temporary objects and local variables. When detected, these split the
block, marking the new one as having only the exit block as a successor.
This prevents a large number of false positives in warnings sensitive to
no-return constructs such as -Wreturn-type, and fixes the remainder of
PR10063 along with several variations of this bug that had not been
reported. The test cases are extended across the board to cover these
patterns.
This also checks in a stress test for these types of CFGs. The stress
test declares some 32k variables, a mixture of no-return and normal
destructors. Previously, this resulted in roughly 2500 CFG blocks, but
didn't model any of the no-return destructors. With this patch, it
results in over 33k blocks, many of them now unreachable.
The nice thing about how the analyzer is set up? This causes *no*
regression in performance of building the CFG. It actually in some cases
makes it faster, as best I can benchmark. The analysis for -Wreturn-type
(and any other that cares about no-return code paths) is technically
slower now as it has to look at many more candidate blocks, but it
computes the correct answer. I have more test cases to follow, I think
they all work now. Also I have further work that should dramatically
simplify analyses in the presence of no-return.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139586 91177308-0d34-0410-b5e6-96231b3b80d8
and case statements. Use this to make the logic in the CFG builder more
robust at finding the actual statements within a compound statement,
even when there are many layers of labels obscuring it.
Also extend the test cases for a large chunk of PR10063. Still more work
to do here though.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@139437 91177308-0d34-0410-b5e6-96231b3b80d8
incorrectly in the CFG, and also the static analyzer. This patch regresses the analyzer a bit, but
that needs to be followed up with a better solution.
Fixes <rdar://problem/10008112>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@138372 91177308-0d34-0410-b5e6-96231b3b80d8
MaterializeTemporaryExpr captures a reference binding to a temporary
value, making explicit that the temporary value (a prvalue) needs to
be materialized into memory so that its address can be used. The
intended AST invariant here is that a reference will always bind to a
glvalue, and MaterializeTemporaryExpr will be used to convert prvalues
into glvalues for that binding to happen. For example, given
const int& r = 1.0;
The initializer of "r" will be a MaterializeTemporaryExpr whose
subexpression is an implicit conversion from the double literal "1.0"
to an integer value.
IR generation benefits most from this new node, since it was
previously guessing (badly) when to materialize temporaries for the
purposes of reference binding. There are likely more refactoring and
cleanups we could perform there, but the introduction of
MaterializeTemporaryExpr fixes PR9565, a case where IR generation
would effectively bind a const reference directly to a bitfield in a
struct. Addresses <rdar://problem/9552231>.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@133521 91177308-0d34-0410-b5e6-96231b3b80d8
Also, have Environment stop looking through NoOp casts; it didn't match the behavior of LiveVariables. And once that's gone, the whole cast block of that switch is unnecessary.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@132840 91177308-0d34-0410-b5e6-96231b3b80d8
This introduces a generic base class for the expression evaluator
classes, which handles a few common expression types which were
previously handled separately in each class. Also, the expression
evaluator now uses ConstStmtVisitor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131281 91177308-0d34-0410-b5e6-96231b3b80d8
then teach -Wreturn-type to handle the same. Net effect: we now correctly
handle noreturn attributes on member calls in the CFG.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@131178 91177308-0d34-0410-b5e6-96231b3b80d8
1) Change the CFG to include the DeclStmt for conditional variables, instead of using the condition itself as a faux DeclStmt.
2) Update ExprEngine (the static analyzer) to understand (1), so not to regress.
3) Update UninitializedValues.cpp to initialize all tracked variables to Uninitialized at the start of the function/method.
4) Only use the SelfReferenceChecker (SemaDecl.cpp) on global variables, leaving the dataflow analysis to handle other cases.
The combination of (1) and (3) allows the dataflow-based -Wuninitialized to find self-init problems when the initializer
contained control-flow.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@128858 91177308-0d34-0410-b5e6-96231b3b80d8
Change the interface to expose the new information and deal with the enormous fallout.
Introduce the new ExceptionSpecificationType value EST_DynamicNone to more easily deal with empty throw specifications.
Update the tests for noexcept and fix the various bugs uncovered, such as lack of tentative parsing support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127537 91177308-0d34-0410-b5e6-96231b3b80d8
Instead, create a small set of Stmt* -> CFGBlock* mappings during CFG construction for only the statements we care about
relating to the diagnostics we want to check for reachability.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127396 91177308-0d34-0410-b5e6-96231b3b80d8
Moreover, change AnalysisContext to use an OwningPtr for created analysis objects instead
of directly managing them.
Finally, add a 'forcedBlkExprs' entry to CFG::BuildOptions that will be used by the
CFGBuilder to force specific expressions to be block-level expressions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@127385 91177308-0d34-0410-b5e6-96231b3b80d8
- Also, consoldiate getDtorKind() and getKind() into one "kind".
- Add empty getDestructorDecl() method to CFGImplicitDtor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126738 91177308-0d34-0410-b5e6-96231b3b80d8
This fixes a crash reported in PR9287, and also fixes a false positive involving the value of such ternary
expressions not properly getting propagated.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126362 91177308-0d34-0410-b5e6-96231b3b80d8
but it's not reasonable for the diagnostic to figure that out.
Pointed out by Benjamin Kramer.
Also clarify the logic here.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@126017 91177308-0d34-0410-b5e6-96231b3b80d8
class and to bind the shared value using OpaqueValueExpr. This fixes an
unnoticed problem with deserialization of these expressions where the
deserialized form would lose the vital pointer-equality trait; or rather,
it fixes it because this patch also does the right thing for deserializing
OVEs.
Change OVEs to not be a "temporary object" in the sense that copy elision is
permitted.
This new representation is not totally unawkward to work with, but I think
that's really part and parcel with the semantics we're modelling here. In
particular, it's much easier to fix things like the copy elision bug and to
make the CFG look right.
I've tried to update the analyzer to deal with this in at least some
obvious cases, and I think we get a much better CFG out, but the printing
of OpaqueValueExprs probably needs some work.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125744 91177308-0d34-0410-b5e6-96231b3b80d8
LabelDecl and LabelStmt. There is a 1-1 correspondence between the
two, but this simplifies a bunch of code by itself. This is because
labels are the only place where we previously had references to random
other statements, causing grief for AST serialization and other stuff.
This does cause one regression (attr(unused) doesn't silence unused
label warnings) which I'll address next.
This does fix some minor bugs:
1. "The only valid attribute " diagnostic was capitalized.
2. Various diagnostics printed as ''labelname'' instead of 'labelname'
3. This reduces duplication of label checking between functions and blocks.
Review appreciated, particularly for the cindex and template bits.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125733 91177308-0d34-0410-b5e6-96231b3b80d8
Stmt::const_child_range, then make a bunch of places use them instead
of the individual iterator accessors.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@125450 91177308-0d34-0410-b5e6-96231b3b80d8
implicit lvalue-to-rvalue casts that John McCall
recently introduced. This causes a whole bunch
of logic in the analyzer for handling lvalues
to vanish. It does, however, raise a few issues
in the analyzer w.r.t to modeling various constructs
(e.g., field accesses to compound literals).
The .c/.m analysis test cases that fail are
due to a missing lvalue-to-rvalue cast that
will get introduced into the AST. The .cpp
failures were more than I could investigate in
one go, and the patch was already getting huge.
I have XFAILED some of these tests, and they
should obviously be further investigated.
Some highlights of this patch include:
- CFG no longer requires an lvalue bit for
CFGElements
- StackFrameContext doesn't need an 'asLValue'
flag
- The "VisitLValue" path from GRExprEngine has
been eliminated.
Besides the test case failures (XFAILed), there
are surely other bugs that are fallout from
this change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@121960 91177308-0d34-0410-b5e6-96231b3b80d8
struct X {
X() : au_i1(123) {}
union {
int au_i1;
float au_f1;
};
};
clang will now deal with au_i1 explicitly as an IndirectFieldDecl.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120900 91177308-0d34-0410-b5e6-96231b3b80d8
not actually frequently used, because ImpCastExprToType only creates a node
if the types differ. So explicitly create an ICE in the lvalue-to-rvalue
conversion code in DefaultFunctionArrayLvalueConversion() as well as several
other new places, and consistently deal with the consequences throughout the
compiler.
In addition, introduce a new cast kind for loading an ObjCProperty l-value,
and make sure we emit those nodes whenever an ObjCProperty l-value appears
that's not on the LHS of an assignment operator.
This breaks a couple of rewriter tests, which I've x-failed until future
development occurs on the rewriter.
Ted Kremenek kindly contributed the analyzer workarounds in this patch.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@120890 91177308-0d34-0410-b5e6-96231b3b80d8
1. "no 'else' after 'return'" -- this is for conformance with the
coding standards.
2. move 'else' to the line of the previous '}' -- this is for consistency.
Reviewed by kremenek.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119983 91177308-0d34-0410-b5e6-96231b3b80d8
it is possible for the confluence block to only have a single predecessor due to calls to 'noreturn'
functions. Fixes assertion failure reported in PR 8619.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119284 91177308-0d34-0410-b5e6-96231b3b80d8
Elidable CXXConstructExpr should inhibit calling destructor for temporary
that is copied, not the one created. This is because eliding copy constructor
means that the object that was to be copied will be constructed directly in
memory the copy would be constructed in.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@119044 91177308-0d34-0410-b5e6-96231b3b80d8
1. For statement: const C& c = C(0) ?: C(1) destructors generated for condition will not differ from those generated for case without prolonged lifetime of temporary,
2. There will be no destructor for constant reference member bound to temporary at the exit from constructor.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@118158 91177308-0d34-0410-b5e6-96231b3b80d8
and ImplicitCastExpr to propagate asLValue AddStmtChoice property.
But do not propagate AlwaysAdd property.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117909 91177308-0d34-0410-b5e6-96231b3b80d8
containing a DoStmt, and the LHS doesn't create a new block, then we should
return RBlock. Otherwise we'll incorrectly return NULL.
Also relax an assertion in VisitWhileStmt(). Reset 'Block' when it is finished.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117436 91177308-0d34-0410-b5e6-96231b3b80d8
There's only one destructor call generated for each not empty array (at least for now this should be enough).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117252 91177308-0d34-0410-b5e6-96231b3b80d8
There's only one destructor call generated for each not empty array (at least for now this should be enough).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@117251 91177308-0d34-0410-b5e6-96231b3b80d8
- Adding LocalScope for CompoundStmt,
- Adding CFGAutomaticObjDtors for end of scope, return, goto, break, continue,
- Regression tests for above cases.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115252 91177308-0d34-0410-b5e6-96231b3b80d8
- post-increament, distance and bool conversion methods to LocalScope::const_iterator,
- adding VarDecl to LocalScope.
Fixed some misspells in comments.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@115227 91177308-0d34-0410-b5e6-96231b3b80d8
- LocalScope class with iterator used to pointing into it,
- fat doxygen comment for LocalScope indended usage,
- BlockScopePosPair class used for storing jump targets/sources (for: goto, break, continue), that replaces raw CFGBlock pointer used earlier for this purpose.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114790 91177308-0d34-0410-b5e6-96231b3b80d8
- definitions of interfaces for CFGInitializer and CFGAutomaticObjDtor,
- support for above classes to print_elem function (renamed print_stmt),
- support for VarDecls in StmtPrinterHelper.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@114403 91177308-0d34-0410-b5e6-96231b3b80d8
to selectively walk successors/predecessors based on commonly used filters. For starters, add
a filter to ignore 'default:' cases for SwitchStmts when all enum values are covered by CaseStmts.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@113449 91177308-0d34-0410-b5e6-96231b3b80d8
This introduces FunctionType::ExtInfo to hold the calling convention and the
noreturn attribute. The next patch will extend it to include the regparm
attribute and fix the bug.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99920 91177308-0d34-0410-b5e6-96231b3b80d8
After discussion with Zhongxing, don't force the initializer of DeclStmts to be
block-level expressions.
This led to some interesting fallout:
[UninitializedValues]
Always visit the initializer of DeclStmts (do not assume they are block-level expressions).
[BasicStore]
With initializers of DeclStmts no longer block-level expressions, this causes self-referencing initializers (e.g. 'int x = x') to no longer cause the initialized variable to be live before the DeclStmt. While this is correct, it caused BasicStore::RemoveDeadBindings() to prune off the values of these variables from the initial store (where they are set to uninitialized). The fix is to back-port some (and only some) of the lazy-binding logic from RegionStore to
BasicStore. Now the default values of local variables are determined lazily as opposed
to explicitly initialized.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@97591 91177308-0d34-0410-b5e6-96231b3b80d8
CallExprs as those edges help cause a n^2 explosion in the number of
destructor calls. Other consumers, such as static analysis, that
would like to have more a more complete CFG can select the inclusion
of those edges as CFG build time.
This also fixes up the two compilation users of CFGs to be tolerant of
having or not having those edges. All catch code is assumed be to
live if we didn't generate the exceptional edges for CallExprs.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@94074 91177308-0d34-0410-b5e6-96231b3b80d8
context (try or the Exit block) when there isn't a catch (...).
Improve CFG printing for catch (...).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@93962 91177308-0d34-0410-b5e6-96231b3b80d8
This change was a lot bigger than I originally anticipated; among
other things it requires us storing more information in the CFG to
record what block-level expressions need to be evaluated as lvalues.
The big change is that CFGBlocks no longer contain Stmt*'s by
CFGElements. Currently CFGElements just wrap Stmt*, but they also
store a bit indicating whether the block-level expression should be
evalauted as an lvalue. DeclStmts involving the initialization of a
reference require us treating the initialization expression as an
lvalue, even though that information isn't recorded in the AST.
Conceptually this change isn't that complicated, but it required
bubbling up the data through the CFGBuilder, to GRCoreEngine, and
eventually to GRExprEngine.
The addition of CFGElement is also useful for when we want to handle
more control-flow constructs or other data we want to keep in the CFG
that isn't represented well with just a block of statements.
In GRExprEngine, this patch introduces logic for evaluating the
lvalues of references, which currently retrieves the internal "pointer
value" that the reference represents. EvalLoad does a two stage load
to catch null dereferences involving an invalid reference (although
this could possibly be caught earlier during the initialization of a
reference).
Symbols are currently symbolicated using the reference type, instead
of a pointer type, and special handling is required creating
ElementRegions that layer on SymbolicRegions (see the changes to
RegionStoreManager).
Along the way, the DeadStoresChecker also silences warnings involving
dead stores to references. This was the original change I introduced
(which I wrote test cases for) that I realized caused GRExprEngine to
crash.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91501 91177308-0d34-0410-b5e6-96231b3b80d8
now, don't construct CFGs that contain C++ try/catch statements, and
have GRExprEngine abort a path if it encounters a C++ construct it
doesn't understand (which is mostly everything at this point).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@91389 91177308-0d34-0410-b5e6-96231b3b80d8
Speedup: when doing 'clang-cc -analyze -dump-cfg' (without actual printing, just
CFG building) on the amalgamated SQLite source (all of SQLite in one source
file), runtime reduced by 9%.
This fixes: <rdar://problem/7250745>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@83899 91177308-0d34-0410-b5e6-96231b3b80d8
have the iterators and operator[] handle the traversal of statements, as they
are stored in reverse order. Tests show this has no real performance impact, but
it does simply the CFG construction logic and will make it slightly easier to
change the allocation strategy for CFGBlocks (as we have fewer copies).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@82702 91177308-0d34-0410-b5e6-96231b3b80d8
Although this does not make the CFG more correct, it makes the CFG more
beautiful without multiple roots.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@79509 91177308-0d34-0410-b5e6-96231b3b80d8
TryEvaluateBool instead of using a raw 'int'. This avoids any
confusion of how 'int' converts to bool, and makes the resultant code
easier to read.
Condense a bunch of 'addSuccessor()' calls in 'if ... else' to use the
ternary operator instead.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76947 91177308-0d34-0410-b5e6-96231b3b80d8
is an algorithm that is much easier to understand and slightly more efficient.
Thanks to Mike Stump for our discussions on the CFGBuilder and his comments that
helped prompt this long needed cleanup.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76250 91177308-0d34-0410-b5e6-96231b3b80d8
conventions. Also reflowed comments and removed spaces at end of
lines and fixed up 80 col violations.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@76140 91177308-0d34-0410-b5e6-96231b3b80d8
David Blaikie