1 /* Compiler implementation of the D programming language
2 * Copyright (C) 1999-2021 by The D Language Foundation, All Rights Reserved
3 * written by Walter Bright
4 * http://www.digitalmars.com
5 * Distributed under the Boost Software License, Version 1.0.
6 * http://www.boost.org/LICENSE_1_0.txt
7 * https://github.com/D-Programming-Language/dmd/blob/master/src/access.c
8 */
9
10 #include "root/dsystem.h"
11 #include "root/root.h"
12 #include "root/rmem.h"
13
14 #include "errors.h"
15 #include "enum.h"
16 #include "aggregate.h"
17 #include "init.h"
18 #include "attrib.h"
19 #include "scope.h"
20 #include "id.h"
21 #include "mtype.h"
22 #include "declaration.h"
23 #include "aggregate.h"
24 #include "expression.h"
25 #include "module.h"
26 #include "template.h"
27
28 /* Code to do access checks
29 */
30
31 bool hasPackageAccess(Scope *sc, Dsymbol *s);
32 bool hasPackageAccess(Module *mod, Dsymbol *s);
33 bool hasPrivateAccess(AggregateDeclaration *ad, Dsymbol *smember);
34 bool isFriendOf(AggregateDeclaration *ad, AggregateDeclaration *cd);
35 static Dsymbol *mostVisibleOverload(Dsymbol *s);
36
37 /****************************************
38 * Return Prot access for Dsymbol smember in this declaration.
39 */
getAccess(AggregateDeclaration * ad,Dsymbol * smember)40 Prot getAccess(AggregateDeclaration *ad, Dsymbol *smember)
41 {
42 Prot access_ret = Prot(Prot::none);
43
44 assert(ad->isStructDeclaration() || ad->isClassDeclaration());
45 if (smember->toParent() == ad)
46 {
47 access_ret = smember->prot();
48 }
49 else if (smember->isDeclaration()->isStatic())
50 {
51 access_ret = smember->prot();
52 }
53 if (ClassDeclaration *cd = ad->isClassDeclaration())
54 {
55 for (size_t i = 0; i < cd->baseclasses->length; i++)
56 {
57 BaseClass *b = (*cd->baseclasses)[i];
58
59 Prot access = getAccess(b->sym, smember);
60 switch (access.kind)
61 {
62 case Prot::none:
63 break;
64
65 case Prot::private_:
66 access_ret = Prot(Prot::none); // private members of base class not accessible
67 break;
68
69 case Prot::package_:
70 case Prot::protected_:
71 case Prot::public_:
72 case Prot::export_:
73 // If access is to be tightened
74 if (Prot::public_ < access.kind)
75 access = Prot(Prot::public_);
76
77 // Pick path with loosest access
78 if (access_ret.isMoreRestrictiveThan(access))
79 access_ret = access;
80 break;
81
82 default:
83 assert(0);
84 }
85 }
86 }
87
88 return access_ret;
89 }
90
91 /********************************************************
92 * Helper function for checkAccess()
93 * Returns:
94 * false is not accessible
95 * true is accessible
96 */
isAccessible(Dsymbol * smember,Dsymbol * sfunc,AggregateDeclaration * dthis,AggregateDeclaration * cdscope)97 static bool isAccessible(
98 Dsymbol *smember,
99 Dsymbol *sfunc,
100 AggregateDeclaration *dthis,
101 AggregateDeclaration *cdscope)
102 {
103 assert(dthis);
104
105 if (hasPrivateAccess(dthis, sfunc) ||
106 isFriendOf(dthis, cdscope))
107 {
108 if (smember->toParent() == dthis)
109 return true;
110
111 if (ClassDeclaration *cdthis = dthis->isClassDeclaration())
112 {
113 for (size_t i = 0; i < cdthis->baseclasses->length; i++)
114 {
115 BaseClass *b = (*cdthis->baseclasses)[i];
116 Prot access = getAccess(b->sym, smember);
117 if (access.kind >= Prot::protected_ ||
118 isAccessible(smember, sfunc, b->sym, cdscope))
119 {
120 return true;
121 }
122 }
123 }
124 }
125 else
126 {
127 if (smember->toParent() != dthis)
128 {
129 if (ClassDeclaration *cdthis = dthis->isClassDeclaration())
130 {
131 for (size_t i = 0; i < cdthis->baseclasses->length; i++)
132 {
133 BaseClass *b = (*cdthis->baseclasses)[i];
134 if (isAccessible(smember, sfunc, b->sym, cdscope))
135 return true;
136 }
137 }
138 }
139 }
140 return false;
141 }
142
143 /*******************************
144 * Do access check for member of this class, this class being the
145 * type of the 'this' pointer used to access smember.
146 * Returns true if the member is not accessible.
147 */
checkAccess(AggregateDeclaration * ad,Loc loc,Scope * sc,Dsymbol * smember)148 bool checkAccess(AggregateDeclaration *ad, Loc loc, Scope *sc, Dsymbol *smember)
149 {
150 FuncDeclaration *f = sc->func;
151 AggregateDeclaration *cdscope = sc->getStructClassScope();
152
153 Dsymbol *smemberparent = smember->toParent();
154 if (!smemberparent || !smemberparent->isAggregateDeclaration())
155 {
156 return false; // then it is accessible
157 }
158
159 // BUG: should enable this check
160 //assert(smember->parent->isBaseOf(this, NULL));
161
162 bool result;
163 Prot access;
164 if (smemberparent == ad)
165 {
166 access = smember->prot();
167 result = access.kind >= Prot::public_ ||
168 hasPrivateAccess(ad, f) ||
169 isFriendOf(ad, cdscope) ||
170 (access.kind == Prot::package_ && hasPackageAccess(sc, smember)) ||
171 ad->getAccessModule() == sc->_module;
172 }
173 else if ((access = getAccess(ad, smember)).kind >= Prot::public_)
174 {
175 result = true;
176 }
177 else if (access.kind == Prot::package_ && hasPackageAccess(sc, ad))
178 {
179 result = true;
180 }
181 else
182 {
183 result = isAccessible(smember, f, ad, cdscope);
184 }
185 if (!result)
186 {
187 ad->error(loc, "member %s is not accessible", smember->toChars());
188 //printf("smember = %s %s, prot = %d, semanticRun = %d\n",
189 // smember->kind(), smember->toPrettyChars(), smember->prot(), smember->semanticRun);
190 return true;
191 }
192 return false;
193 }
194
195 /****************************************
196 * Determine if this is the same or friend of cd.
197 */
isFriendOf(AggregateDeclaration * ad,AggregateDeclaration * cd)198 bool isFriendOf(AggregateDeclaration *ad, AggregateDeclaration *cd)
199 {
200 if (ad == cd)
201 return true;
202
203 // Friends if both are in the same module
204 //if (toParent() == cd->toParent())
205 if (cd && ad->getAccessModule() == cd->getAccessModule())
206 {
207 return true;
208 }
209
210 return false;
211 }
212
213 /****************************************
214 * Determine if scope sc has package level access to s.
215 */
hasPackageAccess(Scope * sc,Dsymbol * s)216 bool hasPackageAccess(Scope *sc, Dsymbol *s)
217 {
218 return hasPackageAccess(sc->_module, s);
219 }
220
hasPackageAccess(Module * mod,Dsymbol * s)221 bool hasPackageAccess(Module *mod, Dsymbol *s)
222 {
223 Package *pkg = NULL;
224
225 if (s->prot().pkg)
226 pkg = s->prot().pkg;
227 else
228 {
229 // no explicit package for protection, inferring most qualified one
230 for (; s; s = s->parent)
231 {
232 if (Module *m = s->isModule())
233 {
234 DsymbolTable *dst = Package::resolve(m->md ? m->md->packages : NULL, NULL, NULL);
235 assert(dst);
236 Dsymbol *s2 = dst->lookup(m->ident);
237 assert(s2);
238 Package *p = s2->isPackage();
239 if (p && p->isPackageMod())
240 {
241 pkg = p;
242 break;
243 }
244 }
245 else if ((pkg = s->isPackage()) != NULL)
246 break;
247 }
248 }
249
250 if (pkg)
251 {
252 if (pkg == mod->parent)
253 {
254 return true;
255 }
256 if (pkg->isPackageMod() == mod)
257 {
258 return true;
259 }
260 Dsymbol* ancestor = mod->parent;
261 for (; ancestor; ancestor = ancestor->parent)
262 {
263 if (ancestor == pkg)
264 {
265 return true;
266 }
267 }
268 }
269
270 return false;
271 }
272
273 /****************************************
274 * Determine if scope sc has protected level access to cd.
275 */
hasProtectedAccess(Scope * sc,Dsymbol * s)276 bool hasProtectedAccess(Scope *sc, Dsymbol *s)
277 {
278 if (ClassDeclaration *cd = s->isClassMember()) // also includes interfaces
279 {
280 for (Scope *scx = sc; scx; scx = scx->enclosing)
281 {
282 if (!scx->scopesym)
283 continue;
284 ClassDeclaration *cd2 = scx->scopesym->isClassDeclaration();
285 if (cd2 && cd->isBaseOf(cd2, NULL))
286 return true;
287 }
288 }
289 return sc->_module == s->getAccessModule();
290 }
291
292 /**********************************
293 * Determine if smember has access to private members of this declaration.
294 */
hasPrivateAccess(AggregateDeclaration * ad,Dsymbol * smember)295 bool hasPrivateAccess(AggregateDeclaration *ad, Dsymbol *smember)
296 {
297 if (smember)
298 {
299 AggregateDeclaration *cd = NULL;
300 Dsymbol *smemberparent = smember->toParent();
301 if (smemberparent)
302 cd = smemberparent->isAggregateDeclaration();
303
304 if (ad == cd) // smember is a member of this class
305 {
306 return true; // so we get private access
307 }
308
309 // If both are members of the same module, grant access
310 while (1)
311 {
312 Dsymbol *sp = smember->toParent();
313 if (sp->isFuncDeclaration() && smember->isFuncDeclaration())
314 smember = sp;
315 else
316 break;
317 }
318 if (!cd && ad->toParent() == smember->toParent())
319 {
320 return true;
321 }
322 if (!cd && ad->getAccessModule() == smember->getAccessModule())
323 {
324 return true;
325 }
326 }
327 return false;
328 }
329
330 /****************************************
331 * Check access to d for expression e.d
332 * Returns true if the declaration is not accessible.
333 */
checkAccess(Loc loc,Scope * sc,Expression * e,Declaration * d)334 bool checkAccess(Loc loc, Scope *sc, Expression *e, Declaration *d)
335 {
336 if (sc->flags & SCOPEnoaccesscheck)
337 return false;
338
339 if (d->isUnitTestDeclaration())
340 {
341 // Unittests are always accessible.
342 return false;
343 }
344 if (!e)
345 return false;
346
347 if (e->type->ty == Tclass)
348 {
349 // Do access check
350 ClassDeclaration *cd = (ClassDeclaration *)(((TypeClass *)e->type)->sym);
351 if (e->op == TOKsuper)
352 {
353 ClassDeclaration *cd2 = sc->func->toParent()->isClassDeclaration();
354 if (cd2)
355 cd = cd2;
356 }
357 return checkAccess(cd, loc, sc, d);
358 }
359 else if (e->type->ty == Tstruct)
360 {
361 // Do access check
362 StructDeclaration *cd = (StructDeclaration *)(((TypeStruct *)e->type)->sym);
363 return checkAccess(cd, loc, sc, d);
364 }
365 return false;
366 }
367
368 /****************************************
369 * Check access to package/module `p` from scope `sc`.
370 *
371 * Params:
372 * loc = source location for issued error message
373 * sc = scope from which to access to a fully qualified package name
374 * p = the package/module to check access for
375 * Returns: true if the package is not accessible.
376 *
377 * Because a global symbol table tree is used for imported packages/modules,
378 * access to them needs to be checked based on the imports in the scope chain
379 * (see Bugzilla 313).
380 *
381 */
checkAccess(Scope * sc,Package * p)382 bool checkAccess(Scope *sc, Package *p)
383 {
384 if (sc->_module == p)
385 return false;
386 for (; sc; sc = sc->enclosing)
387 {
388 if (sc->scopesym && sc->scopesym->isPackageAccessible(p, Prot(Prot::private_)))
389 return false;
390 }
391
392 return true;
393 }
394
395 /**
396 * Check whether symbols `s` is visible in `mod`.
397 *
398 * Params:
399 * mod = lookup origin
400 * s = symbol to check for visibility
401 * Returns: true if s is visible in mod
402 */
symbolIsVisible(Module * mod,Dsymbol * s)403 bool symbolIsVisible(Module *mod, Dsymbol *s)
404 {
405 // should sort overloads by ascending protection instead of iterating here
406 s = mostVisibleOverload(s);
407
408 switch (s->prot().kind)
409 {
410 case Prot::undefined:
411 return true;
412 case Prot::none:
413 return false; // no access
414 case Prot::private_:
415 return s->getAccessModule() == mod;
416 case Prot::package_:
417 return s->getAccessModule() == mod || hasPackageAccess(mod, s);
418 case Prot::protected_:
419 return s->getAccessModule() == mod;
420 case Prot::public_:
421 case Prot::export_:
422 return true;
423 default:
424 assert(0);
425 }
426 return false;
427 }
428
429 /**
430 * Same as above, but determines the lookup module from symbols `origin`.
431 */
symbolIsVisible(Dsymbol * origin,Dsymbol * s)432 bool symbolIsVisible(Dsymbol *origin, Dsymbol *s)
433 {
434 return symbolIsVisible(origin->getAccessModule(), s);
435 }
436
437 /**
438 * Same as above but also checks for protected symbols visible from scope `sc`.
439 * Used for qualified name lookup.
440 *
441 * Params:
442 * sc = lookup scope
443 * s = symbol to check for visibility
444 * Returns: true if s is visible by origin
445 */
symbolIsVisible(Scope * sc,Dsymbol * s)446 bool symbolIsVisible(Scope *sc, Dsymbol *s)
447 {
448 s = mostVisibleOverload(s);
449
450 switch (s->prot().kind)
451 {
452 case Prot::undefined:
453 return true;
454 case Prot::none:
455 return false; // no access
456 case Prot::private_:
457 return sc->_module == s->getAccessModule();
458 case Prot::package_:
459 return sc->_module == s->getAccessModule() || hasPackageAccess(sc->_module, s);
460 case Prot::protected_:
461 return hasProtectedAccess(sc, s);
462 case Prot::public_:
463 case Prot::export_:
464 return true;
465 default:
466 assert(0);
467 }
468 return false;
469 }
470
471 /**
472 * Use the most visible overload to check visibility. Later perform an access
473 * check on the resolved overload. This function is similar to overloadApply,
474 * but doesn't recurse nor resolve aliases because protection/visibility is an
475 * attribute of the alias not the aliasee.
476 */
mostVisibleOverload(Dsymbol * s)477 static Dsymbol *mostVisibleOverload(Dsymbol *s)
478 {
479 if (!s->isOverloadable())
480 return s;
481
482 Dsymbol *next = NULL;
483 Dsymbol *fstart = s;
484 Dsymbol *mostVisible = s;
485 for (; s; s = next)
486 {
487 // void func() {}
488 // private void func(int) {}
489 if (FuncDeclaration *fd = s->isFuncDeclaration())
490 next = fd->overnext;
491 // template temp(T) {}
492 // private template temp(T:int) {}
493 else if (TemplateDeclaration *td = s->isTemplateDeclaration())
494 next = td->overnext;
495 // alias common = mod1.func1;
496 // alias common = mod2.func2;
497 else if (FuncAliasDeclaration *fa = s->isFuncAliasDeclaration())
498 next = fa->overnext;
499 // alias common = mod1.templ1;
500 // alias common = mod2.templ2;
501 else if (OverDeclaration *od = s->isOverDeclaration())
502 next = od->overnext;
503 // alias name = sym;
504 // private void name(int) {}
505 else if (AliasDeclaration *ad = s->isAliasDeclaration())
506 {
507 if (!ad->isOverloadable())
508 {
509 //printf("Non overloadable Aliasee in overload list\n");
510 assert(0);
511 }
512 // Yet unresolved aliases store overloads in overnext.
513 if (ad->semanticRun < PASSsemanticdone)
514 next = ad->overnext;
515 else
516 {
517 /* This is a bit messy due to the complicated implementation of
518 * alias. Aliases aren't overloadable themselves, but if their
519 * Aliasee is overloadable they can be converted to an overloadable
520 * alias.
521 *
522 * This is done by replacing the Aliasee w/ FuncAliasDeclaration
523 * (for functions) or OverDeclaration (for templates) which are
524 * simply overloadable aliases w/ weird names.
525 *
526 * Usually aliases should not be resolved for visibility checking
527 * b/c public aliases to private symbols are public. But for the
528 * overloadable alias situation, the Alias (_ad_) has been moved
529 * into it's own Aliasee, leaving a shell that we peel away here.
530 */
531 Dsymbol *aliasee = ad->toAlias();
532 if (aliasee->isFuncAliasDeclaration() || aliasee->isOverDeclaration())
533 next = aliasee;
534 else
535 {
536 /* A simple alias can be at the end of a function or template overload chain.
537 * It can't have further overloads b/c it would have been
538 * converted to an overloadable alias.
539 */
540 if (ad->overnext)
541 {
542 //printf("Unresolved overload of alias\n");
543 assert(0);
544 }
545 break;
546 }
547 }
548
549 // handled by overloadApply for unknown reason
550 assert(next != ad); // should not alias itself
551 assert(next != fstart); // should not alias the overload list itself
552 }
553 else
554 break;
555
556 if (next && mostVisible->prot().isMoreRestrictiveThan(next->prot()))
557 mostVisible = next;
558 }
559 return mostVisible;
560 }
561