summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis/CFG.cpp
Commit message (Collapse)AuthorAgeFilesLines
...
* [C++11] Add 'override' keyword to virtual methods that override their base ↵Craig Topper2014-03-141-1/+1
| | | | | | class. llvm-svn: 203893
* [C++11] Replacing CXXRecordDecl iterators vbases_begin() and vbases_end() ↵Aaron Ballman2014-03-131-4/+3
| | | | | | with iterator_range vbases(). Updating all of the usages of the iterators with range-based for loops. llvm-svn: 203808
* [C++11] Replacing CXXRecordDecl iterators bases_begin() and bases_end() with ↵Aaron Ballman2014-03-131-5/+4
| | | | | | iterator_range bases(). Updating all of the usages of the iterators with range-based for loops. llvm-svn: 203803
* [C++11] Replace OwningPtr include with <memory>.Ahmed Charles2014-03-091-1/+1
| | | | llvm-svn: 203389
* [C++11] Replacing RecordDecl iterators field_begin() and field_end() with ↵Aaron Ballman2014-03-081-3/+2
| | | | | | iterator_range fields(). Updating all of the usages of the iterators with range-based for loops. llvm-svn: 203355
* Fix CFG bug where the 'isTemporaryDtorsBranch' bit was silently lost for ↵Ted Kremenek2014-03-081-2/+10
| | | | | | terminators. llvm-svn: 203335
* [CFG] Record would-be successor for noreturn destructor.Ted Kremenek2014-03-081-2/+4
| | | | llvm-svn: 203334
* Replace OwningPtr with std::unique_ptr.Ahmed Charles2014-03-071-1/+1
| | | | | | This compiles cleanly with lldb/lld/clang-tools-extra/llvm. llvm-svn: 203279
* Change OwningPtr::take() to OwningPtr::release().Ahmed Charles2014-03-071-1/+1
| | | | | | This is a precursor to moving to std::unique_ptr. llvm-svn: 203275
* [-Wunreachable-code] Correctly expand artificial reachability to pruned '&&' ↵Ted Kremenek2014-03-071-6/+6
| | | | | | and '||' branches involving configuration values. llvm-svn: 203194
* Remove some unnecessary qualificationDavid Blaikie2014-03-041-2/+2
| | | | llvm-svn: 202909
* [CFG] Tweak "?:" CFG construction to record the unreachable blocks.Ted Kremenek2014-03-041-4/+5
| | | | llvm-svn: 202898
* [C++11] Replace llvm::tie with std::tie.Benjamin Kramer2014-03-021-5/+4
| | | | llvm-svn: 202639
* [CFG] record the original (now unreachable) block of 'case:' and 'default:' ↵Ted Kremenek2014-02-271-10/+21
| | | | | | cases. llvm-svn: 202435
* [CFG] encode unreachable block information for would-have-been successors ↵Ted Kremenek2014-02-271-1/+1
| | | | | | for calls to 'noreturn' functions. llvm-svn: 202327
* [CFG] Encode unreachable block information for successors when visiting 'if' ↵Ted Kremenek2014-02-271-3/+4
| | | | | | statements. llvm-svn: 202326
* Rework CFG edges to encode potentially unreachable edges, instead of just ↵Ted Kremenek2014-02-271-5/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | making them NULL. This is to support some analyses, like -Wunreachable-code, that will need to recover the original unprunned CFG edges in order to suppress issues that aren't really bugs in practice. There are two important changes here: - AdjacentBlock replaces CFGBlock* for CFG successors/predecessors. This has the size of 2 pointers, instead of 1. This is unlikely to have a significant memory impact on Sema since a single CFG usually exists at one time, but could impact the memory usage of the static analyzer. This could possibly be optimized down to a single pointer with some cleverness. - Predecessors can now contain null predecessors, which means some analyses doing a reverse traversal will need to take into account. This already exists for successors, which contain successor slots for specific branch kinds (e.g., 'if') that expect a fixed number of successors, even if a branch is not reachable. llvm-svn: 202325
* CFG: use Visit instead of VisitStmt to look through parens.Jordan Rose2014-01-141-3/+4
| | | | | | PR18472 llvm-svn: 199227
* [analyzer] Add a CFG node for the allocator call in a C++ 'new' expression.Jordan Rose2014-01-131-0/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | In an expression like "new (a, b) Foo(x, y)", two things happen: - Memory is allocated by calling a function named 'operator new'. - The memory is initialized using the constructor for 'Foo'. Currently the analyzer only models the second event, though it has special cases for both the default and placement forms of operator new. This patch is the first step towards properly modeling both events: it changes the CFG so that the above expression now generates the following elements. 1. a 2. b 3. (CFGNewAllocator) 4. x 5. y 6. Foo::Foo The analyzer currently ignores the CFGNewAllocator element, but the next step is to treat that as a call like any other. The CFGNewAllocator element is not added to the CFG for analysis-based warnings, since none of them take advantage of it yet. llvm-svn: 199123
* Add CFG tests for switch's involving "extended" enum.Ted Kremenek2013-12-111-1/+3
| | | | llvm-svn: 197094
* The code using the StmtPrinterHelper object failed to account for a null ↵Aaron Ballman2013-11-181-44/+39
| | | | | | object in many cases, which could have led to crashes were it ever to be null. Now passing the object by reference instead of by pointer because it is never null in practice. No functional changes intended. llvm-svn: 195043
* CFG: Properly print delegating initializer CFG elements.Jordan Rose2013-10-221-0/+4
| | | | | | | | ...rather than segfaulting. Patch by Enrico P! llvm-svn: 193208
* Fix a crash introduced in r189828.Matt Beaumont-Gay2013-09-091-1/+1
| | | | | | | The predicates in CXXRecordDecl which test various properties of special members can't be called on incomplete decls. llvm-svn: 190353
* Avoid double edges when constructing CFGsPavel Labath2013-09-061-2/+5
| | | | | | | | | | | | | | | | | | | | | Summary: If a noreturn destructor is executed while returning a value from a function, the resulting CFG has had two edges to the exit block. This crashed the analyzer, because it expects that blocks with no terminators have only one outgoing edge. I added code to avoid creating the second edge in this case. PS: The crashes did not manifest themselves always, as usually the NoReturnFunctionChecker would stop program evaluation before the analyzer hit the assertion, but in the case of lifetime extended temporaries, the checker failed to do that (which is a separate bug in itself). Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1513 llvm-svn: 190125
* Add an implicit dtor CFG node just before C++ 'delete' expressions.Jordan Rose2013-09-031-0/+41
| | | | | | | | | | | | | | This paves the way for adding support for modeling the destructor of a region before it is deleted. The statement "delete <expr>" now generates this series of CFG elements: 1. <expr> 2. [B1.1]->~Foo() (Implicit destructor) 3. delete [B1.1] Patch by Karthik Bhat! llvm-svn: 189828
* [analyzer] Add very limited support for temporary destructorsPavel Labath2013-09-021-2/+3
| | | | | | | | | | | | | | | | | | | | | This is an improved version of r186498. It enables ExprEngine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors. Now, the analyzer correctly handles expressions like "a || A()", and executes the destructor of "A" only on the paths where "a" evaluted to false. Temporary destructor processing is still off by default and one has to explicitly request it by setting cfg-temporary-dtors=true. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1259 llvm-svn: 189746
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-1/+17
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* Remove bogus VarDecl::extendsLifetimeOfTemporary function and inline it intoRichard Smith2013-06-271-2/+15
| | | | | | its only caller with a FIXME explaining why it's bogus. llvm-svn: 185109
* [CFG] Set the “loop target” (back edge) for VisitObjCForCollectionStmt loopsAnna Zaks2013-06-221-4/+11
| | | | | | | | Add the back edge info by creating a basic block, marked as loop target. This is consistent with how other loops are processed, but was omitted from VisitObjCForCollectionStmt. llvm-svn: 184617
* [analyzer; new edges] Simplify edges in a C++11 for-range loop.Jordan Rose2013-06-061-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously our edges were completely broken here; now, the final result is a very simple set of edges in most cases: one up to the "for" keyword for context, and one into the body of the loop. This matches the behavior for ObjC for-in loops. In the AST, however, CXXForRangeStmts are handled very differently from ObjCForCollectionStmts. Since they are specified in terms of equivalent statements in the C++ standard, we actually have implicit AST nodes for all of the semantic statements. This makes evaluation very easy, but diagnostic locations a bit trickier. Fortunately, the problem can be generally defined away by marking all of the implicit statements as part of the top-level for-range statement. One of the implicit statements in a for-range statement is the declaration of implicit iterators __begin and __end. The CFG synthesizes two separate DeclStmts to match each of these decls, but until now these synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG keeps track of its synthetic statements, and the AnalysisDeclContext will make sure to add them to the ParentMap. <rdar://problem/14038483> llvm-svn: 183449
* Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully ↵David Majnemer2013-06-041-2/+8
| | | | | | | | | | | | | | covered Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered() as well as having no cases at all (i.e. the enum it covers has no enumerators). In this case, we should add a successor to repair the CFG. This fixes PR16212. llvm-svn: 183237
* CFG: In a DeclStmt, skip anything that's not a VarDecl.Jordan Rose2013-06-031-10/+2
| | | | | | | | | | | | | Neither the compiler nor the analyzer are doing anything with non-VarDecl decls in the CFG, and having them there creates extra nodes in the analyzer's path diagnostics. Simplify the CFG (and the path edges) by simply leaving them out. We can always add interesting decls back in when they become relevant. Note that this only affects decls declared in a DeclStmt, and then only those that appear within a function body. llvm-svn: 183157
* Remove unused, awkward CFGStmtVisitor and subclasses.Jordan Rose2013-05-151-115/+0
| | | | | | | | | | | | | | | | | This class is a StmtVisitor that distinguishes between block-level and non-block-level statements in a CFG. However, it does so using a hard-coded idea of which statements might be block-level, which probably isn't accurate anymore. The only implementer of the CFGStmtVisitor hierarchy was the analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG anyway (every non-trivial statement is a block-level statement). This also allows us to remove the block-expr map ("BlkExprMap"), which mapped statements to positions in the CFG. Apart from having a helper type that really should have just been Optional<unsigned>, it was only being used to ask /if/ a particular expression was block-level, for traversal purposes in CFGStmtVisitor. llvm-svn: 181945
* Use only explicit bool conversion operatorDavid Blaikie2013-05-151-1/+1
| | | | | | | | | | | | | | | | | | | The most common (non-buggy) case are where such objects are used as return expressions in bool-returning functions or as boolean function arguments. In those cases I've used (& added if necessary) a named function to provide the equivalent (or sometimes negative, depending on convenient wording) test. DiagnosticBuilder kept its implicit conversion operator owing to the prevalent use of it in return statements. One bug was found in ExprConstant.cpp involving a comparison of two PointerUnions (PointerUnion did not previously have an operator==, so instead both operands were converted to bool & then compared). A test is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix (adding operator== to PointerUnion in LLVM). llvm-svn: 181869
* C++1y: Allow aggregates to have default initializers.Richard Smith2013-04-201-0/+5
| | | | | | | | | | | Add a CXXDefaultInitExpr, analogous to CXXDefaultArgExpr, and use it both in CXXCtorInitializers and in InitListExprs to represent a default initializer. There's an additional complication here: because the default initializer can refer to the initialized object via its 'this' pointer, we need to make sure that 'this' points to the right thing within the evaluation. llvm-svn: 179958
* [cfg] Always guard (when AddStaticInitBranches == true) DeclStmts for static ↵Ted Kremenek2013-03-291-15/+15
| | | | | | variables, not just ones with explicit initializers llvm-svn: 178322
* Add static analyzer support for conditionally executing static initializers.Ted Kremenek2013-03-291-7/+7
| | | | llvm-svn: 178318
* Add CFG logic to create a conditional branch for modeling static initializers.Ted Kremenek2013-03-281-1/+31
| | | | | | | | | | | | | | | | This is an optional variant of the CFG. This allows analyses to model whether or not a static initializer has run, e.g.: static Foo x = bar(); For basic dataflow analysis in Sema we will just assume that the initializer always runs. For the static analyzer we can use this branch to accurately track whether or not initializers are on. This patch just adds the (opt-in) functionality to the CFG. The static analyzer still needs to be modified to adopt this feature. llvm-svn: 178263
* Add const in preparation for a simplify_type change in llvm.Rafael Espindola2013-03-271-1/+1
| | | | llvm-svn: 178146
* Remove the CFGElement "Invalid" state.David Blaikie2013-02-231-19/+19
| | | | | | | | | | | | | Use Optional<CFG*> where invalid states were needed previously. In the one case where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy CFGAutomaticObjDtor. Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek and Doug Gregor. Post commit code review feedback on r175796 by Ted Kremenek. llvm-svn: 175938
* Replace CFGElement llvm::cast support to be well-defined.David Blaikie2013-02-211-20/+20
| | | | | | See r175462 for another example/more details. llvm-svn: 175796
* Add note why we used a switch.Ted Kremenek2013-02-051-0/+1
| | | | llvm-svn: 174449
* Change subexpressions to be visited in the CFG from left-to-right.Ted Kremenek2013-02-051-19/+56
| | | | | | | | | | | | | | | | | This is a more natural order of evaluation, and it is very important for visualization in the static analyzer. Within Xcode, the arrows will not jump from right to left, which looks very visually jarring. It also provides a more natural location for dataflow-based diagnostics. Along the way, we found a case in the analyzer diagnostics where we needed to indicate that a variable was "captured" by a block. -fsyntax-only timings on sqlite3.c show no visible performance change, although this is just one test case. Fixes <rdar://problem/13016513> llvm-svn: 174447
* Implement C++11 semantics for [[noreturn]] attribute. This required splittingRichard Smith2013-01-171-7/+5
| | | | | | | | it apart from [[gnu::noreturn]] / __attribute__((noreturn)), since their semantics are not equivalent (for instance, we treat [[gnu::noreturn]] as affecting the function type, whereas [[noreturn]] does not). llvm-svn: 172691
* CFG.cpp: Fix wrapping logic when printing block preds/succs.Will Dietz2013-01-071-2/+2
| | | | | | | | | First check only wrapped with i==8, second wrapped at i==2,8,18,28,... This fix restores the intended behavior: i==8,18,28,... Found with -fsanitize=integer. llvm-svn: 171718
* Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't ↵Benjamin Kramer2012-12-011-8/+8
| | | | | | | | | pull in all the generated Attr code. Required to pull some functions out of line, but this shouldn't have a perf impact. No functionality change. llvm-svn: 169092
* Fix bad CFG construction bug when handling C++ 'try' statements.Ted Kremenek2012-11-131-13/+14
| | | | | | | | | | | | | | | | | This code assigned the last created CFGBlock* to the variable 'Block', which is a scratch variable which is null'ed out after a block is completed. By assigning the last created block to 'Block', we start editing a completed block, inserting CFGStmts that should be in another block. This was the case with 'try'. The test case that showed this had a while loop inside a 'try', and the logic before the while loop was being included as part of the "condition block" for the loop. This showed up as a bogus dead store, but could have lots of implications. Turns out this bug was replicated a few times within CFG.cpp, so I went and fixed up those as well. llvm-svn: 167788
* Fix potential null deference in CFG printer.Ted Kremenek2012-10-121-2/+2
| | | | llvm-svn: 165836
* Remove dead store.Ted Kremenek2012-10-121-1/+1
| | | | llvm-svn: 165835
* [analyzer] Always include destructors in the analysis CFG.Jordan Rose2012-09-051-3/+5
| | | | | | | | | | | | | | | | | | | | | While destructors will continue to not be inlined (unless the analyzer config option 'c++-inlining' is set to 'destructors'), leaving them out of the CFG is an incomplete model of the behavior of an object, and can cause false positive warnings (like PR13751, now working). Destructors for temporaries are still not on by default, since (a) we haven't actually checked this code to be sure it's fully correct (in particular, we probably need to be very careful with regard to lifetime-extension when a temporary is bound to a reference, C++11 [class.temporary]p5), and (b) ExprEngine doesn't actually do anything when it sees a temporary destructor in the CFG -- not even invalidate the object region. To enable temporary destructors, set the 'cfg-temporary-dtors' analyzer config option to '1'. The old -cfg-add-implicit-dtors cc1 option, which controlled all implicit destructors, has been removed. llvm-svn: 163264
OpenPOWER on IntegriCloud