| Age | Commit message (Collapse) | Author |
|---|
|
Also had to modify the PostInitializer ProgramLocation to contain the field region.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178826 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Sample output:
#0 void construct(pointer __p, llvm::ImutAVLTree<llvm::ImutContainerInfo<clang::ento::BugType *> > *const &__val)
#1 void push_back(const value_type &__x)
#2 void destroy()
#3 void release()
#4 void ~ImmutableSet()
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178400 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
for the analyzer.
This setting still isn't enabled yet in the analyzer. This is
just prep work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178317 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is an optional variant of the CFG. This allows analyses to model whether
or not a static initializer has run, e.g.:
static Foo x = bar();
For basic dataflow analysis in Sema we will just assume that the initializer
always runs. For the static analyzer we can use this branch to accurately
track whether or not initializers are on.
This patch just adds the (opt-in) functionality to the CFG. The
static analyzer still needs to be modified to adopt this feature.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178263 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178247 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Now that the basic implementation in llvm has been fixed, simplify the
specializations in clang.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@178173 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Debugging aid only, no functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@177762 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Use Optional<CFG*> where invalid states were needed previously. In the one case
where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy
CFGAutomaticObjDtor.
Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek
and Doug Gregor.
Post commit code review feedback on r175796 by Ted Kremenek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175938 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Post commit review feedback on r175812 from Jordan Rose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175825 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
See r175462 for another example/more details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175812 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
See r175462 for another example/more details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175796 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Post-commit CR feedback from Jordan Rose regarding r175594.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Patch by Alexander Zinenko.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175376 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Neither of the current clients of CFGRecStmtDeclVisitor are doing
anything with typedefs, so I assume type aliases (C++11 "using")
can be safely ignored. This was causing assertion failures in
the analyzer.
<rdar://problem/13228440>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175335 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174434 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Inlining these functions is essential for correctness. We often have
cases where we do not inline calls. For example, the shallow mode and
when reanalyzing previously inlined ObjC methods as top level.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@174245 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
brought into 'clang' namespace by clang/Basic/LLVM.h
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
other headers included before them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172320 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
reflect the migration in r171366.
Re-sort the #include lines to reflect the new paths.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@171369 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
deterministic.
Commit message for r170826:
[analyzer] Traverse the Call Graph in topological order.
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170906 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
./bin/clang -cc1 -internal-isystem /home/espindola/llvm/build/lib/clang/3.3/include/ -analyze -analyzer-checker=debug.DumpCallGraph /home/espindola/llvm/clang/test/Analysis/debug-CallGraph.c -fblocks
changes in each run.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170829 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Modify the call graph by removing the parentless nodes. Instead all
nodes are children of root to ensure they are all reachable. Remove the
tracking of nodes that are "top level" or global. This information is
not used and can be obtained from the Decls stored inside
CallGraphNodes.
Instead of existing ordering hacks, analyze the functions in topological
order over the Call Graph.
Together with the addition of devirtualizable ObjC message sends and
blocks to the call graph, this gives around 6% performance improvement
on several large ObjC benchmarks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170826 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This paves the road for constructing a better function dependency graph.
If we analyze a function before the functions it calls and inlines,
there is more opportunity for optimization.
Note, we add call edges to the called methods that correspond to
function definitions (declarations with bodies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@170825 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
As the analysis improves, it will continue to add new warnings that are
potentially disruptive to existing users. From now on, such warnings will
first be introduced under the "beta" flag. Such warnings are not turned on by
default; their purpose is to allow users to test their code against future
planned changes, before those changes are actually made. After a suitable
migration period, beta warnings will be folded into the standard
-Wthread-safety.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169338 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is a simpler sort, entirely automatic with the help of
llvm/utils/sort_includes.py -- no manual edits here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169238 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168994 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
If 'x' is a temporary, x.getAs<Foo>() may not be safe if the result is
supposed to persist (if its address is stored somewhere). Since getAs()
can return a null value, the result is almost always stored into a
variable, which of course is not safe when the original value dies.
This has caused several bugs with GCC's "Temporaries May Vanish Sooner Than
You Expect" optimization; in C++11 builds, at least, we'll be able to catch
these problems now.
I would suggest applying these to other getAs() and get*As() methods
(castAs is "better" because sometimes the result is used directly, which
means the temporary will still be live), but these two have both caused
trouble in the analyzer in the past.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@168967 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167351 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Updates to llvm/Support/Casting.h have rendered these classof()'s
irrelevant.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@165770 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
See: http://en.wikipedia.org/wiki/If_and_only_if Commit 164766
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164769 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164766 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164363 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
when
their implementations are unavailable. Start by simulating dispatch_sync().
This change is largely a bunch of plumbing around something very simple. We
use AnalysisDeclContext to conjure up a fake function body (using the
current ASTContext) when one does not exist. This is controlled
under the analyzer-config option "faux-bodies", which is off by default.
The plumbing in this patch is largely to pass the necessary machinery
around. CallEvent needs the AnalysisDeclContextManager to get
the function definition, as one may get conjured up lazily.
BugReporter and PathDiagnosticLocation needed to be relaxed to handle
invalid locations, as the conjured body has no real source locations.
We do some primitive recovery in diagnostic generation to generate
some reasonable locations (for arrows and events), but it can be
improved.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164339 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164338 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
construction.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164337 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@164336 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
<rdar://problem/12061922>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163772 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
These will warn under -Wformat-non-iso, and will still be rejected
outright on other platforms.
<rdar://problem/12061922>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163771 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
in NSException to a helper object in libAnalysis that can also
be used by Sema. Not sure if the predicate name 'isImplicitNoReturn'
is the best one, but we can massage that later.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163759 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
analysis that may give false positives because it is confused by aliasing, and
a less precise analysis that has fewer false positives, but may have false
negatives. The more precise warnings are enabled by -Wthread-safety-precise.
An additional note clarify the warnings in the precise case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163537 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
As a corollary to the previous commit, even when an extension is
available, we can still offer a fixit to the standard modifier.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163453 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This seems to be a GNU libc extension; we offer a fixit to %lld on
these platforms.
<rdar://problem/11518237>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163452 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163358 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
While destructors will continue to not be inlined (unless the analyzer
config option 'c++-inlining' is set to 'destructors'), leaving them out
of the CFG is an incomplete model of the behavior of an object, and
can cause false positive warnings (like PR13751, now working).
Destructors for temporaries are still not on by default, since
(a) we haven't actually checked this code to be sure it's fully correct
(in particular, we probably need to be very careful with regard to
lifetime-extension when a temporary is bound to a reference,
C++11 [class.temporary]p5), and
(b) ExprEngine doesn't actually do anything when it sees a temporary
destructor in the CFG -- not even invalidate the object region.
To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer
config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which
controlled all implicit destructors, has been removed.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@163264 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This heuristic addresses the case when a pointer (or ref) is passed
to a function, which initializes the variable (or sets it to something
other than '0'). On the branch where the inlined function does not
set the value, we report use of undefined value (or NULL pointer
dereference). The access happens in the caller and the path
through the callee would get pruned away with regular path pruning. To
solve this issue, we previously disabled diagnostic pruning completely
on undefined and null pointer dereference checks, which entailed very
verbose diagnostics in most cases. Furthermore, not all of the
undef value checks had the diagnostic pruning disabled.
This patch implements the following heuristic: if we pass a pointer (or
ref) to the region (on which the error is reported) into a function and
it's value is either undef or 'NULL' (and is a pointer), do not prune
the function.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@162863 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
This is useful for example for %n in printf, which expects
a pointer to int with the same logic for checking as %d
would have in scanf.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161407 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Also remove redundant constructors and unused member functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@161403 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
Clang's -Wformat fix-its currently suggest using "%zu" for values of
type size_t (in C99 or C++11 mode). However, for a type such as
std::vector<T>::size_type, it does not notice that type is actually
typedeffed to size_t, and instead suggests a format for the underlying
type, such as "%lu" or "%u".
This commit makes the format string fix mechanism walk the typedef chain
so that it notices if the type is size_t, even if that isn't "at the
top".
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160886 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
These ProgramPoints are used in inlining calls,
and not all calls have associated statements anymore.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160021 91177308-0d34-0410-b5e6-96231b3b80d8
|
|
These are currently unused, but are intended to be used in lieu of PreStmt
and PostStmt when the call is implicit (e.g. an automatic object destructor).
This also modifies the Data1 field of ProgramPoints to allow storing any
pointer-sized value, as opposed to only aligned pointers. This is necessary
to store SourceLocations.
There is currently no BugReporter support for these; they should be skipped
over in any diagnostic output.
This commit also tags checkers that currently rely on function calls only
occurring at StmtPoints.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160019 91177308-0d34-0410-b5e6-96231b3b80d8
|
