<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">FYI, I reverted r292800 from trunk in r292874. It was causing our internal validation bots to have false positives whenever a static local was dereferenced/passed to a nonnull function in a block evaluated at the top level.<div class=""><br class=""></div><div class="">Devin<br class=""><div class=""><div class=""><br class=""></div><div class=""><div class=""><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div><blockquote type="cite" class=""><div class="">On Jan 23, 2017, at 4:19 PM, Hans Wennborg <<a href="mailto:hans@chromium.org" class="">hans@chromium.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Merged in r292858.<br class=""><br class="">Thanks,<br class="">Hans<br class=""><br class="">On Mon, Jan 23, 2017 at 4:15 PM, Anna Zaks <<a href="mailto:ganna@apple.com" class="">ganna@apple.com</a>> wrote:<br class=""><blockquote type="cite" class="">Yes, ok to merge!<br class="">Thank you.<br class=""><br class="">Sent from my iPhone<br class=""><br class=""><blockquote type="cite" class="">On Jan 23, 2017, at 1:50 PM, Hans Wennborg <<a href="mailto:hans@chromium.org" class="">hans@chromium.org</a>> wrote:<br class=""><br class="">Sounds good to me.<br class=""><br class="">Anna, you're the code owner here. Ok to merge this?<br class=""><br class="">Thanks,<br class="">Hans<br class=""><br class=""><blockquote type="cite" class="">On Mon, Jan 23, 2017 at 10:37 AM, Artem Dergachev <<a href="mailto:noqnoqneo@gmail.com" class="">noqnoqneo@gmail.com</a>> wrote:<br class="">Hans,<br class=""><br class="">Could we merge this one into the 4.0.0 release branch? It's a recent bugfix<br class="">for the analyzer.<br class=""><br class="">Thanks,<br class="">Artem.<br class=""><br class=""><br class=""><br class=""><blockquote type="cite" class="">On 1/23/17 7:57 PM, Artem Dergachev via cfe-commits wrote:<br class=""><br class="">Author: dergachev<br class="">Date: Mon Jan 23 10:57:11 2017<br class="">New Revision: 292800<br class=""><br class="">URL: <a href="http://llvm.org/viewvc/llvm-project?rev=292800&view=rev" class="">http://llvm.org/viewvc/llvm-project?rev=292800&view=rev</a><br class="">Log:<br class="">[analyzer] Fix memory space of static locals seen from nested blocks.<br class=""><br class="">When a block within a function accesses a function's static local<br class="">variable,<br class="">this local is captured by reference rather than copied to the heap.<br class=""><br class="">Therefore this variable's memory space is known: StaticGlobalSpaceRegion.<br class="">Used to be UnknownSpaceRegion, same as for stack locals.<br class=""><br class="">Fixes a false positive in MacOSXAPIChecker.<br class=""><br class=""><a href="rdar://problem/30105546" class="">rdar://problem/30105546</a><br class="">Differential revision: https://reviews.llvm.org/D28946<br class=""><br class="">Modified:<br class="">    cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp<br class="">    cfe/trunk/test/Analysis/dispatch-once.m<br class=""><br class="">Modified: cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp<br class="">URL:<br class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp?rev=292800&r1=292799&r2=292800&view=diff<br class=""><br class="">==============================================================================<br class="">--- cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp (original)<br class="">+++ cfe/trunk/lib/StaticAnalyzer/Core/MemRegion.cpp Mon Jan 23 10:57:11<br class="">2017<br class="">@@ -776,6 +776,22 @@ getStackOrCaptureRegionForDeclContext(co<br class="">   return (const StackFrameContext *)nullptr;<br class=""> }<br class=""> +static CanQualType getBlockPointerType(const BlockDecl *BD, ASTContext<br class="">&C) {<br class="">+  // FIXME: The fallback type here is totally bogus -- though it should<br class="">+  // never be queried, it will prevent uniquing with the real<br class="">+  // BlockCodeRegion. Ideally we'd fix the AST so that we always had a<br class="">+  // signature.<br class="">+  QualType T;<br class="">+  if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())<br class="">+    T = TSI->getType();<br class="">+  if (T.isNull())<br class="">+    T = C.VoidTy;<br class="">+  if (!T->getAs<FunctionType>())<br class="">+    T = C.getFunctionNoProtoType(T);<br class="">+  T = C.getBlockPointerType(T);<br class="">+  return C.getCanonicalType(T);<br class="">+}<br class="">+<br class=""> const VarRegion* MemRegionManager::getVarRegion(const VarDecl *D,<br class="">                                                 const LocationContext<br class="">*LC) {<br class="">   const MemRegion *sReg = nullptr;<br class="">@@ -803,7 +819,7 @@ const VarRegion* MemRegionManager::getVa<br class="">         sReg = getGlobalsRegion();<br class="">     }<br class=""> -  // Finally handle static locals.<br class="">+  // Finally handle locals.<br class="">   } else {<br class="">     // FIXME: Once we implement scope handling, we will need to properly<br class="">lookup<br class="">     // 'D' to the proper LocationContext.<br class="">@@ -816,9 +832,22 @@ const VarRegion* MemRegionManager::getVa<br class="">       const StackFrameContext *STC = V.get<const StackFrameContext*>();<br class=""> -    if (!STC)<br class="">-      sReg = getUnknownRegion();<br class="">-    else {<br class="">+    if (!STC) {<br class="">+      if (D->isStaticLocal()) {<br class="">+        const CodeTextRegion *fReg = nullptr;<br class="">+        if (const auto *ND = dyn_cast<NamedDecl>(DC))<br class="">+          fReg = getFunctionCodeRegion(ND);<br class="">+        else if (const auto *BD = dyn_cast<BlockDecl>(DC))<br class="">+          fReg = getBlockCodeRegion(BD, getBlockPointerType(BD,<br class="">getContext()),<br class="">+                                    LC->getAnalysisDeclContext());<br class="">+        assert(fReg && "Unable to determine code region for a static<br class="">local!");<br class="">+        sReg = getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,<br class="">fReg);<br class="">+      } else {<br class="">+        // We're looking at a block-captured local variable, which may be<br class="">either<br class="">+        // still local, or already moved to the heap. So we're not sure.<br class="">+        sReg = getUnknownRegion();<br class="">+      }<br class="">+    } else {<br class="">       if (D->hasLocalStorage()) {<br class="">         sReg = isa<ParmVarDecl>(D) || isa<ImplicitParamDecl>(D)<br class="">                ? static_cast<const<br class="">MemRegion*>(getStackArgumentsRegion(STC))<br class="">@@ -831,22 +860,9 @@ const VarRegion* MemRegionManager::getVa<br class="">           sReg =<br class="">getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,<br class=""><br class="">getFunctionCodeRegion(cast<NamedDecl>(STCD)));<br class="">         else if (const BlockDecl *BD = dyn_cast<BlockDecl>(STCD)) {<br class="">-          // FIXME: The fallback type here is totally bogus -- though it<br class="">should<br class="">-          // never be queried, it will prevent uniquing with the real<br class="">-          // BlockCodeRegion. Ideally we'd fix the AST so that we always<br class="">had a<br class="">-          // signature.<br class="">-          QualType T;<br class="">-          if (const TypeSourceInfo *TSI = BD->getSignatureAsWritten())<br class="">-            T = TSI->getType();<br class="">-          if (T.isNull())<br class="">-            T = getContext().VoidTy;<br class="">-          if (!T->getAs<FunctionType>())<br class="">-            T = getContext().getFunctionNoProtoType(T);<br class="">-          T = getContext().getBlockPointerType(T);<br class="">-<br class="">           const BlockCodeRegion *BTR =<br class="">-            getBlockCodeRegion(BD, C.getCanonicalType(T),<br class="">-                               STC->getAnalysisDeclContext());<br class="">+              getBlockCodeRegion(BD, getBlockPointerType(BD,<br class="">getContext()),<br class="">+                                 STC->getAnalysisDeclContext());<br class="">           sReg =<br class="">getGlobalsRegion(MemRegion::StaticGlobalSpaceRegionKind,<br class="">                                   BTR);<br class="">         }<br class=""><br class="">Modified: cfe/trunk/test/Analysis/dispatch-once.m<br class="">URL:<br class="">http://llvm.org/viewvc/llvm-project/cfe/trunk/test/Analysis/dispatch-once.m?rev=292800&r1=292799&r2=292800&view=diff<br class=""><br class="">==============================================================================<br class="">--- cfe/trunk/test/Analysis/dispatch-once.m (original)<br class="">+++ cfe/trunk/test/Analysis/dispatch-once.m Mon Jan 23 10:57:11 2017<br class="">@@ -107,3 +107,10 @@ void test_block_var_from_outside_block()<br class="">   };<br class="">   dispatch_once(&once, ^{}); // expected-warning{{Call to<br class="">'dispatch_once' uses the block variable 'once' for the predicate value.}}<br class=""> }<br class="">+<br class="">+void test_static_var_from_outside_block() {<br class="">+  static dispatch_once_t once;<br class="">+  ^{<br class="">+    dispatch_once(&once, ^{}); // no-warning<br class="">+  };<br class="">+}<br class=""><br class=""><br class="">_______________________________________________<br class="">cfe-commits mailing list<br class="">cfe-commits@lists.llvm.org<br class="">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits<br class=""></blockquote><br class=""><br class=""></blockquote></blockquote></blockquote></div></div></blockquote></div><br class=""></div></div></div></div></body></html>