This is an archive of the discontinued LLVM Phabricator instance.

Differential D43804

[analyzer] Enable cfg-temporary-dtors by default?
ClosedPublic

Authored by NoQ on Feb 26 2018, 8:13 PM.

Details

Reviewers
dcoughlin
xazax.hun
a.sidorin
george.karpenkov
szepet
Commits
rG61199443fe1f: [analyzer] Enable cfg-temporary-dtors by default.
rC326461: [analyzer] Enable cfg-temporary-dtors by default.
rL326461: [analyzer] Enable cfg-temporary-dtors by default.
Summary

Final results are still being baked on my end, but by putting this on review i'm trying to say that i believe i managed to fix the biggest problems with this mode with the recent patches, to the point where the new mode is not worse than the old mode. There are still known issues, such as the loss of coverage due to default arguments of object or reference type, but these seem fairly minor and will hopefully be addressed incrementally later on.

The change is not very loud - it's 2-3 times more impactful than the operator new support we added earlier, which is noticeable but not definitely extreme. The new mode fixes some but definitely not all false positives i wanted it to fix - adding support for more constructors is necessary, and i hope to continue improving it in the nearest future. It also provides a fairly fair amount of neat true positives and an expected skew due to the changes in inlining.

Diff Detail

Repository
rL LLVM

Event Timeline

NoQ created this revision.Feb 26 2018, 8:13 PM
Herald added subscribers: cfe-commits, rnkovacs. · View Herald TranscriptFeb 26 2018, 8:13 PM
NoQ added parent revisions: D43666: [analyzer] When constructing a temporary without construction context, track it for destruction anyway., D43689: [analyzer] Disable constructor inlining when lifetime extension through fields occurs., D43791: [analyzer] Suppress MallocChecker positives in destructors with atomics., D43798: [analyzer] UndefinedAssignment: Fix warning message on implicit copy/move constructors., D43714: [analyzer] Don't do anything when trivial-copying an empty class object., D43659: [analyzer] Don't crash when dynamic type of a concrete region is hard-set with placement new..Feb 26 2018, 8:14 PM
george.karpenkov added a comment.Feb 28 2018, 11:23 AM

Currently there's no test demonstrating a different behavior from cfg-temporary-dtors being set to true?..

NoQ added a comment.Feb 28 2018, 11:30 AM

That's right, most analyzer-oriented tests were added explicitly by me to temporaries.cpp and lifetime-extension.cpp in previous patches, so they didn't need to be changed in this patch. There didn't seem to be many FIXME tests specific to my work before i started doing it - it seems that i covered all of them by adding a cfg-temporary-dtors=true run-line in previous patches.

NoQ updated this revision to Diff 136428.Feb 28 2018, 4:45 PM

Don't inline temporary destructors for now (i.e. keep c++-temp-dtor-inlining=false, previously it was by default irrelevant and arbitrarily set to true). That's because D43791 wasn't enough to handle all the problems with smart pointers; some custom reference counting pointers produce large inlining stacks that we just refuse to traverse. I'd try to address it sooner rather than later and then enable this flag as well.

With c++-temp-dtor-inlining=false this change seems even more quiet (around +27/-24, on roughly the same codebase that produced +20/-35 in D42219), and much like the last time it's mostly about rearranging large chunks of false positives due to complete lack of support for temporaries into smaller groups of false positives due to lack of support for something else. This is far from a breakthrough yet - a lot more work needs to be done, but neither it is falling apart immediately, and, most importantly, it gives hope to address any single problem with a targeted fix, because fundamental issues we used to have with temporaries would be mostly gone. So i wish to encourage switching to the new mode earlier rather than later (though it's always possible to flip the flag back locally in case of any severe problems i didn't foresee).

dcoughlin accepted this revision.Feb 28 2018, 4:48 PM

Yay! This looks good to me.

This revision is now accepted and ready to land.Feb 28 2018, 4:48 PM
NoQ added a parent revision: D43840: [CFG] [analyzer] Fix a crash on finding construction context for implicit constructor conversion..Feb 28 2018, 5:12 PM
Closed by commit rL326461: [analyzer] Enable cfg-temporary-dtors by default. (authored by NoQ). · Explain WhyMar 1 2018, 10:58 AM
This revision was automatically updated to reflect the committed changes.
Herald added a subscriber: llvm-commits. · View Herald TranscriptMar 1 2018, 10:58 AM

Revision Contents

PathSize
cfe/
trunk/
lib/
StaticAnalyzer/
Core/
4 lines
test/
Analysis/
2 lines
7 lines
inlining/
2 lines
2 lines
4 lines
2 lines

Diff 136578

cfe/trunk/lib/StaticAnalyzer/Core/AnalyzerOptions.cpp

Show First 20 LinesShow All 187 Lines▼ Show 20 Linesbool AnalyzerOptions::getBooleanOption(Optional<bool> &V, StringRef Name,
if (!V.hasValue()) if (!V.hasValue())
V = getBooleanOption(Name, DefaultVal, C, SearchInParents); V = getBooleanOption(Name, DefaultVal, C, SearchInParents);
return V.getValue(); return V.getValue();
} }
bool AnalyzerOptions::includeTemporaryDtorsInCFG() { bool AnalyzerOptions::includeTemporaryDtorsInCFG() {
return getBooleanOption(IncludeTemporaryDtorsInCFG, return getBooleanOption(IncludeTemporaryDtorsInCFG,
"cfg-temporary-dtors", "cfg-temporary-dtors",
/* Default = */ false); /* Default = */ true);
} }
bool AnalyzerOptions::includeImplicitDtorsInCFG() { bool AnalyzerOptions::includeImplicitDtorsInCFG() {
return getBooleanOption(IncludeImplicitDtorsInCFG, return getBooleanOption(IncludeImplicitDtorsInCFG,
"cfg-implicit-dtors", "cfg-implicit-dtors",
/* Default = */ true); /* Default = */ true);
} }
▲ Show 20 LinesShow All 41 Lines▼ Show 20 Linesbool AnalyzerOptions::mayInlineCXXSharedPtrDtor() {
return getBooleanOption(InlineCXXSharedPtrDtor, return getBooleanOption(InlineCXXSharedPtrDtor,
"c++-shared_ptr-inlining", "c++-shared_ptr-inlining",
/*Default=*/false); /*Default=*/false);
} }
bool AnalyzerOptions::mayInlineCXXTemporaryDtors() { bool AnalyzerOptions::mayInlineCXXTemporaryDtors() {
return getBooleanOption(InlineCXXTemporaryDtors, return getBooleanOption(InlineCXXTemporaryDtors,
"c++-temp-dtor-inlining", "c++-temp-dtor-inlining",
/*Default=*/true); /*Default=*/false);
} }
bool AnalyzerOptions::mayInlineObjCMethod() { bool AnalyzerOptions::mayInlineObjCMethod() {
return getBooleanOption(ObjCInliningMode, return getBooleanOption(ObjCInliningMode,
"objc-inlining", "objc-inlining",
/* Default = */ true); /* Default = */ true);
} }
▲ Show 20 LinesShow All 196 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/analyzer-config.c

Show All 10 Lines
} }
// CHECK: [config] // CHECK: [config]
// CHECK-NEXT: cfg-conditional-static-initializers = true // CHECK-NEXT: cfg-conditional-static-initializers = true
// CHECK-NEXT: cfg-implicit-dtors = true // CHECK-NEXT: cfg-implicit-dtors = true
// CHECK-NEXT: cfg-lifetime = false // CHECK-NEXT: cfg-lifetime = false
// CHECK-NEXT: cfg-loopexit = false // CHECK-NEXT: cfg-loopexit = false
// CHECK-NEXT: cfg-rich-constructors = true // CHECK-NEXT: cfg-rich-constructors = true
// CHECK-NEXT: cfg-temporary-dtors = false // CHECK-NEXT: cfg-temporary-dtors = true
// CHECK-NEXT: exploration_strategy = unexplored_first_queue // CHECK-NEXT: exploration_strategy = unexplored_first_queue
// CHECK-NEXT: faux-bodies = true // CHECK-NEXT: faux-bodies = true
// CHECK-NEXT: graph-trim-interval = 1000 // CHECK-NEXT: graph-trim-interval = 1000
// CHECK-NEXT: inline-lambdas = true // CHECK-NEXT: inline-lambdas = true
// CHECK-NEXT: ipa = dynamic-bifurcate // CHECK-NEXT: ipa = dynamic-bifurcate
// CHECK-NEXT: ipa-always-inline-size = 3 // CHECK-NEXT: ipa-always-inline-size = 3
// CHECK-NEXT: leak-diagnostics-reference-allocation = false // CHECK-NEXT: leak-diagnostics-reference-allocation = false
// CHECK-NEXT: max-inlinable-size = 100 // CHECK-NEXT: max-inlinable-size = 100
Show All 10 Lines

cfe/trunk/test/Analysis/analyzer-config.cpp

// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 %s -o /dev/null -analyzer-checker=core,osx.cocoa,debug.ConfigDumper -analyzer-max-loop 34 > %t 2>&1 // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 %s -o /dev/null -analyzer-checker=core,osx.cocoa,debug.ConfigDumper -analyzer-max-loop 34 > %t 2>&1
// RUN: FileCheck --input-file=%t %s --match-full-lines // RUN: FileCheck --input-file=%t %s --match-full-lines
void bar() {} void bar() {}
void foo() { void foo() {
// Call bar 33 times so max-times-inline-large is met and // Call bar 33 times so max-times-inline-large is met and
// min-blocks-for-inline-large is checked // min-blocks-for-inline-large is checked
for (int i = 0; i < 34; ++i) { for (int i = 0; i < 34; ++i) {
bar(); bar();
} }
} }
class Foo { class Foo {
public: public:
~Foo() {} ~Foo() {}
void baz(); void baz() { Foo(); }
void bar() { const Foo &f = Foo(); } void bar() { const Foo &f = Foo(); }
void foo() { bar(); } void foo() { bar(); }
}; };
// CHECK: [config] // CHECK: [config]
// CHECK-NEXT: c++-container-inlining = false // CHECK-NEXT: c++-container-inlining = false
// CHECK-NEXT: c++-inlining = destructors // CHECK-NEXT: c++-inlining = destructors
// CHECK-NEXT: c++-shared_ptr-inlining = false // CHECK-NEXT: c++-shared_ptr-inlining = false
// CHECK-NEXT: c++-stdlib-inlining = true // CHECK-NEXT: c++-stdlib-inlining = true
// CHECK-NEXT: c++-temp-dtor-inlining = false
// CHECK-NEXT: c++-template-inlining = true // CHECK-NEXT: c++-template-inlining = true
// CHECK-NEXT: cfg-conditional-static-initializers = true // CHECK-NEXT: cfg-conditional-static-initializers = true
// CHECK-NEXT: cfg-implicit-dtors = true // CHECK-NEXT: cfg-implicit-dtors = true
// CHECK-NEXT: cfg-lifetime = false // CHECK-NEXT: cfg-lifetime = false
// CHECK-NEXT: cfg-loopexit = false // CHECK-NEXT: cfg-loopexit = false
// CHECK-NEXT: cfg-rich-constructors = true // CHECK-NEXT: cfg-rich-constructors = true
// CHECK-NEXT: cfg-temporary-dtors = false // CHECK-NEXT: cfg-temporary-dtors = true
// CHECK-NEXT: experimental-enable-naive-ctu-analysis = false // CHECK-NEXT: experimental-enable-naive-ctu-analysis = false
// CHECK-NEXT: exploration_strategy = unexplored_first_queue // CHECK-NEXT: exploration_strategy = unexplored_first_queue
// CHECK-NEXT: faux-bodies = true // CHECK-NEXT: faux-bodies = true
// CHECK-NEXT: graph-trim-interval = 1000 // CHECK-NEXT: graph-trim-interval = 1000
// CHECK-NEXT: inline-lambdas = true // CHECK-NEXT: inline-lambdas = true
// CHECK-NEXT: ipa = dynamic-bifurcate // CHECK-NEXT: ipa = dynamic-bifurcate
// CHECK-NEXT: ipa-always-inline-size = 3 // CHECK-NEXT: ipa-always-inline-size = 3
// CHECK-NEXT: leak-diagnostics-reference-allocation = false // CHECK-NEXT: leak-diagnostics-reference-allocation = false
// CHECK-NEXT: max-inlinable-size = 100 // CHECK-NEXT: max-inlinable-size = 100
// CHECK-NEXT: max-nodes = 225000 // CHECK-NEXT: max-nodes = 225000
// CHECK-NEXT: max-times-inline-large = 32 // CHECK-NEXT: max-times-inline-large = 32
// CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14 // CHECK-NEXT: min-cfg-size-treat-functions-as-large = 14
// CHECK-NEXT: mode = deep // CHECK-NEXT: mode = deep
// CHECK-NEXT: region-store-small-struct-limit = 2 // CHECK-NEXT: region-store-small-struct-limit = 2
// CHECK-NEXT: serialize-stats = false // CHECK-NEXT: serialize-stats = false
// CHECK-NEXT: unroll-loops = false // CHECK-NEXT: unroll-loops = false
// CHECK-NEXT: widen-loops = false // CHECK-NEXT: widen-loops = false
// CHECK-NEXT: [stats] // CHECK-NEXT: [stats]
// CHECK-NEXT: num-entries = 28 // CHECK-NEXT: num-entries = 29

cfe/trunk/test/Analysis/inlining/temp-dtors-path-notes.cpp

// RUN: %clang_analyze_cc1 -analyze -analyzer-checker core -analyzer-config cfg-temporary-dtors=true -analyzer-output=text -verify %s // RUN: %clang_analyze_cc1 -analyze -analyzer-checker core -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -analyzer-output=text -verify %s
namespace test_simple_temporary { namespace test_simple_temporary {
class C { class C {
int x; int x;
public: public:
C(int x): x(x) {} // expected-note{{The value 0 is assigned to field 'x'}} C(int x): x(x) {} // expected-note{{The value 0 is assigned to field 'x'}}
~C() { x = 1 / x; } // expected-warning{{Division by zero}} ~C() { x = 1 / x; } // expected-warning{{Division by zero}}
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/lifetime-cfg-output.cpp

// RUN: %clang_cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.DumpCFG -analyzer-config cfg-lifetime=true,cfg-rich-constructors=false -analyzer-config cfg-implicit-dtors=false %s > %t 2>&1 // RUN: %clang_cc1 -fcxx-exceptions -fexceptions -analyze -analyzer-checker=debug.DumpCFG -analyzer-config cfg-lifetime=true,cfg-temporary-dtors=false,cfg-rich-constructors=false -analyzer-config cfg-implicit-dtors=false %s > %t 2>&1
// RUN: FileCheck --input-file=%t %s // RUN: FileCheck --input-file=%t %s
extern bool UV; extern bool UV;
class A { class A {
public: public:
// CHECK: [B2 (ENTRY)] // CHECK: [B2 (ENTRY)]
// CHECK-NEXT: Succs (1): B1 // CHECK-NEXT: Succs (1): B1
// CHECK: [B1] // CHECK: [B1]
▲ Show 20 LinesShow All 774 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/lifetime-extension.cpp

// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -verify %s // RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify %s
// RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true -DTEMPORARIES -verify %s // RUN: %clang_analyze_cc1 -Wno-unused -std=c++11 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true -DTEMPORARIES -verify %s
void clang_analyzer_eval(bool); void clang_analyzer_eval(bool);
namespace pr17001_call_wrong_destructor { namespace pr17001_call_wrong_destructor {
bool x; bool x;
struct A { struct A {
int *a; int *a;
A() {} A() {}
▲ Show 20 LinesShow All 172 LinesShow Last 20 Lines

cfe/trunk/test/Analysis/temporaries.cpp

// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify -w -std=c++03 %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify -w -std=c++03 %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify -w -std=c++11 %s // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -analyzer-config cfg-temporary-dtors=false -verify -w -std=c++11 %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -DTEMPORARY_DTORS -verify -w -analyzer-config cfg-temporary-dtors=true %s -std=c++11 // RUN: %clang_analyze_cc1 -analyzer-checker=core,debug.ExprInspection -DTEMPORARY_DTORS -verify -w -analyzer-config cfg-temporary-dtors=true,c++-temp-dtor-inlining=true %s -std=c++11
extern bool clang_analyzer_eval(bool); extern bool clang_analyzer_eval(bool);
extern bool clang_analyzer_warnIfReached(); extern bool clang_analyzer_warnIfReached();
void clang_analyzer_checkInlined(bool); void clang_analyzer_checkInlined(bool);
#include "Inputs/system-header-simulator-cxx.h"; #include "Inputs/system-header-simulator-cxx.h";
struct Trivial { struct Trivial {
▲ Show 20 LinesShow All 931 LinesShow Last 20 Lines