1 //== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // BodyFarm is a factory for creating faux implementations for functions/methods
11 // for analysis purposes.
12 //
13 //===----------------------------------------------------------------------===//
14
15 #include "BodyFarm.h"
16 #include "clang/AST/ASTContext.h"
17 #include "clang/AST/Decl.h"
18 #include "clang/AST/Expr.h"
19 #include "clang/AST/ExprObjC.h"
20 #include "clang/Analysis/CodeInjector.h"
21 #include "llvm/ADT/StringSwitch.h"
22
23 using namespace clang;
24
25 //===----------------------------------------------------------------------===//
26 // Helper creation functions for constructing faux ASTs.
27 //===----------------------------------------------------------------------===//
28
isDispatchBlock(QualType Ty)29 static bool isDispatchBlock(QualType Ty) {
30 // Is it a block pointer?
31 const BlockPointerType *BPT = Ty->getAs<BlockPointerType>();
32 if (!BPT)
33 return false;
34
35 // Check if the block pointer type takes no arguments and
36 // returns void.
37 const FunctionProtoType *FT =
38 BPT->getPointeeType()->getAs<FunctionProtoType>();
39 if (!FT || !FT->getReturnType()->isVoidType() || FT->getNumParams() != 0)
40 return false;
41
42 return true;
43 }
44
45 namespace {
46 class ASTMaker {
47 public:
ASTMaker(ASTContext & C)48 ASTMaker(ASTContext &C) : C(C) {}
49
50 /// Create a new BinaryOperator representing a simple assignment.
51 BinaryOperator *makeAssignment(const Expr *LHS, const Expr *RHS, QualType Ty);
52
53 /// Create a new BinaryOperator representing a comparison.
54 BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS,
55 BinaryOperator::Opcode Op);
56
57 /// Create a new compound stmt using the provided statements.
58 CompoundStmt *makeCompound(ArrayRef<Stmt*>);
59
60 /// Create a new DeclRefExpr for the referenced variable.
61 DeclRefExpr *makeDeclRefExpr(const VarDecl *D);
62
63 /// Create a new UnaryOperator representing a dereference.
64 UnaryOperator *makeDereference(const Expr *Arg, QualType Ty);
65
66 /// Create an implicit cast for an integer conversion.
67 Expr *makeIntegralCast(const Expr *Arg, QualType Ty);
68
69 /// Create an implicit cast to a builtin boolean type.
70 ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg);
71
72 // Create an implicit cast for lvalue-to-rvaluate conversions.
73 ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty);
74
75 /// Create an Objective-C bool literal.
76 ObjCBoolLiteralExpr *makeObjCBool(bool Val);
77
78 /// Create an Objective-C ivar reference.
79 ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar);
80
81 /// Create a Return statement.
82 ReturnStmt *makeReturn(const Expr *RetVal);
83
84 private:
85 ASTContext &C;
86 };
87 }
88
makeAssignment(const Expr * LHS,const Expr * RHS,QualType Ty)89 BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS,
90 QualType Ty) {
91 return new (C) BinaryOperator(const_cast<Expr*>(LHS), const_cast<Expr*>(RHS),
92 BO_Assign, Ty, VK_RValue,
93 OK_Ordinary, SourceLocation(), false);
94 }
95
makeComparison(const Expr * LHS,const Expr * RHS,BinaryOperator::Opcode Op)96 BinaryOperator *ASTMaker::makeComparison(const Expr *LHS, const Expr *RHS,
97 BinaryOperator::Opcode Op) {
98 assert(BinaryOperator::isLogicalOp(Op) ||
99 BinaryOperator::isComparisonOp(Op));
100 return new (C) BinaryOperator(const_cast<Expr*>(LHS),
101 const_cast<Expr*>(RHS),
102 Op,
103 C.getLogicalOperationType(),
104 VK_RValue,
105 OK_Ordinary, SourceLocation(), false);
106 }
107
makeCompound(ArrayRef<Stmt * > Stmts)108 CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) {
109 return new (C) CompoundStmt(C, Stmts, SourceLocation(), SourceLocation());
110 }
111
makeDeclRefExpr(const VarDecl * D)112 DeclRefExpr *ASTMaker::makeDeclRefExpr(const VarDecl *D) {
113 DeclRefExpr *DR =
114 DeclRefExpr::Create(/* Ctx = */ C,
115 /* QualifierLoc = */ NestedNameSpecifierLoc(),
116 /* TemplateKWLoc = */ SourceLocation(),
117 /* D = */ const_cast<VarDecl*>(D),
118 /* RefersToEnclosingVariableOrCapture = */ false,
119 /* NameLoc = */ SourceLocation(),
120 /* T = */ D->getType(),
121 /* VK = */ VK_LValue);
122 return DR;
123 }
124
makeDereference(const Expr * Arg,QualType Ty)125 UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) {
126 return new (C) UnaryOperator(const_cast<Expr*>(Arg), UO_Deref, Ty,
127 VK_LValue, OK_Ordinary, SourceLocation());
128 }
129
makeLvalueToRvalue(const Expr * Arg,QualType Ty)130 ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) {
131 return ImplicitCastExpr::Create(C, Ty, CK_LValueToRValue,
132 const_cast<Expr*>(Arg), nullptr, VK_RValue);
133 }
134
makeIntegralCast(const Expr * Arg,QualType Ty)135 Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) {
136 if (Arg->getType() == Ty)
137 return const_cast<Expr*>(Arg);
138
139 return ImplicitCastExpr::Create(C, Ty, CK_IntegralCast,
140 const_cast<Expr*>(Arg), nullptr, VK_RValue);
141 }
142
makeIntegralCastToBoolean(const Expr * Arg)143 ImplicitCastExpr *ASTMaker::makeIntegralCastToBoolean(const Expr *Arg) {
144 return ImplicitCastExpr::Create(C, C.BoolTy, CK_IntegralToBoolean,
145 const_cast<Expr*>(Arg), nullptr, VK_RValue);
146 }
147
makeObjCBool(bool Val)148 ObjCBoolLiteralExpr *ASTMaker::makeObjCBool(bool Val) {
149 QualType Ty = C.getBOOLDecl() ? C.getBOOLType() : C.ObjCBuiltinBoolTy;
150 return new (C) ObjCBoolLiteralExpr(Val, Ty, SourceLocation());
151 }
152
makeObjCIvarRef(const Expr * Base,const ObjCIvarDecl * IVar)153 ObjCIvarRefExpr *ASTMaker::makeObjCIvarRef(const Expr *Base,
154 const ObjCIvarDecl *IVar) {
155 return new (C) ObjCIvarRefExpr(const_cast<ObjCIvarDecl*>(IVar),
156 IVar->getType(), SourceLocation(),
157 SourceLocation(), const_cast<Expr*>(Base),
158 /*arrow=*/true, /*free=*/false);
159 }
160
161
makeReturn(const Expr * RetVal)162 ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) {
163 return new (C) ReturnStmt(SourceLocation(), const_cast<Expr*>(RetVal),
164 nullptr);
165 }
166
167 //===----------------------------------------------------------------------===//
168 // Creation functions for faux ASTs.
169 //===----------------------------------------------------------------------===//
170
171 typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D);
172
173 /// Create a fake body for dispatch_once.
create_dispatch_once(ASTContext & C,const FunctionDecl * D)174 static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) {
175 // Check if we have at least two parameters.
176 if (D->param_size() != 2)
177 return nullptr;
178
179 // Check if the first parameter is a pointer to integer type.
180 const ParmVarDecl *Predicate = D->getParamDecl(0);
181 QualType PredicateQPtrTy = Predicate->getType();
182 const PointerType *PredicatePtrTy = PredicateQPtrTy->getAs<PointerType>();
183 if (!PredicatePtrTy)
184 return nullptr;
185 QualType PredicateTy = PredicatePtrTy->getPointeeType();
186 if (!PredicateTy->isIntegerType())
187 return nullptr;
188
189 // Check if the second parameter is the proper block type.
190 const ParmVarDecl *Block = D->getParamDecl(1);
191 QualType Ty = Block->getType();
192 if (!isDispatchBlock(Ty))
193 return nullptr;
194
195 // Everything checks out. Create a fakse body that checks the predicate,
196 // sets it, and calls the block. Basically, an AST dump of:
197 //
198 // void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block) {
199 // if (!*predicate) {
200 // *predicate = 1;
201 // block();
202 // }
203 // }
204
205 ASTMaker M(C);
206
207 // (1) Create the call.
208 DeclRefExpr *DR = M.makeDeclRefExpr(Block);
209 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty);
210 CallExpr *CE = new (C) CallExpr(C, ICE, None, C.VoidTy, VK_RValue,
211 SourceLocation());
212
213 // (2) Create the assignment to the predicate.
214 IntegerLiteral *IL =
215 IntegerLiteral::Create(C, llvm::APInt(C.getTypeSize(C.IntTy), (uint64_t) 1),
216 C.IntTy, SourceLocation());
217 BinaryOperator *B =
218 M.makeAssignment(
219 M.makeDereference(
220 M.makeLvalueToRvalue(
221 M.makeDeclRefExpr(Predicate), PredicateQPtrTy),
222 PredicateTy),
223 M.makeIntegralCast(IL, PredicateTy),
224 PredicateTy);
225
226 // (3) Create the compound statement.
227 Stmt *Stmts[] = { B, CE };
228 CompoundStmt *CS = M.makeCompound(Stmts);
229
230 // (4) Create the 'if' condition.
231 ImplicitCastExpr *LValToRval =
232 M.makeLvalueToRvalue(
233 M.makeDereference(
234 M.makeLvalueToRvalue(
235 M.makeDeclRefExpr(Predicate),
236 PredicateQPtrTy),
237 PredicateTy),
238 PredicateTy);
239
240 UnaryOperator *UO = new (C) UnaryOperator(LValToRval, UO_LNot, C.IntTy,
241 VK_RValue, OK_Ordinary,
242 SourceLocation());
243
244 // (5) Create the 'if' statement.
245 IfStmt *If = new (C) IfStmt(C, SourceLocation(), nullptr, UO, CS);
246 return If;
247 }
248
249 /// Create a fake body for dispatch_sync.
create_dispatch_sync(ASTContext & C,const FunctionDecl * D)250 static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) {
251 // Check if we have at least two parameters.
252 if (D->param_size() != 2)
253 return nullptr;
254
255 // Check if the second parameter is a block.
256 const ParmVarDecl *PV = D->getParamDecl(1);
257 QualType Ty = PV->getType();
258 if (!isDispatchBlock(Ty))
259 return nullptr;
260
261 // Everything checks out. Create a fake body that just calls the block.
262 // This is basically just an AST dump of:
263 //
264 // void dispatch_sync(dispatch_queue_t queue, void (^block)(void)) {
265 // block();
266 // }
267 //
268 ASTMaker M(C);
269 DeclRefExpr *DR = M.makeDeclRefExpr(PV);
270 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty);
271 CallExpr *CE = new (C) CallExpr(C, ICE, None, C.VoidTy, VK_RValue,
272 SourceLocation());
273 return CE;
274 }
275
create_OSAtomicCompareAndSwap(ASTContext & C,const FunctionDecl * D)276 static Stmt *create_OSAtomicCompareAndSwap(ASTContext &C, const FunctionDecl *D)
277 {
278 // There are exactly 3 arguments.
279 if (D->param_size() != 3)
280 return nullptr;
281
282 // Signature:
283 // _Bool OSAtomicCompareAndSwapPtr(void *__oldValue,
284 // void *__newValue,
285 // void * volatile *__theValue)
286 // Generate body:
287 // if (oldValue == *theValue) {
288 // *theValue = newValue;
289 // return YES;
290 // }
291 // else return NO;
292
293 QualType ResultTy = D->getReturnType();
294 bool isBoolean = ResultTy->isBooleanType();
295 if (!isBoolean && !ResultTy->isIntegralType(C))
296 return nullptr;
297
298 const ParmVarDecl *OldValue = D->getParamDecl(0);
299 QualType OldValueTy = OldValue->getType();
300
301 const ParmVarDecl *NewValue = D->getParamDecl(1);
302 QualType NewValueTy = NewValue->getType();
303
304 assert(OldValueTy == NewValueTy);
305
306 const ParmVarDecl *TheValue = D->getParamDecl(2);
307 QualType TheValueTy = TheValue->getType();
308 const PointerType *PT = TheValueTy->getAs<PointerType>();
309 if (!PT)
310 return nullptr;
311 QualType PointeeTy = PT->getPointeeType();
312
313 ASTMaker M(C);
314 // Construct the comparison.
315 Expr *Comparison =
316 M.makeComparison(
317 M.makeLvalueToRvalue(M.makeDeclRefExpr(OldValue), OldValueTy),
318 M.makeLvalueToRvalue(
319 M.makeDereference(
320 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy),
321 PointeeTy),
322 PointeeTy),
323 BO_EQ);
324
325 // Construct the body of the IfStmt.
326 Stmt *Stmts[2];
327 Stmts[0] =
328 M.makeAssignment(
329 M.makeDereference(
330 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy),
331 PointeeTy),
332 M.makeLvalueToRvalue(M.makeDeclRefExpr(NewValue), NewValueTy),
333 NewValueTy);
334
335 Expr *BoolVal = M.makeObjCBool(true);
336 Expr *RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal)
337 : M.makeIntegralCast(BoolVal, ResultTy);
338 Stmts[1] = M.makeReturn(RetVal);
339 CompoundStmt *Body = M.makeCompound(Stmts);
340
341 // Construct the else clause.
342 BoolVal = M.makeObjCBool(false);
343 RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal)
344 : M.makeIntegralCast(BoolVal, ResultTy);
345 Stmt *Else = M.makeReturn(RetVal);
346
347 /// Construct the If.
348 Stmt *If =
349 new (C) IfStmt(C, SourceLocation(), nullptr, Comparison, Body,
350 SourceLocation(), Else);
351
352 return If;
353 }
354
getBody(const FunctionDecl * D)355 Stmt *BodyFarm::getBody(const FunctionDecl *D) {
356 D = D->getCanonicalDecl();
357
358 Optional<Stmt *> &Val = Bodies[D];
359 if (Val.hasValue())
360 return Val.getValue();
361
362 Val = nullptr;
363
364 if (D->getIdentifier() == nullptr)
365 return nullptr;
366
367 StringRef Name = D->getName();
368 if (Name.empty())
369 return nullptr;
370
371 FunctionFarmer FF;
372
373 if (Name.startswith("OSAtomicCompareAndSwap") ||
374 Name.startswith("objc_atomicCompareAndSwap")) {
375 FF = create_OSAtomicCompareAndSwap;
376 }
377 else {
378 FF = llvm::StringSwitch<FunctionFarmer>(Name)
379 .Case("dispatch_sync", create_dispatch_sync)
380 .Case("dispatch_once", create_dispatch_once)
381 .Default(nullptr);
382 }
383
384 if (FF) { Val = FF(C, D); }
385 else if (Injector) { Val = Injector->getBody(D); }
386 return Val.getValue();
387 }
388
createObjCPropertyGetter(ASTContext & Ctx,const ObjCPropertyDecl * Prop)389 static Stmt *createObjCPropertyGetter(ASTContext &Ctx,
390 const ObjCPropertyDecl *Prop) {
391 // First, find the backing ivar.
392 const ObjCIvarDecl *IVar = Prop->getPropertyIvarDecl();
393 if (!IVar)
394 return nullptr;
395
396 // Ignore weak variables, which have special behavior.
397 if (Prop->getPropertyAttributes() & ObjCPropertyDecl::OBJC_PR_weak)
398 return nullptr;
399
400 // Look to see if Sema has synthesized a body for us. This happens in
401 // Objective-C++ because the return value may be a C++ class type with a
402 // non-trivial copy constructor. We can only do this if we can find the
403 // @synthesize for this property, though (or if we know it's been auto-
404 // synthesized).
405 const ObjCImplementationDecl *ImplDecl =
406 IVar->getContainingInterface()->getImplementation();
407 if (ImplDecl) {
408 for (const auto *I : ImplDecl->property_impls()) {
409 if (I->getPropertyDecl() != Prop)
410 continue;
411
412 if (I->getGetterCXXConstructor()) {
413 ASTMaker M(Ctx);
414 return M.makeReturn(I->getGetterCXXConstructor());
415 }
416 }
417 }
418
419 // Sanity check that the property is the same type as the ivar, or a
420 // reference to it, and that it is either an object pointer or trivially
421 // copyable.
422 if (!Ctx.hasSameUnqualifiedType(IVar->getType(),
423 Prop->getType().getNonReferenceType()))
424 return nullptr;
425 if (!IVar->getType()->isObjCLifetimeType() &&
426 !IVar->getType().isTriviallyCopyableType(Ctx))
427 return nullptr;
428
429 // Generate our body:
430 // return self->_ivar;
431 ASTMaker M(Ctx);
432
433 const VarDecl *selfVar = Prop->getGetterMethodDecl()->getSelfDecl();
434
435 Expr *loadedIVar =
436 M.makeObjCIvarRef(
437 M.makeLvalueToRvalue(
438 M.makeDeclRefExpr(selfVar),
439 selfVar->getType()),
440 IVar);
441
442 if (!Prop->getType()->isReferenceType())
443 loadedIVar = M.makeLvalueToRvalue(loadedIVar, IVar->getType());
444
445 return M.makeReturn(loadedIVar);
446 }
447
getBody(const ObjCMethodDecl * D)448 Stmt *BodyFarm::getBody(const ObjCMethodDecl *D) {
449 // We currently only know how to synthesize property accessors.
450 if (!D->isPropertyAccessor())
451 return nullptr;
452
453 D = D->getCanonicalDecl();
454
455 Optional<Stmt *> &Val = Bodies[D];
456 if (Val.hasValue())
457 return Val.getValue();
458 Val = nullptr;
459
460 const ObjCPropertyDecl *Prop = D->findPropertyDecl();
461 if (!Prop)
462 return nullptr;
463
464 // For now, we only synthesize getters.
465 if (D->param_size() != 0)
466 return nullptr;
467
468 Val = createObjCPropertyGetter(C, Prop);
469
470 return Val.getValue();
471 }
472
473