summaryrefslogtreecommitdiff
path: root/lib/StaticAnalyzer/Core
diff options
context:
space:
mode:
authorDimitry Andric <dim@FreeBSD.org>2012-08-19 10:33:04 +0000
committerDimitry Andric <dim@FreeBSD.org>2012-08-19 10:33:04 +0000
commit657bc3d9848e3be92029b2416031340988cd0111 (patch)
tree5b9c2fa9d79942fbdce3d618e37e27c18263af9a /lib/StaticAnalyzer/Core
parent56d91b49b13fe55c918afbda19f6165b5fbff87a (diff)
vendor/clang/clang-trunk-r162107
Notes
Diffstat (limited to 'lib/StaticAnalyzer/Core')
-rw-r--r--lib/StaticAnalyzer/Core/AnalysisManager.cpp45
-rw-r--r--lib/StaticAnalyzer/Core/BugReporter.cpp189
-rw-r--r--lib/StaticAnalyzer/Core/BugReporterVisitors.cpp2
-rw-r--r--lib/StaticAnalyzer/Core/CallEvent.cpp86
-rw-r--r--lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp42
-rw-r--r--lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp48
-rw-r--r--lib/StaticAnalyzer/Core/PathDiagnostic.cpp18
-rw-r--r--lib/StaticAnalyzer/Core/PlistDiagnostics.cpp92
-rw-r--r--lib/StaticAnalyzer/Core/ProgramState.cpp7
-rw-r--r--lib/StaticAnalyzer/Core/TextPathDiagnostics.cpp12
10 files changed, 255 insertions, 286 deletions
diff --git a/lib/StaticAnalyzer/Core/AnalysisManager.cpp b/lib/StaticAnalyzer/Core/AnalysisManager.cpp
index 5aac6406f69f..efeba17a62ba 100644
--- a/lib/StaticAnalyzer/Core/AnalysisManager.cpp
+++ b/lib/StaticAnalyzer/Core/AnalysisManager.cpp
@@ -16,7 +16,7 @@ void AnalysisManager::anchor() { }
AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
const LangOptions &lang,
- PathDiagnosticConsumer *pd,
+ const PathDiagnosticConsumers &PDC,
StoreManagerCreator storemgr,
ConstraintManagerCreator constraintmgr,
CheckerManager *checkerMgr,
@@ -33,7 +33,8 @@ AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
AnalysisInliningMode IMode,
bool NoRetry)
: AnaCtxMgr(useUnoptimizedCFG, addImplicitDtors, /*addInitializers=*/true),
- Ctx(ctx), Diags(diags), LangOpts(lang), PD(pd),
+ Ctx(ctx), Diags(diags), LangOpts(lang),
+ PathConsumers(PDC),
CreateStoreMgr(storemgr), CreateConstraintMgr(constraintmgr),
CheckerMgr(checkerMgr),
MaxNodes(maxnodes), MaxVisit(maxvisit),
@@ -49,29 +50,19 @@ AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
AnaCtxMgr.getCFGBuildOptions().setAllAlwaysAdd();
}
-AnalysisManager::AnalysisManager(ASTContext &ctx, DiagnosticsEngine &diags,
- AnalysisManager &ParentAM)
- : AnaCtxMgr(ParentAM.AnaCtxMgr.getUseUnoptimizedCFG(),
- ParentAM.AnaCtxMgr.getCFGBuildOptions().AddImplicitDtors,
- ParentAM.AnaCtxMgr.getCFGBuildOptions().AddInitializers),
- Ctx(ctx), Diags(diags),
- LangOpts(ParentAM.LangOpts), PD(ParentAM.getPathDiagnosticConsumer()),
- CreateStoreMgr(ParentAM.CreateStoreMgr),
- CreateConstraintMgr(ParentAM.CreateConstraintMgr),
- CheckerMgr(ParentAM.CheckerMgr),
- MaxNodes(ParentAM.MaxNodes),
- MaxVisit(ParentAM.MaxVisit),
- VisualizeEGDot(ParentAM.VisualizeEGDot),
- VisualizeEGUbi(ParentAM.VisualizeEGUbi),
- PurgeDead(ParentAM.PurgeDead),
- EagerlyAssume(ParentAM.EagerlyAssume),
- TrimGraph(ParentAM.TrimGraph),
- EagerlyTrimEGraph(ParentAM.EagerlyTrimEGraph),
- IPAMode(ParentAM.IPAMode),
- InlineMaxStackDepth(ParentAM.InlineMaxStackDepth),
- InlineMaxFunctionSize(ParentAM.InlineMaxFunctionSize),
- InliningMode(ParentAM.InliningMode),
- NoRetryExhausted(ParentAM.NoRetryExhausted)
-{
- AnaCtxMgr.getCFGBuildOptions().setAllAlwaysAdd();
+AnalysisManager::~AnalysisManager() {
+ FlushDiagnostics();
+ for (PathDiagnosticConsumers::iterator I = PathConsumers.begin(),
+ E = PathConsumers.end(); I != E; ++I) {
+ delete *I;
+ }
+}
+
+void AnalysisManager::FlushDiagnostics() {
+ PathDiagnosticConsumer::FilesMade filesMade;
+ for (PathDiagnosticConsumers::iterator I = PathConsumers.begin(),
+ E = PathConsumers.end();
+ I != E; ++I) {
+ (*I)->FlushDiagnostics(&filesMade);
+ }
}
diff --git a/lib/StaticAnalyzer/Core/BugReporter.cpp b/lib/StaticAnalyzer/Core/BugReporter.cpp
index 7ba2fa7fdd0d..571baecd729d 100644
--- a/lib/StaticAnalyzer/Core/BugReporter.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporter.cpp
@@ -1345,6 +1345,9 @@ BugReport::~BugReport() {
for (visitor_iterator I = visitor_begin(), E = visitor_end(); I != E; ++I) {
delete *I;
}
+ while (!interestingSymbols.empty()) {
+ popInterestingSymbolsAndRegions();
+ }
}
const Decl *BugReport::getDeclWithIssue() const {
@@ -1386,11 +1389,11 @@ void BugReport::markInteresting(SymbolRef sym) {
return;
// If the symbol wasn't already in our set, note a configuration change.
- if (interestingSymbols.insert(sym).second)
+ if (getInterestingSymbols().insert(sym).second)
++ConfigurationChangeToken;
if (const SymbolMetadata *meta = dyn_cast<SymbolMetadata>(sym))
- interestingRegions.insert(meta->getRegion());
+ getInterestingRegions().insert(meta->getRegion());
}
void BugReport::markInteresting(const MemRegion *R) {
@@ -1399,11 +1402,11 @@ void BugReport::markInteresting(const MemRegion *R) {
// If the base region wasn't already in our set, note a configuration change.
R = R->getBaseRegion();
- if (interestingRegions.insert(R).second)
+ if (getInterestingRegions().insert(R).second)
++ConfigurationChangeToken;
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
- interestingSymbols.insert(SR->getSymbol());
+ getInterestingSymbols().insert(SR->getSymbol());
}
void BugReport::markInteresting(SVal V) {
@@ -1411,30 +1414,58 @@ void BugReport::markInteresting(SVal V) {
markInteresting(V.getAsSymbol());
}
-bool BugReport::isInteresting(SVal V) const {
+bool BugReport::isInteresting(SVal V) {
return isInteresting(V.getAsRegion()) || isInteresting(V.getAsSymbol());
}
-bool BugReport::isInteresting(SymbolRef sym) const {
+bool BugReport::isInteresting(SymbolRef sym) {
if (!sym)
return false;
// We don't currently consider metadata symbols to be interesting
// even if we know their region is interesting. Is that correct behavior?
- return interestingSymbols.count(sym);
+ return getInterestingSymbols().count(sym);
}
-bool BugReport::isInteresting(const MemRegion *R) const {
+bool BugReport::isInteresting(const MemRegion *R) {
if (!R)
return false;
R = R->getBaseRegion();
- bool b = interestingRegions.count(R);
+ bool b = getInterestingRegions().count(R);
if (b)
return true;
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(R))
- return interestingSymbols.count(SR->getSymbol());
+ return getInterestingSymbols().count(SR->getSymbol());
return false;
}
-
+
+void BugReport::lazyInitializeInterestingSets() {
+ if (interestingSymbols.empty()) {
+ interestingSymbols.push_back(new Symbols());
+ interestingRegions.push_back(new Regions());
+ }
+}
+
+BugReport::Symbols &BugReport::getInterestingSymbols() {
+ lazyInitializeInterestingSets();
+ return *interestingSymbols.back();
+}
+
+BugReport::Regions &BugReport::getInterestingRegions() {
+ lazyInitializeInterestingSets();
+ return *interestingRegions.back();
+}
+
+void BugReport::pushInterestingSymbolsAndRegions() {
+ interestingSymbols.push_back(new Symbols(getInterestingSymbols()));
+ interestingRegions.push_back(new Regions(getInterestingRegions()));
+}
+
+void BugReport::popInterestingSymbolsAndRegions() {
+ delete interestingSymbols.back();
+ interestingSymbols.pop_back();
+ delete interestingRegions.back();
+ interestingRegions.pop_back();
+}
const Stmt *BugReport::getStmt() const {
if (!ErrorNode)
@@ -1793,12 +1824,13 @@ static void CompactPathDiagnostic(PathPieces &path, const SourceManager& SM) {
}
void GRBugReporter::GeneratePathDiagnostic(PathDiagnostic& PD,
- SmallVectorImpl<BugReport *> &bugReports) {
+ PathDiagnosticConsumer &PC,
+ ArrayRef<BugReport *> &bugReports) {
assert(!bugReports.empty());
SmallVector<const ExplodedNode *, 10> errorNodes;
- for (SmallVectorImpl<BugReport*>::iterator I = bugReports.begin(),
- E = bugReports.end(); I != E; ++I) {
+ for (ArrayRef<BugReport*>::iterator I = bugReports.begin(),
+ E = bugReports.end(); I != E; ++I) {
errorNodes.push_back((*I)->getErrorNode());
}
@@ -1818,8 +1850,7 @@ void GRBugReporter::GeneratePathDiagnostic(PathDiagnostic& PD,
const ExplodedNode *N = GPair.second.first;
// Start building the path diagnostic...
- PathDiagnosticBuilder PDB(*this, R, BackMap.get(),
- getPathDiagnosticConsumer());
+ PathDiagnosticBuilder PDB(*this, R, BackMap.get(), &PC);
// Register additional node visitors.
R->addVisitor(new NilReceiverBRVisitor());
@@ -1867,6 +1898,8 @@ void GRBugReporter::GeneratePathDiagnostic(PathDiagnostic& PD,
case PathDiagnosticConsumer::Minimal:
GenerateMinimalPathDiagnostic(PD, PDB, N, visitors);
break;
+ case PathDiagnosticConsumer::None:
+ llvm_unreachable("PathDiagnosticConsumer::None should never appear here");
}
// Clean up the visitors we used.
@@ -2022,53 +2055,21 @@ FindReportInEquivalenceClass(BugReportEquivClass& EQ,
return exampleReport;
}
-//===----------------------------------------------------------------------===//
-// DiagnosticCache. This is a hack to cache analyzer diagnostics. It
-// uses global state, which eventually should go elsewhere.
-//===----------------------------------------------------------------------===//
-namespace {
-class DiagCacheItem : public llvm::FoldingSetNode {
- llvm::FoldingSetNodeID ID;
-public:
- DiagCacheItem(BugReport *R, PathDiagnostic *PD) {
- R->Profile(ID);
- PD->Profile(ID);
- }
-
- void Profile(llvm::FoldingSetNodeID &id) {
- id = ID;
- }
-
- llvm::FoldingSetNodeID &getID() { return ID; }
-};
-}
-
-static bool IsCachedDiagnostic(BugReport *R, PathDiagnostic *PD) {
- // FIXME: Eventually this diagnostic cache should reside in something
- // like AnalysisManager instead of being a static variable. This is
- // really unsafe in the long term.
- typedef llvm::FoldingSet<DiagCacheItem> DiagnosticCache;
- static DiagnosticCache DC;
-
- void *InsertPos;
- DiagCacheItem *Item = new DiagCacheItem(R, PD);
-
- if (DC.FindNodeOrInsertPos(Item->getID(), InsertPos)) {
- delete Item;
- return true;
- }
-
- DC.InsertNode(Item, InsertPos);
- return false;
-}
-
void BugReporter::FlushReport(BugReportEquivClass& EQ) {
SmallVector<BugReport*, 10> bugReports;
BugReport *exampleReport = FindReportInEquivalenceClass(EQ, bugReports);
- if (!exampleReport)
- return;
-
- PathDiagnosticConsumer* PD = getPathDiagnosticConsumer();
+ if (exampleReport) {
+ const PathDiagnosticConsumers &C = getPathDiagnosticConsumers();
+ for (PathDiagnosticConsumers::const_iterator I=C.begin(),
+ E=C.end(); I != E; ++I) {
+ FlushReport(exampleReport, **I, bugReports);
+ }
+ }
+}
+
+void BugReporter::FlushReport(BugReport *exampleReport,
+ PathDiagnosticConsumer &PD,
+ ArrayRef<BugReport*> bugReports) {
// FIXME: Make sure we use the 'R' for the path that was actually used.
// Probably doesn't make a difference in practice.
@@ -2077,65 +2078,39 @@ void BugReporter::FlushReport(BugReportEquivClass& EQ) {
OwningPtr<PathDiagnostic>
D(new PathDiagnostic(exampleReport->getDeclWithIssue(),
exampleReport->getBugType().getName(),
- !PD || PD->useVerboseDescription()
+ PD.useVerboseDescription()
? exampleReport->getDescription()
: exampleReport->getShortDescription(),
BT.getCategory()));
- if (!bugReports.empty())
- GeneratePathDiagnostic(*D.get(), bugReports);
-
- // Get the meta data.
- const BugReport::ExtraTextList &Meta =
- exampleReport->getExtraText();
- for (BugReport::ExtraTextList::const_iterator i = Meta.begin(),
- e = Meta.end(); i != e; ++i) {
- D->addMeta(*i);
+ // Generate the full path diagnostic, using the generation scheme
+ // specified by the PathDiagnosticConsumer.
+ if (PD.getGenerationScheme() != PathDiagnosticConsumer::None) {
+ if (!bugReports.empty())
+ GeneratePathDiagnostic(*D.get(), PD, bugReports);
}
- // Emit a summary diagnostic to the regular Diagnostics engine.
- BugReport::ranges_iterator Beg, End;
- llvm::tie(Beg, End) = exampleReport->getRanges();
- DiagnosticsEngine &Diag = getDiagnostic();
-
- if (!IsCachedDiagnostic(exampleReport, D.get())) {
- // Search the description for '%', as that will be interpretted as a
- // format character by FormatDiagnostics.
- StringRef desc = exampleReport->getShortDescription();
-
- SmallString<512> TmpStr;
- llvm::raw_svector_ostream Out(TmpStr);
- for (StringRef::iterator I=desc.begin(), E=desc.end(); I!=E; ++I) {
- if (*I == '%')
- Out << "%%";
- else
- Out << *I;
- }
-
- Out.flush();
- unsigned ErrorDiag = Diag.getCustomDiagID(DiagnosticsEngine::Warning, TmpStr);
-
- DiagnosticBuilder diagBuilder = Diag.Report(
- exampleReport->getLocation(getSourceManager()).asLocation(), ErrorDiag);
- for (BugReport::ranges_iterator I = Beg; I != End; ++I)
- diagBuilder << *I;
- }
-
- // Emit a full diagnostic for the path if we have a PathDiagnosticConsumer.
- if (!PD)
- return;
-
+ // If the path is empty, generate a single step path with the location
+ // of the issue.
if (D->path.empty()) {
- PathDiagnosticPiece *piece = new PathDiagnosticEventPiece(
- exampleReport->getLocation(getSourceManager()),
- exampleReport->getDescription());
+ PathDiagnosticLocation L = exampleReport->getLocation(getSourceManager());
+ PathDiagnosticPiece *piece =
+ new PathDiagnosticEventPiece(L, exampleReport->getDescription());
+ BugReport::ranges_iterator Beg, End;
+ llvm::tie(Beg, End) = exampleReport->getRanges();
for ( ; Beg != End; ++Beg)
piece->addRange(*Beg);
-
D->getActivePath().push_back(piece);
}
- PD->HandlePathDiagnostic(D.take());
+ // Get the meta data.
+ const BugReport::ExtraTextList &Meta = exampleReport->getExtraText();
+ for (BugReport::ExtraTextList::const_iterator i = Meta.begin(),
+ e = Meta.end(); i != e; ++i) {
+ D->addMeta(*i);
+ }
+
+ PD.HandlePathDiagnostic(D.take());
}
void BugReporter::EmitBasicReport(const Decl *DeclWithIssue,
diff --git a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
index 46aa9e2b9123..e7295878fa6f 100644
--- a/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
+++ b/lib/StaticAnalyzer/Core/BugReporterVisitors.cpp
@@ -323,7 +323,7 @@ void bugreporter::addTrackNullOrUndefValueVisitor(const ExplodedNode *N,
// Walk through lvalue-to-rvalue conversions.
const Expr *Ex = dyn_cast<Expr>(S);
if (Ex) {
- Ex = Ex->IgnoreParenLValueCasts();
+ Ex = Ex->IgnoreParenCasts();
if (const DeclRefExpr *DR = dyn_cast<DeclRefExpr>(Ex)) {
if (const VarDecl *VD = dyn_cast<VarDecl>(DR->getDecl())) {
const VarRegion *R =
diff --git a/lib/StaticAnalyzer/Core/CallEvent.cpp b/lib/StaticAnalyzer/Core/CallEvent.cpp
index e3f4c61e905e..5345bd517045 100644
--- a/lib/StaticAnalyzer/Core/CallEvent.cpp
+++ b/lib/StaticAnalyzer/Core/CallEvent.cpp
@@ -207,10 +207,14 @@ SourceRange CallEvent::getArgSourceRange(unsigned Index) const {
return ArgE->getSourceRange();
}
+void CallEvent::dump() const {
+ dump(llvm::errs());
+}
+
void CallEvent::dump(raw_ostream &Out) const {
ASTContext &Ctx = getState()->getStateManager().getContext();
if (const Expr *E = getOriginExpr()) {
- E->printPretty(Out, Ctx, 0, Ctx.getPrintingPolicy());
+ E->printPretty(Out, 0, Ctx.getPrintingPolicy());
Out << "\n";
return;
}
@@ -372,47 +376,49 @@ void CXXInstanceCall::getExtraInvalidatedRegions(RegionList &Regions) const {
Regions.push_back(R);
}
-static const CXXMethodDecl *devirtualize(const CXXMethodDecl *MD, SVal ThisVal){
- const MemRegion *R = ThisVal.getAsRegion();
- if (!R)
- return 0;
-
- const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(R->StripCasts());
- if (!TR)
- return 0;
-
- const CXXRecordDecl *RD = TR->getValueType()->getAsCXXRecordDecl();
- if (!RD)
- return 0;
-
- const CXXMethodDecl *Result = MD->getCorrespondingMethodInClass(RD);
- const FunctionDecl *Definition;
- if (!Result->hasBody(Definition))
- return 0;
-
- return cast<CXXMethodDecl>(Definition);
-}
-
RuntimeDefinition CXXInstanceCall::getRuntimeDefinition() const {
+ // Do we have a decl at all?
const Decl *D = getDecl();
if (!D)
return RuntimeDefinition();
+ // If the method is non-virtual, we know we can inline it.
const CXXMethodDecl *MD = cast<CXXMethodDecl>(D);
if (!MD->isVirtual())
return AnyFunctionCall::getRuntimeDefinition();
- // If the method is virtual, see if we can find the actual implementation
- // based on context-sensitivity.
- // FIXME: Virtual method calls behave differently when an object is being
- // constructed or destructed. It's not as simple as "no devirtualization"
- // because a /partially/ constructed object can be referred to through a
- // base pointer. We'll eventually want to use DynamicTypeInfo here.
- if (const CXXMethodDecl *Devirtualized = devirtualize(MD, getCXXThisVal()))
- return RuntimeDefinition(Devirtualized);
+ // Do we know the implicit 'this' object being called?
+ const MemRegion *R = getCXXThisVal().getAsRegion();
+ if (!R)
+ return RuntimeDefinition();
- return RuntimeDefinition();
+ // Do we know anything about the type of 'this'?
+ DynamicTypeInfo DynType = getState()->getDynamicTypeInfo(R);
+ if (!DynType.isValid())
+ return RuntimeDefinition();
+
+ // Is the type a C++ class? (This is mostly a defensive check.)
+ QualType RegionType = DynType.getType()->getPointeeType();
+ const CXXRecordDecl *RD = RegionType->getAsCXXRecordDecl();
+ if (!RD || !RD->hasDefinition())
+ return RuntimeDefinition();
+
+ // Find the decl for this method in that class.
+ const CXXMethodDecl *Result = MD->getCorrespondingMethodInClass(RD, true);
+ assert(Result && "At the very least the static decl should show up.");
+
+ // Does the decl that we found have an implementation?
+ const FunctionDecl *Definition;
+ if (!Result->hasBody(Definition))
+ return RuntimeDefinition();
+
+ // We found a definition. If we're not sure that this devirtualization is
+ // actually what will happen at runtime, make sure to provide the region so
+ // that ExprEngine can decide what to do with it.
+ if (DynType.canBeASubClass())
+ return RuntimeDefinition(Definition, R->StripCasts());
+ return RuntimeDefinition(Definition, /*DispatchRegion=*/0);
}
void CXXInstanceCall::getInitialStackFrameContents(
@@ -421,16 +427,17 @@ void CXXInstanceCall::getInitialStackFrameContents(
AnyFunctionCall::getInitialStackFrameContents(CalleeCtx, Bindings);
// Handle the binding of 'this' in the new stack frame.
- // We need to make sure we have the proper layering of CXXBaseObjectRegions.
SVal ThisVal = getCXXThisVal();
if (!ThisVal.isUnknown()) {
ProgramStateManager &StateMgr = getState()->getStateManager();
SValBuilder &SVB = StateMgr.getSValBuilder();
-
+
const CXXMethodDecl *MD = cast<CXXMethodDecl>(CalleeCtx->getDecl());
Loc ThisLoc = SVB.getCXXThis(MD, CalleeCtx);
- if (const MemRegion *ThisReg = ThisVal.getAsRegion()) {
+ // If we devirtualized to a different member function, we need to make sure
+ // we have the proper layering of CXXBaseObjectRegions.
+ if (MD->getCanonicalDecl() != getDecl()->getCanonicalDecl()) {
ASTContext &Ctx = SVB.getContext();
const CXXRecordDecl *Class = MD->getParent();
QualType Ty = Ctx.getPointerType(Ctx.getRecordType(Class));
@@ -439,13 +446,10 @@ void CXXInstanceCall::getInitialStackFrameContents(
bool Failed;
ThisVal = StateMgr.getStoreManager().evalDynamicCast(ThisVal, Ty, Failed);
assert(!Failed && "Calling an incorrectly devirtualized method");
-
- // If we couldn't build the correct cast, just strip off all casts.
- if (ThisVal.isUnknown())
- ThisVal = loc::MemRegionVal(ThisReg->StripCasts());
}
- Bindings.push_back(std::make_pair(ThisLoc, ThisVal));
+ if (!ThisVal.isUnknown())
+ Bindings.push_back(std::make_pair(ThisLoc, ThisVal));
}
}
@@ -666,6 +670,9 @@ bool ObjCMethodCall::canBeOverridenInSubclass(ObjCInterfaceDecl *IDecl,
if (InterfLoc.isValid() && SM.isFromMainFile(InterfLoc))
return false;
+ // Assume that property accessors are not overridden.
+ if (getMessageKind() == OCM_PropertyAccess)
+ return false;
// We assume that if the method is public (declared outside of main file) or
// has a parent which publicly declares the method, the method could be
@@ -853,4 +860,3 @@ CallEventManager::getCaller(const StackFrameContext *CalleeCtx,
return getCXXDestructorCall(Dtor, Trigger, ThisVal.getAsRegion(),
State, CallerCtx);
}
-
diff --git a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
index 8ee6723057a6..3b2e4ec8243b 100644
--- a/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
+++ b/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
@@ -154,6 +154,11 @@ void ExprEngine::processCallExit(ExplodedNode *CEBNode) {
}
}
+ // Generate a CallEvent /before/ cleaning the state, so that we can get the
+ // correct value for 'this' (if necessary).
+ CallEventManager &CEMgr = getStateManager().getCallEventManager();
+ CallEventRef<> Call = CEMgr.getCaller(calleeCtx, state);
+
// Step 3: BindedRetNode -> CleanedNodes
// If we can find a statement and a block in the inlined function, run remove
// dead bindings before returning from the call. This is important to ensure
@@ -203,21 +208,21 @@ void ExprEngine::processCallExit(ExplodedNode *CEBNode) {
&Ctx);
SaveAndRestore<unsigned> CBISave(currentStmtIdx, calleeCtx->getIndex());
- CallEventManager &CEMgr = getStateManager().getCallEventManager();
- CallEventRef<> Call = CEMgr.getCaller(calleeCtx, CEEState);
+ CallEventRef<> UpdatedCall = Call.cloneWithState(CEEState);
ExplodedNodeSet DstPostCall;
- getCheckerManager().runCheckersForPostCall(DstPostCall, CEENode, *Call,
- *this, true);
+ getCheckerManager().runCheckersForPostCall(DstPostCall, CEENode,
+ *UpdatedCall, *this,
+ /*WasInlined=*/true);
ExplodedNodeSet Dst;
- if (isa<ObjCMethodCall>(Call)) {
- getCheckerManager().runCheckersForPostObjCMessage(Dst, DstPostCall,
- cast<ObjCMethodCall>(*Call),
- *this, true);
+ if (const ObjCMethodCall *Msg = dyn_cast<ObjCMethodCall>(Call)) {
+ getCheckerManager().runCheckersForPostObjCMessage(Dst, DstPostCall, *Msg,
+ *this,
+ /*WasInlined=*/true);
} else if (CE) {
getCheckerManager().runCheckersForPostStmt(Dst, DstPostCall, CE,
- *this, true);
+ *this, /*WasInlined=*/true);
} else {
Dst.insert(DstPostCall);
}
@@ -555,12 +560,20 @@ void ExprEngine::defaultEvalCall(NodeBuilder &Bldr, ExplodedNode *Pred,
RuntimeDefinition RD = Call->getRuntimeDefinition();
const Decl *D = RD.getDecl();
if (D) {
- // Explore with and without inlining the call.
- if (RD.mayHaveOtherDefinitions() &&
- getAnalysisManager().IPAMode == DynamicDispatchBifurcate) {
- BifurcateCall(RD.getDispatchRegion(), *Call, D, Bldr, Pred);
- return;
+ if (RD.mayHaveOtherDefinitions()) {
+ // Explore with and without inlining the call.
+ if (getAnalysisManager().IPAMode == DynamicDispatchBifurcate) {
+ BifurcateCall(RD.getDispatchRegion(), *Call, D, Bldr, Pred);
+ return;
+ }
+
+ // Don't inline if we're not in any dynamic dispatch mode.
+ if (getAnalysisManager().IPAMode != DynamicDispatch) {
+ conservativeEvalCall(*Call, Bldr, Pred, State);
+ return;
+ }
}
+
// We are not bifurcating and we do have a Decl, so just inline.
if (inlineCall(*Call, D, Bldr, Pred, State))
return;
@@ -575,6 +588,7 @@ void ExprEngine::BifurcateCall(const MemRegion *BifurReg,
const CallEvent &Call, const Decl *D,
NodeBuilder &Bldr, ExplodedNode *Pred) {
assert(BifurReg);
+ BifurReg = BifurReg->StripCasts();
// Check if we've performed the split already - note, we only want
// to split the path once per memory region.
diff --git a/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp b/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
index 0152e328e508..982bcbfcdf9a 100644
--- a/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
+++ b/lib/StaticAnalyzer/Core/HTMLDiagnostics.cpp
@@ -45,7 +45,7 @@ public:
virtual ~HTMLDiagnostics() { FlushDiagnostics(NULL); }
virtual void FlushDiagnosticsImpl(std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade);
+ FilesMade *filesMade);
virtual StringRef getName() const {
return "HTMLDiagnostics";
@@ -63,7 +63,7 @@ public:
const char *HighlightEnd = "</span>");
void ReportDiag(const PathDiagnostic& D,
- SmallVectorImpl<std::string> *FilesMade);
+ FilesMade *filesMade);
};
} // end anonymous namespace
@@ -76,10 +76,10 @@ HTMLDiagnostics::HTMLDiagnostics(const std::string& prefix,
FilePrefix.appendComponent("report");
}
-PathDiagnosticConsumer*
-ento::createHTMLDiagnosticConsumer(const std::string& prefix,
- const Preprocessor &PP) {
- return new HTMLDiagnostics(prefix, PP);
+void ento::createHTMLDiagnosticConsumer(PathDiagnosticConsumers &C,
+ const std::string& prefix,
+ const Preprocessor &PP) {
+ C.push_back(new HTMLDiagnostics(prefix, PP));
}
//===----------------------------------------------------------------------===//
@@ -88,15 +88,15 @@ ento::createHTMLDiagnosticConsumer(const std::string& prefix,
void HTMLDiagnostics::FlushDiagnosticsImpl(
std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade) {
+ FilesMade *filesMade) {
for (std::vector<const PathDiagnostic *>::iterator it = Diags.begin(),
et = Diags.end(); it != et; ++it) {
- ReportDiag(**it, FilesMade);
+ ReportDiag(**it, filesMade);
}
}
void HTMLDiagnostics::ReportDiag(const PathDiagnostic& D,
- SmallVectorImpl<std::string> *FilesMade) {
+ FilesMade *filesMade) {
// Create the HTML directory if it is missing.
if (!createdDir) {
@@ -266,8 +266,10 @@ void HTMLDiagnostics::ReportDiag(const PathDiagnostic& D,
return;
}
- if (FilesMade)
- FilesMade->push_back(llvm::sys::path::filename(H.str()));
+ if (filesMade) {
+ filesMade->push_back(std::make_pair(StringRef(getName()),
+ llvm::sys::path::filename(H.str())));
+ }
// Emit the HTML to disk.
for (RewriteBuffer::iterator I = Buf->begin(), E = Buf->end(); I!=E; ++I)
@@ -480,29 +482,11 @@ void HTMLDiagnostics::HandlePiece(Rewriter& R, FileID BugFileID,
R.InsertTextBefore(Loc, os.str());
// Now highlight the ranges.
- for (const SourceRange *I = P.ranges_begin(), *E = P.ranges_end();
- I != E; ++I)
+ ArrayRef<SourceRange> Ranges = P.getRanges();
+ for (ArrayRef<SourceRange>::iterator I = Ranges.begin(),
+ E = Ranges.end(); I != E; ++I) {
HighlightRange(R, LPosInfo.first, *I);
-
-#if 0
- // If there is a code insertion hint, insert that code.
- // FIXME: This code is disabled because it seems to mangle the HTML
- // output. I'm leaving it here because it's generally the right idea,
- // but needs some help from someone more familiar with the rewriter.
- for (const FixItHint *Hint = P.fixit_begin(), *HintEnd = P.fixit_end();
- Hint != HintEnd; ++Hint) {
- if (Hint->RemoveRange.isValid()) {
- HighlightRange(R, LPosInfo.first, Hint->RemoveRange,
- "<span class=\"CodeRemovalHint\">", "</span>");
- }
- if (Hint->InsertionLoc.isValid()) {
- std::string EscapedCode = html::EscapeText(Hint->CodeToInsert, true);
- EscapedCode = "<span class=\"CodeInsertionHint\">" + EscapedCode
- + "</span>";
- R.InsertTextBefore(Hint->InsertionLoc, EscapedCode);
- }
}
-#endif
}
static void EmitAlphaCounter(raw_ostream &os, unsigned n) {
diff --git a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
index 7d52aac71c25..c849778e7f23 100644
--- a/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
+++ b/lib/StaticAnalyzer/Core/PathDiagnostic.cpp
@@ -157,13 +157,13 @@ void PathDiagnosticConsumer::HandlePathDiagnostic(PathDiagnostic *D) {
return; // FIXME: Emit a warning?
// Check the source ranges.
- for (PathDiagnosticPiece::range_iterator RI = piece->ranges_begin(),
- RE = piece->ranges_end();
- RI != RE; ++RI) {
- SourceLocation L = SMgr.getExpansionLoc(RI->getBegin());
+ ArrayRef<SourceRange> Ranges = piece->getRanges();
+ for (ArrayRef<SourceRange>::iterator I = Ranges.begin(),
+ E = Ranges.end(); I != E; ++I) {
+ SourceLocation L = SMgr.getExpansionLoc(I->getBegin());
if (!L.isFileID() || SMgr.getFileID(L) != FID)
return; // FIXME: Emit a warning?
- L = SMgr.getExpansionLoc(RI->getEnd());
+ L = SMgr.getExpansionLoc(I->getEnd());
if (!L.isFileID() || SMgr.getFileID(L) != FID)
return; // FIXME: Emit a warning?
}
@@ -240,8 +240,8 @@ struct CompareDiagnostics {
};
}
-void
-PathDiagnosticConsumer::FlushDiagnostics(SmallVectorImpl<std::string> *Files) {
+void PathDiagnosticConsumer::FlushDiagnostics(
+ PathDiagnosticConsumer::FilesMade *Files) {
if (flushed)
return;
@@ -718,7 +718,9 @@ void PathDiagnosticPiece::Profile(llvm::FoldingSetNodeID &ID) const {
ID.AddString(str);
// FIXME: Add profiling support for code hints.
ID.AddInteger((unsigned) getDisplayHint());
- for (range_iterator I = ranges_begin(), E = ranges_end(); I != E; ++I) {
+ ArrayRef<SourceRange> Ranges = getRanges();
+ for (ArrayRef<SourceRange>::iterator I = Ranges.begin(), E = Ranges.end();
+ I != E; ++I) {
ID.AddInteger(I->getBegin().getRawEncoding());
ID.AddInteger(I->getEnd().getRawEncoding());
}
diff --git a/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp b/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
index 58a4bba9483f..d5fdd9d2bb99 100644
--- a/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
+++ b/lib/StaticAnalyzer/Core/PlistDiagnostics.cpp
@@ -30,23 +30,21 @@ namespace {
class PlistDiagnostics : public PathDiagnosticConsumer {
const std::string OutputFile;
const LangOptions &LangOpts;
- OwningPtr<PathDiagnosticConsumer> SubPD;
const bool SupportsCrossFileDiagnostics;
public:
PlistDiagnostics(const std::string& prefix, const LangOptions &LangOpts,
- bool supportsMultipleFiles,
- PathDiagnosticConsumer *subPD);
+ bool supportsMultipleFiles);
virtual ~PlistDiagnostics() {}
void FlushDiagnosticsImpl(std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade);
+ FilesMade *filesMade);
virtual StringRef getName() const {
return "PlistDiagnostics";
}
- PathGenerationScheme getGenerationScheme() const;
+ PathGenerationScheme getGenerationScheme() const { return Extensive; }
bool supportsLogicalOpControlFlow() const { return true; }
bool supportsAllBlockEdges() const { return true; }
virtual bool useVerboseDescription() const { return false; }
@@ -58,29 +56,20 @@ namespace {
PlistDiagnostics::PlistDiagnostics(const std::string& output,
const LangOptions &LO,
- bool supportsMultipleFiles,
- PathDiagnosticConsumer *subPD)
- : OutputFile(output), LangOpts(LO), SubPD(subPD),
+ bool supportsMultipleFiles)
+ : OutputFile(output), LangOpts(LO),
SupportsCrossFileDiagnostics(supportsMultipleFiles) {}
-PathDiagnosticConsumer*
-ento::createPlistDiagnosticConsumer(const std::string& s, const Preprocessor &PP,
- PathDiagnosticConsumer *subPD) {
- return new PlistDiagnostics(s, PP.getLangOpts(), false, subPD);
+void ento::createPlistDiagnosticConsumer(PathDiagnosticConsumers &C,
+ const std::string& s,
+ const Preprocessor &PP) {
+ C.push_back(new PlistDiagnostics(s, PP.getLangOpts(), false));
}
-PathDiagnosticConsumer*
-ento::createPlistMultiFileDiagnosticConsumer(const std::string &s,
- const Preprocessor &PP) {
- return new PlistDiagnostics(s, PP.getLangOpts(), true, 0);
-}
-
-PathDiagnosticConsumer::PathGenerationScheme
-PlistDiagnostics::getGenerationScheme() const {
- if (const PathDiagnosticConsumer *PD = SubPD.get())
- return PD->getGenerationScheme();
-
- return Extensive;
+void ento::createPlistMultiFileDiagnosticConsumer(PathDiagnosticConsumers &C,
+ const std::string &s,
+ const Preprocessor &PP) {
+ C.push_back(new PlistDiagnostics(s, PP.getLangOpts(), true));
}
static void AddFID(FIDMap &FIDs, SmallVectorImpl<FileID> &V,
@@ -231,15 +220,16 @@ static void ReportEvent(raw_ostream &o, const PathDiagnosticPiece& P,
EmitLocation(o, SM, LangOpts, L, FM, indent);
// Output the ranges (if any).
- PathDiagnosticPiece::range_iterator RI = P.ranges_begin(),
- RE = P.ranges_end();
+ ArrayRef<SourceRange> Ranges = P.getRanges();
- if (RI != RE) {
+ if (!Ranges.empty()) {
Indent(o, indent) << "<key>ranges</key>\n";
Indent(o, indent) << "<array>\n";
++indent;
- for (; RI != RE; ++RI)
- EmitRange(o, SM, LangOpts, *RI, FM, indent+1);
+ for (ArrayRef<SourceRange>::iterator I = Ranges.begin(), E = Ranges.end();
+ I != E; ++I) {
+ EmitRange(o, SM, LangOpts, *I, FM, indent+1);
+ }
--indent;
Indent(o, indent) << "</array>\n";
}
@@ -353,7 +343,7 @@ static void ReportPiece(raw_ostream &o,
void PlistDiagnostics::FlushDiagnosticsImpl(
std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade) {
+ FilesMade *filesMade) {
// Build up a set of FIDs that we use by scanning the locations and
// ranges of the diagnostics.
FIDMap FM;
@@ -380,11 +370,11 @@ void PlistDiagnostics::FlushDiagnosticsImpl(
I!=E; ++I) {
const PathDiagnosticPiece *piece = I->getPtr();
AddFID(FM, Fids, SM, piece->getLocation().asLocation());
-
- for (PathDiagnosticPiece::range_iterator RI = piece->ranges_begin(),
- RE= piece->ranges_end(); RI != RE; ++RI) {
- AddFID(FM, Fids, SM, RI->getBegin());
- AddFID(FM, Fids, SM, RI->getEnd());
+ ArrayRef<SourceRange> Ranges = piece->getRanges();
+ for (ArrayRef<SourceRange>::iterator I = Ranges.begin(),
+ E = Ranges.end(); I != E; ++I) {
+ AddFID(FM, Fids, SM, I->getBegin());
+ AddFID(FM, Fids, SM, I->getEnd());
}
if (const PathDiagnosticCallPiece *call =
@@ -507,19 +497,21 @@ void PlistDiagnostics::FlushDiagnosticsImpl(
EmitLocation(o, *SM, LangOpts, D->getLocation(), FM, 2);
// Output the diagnostic to the sub-diagnostic client, if any.
- if (SubPD) {
- std::vector<const PathDiagnostic *> SubDiags;
- SubDiags.push_back(D);
- SmallVector<std::string, 1> SubFilesMade;
- SubPD->FlushDiagnosticsImpl(SubDiags, &SubFilesMade);
-
- if (!SubFilesMade.empty()) {
- o << " <key>" << SubPD->getName() << "_files</key>\n";
- o << " <array>\n";
- for (size_t i = 0, n = SubFilesMade.size(); i < n ; ++i)
- o << " <string>" << SubFilesMade[i] << "</string>\n";
- o << " </array>\n";
+ if (!filesMade->empty()) {
+ StringRef lastName;
+ for (FilesMade::iterator I = filesMade->begin(), E = filesMade->end();
+ I != E; ++I) {
+ StringRef newName = I->first;
+ if (newName != lastName) {
+ if (!lastName.empty())
+ o << " </array>\n";
+ lastName = newName;
+ o << " <key>" << lastName << "_files</key>\n";
+ o << " <array>\n";
+ }
+ o << " <string>" << I->second << "</string>\n";
}
+ o << " </array>\n";
}
// Close up the entry.
@@ -531,6 +523,8 @@ void PlistDiagnostics::FlushDiagnosticsImpl(
// Finish.
o << "</dict>\n</plist>";
- if (FilesMade)
- FilesMade->push_back(OutputFile);
+ if (filesMade) {
+ StringRef Name(getName());
+ filesMade->push_back(std::make_pair(Name, OutputFile));
+ }
}
diff --git a/lib/StaticAnalyzer/Core/ProgramState.cpp b/lib/StaticAnalyzer/Core/ProgramState.cpp
index dc988cc5f1fc..2000338ee0a6 100644
--- a/lib/StaticAnalyzer/Core/ProgramState.cpp
+++ b/lib/StaticAnalyzer/Core/ProgramState.cpp
@@ -745,14 +745,16 @@ template<> struct ProgramStateTrait<DynamicTypeMap>
}}
DynamicTypeInfo ProgramState::getDynamicTypeInfo(const MemRegion *Reg) const {
+ Reg = Reg->StripCasts();
+
// Look up the dynamic type in the GDM.
const DynamicTypeInfo *GDMType = get<DynamicTypeMap>(Reg);
if (GDMType)
return *GDMType;
// Otherwise, fall back to what we know about the region.
- if (const TypedValueRegion *TR = dyn_cast<TypedValueRegion>(Reg))
- return DynamicTypeInfo(TR->getValueType());
+ if (const TypedRegion *TR = dyn_cast<TypedRegion>(Reg))
+ return DynamicTypeInfo(TR->getLocationType(), /*CanBeSubclass=*/false);
if (const SymbolicRegion *SR = dyn_cast<SymbolicRegion>(Reg)) {
SymbolRef Sym = SR->getSymbol();
@@ -764,6 +766,7 @@ DynamicTypeInfo ProgramState::getDynamicTypeInfo(const MemRegion *Reg) const {
ProgramStateRef ProgramState::setDynamicTypeInfo(const MemRegion *Reg,
DynamicTypeInfo NewTy) const {
+ Reg = Reg->StripCasts();
ProgramStateRef NewState = set<DynamicTypeMap>(Reg, NewTy);
assert(NewState);
return NewState;
diff --git a/lib/StaticAnalyzer/Core/TextPathDiagnostics.cpp b/lib/StaticAnalyzer/Core/TextPathDiagnostics.cpp
index e5b8553aeda1..66bf4bb222d1 100644
--- a/lib/StaticAnalyzer/Core/TextPathDiagnostics.cpp
+++ b/lib/StaticAnalyzer/Core/TextPathDiagnostics.cpp
@@ -32,7 +32,7 @@ public:
: OutputFile(output), Diag(diag) {}
void FlushDiagnosticsImpl(std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade);
+ FilesMade *filesMade);
virtual StringRef getName() const {
return "TextPathDiagnostics";
@@ -47,15 +47,15 @@ public:
} // end anonymous namespace
-PathDiagnosticConsumer*
-ento::createTextPathDiagnosticConsumer(const std::string& out,
- const Preprocessor &PP) {
- return new TextPathDiagnostics(out, PP.getDiagnostics());
+void ento::createTextPathDiagnosticConsumer(PathDiagnosticConsumers &C,
+ const std::string& out,
+ const Preprocessor &PP) {
+ C.push_back(new TextPathDiagnostics(out, PP.getDiagnostics()));
}
void TextPathDiagnostics::FlushDiagnosticsImpl(
std::vector<const PathDiagnostic *> &Diags,
- SmallVectorImpl<std::string> *FilesMade) {
+ FilesMade *) {
for (std::vector<const PathDiagnostic *>::iterator it = Diags.begin(),
et = Diags.end(); it != et; ++it) {
const PathDiagnostic *D = *it;
generated by cgit v1.3 (git 2.53.0) at 2026-04-24 08:54:17 +0000