1e5dd7070Spatrick //=== LLVMConventionsChecker.cpp - Check LLVM codebase conventions ---*- C++ -*-
2e5dd7070Spatrick //
3e5dd7070Spatrick // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4e5dd7070Spatrick // See https://llvm.org/LICENSE.txt for license information.
5e5dd7070Spatrick // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6e5dd7070Spatrick //
7e5dd7070Spatrick //===----------------------------------------------------------------------===//
8e5dd7070Spatrick //
9e5dd7070Spatrick // This defines LLVMConventionsChecker, a bunch of small little checks
10e5dd7070Spatrick // for checking specific coding conventions in the LLVM/Clang codebase.
11e5dd7070Spatrick //
12e5dd7070Spatrick //===----------------------------------------------------------------------===//
13e5dd7070Spatrick
14e5dd7070Spatrick #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15e5dd7070Spatrick #include "clang/AST/DeclTemplate.h"
16e5dd7070Spatrick #include "clang/AST/StmtVisitor.h"
17e5dd7070Spatrick #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
18e5dd7070Spatrick #include "clang/StaticAnalyzer/Core/Checker.h"
19e5dd7070Spatrick #include "llvm/ADT/SmallString.h"
20e5dd7070Spatrick #include "llvm/Support/raw_ostream.h"
21e5dd7070Spatrick
22e5dd7070Spatrick using namespace clang;
23e5dd7070Spatrick using namespace ento;
24e5dd7070Spatrick
25e5dd7070Spatrick //===----------------------------------------------------------------------===//
26e5dd7070Spatrick // Generic type checking routines.
27e5dd7070Spatrick //===----------------------------------------------------------------------===//
28e5dd7070Spatrick
IsLLVMStringRef(QualType T)29e5dd7070Spatrick static bool IsLLVMStringRef(QualType T) {
30e5dd7070Spatrick const RecordType *RT = T->getAs<RecordType>();
31e5dd7070Spatrick if (!RT)
32e5dd7070Spatrick return false;
33e5dd7070Spatrick
34e5dd7070Spatrick return StringRef(QualType(RT, 0).getAsString()) == "class StringRef";
35e5dd7070Spatrick }
36e5dd7070Spatrick
37e5dd7070Spatrick /// Check whether the declaration is semantically inside the top-level
38e5dd7070Spatrick /// namespace named by ns.
InNamespace(const Decl * D,StringRef NS)39e5dd7070Spatrick static bool InNamespace(const Decl *D, StringRef NS) {
40e5dd7070Spatrick const NamespaceDecl *ND = dyn_cast<NamespaceDecl>(D->getDeclContext());
41e5dd7070Spatrick if (!ND)
42e5dd7070Spatrick return false;
43e5dd7070Spatrick const IdentifierInfo *II = ND->getIdentifier();
44e5dd7070Spatrick if (!II || !II->getName().equals(NS))
45e5dd7070Spatrick return false;
46e5dd7070Spatrick return isa<TranslationUnitDecl>(ND->getDeclContext());
47e5dd7070Spatrick }
48e5dd7070Spatrick
IsStdString(QualType T)49e5dd7070Spatrick static bool IsStdString(QualType T) {
50e5dd7070Spatrick if (const ElaboratedType *QT = T->getAs<ElaboratedType>())
51e5dd7070Spatrick T = QT->getNamedType();
52e5dd7070Spatrick
53e5dd7070Spatrick const TypedefType *TT = T->getAs<TypedefType>();
54e5dd7070Spatrick if (!TT)
55e5dd7070Spatrick return false;
56e5dd7070Spatrick
57e5dd7070Spatrick const TypedefNameDecl *TD = TT->getDecl();
58e5dd7070Spatrick
59e5dd7070Spatrick if (!TD->isInStdNamespace())
60e5dd7070Spatrick return false;
61e5dd7070Spatrick
62e5dd7070Spatrick return TD->getName() == "string";
63e5dd7070Spatrick }
64e5dd7070Spatrick
IsClangType(const RecordDecl * RD)65e5dd7070Spatrick static bool IsClangType(const RecordDecl *RD) {
66e5dd7070Spatrick return RD->getName() == "Type" && InNamespace(RD, "clang");
67e5dd7070Spatrick }
68e5dd7070Spatrick
IsClangDecl(const RecordDecl * RD)69e5dd7070Spatrick static bool IsClangDecl(const RecordDecl *RD) {
70e5dd7070Spatrick return RD->getName() == "Decl" && InNamespace(RD, "clang");
71e5dd7070Spatrick }
72e5dd7070Spatrick
IsClangStmt(const RecordDecl * RD)73e5dd7070Spatrick static bool IsClangStmt(const RecordDecl *RD) {
74e5dd7070Spatrick return RD->getName() == "Stmt" && InNamespace(RD, "clang");
75e5dd7070Spatrick }
76e5dd7070Spatrick
IsClangAttr(const RecordDecl * RD)77e5dd7070Spatrick static bool IsClangAttr(const RecordDecl *RD) {
78e5dd7070Spatrick return RD->getName() == "Attr" && InNamespace(RD, "clang");
79e5dd7070Spatrick }
80e5dd7070Spatrick
IsStdVector(QualType T)81e5dd7070Spatrick static bool IsStdVector(QualType T) {
82e5dd7070Spatrick const TemplateSpecializationType *TS = T->getAs<TemplateSpecializationType>();
83e5dd7070Spatrick if (!TS)
84e5dd7070Spatrick return false;
85e5dd7070Spatrick
86e5dd7070Spatrick TemplateName TM = TS->getTemplateName();
87e5dd7070Spatrick TemplateDecl *TD = TM.getAsTemplateDecl();
88e5dd7070Spatrick
89e5dd7070Spatrick if (!TD || !InNamespace(TD, "std"))
90e5dd7070Spatrick return false;
91e5dd7070Spatrick
92e5dd7070Spatrick return TD->getName() == "vector";
93e5dd7070Spatrick }
94e5dd7070Spatrick
IsSmallVector(QualType T)95e5dd7070Spatrick static bool IsSmallVector(QualType T) {
96e5dd7070Spatrick const TemplateSpecializationType *TS = T->getAs<TemplateSpecializationType>();
97e5dd7070Spatrick if (!TS)
98e5dd7070Spatrick return false;
99e5dd7070Spatrick
100e5dd7070Spatrick TemplateName TM = TS->getTemplateName();
101e5dd7070Spatrick TemplateDecl *TD = TM.getAsTemplateDecl();
102e5dd7070Spatrick
103e5dd7070Spatrick if (!TD || !InNamespace(TD, "llvm"))
104e5dd7070Spatrick return false;
105e5dd7070Spatrick
106e5dd7070Spatrick return TD->getName() == "SmallVector";
107e5dd7070Spatrick }
108e5dd7070Spatrick
109e5dd7070Spatrick //===----------------------------------------------------------------------===//
110e5dd7070Spatrick // CHECK: a StringRef should not be bound to a temporary std::string whose
111e5dd7070Spatrick // lifetime is shorter than the StringRef's.
112e5dd7070Spatrick //===----------------------------------------------------------------------===//
113e5dd7070Spatrick
114e5dd7070Spatrick namespace {
115e5dd7070Spatrick class StringRefCheckerVisitor : public StmtVisitor<StringRefCheckerVisitor> {
116e5dd7070Spatrick const Decl *DeclWithIssue;
117e5dd7070Spatrick BugReporter &BR;
118e5dd7070Spatrick const CheckerBase *Checker;
119e5dd7070Spatrick
120e5dd7070Spatrick public:
StringRefCheckerVisitor(const Decl * declWithIssue,BugReporter & br,const CheckerBase * checker)121e5dd7070Spatrick StringRefCheckerVisitor(const Decl *declWithIssue, BugReporter &br,
122e5dd7070Spatrick const CheckerBase *checker)
123e5dd7070Spatrick : DeclWithIssue(declWithIssue), BR(br), Checker(checker) {}
VisitChildren(Stmt * S)124e5dd7070Spatrick void VisitChildren(Stmt *S) {
125e5dd7070Spatrick for (Stmt *Child : S->children())
126e5dd7070Spatrick if (Child)
127e5dd7070Spatrick Visit(Child);
128e5dd7070Spatrick }
VisitStmt(Stmt * S)129e5dd7070Spatrick void VisitStmt(Stmt *S) { VisitChildren(S); }
130e5dd7070Spatrick void VisitDeclStmt(DeclStmt *DS);
131e5dd7070Spatrick private:
132e5dd7070Spatrick void VisitVarDecl(VarDecl *VD);
133e5dd7070Spatrick };
134e5dd7070Spatrick } // end anonymous namespace
135e5dd7070Spatrick
CheckStringRefAssignedTemporary(const Decl * D,BugReporter & BR,const CheckerBase * Checker)136e5dd7070Spatrick static void CheckStringRefAssignedTemporary(const Decl *D, BugReporter &BR,
137e5dd7070Spatrick const CheckerBase *Checker) {
138e5dd7070Spatrick StringRefCheckerVisitor walker(D, BR, Checker);
139e5dd7070Spatrick walker.Visit(D->getBody());
140e5dd7070Spatrick }
141e5dd7070Spatrick
VisitDeclStmt(DeclStmt * S)142e5dd7070Spatrick void StringRefCheckerVisitor::VisitDeclStmt(DeclStmt *S) {
143e5dd7070Spatrick VisitChildren(S);
144e5dd7070Spatrick
145e5dd7070Spatrick for (auto *I : S->decls())
146e5dd7070Spatrick if (VarDecl *VD = dyn_cast<VarDecl>(I))
147e5dd7070Spatrick VisitVarDecl(VD);
148e5dd7070Spatrick }
149e5dd7070Spatrick
VisitVarDecl(VarDecl * VD)150e5dd7070Spatrick void StringRefCheckerVisitor::VisitVarDecl(VarDecl *VD) {
151e5dd7070Spatrick Expr *Init = VD->getInit();
152e5dd7070Spatrick if (!Init)
153e5dd7070Spatrick return;
154e5dd7070Spatrick
155e5dd7070Spatrick // Pattern match for:
156e5dd7070Spatrick // StringRef x = call() (where call returns std::string)
157e5dd7070Spatrick if (!IsLLVMStringRef(VD->getType()))
158e5dd7070Spatrick return;
159e5dd7070Spatrick ExprWithCleanups *Ex1 = dyn_cast<ExprWithCleanups>(Init);
160e5dd7070Spatrick if (!Ex1)
161e5dd7070Spatrick return;
162e5dd7070Spatrick CXXConstructExpr *Ex2 = dyn_cast<CXXConstructExpr>(Ex1->getSubExpr());
163e5dd7070Spatrick if (!Ex2 || Ex2->getNumArgs() != 1)
164e5dd7070Spatrick return;
165e5dd7070Spatrick ImplicitCastExpr *Ex3 = dyn_cast<ImplicitCastExpr>(Ex2->getArg(0));
166e5dd7070Spatrick if (!Ex3)
167e5dd7070Spatrick return;
168e5dd7070Spatrick CXXConstructExpr *Ex4 = dyn_cast<CXXConstructExpr>(Ex3->getSubExpr());
169e5dd7070Spatrick if (!Ex4 || Ex4->getNumArgs() != 1)
170e5dd7070Spatrick return;
171e5dd7070Spatrick ImplicitCastExpr *Ex5 = dyn_cast<ImplicitCastExpr>(Ex4->getArg(0));
172e5dd7070Spatrick if (!Ex5)
173e5dd7070Spatrick return;
174e5dd7070Spatrick CXXBindTemporaryExpr *Ex6 = dyn_cast<CXXBindTemporaryExpr>(Ex5->getSubExpr());
175e5dd7070Spatrick if (!Ex6 || !IsStdString(Ex6->getType()))
176e5dd7070Spatrick return;
177e5dd7070Spatrick
178e5dd7070Spatrick // Okay, badness! Report an error.
179e5dd7070Spatrick const char *desc = "StringRef should not be bound to temporary "
180e5dd7070Spatrick "std::string that it outlives";
181e5dd7070Spatrick PathDiagnosticLocation VDLoc =
182e5dd7070Spatrick PathDiagnosticLocation::createBegin(VD, BR.getSourceManager());
183e5dd7070Spatrick BR.EmitBasicReport(DeclWithIssue, Checker, desc, "LLVM Conventions", desc,
184e5dd7070Spatrick VDLoc, Init->getSourceRange());
185e5dd7070Spatrick }
186e5dd7070Spatrick
187e5dd7070Spatrick //===----------------------------------------------------------------------===//
188e5dd7070Spatrick // CHECK: Clang AST nodes should not have fields that can allocate
189e5dd7070Spatrick // memory.
190e5dd7070Spatrick //===----------------------------------------------------------------------===//
191e5dd7070Spatrick
AllocatesMemory(QualType T)192e5dd7070Spatrick static bool AllocatesMemory(QualType T) {
193e5dd7070Spatrick return IsStdVector(T) || IsStdString(T) || IsSmallVector(T);
194e5dd7070Spatrick }
195e5dd7070Spatrick
196e5dd7070Spatrick // This type checking could be sped up via dynamic programming.
IsPartOfAST(const CXXRecordDecl * R)197e5dd7070Spatrick static bool IsPartOfAST(const CXXRecordDecl *R) {
198e5dd7070Spatrick if (IsClangStmt(R) || IsClangType(R) || IsClangDecl(R) || IsClangAttr(R))
199e5dd7070Spatrick return true;
200e5dd7070Spatrick
201e5dd7070Spatrick for (const auto &BS : R->bases()) {
202e5dd7070Spatrick QualType T = BS.getType();
203e5dd7070Spatrick if (const RecordType *baseT = T->getAs<RecordType>()) {
204e5dd7070Spatrick CXXRecordDecl *baseD = cast<CXXRecordDecl>(baseT->getDecl());
205e5dd7070Spatrick if (IsPartOfAST(baseD))
206e5dd7070Spatrick return true;
207e5dd7070Spatrick }
208e5dd7070Spatrick }
209e5dd7070Spatrick
210e5dd7070Spatrick return false;
211e5dd7070Spatrick }
212e5dd7070Spatrick
213e5dd7070Spatrick namespace {
214e5dd7070Spatrick class ASTFieldVisitor {
215e5dd7070Spatrick SmallVector<FieldDecl*, 10> FieldChain;
216e5dd7070Spatrick const CXXRecordDecl *Root;
217e5dd7070Spatrick BugReporter &BR;
218e5dd7070Spatrick const CheckerBase *Checker;
219e5dd7070Spatrick
220e5dd7070Spatrick public:
ASTFieldVisitor(const CXXRecordDecl * root,BugReporter & br,const CheckerBase * checker)221e5dd7070Spatrick ASTFieldVisitor(const CXXRecordDecl *root, BugReporter &br,
222e5dd7070Spatrick const CheckerBase *checker)
223e5dd7070Spatrick : Root(root), BR(br), Checker(checker) {}
224e5dd7070Spatrick
225e5dd7070Spatrick void Visit(FieldDecl *D);
226e5dd7070Spatrick void ReportError(QualType T);
227e5dd7070Spatrick };
228e5dd7070Spatrick } // end anonymous namespace
229e5dd7070Spatrick
CheckASTMemory(const CXXRecordDecl * R,BugReporter & BR,const CheckerBase * Checker)230e5dd7070Spatrick static void CheckASTMemory(const CXXRecordDecl *R, BugReporter &BR,
231e5dd7070Spatrick const CheckerBase *Checker) {
232e5dd7070Spatrick if (!IsPartOfAST(R))
233e5dd7070Spatrick return;
234e5dd7070Spatrick
235e5dd7070Spatrick for (auto *I : R->fields()) {
236e5dd7070Spatrick ASTFieldVisitor walker(R, BR, Checker);
237e5dd7070Spatrick walker.Visit(I);
238e5dd7070Spatrick }
239e5dd7070Spatrick }
240e5dd7070Spatrick
Visit(FieldDecl * D)241e5dd7070Spatrick void ASTFieldVisitor::Visit(FieldDecl *D) {
242e5dd7070Spatrick FieldChain.push_back(D);
243e5dd7070Spatrick
244e5dd7070Spatrick QualType T = D->getType();
245e5dd7070Spatrick
246e5dd7070Spatrick if (AllocatesMemory(T))
247e5dd7070Spatrick ReportError(T);
248e5dd7070Spatrick
249e5dd7070Spatrick if (const RecordType *RT = T->getAs<RecordType>()) {
250e5dd7070Spatrick const RecordDecl *RD = RT->getDecl()->getDefinition();
251e5dd7070Spatrick for (auto *I : RD->fields())
252e5dd7070Spatrick Visit(I);
253e5dd7070Spatrick }
254e5dd7070Spatrick
255e5dd7070Spatrick FieldChain.pop_back();
256e5dd7070Spatrick }
257e5dd7070Spatrick
ReportError(QualType T)258e5dd7070Spatrick void ASTFieldVisitor::ReportError(QualType T) {
259e5dd7070Spatrick SmallString<1024> buf;
260e5dd7070Spatrick llvm::raw_svector_ostream os(buf);
261e5dd7070Spatrick
262e5dd7070Spatrick os << "AST class '" << Root->getName() << "' has a field '"
263e5dd7070Spatrick << FieldChain.front()->getName() << "' that allocates heap memory";
264e5dd7070Spatrick if (FieldChain.size() > 1) {
265e5dd7070Spatrick os << " via the following chain: ";
266e5dd7070Spatrick bool isFirst = true;
267e5dd7070Spatrick for (SmallVectorImpl<FieldDecl*>::iterator I=FieldChain.begin(),
268e5dd7070Spatrick E=FieldChain.end(); I!=E; ++I) {
269e5dd7070Spatrick if (!isFirst)
270e5dd7070Spatrick os << '.';
271e5dd7070Spatrick else
272e5dd7070Spatrick isFirst = false;
273e5dd7070Spatrick os << (*I)->getName();
274e5dd7070Spatrick }
275e5dd7070Spatrick }
276*12c85518Srobert os << " (type " << FieldChain.back()->getType() << ")";
277e5dd7070Spatrick
278e5dd7070Spatrick // Note that this will fire for every translation unit that uses this
279e5dd7070Spatrick // class. This is suboptimal, but at least scan-build will merge
280e5dd7070Spatrick // duplicate HTML reports. In the future we need a unified way of merging
281e5dd7070Spatrick // duplicate reports across translation units. For C++ classes we cannot
282e5dd7070Spatrick // just report warnings when we see an out-of-line method definition for a
283e5dd7070Spatrick // class, as that heuristic doesn't always work (the complete definition of
284e5dd7070Spatrick // the class may be in the header file, for example).
285e5dd7070Spatrick PathDiagnosticLocation L = PathDiagnosticLocation::createBegin(
286e5dd7070Spatrick FieldChain.front(), BR.getSourceManager());
287e5dd7070Spatrick BR.EmitBasicReport(Root, Checker, "AST node allocates heap memory",
288e5dd7070Spatrick "LLVM Conventions", os.str(), L);
289e5dd7070Spatrick }
290e5dd7070Spatrick
291e5dd7070Spatrick //===----------------------------------------------------------------------===//
292e5dd7070Spatrick // LLVMConventionsChecker
293e5dd7070Spatrick //===----------------------------------------------------------------------===//
294e5dd7070Spatrick
295e5dd7070Spatrick namespace {
296e5dd7070Spatrick class LLVMConventionsChecker : public Checker<
297e5dd7070Spatrick check::ASTDecl<CXXRecordDecl>,
298e5dd7070Spatrick check::ASTCodeBody > {
299e5dd7070Spatrick public:
checkASTDecl(const CXXRecordDecl * R,AnalysisManager & mgr,BugReporter & BR) const300e5dd7070Spatrick void checkASTDecl(const CXXRecordDecl *R, AnalysisManager& mgr,
301e5dd7070Spatrick BugReporter &BR) const {
302e5dd7070Spatrick if (R->isCompleteDefinition())
303e5dd7070Spatrick CheckASTMemory(R, BR, this);
304e5dd7070Spatrick }
305e5dd7070Spatrick
checkASTCodeBody(const Decl * D,AnalysisManager & mgr,BugReporter & BR) const306e5dd7070Spatrick void checkASTCodeBody(const Decl *D, AnalysisManager& mgr,
307e5dd7070Spatrick BugReporter &BR) const {
308e5dd7070Spatrick CheckStringRefAssignedTemporary(D, BR, this);
309e5dd7070Spatrick }
310e5dd7070Spatrick };
311e5dd7070Spatrick }
312e5dd7070Spatrick
registerLLVMConventionsChecker(CheckerManager & mgr)313e5dd7070Spatrick void ento::registerLLVMConventionsChecker(CheckerManager &mgr) {
314e5dd7070Spatrick mgr.registerChecker<LLVMConventionsChecker>();
315e5dd7070Spatrick }
316e5dd7070Spatrick
shouldRegisterLLVMConventionsChecker(const CheckerManager & mgr)317ec727ea7Spatrick bool ento::shouldRegisterLLVMConventionsChecker(const CheckerManager &mgr) {
318e5dd7070Spatrick return true;
319e5dd7070Spatrick }
320