1 //=======- UncountedLambdaCapturesChecker.cpp --------------------*- C++ -*-==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 
9 #include "DiagOutputUtils.h"
10 #include "PtrTypesSemantics.h"
11 #include "clang/AST/CXXInheritance.h"
12 #include "clang/AST/RecursiveASTVisitor.h"
13 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
14 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
15 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 
18 using namespace clang;
19 using namespace ento;
20 
21 namespace {
22 class UncountedLambdaCapturesChecker
23     : public Checker<check::ASTDecl<TranslationUnitDecl>> {
24 private:
25   BugType Bug{this, "Lambda capture of uncounted variable",
26               "WebKit coding guidelines"};
27   mutable BugReporter *BR;
28 
29 public:
30   void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
31                     BugReporter &BRArg) const {
32     BR = &BRArg;
33 
34     // The calls to checkAST* from AnalysisConsumer don't
35     // visit template instantiations or lambda classes. We
36     // want to visit those, so we make our own RecursiveASTVisitor.
37     struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
38       const UncountedLambdaCapturesChecker *Checker;
39       explicit LocalVisitor(const UncountedLambdaCapturesChecker *Checker)
40           : Checker(Checker) {
41         assert(Checker);
42       }
43 
44       bool shouldVisitTemplateInstantiations() const { return true; }
45       bool shouldVisitImplicitCode() const { return false; }
46 
47       bool VisitLambdaExpr(LambdaExpr *L) {
48         Checker->visitLambdaExpr(L);
49         return true;
50       }
51     };
52 
53     LocalVisitor visitor(this);
54     visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
55   }
56 
57   void visitLambdaExpr(LambdaExpr *L) const {
58     for (const LambdaCapture &C : L->captures()) {
59       if (C.capturesVariable()) {
60         VarDecl *CapturedVar = C.getCapturedVar();
61         if (auto *CapturedVarType = CapturedVar->getType().getTypePtrOrNull()) {
62           Optional<bool> IsUncountedPtr = isUncountedPtr(CapturedVarType);
63           if (IsUncountedPtr && *IsUncountedPtr) {
64             reportBug(C, CapturedVar, CapturedVarType);
65           }
66         }
67       }
68     }
69   }
70 
71   void reportBug(const LambdaCapture &Capture, VarDecl *CapturedVar,
72                  const Type *T) const {
73     assert(CapturedVar);
74 
75     SmallString<100> Buf;
76     llvm::raw_svector_ostream Os(Buf);
77 
78     if (Capture.isExplicit()) {
79       Os << "Captured ";
80     } else {
81       Os << "Implicitly captured ";
82     }
83     if (T->isPointerType()) {
84       Os << "raw-pointer ";
85     } else {
86       assert(T->isReferenceType());
87       Os << "reference ";
88     }
89 
90     printQuotedQualifiedName(Os, Capture.getCapturedVar());
91     Os << " to uncounted type is unsafe.";
92 
93     PathDiagnosticLocation BSLoc(Capture.getLocation(), BR->getSourceManager());
94     auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
95     BR->emitReport(std::move(Report));
96   }
97 };
98 } // namespace
99 
100 void ento::registerUncountedLambdaCapturesChecker(CheckerManager &Mgr) {
101   Mgr.registerChecker<UncountedLambdaCapturesChecker>();
102 }
103 
104 bool ento::shouldRegisterUncountedLambdaCapturesChecker(
105     const CheckerManager &mgr) {
106   return true;
107 }
108