Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2729503004:
Add Clang static analysis control to all assert functions in logging.h (Closed)
DescriptionAdd Clang static analysis control to all assert functions in logging.h
This CL adds static analysis hints to all assertion functions in logging.h. On builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which prevents the analyzer from evaluating codepaths that are asserted to be impossible.
R=brucedawson@chromium.org,danakj@chromium.org
BUG=327707
Review-Url: https://codereview.chromium.org/2729503004
Cr-Commit-Position: refs/heads/master@{#466129}
Committed: https://chromium.googlesource.com/chromium/src/+/fe2f09f858b77a7bd9437ef3b377e9af7f50f62d
Patch Set 1 #Patch Set 2 : Comment #Patch Set 3 : Forced Windows check for trybot MSVC verification #Patch Set 4 : rebase and re-add constexpr #Patch Set 5 : Make Windows happy #Patch Set 6 : . #Patch Set 7 : Re-upload patch with base branch #Patch Set 8 : Add missing close paran to EAT_STREAM_PARAMETERS #Patch Set 9 : Resolved "else" ambiguity in DCHECK_OP impl #Patch Set 10 : Move ANALYSIS_ASSUME_TRUE into body of CheckXYZImpl #
Total comments: 8
Patch Set 11 : brucedawson feedback #Patch Set 12 : single evaluation of MSVC analysis_assume param #Patch Set 13 : Added MSVC2017 workaround #Patch Set 14 : Tweaks for MSVC 2017 #Patch Set 15 : Added inline DoNothing() call for analysis-disabled builds #Patch Set 16 : DCHECK impl on static build whack-a-mole. #Patch Set 17 : Restore PREfast parallel implementations. #Patch Set 18 : Fixed up the code comments a bit #Messages
Total messages: 77 (53 generated)
Description was changed from ========== Re-add AnalysisAssumeTrue() with boolean-only inputs. The previous implementation of AnalysisAssumeTrue() preserved the type of |arg| which was problematic because the myriad variations of types was rife with ambiguity for the template type deduction and overload systems: lvalue refs, rvalue refs, pointers, literals, and unaligned literals (e.g. bitfields). Given that ANALYSIS_ASSUME_TRUE is only invoked in the context of a conditional, it is OK if we coerce the expression to a boolean via logical NOT before passing it to AnalysisAssumeTrue(). Now that the AnalysisAssumeTrue() needs only to support booleans, the implementation becomes trivial. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Re-add ANALYSIS_ASSUME_TRUE() with simplified bool inputs. The previous implementation of AnalysisAssumeTrue() preserved the type of |arg| which was problematic because the myriad variations of types was rife with ambiguity for the template type deduction and overload systems: lvalue refs, rvalue refs, pointers, literals, and unaligned literals (e.g. bitfields). Given that ANALYSIS_ASSUME_TRUE is only invoked in the context of a conditional, it is OK if we coerce the expression to a boolean via logical NOT before passing it to AnalysisAssumeTrue(). Now that the AnalysisAssumeTrue() needs only to support booleans, the implementation becomes trivial. (This CL reverts the rollback CL #2720893003). R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_tsan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
Bots look unhappy, should I wait for that to get sorted?
On 2017/03/03 18:41:36, danakj wrote: > Bots look unhappy, should I wait for that to get sorted? Making the function not constexpr means that DCHECK fails when called from a constexpr function. d:\src\chromium\src\base\time\time.h(685): error C2134: 'logging::AnalysisAssumeTrue': call does not result in a constant expression d:\src\chromium\src\base\time\time.h(685): note: failure was caused by call of undefined function or one not declared 'constexpr' d:\src\chromium\src\base\logging.h(316): note: see declaration of 'logging::AnalysisAssumeTrue' VC++ 2017 improves constexpr support - maybe it supports the previous solution?
I'm close to having my own Win box up and running with MSVC, so I'll ping you when I have a solution that works on my end.
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
Description was changed from ========== Re-add ANALYSIS_ASSUME_TRUE() with simplified bool inputs. The previous implementation of AnalysisAssumeTrue() preserved the type of |arg| which was problematic because the myriad variations of types was rife with ambiguity for the template type deduction and overload systems: lvalue refs, rvalue refs, pointers, literals, and unaligned literals (e.g. bitfields). Given that ANALYSIS_ASSUME_TRUE is only invoked in the context of a conditional, it is OK if we coerce the expression to a boolean via logical NOT before passing it to AnalysisAssumeTrue(). Now that the AnalysisAssumeTrue() needs only to support booleans, the implementation becomes trivial. (This CL reverts the rollback CL #2720893003). R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
Reviewers, PTAL. I have verified the changes with the PREfast and Clang analyzers. Will use the trybots to verify the changes w/o analysis.
Description was changed from ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op which simply passes the input value straight through. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...)
On 2017/03/14 20:25:53, Kevin M wrote: > Reviewers, PTAL. I have verified the changes with the PREfast and Clang > analyzers. Will use the trybots to verify the changes w/o analysis. Are the bot failures spurious or indicative of actual problems with the CL? The one I looked at was a CHECK or DCHECK failure.
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Just fixed the issue which manifested on release builds with DCHECK_ALWAYS_ON. Trying again.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_arm64_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...) android_compile_dbg on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_comp...) linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
Nevermind, the game of compiler whack-a-mole continues...
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
OK, PTAL. Looks like I've appeased all three compilers (clang, msvc, cc1plus) with this latest patch.
A few comments and questions. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h File base/logging.h (right): https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode301 base/logging.h:301: // errors will be generated for the current path. This doesn't fit my mental model for how /analyze uses these results. The /analyze intrinsic is __analyzis_assume and, like the name says, it tells the analyzer to assume that the argument is true. This doesn't necessarily have to do with a particular execution path. It is often used to indicate that a particular index, for instance, is constrained to a particular range in order to avoid spurious out-of-range access warnings. It's just a comment, and it's not really a *blocking* issue but I wanted to mention it. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode317 base/logging.h:317: #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), !!(arg)) The second !! is not needed. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode321 base/logging.h:321: #define ANALYZER_ASSUME_TRUE(arg) !!(arg) The !! should not be needed, should it? It is needed for __analysis_assume due to a quirk of its implementation. It is probably needed for AnalyzerAssumeTrue because it expects an actual bool. But elsewhere maybe not? https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode852 base/logging.h:852: // Note that the contract of DCHECK_EQ, etc is that arguments are only evaluated Is this contract still respected? I'm not sure whether it matters or not, but the use of the comma operator in the /analyze version of ANALYZER_ASSUME_TRUE suggests the possibility of double evaluation. Note that the previous usage of __analysis_assume avoided this double evaluation by passing false to LAZY_STREAM. I believe this was determined to be harmless because the resulting binary is never run so effectively compiling out all DCHECKs is irrelevant. It may be that similar logic means that the current implementation is fine also, but the alternative would be replacing: #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), !!(arg)) with: #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), false)
https://codereview.chromium.org/2729503004/diff/160002/base/logging.h File base/logging.h (right): https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode301 base/logging.h:301: // errors will be generated for the current path. On 2017/03/16 20:15:40, brucedawson wrote: > This doesn't fit my mental model for how /analyze uses these results. The > /analyze intrinsic is __analyzis_assume and, like the name says, it tells the > analyzer to assume that the argument is true. This doesn't necessarily have to > do with a particular execution path. It is often used to indicate that a > particular index, for instance, is constrained to a particular range in order to > avoid spurious out-of-range access warnings. > > It's just a comment, and it's not really a *blocking* issue but I wanted to > mention it. Interesting. In the Clang case, noreturn is used for culling analysis paths, not for creating new ones. OK, I'll reword this to be more general. "This macro does things on stuff." ;) Maybe not THAT general. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode317 base/logging.h:317: #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), !!(arg)) On 2017/03/16 20:15:40, brucedawson wrote: > The second !! is not needed. It makes the expression value consistent with the Clang case, which works with bools. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode321 base/logging.h:321: #define ANALYZER_ASSUME_TRUE(arg) !!(arg) On 2017/03/16 20:15:40, brucedawson wrote: > The !! should not be needed, should it? It is needed for __analysis_assume due > to a quirk of its implementation. It is probably needed for AnalyzerAssumeTrue > because it expects an actual bool. But elsewhere maybe not? See above.. https://codereview.chromium.org/2729503004/diff/160002/base/logging.h#newcode852 base/logging.h:852: // Note that the contract of DCHECK_EQ, etc is that arguments are only evaluated On 2017/03/16 20:15:40, brucedawson wrote: > Is this contract still respected? I'm not sure whether it matters or not, but > the use of the comma operator in the /analyze version of ANALYZER_ASSUME_TRUE > suggests the possibility of double evaluation. > > Note that the previous usage of __analysis_assume avoided this double evaluation > by passing false to LAZY_STREAM. I believe this was determined to be harmless > because the resulting binary is never run so effectively compiling out all > DCHECKs is irrelevant. > > It may be that similar logic means that the current implementation is fine also, > but the alternative would be replacing: > > #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), !!(arg)) > > with: > > #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), false) Actually, the potential for double evaluation of an expression w/side effects (e.g. DCHECK(foo++)) is concerning. I adapted the MSVC #ifdef to use an AnalysisAssumeTrue() function a la Clang, which just calls analysis_assume & passes the computed boolean result straight through. That way the expression is evaluated only once.
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
> I adapted the MSVC #ifdef to use an AnalysisAssumeTrue() function a la Clang, > which just calls analysis_assume & passes the computed boolean result straight > through. That way the expression is evaluated only once. I think we've been here before - doesn't this lead us to the problem where AnalysisAssumeTrue cannot be constexpr but must be constexpr? I think using false to avoid double evaluation (perhaps with a comment explaining why, because it is way too subtle) is necessary.
> I think we've been here before - doesn't this lead us to the problem where AnalysisAssumeTrue cannot be constexpr but must be constexpr? The problem I encountered before was due to the fact that I had written variations on AnalysisAssumeTrue to accept all types, constnesses, &c. for the argument. That complexity's gone with the cast-to-boolean approach. :) MSVC objects to using CHECK functions inside the bodies of constexpr functions, but it looks like you already #ifdef'd those cases out of existence for Windows builds, e.g. https://cs.chromium.org/chromium/src/base/time/time.h?rcl=8e63e7d33496a458953... .
On 2017/03/18 00:10:35, Kevin M wrote: > > I think we've been here before - doesn't this lead us to the problem where > AnalysisAssumeTrue cannot be constexpr but must be constexpr? > > The problem I encountered before was due to the fact that I had written > variations on AnalysisAssumeTrue to accept all types, constnesses, &c. for the > argument. That complexity's gone with the cast-to-boolean approach. :) That was one of the problems, but I was referring to the failures we hit previously when AnalyzerAssumeTrue had a bool arg. At that time it was calling AnalyzerNoReturn on all platforms and VC++ did not like that. Now that you are using __analysis_assume on VC++ it may be okay to mark the function as constexpr, thus avoiding all limitations. > MSVC objects to using CHECK functions inside the bodies of constexpr functions, > but it looks like you already #ifdef'd those cases out of existence for Windows > builds, e.g. > https://cs.chromium.org/chromium/src/base/time/time.h?rcl=8e63e7d33496a458953... The internal compiler error which that code works around has been fixed in VS 2017 and we would like to delete it at some point. Requiring that DCHECK not be used in constexpr functions will force us to retain that workaround and will introduce future problems as we start marking far more functions as constexpr. On the other hand, some quick testing shows that VS 2017 can handle __analysis_assume in constexpr functions, so the constexpr restriction is temporary anyway. I was going to suggest this for Windows: #define ANALYZER_ASSUME_TRUE(arg) (__analysis_assume(!!(arg)), false) It avoids double-evaluations of |arg|, and it avoids any restrictions on where DCHECK can be used. It passes my crude testing (including compiling ..\..\media\capture\content\animated_content_sampler.cc^^ with VC++ 2017 with the time.h DCHECK re-enabled). But I'm now inclined to suggest this: #if _MSC_VER >= 1910 // VC++ 2017 allows __analysis_assume inside constexpr functions inline constexpr bool AnalyzerAssumeTrue(bool arg) { __analysis_assume(arg); return arg; } #else inline bool AnalyzerAssumeTrue(bool arg) { __analysis_assume(arg); return arg; } #endif It's irrelevant for now, but it will save us from re-learning this if/when we transition, and it will make removing the compiler-bug workarounds easier.
Done. Will verify it on MSVS 2k7 when the Microsoft account SMS verification starts working again.
On 2017/03/23 01:00:39, Kevin M wrote: > Done. Will verify it on MSVS 2k7 when the Microsoft account SMS verification > starts working again. You can also cherry-pick the vs_toolchain.py change from crrev.com/2762093003 so that you can use VS 2017 from depot_tools. This is a preliminary package, but it does work. Note that you may need to build/config/compiler/BUILD.gn change as well, or else "treat_warnings_as_errors = false", since there is one outstanding warning left. You probably don't want the landmine...
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op which simply passes the input value straight through. This CL also merges the analysis/non-analysis variants of assertion functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op which simply passes the input value straight through. This CL also merges the analysis/non-analysis variants of our assert functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: android_cronet on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_cron...)
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
It appears that merging MSVC and Clang's approaches into a single macro in a way that doesn't produce more error noise is impossible. I've rewritten the CL a number of times to make our various compilers happy, but the latest obstacle I've run into is that MSVC complains when a comma operator w/o side effects is used inside a test expression context (error C6319). Unfortunately this is the only bit of syntax that I know of which will let me invoke a void function inside a conditional expr. I'm going to rewrite this CL to only add Clang analysis hooks, keeping the existing PREfast logging implementations as they are today w/no regressions.
Description was changed from ========== Add static analysis path control to asserts in logging.h This CL adds static analysis hooks to all asserts in logging.h. For builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which tells the analyzer to stop evaluating the paths which are asserted to be impossible. For example, DCHECK(ptr) declares that 'ptr' cannot be null, so the static analyzer will only consider scenarios where 'ptr' is non-null. Separate implementations of ANALYSIS_ASSUME_TRUE are provided for Clang and MSVC PREfast cases which have subtly different semantics. For builds in which there is no static analyzer present, ANALYSIS_ASSUME_TRUE() is a no-op which simply passes the input value straight through. This CL also merges the analysis/non-analysis variants of our assert functions, which is made possible by the no-op implementation of ANALYSIS_ASSUME_TRUE. The analysis-only implementations of CHECK/DCHECK/etc. are deleted. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add Clang static analysis control to all assert functions in logging.h This CL adds static analysis hints to all assertion functions in logging.h. On builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which prevents the analyzer from evaluating codepaths that are asserted to be impossible. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ==========
danakj, brucedawson: PTAL The PREfast logging function variants are back. I verified that the analysis build output is consistent with what's in ToT. I updated the CL description to reflect the fact that this is a Clang-only improvement.
The CQ bit was checked by kmarshall@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
I'll give it a stamp when bruce is happy
lgtm
LGTM
The CQ bit was checked by kmarshall@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 330001, "attempt_start_ts": 1492721730683230,
"parent_rev": "2269e30d4ea0874704bfbd4021c087ba960e7ea5", "commit_rev":
"fe2f09f858b77a7bd9437ef3b377e9af7f50f62d"}
Message was sent while issue was closed.
Description was changed from ========== Add Clang static analysis control to all assert functions in logging.h This CL adds static analysis hints to all assertion functions in logging.h. On builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which prevents the analyzer from evaluating codepaths that are asserted to be impossible. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 ========== to ========== Add Clang static analysis control to all assert functions in logging.h This CL adds static analysis hints to all assertion functions in logging.h. On builds with static analysis enabled, ANALYSIS_ASSUME_TRUE generates code which prevents the analyzer from evaluating codepaths that are asserted to be impossible. R=brucedawson@chromium.org,danakj@chromium.org BUG=327707 Review-Url: https://codereview.chromium.org/2729503004 Cr-Commit-Position: refs/heads/master@{#466129} Committed: https://chromium.googlesource.com/chromium/src/+/fe2f09f858b77a7bd9437ef3b377... ==========
Message was sent while issue was closed.
Committed patchset #18 (id:330001) as https://chromium.googlesource.com/chromium/src/+/fe2f09f858b77a7bd9437ef3b377... |
