summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
...
* [CFG] Set the “loop target” (back edge) for VisitObjCForCollectionStmt loopsAnna Zaks2013-06-221-4/+11
| | | | | | | | Add the back edge info by creating a basic block, marked as loop target. This is consistent with how other loops are processed, but was omitted from VisitObjCForCollectionStmt. llvm-svn: 184617
* [analyzer; new edges] Simplify edges in a C++11 for-range loop.Jordan Rose2013-06-062-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously our edges were completely broken here; now, the final result is a very simple set of edges in most cases: one up to the "for" keyword for context, and one into the body of the loop. This matches the behavior for ObjC for-in loops. In the AST, however, CXXForRangeStmts are handled very differently from ObjCForCollectionStmts. Since they are specified in terms of equivalent statements in the C++ standard, we actually have implicit AST nodes for all of the semantic statements. This makes evaluation very easy, but diagnostic locations a bit trickier. Fortunately, the problem can be generally defined away by marking all of the implicit statements as part of the top-level for-range statement. One of the implicit statements in a for-range statement is the declaration of implicit iterators __begin and __end. The CFG synthesizes two separate DeclStmts to match each of these decls, but until now these synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG keeps track of its synthetic statements, and the AnalysisDeclContext will make sure to add them to the ParentMap. <rdar://problem/14038483> llvm-svn: 183449
* Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully ↵David Majnemer2013-06-041-2/+8
| | | | | | | | | | | | | | covered Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered() as well as having no cases at all (i.e. the enum it covers has no enumerators). In this case, we should add a successor to repair the CFG. This fixes PR16212. llvm-svn: 183237
* CFG: In a DeclStmt, skip anything that's not a VarDecl.Jordan Rose2013-06-031-10/+2
| | | | | | | | | | | | | Neither the compiler nor the analyzer are doing anything with non-VarDecl decls in the CFG, and having them there creates extra nodes in the analyzer's path diagnostics. Simplify the CFG (and the path edges) by simply leaving them out. We can always add interesting decls back in when they become relevant. Note that this only affects decls declared in a DeclStmt, and then only those that appear within a function body. llvm-svn: 183157
* Thread safety analysis: fix use after free bug reported by Evgeniy Stepanov.DeLesley Hutchins2013-05-201-7/+21
| | | | llvm-svn: 182305
* Revert "[analyzer; alternate edges] improve support for edges with ↵Jordan Rose2013-05-181-22/+8
| | | | | | | | | | | | | PseudoObjectExprs." Ted and I spent a long time discussing this today and found out that neither the existing code nor the new code was doing what either of us thought it was, which is never good. The good news is we found a much simpler way to fix the motivating test case (an ObjCSubscriptExpr). This reverts r182083, but pieces of it will come back in subsequent commits. llvm-svn: 182185
* Thread safety analysis: add two new attributes to the thread safety analysis:DeLesley Hutchins2013-05-171-8/+41
| | | | | | | assert_exclusive_lock and assert_shared_lock. These attributes are used to mark functions that dynamically check (i.e. assert) that a lock is held. llvm-svn: 182170
* [analyzer; alternate edges] improve support for edges with PseudoObjectExprs.Ted Kremenek2013-05-171-8/+22
| | | | | | | | | | | | | | | | | | This optimizes some spurious edges resulting from PseudoObjectExprs. This required far more changes than I anticipated. The current ParentMap does not record any hierarchy information between a PseudoObjectExpr and its *semantic* expressions that may be wrapped in OpaqueValueExprs, which are the expressions actually laid out in the CFG. This means the arrow pruning logic could not map from an expression to its containing PseudoObjectExprs. To solve this, this patch adds a variant of ParentMap that returns the "semantic" parentage of expressions (essentially as they are viewed by the CFG). This alternate ParentMap is then used by the arrow reducing logic to identify edges into pseudo object expressions, and then eliminate them. llvm-svn: 182083
* Remove unused, awkward CFGStmtVisitor and subclasses.Jordan Rose2013-05-152-116/+1
| | | | | | | | | | | | | | | | | This class is a StmtVisitor that distinguishes between block-level and non-block-level statements in a CFG. However, it does so using a hard-coded idea of which statements might be block-level, which probably isn't accurate anymore. The only implementer of the CFGStmtVisitor hierarchy was the analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG anyway (every non-trivial statement is a block-level statement). This also allows us to remove the block-expr map ("BlkExprMap"), which mapped statements to positions in the CFG. Apart from having a helper type that really should have just been Optional<unsigned>, it was only being used to ask /if/ a particular expression was block-level, for traversal purposes in CFGStmtVisitor. llvm-svn: 181945
* Use only explicit bool conversion operatorDavid Blaikie2013-05-151-1/+1
| | | | | | | | | | | | | | | | | | | The most common (non-buggy) case are where such objects are used as return expressions in bool-returning functions or as boolean function arguments. In those cases I've used (& added if necessary) a named function to provide the equivalent (or sometimes negative, depending on convenient wording) test. DiagnosticBuilder kept its implicit conversion operator owing to the prevalent use of it in return statements. One bug was found in ExprConstant.cpp involving a comparison of two PointerUnions (PointerUnion did not previously have an operator==, so instead both operands were converted to bool & then compared). A test is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix (adding operator== to PointerUnion in LLVM). llvm-svn: 181869
* Add support for __wchar_t in -fms-extensions mode.Hans Wennborg2013-05-103-5/+5
| | | | | | | | | | | | | | | | | MSVC provides __wchar_t. This is the same as the built-in wchar_t type from C++, but it is also available with -fno-wchar and in C. The commit changes ASTContext to have two different types for this: - WCharTy is the built-in type used for wchar_t in C++ and __wchar_t. - WideCharTy is the type of a wide character literal. In C++ this is the same as WCharTy, and in C it is an integer type compatible with the type in <stddef.h>. This fixes PR15815. llvm-svn: 181587
* Replace ArrayRef<T>() with None, now that we have an implicit ArrayRef ↵Dmitri Gribenko2013-05-051-4/+4
| | | | | | | | constructor from None Patch by Robert Wilhelm. llvm-svn: 181139
* C++1y: Allow aggregates to have default initializers.Richard Smith2013-04-201-0/+5
| | | | | | | | | | | Add a CXXDefaultInitExpr, analogous to CXXDefaultArgExpr, and use it both in CXXCtorInitializers and in InitListExprs to represent a default initializer. There's an additional complication here: because the default initializer can refer to the initialized object via its 'this' pointer, we need to make sure that 'this' points to the right thing within the evaluation. llvm-svn: 179958
* Thread safety analysis: turn on checking within lock and unlock functions.DeLesley Hutchins2013-04-081-10/+48
| | | | | | These checks are enabled with the -Wthread-safety-beta flag. llvm-svn: 179046
* Thread safety analysis: Turn on checking for non-scalar types by default.DeLesley Hutchins2013-04-011-49/+43
| | | | | | | These were previously enabled as a "beta" feature, but they have now been extensively tested. llvm-svn: 178478
* [analyzer] Add debug helper LocationContext::dumpStack().Jordan Rose2013-03-301-0/+26
| | | | | | | | | | | Sample output: #0 void construct(pointer __p, llvm::ImutAVLTree<llvm::ImutContainerInfo<clang::ento::BugType *> > *const &__val) #1 void push_back(const value_type &__x) #2 void destroy() #3 void release() #4 void ~ImmutableSet() llvm-svn: 178400
* [cfg] Always guard (when AddStaticInitBranches == true) DeclStmts for static ↵Ted Kremenek2013-03-291-15/+15
| | | | | | variables, not just ones with explicit initializers llvm-svn: 178322
* Add static analyzer support for conditionally executing static initializers.Ted Kremenek2013-03-291-7/+7
| | | | llvm-svn: 178318
* Add configuration plumbing to enable static initializer branching in the CFG ↵Ted Kremenek2013-03-291-1/+3
| | | | | | | | | for the analyzer. This setting still isn't enabled yet in the analyzer. This is just prep work. llvm-svn: 178317
* Add CFG logic to create a conditional branch for modeling static initializers.Ted Kremenek2013-03-281-1/+31
| | | | | | | | | | | | | | | | This is an optional variant of the CFG. This allows analyses to model whether or not a static initializer has run, e.g.: static Foo x = bar(); For basic dataflow analysis in Sema we will just assume that the initializer always runs. For the static analyzer we can use this branch to accurately track whether or not initializers are on. This patch just adds the (opt-in) functionality to the CFG. The static analyzer still needs to be modified to adopt this feature. llvm-svn: 178263
* Add const in preparation for a simplify_type change in llvm.Rafael Espindola2013-03-271-1/+1
| | | | llvm-svn: 178146
* Remove the CFGElement "Invalid" state.David Blaikie2013-02-236-36/+37
| | | | | | | | | | | | | Use Optional<CFG*> where invalid states were needed previously. In the one case where that's not possible (beginAutomaticObjDtorsInsert) just use a dummy CFGAutomaticObjDtor. Thanks for the help from Jordan Rose & discussion/feedback from Ted Kremenek and Doug Gregor. Post commit code review feedback on r175796 by Ted Kremenek. llvm-svn: 175938
* Replace CFGElement llvm::cast support to be well-defined.David Blaikie2013-02-216-47/+47
| | | | | | See r175462 for another example/more details. llvm-svn: 175796
* Use None rather than Optional<T>() where possible.David Blaikie2013-02-212-3/+3
| | | | llvm-svn: 175705
* Include llvm::Optional in clang/Basic/LLVM.hDavid Blaikie2013-02-204-12/+12
| | | | | | Post-commit CR feedback from Jordan Rose regarding r175594. llvm-svn: 175679
* Excise <cctype> from Clang (except clang-tblgen) in favor of CharInfo.h.Jordan Rose2013-02-081-3/+3
| | | | | | | Nearly all of these changes are one-to-one replacements; the few that aren't have to do with custom identifier validation. llvm-svn: 174768
* Add note why we used a switch.Ted Kremenek2013-02-051-0/+1
| | | | llvm-svn: 174449
* Change subexpressions to be visited in the CFG from left-to-right.Ted Kremenek2013-02-051-19/+56
| | | | | | | | | | | | | | | | | This is a more natural order of evaluation, and it is very important for visualization in the static analyzer. Within Xcode, the arrows will not jump from right to left, which looks very visually jarring. It also provides a more natural location for dataflow-based diagnostics. Along the way, we found a case in the analyzer diagnostics where we needed to indicate that a variable was "captured" by a block. -fsyntax-only timings on sqlite3.c show no visible performance change, although this is just one test case. Fixes <rdar://problem/13016513> llvm-svn: 174447
* [analyzer] add commentAnna Zaks2013-02-051-1/+5
| | | | llvm-svn: 174435
* clang/Analysis: Fix r174245, a valgrind error in ↵NAKAMURA Takumi2013-02-041-0/+1
| | | | | | AnalysisDeclContext::getBody(bool &IsAutosynthesized), to initialize IsAutosynthesized explicitly. llvm-svn: 174303
* [analyzer] Always inline functions with bodies generated by BodyFarm.Anna Zaks2013-02-021-2/+15
| | | | | | | | Inlining these functions is essential for correctness. We often have cases where we do not inline calls. For example, the shallow mode and when reanalyzing previously inlined ObjC methods as top level. llvm-svn: 174245
* -Wuninitialized: warn about uninitialized values resulting from ?: that ↵Ted Kremenek2013-01-191-0/+10
| | | | | | evaluate to lvalues (in C++). llvm-svn: 172875
* Thread-safety analysis: ignore edges from throw expressions in CFG.DeLesley Hutchins2013-01-181-2/+16
| | | | llvm-svn: 172858
* Format strings: don't ever convert %+d to %lu.Jordan Rose2013-01-171-1/+1
| | | | | | | | | | Presumably, if the printf format has the sign explicitly requested, the user wants to treat the data as signed. This is a fix-up for r172739, and also includes several test changes that didn't make it into that commit. llvm-svn: 172762
* Format strings: correct signedness if already correcting width (%d,%u).Jordan Rose2013-01-171-1/+19
| | | | | | | | | | | | It is valid to do this: printf("%u", (int)x); But if we see this: printf("%lu", (int)x); ...our fixit should suggest %d, not %u. llvm-svn: 172739
* Implement C++11 semantics for [[noreturn]] attribute. This required splittingRichard Smith2013-01-171-7/+5
| | | | | | | | it apart from [[gnu::noreturn]] / __attribute__((noreturn)), since their semantics are not equivalent (for instance, we treat [[gnu::noreturn]] as affecting the function type, whereas [[noreturn]] does not). llvm-svn: 172691
* Remove useless 'llvm::' qualifier from names like StringRef and others that areDmitri Gribenko2013-01-123-5/+5
| | | | | | brought into 'clang' namespace by clang/Basic/LLVM.h llvm-svn: 172323
* Test commit.Enea Zaffanella2013-01-111-1/+1
| | | | llvm-svn: 172195
* CFG.cpp: Fix wrapping logic when printing block preds/succs.Will Dietz2013-01-071-2/+2
| | | | | | | | | First check only wrapped with i==8, second wrapped at i==2,8,18,28,... This fix restores the intended behavior: i==8,18,28,... Found with -fsanitize=integer. llvm-svn: 171718
* s/CPlusPlus0x/CPlusPlus11/gRichard Smith2013-01-023-3/+3
| | | | llvm-svn: 171367
* ArrayRefize a CompoundStmt constructor.Nico Weber2012-12-291-3/+1
| | | | llvm-svn: 171238
* [analyzer] Fix typos.Anna Zaks2012-12-211-2/+2
| | | | llvm-svn: 170907
* [analyzer] Re-apply r170826 and make the dumping of the GallGraphAnna Zaks2012-12-211-13/+16
| | | | | | | | | | | | | | | | | | | | | | | deterministic. Commit message for r170826: [analyzer] Traverse the Call Graph in topological order. Modify the call graph by removing the parentless nodes. Instead all nodes are children of root to ensure they are all reachable. Remove the tracking of nodes that are "top level" or global. This information is not used and can be obtained from the Decls stored inside CallGraphNodes. Instead of existing ordering hacks, analyze the functions in topological order over the Call Graph. Together with the addition of devirtualizable ObjC message sends and blocks to the call graph, this gives around 6% performance improvement on several large ObjC benchmarks. llvm-svn: 170906
* Revert r170826. The output ofRafael Espindola2012-12-211-2/+8
| | | | | | | | ./bin/clang -cc1 -internal-isystem /home/espindola/llvm/build/lib/clang/3.3/include/ -analyze -analyzer-checker=debug.DumpCallGraph /home/espindola/llvm/clang/test/Analysis/debug-CallGraph.c -fblocks changes in each run. llvm-svn: 170829
* [analyzer] Traverse the Call Graph in topological order.Anna Zaks2012-12-211-8/+2
| | | | | | | | | | | | | | | | | Modify the call graph by removing the parentless nodes. Instead all nodes are children of root to ensure they are all reachable. Remove the tracking of nodes that are "top level" or global. This information is not used and can be obtained from the Decls stored inside CallGraphNodes. Instead of existing ordering hacks, analyze the functions in topological order over the Call Graph. Together with the addition of devirtualizable ObjC message sends and blocks to the call graph, this gives around 6% performance improvement on several large ObjC benchmarks. llvm-svn: 170826
* [analyzer] Add blocks and ObjC messages to the call graph.Anna Zaks2012-12-211-14/+67
| | | | | | | | | | | This paves the road for constructing a better function dependency graph. If we analyze a function before the functions it calls and inlines, there is more opportunity for optimization. Note, we add call edges to the called methods that correspond to function definitions (declarations with bodies). llvm-svn: 170825
* Thread-safety analysis: check member access on guarded non-primitive types.DeLesley Hutchins2012-12-081-0/+9
| | | | llvm-svn: 169669
* Use the BlockDecl captures list to infer the direct captures for a ↵Ted Kremenek2012-12-061-4/+7
| | | | | | | | | BlockDataRegion. Fixes <rdar://problem/12415065>. We still need to do a recursive walk to determine all static/global variables referenced by a block, which is needed for region invalidation. llvm-svn: 169481
* Format strings: offer a cast to 'unichar' for %C in Objective-C contexts.Jordan Rose2012-12-051-3/+5
| | | | | | | | | | | | | | | | | | | For most cases where a conversion specifier doesn't match an argument, we usually guess that the conversion specifier is wrong. However, if the argument is an integer type and the specifier is %C, it's likely the user really did mean to print the integer as a character. (This is more common than %c because there is no way to specify a unichar literal -- you have to write an integer literal, such as '0x2603', and then cast it to unichar.) This does not change the behavior of %S, since there are fewer cases where printing a literal Unicode *string* is necessary, but this could easily be changed in the future. <rdar://problem/11982013> llvm-svn: 169400
* Format strings: the correct conversion for 'char' is %c, not %d or %hhd.Jordan Rose2012-12-051-1/+1
| | | | | | | We tried to account for 'uint8_t' by saying that /typedefs/ of 'char' should be corrected as %hhd rather than %c, but the condition was wrong. llvm-svn: 169397
OpenPOWER on IntegriCloud