1 //== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // BodyFarm is a factory for creating faux implementations for functions/methods 10 // for analysis purposes. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "clang/Analysis/BodyFarm.h" 15 #include "clang/AST/ASTContext.h" 16 #include "clang/AST/CXXInheritance.h" 17 #include "clang/AST/Decl.h" 18 #include "clang/AST/Expr.h" 19 #include "clang/AST/ExprCXX.h" 20 #include "clang/AST/ExprObjC.h" 21 #include "clang/AST/NestedNameSpecifier.h" 22 #include "clang/Analysis/CodeInjector.h" 23 #include "clang/Basic/Builtins.h" 24 #include "clang/Basic/OperatorKinds.h" 25 #include "llvm/ADT/StringSwitch.h" 26 #include "llvm/Support/Debug.h" 27 #include <optional> 28 29 #define DEBUG_TYPE "body-farm" 30 31 using namespace clang; 32 33 //===----------------------------------------------------------------------===// 34 // Helper creation functions for constructing faux ASTs. 35 //===----------------------------------------------------------------------===// 36 37 static bool isDispatchBlock(QualType Ty) { 38 // Is it a block pointer? 39 const BlockPointerType *BPT = Ty->getAs<BlockPointerType>(); 40 if (!BPT) 41 return false; 42 43 // Check if the block pointer type takes no arguments and 44 // returns void. 45 const FunctionProtoType *FT = 46 BPT->getPointeeType()->getAs<FunctionProtoType>(); 47 return FT && FT->getReturnType()->isVoidType() && FT->getNumParams() == 0; 48 } 49 50 namespace { 51 class ASTMaker { 52 public: 53 ASTMaker(ASTContext &C) : C(C) {} 54 55 /// Create a new BinaryOperator representing a simple assignment. 56 BinaryOperator *makeAssignment(const Expr *LHS, const Expr *RHS, QualType Ty); 57 58 /// Create a new BinaryOperator representing a comparison. 59 BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS, 60 BinaryOperator::Opcode Op); 61 62 /// Create a new compound stmt using the provided statements. 63 CompoundStmt *makeCompound(ArrayRef<Stmt*>); 64 65 /// Create a new DeclRefExpr for the referenced variable. 66 DeclRefExpr *makeDeclRefExpr(const VarDecl *D, 67 bool RefersToEnclosingVariableOrCapture = false); 68 69 /// Create a new UnaryOperator representing a dereference. 70 UnaryOperator *makeDereference(const Expr *Arg, QualType Ty); 71 72 /// Create an implicit cast for an integer conversion. 73 Expr *makeIntegralCast(const Expr *Arg, QualType Ty); 74 75 /// Create an implicit cast to a builtin boolean type. 76 ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg); 77 78 /// Create an implicit cast for lvalue-to-rvaluate conversions. 79 ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty); 80 81 /// Make RValue out of variable declaration, creating a temporary 82 /// DeclRefExpr in the process. 83 ImplicitCastExpr * 84 makeLvalueToRvalue(const VarDecl *Decl, 85 bool RefersToEnclosingVariableOrCapture = false); 86 87 /// Create an implicit cast of the given type. 88 ImplicitCastExpr *makeImplicitCast(const Expr *Arg, QualType Ty, 89 CastKind CK = CK_LValueToRValue); 90 91 /// Create a cast to reference type. 92 CastExpr *makeReferenceCast(const Expr *Arg, QualType Ty); 93 94 /// Create an Objective-C bool literal. 95 ObjCBoolLiteralExpr *makeObjCBool(bool Val); 96 97 /// Create an Objective-C ivar reference. 98 ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar); 99 100 /// Create a Return statement. 101 ReturnStmt *makeReturn(const Expr *RetVal); 102 103 /// Create an integer literal expression of the given type. 104 IntegerLiteral *makeIntegerLiteral(uint64_t Value, QualType Ty); 105 106 /// Create a member expression. 107 MemberExpr *makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 108 bool IsArrow = false, 109 ExprValueKind ValueKind = VK_LValue); 110 111 /// Returns a *first* member field of a record declaration with a given name. 112 /// \return an nullptr if no member with such a name exists. 113 ValueDecl *findMemberField(const RecordDecl *RD, StringRef Name); 114 115 private: 116 ASTContext &C; 117 }; 118 } 119 120 BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS, 121 QualType Ty) { 122 return BinaryOperator::Create( 123 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), BO_Assign, Ty, 124 VK_PRValue, OK_Ordinary, SourceLocation(), FPOptionsOverride()); 125 } 126 127 BinaryOperator *ASTMaker::makeComparison(const Expr *LHS, const Expr *RHS, 128 BinaryOperator::Opcode Op) { 129 assert(BinaryOperator::isLogicalOp(Op) || 130 BinaryOperator::isComparisonOp(Op)); 131 return BinaryOperator::Create( 132 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), Op, 133 C.getLogicalOperationType(), VK_PRValue, OK_Ordinary, SourceLocation(), 134 FPOptionsOverride()); 135 } 136 137 CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) { 138 return CompoundStmt::Create(C, Stmts, FPOptionsOverride(), SourceLocation(), 139 SourceLocation()); 140 } 141 142 DeclRefExpr *ASTMaker::makeDeclRefExpr( 143 const VarDecl *D, 144 bool RefersToEnclosingVariableOrCapture) { 145 QualType Type = D->getType().getNonReferenceType(); 146 147 DeclRefExpr *DR = DeclRefExpr::Create( 148 C, NestedNameSpecifierLoc(), SourceLocation(), const_cast<VarDecl *>(D), 149 RefersToEnclosingVariableOrCapture, SourceLocation(), Type, VK_LValue); 150 return DR; 151 } 152 153 UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) { 154 return UnaryOperator::Create(C, const_cast<Expr *>(Arg), UO_Deref, Ty, 155 VK_LValue, OK_Ordinary, SourceLocation(), 156 /*CanOverflow*/ false, FPOptionsOverride()); 157 } 158 159 ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) { 160 return makeImplicitCast(Arg, Ty, CK_LValueToRValue); 161 } 162 163 ImplicitCastExpr * 164 ASTMaker::makeLvalueToRvalue(const VarDecl *Arg, 165 bool RefersToEnclosingVariableOrCapture) { 166 QualType Type = Arg->getType().getNonReferenceType(); 167 return makeLvalueToRvalue(makeDeclRefExpr(Arg, 168 RefersToEnclosingVariableOrCapture), 169 Type); 170 } 171 172 ImplicitCastExpr *ASTMaker::makeImplicitCast(const Expr *Arg, QualType Ty, 173 CastKind CK) { 174 return ImplicitCastExpr::Create(C, Ty, 175 /* CastKind=*/CK, 176 /* Expr=*/const_cast<Expr *>(Arg), 177 /* CXXCastPath=*/nullptr, 178 /* ExprValueKind=*/VK_PRValue, 179 /* FPFeatures */ FPOptionsOverride()); 180 } 181 182 CastExpr *ASTMaker::makeReferenceCast(const Expr *Arg, QualType Ty) { 183 assert(Ty->isReferenceType()); 184 return CXXStaticCastExpr::Create( 185 C, Ty.getNonReferenceType(), 186 Ty->isLValueReferenceType() ? VK_LValue : VK_XValue, CK_NoOp, 187 const_cast<Expr *>(Arg), /*CXXCastPath=*/nullptr, 188 /*Written=*/C.getTrivialTypeSourceInfo(Ty), FPOptionsOverride(), 189 SourceLocation(), SourceLocation(), SourceRange()); 190 } 191 192 Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) { 193 if (Arg->getType() == Ty) 194 return const_cast<Expr*>(Arg); 195 return makeImplicitCast(Arg, Ty, CK_IntegralCast); 196 } 197 198 ImplicitCastExpr *ASTMaker::makeIntegralCastToBoolean(const Expr *Arg) { 199 return makeImplicitCast(Arg, C.BoolTy, CK_IntegralToBoolean); 200 } 201 202 ObjCBoolLiteralExpr *ASTMaker::makeObjCBool(bool Val) { 203 QualType Ty = C.getBOOLDecl() ? C.getBOOLType() : C.ObjCBuiltinBoolTy; 204 return new (C) ObjCBoolLiteralExpr(Val, Ty, SourceLocation()); 205 } 206 207 ObjCIvarRefExpr *ASTMaker::makeObjCIvarRef(const Expr *Base, 208 const ObjCIvarDecl *IVar) { 209 return new (C) ObjCIvarRefExpr(const_cast<ObjCIvarDecl*>(IVar), 210 IVar->getType(), SourceLocation(), 211 SourceLocation(), const_cast<Expr*>(Base), 212 /*arrow=*/true, /*free=*/false); 213 } 214 215 ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) { 216 return ReturnStmt::Create(C, SourceLocation(), const_cast<Expr *>(RetVal), 217 /* NRVOCandidate=*/nullptr); 218 } 219 220 IntegerLiteral *ASTMaker::makeIntegerLiteral(uint64_t Value, QualType Ty) { 221 llvm::APInt APValue = llvm::APInt(C.getTypeSize(Ty), Value); 222 return IntegerLiteral::Create(C, APValue, Ty, SourceLocation()); 223 } 224 225 MemberExpr *ASTMaker::makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 226 bool IsArrow, 227 ExprValueKind ValueKind) { 228 229 DeclAccessPair FoundDecl = DeclAccessPair::make(MemberDecl, AS_public); 230 return MemberExpr::Create( 231 C, base, IsArrow, SourceLocation(), NestedNameSpecifierLoc(), 232 SourceLocation(), MemberDecl, FoundDecl, 233 DeclarationNameInfo(MemberDecl->getDeclName(), SourceLocation()), 234 /* TemplateArgumentListInfo=*/ nullptr, MemberDecl->getType(), ValueKind, 235 OK_Ordinary, NOUR_None); 236 } 237 238 ValueDecl *ASTMaker::findMemberField(const RecordDecl *RD, StringRef Name) { 239 240 CXXBasePaths Paths( 241 /* FindAmbiguities=*/false, 242 /* RecordPaths=*/false, 243 /* DetectVirtual=*/ false); 244 const IdentifierInfo &II = C.Idents.get(Name); 245 DeclarationName DeclName = C.DeclarationNames.getIdentifier(&II); 246 247 DeclContextLookupResult Decls = RD->lookup(DeclName); 248 for (NamedDecl *FoundDecl : Decls) 249 if (!FoundDecl->getDeclContext()->isFunctionOrMethod()) 250 return cast<ValueDecl>(FoundDecl); 251 252 return nullptr; 253 } 254 255 //===----------------------------------------------------------------------===// 256 // Creation functions for faux ASTs. 257 //===----------------------------------------------------------------------===// 258 259 typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D); 260 261 static CallExpr *create_call_once_funcptr_call(ASTContext &C, ASTMaker M, 262 const ParmVarDecl *Callback, 263 ArrayRef<Expr *> CallArgs) { 264 265 QualType Ty = Callback->getType(); 266 DeclRefExpr *Call = M.makeDeclRefExpr(Callback); 267 Expr *SubExpr; 268 if (Ty->isRValueReferenceType()) { 269 SubExpr = M.makeImplicitCast( 270 Call, Ty.getNonReferenceType(), CK_LValueToRValue); 271 } else if (Ty->isLValueReferenceType() && 272 Call->getType()->isFunctionType()) { 273 Ty = C.getPointerType(Ty.getNonReferenceType()); 274 SubExpr = M.makeImplicitCast(Call, Ty, CK_FunctionToPointerDecay); 275 } else if (Ty->isLValueReferenceType() 276 && Call->getType()->isPointerType() 277 && Call->getType()->getPointeeType()->isFunctionType()){ 278 SubExpr = Call; 279 } else { 280 llvm_unreachable("Unexpected state"); 281 } 282 283 return CallExpr::Create(C, SubExpr, CallArgs, C.VoidTy, VK_PRValue, 284 SourceLocation(), FPOptionsOverride()); 285 } 286 287 static CallExpr *create_call_once_lambda_call(ASTContext &C, ASTMaker M, 288 const ParmVarDecl *Callback, 289 CXXRecordDecl *CallbackDecl, 290 ArrayRef<Expr *> CallArgs) { 291 assert(CallbackDecl != nullptr); 292 assert(CallbackDecl->isLambda()); 293 FunctionDecl *callOperatorDecl = CallbackDecl->getLambdaCallOperator(); 294 assert(callOperatorDecl != nullptr); 295 296 DeclRefExpr *callOperatorDeclRef = 297 DeclRefExpr::Create(/* Ctx =*/ C, 298 /* QualifierLoc =*/ NestedNameSpecifierLoc(), 299 /* TemplateKWLoc =*/ SourceLocation(), 300 const_cast<FunctionDecl *>(callOperatorDecl), 301 /* RefersToEnclosingVariableOrCapture=*/ false, 302 /* NameLoc =*/ SourceLocation(), 303 /* T =*/ callOperatorDecl->getType(), 304 /* VK =*/ VK_LValue); 305 306 return CXXOperatorCallExpr::Create( 307 /*AstContext=*/C, OO_Call, callOperatorDeclRef, 308 /*Args=*/CallArgs, 309 /*QualType=*/C.VoidTy, 310 /*ExprValueType=*/VK_PRValue, 311 /*SourceLocation=*/SourceLocation(), 312 /*FPFeatures=*/FPOptionsOverride()); 313 } 314 315 /// Create a fake body for 'std::move' or 'std::forward'. This is just: 316 /// 317 /// \code 318 /// return static_cast<return_type>(param); 319 /// \endcode 320 static Stmt *create_std_move_forward(ASTContext &C, const FunctionDecl *D) { 321 LLVM_DEBUG(llvm::dbgs() << "Generating body for std::move / std::forward\n"); 322 323 ASTMaker M(C); 324 325 QualType ReturnType = D->getType()->castAs<FunctionType>()->getReturnType(); 326 Expr *Param = M.makeDeclRefExpr(D->getParamDecl(0)); 327 Expr *Cast = M.makeReferenceCast(Param, ReturnType); 328 return M.makeReturn(Cast); 329 } 330 331 /// Create a fake body for std::call_once. 332 /// Emulates the following function body: 333 /// 334 /// \code 335 /// typedef struct once_flag_s { 336 /// unsigned long __state = 0; 337 /// } once_flag; 338 /// template<class Callable> 339 /// void call_once(once_flag& o, Callable func) { 340 /// if (!o.__state) { 341 /// func(); 342 /// } 343 /// o.__state = 1; 344 /// } 345 /// \endcode 346 static Stmt *create_call_once(ASTContext &C, const FunctionDecl *D) { 347 LLVM_DEBUG(llvm::dbgs() << "Generating body for call_once\n"); 348 349 // We need at least two parameters. 350 if (D->param_size() < 2) 351 return nullptr; 352 353 ASTMaker M(C); 354 355 const ParmVarDecl *Flag = D->getParamDecl(0); 356 const ParmVarDecl *Callback = D->getParamDecl(1); 357 358 if (!Callback->getType()->isReferenceType()) { 359 llvm::dbgs() << "libcxx03 std::call_once implementation, skipping.\n"; 360 return nullptr; 361 } 362 if (!Flag->getType()->isReferenceType()) { 363 llvm::dbgs() << "unknown std::call_once implementation, skipping.\n"; 364 return nullptr; 365 } 366 367 QualType CallbackType = Callback->getType().getNonReferenceType(); 368 369 // Nullable pointer, non-null iff function is a CXXRecordDecl. 370 CXXRecordDecl *CallbackRecordDecl = CallbackType->getAsCXXRecordDecl(); 371 QualType FlagType = Flag->getType().getNonReferenceType(); 372 auto *FlagRecordDecl = FlagType->getAsRecordDecl(); 373 374 if (!FlagRecordDecl) { 375 LLVM_DEBUG(llvm::dbgs() << "Flag field is not a record: " 376 << "unknown std::call_once implementation, " 377 << "ignoring the call.\n"); 378 return nullptr; 379 } 380 381 // We initially assume libc++ implementation of call_once, 382 // where the once_flag struct has a field `__state_`. 383 ValueDecl *FlagFieldDecl = M.findMemberField(FlagRecordDecl, "__state_"); 384 385 // Otherwise, try libstdc++ implementation, with a field 386 // `_M_once` 387 if (!FlagFieldDecl) { 388 FlagFieldDecl = M.findMemberField(FlagRecordDecl, "_M_once"); 389 } 390 391 if (!FlagFieldDecl) { 392 LLVM_DEBUG(llvm::dbgs() << "No field _M_once or __state_ found on " 393 << "std::once_flag struct: unknown std::call_once " 394 << "implementation, ignoring the call."); 395 return nullptr; 396 } 397 398 bool isLambdaCall = CallbackRecordDecl && CallbackRecordDecl->isLambda(); 399 if (CallbackRecordDecl && !isLambdaCall) { 400 LLVM_DEBUG(llvm::dbgs() 401 << "Not supported: synthesizing body for functors when " 402 << "body farming std::call_once, ignoring the call."); 403 return nullptr; 404 } 405 406 SmallVector<Expr *, 5> CallArgs; 407 const FunctionProtoType *CallbackFunctionType; 408 if (isLambdaCall) { 409 410 // Lambda requires callback itself inserted as a first parameter. 411 CallArgs.push_back( 412 M.makeDeclRefExpr(Callback, 413 /* RefersToEnclosingVariableOrCapture=*/ true)); 414 CallbackFunctionType = CallbackRecordDecl->getLambdaCallOperator() 415 ->getType() 416 ->getAs<FunctionProtoType>(); 417 } else if (!CallbackType->getPointeeType().isNull()) { 418 CallbackFunctionType = 419 CallbackType->getPointeeType()->getAs<FunctionProtoType>(); 420 } else { 421 CallbackFunctionType = CallbackType->getAs<FunctionProtoType>(); 422 } 423 424 if (!CallbackFunctionType) 425 return nullptr; 426 427 // First two arguments are used for the flag and for the callback. 428 if (D->getNumParams() != CallbackFunctionType->getNumParams() + 2) { 429 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 430 << "params passed to std::call_once, " 431 << "ignoring the call\n"); 432 return nullptr; 433 } 434 435 // All arguments past first two ones are passed to the callback, 436 // and we turn lvalues into rvalues if the argument is not passed by 437 // reference. 438 for (unsigned int ParamIdx = 2; ParamIdx < D->getNumParams(); ParamIdx++) { 439 const ParmVarDecl *PDecl = D->getParamDecl(ParamIdx); 440 assert(PDecl); 441 if (CallbackFunctionType->getParamType(ParamIdx - 2) 442 .getNonReferenceType() 443 .getCanonicalType() != 444 PDecl->getType().getNonReferenceType().getCanonicalType()) { 445 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 446 << "params passed to std::call_once, " 447 << "ignoring the call\n"); 448 return nullptr; 449 } 450 Expr *ParamExpr = M.makeDeclRefExpr(PDecl); 451 if (!CallbackFunctionType->getParamType(ParamIdx - 2)->isReferenceType()) { 452 QualType PTy = PDecl->getType().getNonReferenceType(); 453 ParamExpr = M.makeLvalueToRvalue(ParamExpr, PTy); 454 } 455 CallArgs.push_back(ParamExpr); 456 } 457 458 CallExpr *CallbackCall; 459 if (isLambdaCall) { 460 461 CallbackCall = create_call_once_lambda_call(C, M, Callback, 462 CallbackRecordDecl, CallArgs); 463 } else { 464 465 // Function pointer case. 466 CallbackCall = create_call_once_funcptr_call(C, M, Callback, CallArgs); 467 } 468 469 DeclRefExpr *FlagDecl = 470 M.makeDeclRefExpr(Flag, 471 /* RefersToEnclosingVariableOrCapture=*/true); 472 473 474 MemberExpr *Deref = M.makeMemberExpression(FlagDecl, FlagFieldDecl); 475 assert(Deref->isLValue()); 476 QualType DerefType = Deref->getType(); 477 478 // Negation predicate. 479 UnaryOperator *FlagCheck = UnaryOperator::Create( 480 C, 481 /* input=*/ 482 M.makeImplicitCast(M.makeLvalueToRvalue(Deref, DerefType), DerefType, 483 CK_IntegralToBoolean), 484 /* opc=*/UO_LNot, 485 /* QualType=*/C.IntTy, 486 /* ExprValueKind=*/VK_PRValue, 487 /* ExprObjectKind=*/OK_Ordinary, SourceLocation(), 488 /* CanOverflow*/ false, FPOptionsOverride()); 489 490 // Create assignment. 491 BinaryOperator *FlagAssignment = M.makeAssignment( 492 Deref, M.makeIntegralCast(M.makeIntegerLiteral(1, C.IntTy), DerefType), 493 DerefType); 494 495 auto *Out = 496 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 497 /* Init=*/nullptr, 498 /* Var=*/nullptr, 499 /* Cond=*/FlagCheck, 500 /* LPL=*/SourceLocation(), 501 /* RPL=*/SourceLocation(), 502 /* Then=*/M.makeCompound({CallbackCall, FlagAssignment})); 503 504 return Out; 505 } 506 507 /// Create a fake body for dispatch_once. 508 static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) { 509 // Check if we have at least two parameters. 510 if (D->param_size() != 2) 511 return nullptr; 512 513 // Check if the first parameter is a pointer to integer type. 514 const ParmVarDecl *Predicate = D->getParamDecl(0); 515 QualType PredicateQPtrTy = Predicate->getType(); 516 const PointerType *PredicatePtrTy = PredicateQPtrTy->getAs<PointerType>(); 517 if (!PredicatePtrTy) 518 return nullptr; 519 QualType PredicateTy = PredicatePtrTy->getPointeeType(); 520 if (!PredicateTy->isIntegerType()) 521 return nullptr; 522 523 // Check if the second parameter is the proper block type. 524 const ParmVarDecl *Block = D->getParamDecl(1); 525 QualType Ty = Block->getType(); 526 if (!isDispatchBlock(Ty)) 527 return nullptr; 528 529 // Everything checks out. Create a fakse body that checks the predicate, 530 // sets it, and calls the block. Basically, an AST dump of: 531 // 532 // void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block) { 533 // if (*predicate != ~0l) { 534 // *predicate = ~0l; 535 // block(); 536 // } 537 // } 538 539 ASTMaker M(C); 540 541 // (1) Create the call. 542 CallExpr *CE = CallExpr::Create( 543 /*ASTContext=*/C, 544 /*StmtClass=*/M.makeLvalueToRvalue(/*Expr=*/Block), 545 /*Args=*/std::nullopt, 546 /*QualType=*/C.VoidTy, 547 /*ExprValueType=*/VK_PRValue, 548 /*SourceLocation=*/SourceLocation(), FPOptionsOverride()); 549 550 // (2) Create the assignment to the predicate. 551 Expr *DoneValue = 552 UnaryOperator::Create(C, M.makeIntegerLiteral(0, C.LongTy), UO_Not, 553 C.LongTy, VK_PRValue, OK_Ordinary, SourceLocation(), 554 /*CanOverflow*/ false, FPOptionsOverride()); 555 556 BinaryOperator *B = 557 M.makeAssignment( 558 M.makeDereference( 559 M.makeLvalueToRvalue( 560 M.makeDeclRefExpr(Predicate), PredicateQPtrTy), 561 PredicateTy), 562 M.makeIntegralCast(DoneValue, PredicateTy), 563 PredicateTy); 564 565 // (3) Create the compound statement. 566 Stmt *Stmts[] = { B, CE }; 567 CompoundStmt *CS = M.makeCompound(Stmts); 568 569 // (4) Create the 'if' condition. 570 ImplicitCastExpr *LValToRval = 571 M.makeLvalueToRvalue( 572 M.makeDereference( 573 M.makeLvalueToRvalue( 574 M.makeDeclRefExpr(Predicate), 575 PredicateQPtrTy), 576 PredicateTy), 577 PredicateTy); 578 579 Expr *GuardCondition = M.makeComparison(LValToRval, DoneValue, BO_NE); 580 // (5) Create the 'if' statement. 581 auto *If = IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 582 /* Init=*/nullptr, 583 /* Var=*/nullptr, 584 /* Cond=*/GuardCondition, 585 /* LPL=*/SourceLocation(), 586 /* RPL=*/SourceLocation(), 587 /* Then=*/CS); 588 return If; 589 } 590 591 /// Create a fake body for dispatch_sync. 592 static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) { 593 // Check if we have at least two parameters. 594 if (D->param_size() != 2) 595 return nullptr; 596 597 // Check if the second parameter is a block. 598 const ParmVarDecl *PV = D->getParamDecl(1); 599 QualType Ty = PV->getType(); 600 if (!isDispatchBlock(Ty)) 601 return nullptr; 602 603 // Everything checks out. Create a fake body that just calls the block. 604 // This is basically just an AST dump of: 605 // 606 // void dispatch_sync(dispatch_queue_t queue, void (^block)(void)) { 607 // block(); 608 // } 609 // 610 ASTMaker M(C); 611 DeclRefExpr *DR = M.makeDeclRefExpr(PV); 612 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty); 613 CallExpr *CE = CallExpr::Create(C, ICE, std::nullopt, C.VoidTy, VK_PRValue, 614 SourceLocation(), FPOptionsOverride()); 615 return CE; 616 } 617 618 static Stmt *create_OSAtomicCompareAndSwap(ASTContext &C, const FunctionDecl *D) 619 { 620 // There are exactly 3 arguments. 621 if (D->param_size() != 3) 622 return nullptr; 623 624 // Signature: 625 // _Bool OSAtomicCompareAndSwapPtr(void *__oldValue, 626 // void *__newValue, 627 // void * volatile *__theValue) 628 // Generate body: 629 // if (oldValue == *theValue) { 630 // *theValue = newValue; 631 // return YES; 632 // } 633 // else return NO; 634 635 QualType ResultTy = D->getReturnType(); 636 bool isBoolean = ResultTy->isBooleanType(); 637 if (!isBoolean && !ResultTy->isIntegralType(C)) 638 return nullptr; 639 640 const ParmVarDecl *OldValue = D->getParamDecl(0); 641 QualType OldValueTy = OldValue->getType(); 642 643 const ParmVarDecl *NewValue = D->getParamDecl(1); 644 QualType NewValueTy = NewValue->getType(); 645 646 assert(OldValueTy == NewValueTy); 647 648 const ParmVarDecl *TheValue = D->getParamDecl(2); 649 QualType TheValueTy = TheValue->getType(); 650 const PointerType *PT = TheValueTy->getAs<PointerType>(); 651 if (!PT) 652 return nullptr; 653 QualType PointeeTy = PT->getPointeeType(); 654 655 ASTMaker M(C); 656 // Construct the comparison. 657 Expr *Comparison = 658 M.makeComparison( 659 M.makeLvalueToRvalue(M.makeDeclRefExpr(OldValue), OldValueTy), 660 M.makeLvalueToRvalue( 661 M.makeDereference( 662 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 663 PointeeTy), 664 PointeeTy), 665 BO_EQ); 666 667 // Construct the body of the IfStmt. 668 Stmt *Stmts[2]; 669 Stmts[0] = 670 M.makeAssignment( 671 M.makeDereference( 672 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 673 PointeeTy), 674 M.makeLvalueToRvalue(M.makeDeclRefExpr(NewValue), NewValueTy), 675 NewValueTy); 676 677 Expr *BoolVal = M.makeObjCBool(true); 678 Expr *RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 679 : M.makeIntegralCast(BoolVal, ResultTy); 680 Stmts[1] = M.makeReturn(RetVal); 681 CompoundStmt *Body = M.makeCompound(Stmts); 682 683 // Construct the else clause. 684 BoolVal = M.makeObjCBool(false); 685 RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 686 : M.makeIntegralCast(BoolVal, ResultTy); 687 Stmt *Else = M.makeReturn(RetVal); 688 689 /// Construct the If. 690 auto *If = 691 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 692 /* Init=*/nullptr, 693 /* Var=*/nullptr, Comparison, 694 /* LPL=*/SourceLocation(), 695 /* RPL=*/SourceLocation(), Body, SourceLocation(), Else); 696 697 return If; 698 } 699 700 Stmt *BodyFarm::getBody(const FunctionDecl *D) { 701 std::optional<Stmt *> &Val = Bodies[D]; 702 if (Val) 703 return *Val; 704 705 Val = nullptr; 706 707 if (D->getIdentifier() == nullptr) 708 return nullptr; 709 710 StringRef Name = D->getName(); 711 if (Name.empty()) 712 return nullptr; 713 714 FunctionFarmer FF; 715 716 if (unsigned BuiltinID = D->getBuiltinID()) { 717 switch (BuiltinID) { 718 case Builtin::BIas_const: 719 case Builtin::BIforward: 720 case Builtin::BIforward_like: 721 case Builtin::BImove: 722 case Builtin::BImove_if_noexcept: 723 FF = create_std_move_forward; 724 break; 725 default: 726 FF = nullptr; 727 break; 728 } 729 } else if (Name.starts_with("OSAtomicCompareAndSwap") || 730 Name.starts_with("objc_atomicCompareAndSwap")) { 731 FF = create_OSAtomicCompareAndSwap; 732 } else if (Name == "call_once" && D->getDeclContext()->isStdNamespace()) { 733 FF = create_call_once; 734 } else { 735 FF = llvm::StringSwitch<FunctionFarmer>(Name) 736 .Case("dispatch_sync", create_dispatch_sync) 737 .Case("dispatch_once", create_dispatch_once) 738 .Default(nullptr); 739 } 740 741 if (FF) { Val = FF(C, D); } 742 else if (Injector) { Val = Injector->getBody(D); } 743 return *Val; 744 } 745 746 static const ObjCIvarDecl *findBackingIvar(const ObjCPropertyDecl *Prop) { 747 const ObjCIvarDecl *IVar = Prop->getPropertyIvarDecl(); 748 749 if (IVar) 750 return IVar; 751 752 // When a readonly property is shadowed in a class extensions with a 753 // a readwrite property, the instance variable belongs to the shadowing 754 // property rather than the shadowed property. If there is no instance 755 // variable on a readonly property, check to see whether the property is 756 // shadowed and if so try to get the instance variable from shadowing 757 // property. 758 if (!Prop->isReadOnly()) 759 return nullptr; 760 761 auto *Container = cast<ObjCContainerDecl>(Prop->getDeclContext()); 762 const ObjCInterfaceDecl *PrimaryInterface = nullptr; 763 if (auto *InterfaceDecl = dyn_cast<ObjCInterfaceDecl>(Container)) { 764 PrimaryInterface = InterfaceDecl; 765 } else if (auto *CategoryDecl = dyn_cast<ObjCCategoryDecl>(Container)) { 766 PrimaryInterface = CategoryDecl->getClassInterface(); 767 } else if (auto *ImplDecl = dyn_cast<ObjCImplDecl>(Container)) { 768 PrimaryInterface = ImplDecl->getClassInterface(); 769 } else { 770 return nullptr; 771 } 772 773 // FindPropertyVisibleInPrimaryClass() looks first in class extensions, so it 774 // is guaranteed to find the shadowing property, if it exists, rather than 775 // the shadowed property. 776 auto *ShadowingProp = PrimaryInterface->FindPropertyVisibleInPrimaryClass( 777 Prop->getIdentifier(), Prop->getQueryKind()); 778 if (ShadowingProp && ShadowingProp != Prop) { 779 IVar = ShadowingProp->getPropertyIvarDecl(); 780 } 781 782 return IVar; 783 } 784 785 static Stmt *createObjCPropertyGetter(ASTContext &Ctx, 786 const ObjCMethodDecl *MD) { 787 // First, find the backing ivar. 788 const ObjCIvarDecl *IVar = nullptr; 789 const ObjCPropertyDecl *Prop = nullptr; 790 791 // Property accessor stubs sometimes do not correspond to any property decl 792 // in the current interface (but in a superclass). They still have a 793 // corresponding property impl decl in this case. 794 if (MD->isSynthesizedAccessorStub()) { 795 const ObjCInterfaceDecl *IntD = MD->getClassInterface(); 796 const ObjCImplementationDecl *ImpD = IntD->getImplementation(); 797 for (const auto *PI : ImpD->property_impls()) { 798 if (const ObjCPropertyDecl *Candidate = PI->getPropertyDecl()) { 799 if (Candidate->getGetterName() == MD->getSelector()) { 800 Prop = Candidate; 801 IVar = Prop->getPropertyIvarDecl(); 802 } 803 } 804 } 805 } 806 807 if (!IVar) { 808 Prop = MD->findPropertyDecl(); 809 IVar = Prop ? findBackingIvar(Prop) : nullptr; 810 } 811 812 if (!IVar || !Prop) 813 return nullptr; 814 815 // Ignore weak variables, which have special behavior. 816 if (Prop->getPropertyAttributes() & ObjCPropertyAttribute::kind_weak) 817 return nullptr; 818 819 // Look to see if Sema has synthesized a body for us. This happens in 820 // Objective-C++ because the return value may be a C++ class type with a 821 // non-trivial copy constructor. We can only do this if we can find the 822 // @synthesize for this property, though (or if we know it's been auto- 823 // synthesized). 824 const ObjCImplementationDecl *ImplDecl = 825 IVar->getContainingInterface()->getImplementation(); 826 if (ImplDecl) { 827 for (const auto *I : ImplDecl->property_impls()) { 828 if (I->getPropertyDecl() != Prop) 829 continue; 830 831 if (I->getGetterCXXConstructor()) { 832 ASTMaker M(Ctx); 833 return M.makeReturn(I->getGetterCXXConstructor()); 834 } 835 } 836 } 837 838 // We expect that the property is the same type as the ivar, or a reference to 839 // it, and that it is either an object pointer or trivially copyable. 840 if (!Ctx.hasSameUnqualifiedType(IVar->getType(), 841 Prop->getType().getNonReferenceType())) 842 return nullptr; 843 if (!IVar->getType()->isObjCLifetimeType() && 844 !IVar->getType().isTriviallyCopyableType(Ctx)) 845 return nullptr; 846 847 // Generate our body: 848 // return self->_ivar; 849 ASTMaker M(Ctx); 850 851 const VarDecl *selfVar = MD->getSelfDecl(); 852 if (!selfVar) 853 return nullptr; 854 855 Expr *loadedIVar = M.makeObjCIvarRef( 856 M.makeLvalueToRvalue(M.makeDeclRefExpr(selfVar), selfVar->getType()), 857 IVar); 858 859 if (!MD->getReturnType()->isReferenceType()) 860 loadedIVar = M.makeLvalueToRvalue(loadedIVar, IVar->getType()); 861 862 return M.makeReturn(loadedIVar); 863 } 864 865 Stmt *BodyFarm::getBody(const ObjCMethodDecl *D) { 866 // We currently only know how to synthesize property accessors. 867 if (!D->isPropertyAccessor()) 868 return nullptr; 869 870 D = D->getCanonicalDecl(); 871 872 // We should not try to synthesize explicitly redefined accessors. 873 // We do not know for sure how they behave. 874 if (!D->isImplicit()) 875 return nullptr; 876 877 std::optional<Stmt *> &Val = Bodies[D]; 878 if (Val) 879 return *Val; 880 Val = nullptr; 881 882 // For now, we only synthesize getters. 883 // Synthesizing setters would cause false negatives in the 884 // RetainCountChecker because the method body would bind the parameter 885 // to an instance variable, causing it to escape. This would prevent 886 // warning in the following common scenario: 887 // 888 // id foo = [[NSObject alloc] init]; 889 // self.foo = foo; // We should warn that foo leaks here. 890 // 891 if (D->param_size() != 0) 892 return nullptr; 893 894 // If the property was defined in an extension, search the extensions for 895 // overrides. 896 const ObjCInterfaceDecl *OID = D->getClassInterface(); 897 if (dyn_cast<ObjCInterfaceDecl>(D->getParent()) != OID) 898 for (auto *Ext : OID->known_extensions()) { 899 auto *OMD = Ext->getInstanceMethod(D->getSelector()); 900 if (OMD && !OMD->isImplicit()) 901 return nullptr; 902 } 903 904 Val = createObjCPropertyGetter(C, D); 905 906 return *Val; 907 } 908