| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
llvm-svn: 216755
|
| |
|
|
| |
llvm-svn: 215193
|
| |
|
|
|
|
|
|
|
| |
As we only create temp dtor decision branches when a temp dtor needs to
be run (as opposed to for each logical branch in the original
expression), we must include the information about all previous logical
branches when we annotate the temp dtor decision branch.
llvm-svn: 215188
|
| |
|
|
|
|
| |
As suggested by Ted, this makes a few warnings less aggressive.
llvm-svn: 215128
|
| |
|
|
|
|
|
| |
Use the parent context when visiting temporaries when we do not insert a
temporary dtor decision branch.
llvm-svn: 215120
|
| |
|
|
|
|
|
|
| |
If the truth value of a LHS is known, we can build the knowledge whether
a temporary destructor is executed or not into the CFG. This is needed
by the return type analysis.
llvm-svn: 215118
|
| |
|
|
|
|
|
| |
The return type analysis requires that the CFG is simplified when the
truth values of branches are statically known at analysis time.
llvm-svn: 215114
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes to the original patch:
- model the CFG for temporary destructors in conditional operators so that
the destructors of the true and false branch are always exclusive. This
is necessary because we must not have impossible paths for the path
based analysis to work.
- add multiple regression tests with ternary operators
Original description:
Fix modelling of non-lifetime-extended temporary destructors in the
analyzer.
Changes to the CFG:
When creating the CFG for temporary destructors, we create a structure
that mirrors the branch structure of the conditionally executed
temporary constructors in a full expression.
The branches we create use a CXXBindTemporaryExpr as terminator which
corresponds to the temporary constructor which must have been executed
to enter the destruction branch.
2. Changes to the Analyzer:
When we visit a CXXBindTemporaryExpr we mark the CXXBindTemporaryExpr as
executed in the state; when we reach a branch that contains the
corresponding CXXBindTemporaryExpr as terminator, we branch out
depending on whether the corresponding CXXBindTemporaryExpr was marked
as executed.
llvm-svn: 215096
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
analyzer."
This reverts commit r214962 because after the change the
following code doesn't compile with -Wreturn-type -Werror.
#include <cstdlib>
class NoReturn {
public:
~NoReturn() __attribute__((noreturn)) { exit(1); }
};
int check() {
true ? NoReturn() : NoReturn();
}
llvm-svn: 214998
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Changes to the CFG:
When creating the CFG for temporary destructors, we create a structure
that mirrors the branch structure of the conditionally executed
temporary constructors in a full expression.
The branches we create use a CXXBindTemporaryExpr as terminator which
corresponds to the temporary constructor which must have been executed
to enter the destruction branch.
2. Changes to the Analyzer:
When we visit a CXXBindTemporaryExpr we mark the CXXBindTemporaryExpr as
executed in the state; when we reach a branch that contains the
corresponding CXXBindTemporaryExpr as terminator, we branch out
depending on whether the corresponding CXXBindTemporaryExpr was marked
as executed.
llvm-svn: 214962
|
| |
|
|
|
|
|
|
| |
MaterializeTemporaryExpr already contains information about the lifetime
of the temporary; if the lifetime is not the full statement, we do not
want to emit a destructor at the end of the full statement for it.
llvm-svn: 214292
|
| |
|
|
|
|
|
|
|
|
| |
lambda expressions (other than their capture initializers) nor blocks. Do walk
into default argument expressions and default initializer expressions.
These bugs were causing us to produce broken CFGs whenever a lambda expression
was used to initialize a libstdc++ std::function object!
llvm-svn: 214050
|
| |
|
|
|
|
|
|
|
| |
Fixes a crash in Retain Count checker error reporting logic by handing
the allocation statement retrieval from a BlockEdge program point.
Also added a simple CFG dump routine for debugging.
llvm-svn: 210960
|
| |
|
|
|
|
|
| |
will never be true in a well-defined context. The checking for null pointers
has been moved into the caller logic so it does not rely on undefined behavior.
llvm-svn: 210498
|
| |
|
|
|
|
|
|
|
|
|
| |
This catches issues like:
if ((x & 8) == 4) { ... }
if ((x | 4) != 3) { ... }
Patch by Anders Rönnholm!
llvm-svn: 209221
|
| |
|
|
| |
llvm-svn: 209191
|
| |
|
|
|
|
|
|
| |
The assignment needs to be before the destruction of the temporary.
This patch calls out to addStmt, which invokes VisitDeclStmt, which has
all the correct logic for handling temporaries.
llvm-svn: 207985
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
which warns on compound conditionals that always evaluate to the same value.
For instance, (x > 5 && x < 3) will always be false since no value for x can
satisfy both conditions.
This patch also changes the CFG to use these tautological values for better
branch analysis. The test for -Wunreachable-code shows how this change catches
additional dead code.
Patch by Anders Rönnholm.
llvm-svn: 205665
|
| |
|
|
|
|
|
|
|
| |
Also, add several destructor-related tests. Most of them don't work yet, but it's
good to have them recorded.
Patch by Alex McCarthy!
llvm-svn: 205326
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
intentionally marked dead via if((0)).
Taking a hint from -Wparentheses, use an extra '()' as a sigil that
a dead condition is intentionally dead. For example:
if ((0)) { dead }
When this sigil is found, do not emit a dead code warning. When the
analysis sees:
if (0)
it suggests inserting '()' as a Fix-It.
llvm-svn: 205069
|
| |
|
|
|
|
| |
iterator_range body(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 204040
|
| |
|
|
|
|
| |
iterator_range decls(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203947
|
| |
|
|
|
|
| |
class.
llvm-svn: 203893
|
| |
|
|
|
|
| |
with iterator_range vbases(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203808
|
| |
|
|
|
|
| |
iterator_range bases(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203803
|
| |
|
|
| |
llvm-svn: 203389
|
| |
|
|
|
|
| |
iterator_range fields(). Updating all of the usages of the iterators with range-based for loops.
llvm-svn: 203355
|
| |
|
|
|
|
| |
terminators.
llvm-svn: 203335
|
| |
|
|
| |
llvm-svn: 203334
|
| |
|
|
|
|
| |
This compiles cleanly with lldb/lld/clang-tools-extra/llvm.
llvm-svn: 203279
|
| |
|
|
|
|
| |
This is a precursor to moving to std::unique_ptr.
llvm-svn: 203275
|
| |
|
|
|
|
| |
and '||' branches involving configuration values.
llvm-svn: 203194
|
| |
|
|
| |
llvm-svn: 202909
|
| |
|
|
| |
llvm-svn: 202898
|
| |
|
|
| |
llvm-svn: 202639
|
| |
|
|
|
|
| |
cases.
llvm-svn: 202435
|
| |
|
|
|
|
| |
for calls to 'noreturn' functions.
llvm-svn: 202327
|
| |
|
|
|
|
| |
statements.
llvm-svn: 202326
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
making them NULL.
This is to support some analyses, like -Wunreachable-code, that
will need to recover the original unprunned CFG edges in order
to suppress issues that aren't really bugs in practice.
There are two important changes here:
- AdjacentBlock replaces CFGBlock* for CFG successors/predecessors.
This has the size of 2 pointers, instead of 1. This is unlikely
to have a significant memory impact on Sema since a single
CFG usually exists at one time, but could impact the memory
usage of the static analyzer. This could possibly be optimized
down to a single pointer with some cleverness.
- Predecessors can now contain null predecessors, which means
some analyses doing a reverse traversal will need to take into
account. This already exists for successors, which contain
successor slots for specific branch kinds (e.g., 'if') that
expect a fixed number of successors, even if a branch is
not reachable.
llvm-svn: 202325
|
| |
|
|
|
|
| |
PR18472
llvm-svn: 199227
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In an expression like "new (a, b) Foo(x, y)", two things happen:
- Memory is allocated by calling a function named 'operator new'.
- The memory is initialized using the constructor for 'Foo'.
Currently the analyzer only models the second event, though it has special
cases for both the default and placement forms of operator new. This patch
is the first step towards properly modeling both events: it changes the CFG
so that the above expression now generates the following elements.
1. a
2. b
3. (CFGNewAllocator)
4. x
5. y
6. Foo::Foo
The analyzer currently ignores the CFGNewAllocator element, but the next
step is to treat that as a call like any other.
The CFGNewAllocator element is not added to the CFG for analysis-based
warnings, since none of them take advantage of it yet.
llvm-svn: 199123
|
| |
|
|
| |
llvm-svn: 197094
|
| |
|
|
|
|
| |
object in many cases, which could have led to crashes were it ever to be null. Now passing the object by reference instead of by pointer because it is never null in practice. No functional changes intended.
llvm-svn: 195043
|
| |
|
|
|
|
|
|
| |
...rather than segfaulting.
Patch by Enrico P!
llvm-svn: 193208
|
| |
|
|
|
|
|
| |
The predicates in CXXRecordDecl which test various properties of special
members can't be called on incomplete decls.
llvm-svn: 190353
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Summary:
If a noreturn destructor is executed while returning a value from a function,
the resulting CFG has had two edges to the exit block. This crashed the analyzer,
because it expects that blocks with no terminators have only one outgoing edge.
I added code to avoid creating the second edge in this case.
PS: The crashes did not manifest themselves always, as usually the
NoReturnFunctionChecker would stop program evaluation before the analyzer hit
the assertion, but in the case of lifetime extended temporaries, the checker
failed to do that (which is a separate bug in itself).
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1513
llvm-svn: 190125
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This paves the way for adding support for modeling the destructor of a
region before it is deleted. The statement "delete <expr>" now generates
this series of CFG elements:
1. <expr>
2. [B1.1]->~Foo() (Implicit destructor)
3. delete [B1.1]
Patch by Karthik Bhat!
llvm-svn: 189828
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is an improved version of r186498. It enables ExprEngine to reason about
temporary object destructors. However, these destructor calls are never
inlined, since this feature is still broken. Still, this is sufficient to
properly handle noreturn temporary destructors.
Now, the analyzer correctly handles expressions like "a || A()", and executes the
destructor of "A" only on the paths where "a" evaluted to false.
Temporary destructor processing is still off by default and one has to
explicitly request it by setting cfg-temporary-dtors=true.
Reviewers: jordan_rose
CC: cfe-commits
Differential Revision: http://llvm-reviews.chandlerc.com/D1259
llvm-svn: 189746
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This builtin does not actually evaluate its arguments for side effects,
so we shouldn't include them in the CFG. In the analyzer, rely on the
constant expression evaluator to get the proper semantics, at least for
now. (In the future, we could get ambitious and try to provide path-
sensitive size values.)
In theory, this does pose a problem for liveness analysis: a variable can
be used within the __builtin_object_size argument expression but not show
up as live. However, it is very unlikely that such a value would be used
to compute the object size and not used to access the object in some way.
<rdar://problem/14760817>
llvm-svn: 188679
|
| |
|
|
|
|
| |
its only caller with a FIXME explaining why it's bogus.
llvm-svn: 185109
|
