93507
2010-01-15 07:56:51 +00:00
Ted Kremenek 959990b840 Convert a few more uses of std::string& to llvm::StringRef.
llvm-svn: 93506
2010-01-15 07:43:59 +00:00
Zhongxing Xu 803ade2532 Fix pr6035.
llvm-svn: 93422
2010-01-14 03:45:06 +00:00
Mike Stump 1bacb81d6f Add an unreachable code checker.
llvm-svn: 93287
2010-01-13 02:59:54 +00:00
Benjamin Kramer 378083101c Fix pasto.
llvm-svn: 93181
2010-01-11 20:15:06 +00:00
Benjamin Kramer 0129bd7432 Avoid use of deprecated functions (CStrInCStrNoCase and StringsEqualNoCase).
llvm-svn: 93175
2010-01-11 19:46:28 +00:00
Ken Dyck 40775003e6 Roll out ASTContext::getTypeSizeInChars(), replacing instances of
"ASTContext::getTypeSize() / 8". Replace [u]int64_t variables with CharUnits
ones as appropriate. 

Also rename RawType, fromRaw(), and getRaw() in CharUnits to QuantityType, 
fromQuantity(), and getQuantity() for clarity.

llvm-svn: 93153
2010-01-11 17:06:35 +00:00
Zhongxing Xu e47550e452 Enhance ScanReachableSymbols::scan(). Now another OSAtomic test case passes.
The old test case has a little mistake.

llvm-svn: 93148
2010-01-11 07:40:00 +00:00
Zhongxing Xu cbbf855432 Enhance SVals::getAsRegion: get the region that is converted to an integer.
This with previous patch fixes a OSAtomic test case.

llvm-svn: 93146
2010-01-11 06:52:53 +00:00
Ted Kremenek be909b5eff Switch RegionStore over to using <BaseRegion+raw offset> to store
value bindings.  Along with a small change to OSAtomicChecker, this
resolves <rdar://problem/7527292> and resolves some long-standing
issues with how values can be bound to the same physical address by
not have the same "key".  This change is only a beginning; logically
RegionStore needs to better handle loads from addresses where the
stored value is larger/smaller/different type than the loaded value.
We handle these cases in an approximate fashion now (via
CastRetrievedVal and help in SimpleSValuator), but it could be made
much smarter.

llvm-svn: 93137
2010-01-11 02:33:26 +00:00
Ted Kremenek 8e994a2808 Preliminary reworking of value-binding logic in RegionStore:
(1) Introduce a new 'BindingKey' class to match 'BindingValue'.  This
gives us the flexibility to change the current key value from 'const
MemRegion*' to something more interesting.

(2) Rework additions/removals/lookups from the store to use new
'Remove', 'Add', 'Lookup' utility methods.

No "real" functionality change; just prep work and abstraction.

llvm-svn: 93136
2010-01-11 00:07:44 +00:00
Ted Kremenek c6aa800eb3 Fix overzealous assertion in GRExprEngine::VisitLValue(). A
CallExpr/ObjCMessageExpr can be visited in an "lvalue" context if it
returns a struct temporary.  Currently the analyzer doesn't reason
about struct temporary returned by function calls, but we shouldn't
crash here either.

llvm-svn: 93081
2010-01-09 22:58:54 +00:00
Ted Kremenek 9aa01441c3 Fix broken diagnostic when returning the address of a stack-allocated array.
llvm-svn: 93071
2010-01-09 20:05:00 +00:00
Zhongxing Xu f1eeb78ffc When binding an rvalue to a reference, create a temporary object. Use
CXXObjectRegion to represent it. 

In Environment, lookup a literal expression before make up a value for it.

llvm-svn: 93047
2010-01-09 09:16:47 +00:00
Ted Kremenek b92304b42f Fix handling in GRExprEngine of 'default' branch in switch statements
when the default case is winnowed down to be infeasible.  When all
cases were ruled out (and the analysis state for the default case
would be infeasible) we would still consider the default case
possible.  This fixes PR 5969.

llvm-svn: 93017
2010-01-08 18:54:04 +00:00
Zhongxing Xu 662ba69a15 Revert r92318. Instead fix the analyzer: do not call
ASTContext::hasSameUnqualifiedType() when one of the type is VariableArrayType.

llvm-svn: 92723
2010-01-05 09:27:03 +00:00
Ted Kremenek acd71a4562 Make static analysis support for C++ 'this' expression context-sensitive. Essentially treat 'this' as a implicit parameter to the method call, and associate a region with it.
llvm-svn: 92675
2010-01-05 02:18:06 +00:00
Ted Kremenek de8e7447b6 Remove references to 'Checker' and 'GRTransferFuncs' from
GRStateManager.  Having these references was an abstraction violation,
as they really should only be known about GRExprEngine.

This change required adding a new 'ProcessAssume' callback in
GRSubEngine.  GRExprEngine implements this callback by calling
'EvalAssume' on all registered Checker objects as well as the
registered GRTransferFunc object.

llvm-svn: 92549
2010-01-05 00:15:18 +00:00
Zhongxing Xu b0e15df36b Let constraint manager inform checkers that some assumption logic has happend.
Add new states for symbolic regions tracked by malloc checker. This enables us
to do malloc checking more accurately. See test case.

Based on Lei Zhang's patch and discussion.

llvm-svn: 92342
2009-12-31 06:13:07 +00:00
Zhongxing Xu 7b8b4d70ef Simplify code by using an equivalent template class.
llvm-svn: 92305
2009-12-30 06:38:20 +00:00
Benjamin Kramer d20ef75b91 Remove some dead variables clang-analyzer found.
llvm-svn: 92162
2009-12-25 15:43:36 +00:00
Benjamin Kramer a713b5d9a8 Fix typo spotted by MSVC.
GRExprEngine.cpp(1348) : warning C4305: 'argument' : truncation from 'clang::ProgramPoint::Kind' to 'bool'

llvm-svn: 92154
2009-12-25 09:44:02 +00:00
Zhongxing Xu 51f1ca852f As Ted suggested, record the callsite information with the StackFrameContext.
llvm-svn: 92121
2009-12-24 03:34:38 +00:00
Ted Kremenek 9c951ab4f1 Enhance dataflow analyses to recognize branch statements in the CFG used as hooks for the initialization of condition variables.
llvm-svn: 92119
2009-12-24 02:40:30 +00:00
Zhongxing Xu 1704c4331b Inter-procedural analysis: now we can return from the callee.
llvm-svn: 92116
2009-12-24 02:25:21 +00:00
Ted Kremenek b135a13564 Teach GRExprEngine to handle the initialization of the condition variable of a ForStmt.
llvm-svn: 92114
2009-12-24 01:49:25 +00:00
Ted Kremenek ec92f9492b Add CFG support for the initializer of the condition variable of a ForStmt.
llvm-svn: 92113
2009-12-24 01:49:06 +00:00
Ted Kremenek 1ce53c4320 CFG tweak: in a WhileStmt, the condition variable initializer is evaluated every time the condition is checked.
llvm-svn: 92111
2009-12-24 01:34:10 +00:00
Ted Kremenek 09bc3b7df6 Teach GRExprEngine to handle the initialization of the condition variable of a WhileStmt.
llvm-svn: 92106
2009-12-24 00:54:56 +00:00
Ted Kremenek 1f07b4c439 Add CFG support for the initializer of the condition variable of a WhileStmt.
llvm-svn: 92105
2009-12-24 00:54:37 +00:00
Ted Kremenek 589493227b Teach GRExprEngine to handle the initialization of the condition variable of a SwitchStmt.
llvm-svn: 92102
2009-12-24 00:40:03 +00:00
Ted Kremenek 8b5dc12e52 Add CFG support for the initializer of the condition variable of a SwitchStmt.
llvm-svn: 92101
2009-12-24 00:39:26 +00:00
Ted Kremenek bff9844327 Tidy up FindSubExprAssignments to not deference the child_iterator multiple times.
llvm-svn: 92087
2009-12-23 23:37:10 +00:00
Nuno Lopes cfca1f0dc1 move a few more symbols to .rodata/.data.rel.ro
llvm-svn: 92012
2009-12-23 17:49:57 +00:00
Zhongxing Xu 2923046ec4 Migrate the call inliner to the Checker interface.
llvm-svn: 91991
2009-12-23 08:56:18 +00:00
Zhongxing Xu d2ab38e3f4 For inter-procedural analysis, predecessor node may be in another function.
So we should use the current program point.

llvm-svn: 91989
2009-12-23 08:54:57 +00:00
Ted Kremenek a7bcbde814 Add CFG support for the condition variable that can appear in IfStmts in C++ mode.
Add transfer function support in GRExprEngine for IfStmts with initialized condition variables.

llvm-svn: 91987
2009-12-23 04:49:01 +00:00
Ted Kremenek 857f41c650 Suppress dead store warnings involving objects initialized with CXXExprTemporaries.
llvm-svn: 91986
2009-12-23 04:11:44 +00:00
Ted Kremenek 76d5225271 Add stack trace pretty printing in GRExprEngine::VisitLValue().
llvm-svn: 91985
2009-12-23 04:09:43 +00:00
Ted Kremenek 9a05f20d41 Teach GRExprEngine::VisitLValue to ignore CXXExprWithTempories (for now).
llvm-svn: 91982
2009-12-23 03:14:23 +00:00
Ted Kremenek 25e280bf02 Fix PR 5857. When casting from a symbolic region to an integer back to a pointer value, we were not correctly layering the correct ElementRegion on the original SymbolicRegion.
llvm-svn: 91981
2009-12-23 02:52:14 +00:00
Ted Kremenek bb7a826844 Teach GRExprEngine::VisitLValue that we don't handle CXXZeroInitValueExprs yet.
llvm-svn: 91970
2009-12-23 01:25:13 +00:00
Ted Kremenek 343b51271d Also treat the type of the subexpression as a pointer in GRExprEngine::VisitCast when the expression is handled as an lvalue.
llvm-svn: 91969
2009-12-23 01:19:20 +00:00
Ted Kremenek 22cc1a8438 Add basic support for analyzing CastExprs as lvalues.
llvm-svn: 91952
2009-12-23 00:26:16 +00:00
Ted Kremenek e19711d223 Add transfer functions support for visiting an Objective-C message expression as an lvalue when the return type is a C++ reference.
llvm-svn: 91926
2009-12-22 22:13:46 +00:00
Zhongxing Xu fd62a33616 Add comments.
llvm-svn: 91818
2009-12-21 06:52:24 +00:00
Zhongxing Xu 4794801e27 Use the FunctionDecl's result type to know exactly if it returns a reference.
llvm-svn: 91751
2009-12-19 03:17:55 +00:00
Ted Kremenek af1bdd71af Enhance GRExprEngine::VisitCallExpr() to be used in an lvalue context. Uncovered a new failing test case along the way, but we're making progress on handling C++ references in the analyzer.
llvm-svn: 91710
2009-12-18 20:13:39 +00:00
Ted Kremenek 48af0e0a71 Tweak formatting and comments.
llvm-svn: 91615
2009-12-17 20:10:17 +00:00
Ted Kremenek 94cc33f33e Convert GRExprEngine::VisitCallExpr() to use a worklist instead of recursion to evaluate the arguments of a CallExpr. This simplifies the logic and makes it easier to read. (it also avoids any issues with blowing out the stack if the CallExpr had a ridiculous number of arguments)
llvm-svn: 91613
2009-12-17 20:06:29 +00:00
Ted Kremenek da7d55a4a8 Reduce nesting by using early exits. No functionality change.
llvm-svn: 91610
2009-12-17 19:17:27 +00:00
Ted Kremenek f907cee544 Sort switch statement. No functionality change.
llvm-svn: 91591
2009-12-17 07:38:34 +00:00
Ted Kremenek 2e2b258158 Fix check in GRExprEngine for the 'main' function to handle NULL IdentifierInfo*'s.
llvm-svn: 91577
2009-12-17 01:20:43 +00:00
Ted Kremenek d970acb60f Completely remove ObjCObjectRegion (tests pass this time).
llvm-svn: 91572
2009-12-16 23:53:37 +00:00
Ted Kremenek 3ab9e4cf87 Temporarily revert 91553.
llvm-svn: 91557
2009-12-16 19:46:44 +00:00
Ted Kremenek 023bceaf1b Remove use of ObjCObjectRegion from BasicStoreManager.
llvm-svn: 91553
2009-12-16 19:42:23 +00:00
Zhongxing Xu 6df9f54d6d Add a new kind of region: CXXObjectRegion. Currently it has only one
attribute: the object type. 
Add initial support for visiting CXXThisExpr.
Fix a bunch of 80-col violations.

llvm-svn: 91535
2009-12-16 11:27:52 +00:00
Ted Kremenek 9bcc264494 Teach RetainSummaryManager::getSummary(FunctionDecl* FD) that 'FD->getIdentifier()' will not always return a non-null IdentifierInfo*.
llvm-svn: 91512
2009-12-16 06:06:43 +00:00
Ted Kremenek 2d251557ef Teach OSAtomicChecker that a FunctionDecl's name isn't always a simple IdentifierInfo*.
llvm-svn: 91511
2009-12-16 06:03:24 +00:00
Ted Kremenek 85763180e7 Teach NoReturnFunctionChecker that FunctionDecl::getIdentifier() is not guaranteed to return a non-null IdentifierInfo*.
llvm-svn: 91510
2009-12-16 05:58:28 +00:00
Ted Kremenek 4cad5fc035 Add (initial?) static analyzer support for handling C++ references.
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.

The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements.  Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue.  DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.

The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.

In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents.  EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).

Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).

Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references.  This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.

llvm-svn: 91501
2009-12-16 03:18:58 +00:00
Ted Kremenek 9158fb748c Remove ValueManager::getRegionValueSymbolValOrUnknown(). It was just extra veneer on top of getRegionValueSymbolVal().
llvm-svn: 91471
2009-12-15 23:23:27 +00:00
Chris Lattner 2f3da9b205 update to match LLVM API change:
Remove isPod() from DenseMapInfo, splitting it out to its own
isPodLike type trait.  This is a generally useful type trait for
more than just DenseMap, and we really care about whether something
acts like a pod, not whether it really is a pod.

llvm-svn: 91422
2009-12-15 07:26:51 +00:00
Ted Kremenek 29f3808667 Until we can make the dead stores checker smarter, dont' emit dead store warnings for C++ objects (whose constructors/destructors have possible side-effects).
llvm-svn: 91412
2009-12-15 04:12:12 +00:00
Ted Kremenek c98cdd175a Start the ball rolling on C++ support in the static analyzer. For
now, don't construct CFGs that contain C++ try/catch statements, and
have GRExprEngine abort a path if it encounters a C++ construct it
doesn't understand (which is mostly everything at this point).

llvm-svn: 91389
2009-12-15 01:38:04 +00:00
Ted Kremenek 814c416636 Fix: <rdar://problem/7468209> SymbolManager::isLive() should not crash on captured block variables that are passed by reference
llvm-svn: 91348
2009-12-14 22:15:06 +00:00
Zhongxing Xu cf86de4067 Use insert to avoid destroying existing nodes.
llvm-svn: 91258
2009-12-14 02:13:39 +00:00
Zhongxing Xu c0484fa611 Add initial support for realloc() in MallocChecker.
llvm-svn: 91216
2009-12-12 12:29:38 +00:00
Jeffrey Yasskin 1615d45daa Un-namespace-qualify llvm_unreachable. It's a macro, so the qualification gave
no extra safety anyway.

llvm-svn: 91207
2009-12-12 05:05:38 +00:00
Benjamin Kramer 4dab76a752 Switch PathDiagnostic to StringRef.
llvm-svn: 91155
2009-12-11 21:09:27 +00:00
Ted Kremenek f6d9cebafd Enhance understanding of VarRegions referenced by a block whose declarations are outside the current stack frame. Fixes <rdar://problem/7462324>.
llvm-svn: 91107
2009-12-11 06:43:27 +00:00
Zhongxing Xu 9cb53b86af Completely evaluate malloc/free in MallocChecker.cpp.
llvm-svn: 91100
2009-12-11 03:09:01 +00:00
Zhongxing Xu 1239de1592 Use 'class' instead of 'struct'.
llvm-svn: 91085
2009-12-11 00:55:44 +00:00
Ted Kremenek 8573913760 Fix null dereference in OSAtomicChecker and special case SymbolicRegions. We still aren't handling them correctly; I've added to failing test cases to test/Analysis/NSString-failed-cases.m that should pass and then be merged in to test/Analysis/NSString.m.
llvm-svn: 90993
2009-12-09 23:29:55 +00:00
Zhongxing Xu 1042bf4ae2 Refactor OSAtomic evaluation logic into OSAtomicChecker.
llvm-svn: 90968
2009-12-09 12:23:28 +00:00
Zhongxing Xu 8cca37fae0 Use a temporary destination set such that we can clear fake auto transitions.
Otherwise, even when real evaluation occurs, the previous fake auto 
transitions would still be in the destination set, causing fake state 
bifurcation.

llvm-svn: 90967
2009-12-09 12:16:07 +00:00
Zhongxing Xu 1d153328be OSAtomic simulation: use the original region as the location to load from,
instead of the ElementRegion obtained from casts.

Test cast: the leak cannot occur bacause the true branch cannot be taken.

llvm-svn: 90964
2009-12-09 08:32:57 +00:00
Zhongxing Xu f5448561ed remove dead code.
llvm-svn: 90953
2009-12-09 05:52:12 +00:00
Zhongxing Xu d1dee7e71a Insert instead of assign to the dest node set, since we use the dest node set
repeatedly.

llvm-svn: 90952
2009-12-09 05:48:53 +00:00
Ted Kremenek 32c32892f7 Fix a horrid bug in GRExprEngine::CheckerVisit() that was identified
by the test case in PR 5627.  Essentially we shouldn't clear the
ExplodedNodeSet where we deposit newly constructed nodes if that set
is the 'Dst' set passed in.  It is not okay to clear that set because
it may already contain nodes.

llvm-svn: 90931
2009-12-09 02:45:41 +00:00
Zhongxing Xu fe2f901269 Refactor builtin function evaluation into a checker.
llvm-svn: 90847
2009-12-08 09:07:59 +00:00
Ted Kremenek 04af9f20fb Add analysis support for blocks. This includes a few key changes:
- Refactor the MemRegion hierarchy to distinguish between different StackSpaceRegions for locals and parameters.
- VarRegions for "captured" variables now have the BlockDataRegion as their super region (except those passed by reference)
- Add transfer function support to GRExprEngine for BlockDeclRefExprs.

This change also supports analyzing blocks as an analysis entry point
(top-of-the-stack), which required pushing more context-sensitivity
around in the MemRegion hierarchy via the use of LocationContext
objects.  Functionally almost everything is the same, except we track
LocationContexts in a few more areas and StackSpaceRegions now refer
to a StackFrameContext object.  In the future we will need to modify
MemRegionManager to allow multiple StackSpaceRegions in flight at once
(for the analysis of multiple stack frames).

llvm-svn: 90809
2009-12-07 22:05:27 +00:00
Zhongxing Xu 175447f743 Add EvalCallExpr interface to checker, and migrate the no-return function
handler to this interface.
GRExprEngine::CheckerEvalCall() will return true if one of the checkers has
processed the node. In the future this might return void when we have some 
default checker.

llvm-svn: 90755
2009-12-07 09:17:35 +00:00
Ted Kremenek 45805b9a50 Teach AnalysisContext::getBody() about BlockDecls.
llvm-svn: 90585
2009-12-04 20:34:55 +00:00
Ted Kremenek ed2246aa2a Teach 'ExecutionContinues' (part of BugReporter's diagnostic generation) about BlockDecls.
llvm-svn: 90584
2009-12-04 20:34:31 +00:00
Ted Kremenek 75d6fa27bd Include BlockDeclRefExprs in constructed CFGs.
llvm-svn: 90583
2009-12-04 20:33:25 +00:00
Ted Kremenek c32f2c2e0f Replace SymbolReaper::isLive(VarDecl) with SymbolReaper::isLive(VarRegion).
llvm-svn: 90582
2009-12-04 20:32:20 +00:00
Ted Kremenek 6e8541ddd0 Rename instance variable to avoid name conflict with parameters, and modify addTransition() to compare the correct state values.
llvm-svn: 90552
2009-12-04 06:57:49 +00:00
Ted Kremenek c7916f9ff2 Allow BlockInvocationContext to wrap either a BlockDecl* or a BlockDataRegion*, giving us choice in our degree of context-sensitivity.
llvm-svn: 90516
2009-12-04 02:03:51 +00:00
Ted Kremenek 43d4a899c4 Refactor LocationContext creation logic into a single member template.
llvm-svn: 90509
2009-12-04 01:28:56 +00:00
Ted Kremenek 253882431e Refactor FoldingSet profiling code for LocationContexts, and add a new BlockInvocationContext to represent the invocation of a block.
llvm-svn: 90506
2009-12-04 00:50:10 +00:00
Ted Kremenek 721fcc007e constify MemRegion* returned by MemRegionManager::getXXXRegion() methods.
llvm-svn: 90503
2009-12-04 00:26:31 +00:00
Ted Kremenek 0ecd4c7d70 More template-logic for MemRegion construction out of MemRegion.h and into MemRegion.cpp.
llvm-svn: 90499
2009-12-04 00:05:57 +00:00
Ted Kremenek 4b349cc9c5 Tweak handling of BlockDataRegions in RegionStoreManager::RemoveDeadBindings(): only the VarRegions for variables marked with the '__block' annotation should have their lifetime extended by a BlockDataRegion.
llvm-svn: 90462
2009-12-03 17:48:05 +00:00
Zhongxing Xu 39bba629f3 Add security syntactic checker for mktemp.
Patch by Lei Zhang!

llvm-svn: 90444
2009-12-03 09:15:23 +00:00
Daniel Dunbar 98f2067ca4 Update CMake for CallGraph.cpp move.
llvm-svn: 90443
2009-12-03 09:14:19 +00:00
Ted Kremenek 5bee5c4ff0 Add value invalidation logic for block-captured variables. Conceptually invoking a block (without specific reasoning of what the block does) can invalidate any value to it by reference when the block was created.
llvm-svn: 90431
2009-12-03 08:25:47 +00:00
Ted Kremenek 4a815fc82e Make BlockDataRegion::referenced_vars_iterator an actual class that enforces that all MemRegions iterated over are VarRegions.
llvm-svn: 90430
2009-12-03 08:09:21 +00:00
Daniel Dunbar 19a30ca8c0 Fix layering violation by moving Analysis/CallGraph to Index
llvm-svn: 90424
2009-12-03 07:20:04 +00:00
Ted Kremenek e5716cbae7 Add batch version of 'StoreManager::InvalidateRegion()' for invalidating multiple regions as once. After adopting this in the CFRefCount::EvalCall(), we see a reduction in analysis time of 1.5% when analyzing all of SQLite3.
llvm-svn: 90405
2009-12-03 03:27:11 +00:00
Ted Kremenek f66b72094a Add a heuristic to the dead stores checker to prune dead stores for variables annotated with '__block'. This is overly conservative, but now the analyzer doesn't report dead stores for variables that can be updated by a block call.
llvm-svn: 90364
2009-12-03 00:46:16 +00:00
Zhongxing Xu af35329f71 Hard bifurcate the state into nil receiver and non-nil receiver, so that
we don't need to use the DoneEvaluation hack when check for 
ObjCMessageExpr.

PreVisitObjCMessageExpr() only checks for undefined receiver or arguments.

Add checker interface EvalNilReceiver(). This is a 'once-and-done' interface.

llvm-svn: 90296
2009-12-02 05:49:12 +00:00
Ted Kremenek 117e472b52 Provide the correct vector size for referenced variables.
llvm-svn: 90267
2009-12-01 22:12:34 +00:00
Ted Kremenek d3a241a9c6 Fix early-return logic in scanReachableSymbols() to match the rest of the recursive logic in the methods of ScanReachableSymbols.
llvm-svn: 90245
2009-12-01 17:50:25 +00:00
Douglas Gregor 693ba203a1 Eliminate another VISIBILITY_HIDDEN
llvm-svn: 90139
2009-11-30 16:08:24 +00:00
Tobias Grosser 9fc223a6b1 Adapt to the DOTGraphTraits changes in LLVM.
llvm-svn: 90137
2009-11-30 14:16:05 +00:00
Benjamin Kramer 6341553c93 Port BugReporter and BugType to StringRef.
llvm-svn: 90086
2009-11-29 18:27:55 +00:00
Benjamin Kramer ff3750f306 Kill some unnecessary calls to c_str().
llvm-svn: 90084
2009-11-29 18:03:28 +00:00
Ted Kremenek 33e88a7be7 Fix null dereference in UndefResultChecker identified by running the analyzer over Postgresql.
llvm-svn: 90060
2009-11-29 06:37:44 +00:00
Benjamin Kramer 4e75cd063f Cleanup includes and forward decls.
llvm-svn: 90034
2009-11-28 10:50:44 +00:00
Benjamin Kramer 435ef9b383 Remove unneeded includes.
llvm-svn: 90032
2009-11-28 09:41:31 +00:00
Kovarththanan Rajaratnam 65c6566b5b lib/Analysis: Remove VISIBILITY_HIDDEN from definitions in anonymous namespace
llvm-svn: 90028
2009-11-28 06:07:30 +00:00
Ted Kremenek 2350e0c3ba Improve diagnostics in ReturnStackAddressChecker for returning a stack-allocated block. Implements the rest of <rdar://problem/7387385>.
llvm-svn: 89940
2009-11-26 07:14:50 +00:00
Ted Kremenek f89dcdaf19 Add a PostVisitBlockExpr() method to RetainReleaseChecker to query for
the set of variables "captured" by a block.  Until the analysis gets
more sophisticated, for now we stop the retain count tracking of any
objects (transitively) referenced by these variables.

llvm-svn: 89929
2009-11-26 02:38:19 +00:00
Ted Kremenek 94f8c4a7d5 Teach RegionStoreManager::RemoveDeadBindings() about BlockDataRegions. Any VarRegion for a "captured" variable should also be considered live.
llvm-svn: 89928
2009-11-26 02:35:42 +00:00
Ted Kremenek 3378b610ae Add iterators to BlockDataRegion that allow clients to iterate over the VarRegions for "captured" variables for a block.
llvm-svn: 89927
2009-11-26 02:34:36 +00:00
Ted Kremenek 705fd953ef Added batch versions of GRState::scanReachableSymbols() so that clients can scan a collection of SVals or MemRegions all at once.
llvm-svn: 89926
2009-11-26 02:32:19 +00:00
Ted Kremenek 0f5e6f8805 Enhance LiveVariables to understand that blocks can extend the liveness of a variable by "capturing" them in a BlockExpr.
This required two changes:

1) Added 'getReferencedgetReferencedBlockVars()' to AnalysisContext so
that clients can iterate over the "captured" variables in a block.

2) Modified LiveVariables to take an AnalysisContext& in its
constructor and to call getReferencedgetReferencedBlockVars() when it
processes a BlockExpr*.

llvm-svn: 89924
2009-11-26 02:31:33 +00:00