summaryrefslogtreecommitdiffstats
path: root/clang/lib/Analysis
Commit message (Collapse)AuthorAgeFilesLines
...
* Reduce -Wuninitialized time by 22% (on sqlite) by removing the recursive AST ↵Ted Kremenek2011-07-191-100/+87
| | | | | | | | | | | | | | | crawl. This is accomplished by forcing the needed expressions for -Wuninitialized to always be CFGElements in the CFG. This allows us to remove a fair amount of the code for -Wuninitialized. Some fallout: - AnalysisBasedWarnings.cpp now specifically toggles the CFGBuilder to create a CFG that is suitable for -Wuninitialized. This is a layering violation, since the logic for -Wuninitialized is in libAnalysis. This can be fixed with the proper refactoring. - Some of the source locations for -Wunreachable-code warnings have shifted. While not ideal, this is okay because that analysis already needs some serious reworking. llvm-svn: 135480
* Add hooks into the CFG builder to force that specific expressions are always ↵Ted Kremenek2011-07-191-5/+7
| | | | | | CFGElements. llvm-svn: 135479
* Revert r135217, which wasn't the correct fix for PR10358. With thisChandler Carruth2011-07-161-6/+4
| | | | | | | | | | | patch, we actually move the state-machine for the value set backwards one step. This can pretty easily lead to infinite loops where we continually try to propagate a bit, succeed for one iteration, but then back up because we find an uninitialized use. A reduced test case from PR10379 is included. llvm-svn: 135359
* [analyzer] Per discussions with the Cocoa team, extend CF naming conventions ↵Ted Kremenek2011-07-161-2/+41
| | | | | | to extend to camel case functions instead of just title case functions. Fixes <rdar://problem/9732321>. llvm-svn: 135350
* [analyzer] Place checking for Core Foundation "Create" rule into a proper ↵Ted Kremenek2011-07-161-6/+11
| | | | | | API. No functionality change. llvm-svn: 135349
* Fix false negative reported in PR 10358 by using 'Unknown' in ↵Ted Kremenek2011-07-141-4/+6
| | | | | | -Wuninitialized to avoid cascading warnings. Patch by Kaelyn Uhrain. llvm-svn: 135217
* Revert r135147 and r135075. The consensus was that this wasn't the right ↵Ted Kremenek2011-07-141-14/+12
| | | | | | thing to do. llvm-svn: 135152
* Add extra sanity checking in FormatString::matchesType() that we are ↵Ted Kremenek2011-07-141-3/+6
| | | | | | comparing integers to integers. This happens not to be an issue now, but the extra check helps future proof in case of future refactorings. llvm-svn: 135147
* Reapply r135075, but modify format-strings.c and format-strings-fixit.c test ↵Ted Kremenek2011-07-141-10/+9
| | | | | | cases to be more portable with an explicit target triple. llvm-svn: 135134
* Revert r135075, "format string checking: long and int have the same widths ↵NAKAMURA Takumi2011-07-141-9/+10
| | | | | | | | on 32-bit, so we shouldn't warn about using" It fails on freebsd, mingw and msvc10. llvm-svn: 135129
* format string checking: long and int have the same widths on 32-bit, so we ↵Ted Kremenek2011-07-131-10/+9
| | | | | | | | shouldn't warn about using an "int" format specifier with a "long" type in 32-bit. llvm-svn: 135075
* Re-relax conversion specifier checking for printf format strings and ↵Ted Kremenek2011-07-131-3/+4
| | | | | | conversion specifiers. My recent change was a mistake. llvm-svn: 135048
* Fix inversion in argument type checking for format strings with conversion ↵Ted Kremenek2011-07-131-2/+2
| | | | | | specifiers for character types. llvm-svn: 135046
* Make the worklist in the uninitialized values checker actually a queue.Chandler Carruth2011-07-081-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, despite the names 'enqueue' and 'dequeue', it behaved as a stack and visited blocks in a LIFO fashion. This interacts badly with extremely broad CFGs *inside* of a loop (such as a large switch inside a state machine) where every block updates a different variable. When encountering such a CFG, the checker visited blocks in essentially a "depth first" order due to the stack-like behavior of the work list. Combined with each block updating a different variable, the saturation logic of the checker caused it to re-traverse blocks [1,N-1] of the broad CFG inside the loop after traversing block N. These re-traversals were to propagate the variable values derived from block N. Assuming approximately the same number of variables as inner blocks exist, the end result is O(N^2) updates. By making this a queue, we also make the traversal essentially "breadth-first" across each of the N inner blocks of the loop. Then all of this state is propagated around to all N inner blocks of the loop. The result is O(N) updates. The truth is in the numbers: Before, gcc.c: 96409 block visits (max: 61546, avg: 591) After, gcc.c: 69958 block visits (max: 33090, avg: 429) Before, PR10183: 2540494 block vists (max: 2536495, avg: 37360) After, PR10183: 137803 block visits (max: 134406, avg: 2026) The nearly 20x reduction in work for PR10183 corresponds to a roughly 100x speedup in compile time. I've tested it on all the code I can get my hands on, and I've seen no slowdowns due to this change. Where I've collected stats, the ammount of work done is on average less. I'll also commit shortly some synthetic test cases useful in analyzing the performance of CFG-based warnings. Submitting this based on Doug's feedback that post-commit review should be good. Ted, please review! Hopefully this helps compile times until then. llvm-svn: 134697
* Build up statistics about the work done for analysis based warnings.Chandler Carruth2011-07-061-7/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Special detail is added for uninitialized variable analysis as this has serious performance problems than need to be tracked. Computing some of this data is expensive, for example walking the CFG to determine its size. To avoid doing that unless the stats data is going to be used, we thread a bit into the Sema object to track whether detailed stats should be collected or not. This bit is used to avoid computations whereever the computations are likely to be more expensive than checking the state of the flag. Thus, counters are in some cases unconditionally updated, but the more expensive (and less frequent) aggregation steps are skipped. With this patch, we're able to see that for 'gcc.c': *** Analysis Based Warnings Stats: 232 functions analyzed (0 w/o CFGs). 7151 CFG blocks built. 30 average CFG blocks per function. 1167 max CFG blocks per function. 163 functions analyzed for uninitialiazed variables 640 variables analyzed. 3 average variables per function. 94 max variables per function. 96409 block visits. 591 average block visits per function. 61546 max block visits per function. And for the reduced testcase in PR10183: *** Analysis Based Warnings Stats: 98 functions analyzed (0 w/o CFGs). 8526 CFG blocks built. 87 average CFG blocks per function. 7277 max CFG blocks per function. 68 functions analyzed for uninitialiazed variables 1359 variables analyzed. 19 average variables per function. 1196 max variables per function. 2540494 block visits. 37360 average block visits per function. 2536495 max block visits per function. That last number is the somewhat scary one that indicates the problem in PR10183. llvm-svn: 134494
* Teach the static analyzer's interpretation of Cocoa conventions toDouglas Gregor2011-07-061-2/+4
| | | | | | | obey the objc_method_family attribute when provided. Fixes <rdar://problem/9726279>. llvm-svn: 134493
* Added a missing case label.Fariborz Jahanian2011-07-061-0/+1
| | | | llvm-svn: 134454
* Revert r133024, "[format strings] correctly suggest correct type for '%@'Daniel Dunbar2011-06-282-4/+1
| | | | | | | | | specifiers. Fixes <rdar://problem/9607158>." because it causes false positives on some code that uses CF toll free bridging. - I'll let Doug or Ted figure out the right fix here, possibly just to accept any pointer type. llvm-svn: 134041
* Introduce a new AST node describing reference binding to temporaries.Douglas Gregor2011-06-211-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | MaterializeTemporaryExpr captures a reference binding to a temporary value, making explicit that the temporary value (a prvalue) needs to be materialized into memory so that its address can be used. The intended AST invariant here is that a reference will always bind to a glvalue, and MaterializeTemporaryExpr will be used to convert prvalues into glvalues for that binding to happen. For example, given const int& r = 1.0; The initializer of "r" will be a MaterializeTemporaryExpr whose subexpression is an implicit conversion from the double literal "1.0" to an integer value. IR generation benefits most from this new node, since it was previously guessing (badly) when to materialize temporaries for the purposes of reference binding. There are likely more refactoring and cleanups we could perform there, but the introduction of MaterializeTemporaryExpr fixes PR9565, a case where IR generation would effectively bind a const reference directly to a bitfield in a struct. Addresses <rdar://problem/9552231>. llvm-svn: 133521
* Finish 2 sentences.Francois Pichet2011-06-161-1/+1
| | | | llvm-svn: 133214
* Automatic Reference Counting.John McCall2011-06-151-0/+6
| | | | | | | | | | Language-design credit goes to a lot of people, but I particularly want to single out Blaine Garst and Patrick Beard for their contributions. Compiler implementation credit goes to Argyrios, Doug, Fariborz, and myself, in no particular order. llvm-svn: 133103
* [format strings] correctly suggest correct type for '%@' specifiers. Fixes ↵Ted Kremenek2011-06-142-1/+4
| | | | | | <rdar://problem/9607158>. llvm-svn: 133024
* Implement Objective-C Related Result Type semantics.Douglas Gregor2011-06-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Related result types apply Cocoa conventions to the type of message sends and property accesses to Objective-C methods that are known to always return objects whose type is the same as the type of the receiving class (or a subclass thereof), such as +alloc and -init. This tightens up static type safety for Objective-C, so that we now diagnose mistakes like this: t.m:4:10: warning: incompatible pointer types initializing 'NSSet *' with an expression of type 'NSArray *' [-Wincompatible-pointer-types] NSSet *array = [[NSArray alloc] init]; ^ ~~~~~~~~~~~~~~~~~~~~~~ /System/Library/Frameworks/Foundation.framework/Headers/NSObject.h:72:1: note: instance method 'init' is assumed to return an instance of its receiver type ('NSArray *') - (id)init; ^ It also means that we get decent type inference when writing code in Objective-C++0x: auto array = [[NSMutableArray alloc] initWithObjects:@"one", @"two",nil]; // ^ now infers NSMutableArray* rather than id llvm-svn: 132868
* [analyzer] PR8962 again. Ban ParenExprs (and friends) from block-level ↵Jordy Rose2011-06-103-27/+22
| | | | | | | | expressions (by calling IgnoreParens before adding expressions to blocks). Undo 132769 (LiveVariables' local IgnoreParens), since it's no longer necessary. Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary. llvm-svn: 132840
* [analyzer] Ignore parentheses around block-level expressions when computing ↵Jordy Rose2011-06-091-3/+13
| | | | | | liveness. Fixes the other half of PR8962. llvm-svn: 132769
* Utilize PackedVector, introduced with llvm commit r132325.Argyrios Kyrtzidis2011-05-311-34/+3
| | | | llvm-svn: 132326
* Add explicit CFG support for ignoring static_asserts.Ted Kremenek2011-05-241-1/+9
| | | | llvm-svn: 132001
* Refactoring of constant expression evaluatorPeter Collingbourne2011-05-131-1/+1
| | | | | | | | | This introduces a generic base class for the expression evaluator classes, which handles a few common expression types which were previously handled separately in each class. Also, the expression evaluator now uses ConstStmtVisitor. llvm-svn: 131281
* Teach CFG building how to deal with CXXMemberCallExprs and BoundMemberTy,John McCall2011-05-111-15/+12
| | | | | | | then teach -Wreturn-type to handle the same. Net effect: we now correctly handle noreturn attributes on member calls in the CFG. llvm-svn: 131178
* Fix crash in -Wuninitialized when using switch statments whose condition is ↵Ted Kremenek2011-05-101-5/+9
| | | | | | a logical operation. llvm-svn: 131158
* Elide __label__ declarations from the CFG. This resolves a crash in ↵Ted Kremenek2011-05-101-0/+5
| | | | | | CFGRecStmtDeclVisitor (crash in static analyzer). llvm-svn: 131141
* Silence more -Wnon-pod-memset given its current implementation. I may beChandler Carruth2011-04-281-1/+1
| | | | | | | able to revert these based on a patch I'm working on, but no reason for people to be spammed with warnings in the interim. llvm-svn: 130394
* Remove unused method CFGBlock::hasBinaryBranchTerminator().Ted Kremenek2011-04-271-26/+0
| | | | llvm-svn: 130336
* Don't print fixits for format specifiers in cases where the fixit does not ↵Eli Friedman2011-04-271-12/+27
| | | | | | | | actually fix the warning. PR8781. I'm not sure what the preferred way to write a test for whether a fixit is emitted. llvm-svn: 130335
* When generating printf fixits, preserve the original formating for unsigned ↵Ted Kremenek2011-04-251-1/+3
| | | | | | integers (e.g., 'x', 'o'). llvm-svn: 130164
* Fix PR9741. The implicit declarations created for range-based for loops ↵Richard Smith2011-04-181-2/+2
| | | | | | weren't being added to the DeclContext (nor were they being marked as implicit). Also, the declarations were being emitted in the wrong order when building the CFG. llvm-svn: 129700
* fix a bunch of comment typos found by codespell. Patch byChris Lattner2011-04-151-2/+2
| | | | | | Luis Felipe Strano Moraes! llvm-svn: 129559
* When we transform a C++ exception declaration (e.g., for templateDouglas Gregor2011-04-141-6/+0
| | | | | | | | instantiation), be sure to add the transformed declaration into the current DeclContext. Also, remove the -Wuninitialized hack that works around this bug. Fixes <rdar://problem/9200676>. llvm-svn: 129544
* Add support for C++0x's range-based for loops, as specified by the C++11 ↵Richard Smith2011-04-141-0/+120
| | | | | | draft standard (N3291). llvm-svn: 129541
* Return the correct lastly populated block from ↵Ted Kremenek2011-04-141-2/+4
| | | | | | CFGBuilder::VisitUnaryExprOrTypeTraitExpr(). llvm-svn: 129499
* Teach -Wuninitialized about C++'s typeid expression, including both theChandler Carruth2011-04-131-0/+12
| | | | | | | | | | | evaluated and unevaluated contexts. Add some testing of sizeof and typeid. Both of the typeid tests added here were triggering warnings previously. Now the one false positive is suppressed without suppressing the warning on actually buggy code. llvm-svn: 129431
* Teach -Wuninitialized to not warn about variables declared in C++ catch ↵Ted Kremenek2011-04-071-0/+1
| | | | | | statements. llvm-svn: 129102
* Commit a bit of a hack to fully handle the situation where variables areChandler Carruth2011-04-051-4/+16
| | | | | | | | | | | | | | | | marked explicitly as uninitialized through direct self initialization: int x = x; With r128894 we prevented warnings about this code, and this patch teaches the analysis engine to continue analyzing subsequent uses of 'x'. This should wrap up PR9624. There is still an open question of whether we should suppress the maybe-uninitialized warnings resulting from variables initialized in this fashion. The definitely-uninitialized uses should always be warned. llvm-svn: 128932
* Fix PR 9626 (duplicated self-init warnings under -Wuninitialized) with ↵Ted Kremenek2011-04-042-8/+23
| | | | | | | | | | | | | | numerous CFG and UninitializedValues analysis changes: 1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt. 2) Update ExprEngine (the static analyzer) to understand (1), so not to regress. 3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method. 4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases. The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer contained control-flow. llvm-svn: 128858
* -Wuninitialized: don't warn about uninitialized variables in unreachable code.Ted Kremenek2011-04-042-4/+17
| | | | llvm-svn: 128840
* Make -Wheader-hygiene not complain about USING_NAMESPACE_THROUGH_MACRO in a ↵Nico Weber2011-04-021-1/+1
| | | | | | non-header file. llvm-svn: 128780
* -Wuninitialized should not warn about variables captured by blocks as byref.Ted Kremenek2011-03-311-6/+11
| | | | | | | | | Note this can potentially be enhanced to detect if the __block variable is actually written by the block, or only when the block "escapes" or is actually used, but that requires more analysis than it is probably worth for this simple check. llvm-svn: 128681
* Add workaround for Sema issue found in <rdar://problem/9188004>, which leads ↵Ted Kremenek2011-03-291-3/+13
| | | | | | | | | to an assertion failure in the uninitialized variables analysis. The problem is that Sema isn't properly registering a variable in a DeclContext (which -Wuninitialized relies on), but my expertise on the template instantiation logic isn't good enough to fix this problem for real. This patch worksaround the problem in -Wuninitialized, but we should fix it for real later. llvm-svn: 128443
* Make helpers static.Benjamin Kramer2011-03-261-2/+2
| | | | llvm-svn: 128339
* Fix CFG-construction bug when run from ↵Ted Kremenek2011-03-231-9/+23
| | | | | | | | AnalysisBasedWarnings::IssueWarnings() where block-level expressions that need to be recorded in the Stmt*->CFGBlock* map were not always done so. Fixes <rdar://problem/9171946>. llvm-svn: 128170
OpenPOWER on IntegriCloud