summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
* PR16054: Slight strengthening for -Wsometimes-uninitialized: if we use aRichard Smith2013-09-121-1/+17
| | | | | | | | | | | variable uninitialized every time we reach its (reachable) declaration, or every time we call the surrounding function, promote the warning from -Wmaybe-uninitialized to -Wsometimes-uninitialized. This is still slightly weaker than desired: we should, in general, warn if a use is uninitialized the first time it is evaluated. llvm-svn: 190623
* Fix ICE in consumed analysis when CFG is null.DeLesley Hutchins2013-09-101-2/+6
| | | | llvm-svn: 190447
* Fix a crash introduced in r189828.Matt Beaumont-Gay2013-09-091-1/+1
| | | | | | | The predicates in CXXRecordDecl which test various properties of special members can't be called on incomplete decls. llvm-svn: 190353
* Avoid double edges when constructing CFGsPavel Labath2013-09-061-2/+5
| | | | | | | | | | | | | | | | | | | | | Summary: If a noreturn destructor is executed while returning a value from a function, the resulting CFG has had two edges to the exit block. This crashed the analyzer, because it expects that blocks with no terminators have only one outgoing edge. I added code to avoid creating the second edge in this case. PS: The crashes did not manifest themselves always, as usually the NoReturnFunctionChecker would stop program evaluation before the analyzer hit the assertion, but in the case of lifetime extended temporaries, the checker failed to do that (which is a separate bug in itself). Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1513 llvm-svn: 190125
* Consumed Analysis: The 'consumable' attribute now takes a identifier ↵David Blaikie2013-09-061-50/+60
| | | | | | | | | | | | | specifying the default assumed state for objects of this class This information is used for return states and pass-by-value parameter states. Patch by Chris Wailes. Review by DeLesley Hutchins and Aaron Ballman. llvm-svn: 190116
* Fix non-void return warning, and format.Eric Christopher2013-09-031-3/+4
| | | | llvm-svn: 189845
* Consumed analysis: add return_typestate attribute.DeLesley Hutchins2013-09-031-4/+104
| | | | | | | | | | Patch by chris.wailes@gmail.com Functions can now declare what state the consumable type the are returning will be in. This is then used on the caller side and checked on the callee side. Constructors now use this attribute instead of the 'consumes' attribute. llvm-svn: 189843
* Add an implicit dtor CFG node just before C++ 'delete' expressions.Jordan Rose2013-09-031-0/+41
| | | | | | | | | | | | | | This paves the way for adding support for modeling the destructor of a region before it is deleted. The statement "delete <expr>" now generates this series of CFG elements: 1. <expr> 2. [B1.1]->~Foo() (Implicit destructor) 3. delete [B1.1] Patch by Karthik Bhat! llvm-svn: 189828
* [analyzer] Add very limited support for temporary destructorsPavel Labath2013-09-021-2/+3
| | | | | | | | | | | | | | | | | | | | | This is an improved version of r186498. It enables ExprEngine to reason about temporary object destructors. However, these destructor calls are never inlined, since this feature is still broken. Still, this is sufficient to properly handle noreturn temporary destructors. Now, the analyzer correctly handles expressions like "a || A()", and executes the destructor of "A" only on the paths where "a" evaluted to false. Temporary destructor processing is still off by default and one has to explicitly request it by setting cfg-temporary-dtors=true. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1259 llvm-svn: 189746
* Consumed analysis: add 'consumable' class attribute.DeLesley Hutchins2013-08-301-41/+10
| | | | | | | | | | | | Patch by chris.wailes@gmail.com Adds the 'consumable' attribute that can be attached to classes. This replaces the previous method of scanning a class's methods to see if any of them have consumed analysis attributes attached to them. If consumed analysis attributes are attached to methods of a class that isn't marked 'consumable' a warning is generated. llvm-svn: 189702
* Consumed analysis: track function parameters.DeLesley Hutchins2013-08-291-10/+27
| | | | | | Patch by chris.wailes@gmail.com. llvm-svn: 189616
* Consumed analysis: non-const methods no longer transfer an object into anDeLesley Hutchins2013-08-291-12/+2
| | | | | | unknown state. Patch by chris.wailes@gmail.com. llvm-svn: 189612
* Silencing the warning from r189605 in a more conformant manner.Aaron Ballman2013-08-291-1/+1
| | | | llvm-svn: 189606
* Silencing a rather spurious warning from MSVC 11 about not all control paths ↵Aaron Ballman2013-08-291-0/+1
| | | | | | returning a value (hint: they do). llvm-svn: 189605
* Fix warning about anonymous structs in anonymous unions.Eric Christopher2013-08-291-6/+8
| | | | llvm-svn: 189596
* Consumed analysis: improve handling of conditionals.DeLesley Hutchins2013-08-291-178/+473
| | | | | | | | | | | | | | Patch by chris.wailes@gmail.com. * The TestedVarsVisitor was folded into the ConsumedStmtVisitor. * The VarTestResult class was updated to allow these changes. * The PropagationInfo class was updated for the same reasons. * Correctly handle short-circuiting of Boolean operations. * Blocks are now marked as unreachable when we can statically prove we will never branch to them. * Unreachable blocks are skipped by the analysis. llvm-svn: 189594
* Consumed analyis: Renamed *PStatus to *PInfo.DeLesley Hutchins2013-08-261-48/+48
| | | | | | | | | The change was made for readability, as the PropagationInfo objects don't always contain a status. This is submitted as a separate patch because it touches a lot of lines and I don't want it cluttering up the next patch. Patch by chris.wailes@gmail.com. llvm-svn: 189278
* Use pop_back_val() instead of both back() and pop_back().Robert Wilhelm2013-08-233-13/+9
| | | | | | No functionality change intended. llvm-svn: 189112
* [analyzer] Refactor conditional expression evaluating codePavel Labath2013-08-231-0/+18
| | | | | | | | | | | | | | | | | | | Summary: Instead of digging through the ExplodedGraph, to figure out which edge brought us here, I compute the value of conditional expression by looking at the sub-expression values. To do this, I needed to change the liveness algorithm a bit -- now, the full conditional expression also depends on all atomic sub-expressions, not only the outermost ones. Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1340 llvm-svn: 189090
* Update to consumed analysis.DeLesley Hutchins2013-08-221-76/+93
| | | | | | | | | | | Patch by chris.wailes@gmail.com. The following functionality was added: * The same functionality is now supported for both CXXOperatorCallExprs and CXXMemberCallExprs. * Factored out some code in StmtVisitor. * Removed variables from the state map when their destructors are encountered. * Started adding documentation for the consumed analysis attributes. llvm-svn: 189059
* Analysis: Make %I in printf more reasonable, add more testsDavid Majnemer2013-08-221-4/+5
| | | | llvm-svn: 188992
* Analysis: Add support for MS specific printf format specifiersDavid Majnemer2013-08-213-7/+81
| | | | | | | | | | | | | | Summary: Adds support for %I, %I32 and %I64. Reviewers: hans, jordan_rose, rnk, majnemer Reviewed By: majnemer CC: cfe-commits, cdavis5x Differential Revision: http://llvm-reviews.chandlerc.com/D1456 llvm-svn: 188937
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-1/+17
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* Thread Safety Analysis: fix bug when using TryLock with && and || expressions.DeLesley Hutchins2013-08-151-5/+11
| | | | llvm-svn: 188505
* Properly track l-paren of a CXXFucntionalCastExpr.Eli Friedman2013-08-151-1/+1
| | | | | | | | | | In addition to storing more useful information in the AST, this fixes a semantic check in template instantiation which checks whether the l-paren location is valid. Fixes PR16903. llvm-svn: 188495
* Thread safety analysis: move warnings within lock/unlock functions out of beta.DeLesley Hutchins2013-08-151-6/+0
| | | | llvm-svn: 188465
* Silence a warning from MSVC about not returning a valueReid Kleckner2013-08-131-0/+1
| | | | llvm-svn: 188237
* Remove Sema includes from Analysis code to fix layeringReid Kleckner2013-08-121-22/+12
| | | | | | | | | This moves a header-only class from Sema to Analysis and puts the option check in Sema. Patch by Chris Wailes! llvm-svn: 188230
* Speculative build fix for r188206.Hans Wennborg2013-08-121-1/+1
| | | | | | | The cmake-clang-x86_64 was upset: error: 'template<class ImplClass, class RetTy> class clang::ConstStmtVisitor' used without template parameters llvm-svn: 188211
* Patch by Chris Wailes <chris.wailes@gmail.com>.DeLesley Hutchins2013-08-122-0/+803
| | | | | | | | | | | | | | | | | | Reviewed by delesley, dblaikie. Add the annotations and code needed to support a basic 'consumed' analysis. Summary: This new analysis is based on academic literature on linear types. It tracks the state of a value, either as unconsumed, consumed, or unknown. Methods are then annotated as CallableWhenUnconsumed, and when an annotated method is called while the value is in the 'consumed' state a warning is issued. A value may be tested in the conditional statement of an if-statement; when this occurs we know the state of the value in the different branches, and this information is added to our analysis. The code is still highly experimental, and the names of annotations or the algorithm may be subject to change. llvm-svn: 188206
* [analyzer] Include analysis stack in crash traces.Jordan Rose2013-07-191-6/+10
| | | | | | | | | | | | | Sample output: 0. Program arguments: ... 1. <eof> parser at end of file 2. While analyzing stack: #0 void inlined() #1 void test() 3. crash-trace.c:6:3: Error evaluating statement llvm-svn: 186639
* Remove bogus VarDecl::extendsLifetimeOfTemporary function and inline it intoRichard Smith2013-06-271-2/+15
| | | | | | its only caller with a FIXME explaining why it's bogus. llvm-svn: 185109
* Updating a link in the comments; no functional change.Aaron Ballman2013-06-261-2/+2
| | | | llvm-svn: 185013
* [CFG] Set the “loop target” (back edge) for VisitObjCForCollectionStmt loopsAnna Zaks2013-06-221-4/+11
| | | | | | | | Add the back edge info by creating a basic block, marked as loop target. This is consistent with how other loops are processed, but was omitted from VisitObjCForCollectionStmt. llvm-svn: 184617
* [analyzer; new edges] Simplify edges in a C++11 for-range loop.Jordan Rose2013-06-062-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | Previously our edges were completely broken here; now, the final result is a very simple set of edges in most cases: one up to the "for" keyword for context, and one into the body of the loop. This matches the behavior for ObjC for-in loops. In the AST, however, CXXForRangeStmts are handled very differently from ObjCForCollectionStmts. Since they are specified in terms of equivalent statements in the C++ standard, we actually have implicit AST nodes for all of the semantic statements. This makes evaluation very easy, but diagnostic locations a bit trickier. Fortunately, the problem can be generally defined away by marking all of the implicit statements as part of the top-level for-range statement. One of the implicit statements in a for-range statement is the declaration of implicit iterators __begin and __end. The CFG synthesizes two separate DeclStmts to match each of these decls, but until now these synthetic DeclStmts weren't in the function's ParentMap. Now, the CFG keeps track of its synthetic statements, and the AnalysisDeclContext will make sure to add them to the ParentMap. <rdar://problem/14038483> llvm-svn: 183449
* Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully ↵David Majnemer2013-06-041-2/+8
| | | | | | | | | | | | | | covered Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered() as well as having no cases at all (i.e. the enum it covers has no enumerators). In this case, we should add a successor to repair the CFG. This fixes PR16212. llvm-svn: 183237
* CFG: In a DeclStmt, skip anything that's not a VarDecl.Jordan Rose2013-06-031-10/+2
| | | | | | | | | | | | | Neither the compiler nor the analyzer are doing anything with non-VarDecl decls in the CFG, and having them there creates extra nodes in the analyzer's path diagnostics. Simplify the CFG (and the path edges) by simply leaving them out. We can always add interesting decls back in when they become relevant. Note that this only affects decls declared in a DeclStmt, and then only those that appear within a function body. llvm-svn: 183157
* Thread safety analysis: fix use after free bug reported by Evgeniy Stepanov.DeLesley Hutchins2013-05-201-7/+21
| | | | llvm-svn: 182305
* Revert "[analyzer; alternate edges] improve support for edges with ↵Jordan Rose2013-05-181-22/+8
| | | | | | | | | | | | | PseudoObjectExprs." Ted and I spent a long time discussing this today and found out that neither the existing code nor the new code was doing what either of us thought it was, which is never good. The good news is we found a much simpler way to fix the motivating test case (an ObjCSubscriptExpr). This reverts r182083, but pieces of it will come back in subsequent commits. llvm-svn: 182185
* Thread safety analysis: add two new attributes to the thread safety analysis:DeLesley Hutchins2013-05-171-8/+41
| | | | | | | assert_exclusive_lock and assert_shared_lock. These attributes are used to mark functions that dynamically check (i.e. assert) that a lock is held. llvm-svn: 182170
* [analyzer; alternate edges] improve support for edges with PseudoObjectExprs.Ted Kremenek2013-05-171-8/+22
| | | | | | | | | | | | | | | | | | This optimizes some spurious edges resulting from PseudoObjectExprs. This required far more changes than I anticipated. The current ParentMap does not record any hierarchy information between a PseudoObjectExpr and its *semantic* expressions that may be wrapped in OpaqueValueExprs, which are the expressions actually laid out in the CFG. This means the arrow pruning logic could not map from an expression to its containing PseudoObjectExprs. To solve this, this patch adds a variant of ParentMap that returns the "semantic" parentage of expressions (essentially as they are viewed by the CFG). This alternate ParentMap is then used by the arrow reducing logic to identify edges into pseudo object expressions, and then eliminate them. llvm-svn: 182083
* Remove unused, awkward CFGStmtVisitor and subclasses.Jordan Rose2013-05-152-116/+1
| | | | | | | | | | | | | | | | | This class is a StmtVisitor that distinguishes between block-level and non-block-level statements in a CFG. However, it does so using a hard-coded idea of which statements might be block-level, which probably isn't accurate anymore. The only implementer of the CFGStmtVisitor hierarchy was the analyzer's DeadStoresChecker, and the analyzer creates a linearized CFG anyway (every non-trivial statement is a block-level statement). This also allows us to remove the block-expr map ("BlkExprMap"), which mapped statements to positions in the CFG. Apart from having a helper type that really should have just been Optional<unsigned>, it was only being used to ask /if/ a particular expression was block-level, for traversal purposes in CFGStmtVisitor. llvm-svn: 181945
* Use only explicit bool conversion operatorDavid Blaikie2013-05-151-1/+1
| | | | | | | | | | | | | | | | | | | The most common (non-buggy) case are where such objects are used as return expressions in bool-returning functions or as boolean function arguments. In those cases I've used (& added if necessary) a named function to provide the equivalent (or sometimes negative, depending on convenient wording) test. DiagnosticBuilder kept its implicit conversion operator owing to the prevalent use of it in return statements. One bug was found in ExprConstant.cpp involving a comparison of two PointerUnions (PointerUnion did not previously have an operator==, so instead both operands were converted to bool & then compared). A test is included in test/SemaCXX/constant-expression-cxx1y.cpp for the fix (adding operator== to PointerUnion in LLVM). llvm-svn: 181869
* Add support for __wchar_t in -fms-extensions mode.Hans Wennborg2013-05-103-5/+5
| | | | | | | | | | | | | | | | | MSVC provides __wchar_t. This is the same as the built-in wchar_t type from C++, but it is also available with -fno-wchar and in C. The commit changes ASTContext to have two different types for this: - WCharTy is the built-in type used for wchar_t in C++ and __wchar_t. - WideCharTy is the type of a wide character literal. In C++ this is the same as WCharTy, and in C it is an integer type compatible with the type in <stddef.h>. This fixes PR15815. llvm-svn: 181587
* Replace ArrayRef<T>() with None, now that we have an implicit ArrayRef ↵Dmitri Gribenko2013-05-051-4/+4
| | | | | | | | constructor from None Patch by Robert Wilhelm. llvm-svn: 181139
* C++1y: Allow aggregates to have default initializers.Richard Smith2013-04-201-0/+5
| | | | | | | | | | | Add a CXXDefaultInitExpr, analogous to CXXDefaultArgExpr, and use it both in CXXCtorInitializers and in InitListExprs to represent a default initializer. There's an additional complication here: because the default initializer can refer to the initialized object via its 'this' pointer, we need to make sure that 'this' points to the right thing within the evaluation. llvm-svn: 179958
* Thread safety analysis: turn on checking within lock and unlock functions.DeLesley Hutchins2013-04-081-10/+48
| | | | | | These checks are enabled with the -Wthread-safety-beta flag. llvm-svn: 179046
* Thread safety analysis: Turn on checking for non-scalar types by default.DeLesley Hutchins2013-04-011-49/+43
| | | | | | | These were previously enabled as a "beta" feature, but they have now been extensively tested. llvm-svn: 178478
* [analyzer] Add debug helper LocationContext::dumpStack().Jordan Rose2013-03-301-0/+26
| | | | | | | | | | | Sample output: #0 void construct(pointer __p, llvm::ImutAVLTree<llvm::ImutContainerInfo<clang::ento::BugType *> > *const &__val) #1 void push_back(const value_type &__x) #2 void destroy() #3 void release() #4 void ~ImmutableSet() llvm-svn: 178400
* [cfg] Always guard (when AddStaticInitBranches == true) DeclStmts for static ↵Ted Kremenek2013-03-291-15/+15
| | | | | | variables, not just ones with explicit initializers llvm-svn: 178322
OpenPOWER on IntegriCloud