summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/cfg.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Improve -Wtautological-overlap-compareRichard Trieu2019-09-211-0/+21
| | | | | | | | | Allow this warning to detect a larger number of constant values, including negative numbers, and handle non-int types better. Differential Revision: https://reviews.llvm.org/D66044 llvm-svn: 372448
* [CFG] Fix CFG for statement-expressions in return values.Artem Dergachev2019-08-291-1/+48
| | | | | | | | | | | We're building the CFG from bottom to top, so when the return-value expression has a non-trivial CFG on its own, we need to continue building from the entry to the return-value expression CFG rather than from the block to which we've just appended the return statement. Fixes a false positive warning "control may reach end of non-void function". llvm-svn: 370406
* [CFG] Make representation of destructor calls more accurate.Artem Dergachev2019-08-281-2/+2
| | | | | | | | | | | | | | | | | Respect C++17 copy elision; previously it would generate destructor calls for elided temporaries, including in initialization and return statements. Don't generate duplicate destructor calls for statement expressions. Fix destructors in initialization lists and comma operators. Improve printing of implicit destructors. Patch by Nicholas Allegra! Differential Revision: https://reviews.llvm.org/D66404 llvm-svn: 370247
* [analyzer] pr37688: Fix a crash upon evaluating a deleted destructor of a union.Artem Dergachev2019-01-181-0/+31
| | | | | | | | | | | | | | | Add a defensive check against an invalid destructor in the CFG. Unions with fields with destructors have their own destructor implicitly deleted. Due to a bug in the CFG we're still trying to evaluate them at the end of the object's lifetime and crash because we are unable to find the destructor's declaration. rdar://problem/47362608 Differential Revision: https://reviews.llvm.org/D56899 llvm-svn: 351610
* [AST, analyzer] Transform rvalue cast outputs to lvalues ↵Aleksei Sidorin2018-10-201-2/+20
| | | | | | | | | | | | | (fheinous-gnu-extensions) Despite the fact that cast expressions return rvalues, GCC still handles such outputs as lvalues when compiling inline assembler. In this commit, we are treating it by removing LValueToRValue casts inside GCCAsmStmt outputs. Differential Revision: https://reviews.llvm.org/D45416 llvm-svn: 344864
* Remove explicit cfg-temporary-dtors=trueAlexander Kornienko2018-05-041-2/+2
| | | | | | | | | | | | | | | | Summary: Remove explicit -analyzer-config cfg-temporary-dtors=true in analyzer tests, since this option defaults to true since r326461. Reviewers: NoQ Reviewed By: NoQ Subscribers: cfe-commits Differential Revision: https://reviews.llvm.org/D46393 llvm-svn: 331520
* [CFG] Add construction context for simple variable declarations.Artem Dergachev2018-02-101-3/+6
| | | | | | | | | Constructors of simple variables now can be queried to discover that they're constructing into simple variables. Differential Revision: https://reviews.llvm.org/D42699 llvm-svn: 324794
* [CFG] Add extra context to C++ constructor statement elements.Artem Dergachev2018-02-081-6/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds a new CFGStmt sub-class, CFGConstructor, which replaces the regular CFGStmt with CXXConstructExpr in it whenever the CFG has additional information to provide regarding what sort of object is being constructed. It is useful for figuring out what memory is initialized in client of the CFG such as the Static Analyzer, which do not operate by recursive AST traversal, but instead rely on the CFG to provide all the information when they need it. Otherwise, the statement that triggers the construction and defines what memory is being initialized would normally occur after the construct-expression, and the client would need to peek to the next CFG element or use statement parent map to understand the necessary facts about the construct-expression. As a proof of concept, CFGConstructors are added for new-expressions and the respective test cases are provided to demonstrate how it works. For now, the only additional data contained in the CFGConstructor element is the "trigger statement", such as new-expression, which is the parent of the constructor. It will be significantly expanded in later commits. The additional data is organized as an auxiliary structure - the "construction context", which is allocated separately from the CFGElement. Differential Revision: https://reviews.llvm.org/D42672 llvm-svn: 324668
* Reland 4: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-031-1/+1
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895
* Revert "Reland 3: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-1/+1
| | | | | | | | multiple constraint managers" This reverts commit ea36f1406e1f36bf456c3f3929839b024128e468. llvm-svn: 296841
* Reland 3: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-1/+1
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296837
* Revert "Reland 2: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-03-021-1/+1
| | | | | | | | multiple constraint managers" This reverts commit f93343c099fff646a2314cc7f4925833708298b1. llvm-svn: 296836
* Reland 2: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-03-021-1/+1
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296835
* Revert "Reland: [analyzer] NFC: Update test infrastructure to support ↵Dominic Chen2017-02-281-1/+1
| | | | | | | | multiple constraint managers" This reverts commit 1b28d0b10e1c8feccb971abb6ef7a18bee589830. llvm-svn: 296422
* Reland: [analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-281-1/+1
| | | | | | | | | | | | | | constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296414
* Revert "[analyzer] NFC: Update test infrastructure to support multiple ↵Dominic Chen2017-02-271-1/+1
| | | | | | | | constraint managers" This reverts commit 8e7780b9e59ddaad1800baf533058d2c064d4787. llvm-svn: 296317
* [analyzer] NFC: Update test infrastructure to support multiple constraint ↵Dominic Chen2017-02-271-1/+1
| | | | | | | | | | | | | | managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296312
* Make output of -ast-print a valid C++ code.Serge Pavlov2016-11-101-1/+1
| | | | | | | | | | | | | | | | | | Output generated by option -ast-print looks like C/C++ code, and it really is for plain C. For C++ the produced output was not valid C++ code, but the differences were small. With this change the output is fixed and can be compiled. Tests are changed so that output produced by -ast-print is compiled again with the same flags and both outputs are compared. Option -ast-print is extensively used in clang tests but it itself was tested poorly, existing tests only checked that compiler did not crash. There are unit tests in file DeclPrinterTest.cpp, but they test only terse output mode. Differential Revision: https://reviews.llvm.org/D26452 llvm-svn: 286439
* [c++1z] Include "noexcept" in builtin function types where appropriate. FixesRichard Smith2016-10-181-1/+1
| | | | | | | an assertion failure looking up a matching ::operator delete for __builtin_operator_delete. llvm-svn: 284458
* PR22924, PR22845, some of CWG1464: When checking the initializer for an arrayRichard Smith2016-10-051-2/+2
| | | | | | | | | | | | | | | | | | new expression, distinguish between the case of a constant and non-constant initializer. In the former case, if the bound is erroneous (too many initializer elements, bound is negative, or allocated size overflows), reject, and take the bound into account when determining whether we need to default-construct any elements. In the remanining cases, move the logic to check for default-constructibility of trailing elements into the initialization code rather than inventing a bogus array bound, to cope with cases where the number of initialized elements is not the same as the number of initializer list elements (this can happen due to string literal initialization or brace elision). This also fixes rejects-valid and crash-on-valid errors when initializing a new'd array of character type from a braced string literal. llvm-svn: 283406
* Fix some cases of incorrect handling of lifetime extended temporaries.Manuel Klimek2014-07-301-1/+56
| | | | | | | | MaterializeTemporaryExpr already contains information about the lifetime of the temporary; if the lifetime is not the full statement, we do not want to emit a destructor at the end of the full statement for it. llvm-svn: 214292
* Render anonymous entities as '(anonymous <thing>)' (and lambdas as '(lambda ↵David Blaikie2014-04-021-1/+1
| | | | | | | | | | | | at ... )') For namespaces, this is consistent with mangling and GCC's debug info behavior. For structs, GCC uses <anonymous struct> but we prefer consistency between all anonymous entities but don't want to confuse them with template arguments, etc, so we'll just go with parens in all cases. llvm-svn: 205398
* [CFG] record the original (now unreachable) block of 'case:' and 'default:' ↵Ted Kremenek2014-02-271-3/+4
| | | | | | cases. llvm-svn: 202435
* [analyzer] Print function name when dumping its CFG.Jordan Rose2014-01-151-14/+13
| | | | | | | | This allows us to use CHECK-LABEL to ensure that we're checking the right CFG. Debugging change only. llvm-svn: 199320
* CFG: use Visit instead of VisitStmt to look through parens.Jordan Rose2014-01-141-0/+29
| | | | | | PR18472 llvm-svn: 199227
* [analyzer] Add a CFG node for the allocator call in a C++ 'new' expression.Jordan Rose2014-01-131-15/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | In an expression like "new (a, b) Foo(x, y)", two things happen: - Memory is allocated by calling a function named 'operator new'. - The memory is initialized using the constructor for 'Foo'. Currently the analyzer only models the second event, though it has special cases for both the default and placement forms of operator new. This patch is the first step towards properly modeling both events: it changes the CFG so that the above expression now generates the following elements. 1. a 2. b 3. (CFGNewAllocator) 4. x 5. y 6. Foo::Foo The analyzer currently ignores the CFGNewAllocator element, but the next step is to treat that as a call like any other. The CFGNewAllocator element is not added to the CFG for analysis-based warnings, since none of them take advantage of it yet. llvm-svn: 199123
* Add CFG tests for switch's involving "extended" enum.Ted Kremenek2013-12-111-1/+129
| | | | llvm-svn: 197094
* Avoid double edges when constructing CFGsPavel Labath2013-09-061-0/+37
| | | | | | | | | | | | | | | | | | | | | Summary: If a noreturn destructor is executed while returning a value from a function, the resulting CFG has had two edges to the exit block. This crashed the analyzer, because it expects that blocks with no terminators have only one outgoing edge. I added code to avoid creating the second edge in this case. PS: The crashes did not manifest themselves always, as usually the NoReturnFunctionChecker would stop program evaluation before the analyzer hit the assertion, but in the case of lifetime extended temporaries, the checker failed to do that (which is a separate bug in itself). Reviewers: jordan_rose CC: cfe-commits Differential Revision: http://llvm-reviews.chandlerc.com/D1513 llvm-svn: 190125
* Add an implicit dtor CFG node just before C++ 'delete' expressions.Jordan Rose2013-09-031-0/+46
| | | | | | | | | | | | | | This paves the way for adding support for modeling the destructor of a region before it is deleted. The statement "delete <expr>" now generates this series of CFG elements: 1. <expr> 2. [B1.1]->~Foo() (Implicit destructor) 3. delete [B1.1] Patch by Karthik Bhat! llvm-svn: 189828
* [analyzer] Add a triple to test/Analysis/cfg.cppJordan Rose2013-08-191-1/+1
| | | | llvm-svn: 188683
* Omit arguments of __builtin_object_size from the CFG.Jordan Rose2013-08-191-0/+16
| | | | | | | | | | | | | | | | | This builtin does not actually evaluate its arguments for side effects, so we shouldn't include them in the CFG. In the analyzer, rely on the constant expression evaluator to get the proper semantics, at least for now. (In the future, we could get ambitious and try to provide path- sensitive size values.) In theory, this does pose a problem for liveness analysis: a variable can be used within the __builtin_object_size argument expression but not show up as live. However, it is very unlikely that such a value would be used to compute the object size and not used to access the object in some way. <rdar://problem/14760817> llvm-svn: 188679
* Analysis: Add a CFG successor to a SwitchStmt if it is both empty and fully ↵David Majnemer2013-06-041-0/+16
| | | | | | | | | | | | | | covered Consider the case where a SwitchStmt satisfied isAllEnumCasesCovered() as well as having no cases at all (i.e. the enum it covers has no enumerators). In this case, we should add a successor to repair the CFG. This fixes PR16212. llvm-svn: 183237
* CFG: In a DeclStmt, skip anything that's not a VarDecl.Jordan Rose2013-06-031-3/+34
| | | | | | | | | | | | | Neither the compiler nor the analyzer are doing anything with non-VarDecl decls in the CFG, and having them there creates extra nodes in the analyzer's path diagnostics. Simplify the CFG (and the path edges) by simply leaving them out. We can always add interesting decls back in when they become relevant. Note that this only affects decls declared in a DeclStmt, and then only those that appear within a function body. llvm-svn: 183157
* CFG.cpp: Fix wrapping logic when printing block preds/succs.Will Dietz2013-01-071-0/+37
First check only wrapped with i==8, second wrapped at i==2,8,18,28,... This fix restores the intended behavior: i==8,18,28,... Found with -fsanitize=integer. llvm-svn: 171718
OpenPOWER on IntegriCloud