1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines analysis_warnings::[Policy,Executor].
10 // Together they are used by Sema to issue warnings based on inexpensive
11 // static analysis algorithms in libAnalysis.
12 //
13 //===----------------------------------------------------------------------===//
14
15 #include "clang/Sema/AnalysisBasedWarnings.h"
16 #include "clang/AST/DeclCXX.h"
17 #include "clang/AST/DeclObjC.h"
18 #include "clang/AST/EvaluatedExprVisitor.h"
19 #include "clang/AST/Expr.h"
20 #include "clang/AST/ExprCXX.h"
21 #include "clang/AST/ExprObjC.h"
22 #include "clang/AST/OperationKinds.h"
23 #include "clang/AST/ParentMap.h"
24 #include "clang/AST/RecursiveASTVisitor.h"
25 #include "clang/AST/StmtCXX.h"
26 #include "clang/AST/StmtObjC.h"
27 #include "clang/AST/StmtVisitor.h"
28 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h"
29 #include "clang/Analysis/Analyses/CalledOnceCheck.h"
30 #include "clang/Analysis/Analyses/Consumed.h"
31 #include "clang/Analysis/Analyses/ReachableCode.h"
32 #include "clang/Analysis/Analyses/ThreadSafety.h"
33 #include "clang/Analysis/Analyses/UninitializedValues.h"
34 #include "clang/Analysis/Analyses/UnsafeBufferUsage.h"
35 #include "clang/Analysis/AnalysisDeclContext.h"
36 #include "clang/Analysis/CFG.h"
37 #include "clang/Analysis/CFGStmtMap.h"
38 #include "clang/Basic/SourceLocation.h"
39 #include "clang/Basic/SourceManager.h"
40 #include "clang/Lex/Preprocessor.h"
41 #include "clang/Sema/ScopeInfo.h"
42 #include "clang/Sema/SemaInternal.h"
43 #include "llvm/ADT/ArrayRef.h"
44 #include "llvm/ADT/BitVector.h"
45 #include "llvm/ADT/MapVector.h"
46 #include "llvm/ADT/SmallString.h"
47 #include "llvm/ADT/SmallVector.h"
48 #include "llvm/ADT/StringRef.h"
49 #include "llvm/Support/Casting.h"
50 #include <algorithm>
51 #include <deque>
52 #include <iterator>
53 #include <optional>
54
55 using namespace clang;
56
57 //===----------------------------------------------------------------------===//
58 // Unreachable code analysis.
59 //===----------------------------------------------------------------------===//
60
61 namespace {
62 class UnreachableCodeHandler : public reachable_code::Callback {
63 Sema &S;
64 SourceRange PreviousSilenceableCondVal;
65
66 public:
UnreachableCodeHandler(Sema & s)67 UnreachableCodeHandler(Sema &s) : S(s) {}
68
HandleUnreachable(reachable_code::UnreachableKind UK,SourceLocation L,SourceRange SilenceableCondVal,SourceRange R1,SourceRange R2)69 void HandleUnreachable(reachable_code::UnreachableKind UK,
70 SourceLocation L,
71 SourceRange SilenceableCondVal,
72 SourceRange R1,
73 SourceRange R2) override {
74 // Avoid reporting multiple unreachable code diagnostics that are
75 // triggered by the same conditional value.
76 if (PreviousSilenceableCondVal.isValid() &&
77 SilenceableCondVal.isValid() &&
78 PreviousSilenceableCondVal == SilenceableCondVal)
79 return;
80 PreviousSilenceableCondVal = SilenceableCondVal;
81
82 unsigned diag = diag::warn_unreachable;
83 switch (UK) {
84 case reachable_code::UK_Break:
85 diag = diag::warn_unreachable_break;
86 break;
87 case reachable_code::UK_Return:
88 diag = diag::warn_unreachable_return;
89 break;
90 case reachable_code::UK_Loop_Increment:
91 diag = diag::warn_unreachable_loop_increment;
92 break;
93 case reachable_code::UK_Other:
94 break;
95 }
96
97 S.Diag(L, diag) << R1 << R2;
98
99 SourceLocation Open = SilenceableCondVal.getBegin();
100 if (Open.isValid()) {
101 SourceLocation Close = SilenceableCondVal.getEnd();
102 Close = S.getLocForEndOfToken(Close);
103 if (Close.isValid()) {
104 S.Diag(Open, diag::note_unreachable_silence)
105 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (")
106 << FixItHint::CreateInsertion(Close, ")");
107 }
108 }
109 }
110 };
111 } // anonymous namespace
112
113 /// CheckUnreachable - Check for unreachable code.
CheckUnreachable(Sema & S,AnalysisDeclContext & AC)114 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) {
115 // As a heuristic prune all diagnostics not in the main file. Currently
116 // the majority of warnings in headers are false positives. These
117 // are largely caused by configuration state, e.g. preprocessor
118 // defined code, etc.
119 //
120 // Note that this is also a performance optimization. Analyzing
121 // headers many times can be expensive.
122 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getBeginLoc()))
123 return;
124
125 UnreachableCodeHandler UC(S);
126 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC);
127 }
128
129 namespace {
130 /// Warn on logical operator errors in CFGBuilder
131 class LogicalErrorHandler : public CFGCallback {
132 Sema &S;
133
134 public:
LogicalErrorHandler(Sema & S)135 LogicalErrorHandler(Sema &S) : S(S) {}
136
HasMacroID(const Expr * E)137 static bool HasMacroID(const Expr *E) {
138 if (E->getExprLoc().isMacroID())
139 return true;
140
141 // Recurse to children.
142 for (const Stmt *SubStmt : E->children())
143 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt))
144 if (HasMacroID(SubExpr))
145 return true;
146
147 return false;
148 }
149
compareAlwaysTrue(const BinaryOperator * B,bool isAlwaysTrue)150 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override {
151 if (HasMacroID(B))
152 return;
153
154 SourceRange DiagRange = B->getSourceRange();
155 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison)
156 << DiagRange << isAlwaysTrue;
157 }
158
compareBitwiseEquality(const BinaryOperator * B,bool isAlwaysTrue)159 void compareBitwiseEquality(const BinaryOperator *B,
160 bool isAlwaysTrue) override {
161 if (HasMacroID(B))
162 return;
163
164 SourceRange DiagRange = B->getSourceRange();
165 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always)
166 << DiagRange << isAlwaysTrue;
167 }
168
compareBitwiseOr(const BinaryOperator * B)169 void compareBitwiseOr(const BinaryOperator *B) override {
170 if (HasMacroID(B))
171 return;
172
173 SourceRange DiagRange = B->getSourceRange();
174 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_or) << DiagRange;
175 }
176
hasActiveDiagnostics(DiagnosticsEngine & Diags,SourceLocation Loc)177 static bool hasActiveDiagnostics(DiagnosticsEngine &Diags,
178 SourceLocation Loc) {
179 return !Diags.isIgnored(diag::warn_tautological_overlap_comparison, Loc) ||
180 !Diags.isIgnored(diag::warn_comparison_bitwise_or, Loc);
181 }
182 };
183 } // anonymous namespace
184
185 //===----------------------------------------------------------------------===//
186 // Check for infinite self-recursion in functions
187 //===----------------------------------------------------------------------===//
188
189 // Returns true if the function is called anywhere within the CFGBlock.
190 // For member functions, the additional condition of being call from the
191 // this pointer is required.
hasRecursiveCallInPath(const FunctionDecl * FD,CFGBlock & Block)192 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) {
193 // Process all the Stmt's in this block to find any calls to FD.
194 for (const auto &B : Block) {
195 if (B.getKind() != CFGElement::Statement)
196 continue;
197
198 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt());
199 if (!CE || !CE->getCalleeDecl() ||
200 CE->getCalleeDecl()->getCanonicalDecl() != FD)
201 continue;
202
203 // Skip function calls which are qualified with a templated class.
204 if (const DeclRefExpr *DRE =
205 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) {
206 if (NestedNameSpecifier *NNS = DRE->getQualifier()) {
207 if (NNS->getKind() == NestedNameSpecifier::TypeSpec &&
208 isa<TemplateSpecializationType>(NNS->getAsType())) {
209 continue;
210 }
211 }
212 }
213
214 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE);
215 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) ||
216 !MCE->getMethodDecl()->isVirtual())
217 return true;
218 }
219 return false;
220 }
221
222 // Returns true if every path from the entry block passes through a call to FD.
checkForRecursiveFunctionCall(const FunctionDecl * FD,CFG * cfg)223 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) {
224 llvm::SmallPtrSet<CFGBlock *, 16> Visited;
225 llvm::SmallVector<CFGBlock *, 16> WorkList;
226 // Keep track of whether we found at least one recursive path.
227 bool foundRecursion = false;
228
229 const unsigned ExitID = cfg->getExit().getBlockID();
230
231 // Seed the work list with the entry block.
232 WorkList.push_back(&cfg->getEntry());
233
234 while (!WorkList.empty()) {
235 CFGBlock *Block = WorkList.pop_back_val();
236
237 for (auto I = Block->succ_begin(), E = Block->succ_end(); I != E; ++I) {
238 if (CFGBlock *SuccBlock = *I) {
239 if (!Visited.insert(SuccBlock).second)
240 continue;
241
242 // Found a path to the exit node without a recursive call.
243 if (ExitID == SuccBlock->getBlockID())
244 return false;
245
246 // If the successor block contains a recursive call, end analysis there.
247 if (hasRecursiveCallInPath(FD, *SuccBlock)) {
248 foundRecursion = true;
249 continue;
250 }
251
252 WorkList.push_back(SuccBlock);
253 }
254 }
255 }
256 return foundRecursion;
257 }
258
checkRecursiveFunction(Sema & S,const FunctionDecl * FD,const Stmt * Body,AnalysisDeclContext & AC)259 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD,
260 const Stmt *Body, AnalysisDeclContext &AC) {
261 FD = FD->getCanonicalDecl();
262
263 // Only run on non-templated functions and non-templated members of
264 // templated classes.
265 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate &&
266 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization)
267 return;
268
269 CFG *cfg = AC.getCFG();
270 if (!cfg) return;
271
272 // If the exit block is unreachable, skip processing the function.
273 if (cfg->getExit().pred_empty())
274 return;
275
276 // Emit diagnostic if a recursive function call is detected for all paths.
277 if (checkForRecursiveFunctionCall(FD, cfg))
278 S.Diag(Body->getBeginLoc(), diag::warn_infinite_recursive_function);
279 }
280
281 //===----------------------------------------------------------------------===//
282 // Check for throw in a non-throwing function.
283 //===----------------------------------------------------------------------===//
284
285 /// Determine whether an exception thrown by E, unwinding from ThrowBlock,
286 /// can reach ExitBlock.
throwEscapes(Sema & S,const CXXThrowExpr * E,CFGBlock & ThrowBlock,CFG * Body)287 static bool throwEscapes(Sema &S, const CXXThrowExpr *E, CFGBlock &ThrowBlock,
288 CFG *Body) {
289 SmallVector<CFGBlock *, 16> Stack;
290 llvm::BitVector Queued(Body->getNumBlockIDs());
291
292 Stack.push_back(&ThrowBlock);
293 Queued[ThrowBlock.getBlockID()] = true;
294
295 while (!Stack.empty()) {
296 CFGBlock &UnwindBlock = *Stack.back();
297 Stack.pop_back();
298
299 for (auto &Succ : UnwindBlock.succs()) {
300 if (!Succ.isReachable() || Queued[Succ->getBlockID()])
301 continue;
302
303 if (Succ->getBlockID() == Body->getExit().getBlockID())
304 return true;
305
306 if (auto *Catch =
307 dyn_cast_or_null<CXXCatchStmt>(Succ->getLabel())) {
308 QualType Caught = Catch->getCaughtType();
309 if (Caught.isNull() || // catch (...) catches everything
310 !E->getSubExpr() || // throw; is considered cuaght by any handler
311 S.handlerCanCatch(Caught, E->getSubExpr()->getType()))
312 // Exception doesn't escape via this path.
313 break;
314 } else {
315 Stack.push_back(Succ);
316 Queued[Succ->getBlockID()] = true;
317 }
318 }
319 }
320
321 return false;
322 }
323
visitReachableThrows(CFG * BodyCFG,llvm::function_ref<void (const CXXThrowExpr *,CFGBlock &)> Visit)324 static void visitReachableThrows(
325 CFG *BodyCFG,
326 llvm::function_ref<void(const CXXThrowExpr *, CFGBlock &)> Visit) {
327 llvm::BitVector Reachable(BodyCFG->getNumBlockIDs());
328 clang::reachable_code::ScanReachableFromBlock(&BodyCFG->getEntry(), Reachable);
329 for (CFGBlock *B : *BodyCFG) {
330 if (!Reachable[B->getBlockID()])
331 continue;
332 for (CFGElement &E : *B) {
333 std::optional<CFGStmt> S = E.getAs<CFGStmt>();
334 if (!S)
335 continue;
336 if (auto *Throw = dyn_cast<CXXThrowExpr>(S->getStmt()))
337 Visit(Throw, *B);
338 }
339 }
340 }
341
EmitDiagForCXXThrowInNonThrowingFunc(Sema & S,SourceLocation OpLoc,const FunctionDecl * FD)342 static void EmitDiagForCXXThrowInNonThrowingFunc(Sema &S, SourceLocation OpLoc,
343 const FunctionDecl *FD) {
344 if (!S.getSourceManager().isInSystemHeader(OpLoc) &&
345 FD->getTypeSourceInfo()) {
346 S.Diag(OpLoc, diag::warn_throw_in_noexcept_func) << FD;
347 if (S.getLangOpts().CPlusPlus11 &&
348 (isa<CXXDestructorDecl>(FD) ||
349 FD->getDeclName().getCXXOverloadedOperator() == OO_Delete ||
350 FD->getDeclName().getCXXOverloadedOperator() == OO_Array_Delete)) {
351 if (const auto *Ty = FD->getTypeSourceInfo()->getType()->
352 getAs<FunctionProtoType>())
353 S.Diag(FD->getLocation(), diag::note_throw_in_dtor)
354 << !isa<CXXDestructorDecl>(FD) << !Ty->hasExceptionSpec()
355 << FD->getExceptionSpecSourceRange();
356 } else
357 S.Diag(FD->getLocation(), diag::note_throw_in_function)
358 << FD->getExceptionSpecSourceRange();
359 }
360 }
361
checkThrowInNonThrowingFunc(Sema & S,const FunctionDecl * FD,AnalysisDeclContext & AC)362 static void checkThrowInNonThrowingFunc(Sema &S, const FunctionDecl *FD,
363 AnalysisDeclContext &AC) {
364 CFG *BodyCFG = AC.getCFG();
365 if (!BodyCFG)
366 return;
367 if (BodyCFG->getExit().pred_empty())
368 return;
369 visitReachableThrows(BodyCFG, [&](const CXXThrowExpr *Throw, CFGBlock &Block) {
370 if (throwEscapes(S, Throw, Block, BodyCFG))
371 EmitDiagForCXXThrowInNonThrowingFunc(S, Throw->getThrowLoc(), FD);
372 });
373 }
374
isNoexcept(const FunctionDecl * FD)375 static bool isNoexcept(const FunctionDecl *FD) {
376 const auto *FPT = FD->getType()->castAs<FunctionProtoType>();
377 if (FPT->isNothrow() || FD->hasAttr<NoThrowAttr>())
378 return true;
379 return false;
380 }
381
382 //===----------------------------------------------------------------------===//
383 // Check for missing return value.
384 //===----------------------------------------------------------------------===//
385
386 enum ControlFlowKind {
387 UnknownFallThrough,
388 NeverFallThrough,
389 MaybeFallThrough,
390 AlwaysFallThrough,
391 NeverFallThroughOrReturn
392 };
393
394 /// CheckFallThrough - Check that we don't fall off the end of a
395 /// Statement that should return a value.
396 ///
397 /// \returns AlwaysFallThrough iff we always fall off the end of the statement,
398 /// MaybeFallThrough iff we might or might not fall off the end,
399 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or
400 /// return. We assume NeverFallThrough iff we never fall off the end of the
401 /// statement but we may return. We assume that functions not marked noreturn
402 /// will return.
CheckFallThrough(AnalysisDeclContext & AC)403 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) {
404 CFG *cfg = AC.getCFG();
405 if (!cfg) return UnknownFallThrough;
406
407 // The CFG leaves in dead things, and we don't want the dead code paths to
408 // confuse us, so we mark all live things first.
409 llvm::BitVector live(cfg->getNumBlockIDs());
410 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(),
411 live);
412
413 bool AddEHEdges = AC.getAddEHEdges();
414 if (!AddEHEdges && count != cfg->getNumBlockIDs())
415 // When there are things remaining dead, and we didn't add EH edges
416 // from CallExprs to the catch clauses, we have to go back and
417 // mark them as live.
418 for (const auto *B : *cfg) {
419 if (!live[B->getBlockID()]) {
420 if (B->pred_begin() == B->pred_end()) {
421 const Stmt *Term = B->getTerminatorStmt();
422 if (Term && isa<CXXTryStmt>(Term))
423 // When not adding EH edges from calls, catch clauses
424 // can otherwise seem dead. Avoid noting them as dead.
425 count += reachable_code::ScanReachableFromBlock(B, live);
426 continue;
427 }
428 }
429 }
430
431 // Now we know what is live, we check the live precessors of the exit block
432 // and look for fall through paths, being careful to ignore normal returns,
433 // and exceptional paths.
434 bool HasLiveReturn = false;
435 bool HasFakeEdge = false;
436 bool HasPlainEdge = false;
437 bool HasAbnormalEdge = false;
438
439 // Ignore default cases that aren't likely to be reachable because all
440 // enums in a switch(X) have explicit case statements.
441 CFGBlock::FilterOptions FO;
442 FO.IgnoreDefaultsWithCoveredEnums = 1;
443
444 for (CFGBlock::filtered_pred_iterator I =
445 cfg->getExit().filtered_pred_start_end(FO);
446 I.hasMore(); ++I) {
447 const CFGBlock &B = **I;
448 if (!live[B.getBlockID()])
449 continue;
450
451 // Skip blocks which contain an element marked as no-return. They don't
452 // represent actually viable edges into the exit block, so mark them as
453 // abnormal.
454 if (B.hasNoReturnElement()) {
455 HasAbnormalEdge = true;
456 continue;
457 }
458
459 // Destructors can appear after the 'return' in the CFG. This is
460 // normal. We need to look pass the destructors for the return
461 // statement (if it exists).
462 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend();
463
464 for ( ; ri != re ; ++ri)
465 if (ri->getAs<CFGStmt>())
466 break;
467
468 // No more CFGElements in the block?
469 if (ri == re) {
470 const Stmt *Term = B.getTerminatorStmt();
471 if (Term && (isa<CXXTryStmt>(Term) || isa<ObjCAtTryStmt>(Term))) {
472 HasAbnormalEdge = true;
473 continue;
474 }
475 // A labeled empty statement, or the entry block...
476 HasPlainEdge = true;
477 continue;
478 }
479
480 CFGStmt CS = ri->castAs<CFGStmt>();
481 const Stmt *S = CS.getStmt();
482 if (isa<ReturnStmt>(S) || isa<CoreturnStmt>(S)) {
483 HasLiveReturn = true;
484 continue;
485 }
486 if (isa<ObjCAtThrowStmt>(S)) {
487 HasFakeEdge = true;
488 continue;
489 }
490 if (isa<CXXThrowExpr>(S)) {
491 HasFakeEdge = true;
492 continue;
493 }
494 if (isa<MSAsmStmt>(S)) {
495 // TODO: Verify this is correct.
496 HasFakeEdge = true;
497 HasLiveReturn = true;
498 continue;
499 }
500 if (isa<CXXTryStmt>(S)) {
501 HasAbnormalEdge = true;
502 continue;
503 }
504 if (!llvm::is_contained(B.succs(), &cfg->getExit())) {
505 HasAbnormalEdge = true;
506 continue;
507 }
508
509 HasPlainEdge = true;
510 }
511 if (!HasPlainEdge) {
512 if (HasLiveReturn)
513 return NeverFallThrough;
514 return NeverFallThroughOrReturn;
515 }
516 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
517 return MaybeFallThrough;
518 // This says AlwaysFallThrough for calls to functions that are not marked
519 // noreturn, that don't return. If people would like this warning to be more
520 // accurate, such functions should be marked as noreturn.
521 return AlwaysFallThrough;
522 }
523
524 namespace {
525
526 struct CheckFallThroughDiagnostics {
527 unsigned diag_MaybeFallThrough_HasNoReturn;
528 unsigned diag_MaybeFallThrough_ReturnsNonVoid;
529 unsigned diag_AlwaysFallThrough_HasNoReturn;
530 unsigned diag_AlwaysFallThrough_ReturnsNonVoid;
531 unsigned diag_NeverFallThroughOrReturn;
532 enum { Function, Block, Lambda, Coroutine } funMode;
533 SourceLocation FuncLoc;
534
MakeForFunction__anonf0871c280411::CheckFallThroughDiagnostics535 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) {
536 CheckFallThroughDiagnostics D;
537 D.FuncLoc = Func->getLocation();
538 D.diag_MaybeFallThrough_HasNoReturn =
539 diag::warn_falloff_noreturn_function;
540 D.diag_MaybeFallThrough_ReturnsNonVoid =
541 diag::warn_maybe_falloff_nonvoid_function;
542 D.diag_AlwaysFallThrough_HasNoReturn =
543 diag::warn_falloff_noreturn_function;
544 D.diag_AlwaysFallThrough_ReturnsNonVoid =
545 diag::warn_falloff_nonvoid_function;
546
547 // Don't suggest that virtual functions be marked "noreturn", since they
548 // might be overridden by non-noreturn functions.
549 bool isVirtualMethod = false;
550 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func))
551 isVirtualMethod = Method->isVirtual();
552
553 // Don't suggest that template instantiations be marked "noreturn"
554 bool isTemplateInstantiation = false;
555 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func))
556 isTemplateInstantiation = Function->isTemplateInstantiation();
557
558 if (!isVirtualMethod && !isTemplateInstantiation)
559 D.diag_NeverFallThroughOrReturn =
560 diag::warn_suggest_noreturn_function;
561 else
562 D.diag_NeverFallThroughOrReturn = 0;
563
564 D.funMode = Function;
565 return D;
566 }
567
MakeForCoroutine__anonf0871c280411::CheckFallThroughDiagnostics568 static CheckFallThroughDiagnostics MakeForCoroutine(const Decl *Func) {
569 CheckFallThroughDiagnostics D;
570 D.FuncLoc = Func->getLocation();
571 D.diag_MaybeFallThrough_HasNoReturn = 0;
572 D.diag_MaybeFallThrough_ReturnsNonVoid =
573 diag::warn_maybe_falloff_nonvoid_coroutine;
574 D.diag_AlwaysFallThrough_HasNoReturn = 0;
575 D.diag_AlwaysFallThrough_ReturnsNonVoid =
576 diag::warn_falloff_nonvoid_coroutine;
577 D.funMode = Coroutine;
578 return D;
579 }
580
MakeForBlock__anonf0871c280411::CheckFallThroughDiagnostics581 static CheckFallThroughDiagnostics MakeForBlock() {
582 CheckFallThroughDiagnostics D;
583 D.diag_MaybeFallThrough_HasNoReturn =
584 diag::err_noreturn_block_has_return_expr;
585 D.diag_MaybeFallThrough_ReturnsNonVoid =
586 diag::err_maybe_falloff_nonvoid_block;
587 D.diag_AlwaysFallThrough_HasNoReturn =
588 diag::err_noreturn_block_has_return_expr;
589 D.diag_AlwaysFallThrough_ReturnsNonVoid =
590 diag::err_falloff_nonvoid_block;
591 D.diag_NeverFallThroughOrReturn = 0;
592 D.funMode = Block;
593 return D;
594 }
595
MakeForLambda__anonf0871c280411::CheckFallThroughDiagnostics596 static CheckFallThroughDiagnostics MakeForLambda() {
597 CheckFallThroughDiagnostics D;
598 D.diag_MaybeFallThrough_HasNoReturn =
599 diag::err_noreturn_lambda_has_return_expr;
600 D.diag_MaybeFallThrough_ReturnsNonVoid =
601 diag::warn_maybe_falloff_nonvoid_lambda;
602 D.diag_AlwaysFallThrough_HasNoReturn =
603 diag::err_noreturn_lambda_has_return_expr;
604 D.diag_AlwaysFallThrough_ReturnsNonVoid =
605 diag::warn_falloff_nonvoid_lambda;
606 D.diag_NeverFallThroughOrReturn = 0;
607 D.funMode = Lambda;
608 return D;
609 }
610
checkDiagnostics__anonf0871c280411::CheckFallThroughDiagnostics611 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid,
612 bool HasNoReturn) const {
613 if (funMode == Function) {
614 return (ReturnsVoid ||
615 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function,
616 FuncLoc)) &&
617 (!HasNoReturn ||
618 D.isIgnored(diag::warn_noreturn_function_has_return_expr,
619 FuncLoc)) &&
620 (!ReturnsVoid ||
621 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc));
622 }
623 if (funMode == Coroutine) {
624 return (ReturnsVoid ||
625 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, FuncLoc) ||
626 D.isIgnored(diag::warn_maybe_falloff_nonvoid_coroutine,
627 FuncLoc)) &&
628 (!HasNoReturn);
629 }
630 // For blocks / lambdas.
631 return ReturnsVoid && !HasNoReturn;
632 }
633 };
634
635 } // anonymous namespace
636
637 /// CheckFallThroughForBody - Check that we don't fall off the end of a
638 /// function that should return a value. Check that we don't fall off the end
639 /// of a noreturn function. We assume that functions and blocks not marked
640 /// noreturn will return.
CheckFallThroughForBody(Sema & S,const Decl * D,const Stmt * Body,QualType BlockType,const CheckFallThroughDiagnostics & CD,AnalysisDeclContext & AC,sema::FunctionScopeInfo * FSI)641 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body,
642 QualType BlockType,
643 const CheckFallThroughDiagnostics &CD,
644 AnalysisDeclContext &AC,
645 sema::FunctionScopeInfo *FSI) {
646
647 bool ReturnsVoid = false;
648 bool HasNoReturn = false;
649 bool IsCoroutine = FSI->isCoroutine();
650
651 if (const auto *FD = dyn_cast<FunctionDecl>(D)) {
652 if (const auto *CBody = dyn_cast<CoroutineBodyStmt>(Body))
653 ReturnsVoid = CBody->getFallthroughHandler() != nullptr;
654 else
655 ReturnsVoid = FD->getReturnType()->isVoidType();
656 HasNoReturn = FD->isNoReturn();
657 }
658 else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) {
659 ReturnsVoid = MD->getReturnType()->isVoidType();
660 HasNoReturn = MD->hasAttr<NoReturnAttr>();
661 }
662 else if (isa<BlockDecl>(D)) {
663 if (const FunctionType *FT =
664 BlockType->getPointeeType()->getAs<FunctionType>()) {
665 if (FT->getReturnType()->isVoidType())
666 ReturnsVoid = true;
667 if (FT->getNoReturnAttr())
668 HasNoReturn = true;
669 }
670 }
671
672 DiagnosticsEngine &Diags = S.getDiagnostics();
673
674 // Short circuit for compilation speed.
675 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn))
676 return;
677 SourceLocation LBrace = Body->getBeginLoc(), RBrace = Body->getEndLoc();
678 auto EmitDiag = [&](SourceLocation Loc, unsigned DiagID) {
679 if (IsCoroutine)
680 S.Diag(Loc, DiagID) << FSI->CoroutinePromise->getType();
681 else
682 S.Diag(Loc, DiagID);
683 };
684
685 // cpu_dispatch functions permit empty function bodies for ICC compatibility.
686 if (D->getAsFunction() && D->getAsFunction()->isCPUDispatchMultiVersion())
687 return;
688
689 // Either in a function body compound statement, or a function-try-block.
690 switch (CheckFallThrough(AC)) {
691 case UnknownFallThrough:
692 break;
693
694 case MaybeFallThrough:
695 if (HasNoReturn)
696 EmitDiag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn);
697 else if (!ReturnsVoid)
698 EmitDiag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid);
699 break;
700 case AlwaysFallThrough:
701 if (HasNoReturn)
702 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn);
703 else if (!ReturnsVoid)
704 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid);
705 break;
706 case NeverFallThroughOrReturn:
707 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) {
708 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
709 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD;
710 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
711 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD;
712 } else {
713 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn);
714 }
715 }
716 break;
717 case NeverFallThrough:
718 break;
719 }
720 }
721
722 //===----------------------------------------------------------------------===//
723 // -Wuninitialized
724 //===----------------------------------------------------------------------===//
725
726 namespace {
727 /// ContainsReference - A visitor class to search for references to
728 /// a particular declaration (the needle) within any evaluated component of an
729 /// expression (recursively).
730 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> {
731 bool FoundReference;
732 const DeclRefExpr *Needle;
733
734 public:
735 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited;
736
ContainsReference(ASTContext & Context,const DeclRefExpr * Needle)737 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle)
738 : Inherited(Context), FoundReference(false), Needle(Needle) {}
739
VisitExpr(const Expr * E)740 void VisitExpr(const Expr *E) {
741 // Stop evaluating if we already have a reference.
742 if (FoundReference)
743 return;
744
745 Inherited::VisitExpr(E);
746 }
747
VisitDeclRefExpr(const DeclRefExpr * E)748 void VisitDeclRefExpr(const DeclRefExpr *E) {
749 if (E == Needle)
750 FoundReference = true;
751 else
752 Inherited::VisitDeclRefExpr(E);
753 }
754
doesContainReference() const755 bool doesContainReference() const { return FoundReference; }
756 };
757 } // anonymous namespace
758
SuggestInitializationFixit(Sema & S,const VarDecl * VD)759 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) {
760 QualType VariableTy = VD->getType().getCanonicalType();
761 if (VariableTy->isBlockPointerType() &&
762 !VD->hasAttr<BlocksAttr>()) {
763 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization)
764 << VD->getDeclName()
765 << FixItHint::CreateInsertion(VD->getLocation(), "__block ");
766 return true;
767 }
768
769 // Don't issue a fixit if there is already an initializer.
770 if (VD->getInit())
771 return false;
772
773 // Don't suggest a fixit inside macros.
774 if (VD->getEndLoc().isMacroID())
775 return false;
776
777 SourceLocation Loc = S.getLocForEndOfToken(VD->getEndLoc());
778
779 // Suggest possible initialization (if any).
780 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc);
781 if (Init.empty())
782 return false;
783
784 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName()
785 << FixItHint::CreateInsertion(Loc, Init);
786 return true;
787 }
788
789 /// Create a fixit to remove an if-like statement, on the assumption that its
790 /// condition is CondVal.
CreateIfFixit(Sema & S,const Stmt * If,const Stmt * Then,const Stmt * Else,bool CondVal,FixItHint & Fixit1,FixItHint & Fixit2)791 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then,
792 const Stmt *Else, bool CondVal,
793 FixItHint &Fixit1, FixItHint &Fixit2) {
794 if (CondVal) {
795 // If condition is always true, remove all but the 'then'.
796 Fixit1 = FixItHint::CreateRemoval(
797 CharSourceRange::getCharRange(If->getBeginLoc(), Then->getBeginLoc()));
798 if (Else) {
799 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getEndLoc());
800 Fixit2 =
801 FixItHint::CreateRemoval(SourceRange(ElseKwLoc, Else->getEndLoc()));
802 }
803 } else {
804 // If condition is always false, remove all but the 'else'.
805 if (Else)
806 Fixit1 = FixItHint::CreateRemoval(CharSourceRange::getCharRange(
807 If->getBeginLoc(), Else->getBeginLoc()));
808 else
809 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange());
810 }
811 }
812
813 /// DiagUninitUse -- Helper function to produce a diagnostic for an
814 /// uninitialized use of a variable.
DiagUninitUse(Sema & S,const VarDecl * VD,const UninitUse & Use,bool IsCapturedByBlock)815 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use,
816 bool IsCapturedByBlock) {
817 bool Diagnosed = false;
818
819 switch (Use.getKind()) {
820 case UninitUse::Always:
821 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_var)
822 << VD->getDeclName() << IsCapturedByBlock
823 << Use.getUser()->getSourceRange();
824 return;
825
826 case UninitUse::AfterDecl:
827 case UninitUse::AfterCall:
828 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var)
829 << VD->getDeclName() << IsCapturedByBlock
830 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5)
831 << const_cast<DeclContext*>(VD->getLexicalDeclContext())
832 << VD->getSourceRange();
833 S.Diag(Use.getUser()->getBeginLoc(), diag::note_uninit_var_use)
834 << IsCapturedByBlock << Use.getUser()->getSourceRange();
835 return;
836
837 case UninitUse::Maybe:
838 case UninitUse::Sometimes:
839 // Carry on to report sometimes-uninitialized branches, if possible,
840 // or a 'may be used uninitialized' diagnostic otherwise.
841 break;
842 }
843
844 // Diagnose each branch which leads to a sometimes-uninitialized use.
845 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end();
846 I != E; ++I) {
847 assert(Use.getKind() == UninitUse::Sometimes);
848
849 const Expr *User = Use.getUser();
850 const Stmt *Term = I->Terminator;
851
852 // Information used when building the diagnostic.
853 unsigned DiagKind;
854 StringRef Str;
855 SourceRange Range;
856
857 // FixIts to suppress the diagnostic by removing the dead condition.
858 // For all binary terminators, branch 0 is taken if the condition is true,
859 // and branch 1 is taken if the condition is false.
860 int RemoveDiagKind = -1;
861 const char *FixitStr =
862 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false")
863 : (I->Output ? "1" : "0");
864 FixItHint Fixit1, Fixit2;
865
866 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) {
867 default:
868 // Don't know how to report this. Just fall back to 'may be used
869 // uninitialized'. FIXME: Can this happen?
870 continue;
871
872 // "condition is true / condition is false".
873 case Stmt::IfStmtClass: {
874 const IfStmt *IS = cast<IfStmt>(Term);
875 DiagKind = 0;
876 Str = "if";
877 Range = IS->getCond()->getSourceRange();
878 RemoveDiagKind = 0;
879 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(),
880 I->Output, Fixit1, Fixit2);
881 break;
882 }
883 case Stmt::ConditionalOperatorClass: {
884 const ConditionalOperator *CO = cast<ConditionalOperator>(Term);
885 DiagKind = 0;
886 Str = "?:";
887 Range = CO->getCond()->getSourceRange();
888 RemoveDiagKind = 0;
889 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(),
890 I->Output, Fixit1, Fixit2);
891 break;
892 }
893 case Stmt::BinaryOperatorClass: {
894 const BinaryOperator *BO = cast<BinaryOperator>(Term);
895 if (!BO->isLogicalOp())
896 continue;
897 DiagKind = 0;
898 Str = BO->getOpcodeStr();
899 Range = BO->getLHS()->getSourceRange();
900 RemoveDiagKind = 0;
901 if ((BO->getOpcode() == BO_LAnd && I->Output) ||
902 (BO->getOpcode() == BO_LOr && !I->Output))
903 // true && y -> y, false || y -> y.
904 Fixit1 = FixItHint::CreateRemoval(
905 SourceRange(BO->getBeginLoc(), BO->getOperatorLoc()));
906 else
907 // false && y -> false, true || y -> true.
908 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr);
909 break;
910 }
911
912 // "loop is entered / loop is exited".
913 case Stmt::WhileStmtClass:
914 DiagKind = 1;
915 Str = "while";
916 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange();
917 RemoveDiagKind = 1;
918 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
919 break;
920 case Stmt::ForStmtClass:
921 DiagKind = 1;
922 Str = "for";
923 Range = cast<ForStmt>(Term)->getCond()->getSourceRange();
924 RemoveDiagKind = 1;
925 if (I->Output)
926 Fixit1 = FixItHint::CreateRemoval(Range);
927 else
928 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
929 break;
930 case Stmt::CXXForRangeStmtClass:
931 if (I->Output == 1) {
932 // The use occurs if a range-based for loop's body never executes.
933 // That may be impossible, and there's no syntactic fix for this,
934 // so treat it as a 'may be uninitialized' case.
935 continue;
936 }
937 DiagKind = 1;
938 Str = "for";
939 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange();
940 break;
941
942 // "condition is true / loop is exited".
943 case Stmt::DoStmtClass:
944 DiagKind = 2;
945 Str = "do";
946 Range = cast<DoStmt>(Term)->getCond()->getSourceRange();
947 RemoveDiagKind = 1;
948 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
949 break;
950
951 // "switch case is taken".
952 case Stmt::CaseStmtClass:
953 DiagKind = 3;
954 Str = "case";
955 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange();
956 break;
957 case Stmt::DefaultStmtClass:
958 DiagKind = 3;
959 Str = "default";
960 Range = cast<DefaultStmt>(Term)->getDefaultLoc();
961 break;
962 }
963
964 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var)
965 << VD->getDeclName() << IsCapturedByBlock << DiagKind
966 << Str << I->Output << Range;
967 S.Diag(User->getBeginLoc(), diag::note_uninit_var_use)
968 << IsCapturedByBlock << User->getSourceRange();
969 if (RemoveDiagKind != -1)
970 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond)
971 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2;
972
973 Diagnosed = true;
974 }
975
976 if (!Diagnosed)
977 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_maybe_uninit_var)
978 << VD->getDeclName() << IsCapturedByBlock
979 << Use.getUser()->getSourceRange();
980 }
981
982 /// Diagnose uninitialized const reference usages.
DiagnoseUninitializedConstRefUse(Sema & S,const VarDecl * VD,const UninitUse & Use)983 static bool DiagnoseUninitializedConstRefUse(Sema &S, const VarDecl *VD,
984 const UninitUse &Use) {
985 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_const_reference)
986 << VD->getDeclName() << Use.getUser()->getSourceRange();
987 return true;
988 }
989
990 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an
991 /// uninitialized variable. This manages the different forms of diagnostic
992 /// emitted for particular types of uses. Returns true if the use was diagnosed
993 /// as a warning. If a particular use is one we omit warnings for, returns
994 /// false.
DiagnoseUninitializedUse(Sema & S,const VarDecl * VD,const UninitUse & Use,bool alwaysReportSelfInit=false)995 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD,
996 const UninitUse &Use,
997 bool alwaysReportSelfInit = false) {
998 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) {
999 // Inspect the initializer of the variable declaration which is
1000 // being referenced prior to its initialization. We emit
1001 // specialized diagnostics for self-initialization, and we
1002 // specifically avoid warning about self references which take the
1003 // form of:
1004 //
1005 // int x = x;
1006 //
1007 // This is used to indicate to GCC that 'x' is intentionally left
1008 // uninitialized. Proven code paths which access 'x' in
1009 // an uninitialized state after this will still warn.
1010 if (const Expr *Initializer = VD->getInit()) {
1011 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts())
1012 return false;
1013
1014 ContainsReference CR(S.Context, DRE);
1015 CR.Visit(Initializer);
1016 if (CR.doesContainReference()) {
1017 S.Diag(DRE->getBeginLoc(), diag::warn_uninit_self_reference_in_init)
1018 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange();
1019 return true;
1020 }
1021 }
1022
1023 DiagUninitUse(S, VD, Use, false);
1024 } else {
1025 const BlockExpr *BE = cast<BlockExpr>(Use.getUser());
1026 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>())
1027 S.Diag(BE->getBeginLoc(),
1028 diag::warn_uninit_byref_blockvar_captured_by_block)
1029 << VD->getDeclName()
1030 << VD->getType().getQualifiers().hasObjCLifetime();
1031 else
1032 DiagUninitUse(S, VD, Use, true);
1033 }
1034
1035 // Report where the variable was declared when the use wasn't within
1036 // the initializer of that declaration & we didn't already suggest
1037 // an initialization fixit.
1038 if (!SuggestInitializationFixit(S, VD))
1039 S.Diag(VD->getBeginLoc(), diag::note_var_declared_here)
1040 << VD->getDeclName();
1041
1042 return true;
1043 }
1044
1045 namespace {
1046 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> {
1047 public:
FallthroughMapper(Sema & S)1048 FallthroughMapper(Sema &S)
1049 : FoundSwitchStatements(false),
1050 S(S) {
1051 }
1052
foundSwitchStatements() const1053 bool foundSwitchStatements() const { return FoundSwitchStatements; }
1054
markFallthroughVisited(const AttributedStmt * Stmt)1055 void markFallthroughVisited(const AttributedStmt *Stmt) {
1056 bool Found = FallthroughStmts.erase(Stmt);
1057 assert(Found);
1058 (void)Found;
1059 }
1060
1061 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts;
1062
getFallthroughStmts() const1063 const AttrStmts &getFallthroughStmts() const {
1064 return FallthroughStmts;
1065 }
1066
fillReachableBlocks(CFG * Cfg)1067 void fillReachableBlocks(CFG *Cfg) {
1068 assert(ReachableBlocks.empty() && "ReachableBlocks already filled");
1069 std::deque<const CFGBlock *> BlockQueue;
1070
1071 ReachableBlocks.insert(&Cfg->getEntry());
1072 BlockQueue.push_back(&Cfg->getEntry());
1073 // Mark all case blocks reachable to avoid problems with switching on
1074 // constants, covered enums, etc.
1075 // These blocks can contain fall-through annotations, and we don't want to
1076 // issue a warn_fallthrough_attr_unreachable for them.
1077 for (const auto *B : *Cfg) {
1078 const Stmt *L = B->getLabel();
1079 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second)
1080 BlockQueue.push_back(B);
1081 }
1082
1083 while (!BlockQueue.empty()) {
1084 const CFGBlock *P = BlockQueue.front();
1085 BlockQueue.pop_front();
1086 for (const CFGBlock *B : P->succs()) {
1087 if (B && ReachableBlocks.insert(B).second)
1088 BlockQueue.push_back(B);
1089 }
1090 }
1091 }
1092
checkFallThroughIntoBlock(const CFGBlock & B,int & AnnotatedCnt,bool IsTemplateInstantiation)1093 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt,
1094 bool IsTemplateInstantiation) {
1095 assert(!ReachableBlocks.empty() && "ReachableBlocks empty");
1096
1097 int UnannotatedCnt = 0;
1098 AnnotatedCnt = 0;
1099
1100 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end());
1101 while (!BlockQueue.empty()) {
1102 const CFGBlock *P = BlockQueue.front();
1103 BlockQueue.pop_front();
1104 if (!P) continue;
1105
1106 const Stmt *Term = P->getTerminatorStmt();
1107 if (Term && isa<SwitchStmt>(Term))
1108 continue; // Switch statement, good.
1109
1110 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel());
1111 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end())
1112 continue; // Previous case label has no statements, good.
1113
1114 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel());
1115 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end())
1116 continue; // Case label is preceded with a normal label, good.
1117
1118 if (!ReachableBlocks.count(P)) {
1119 for (const CFGElement &Elem : llvm::reverse(*P)) {
1120 if (std::optional<CFGStmt> CS = Elem.getAs<CFGStmt>()) {
1121 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) {
1122 // Don't issue a warning for an unreachable fallthrough
1123 // attribute in template instantiations as it may not be
1124 // unreachable in all instantiations of the template.
1125 if (!IsTemplateInstantiation)
1126 S.Diag(AS->getBeginLoc(),
1127 diag::warn_unreachable_fallthrough_attr);
1128 markFallthroughVisited(AS);
1129 ++AnnotatedCnt;
1130 break;
1131 }
1132 // Don't care about other unreachable statements.
1133 }
1134 }
1135 // If there are no unreachable statements, this may be a special
1136 // case in CFG:
1137 // case X: {
1138 // A a; // A has a destructor.
1139 // break;
1140 // }
1141 // // <<<< This place is represented by a 'hanging' CFG block.
1142 // case Y:
1143 continue;
1144 }
1145
1146 const Stmt *LastStmt = getLastStmt(*P);
1147 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) {
1148 markFallthroughVisited(AS);
1149 ++AnnotatedCnt;
1150 continue; // Fallthrough annotation, good.
1151 }
1152
1153 if (!LastStmt) { // This block contains no executable statements.
1154 // Traverse its predecessors.
1155 std::copy(P->pred_begin(), P->pred_end(),
1156 std::back_inserter(BlockQueue));
1157 continue;
1158 }
1159
1160 ++UnannotatedCnt;
1161 }
1162 return !!UnannotatedCnt;
1163 }
1164
1165 // RecursiveASTVisitor setup.
shouldWalkTypesOfTypeLocs() const1166 bool shouldWalkTypesOfTypeLocs() const { return false; }
1167
VisitAttributedStmt(AttributedStmt * S)1168 bool VisitAttributedStmt(AttributedStmt *S) {
1169 if (asFallThroughAttr(S))
1170 FallthroughStmts.insert(S);
1171 return true;
1172 }
1173
VisitSwitchStmt(SwitchStmt * S)1174 bool VisitSwitchStmt(SwitchStmt *S) {
1175 FoundSwitchStatements = true;
1176 return true;
1177 }
1178
1179 // We don't want to traverse local type declarations. We analyze their
1180 // methods separately.
TraverseDecl(Decl * D)1181 bool TraverseDecl(Decl *D) { return true; }
1182
1183 // We analyze lambda bodies separately. Skip them here.
TraverseLambdaExpr(LambdaExpr * LE)1184 bool TraverseLambdaExpr(LambdaExpr *LE) {
1185 // Traverse the captures, but not the body.
1186 for (const auto C : zip(LE->captures(), LE->capture_inits()))
1187 TraverseLambdaCapture(LE, &std::get<0>(C), std::get<1>(C));
1188 return true;
1189 }
1190
1191 private:
1192
asFallThroughAttr(const Stmt * S)1193 static const AttributedStmt *asFallThroughAttr(const Stmt *S) {
1194 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) {
1195 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs()))
1196 return AS;
1197 }
1198 return nullptr;
1199 }
1200
getLastStmt(const CFGBlock & B)1201 static const Stmt *getLastStmt(const CFGBlock &B) {
1202 if (const Stmt *Term = B.getTerminatorStmt())
1203 return Term;
1204 for (const CFGElement &Elem : llvm::reverse(B))
1205 if (std::optional<CFGStmt> CS = Elem.getAs<CFGStmt>())
1206 return CS->getStmt();
1207 // Workaround to detect a statement thrown out by CFGBuilder:
1208 // case X: {} case Y:
1209 // case X: ; case Y:
1210 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel()))
1211 if (!isa<SwitchCase>(SW->getSubStmt()))
1212 return SW->getSubStmt();
1213
1214 return nullptr;
1215 }
1216
1217 bool FoundSwitchStatements;
1218 AttrStmts FallthroughStmts;
1219 Sema &S;
1220 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks;
1221 };
1222 } // anonymous namespace
1223
getFallthroughAttrSpelling(Preprocessor & PP,SourceLocation Loc)1224 static StringRef getFallthroughAttrSpelling(Preprocessor &PP,
1225 SourceLocation Loc) {
1226 TokenValue FallthroughTokens[] = {
1227 tok::l_square, tok::l_square,
1228 PP.getIdentifierInfo("fallthrough"),
1229 tok::r_square, tok::r_square
1230 };
1231
1232 TokenValue ClangFallthroughTokens[] = {
1233 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"),
1234 tok::coloncolon, PP.getIdentifierInfo("fallthrough"),
1235 tok::r_square, tok::r_square
1236 };
1237
1238 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus17 && !PP.getLangOpts().C2x;
1239
1240 StringRef MacroName;
1241 if (PreferClangAttr)
1242 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens);
1243 if (MacroName.empty())
1244 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens);
1245 if (MacroName.empty() && !PreferClangAttr)
1246 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens);
1247 if (MacroName.empty()) {
1248 if (!PreferClangAttr)
1249 MacroName = "[[fallthrough]]";
1250 else if (PP.getLangOpts().CPlusPlus)
1251 MacroName = "[[clang::fallthrough]]";
1252 else
1253 MacroName = "__attribute__((fallthrough))";
1254 }
1255 return MacroName;
1256 }
1257
DiagnoseSwitchLabelsFallthrough(Sema & S,AnalysisDeclContext & AC,bool PerFunction)1258 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC,
1259 bool PerFunction) {
1260 FallthroughMapper FM(S);
1261 FM.TraverseStmt(AC.getBody());
1262
1263 if (!FM.foundSwitchStatements())
1264 return;
1265
1266 if (PerFunction && FM.getFallthroughStmts().empty())
1267 return;
1268
1269 CFG *Cfg = AC.getCFG();
1270
1271 if (!Cfg)
1272 return;
1273
1274 FM.fillReachableBlocks(Cfg);
1275
1276 for (const CFGBlock *B : llvm::reverse(*Cfg)) {
1277 const Stmt *Label = B->getLabel();
1278
1279 if (!isa_and_nonnull<SwitchCase>(Label))
1280 continue;
1281
1282 int AnnotatedCnt;
1283
1284 bool IsTemplateInstantiation = false;
1285 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(AC.getDecl()))
1286 IsTemplateInstantiation = Function->isTemplateInstantiation();
1287 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt,
1288 IsTemplateInstantiation))
1289 continue;
1290
1291 S.Diag(Label->getBeginLoc(),
1292 PerFunction ? diag::warn_unannotated_fallthrough_per_function
1293 : diag::warn_unannotated_fallthrough);
1294
1295 if (!AnnotatedCnt) {
1296 SourceLocation L = Label->getBeginLoc();
1297 if (L.isMacroID())
1298 continue;
1299
1300 const Stmt *Term = B->getTerminatorStmt();
1301 // Skip empty cases.
1302 while (B->empty() && !Term && B->succ_size() == 1) {
1303 B = *B->succ_begin();
1304 Term = B->getTerminatorStmt();
1305 }
1306 if (!(B->empty() && Term && isa<BreakStmt>(Term))) {
1307 Preprocessor &PP = S.getPreprocessor();
1308 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L);
1309 SmallString<64> TextToInsert(AnnotationSpelling);
1310 TextToInsert += "; ";
1311 S.Diag(L, diag::note_insert_fallthrough_fixit)
1312 << AnnotationSpelling
1313 << FixItHint::CreateInsertion(L, TextToInsert);
1314 }
1315 S.Diag(L, diag::note_insert_break_fixit)
1316 << FixItHint::CreateInsertion(L, "break; ");
1317 }
1318 }
1319
1320 for (const auto *F : FM.getFallthroughStmts())
1321 S.Diag(F->getBeginLoc(), diag::err_fallthrough_attr_invalid_placement);
1322 }
1323
isInLoop(const ASTContext & Ctx,const ParentMap & PM,const Stmt * S)1324 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM,
1325 const Stmt *S) {
1326 assert(S);
1327
1328 do {
1329 switch (S->getStmtClass()) {
1330 case Stmt::ForStmtClass:
1331 case Stmt::WhileStmtClass:
1332 case Stmt::CXXForRangeStmtClass:
1333 case Stmt::ObjCForCollectionStmtClass:
1334 return true;
1335 case Stmt::DoStmtClass: {
1336 Expr::EvalResult Result;
1337 if (!cast<DoStmt>(S)->getCond()->EvaluateAsInt(Result, Ctx))
1338 return true;
1339 return Result.Val.getInt().getBoolValue();
1340 }
1341 default:
1342 break;
1343 }
1344 } while ((S = PM.getParent(S)));
1345
1346 return false;
1347 }
1348
diagnoseRepeatedUseOfWeak(Sema & S,const sema::FunctionScopeInfo * CurFn,const Decl * D,const ParentMap & PM)1349 static void diagnoseRepeatedUseOfWeak(Sema &S,
1350 const sema::FunctionScopeInfo *CurFn,
1351 const Decl *D,
1352 const ParentMap &PM) {
1353 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy;
1354 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap;
1355 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector;
1356 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator>
1357 StmtUsesPair;
1358
1359 ASTContext &Ctx = S.getASTContext();
1360
1361 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses();
1362
1363 // Extract all weak objects that are referenced more than once.
1364 SmallVector<StmtUsesPair, 8> UsesByStmt;
1365 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end();
1366 I != E; ++I) {
1367 const WeakUseVector &Uses = I->second;
1368
1369 // Find the first read of the weak object.
1370 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end();
1371 for ( ; UI != UE; ++UI) {
1372 if (UI->isUnsafe())
1373 break;
1374 }
1375
1376 // If there were only writes to this object, don't warn.
1377 if (UI == UE)
1378 continue;
1379
1380 // If there was only one read, followed by any number of writes, and the
1381 // read is not within a loop, don't warn. Additionally, don't warn in a
1382 // loop if the base object is a local variable -- local variables are often
1383 // changed in loops.
1384 if (UI == Uses.begin()) {
1385 WeakUseVector::const_iterator UI2 = UI;
1386 for (++UI2; UI2 != UE; ++UI2)
1387 if (UI2->isUnsafe())
1388 break;
1389
1390 if (UI2 == UE) {
1391 if (!isInLoop(Ctx, PM, UI->getUseExpr()))
1392 continue;
1393
1394 const WeakObjectProfileTy &Profile = I->first;
1395 if (!Profile.isExactProfile())
1396 continue;
1397
1398 const NamedDecl *Base = Profile.getBase();
1399 if (!Base)
1400 Base = Profile.getProperty();
1401 assert(Base && "A profile always has a base or property.");
1402
1403 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base))
1404 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base))
1405 continue;
1406 }
1407 }
1408
1409 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I));
1410 }
1411
1412 if (UsesByStmt.empty())
1413 return;
1414
1415 // Sort by first use so that we emit the warnings in a deterministic order.
1416 SourceManager &SM = S.getSourceManager();
1417 llvm::sort(UsesByStmt,
1418 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) {
1419 return SM.isBeforeInTranslationUnit(LHS.first->getBeginLoc(),
1420 RHS.first->getBeginLoc());
1421 });
1422
1423 // Classify the current code body for better warning text.
1424 // This enum should stay in sync with the cases in
1425 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak.
1426 // FIXME: Should we use a common classification enum and the same set of
1427 // possibilities all throughout Sema?
1428 enum {
1429 Function,
1430 Method,
1431 Block,
1432 Lambda
1433 } FunctionKind;
1434
1435 if (isa<sema::BlockScopeInfo>(CurFn))
1436 FunctionKind = Block;
1437 else if (isa<sema::LambdaScopeInfo>(CurFn))
1438 FunctionKind = Lambda;
1439 else if (isa<ObjCMethodDecl>(D))
1440 FunctionKind = Method;
1441 else
1442 FunctionKind = Function;
1443
1444 // Iterate through the sorted problems and emit warnings for each.
1445 for (const auto &P : UsesByStmt) {
1446 const Stmt *FirstRead = P.first;
1447 const WeakObjectProfileTy &Key = P.second->first;
1448 const WeakUseVector &Uses = P.second->second;
1449
1450 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy
1451 // may not contain enough information to determine that these are different
1452 // properties. We can only be 100% sure of a repeated use in certain cases,
1453 // and we adjust the diagnostic kind accordingly so that the less certain
1454 // case can be turned off if it is too noisy.
1455 unsigned DiagKind;
1456 if (Key.isExactProfile())
1457 DiagKind = diag::warn_arc_repeated_use_of_weak;
1458 else
1459 DiagKind = diag::warn_arc_possible_repeated_use_of_weak;
1460
1461 // Classify the weak object being accessed for better warning text.
1462 // This enum should stay in sync with the cases in
1463 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak.
1464 enum {
1465 Variable,
1466 Property,
1467 ImplicitProperty,
1468 Ivar
1469 } ObjectKind;
1470
1471 const NamedDecl *KeyProp = Key.getProperty();
1472 if (isa<VarDecl>(KeyProp))
1473 ObjectKind = Variable;
1474 else if (isa<ObjCPropertyDecl>(KeyProp))
1475 ObjectKind = Property;
1476 else if (isa<ObjCMethodDecl>(KeyProp))
1477 ObjectKind = ImplicitProperty;
1478 else if (isa<ObjCIvarDecl>(KeyProp))
1479 ObjectKind = Ivar;
1480 else
1481 llvm_unreachable("Unexpected weak object kind!");
1482
1483 // Do not warn about IBOutlet weak property receivers being set to null
1484 // since they are typically only used from the main thread.
1485 if (const ObjCPropertyDecl *Prop = dyn_cast<ObjCPropertyDecl>(KeyProp))
1486 if (Prop->hasAttr<IBOutletAttr>())
1487 continue;
1488
1489 // Show the first time the object was read.
1490 S.Diag(FirstRead->getBeginLoc(), DiagKind)
1491 << int(ObjectKind) << KeyProp << int(FunctionKind)
1492 << FirstRead->getSourceRange();
1493
1494 // Print all the other accesses as notes.
1495 for (const auto &Use : Uses) {
1496 if (Use.getUseExpr() == FirstRead)
1497 continue;
1498 S.Diag(Use.getUseExpr()->getBeginLoc(),
1499 diag::note_arc_weak_also_accessed_here)
1500 << Use.getUseExpr()->getSourceRange();
1501 }
1502 }
1503 }
1504
1505 namespace clang {
1506 namespace {
1507 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes;
1508 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag;
1509 typedef std::list<DelayedDiag> DiagList;
1510
1511 struct SortDiagBySourceLocation {
1512 SourceManager &SM;
SortDiagBySourceLocationclang::__anonf0871c280c11::SortDiagBySourceLocation1513 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {}
1514
operator ()clang::__anonf0871c280c11::SortDiagBySourceLocation1515 bool operator()(const DelayedDiag &left, const DelayedDiag &right) {
1516 // Although this call will be slow, this is only called when outputting
1517 // multiple warnings.
1518 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first);
1519 }
1520 };
1521 } // anonymous namespace
1522 } // namespace clang
1523
1524 namespace {
1525 class UninitValsDiagReporter : public UninitVariablesHandler {
1526 Sema &S;
1527 typedef SmallVector<UninitUse, 2> UsesVec;
1528 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType;
1529 // Prefer using MapVector to DenseMap, so that iteration order will be
1530 // the same as insertion order. This is needed to obtain a deterministic
1531 // order of diagnostics when calling flushDiagnostics().
1532 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap;
1533 UsesMap uses;
1534 UsesMap constRefUses;
1535
1536 public:
UninitValsDiagReporter(Sema & S)1537 UninitValsDiagReporter(Sema &S) : S(S) {}
~UninitValsDiagReporter()1538 ~UninitValsDiagReporter() override { flushDiagnostics(); }
1539
getUses(UsesMap & um,const VarDecl * vd)1540 MappedType &getUses(UsesMap &um, const VarDecl *vd) {
1541 MappedType &V = um[vd];
1542 if (!V.getPointer())
1543 V.setPointer(new UsesVec());
1544 return V;
1545 }
1546
handleUseOfUninitVariable(const VarDecl * vd,const UninitUse & use)1547 void handleUseOfUninitVariable(const VarDecl *vd,
1548 const UninitUse &use) override {
1549 getUses(uses, vd).getPointer()->push_back(use);
1550 }
1551
handleConstRefUseOfUninitVariable(const VarDecl * vd,const UninitUse & use)1552 void handleConstRefUseOfUninitVariable(const VarDecl *vd,
1553 const UninitUse &use) override {
1554 getUses(constRefUses, vd).getPointer()->push_back(use);
1555 }
1556
handleSelfInit(const VarDecl * vd)1557 void handleSelfInit(const VarDecl *vd) override {
1558 getUses(uses, vd).setInt(true);
1559 getUses(constRefUses, vd).setInt(true);
1560 }
1561
flushDiagnostics()1562 void flushDiagnostics() {
1563 for (const auto &P : uses) {
1564 const VarDecl *vd = P.first;
1565 const MappedType &V = P.second;
1566
1567 UsesVec *vec = V.getPointer();
1568 bool hasSelfInit = V.getInt();
1569
1570 // Specially handle the case where we have uses of an uninitialized
1571 // variable, but the root cause is an idiomatic self-init. We want
1572 // to report the diagnostic at the self-init since that is the root cause.
1573 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec))
1574 DiagnoseUninitializedUse(S, vd,
1575 UninitUse(vd->getInit()->IgnoreParenCasts(),
1576 /* isAlwaysUninit */ true),
1577 /* alwaysReportSelfInit */ true);
1578 else {
1579 // Sort the uses by their SourceLocations. While not strictly
1580 // guaranteed to produce them in line/column order, this will provide
1581 // a stable ordering.
1582 llvm::sort(*vec, [](const UninitUse &a, const UninitUse &b) {
1583 // Prefer a more confident report over a less confident one.
1584 if (a.getKind() != b.getKind())
1585 return a.getKind() > b.getKind();
1586 return a.getUser()->getBeginLoc() < b.getUser()->getBeginLoc();
1587 });
1588
1589 for (const auto &U : *vec) {
1590 // If we have self-init, downgrade all uses to 'may be uninitialized'.
1591 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U;
1592
1593 if (DiagnoseUninitializedUse(S, vd, Use))
1594 // Skip further diagnostics for this variable. We try to warn only
1595 // on the first point at which a variable is used uninitialized.
1596 break;
1597 }
1598 }
1599
1600 // Release the uses vector.
1601 delete vec;
1602 }
1603
1604 uses.clear();
1605
1606 // Flush all const reference uses diags.
1607 for (const auto &P : constRefUses) {
1608 const VarDecl *vd = P.first;
1609 const MappedType &V = P.second;
1610
1611 UsesVec *vec = V.getPointer();
1612 bool hasSelfInit = V.getInt();
1613
1614 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec))
1615 DiagnoseUninitializedUse(S, vd,
1616 UninitUse(vd->getInit()->IgnoreParenCasts(),
1617 /* isAlwaysUninit */ true),
1618 /* alwaysReportSelfInit */ true);
1619 else {
1620 for (const auto &U : *vec) {
1621 if (DiagnoseUninitializedConstRefUse(S, vd, U))
1622 break;
1623 }
1624 }
1625
1626 // Release the uses vector.
1627 delete vec;
1628 }
1629
1630 constRefUses.clear();
1631 }
1632
1633 private:
hasAlwaysUninitializedUse(const UsesVec * vec)1634 static bool hasAlwaysUninitializedUse(const UsesVec* vec) {
1635 return llvm::any_of(*vec, [](const UninitUse &U) {
1636 return U.getKind() == UninitUse::Always ||
1637 U.getKind() == UninitUse::AfterCall ||
1638 U.getKind() == UninitUse::AfterDecl;
1639 });
1640 }
1641 };
1642
1643 /// Inter-procedural data for the called-once checker.
1644 class CalledOnceInterProceduralData {
1645 public:
1646 // Add the delayed warning for the given block.
addDelayedWarning(const BlockDecl * Block,PartialDiagnosticAt && Warning)1647 void addDelayedWarning(const BlockDecl *Block,
1648 PartialDiagnosticAt &&Warning) {
1649 DelayedBlockWarnings[Block].emplace_back(std::move(Warning));
1650 }
1651 // Report all of the warnings we've gathered for the given block.
flushWarnings(const BlockDecl * Block,Sema & S)1652 void flushWarnings(const BlockDecl *Block, Sema &S) {
1653 for (const PartialDiagnosticAt &Delayed : DelayedBlockWarnings[Block])
1654 S.Diag(Delayed.first, Delayed.second);
1655
1656 discardWarnings(Block);
1657 }
1658 // Discard all of the warnings we've gathered for the given block.
discardWarnings(const BlockDecl * Block)1659 void discardWarnings(const BlockDecl *Block) {
1660 DelayedBlockWarnings.erase(Block);
1661 }
1662
1663 private:
1664 using DelayedDiagnostics = SmallVector<PartialDiagnosticAt, 2>;
1665 llvm::DenseMap<const BlockDecl *, DelayedDiagnostics> DelayedBlockWarnings;
1666 };
1667
1668 class CalledOnceCheckReporter : public CalledOnceCheckHandler {
1669 public:
CalledOnceCheckReporter(Sema & S,CalledOnceInterProceduralData & Data)1670 CalledOnceCheckReporter(Sema &S, CalledOnceInterProceduralData &Data)
1671 : S(S), Data(Data) {}
handleDoubleCall(const ParmVarDecl * Parameter,const Expr * Call,const Expr * PrevCall,bool IsCompletionHandler,bool Poised)1672 void handleDoubleCall(const ParmVarDecl *Parameter, const Expr *Call,
1673 const Expr *PrevCall, bool IsCompletionHandler,
1674 bool Poised) override {
1675 auto DiagToReport = IsCompletionHandler
1676 ? diag::warn_completion_handler_called_twice
1677 : diag::warn_called_once_gets_called_twice;
1678 S.Diag(Call->getBeginLoc(), DiagToReport) << Parameter;
1679 S.Diag(PrevCall->getBeginLoc(), diag::note_called_once_gets_called_twice)
1680 << Poised;
1681 }
1682
handleNeverCalled(const ParmVarDecl * Parameter,bool IsCompletionHandler)1683 void handleNeverCalled(const ParmVarDecl *Parameter,
1684 bool IsCompletionHandler) override {
1685 auto DiagToReport = IsCompletionHandler
1686 ? diag::warn_completion_handler_never_called
1687 : diag::warn_called_once_never_called;
1688 S.Diag(Parameter->getBeginLoc(), DiagToReport)
1689 << Parameter << /* Captured */ false;
1690 }
1691
handleNeverCalled(const ParmVarDecl * Parameter,const Decl * Function,const Stmt * Where,NeverCalledReason Reason,bool IsCalledDirectly,bool IsCompletionHandler)1692 void handleNeverCalled(const ParmVarDecl *Parameter, const Decl *Function,
1693 const Stmt *Where, NeverCalledReason Reason,
1694 bool IsCalledDirectly,
1695 bool IsCompletionHandler) override {
1696 auto DiagToReport = IsCompletionHandler
1697 ? diag::warn_completion_handler_never_called_when
1698 : diag::warn_called_once_never_called_when;
1699 PartialDiagnosticAt Warning(Where->getBeginLoc(), S.PDiag(DiagToReport)
1700 << Parameter
1701 << IsCalledDirectly
1702 << (unsigned)Reason);
1703
1704 if (const auto *Block = dyn_cast<BlockDecl>(Function)) {
1705 // We shouldn't report these warnings on blocks immediately
1706 Data.addDelayedWarning(Block, std::move(Warning));
1707 } else {
1708 S.Diag(Warning.first, Warning.second);
1709 }
1710 }
1711
handleCapturedNeverCalled(const ParmVarDecl * Parameter,const Decl * Where,bool IsCompletionHandler)1712 void handleCapturedNeverCalled(const ParmVarDecl *Parameter,
1713 const Decl *Where,
1714 bool IsCompletionHandler) override {
1715 auto DiagToReport = IsCompletionHandler
1716 ? diag::warn_completion_handler_never_called
1717 : diag::warn_called_once_never_called;
1718 S.Diag(Where->getBeginLoc(), DiagToReport)
1719 << Parameter << /* Captured */ true;
1720 }
1721
1722 void
handleBlockThatIsGuaranteedToBeCalledOnce(const BlockDecl * Block)1723 handleBlockThatIsGuaranteedToBeCalledOnce(const BlockDecl *Block) override {
1724 Data.flushWarnings(Block, S);
1725 }
1726
handleBlockWithNoGuarantees(const BlockDecl * Block)1727 void handleBlockWithNoGuarantees(const BlockDecl *Block) override {
1728 Data.discardWarnings(Block);
1729 }
1730
1731 private:
1732 Sema &S;
1733 CalledOnceInterProceduralData &Data;
1734 };
1735
1736 constexpr unsigned CalledOnceWarnings[] = {
1737 diag::warn_called_once_never_called,
1738 diag::warn_called_once_never_called_when,
1739 diag::warn_called_once_gets_called_twice};
1740
1741 constexpr unsigned CompletionHandlerWarnings[]{
1742 diag::warn_completion_handler_never_called,
1743 diag::warn_completion_handler_never_called_when,
1744 diag::warn_completion_handler_called_twice};
1745
shouldAnalyzeCalledOnceImpl(llvm::ArrayRef<unsigned> DiagIDs,const DiagnosticsEngine & Diags,SourceLocation At)1746 bool shouldAnalyzeCalledOnceImpl(llvm::ArrayRef<unsigned> DiagIDs,
1747 const DiagnosticsEngine &Diags,
1748 SourceLocation At) {
1749 return llvm::any_of(DiagIDs, [&Diags, At](unsigned DiagID) {
1750 return !Diags.isIgnored(DiagID, At);
1751 });
1752 }
1753
shouldAnalyzeCalledOnceConventions(const DiagnosticsEngine & Diags,SourceLocation At)1754 bool shouldAnalyzeCalledOnceConventions(const DiagnosticsEngine &Diags,
1755 SourceLocation At) {
1756 return shouldAnalyzeCalledOnceImpl(CompletionHandlerWarnings, Diags, At);
1757 }
1758
shouldAnalyzeCalledOnceParameters(const DiagnosticsEngine & Diags,SourceLocation At)1759 bool shouldAnalyzeCalledOnceParameters(const DiagnosticsEngine &Diags,
1760 SourceLocation At) {
1761 return shouldAnalyzeCalledOnceImpl(CalledOnceWarnings, Diags, At) ||
1762 shouldAnalyzeCalledOnceConventions(Diags, At);
1763 }
1764 } // anonymous namespace
1765
1766 //===----------------------------------------------------------------------===//
1767 // -Wthread-safety
1768 //===----------------------------------------------------------------------===//
1769 namespace clang {
1770 namespace threadSafety {
1771 namespace {
1772 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler {
1773 Sema &S;
1774 DiagList Warnings;
1775 SourceLocation FunLocation, FunEndLocation;
1776
1777 const FunctionDecl *CurrentFunction;
1778 bool Verbose;
1779
getNotes() const1780 OptionalNotes getNotes() const {
1781 if (Verbose && CurrentFunction) {
1782 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(),
1783 S.PDiag(diag::note_thread_warning_in_fun)
1784 << CurrentFunction);
1785 return OptionalNotes(1, FNote);
1786 }
1787 return OptionalNotes();
1788 }
1789
getNotes(const PartialDiagnosticAt & Note) const1790 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const {
1791 OptionalNotes ONS(1, Note);
1792 if (Verbose && CurrentFunction) {
1793 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(),
1794 S.PDiag(diag::note_thread_warning_in_fun)
1795 << CurrentFunction);
1796 ONS.push_back(std::move(FNote));
1797 }
1798 return ONS;
1799 }
1800
getNotes(const PartialDiagnosticAt & Note1,const PartialDiagnosticAt & Note2) const1801 OptionalNotes getNotes(const PartialDiagnosticAt &Note1,
1802 const PartialDiagnosticAt &Note2) const {
1803 OptionalNotes ONS;
1804 ONS.push_back(Note1);
1805 ONS.push_back(Note2);
1806 if (Verbose && CurrentFunction) {
1807 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(),
1808 S.PDiag(diag::note_thread_warning_in_fun)
1809 << CurrentFunction);
1810 ONS.push_back(std::move(FNote));
1811 }
1812 return ONS;
1813 }
1814
makeLockedHereNote(SourceLocation LocLocked,StringRef Kind)1815 OptionalNotes makeLockedHereNote(SourceLocation LocLocked, StringRef Kind) {
1816 return LocLocked.isValid()
1817 ? getNotes(PartialDiagnosticAt(
1818 LocLocked, S.PDiag(diag::note_locked_here) << Kind))
1819 : getNotes();
1820 }
1821
makeUnlockedHereNote(SourceLocation LocUnlocked,StringRef Kind)1822 OptionalNotes makeUnlockedHereNote(SourceLocation LocUnlocked,
1823 StringRef Kind) {
1824 return LocUnlocked.isValid()
1825 ? getNotes(PartialDiagnosticAt(
1826 LocUnlocked, S.PDiag(diag::note_unlocked_here) << Kind))
1827 : getNotes();
1828 }
1829
1830 public:
ThreadSafetyReporter(Sema & S,SourceLocation FL,SourceLocation FEL)1831 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL)
1832 : S(S), FunLocation(FL), FunEndLocation(FEL),
1833 CurrentFunction(nullptr), Verbose(false) {}
1834
setVerbose(bool b)1835 void setVerbose(bool b) { Verbose = b; }
1836
1837 /// Emit all buffered diagnostics in order of sourcelocation.
1838 /// We need to output diagnostics produced while iterating through
1839 /// the lockset in deterministic order, so this function orders diagnostics
1840 /// and outputs them.
emitDiagnostics()1841 void emitDiagnostics() {
1842 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager()));
1843 for (const auto &Diag : Warnings) {
1844 S.Diag(Diag.first.first, Diag.first.second);
1845 for (const auto &Note : Diag.second)
1846 S.Diag(Note.first, Note.second);
1847 }
1848 }
1849
handleInvalidLockExp(SourceLocation Loc)1850 void handleInvalidLockExp(SourceLocation Loc) override {
1851 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock)
1852 << Loc);
1853 Warnings.emplace_back(std::move(Warning), getNotes());
1854 }
1855
handleUnmatchedUnlock(StringRef Kind,Name LockName,SourceLocation Loc,SourceLocation LocPreviousUnlock)1856 void handleUnmatchedUnlock(StringRef Kind, Name LockName, SourceLocation Loc,
1857 SourceLocation LocPreviousUnlock) override {
1858 if (Loc.isInvalid())
1859 Loc = FunLocation;
1860 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_but_no_lock)
1861 << Kind << LockName);
1862 Warnings.emplace_back(std::move(Warning),
1863 makeUnlockedHereNote(LocPreviousUnlock, Kind));
1864 }
1865
handleIncorrectUnlockKind(StringRef Kind,Name LockName,LockKind Expected,LockKind Received,SourceLocation LocLocked,SourceLocation LocUnlock)1866 void handleIncorrectUnlockKind(StringRef Kind, Name LockName,
1867 LockKind Expected, LockKind Received,
1868 SourceLocation LocLocked,
1869 SourceLocation LocUnlock) override {
1870 if (LocUnlock.isInvalid())
1871 LocUnlock = FunLocation;
1872 PartialDiagnosticAt Warning(
1873 LocUnlock, S.PDiag(diag::warn_unlock_kind_mismatch)
1874 << Kind << LockName << Received << Expected);
1875 Warnings.emplace_back(std::move(Warning),
1876 makeLockedHereNote(LocLocked, Kind));
1877 }
1878
handleDoubleLock(StringRef Kind,Name LockName,SourceLocation LocLocked,SourceLocation LocDoubleLock)1879 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation LocLocked,
1880 SourceLocation LocDoubleLock) override {
1881 if (LocDoubleLock.isInvalid())
1882 LocDoubleLock = FunLocation;
1883 PartialDiagnosticAt Warning(LocDoubleLock, S.PDiag(diag::warn_double_lock)
1884 << Kind << LockName);
1885 Warnings.emplace_back(std::move(Warning),
1886 makeLockedHereNote(LocLocked, Kind));
1887 }
1888
handleMutexHeldEndOfScope(StringRef Kind,Name LockName,SourceLocation LocLocked,SourceLocation LocEndOfScope,LockErrorKind LEK)1889 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName,
1890 SourceLocation LocLocked,
1891 SourceLocation LocEndOfScope,
1892 LockErrorKind LEK) override {
1893 unsigned DiagID = 0;
1894 switch (LEK) {
1895 case LEK_LockedSomePredecessors:
1896 DiagID = diag::warn_lock_some_predecessors;
1897 break;
1898 case LEK_LockedSomeLoopIterations:
1899 DiagID = diag::warn_expecting_lock_held_on_loop;
1900 break;
1901 case LEK_LockedAtEndOfFunction:
1902 DiagID = diag::warn_no_unlock;
1903 break;
1904 case LEK_NotLockedAtEndOfFunction:
1905 DiagID = diag::warn_expecting_locked;
1906 break;
1907 }
1908 if (LocEndOfScope.isInvalid())
1909 LocEndOfScope = FunEndLocation;
1910
1911 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind
1912 << LockName);
1913 Warnings.emplace_back(std::move(Warning),
1914 makeLockedHereNote(LocLocked, Kind));
1915 }
1916
handleExclusiveAndShared(StringRef Kind,Name LockName,SourceLocation Loc1,SourceLocation Loc2)1917 void handleExclusiveAndShared(StringRef Kind, Name LockName,
1918 SourceLocation Loc1,
1919 SourceLocation Loc2) override {
1920 PartialDiagnosticAt Warning(Loc1,
1921 S.PDiag(diag::warn_lock_exclusive_and_shared)
1922 << Kind << LockName);
1923 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared)
1924 << Kind << LockName);
1925 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1926 }
1927
handleNoMutexHeld(const NamedDecl * D,ProtectedOperationKind POK,AccessKind AK,SourceLocation Loc)1928 void handleNoMutexHeld(const NamedDecl *D, ProtectedOperationKind POK,
1929 AccessKind AK, SourceLocation Loc) override {
1930 assert((POK == POK_VarAccess || POK == POK_VarDereference) &&
1931 "Only works for variables");
1932 unsigned DiagID = POK == POK_VarAccess?
1933 diag::warn_variable_requires_any_lock:
1934 diag::warn_var_deref_requires_any_lock;
1935 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID)
1936 << D << getLockKindFromAccessKind(AK));
1937 Warnings.emplace_back(std::move(Warning), getNotes());
1938 }
1939
handleMutexNotHeld(StringRef Kind,const NamedDecl * D,ProtectedOperationKind POK,Name LockName,LockKind LK,SourceLocation Loc,Name * PossibleMatch)1940 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D,
1941 ProtectedOperationKind POK, Name LockName,
1942 LockKind LK, SourceLocation Loc,
1943 Name *PossibleMatch) override {
1944 unsigned DiagID = 0;
1945 if (PossibleMatch) {
1946 switch (POK) {
1947 case POK_VarAccess:
1948 DiagID = diag::warn_variable_requires_lock_precise;
1949 break;
1950 case POK_VarDereference:
1951 DiagID = diag::warn_var_deref_requires_lock_precise;
1952 break;
1953 case POK_FunctionCall:
1954 DiagID = diag::warn_fun_requires_lock_precise;
1955 break;
1956 case POK_PassByRef:
1957 DiagID = diag::warn_guarded_pass_by_reference;
1958 break;
1959 case POK_PtPassByRef:
1960 DiagID = diag::warn_pt_guarded_pass_by_reference;
1961 break;
1962 }
1963 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind
1964 << D
1965 << LockName << LK);
1966 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match)
1967 << *PossibleMatch);
1968 if (Verbose && POK == POK_VarAccess) {
1969 PartialDiagnosticAt VNote(D->getLocation(),
1970 S.PDiag(diag::note_guarded_by_declared_here)
1971 << D->getDeclName());
1972 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote));
1973 } else
1974 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1975 } else {
1976 switch (POK) {
1977 case POK_VarAccess:
1978 DiagID = diag::warn_variable_requires_lock;
1979 break;
1980 case POK_VarDereference:
1981 DiagID = diag::warn_var_deref_requires_lock;
1982 break;
1983 case POK_FunctionCall:
1984 DiagID = diag::warn_fun_requires_lock;
1985 break;
1986 case POK_PassByRef:
1987 DiagID = diag::warn_guarded_pass_by_reference;
1988 break;
1989 case POK_PtPassByRef:
1990 DiagID = diag::warn_pt_guarded_pass_by_reference;
1991 break;
1992 }
1993 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind
1994 << D
1995 << LockName << LK);
1996 if (Verbose && POK == POK_VarAccess) {
1997 PartialDiagnosticAt Note(D->getLocation(),
1998 S.PDiag(diag::note_guarded_by_declared_here));
1999 Warnings.emplace_back(std::move(Warning), getNotes(Note));
2000 } else
2001 Warnings.emplace_back(std::move(Warning), getNotes());
2002 }
2003 }
2004
handleNegativeNotHeld(StringRef Kind,Name LockName,Name Neg,SourceLocation Loc)2005 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg,
2006 SourceLocation Loc) override {
2007 PartialDiagnosticAt Warning(Loc,
2008 S.PDiag(diag::warn_acquire_requires_negative_cap)
2009 << Kind << LockName << Neg);
2010 Warnings.emplace_back(std::move(Warning), getNotes());
2011 }
2012
handleNegativeNotHeld(const NamedDecl * D,Name LockName,SourceLocation Loc)2013 void handleNegativeNotHeld(const NamedDecl *D, Name LockName,
2014 SourceLocation Loc) override {
2015 PartialDiagnosticAt Warning(
2016 Loc, S.PDiag(diag::warn_fun_requires_negative_cap) << D << LockName);
2017 Warnings.emplace_back(std::move(Warning), getNotes());
2018 }
2019
handleFunExcludesLock(StringRef Kind,Name FunName,Name LockName,SourceLocation Loc)2020 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName,
2021 SourceLocation Loc) override {
2022 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex)
2023 << Kind << FunName << LockName);
2024 Warnings.emplace_back(std::move(Warning), getNotes());
2025 }
2026
handleLockAcquiredBefore(StringRef Kind,Name L1Name,Name L2Name,SourceLocation Loc)2027 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name,
2028 SourceLocation Loc) override {
2029 PartialDiagnosticAt Warning(Loc,
2030 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name);
2031 Warnings.emplace_back(std::move(Warning), getNotes());
2032 }
2033
handleBeforeAfterCycle(Name L1Name,SourceLocation Loc)2034 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override {
2035 PartialDiagnosticAt Warning(Loc,
2036 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name);
2037 Warnings.emplace_back(std::move(Warning), getNotes());
2038 }
2039
enterFunction(const FunctionDecl * FD)2040 void enterFunction(const FunctionDecl* FD) override {
2041 CurrentFunction = FD;
2042 }
2043
leaveFunction(const FunctionDecl * FD)2044 void leaveFunction(const FunctionDecl* FD) override {
2045 CurrentFunction = nullptr;
2046 }
2047 };
2048 } // anonymous namespace
2049 } // namespace threadSafety
2050 } // namespace clang
2051
2052 //===----------------------------------------------------------------------===//
2053 // -Wconsumed
2054 //===----------------------------------------------------------------------===//
2055
2056 namespace clang {
2057 namespace consumed {
2058 namespace {
2059 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase {
2060
2061 Sema &S;
2062 DiagList Warnings;
2063
2064 public:
2065
ConsumedWarningsHandler(Sema & S)2066 ConsumedWarningsHandler(Sema &S) : S(S) {}
2067
emitDiagnostics()2068 void emitDiagnostics() override {
2069 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager()));
2070 for (const auto &Diag : Warnings) {
2071 S.Diag(Diag.first.first, Diag.first.second);
2072 for (const auto &Note : Diag.second)
2073 S.Diag(Note.first, Note.second);
2074 }
2075 }
2076
warnLoopStateMismatch(SourceLocation Loc,StringRef VariableName)2077 void warnLoopStateMismatch(SourceLocation Loc,
2078 StringRef VariableName) override {
2079 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) <<
2080 VariableName);
2081
2082 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2083 }
2084
warnParamReturnTypestateMismatch(SourceLocation Loc,StringRef VariableName,StringRef ExpectedState,StringRef ObservedState)2085 void warnParamReturnTypestateMismatch(SourceLocation Loc,
2086 StringRef VariableName,
2087 StringRef ExpectedState,
2088 StringRef ObservedState) override {
2089
2090 PartialDiagnosticAt Warning(Loc, S.PDiag(
2091 diag::warn_param_return_typestate_mismatch) << VariableName <<
2092 ExpectedState << ObservedState);
2093
2094 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2095 }
2096
warnParamTypestateMismatch(SourceLocation Loc,StringRef ExpectedState,StringRef ObservedState)2097 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState,
2098 StringRef ObservedState) override {
2099
2100 PartialDiagnosticAt Warning(Loc, S.PDiag(
2101 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState);
2102
2103 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2104 }
2105
warnReturnTypestateForUnconsumableType(SourceLocation Loc,StringRef TypeName)2106 void warnReturnTypestateForUnconsumableType(SourceLocation Loc,
2107 StringRef TypeName) override {
2108 PartialDiagnosticAt Warning(Loc, S.PDiag(
2109 diag::warn_return_typestate_for_unconsumable_type) << TypeName);
2110
2111 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2112 }
2113
warnReturnTypestateMismatch(SourceLocation Loc,StringRef ExpectedState,StringRef ObservedState)2114 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState,
2115 StringRef ObservedState) override {
2116
2117 PartialDiagnosticAt Warning(Loc, S.PDiag(
2118 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState);
2119
2120 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2121 }
2122
warnUseOfTempInInvalidState(StringRef MethodName,StringRef State,SourceLocation Loc)2123 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State,
2124 SourceLocation Loc) override {
2125
2126 PartialDiagnosticAt Warning(Loc, S.PDiag(
2127 diag::warn_use_of_temp_in_invalid_state) << MethodName << State);
2128
2129 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2130 }
2131
warnUseInInvalidState(StringRef MethodName,StringRef VariableName,StringRef State,SourceLocation Loc)2132 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName,
2133 StringRef State, SourceLocation Loc) override {
2134
2135 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) <<
2136 MethodName << VariableName << State);
2137
2138 Warnings.emplace_back(std::move(Warning), OptionalNotes());
2139 }
2140 };
2141 } // anonymous namespace
2142 } // namespace consumed
2143 } // namespace clang
2144
2145 //===----------------------------------------------------------------------===//
2146 // Unsafe buffer usage analysis.
2147 //===----------------------------------------------------------------------===//
2148
2149 namespace {
2150 class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler {
2151 Sema &S;
2152
2153 public:
UnsafeBufferUsageReporter(Sema & S)2154 UnsafeBufferUsageReporter(Sema &S) : S(S) {}
2155
handleUnsafeOperation(const Stmt * Operation,bool IsRelatedToDecl)2156 void handleUnsafeOperation(const Stmt *Operation,
2157 bool IsRelatedToDecl) override {
2158 SourceLocation Loc;
2159 SourceRange Range;
2160 unsigned MsgParam = 0;
2161 if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) {
2162 Loc = ASE->getBase()->getExprLoc();
2163 Range = ASE->getBase()->getSourceRange();
2164 MsgParam = 2;
2165 } else if (const auto *BO = dyn_cast<BinaryOperator>(Operation)) {
2166 BinaryOperator::Opcode Op = BO->getOpcode();
2167 if (Op == BO_Add || Op == BO_AddAssign || Op == BO_Sub ||
2168 Op == BO_SubAssign) {
2169 if (BO->getRHS()->getType()->isIntegerType()) {
2170 Loc = BO->getLHS()->getExprLoc();
2171 Range = BO->getLHS()->getSourceRange();
2172 } else {
2173 Loc = BO->getRHS()->getExprLoc();
2174 Range = BO->getRHS()->getSourceRange();
2175 }
2176 MsgParam = 1;
2177 }
2178 } else if (const auto *UO = dyn_cast<UnaryOperator>(Operation)) {
2179 UnaryOperator::Opcode Op = UO->getOpcode();
2180 if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc ||
2181 Op == UO_PostDec) {
2182 Loc = UO->getSubExpr()->getExprLoc();
2183 Range = UO->getSubExpr()->getSourceRange();
2184 MsgParam = 1;
2185 }
2186 } else {
2187 Loc = Operation->getBeginLoc();
2188 Range = Operation->getSourceRange();
2189 }
2190 if (IsRelatedToDecl)
2191 S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range;
2192 else
2193 S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range;
2194 }
2195
2196 // FIXME: rename to handleUnsafeVariable
handleFixableVariable(const VarDecl * Variable,FixItList && Fixes)2197 void handleFixableVariable(const VarDecl *Variable,
2198 FixItList &&Fixes) override {
2199 const auto &D =
2200 S.Diag(Variable->getLocation(), diag::warn_unsafe_buffer_variable);
2201 D << Variable;
2202 D << (Variable->getType()->isPointerType() ? 0 : 1);
2203 D << Variable->getSourceRange();
2204 for (const auto &F : Fixes)
2205 D << F;
2206 }
2207 };
2208 } // namespace
2209
2210 //===----------------------------------------------------------------------===//
2211 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based
2212 // warnings on a function, method, or block.
2213 //===----------------------------------------------------------------------===//
2214
Policy()2215 sema::AnalysisBasedWarnings::Policy::Policy() {
2216 enableCheckFallThrough = 1;
2217 enableCheckUnreachable = 0;
2218 enableThreadSafetyAnalysis = 0;
2219 enableConsumedAnalysis = 0;
2220 }
2221
2222 /// InterProceduralData aims to be a storage of whatever data should be passed
2223 /// between analyses of different functions.
2224 ///
2225 /// At the moment, its primary goal is to make the information gathered during
2226 /// the analysis of the blocks available during the analysis of the enclosing
2227 /// function. This is important due to the fact that blocks are analyzed before
2228 /// the enclosed function is even parsed fully, so it is not viable to access
2229 /// anything in the outer scope while analyzing the block. On the other hand,
2230 /// re-building CFG for blocks and re-analyzing them when we do have all the
2231 /// information (i.e. during the analysis of the enclosing function) seems to be
2232 /// ill-designed.
2233 class sema::AnalysisBasedWarnings::InterProceduralData {
2234 public:
2235 // It is important to analyze blocks within functions because it's a very
2236 // common pattern to capture completion handler parameters by blocks.
2237 CalledOnceInterProceduralData CalledOnceData;
2238 };
2239
isEnabled(DiagnosticsEngine & D,unsigned diag)2240 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) {
2241 return (unsigned)!D.isIgnored(diag, SourceLocation());
2242 }
2243
AnalysisBasedWarnings(Sema & s)2244 sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s)
2245 : S(s), IPData(std::make_unique<InterProceduralData>()),
2246 NumFunctionsAnalyzed(0), NumFunctionsWithBadCFGs(0), NumCFGBlocks(0),
2247 MaxCFGBlocksPerFunction(0), NumUninitAnalysisFunctions(0),
2248 NumUninitAnalysisVariables(0), MaxUninitAnalysisVariablesPerFunction(0),
2249 NumUninitAnalysisBlockVisits(0),
2250 MaxUninitAnalysisBlockVisitsPerFunction(0) {
2251
2252 using namespace diag;
2253 DiagnosticsEngine &D = S.getDiagnostics();
2254
2255 DefaultPolicy.enableCheckUnreachable =
2256 isEnabled(D, warn_unreachable) || isEnabled(D, warn_unreachable_break) ||
2257 isEnabled(D, warn_unreachable_return) ||
2258 isEnabled(D, warn_unreachable_loop_increment);
2259
2260 DefaultPolicy.enableThreadSafetyAnalysis = isEnabled(D, warn_double_lock);
2261
2262 DefaultPolicy.enableConsumedAnalysis =
2263 isEnabled(D, warn_use_in_invalid_state);
2264 }
2265
2266 // We need this here for unique_ptr with forward declared class.
2267 sema::AnalysisBasedWarnings::~AnalysisBasedWarnings() = default;
2268
flushDiagnostics(Sema & S,const sema::FunctionScopeInfo * fscope)2269 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) {
2270 for (const auto &D : fscope->PossiblyUnreachableDiags)
2271 S.Diag(D.Loc, D.PD);
2272 }
2273
IssueWarnings(sema::AnalysisBasedWarnings::Policy P,sema::FunctionScopeInfo * fscope,const Decl * D,QualType BlockType)2274 void clang::sema::AnalysisBasedWarnings::IssueWarnings(
2275 sema::AnalysisBasedWarnings::Policy P, sema::FunctionScopeInfo *fscope,
2276 const Decl *D, QualType BlockType) {
2277
2278 // We avoid doing analysis-based warnings when there are errors for
2279 // two reasons:
2280 // (1) The CFGs often can't be constructed (if the body is invalid), so
2281 // don't bother trying.
2282 // (2) The code already has problems; running the analysis just takes more
2283 // time.
2284 DiagnosticsEngine &Diags = S.getDiagnostics();
2285
2286 // Do not do any analysis if we are going to just ignore them.
2287 if (Diags.getIgnoreAllWarnings() ||
2288 (Diags.getSuppressSystemWarnings() &&
2289 S.SourceMgr.isInSystemHeader(D->getLocation())))
2290 return;
2291
2292 // For code in dependent contexts, we'll do this at instantiation time.
2293 if (cast<DeclContext>(D)->isDependentContext())
2294 return;
2295
2296 if (S.hasUncompilableErrorOccurred()) {
2297 // Flush out any possibly unreachable diagnostics.
2298 flushDiagnostics(S, fscope);
2299 return;
2300 }
2301
2302 const Stmt *Body = D->getBody();
2303 assert(Body);
2304
2305 // Construct the analysis context with the specified CFG build options.
2306 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D);
2307
2308 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2
2309 // explosion for destructors that can result and the compile time hit.
2310 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true;
2311 AC.getCFGBuildOptions().AddEHEdges = false;
2312 AC.getCFGBuildOptions().AddInitializers = true;
2313 AC.getCFGBuildOptions().AddImplicitDtors = true;
2314 AC.getCFGBuildOptions().AddTemporaryDtors = true;
2315 AC.getCFGBuildOptions().AddCXXNewAllocator = false;
2316 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true;
2317
2318 // Force that certain expressions appear as CFGElements in the CFG. This
2319 // is used to speed up various analyses.
2320 // FIXME: This isn't the right factoring. This is here for initial
2321 // prototyping, but we need a way for analyses to say what expressions they
2322 // expect to always be CFGElements and then fill in the BuildOptions
2323 // appropriately. This is essentially a layering violation.
2324 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis ||
2325 P.enableConsumedAnalysis) {
2326 // Unreachable code analysis and thread safety require a linearized CFG.
2327 AC.getCFGBuildOptions().setAllAlwaysAdd();
2328 }
2329 else {
2330 AC.getCFGBuildOptions()
2331 .setAlwaysAdd(Stmt::BinaryOperatorClass)
2332 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass)
2333 .setAlwaysAdd(Stmt::BlockExprClass)
2334 .setAlwaysAdd(Stmt::CStyleCastExprClass)
2335 .setAlwaysAdd(Stmt::DeclRefExprClass)
2336 .setAlwaysAdd(Stmt::ImplicitCastExprClass)
2337 .setAlwaysAdd(Stmt::UnaryOperatorClass);
2338 }
2339
2340 // Install the logical handler.
2341 std::optional<LogicalErrorHandler> LEH;
2342 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) {
2343 LEH.emplace(S);
2344 AC.getCFGBuildOptions().Observer = &*LEH;
2345 }
2346
2347 // Emit delayed diagnostics.
2348 if (!fscope->PossiblyUnreachableDiags.empty()) {
2349 bool analyzed = false;
2350
2351 // Register the expressions with the CFGBuilder.
2352 for (const auto &D : fscope->PossiblyUnreachableDiags) {
2353 for (const Stmt *S : D.Stmts)
2354 AC.registerForcedBlockExpression(S);
2355 }
2356
2357 if (AC.getCFG()) {
2358 analyzed = true;
2359 for (const auto &D : fscope->PossiblyUnreachableDiags) {
2360 bool AllReachable = true;
2361 for (const Stmt *S : D.Stmts) {
2362 const CFGBlock *block = AC.getBlockForRegisteredExpression(S);
2363 CFGReverseBlockReachabilityAnalysis *cra =
2364 AC.getCFGReachablityAnalysis();
2365 // FIXME: We should be able to assert that block is non-null, but
2366 // the CFG analysis can skip potentially-evaluated expressions in
2367 // edge cases; see test/Sema/vla-2.c.
2368 if (block && cra) {
2369 // Can this block be reached from the entrance?
2370 if (!cra->isReachable(&AC.getCFG()->getEntry(), block)) {
2371 AllReachable = false;
2372 break;
2373 }
2374 }
2375 // If we cannot map to a basic block, assume the statement is
2376 // reachable.
2377 }
2378
2379 if (AllReachable)
2380 S.Diag(D.Loc, D.PD);
2381 }
2382 }
2383
2384 if (!analyzed)
2385 flushDiagnostics(S, fscope);
2386 }
2387
2388 // Warning: check missing 'return'
2389 if (P.enableCheckFallThrough) {
2390 const CheckFallThroughDiagnostics &CD =
2391 (isa<BlockDecl>(D)
2392 ? CheckFallThroughDiagnostics::MakeForBlock()
2393 : (isa<CXXMethodDecl>(D) &&
2394 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call &&
2395 cast<CXXMethodDecl>(D)->getParent()->isLambda())
2396 ? CheckFallThroughDiagnostics::MakeForLambda()
2397 : (fscope->isCoroutine()
2398 ? CheckFallThroughDiagnostics::MakeForCoroutine(D)
2399 : CheckFallThroughDiagnostics::MakeForFunction(D)));
2400 CheckFallThroughForBody(S, D, Body, BlockType, CD, AC, fscope);
2401 }
2402
2403 // Warning: check for unreachable code
2404 if (P.enableCheckUnreachable) {
2405 // Only check for unreachable code on non-template instantiations.
2406 // Different template instantiations can effectively change the control-flow
2407 // and it is very difficult to prove that a snippet of code in a template
2408 // is unreachable for all instantiations.
2409 bool isTemplateInstantiation = false;
2410 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D))
2411 isTemplateInstantiation = Function->isTemplateInstantiation();
2412 if (!isTemplateInstantiation)
2413 CheckUnreachable(S, AC);
2414 }
2415
2416 // Check for thread safety violations
2417 if (P.enableThreadSafetyAnalysis) {
2418 SourceLocation FL = AC.getDecl()->getLocation();
2419 SourceLocation FEL = AC.getDecl()->getEndLoc();
2420 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL);
2421 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getBeginLoc()))
2422 Reporter.setIssueBetaWarnings(true);
2423 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getBeginLoc()))
2424 Reporter.setVerbose(true);
2425
2426 threadSafety::runThreadSafetyAnalysis(AC, Reporter,
2427 &S.ThreadSafetyDeclCache);
2428 Reporter.emitDiagnostics();
2429 }
2430
2431 // Check for violations of consumed properties.
2432 if (P.enableConsumedAnalysis) {
2433 consumed::ConsumedWarningsHandler WarningHandler(S);
2434 consumed::ConsumedAnalyzer Analyzer(WarningHandler);
2435 Analyzer.run(AC);
2436 }
2437
2438 if (!Diags.isIgnored(diag::warn_uninit_var, D->getBeginLoc()) ||
2439 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getBeginLoc()) ||
2440 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getBeginLoc()) ||
2441 !Diags.isIgnored(diag::warn_uninit_const_reference, D->getBeginLoc())) {
2442 if (CFG *cfg = AC.getCFG()) {
2443 UninitValsDiagReporter reporter(S);
2444 UninitVariablesAnalysisStats stats;
2445 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats));
2446 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC,
2447 reporter, stats);
2448
2449 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) {
2450 ++NumUninitAnalysisFunctions;
2451 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed;
2452 NumUninitAnalysisBlockVisits += stats.NumBlockVisits;
2453 MaxUninitAnalysisVariablesPerFunction =
2454 std::max(MaxUninitAnalysisVariablesPerFunction,
2455 stats.NumVariablesAnalyzed);
2456 MaxUninitAnalysisBlockVisitsPerFunction =
2457 std::max(MaxUninitAnalysisBlockVisitsPerFunction,
2458 stats.NumBlockVisits);
2459 }
2460 }
2461 }
2462
2463 // Check for violations of "called once" parameter properties.
2464 if (S.getLangOpts().ObjC && !S.getLangOpts().CPlusPlus &&
2465 shouldAnalyzeCalledOnceParameters(Diags, D->getBeginLoc())) {
2466 if (AC.getCFG()) {
2467 CalledOnceCheckReporter Reporter(S, IPData->CalledOnceData);
2468 checkCalledOnceParameters(
2469 AC, Reporter,
2470 shouldAnalyzeCalledOnceConventions(Diags, D->getBeginLoc()));
2471 }
2472 }
2473
2474 bool FallThroughDiagFull =
2475 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getBeginLoc());
2476 bool FallThroughDiagPerFunction = !Diags.isIgnored(
2477 diag::warn_unannotated_fallthrough_per_function, D->getBeginLoc());
2478 if (FallThroughDiagFull || FallThroughDiagPerFunction ||
2479 fscope->HasFallthroughStmt) {
2480 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull);
2481 }
2482
2483 if (S.getLangOpts().ObjCWeak &&
2484 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getBeginLoc()))
2485 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap());
2486
2487
2488 // Check for infinite self-recursion in functions
2489 if (!Diags.isIgnored(diag::warn_infinite_recursive_function,
2490 D->getBeginLoc())) {
2491 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
2492 checkRecursiveFunction(S, FD, Body, AC);
2493 }
2494 }
2495
2496 // Check for throw out of non-throwing function.
2497 if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc()))
2498 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
2499 if (S.getLangOpts().CPlusPlus && isNoexcept(FD))
2500 checkThrowInNonThrowingFunc(S, FD, AC);
2501
2502 // Emit unsafe buffer usage warnings and fixits.
2503 if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, D->getBeginLoc()) ||
2504 !Diags.isIgnored(diag::warn_unsafe_buffer_variable, D->getBeginLoc())) {
2505 UnsafeBufferUsageReporter R(S);
2506 checkUnsafeBufferUsage(D, R);
2507 }
2508
2509 // If none of the previous checks caused a CFG build, trigger one here
2510 // for the logical error handler.
2511 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) {
2512 AC.getCFG();
2513 }
2514
2515 // Collect statistics about the CFG if it was built.
2516 if (S.CollectStats && AC.isCFGBuilt()) {
2517 ++NumFunctionsAnalyzed;
2518 if (CFG *cfg = AC.getCFG()) {
2519 // If we successfully built a CFG for this context, record some more
2520 // detail information about it.
2521 NumCFGBlocks += cfg->getNumBlockIDs();
2522 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction,
2523 cfg->getNumBlockIDs());
2524 } else {
2525 ++NumFunctionsWithBadCFGs;
2526 }
2527 }
2528 }
2529
PrintStats() const2530 void clang::sema::AnalysisBasedWarnings::PrintStats() const {
2531 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n";
2532
2533 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs;
2534 unsigned AvgCFGBlocksPerFunction =
2535 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt;
2536 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed ("
2537 << NumFunctionsWithBadCFGs << " w/o CFGs).\n"
2538 << " " << NumCFGBlocks << " CFG blocks built.\n"
2539 << " " << AvgCFGBlocksPerFunction
2540 << " average CFG blocks per function.\n"
2541 << " " << MaxCFGBlocksPerFunction
2542 << " max CFG blocks per function.\n";
2543
2544 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0
2545 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions;
2546 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0
2547 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions;
2548 llvm::errs() << NumUninitAnalysisFunctions
2549 << " functions analyzed for uninitialiazed variables\n"
2550 << " " << NumUninitAnalysisVariables << " variables analyzed.\n"
2551 << " " << AvgUninitVariablesPerFunction
2552 << " average variables per function.\n"
2553 << " " << MaxUninitAnalysisVariablesPerFunction
2554 << " max variables per function.\n"
2555 << " " << NumUninitAnalysisBlockVisits << " block visits.\n"
2556 << " " << AvgUninitBlockVisitsPerFunction
2557 << " average block visits per function.\n"
2558 << " " << MaxUninitAnalysisBlockVisitsPerFunction
2559 << " max block visits per function.\n";
2560 }
2561