1 //=======- UncountedLambdaCapturesChecker.cpp --------------------*- C++ -*-==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #include "DiagOutputUtils.h"
10 #include "PtrTypesSemantics.h"
11 #include "clang/AST/CXXInheritance.h"
12 #include "clang/AST/RecursiveASTVisitor.h"
13 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
14 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
15 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 #include <optional>
18
19 using namespace clang;
20 using namespace ento;
21
22 namespace {
23 class UncountedLambdaCapturesChecker
24 : public Checker<check::ASTDecl<TranslationUnitDecl>> {
25 private:
26 BugType Bug{this, "Lambda capture of uncounted variable",
27 "WebKit coding guidelines"};
28 mutable BugReporter *BR = nullptr;
29
30 public:
checkASTDecl(const TranslationUnitDecl * TUD,AnalysisManager & MGR,BugReporter & BRArg) const31 void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
32 BugReporter &BRArg) const {
33 BR = &BRArg;
34
35 // The calls to checkAST* from AnalysisConsumer don't
36 // visit template instantiations or lambda classes. We
37 // want to visit those, so we make our own RecursiveASTVisitor.
38 struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
39 const UncountedLambdaCapturesChecker *Checker;
40 explicit LocalVisitor(const UncountedLambdaCapturesChecker *Checker)
41 : Checker(Checker) {
42 assert(Checker);
43 }
44
45 bool shouldVisitTemplateInstantiations() const { return true; }
46 bool shouldVisitImplicitCode() const { return false; }
47
48 bool VisitLambdaExpr(LambdaExpr *L) {
49 Checker->visitLambdaExpr(L);
50 return true;
51 }
52 };
53
54 LocalVisitor visitor(this);
55 visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
56 }
57
visitLambdaExpr(LambdaExpr * L) const58 void visitLambdaExpr(LambdaExpr *L) const {
59 for (const LambdaCapture &C : L->captures()) {
60 if (C.capturesVariable()) {
61 ValueDecl *CapturedVar = C.getCapturedVar();
62 if (auto *CapturedVarType = CapturedVar->getType().getTypePtrOrNull()) {
63 std::optional<bool> IsUncountedPtr = isUncountedPtr(CapturedVarType);
64 if (IsUncountedPtr && *IsUncountedPtr) {
65 reportBug(C, CapturedVar, CapturedVarType);
66 }
67 }
68 }
69 }
70 }
71
reportBug(const LambdaCapture & Capture,ValueDecl * CapturedVar,const Type * T) const72 void reportBug(const LambdaCapture &Capture, ValueDecl *CapturedVar,
73 const Type *T) const {
74 assert(CapturedVar);
75
76 SmallString<100> Buf;
77 llvm::raw_svector_ostream Os(Buf);
78
79 if (Capture.isExplicit()) {
80 Os << "Captured ";
81 } else {
82 Os << "Implicitly captured ";
83 }
84 if (T->isPointerType()) {
85 Os << "raw-pointer ";
86 } else {
87 assert(T->isReferenceType());
88 Os << "reference ";
89 }
90
91 printQuotedQualifiedName(Os, Capture.getCapturedVar());
92 Os << " to uncounted type is unsafe.";
93
94 PathDiagnosticLocation BSLoc(Capture.getLocation(), BR->getSourceManager());
95 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
96 BR->emitReport(std::move(Report));
97 }
98 };
99 } // namespace
100
registerUncountedLambdaCapturesChecker(CheckerManager & Mgr)101 void ento::registerUncountedLambdaCapturesChecker(CheckerManager &Mgr) {
102 Mgr.registerChecker<UncountedLambdaCapturesChecker>();
103 }
104
shouldRegisterUncountedLambdaCapturesChecker(const CheckerManager & mgr)105 bool ento::shouldRegisterUncountedLambdaCapturesChecker(
106 const CheckerManager &mgr) {
107 return true;
108 }
109