Author: jrose
Date: Tue Aug 21 16:44:21 2012
New Revision: 162318
URL: http://llvm.org/viewvc/llvm-project?rev=162318&view=rev
Log:
[analyzer] Set the default IPA mode to 'basic-inlining', which excludes C++.
Under -analyzer-ipa=basic-inlining, only C functions, blocks, and C++ static
member functions are inlined -- essentially, the calls that behave like simple
C function calls. This is essentially the behavior in Xcode 4.4.
C++ support still has some rough edges, and we don't want users to be worried
about them if they download and run their own checker. (In particular, the
massive number of false positives for analyzing LLVM comes from inlining
defensively-written code in contexts where more aggressive assumptions are
implicitly made. This problem is not unique to C++, but it is exacerbated by
the higher proportion of code that lives in header files in C++.)
The eventual goal is to be comfortable enough with C++ support (and simple
Objective-C support) to advance to -analyzer-ipa=inlining as the default
behavior. See the IPA design notes for more details.
Modified:
cfe/trunk/docs/analyzer/IPA.txt
cfe/trunk/include/clang/Frontend/Analyses.def
cfe/trunk/include/clang/Frontend/AnalyzerOptions.h
cfe/trunk/lib/Frontend/CompilerInvocation.cpp
cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
Modified: cfe/trunk/docs/analyzer/IPA.txt
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/analyzer/IPA.txt?rev=162318&r1=162317&r2=162318&view=diff
==============================================================================
--- cfe/trunk/docs/analyzer/IPA.txt (original)
+++ cfe/trunk/docs/analyzer/IPA.txt Tue Aug 21 16:44:21 2012
@@ -3,12 +3,13 @@
Inlining Modes
-----------------------
--analyzer-ipa=none - All inlining is disabled.
+-analyzer-ipa=none - All inlining is disabled. This is the only mode available
in LLVM 3.1 and earlier and in Xcode 4.3 and earlier.
+-analyzer-ipa=basic-inlining - Turns on inlining for C functions, C++ static
member functions, and blocks -- essentially, the calls that behave like simple
C function calls. This is essentially the mode used in Xcode 4.4.
-analyzer-ipa=inlining - Turns on inlining when we can confidently find the
function/method body corresponding to the call. (C functions, static functions,
devirtualized C++ methods, ObjC class methods, ObjC instance methods when we
are confident about the dynamic type of the instance).
-analyzer-ipa=dynamic - Inline instance methods for which the type is
determined at runtime and we are not 100% sure that our type info is correct.
For virtual calls, inline the most plausible definition.
-analyzer-ipa=dynamic-bifurcate - Same as -analyzer-ipa=dynamic, but the path
is split. We inline on one branch and do not inline on the other. This mode
does not drop the coverage in cases when the parent class has code that is only
exercised when some of its methods are overriden.
-Currently, -analyzer-ipa=inlining is the default mode.
+Currently, -analyzer-ipa=basic-inlining is the default mode.
Basics of Implementation
-----------------------
@@ -50,7 +51,7 @@
When asked to provide a definition, the CallEvents for dynamic calls will use
the type info in their state to provide the best definition of the method to be
called. In some cases this devirtualization can be perfect or near-perfect, and
we can inline the definition as usual. In others we can make a guess, but
report that our guess may not be the method actually called at runtime.
-The -analyzer-ipa option has four different modes: none, inlining, dynamic,
and dynamic-bifurcate. Under -analyzer-ipa=dynamic, all dynamic calls are
inlined, whether we are certain or not that this will actually be the
definition used at runtime. Under -analyzer-ipa=inlining, only "near-perfect"
devirtualized calls are inlined*, and other dynamic calls are evaluated
conservatively (as if no definition were available).
+The -analyzer-ipa option has five different modes: none, basic-inlining,
inlining, dynamic, and dynamic-bifurcate. Under -analyzer-ipa=dynamic, all
dynamic calls are inlined, whether we are certain or not that this will
actually be the definition used at runtime. Under -analyzer-ipa=inlining, only
"near-perfect" devirtualized calls are inlined*, and other dynamic calls are
evaluated conservatively (as if no definition were available). Under
-analyzer-ipa=basic-inlining, only simple calls (C functions and a few others)
are inlined, and no devirtualization is performed.
* Currently, no Objective-C messages are not inlined under
-analyzer-ipa=inlining, even if we are reasonably confident of the type of the
receiver. We plan to enable this once we have tested our heuristics more
thoroughly.
Modified: cfe/trunk/include/clang/Frontend/Analyses.def
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/Analyses.def?rev=162318&r1=162317&r2=162318&view=diff
==============================================================================
--- cfe/trunk/include/clang/Frontend/Analyses.def (original)
+++ cfe/trunk/include/clang/Frontend/Analyses.def Tue Aug 21 16:44:21 2012
@@ -47,6 +47,7 @@
#endif
ANALYSIS_IPA(None, "none", "Perform only intra-procedural analysis")
+ANALYSIS_IPA(BasicInlining, "basic-inlining", "Inline C functions and blocks
when their definitions are available")
ANALYSIS_IPA(Inlining, "inlining", "Inline callees when their definitions are
available")
ANALYSIS_IPA(DynamicDispatch, "dynamic", "Experimental: Enable inlining of
dynamically dispatched methods")
ANALYSIS_IPA(DynamicDispatchBifurcate, "dynamic-bifurcate", "Experimental:
Enable inlining of dynamically dispatched methods, bifurcate paths when exact
type info is unavailable")
Modified: cfe/trunk/include/clang/Frontend/AnalyzerOptions.h
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/Frontend/AnalyzerOptions.h?rev=162318&r1=162317&r2=162318&view=diff
==============================================================================
--- cfe/trunk/include/clang/Frontend/AnalyzerOptions.h (original)
+++ cfe/trunk/include/clang/Frontend/AnalyzerOptions.h Tue Aug 21 16:44:21 2012
@@ -109,7 +109,7 @@
AnalysisConstraintsOpt = RangeConstraintsModel;
AnalysisDiagOpt = PD_HTML;
AnalysisPurgeOpt = PurgeStmt;
- IPAMode = Inlining;
+ IPAMode = BasicInlining;
ShowCheckerHelp = 0;
AnalyzeAll = 0;
AnalyzerDisplayProgress = 0;
Modified: cfe/trunk/lib/Frontend/CompilerInvocation.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Frontend/CompilerInvocation.cpp?rev=162318&r1=162317&r2=162318&view=diff
==============================================================================
--- cfe/trunk/lib/Frontend/CompilerInvocation.cpp (original)
+++ cfe/trunk/lib/Frontend/CompilerInvocation.cpp Tue Aug 21 16:44:21 2012
@@ -147,7 +147,7 @@
getAnalysisPurgeModeName(Opts.AnalysisPurgeOpt));
if (!Opts.AnalyzeSpecificFunction.empty())
Res.push_back("-analyze-function", Opts.AnalyzeSpecificFunction);
- if (Opts.IPAMode != Inlining)
+ if (Opts.IPAMode != BasicInlining)
Res.push_back("-analyzer-ipa", getAnalysisIPAModeName(Opts.IPAMode));
if (Opts.InliningMode != NoRedundancy)
Res.push_back("-analyzer-inlining-mode",
Modified: cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp?rev=162318&r1=162317&r2=162318&view=diff
==============================================================================
--- cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Core/ExprEngineCallAndReturn.cpp Tue Aug 21
16:44:21 2012
@@ -22,8 +22,6 @@
#include "llvm/ADT/Statistic.h"
#include "llvm/Support/SaveAndRestore.h"
-#define CXX_INLINING_ENABLED 1
-
using namespace clang;
using namespace ento;
@@ -305,6 +303,20 @@
}}
+static bool shouldInlineCXX(AnalysisManager &AMgr) {
+ switch (AMgr.IPAMode) {
+ case None:
+ case BasicInlining:
+ return false;
+ case Inlining:
+ case DynamicDispatch:
+ case DynamicDispatchBifurcate:
+ return true;
+ case NumIPAModes:
+ llvm_unreachable("not actually a valid option");
+ }
+}
+
bool ExprEngine::inlineCall(const CallEvent &Call, const Decl *D,
NodeBuilder &Bldr, ExplodedNode *Pred,
ProgramStateRef State) {
@@ -320,11 +332,11 @@
break;
case CE_CXXMember:
case CE_CXXMemberOperator:
- if (!CXX_INLINING_ENABLED)
+ if (!shouldInlineCXX(getAnalysisManager()))
return false;
break;
case CE_CXXConstructor: {
- if (!CXX_INLINING_ENABLED)
+ if (!shouldInlineCXX(getAnalysisManager()))
return false;
// Only inline constructors and destructors if we built the CFGs for them
@@ -351,7 +363,7 @@
break;
}
case CE_CXXDestructor: {
- if (!CXX_INLINING_ENABLED)
+ if (!shouldInlineCXX(getAnalysisManager()))
return false;
// Only inline constructors and destructors if we built the CFGs for them
@@ -371,7 +383,7 @@
break;
}
case CE_CXXAllocator:
- if (!CXX_INLINING_ENABLED)
+ if (!shouldInlineCXX(getAnalysisManager()))
return false;
// Do not inline allocators until we model deallocators.
_______________________________________________
cfe-commits mailing list
[email protected]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
