1 //== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // BodyFarm is a factory for creating faux implementations for functions/methods 10 // for analysis purposes. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "clang/Analysis/BodyFarm.h" 15 #include "clang/AST/ASTContext.h" 16 #include "clang/AST/CXXInheritance.h" 17 #include "clang/AST/Decl.h" 18 #include "clang/AST/Expr.h" 19 #include "clang/AST/ExprCXX.h" 20 #include "clang/AST/ExprObjC.h" 21 #include "clang/AST/NestedNameSpecifier.h" 22 #include "clang/Analysis/CodeInjector.h" 23 #include "clang/Basic/Builtins.h" 24 #include "clang/Basic/OperatorKinds.h" 25 #include "llvm/ADT/StringSwitch.h" 26 #include "llvm/Support/Debug.h" 27 28 #define DEBUG_TYPE "body-farm" 29 30 using namespace clang; 31 32 //===----------------------------------------------------------------------===// 33 // Helper creation functions for constructing faux ASTs. 34 //===----------------------------------------------------------------------===// 35 36 static bool isDispatchBlock(QualType Ty) { 37 // Is it a block pointer? 38 const BlockPointerType *BPT = Ty->getAs<BlockPointerType>(); 39 if (!BPT) 40 return false; 41 42 // Check if the block pointer type takes no arguments and 43 // returns void. 44 const FunctionProtoType *FT = 45 BPT->getPointeeType()->getAs<FunctionProtoType>(); 46 return FT && FT->getReturnType()->isVoidType() && FT->getNumParams() == 0; 47 } 48 49 namespace { 50 class ASTMaker { 51 public: 52 ASTMaker(ASTContext &C) : C(C) {} 53 54 /// Create a new BinaryOperator representing a simple assignment. 55 BinaryOperator *makeAssignment(const Expr *LHS, const Expr *RHS, QualType Ty); 56 57 /// Create a new BinaryOperator representing a comparison. 58 BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS, 59 BinaryOperator::Opcode Op); 60 61 /// Create a new compound stmt using the provided statements. 62 CompoundStmt *makeCompound(ArrayRef<Stmt*>); 63 64 /// Create a new DeclRefExpr for the referenced variable. 65 DeclRefExpr *makeDeclRefExpr(const VarDecl *D, 66 bool RefersToEnclosingVariableOrCapture = false); 67 68 /// Create a new UnaryOperator representing a dereference. 69 UnaryOperator *makeDereference(const Expr *Arg, QualType Ty); 70 71 /// Create an implicit cast for an integer conversion. 72 Expr *makeIntegralCast(const Expr *Arg, QualType Ty); 73 74 /// Create an implicit cast to a builtin boolean type. 75 ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg); 76 77 /// Create an implicit cast for lvalue-to-rvaluate conversions. 78 ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty); 79 80 /// Make RValue out of variable declaration, creating a temporary 81 /// DeclRefExpr in the process. 82 ImplicitCastExpr * 83 makeLvalueToRvalue(const VarDecl *Decl, 84 bool RefersToEnclosingVariableOrCapture = false); 85 86 /// Create an implicit cast of the given type. 87 ImplicitCastExpr *makeImplicitCast(const Expr *Arg, QualType Ty, 88 CastKind CK = CK_LValueToRValue); 89 90 /// Create a cast to reference type. 91 CastExpr *makeReferenceCast(const Expr *Arg, QualType Ty); 92 93 /// Create an Objective-C bool literal. 94 ObjCBoolLiteralExpr *makeObjCBool(bool Val); 95 96 /// Create an Objective-C ivar reference. 97 ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar); 98 99 /// Create a Return statement. 100 ReturnStmt *makeReturn(const Expr *RetVal); 101 102 /// Create an integer literal expression of the given type. 103 IntegerLiteral *makeIntegerLiteral(uint64_t Value, QualType Ty); 104 105 /// Create a member expression. 106 MemberExpr *makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 107 bool IsArrow = false, 108 ExprValueKind ValueKind = VK_LValue); 109 110 /// Returns a *first* member field of a record declaration with a given name. 111 /// \return an nullptr if no member with such a name exists. 112 ValueDecl *findMemberField(const RecordDecl *RD, StringRef Name); 113 114 private: 115 ASTContext &C; 116 }; 117 } 118 119 BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS, 120 QualType Ty) { 121 return BinaryOperator::Create( 122 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), BO_Assign, Ty, 123 VK_PRValue, OK_Ordinary, SourceLocation(), FPOptionsOverride()); 124 } 125 126 BinaryOperator *ASTMaker::makeComparison(const Expr *LHS, const Expr *RHS, 127 BinaryOperator::Opcode Op) { 128 assert(BinaryOperator::isLogicalOp(Op) || 129 BinaryOperator::isComparisonOp(Op)); 130 return BinaryOperator::Create( 131 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), Op, 132 C.getLogicalOperationType(), VK_PRValue, OK_Ordinary, SourceLocation(), 133 FPOptionsOverride()); 134 } 135 136 CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) { 137 return CompoundStmt::Create(C, Stmts, FPOptionsOverride(), SourceLocation(), 138 SourceLocation()); 139 } 140 141 DeclRefExpr *ASTMaker::makeDeclRefExpr( 142 const VarDecl *D, 143 bool RefersToEnclosingVariableOrCapture) { 144 QualType Type = D->getType().getNonReferenceType(); 145 146 DeclRefExpr *DR = DeclRefExpr::Create( 147 C, NestedNameSpecifierLoc(), SourceLocation(), const_cast<VarDecl *>(D), 148 RefersToEnclosingVariableOrCapture, SourceLocation(), Type, VK_LValue); 149 return DR; 150 } 151 152 UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) { 153 return UnaryOperator::Create(C, const_cast<Expr *>(Arg), UO_Deref, Ty, 154 VK_LValue, OK_Ordinary, SourceLocation(), 155 /*CanOverflow*/ false, FPOptionsOverride()); 156 } 157 158 ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) { 159 return makeImplicitCast(Arg, Ty, CK_LValueToRValue); 160 } 161 162 ImplicitCastExpr * 163 ASTMaker::makeLvalueToRvalue(const VarDecl *Arg, 164 bool RefersToEnclosingVariableOrCapture) { 165 QualType Type = Arg->getType().getNonReferenceType(); 166 return makeLvalueToRvalue(makeDeclRefExpr(Arg, 167 RefersToEnclosingVariableOrCapture), 168 Type); 169 } 170 171 ImplicitCastExpr *ASTMaker::makeImplicitCast(const Expr *Arg, QualType Ty, 172 CastKind CK) { 173 return ImplicitCastExpr::Create(C, Ty, 174 /* CastKind=*/CK, 175 /* Expr=*/const_cast<Expr *>(Arg), 176 /* CXXCastPath=*/nullptr, 177 /* ExprValueKind=*/VK_PRValue, 178 /* FPFeatures */ FPOptionsOverride()); 179 } 180 181 CastExpr *ASTMaker::makeReferenceCast(const Expr *Arg, QualType Ty) { 182 assert(Ty->isReferenceType()); 183 return CXXStaticCastExpr::Create( 184 C, Ty.getNonReferenceType(), 185 Ty->isLValueReferenceType() ? VK_LValue : VK_XValue, CK_NoOp, 186 const_cast<Expr *>(Arg), /*CXXCastPath=*/nullptr, 187 /*Written=*/C.getTrivialTypeSourceInfo(Ty), FPOptionsOverride(), 188 SourceLocation(), SourceLocation(), SourceRange()); 189 } 190 191 Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) { 192 if (Arg->getType() == Ty) 193 return const_cast<Expr*>(Arg); 194 return makeImplicitCast(Arg, Ty, CK_IntegralCast); 195 } 196 197 ImplicitCastExpr *ASTMaker::makeIntegralCastToBoolean(const Expr *Arg) { 198 return makeImplicitCast(Arg, C.BoolTy, CK_IntegralToBoolean); 199 } 200 201 ObjCBoolLiteralExpr *ASTMaker::makeObjCBool(bool Val) { 202 QualType Ty = C.getBOOLDecl() ? C.getBOOLType() : C.ObjCBuiltinBoolTy; 203 return new (C) ObjCBoolLiteralExpr(Val, Ty, SourceLocation()); 204 } 205 206 ObjCIvarRefExpr *ASTMaker::makeObjCIvarRef(const Expr *Base, 207 const ObjCIvarDecl *IVar) { 208 return new (C) ObjCIvarRefExpr(const_cast<ObjCIvarDecl*>(IVar), 209 IVar->getType(), SourceLocation(), 210 SourceLocation(), const_cast<Expr*>(Base), 211 /*arrow=*/true, /*free=*/false); 212 } 213 214 ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) { 215 return ReturnStmt::Create(C, SourceLocation(), const_cast<Expr *>(RetVal), 216 /* NRVOCandidate=*/nullptr); 217 } 218 219 IntegerLiteral *ASTMaker::makeIntegerLiteral(uint64_t Value, QualType Ty) { 220 llvm::APInt APValue = llvm::APInt(C.getTypeSize(Ty), Value); 221 return IntegerLiteral::Create(C, APValue, Ty, SourceLocation()); 222 } 223 224 MemberExpr *ASTMaker::makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 225 bool IsArrow, 226 ExprValueKind ValueKind) { 227 228 DeclAccessPair FoundDecl = DeclAccessPair::make(MemberDecl, AS_public); 229 return MemberExpr::Create( 230 C, base, IsArrow, SourceLocation(), NestedNameSpecifierLoc(), 231 SourceLocation(), MemberDecl, FoundDecl, 232 DeclarationNameInfo(MemberDecl->getDeclName(), SourceLocation()), 233 /* TemplateArgumentListInfo=*/ nullptr, MemberDecl->getType(), ValueKind, 234 OK_Ordinary, NOUR_None); 235 } 236 237 ValueDecl *ASTMaker::findMemberField(const RecordDecl *RD, StringRef Name) { 238 239 CXXBasePaths Paths( 240 /* FindAmbiguities=*/false, 241 /* RecordPaths=*/false, 242 /* DetectVirtual=*/ false); 243 const IdentifierInfo &II = C.Idents.get(Name); 244 DeclarationName DeclName = C.DeclarationNames.getIdentifier(&II); 245 246 DeclContextLookupResult Decls = RD->lookup(DeclName); 247 for (NamedDecl *FoundDecl : Decls) 248 if (!FoundDecl->getDeclContext()->isFunctionOrMethod()) 249 return cast<ValueDecl>(FoundDecl); 250 251 return nullptr; 252 } 253 254 //===----------------------------------------------------------------------===// 255 // Creation functions for faux ASTs. 256 //===----------------------------------------------------------------------===// 257 258 typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D); 259 260 static CallExpr *create_call_once_funcptr_call(ASTContext &C, ASTMaker M, 261 const ParmVarDecl *Callback, 262 ArrayRef<Expr *> CallArgs) { 263 264 QualType Ty = Callback->getType(); 265 DeclRefExpr *Call = M.makeDeclRefExpr(Callback); 266 Expr *SubExpr; 267 if (Ty->isRValueReferenceType()) { 268 SubExpr = M.makeImplicitCast( 269 Call, Ty.getNonReferenceType(), CK_LValueToRValue); 270 } else if (Ty->isLValueReferenceType() && 271 Call->getType()->isFunctionType()) { 272 Ty = C.getPointerType(Ty.getNonReferenceType()); 273 SubExpr = M.makeImplicitCast(Call, Ty, CK_FunctionToPointerDecay); 274 } else if (Ty->isLValueReferenceType() 275 && Call->getType()->isPointerType() 276 && Call->getType()->getPointeeType()->isFunctionType()){ 277 SubExpr = Call; 278 } else { 279 llvm_unreachable("Unexpected state"); 280 } 281 282 return CallExpr::Create(C, SubExpr, CallArgs, C.VoidTy, VK_PRValue, 283 SourceLocation(), FPOptionsOverride()); 284 } 285 286 static CallExpr *create_call_once_lambda_call(ASTContext &C, ASTMaker M, 287 const ParmVarDecl *Callback, 288 CXXRecordDecl *CallbackDecl, 289 ArrayRef<Expr *> CallArgs) { 290 assert(CallbackDecl != nullptr); 291 assert(CallbackDecl->isLambda()); 292 FunctionDecl *callOperatorDecl = CallbackDecl->getLambdaCallOperator(); 293 assert(callOperatorDecl != nullptr); 294 295 DeclRefExpr *callOperatorDeclRef = 296 DeclRefExpr::Create(/* Ctx =*/ C, 297 /* QualifierLoc =*/ NestedNameSpecifierLoc(), 298 /* TemplateKWLoc =*/ SourceLocation(), 299 const_cast<FunctionDecl *>(callOperatorDecl), 300 /* RefersToEnclosingVariableOrCapture=*/ false, 301 /* NameLoc =*/ SourceLocation(), 302 /* T =*/ callOperatorDecl->getType(), 303 /* VK =*/ VK_LValue); 304 305 return CXXOperatorCallExpr::Create( 306 /*AstContext=*/C, OO_Call, callOperatorDeclRef, 307 /*Args=*/CallArgs, 308 /*QualType=*/C.VoidTy, 309 /*ExprValueType=*/VK_PRValue, 310 /*SourceLocation=*/SourceLocation(), 311 /*FPFeatures=*/FPOptionsOverride()); 312 } 313 314 /// Create a fake body for 'std::move' or 'std::forward'. This is just: 315 /// 316 /// \code 317 /// return static_cast<return_type>(param); 318 /// \endcode 319 static Stmt *create_std_move_forward(ASTContext &C, const FunctionDecl *D) { 320 LLVM_DEBUG(llvm::dbgs() << "Generating body for std::move / std::forward\n"); 321 322 ASTMaker M(C); 323 324 QualType ReturnType = D->getType()->castAs<FunctionType>()->getReturnType(); 325 Expr *Param = M.makeDeclRefExpr(D->getParamDecl(0)); 326 Expr *Cast = M.makeReferenceCast(Param, ReturnType); 327 return M.makeReturn(Cast); 328 } 329 330 /// Create a fake body for std::call_once. 331 /// Emulates the following function body: 332 /// 333 /// \code 334 /// typedef struct once_flag_s { 335 /// unsigned long __state = 0; 336 /// } once_flag; 337 /// template<class Callable> 338 /// void call_once(once_flag& o, Callable func) { 339 /// if (!o.__state) { 340 /// func(); 341 /// } 342 /// o.__state = 1; 343 /// } 344 /// \endcode 345 static Stmt *create_call_once(ASTContext &C, const FunctionDecl *D) { 346 LLVM_DEBUG(llvm::dbgs() << "Generating body for call_once\n"); 347 348 // We need at least two parameters. 349 if (D->param_size() < 2) 350 return nullptr; 351 352 ASTMaker M(C); 353 354 const ParmVarDecl *Flag = D->getParamDecl(0); 355 const ParmVarDecl *Callback = D->getParamDecl(1); 356 357 if (!Callback->getType()->isReferenceType()) { 358 llvm::dbgs() << "libcxx03 std::call_once implementation, skipping.\n"; 359 return nullptr; 360 } 361 if (!Flag->getType()->isReferenceType()) { 362 llvm::dbgs() << "unknown std::call_once implementation, skipping.\n"; 363 return nullptr; 364 } 365 366 QualType CallbackType = Callback->getType().getNonReferenceType(); 367 368 // Nullable pointer, non-null iff function is a CXXRecordDecl. 369 CXXRecordDecl *CallbackRecordDecl = CallbackType->getAsCXXRecordDecl(); 370 QualType FlagType = Flag->getType().getNonReferenceType(); 371 auto *FlagRecordDecl = FlagType->getAsRecordDecl(); 372 373 if (!FlagRecordDecl) { 374 LLVM_DEBUG(llvm::dbgs() << "Flag field is not a record: " 375 << "unknown std::call_once implementation, " 376 << "ignoring the call.\n"); 377 return nullptr; 378 } 379 380 // We initially assume libc++ implementation of call_once, 381 // where the once_flag struct has a field `__state_`. 382 ValueDecl *FlagFieldDecl = M.findMemberField(FlagRecordDecl, "__state_"); 383 384 // Otherwise, try libstdc++ implementation, with a field 385 // `_M_once` 386 if (!FlagFieldDecl) { 387 FlagFieldDecl = M.findMemberField(FlagRecordDecl, "_M_once"); 388 } 389 390 if (!FlagFieldDecl) { 391 LLVM_DEBUG(llvm::dbgs() << "No field _M_once or __state_ found on " 392 << "std::once_flag struct: unknown std::call_once " 393 << "implementation, ignoring the call."); 394 return nullptr; 395 } 396 397 bool isLambdaCall = CallbackRecordDecl && CallbackRecordDecl->isLambda(); 398 if (CallbackRecordDecl && !isLambdaCall) { 399 LLVM_DEBUG(llvm::dbgs() 400 << "Not supported: synthesizing body for functors when " 401 << "body farming std::call_once, ignoring the call."); 402 return nullptr; 403 } 404 405 SmallVector<Expr *, 5> CallArgs; 406 const FunctionProtoType *CallbackFunctionType; 407 if (isLambdaCall) { 408 409 // Lambda requires callback itself inserted as a first parameter. 410 CallArgs.push_back( 411 M.makeDeclRefExpr(Callback, 412 /* RefersToEnclosingVariableOrCapture=*/ true)); 413 CallbackFunctionType = CallbackRecordDecl->getLambdaCallOperator() 414 ->getType() 415 ->getAs<FunctionProtoType>(); 416 } else if (!CallbackType->getPointeeType().isNull()) { 417 CallbackFunctionType = 418 CallbackType->getPointeeType()->getAs<FunctionProtoType>(); 419 } else { 420 CallbackFunctionType = CallbackType->getAs<FunctionProtoType>(); 421 } 422 423 if (!CallbackFunctionType) 424 return nullptr; 425 426 // First two arguments are used for the flag and for the callback. 427 if (D->getNumParams() != CallbackFunctionType->getNumParams() + 2) { 428 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 429 << "params passed to std::call_once, " 430 << "ignoring the call\n"); 431 return nullptr; 432 } 433 434 // All arguments past first two ones are passed to the callback, 435 // and we turn lvalues into rvalues if the argument is not passed by 436 // reference. 437 for (unsigned int ParamIdx = 2; ParamIdx < D->getNumParams(); ParamIdx++) { 438 const ParmVarDecl *PDecl = D->getParamDecl(ParamIdx); 439 assert(PDecl); 440 if (CallbackFunctionType->getParamType(ParamIdx - 2) 441 .getNonReferenceType() 442 .getCanonicalType() != 443 PDecl->getType().getNonReferenceType().getCanonicalType()) { 444 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 445 << "params passed to std::call_once, " 446 << "ignoring the call\n"); 447 return nullptr; 448 } 449 Expr *ParamExpr = M.makeDeclRefExpr(PDecl); 450 if (!CallbackFunctionType->getParamType(ParamIdx - 2)->isReferenceType()) { 451 QualType PTy = PDecl->getType().getNonReferenceType(); 452 ParamExpr = M.makeLvalueToRvalue(ParamExpr, PTy); 453 } 454 CallArgs.push_back(ParamExpr); 455 } 456 457 CallExpr *CallbackCall; 458 if (isLambdaCall) { 459 460 CallbackCall = create_call_once_lambda_call(C, M, Callback, 461 CallbackRecordDecl, CallArgs); 462 } else { 463 464 // Function pointer case. 465 CallbackCall = create_call_once_funcptr_call(C, M, Callback, CallArgs); 466 } 467 468 DeclRefExpr *FlagDecl = 469 M.makeDeclRefExpr(Flag, 470 /* RefersToEnclosingVariableOrCapture=*/true); 471 472 473 MemberExpr *Deref = M.makeMemberExpression(FlagDecl, FlagFieldDecl); 474 assert(Deref->isLValue()); 475 QualType DerefType = Deref->getType(); 476 477 // Negation predicate. 478 UnaryOperator *FlagCheck = UnaryOperator::Create( 479 C, 480 /* input=*/ 481 M.makeImplicitCast(M.makeLvalueToRvalue(Deref, DerefType), DerefType, 482 CK_IntegralToBoolean), 483 /* opc=*/UO_LNot, 484 /* QualType=*/C.IntTy, 485 /* ExprValueKind=*/VK_PRValue, 486 /* ExprObjectKind=*/OK_Ordinary, SourceLocation(), 487 /* CanOverflow*/ false, FPOptionsOverride()); 488 489 // Create assignment. 490 BinaryOperator *FlagAssignment = M.makeAssignment( 491 Deref, M.makeIntegralCast(M.makeIntegerLiteral(1, C.IntTy), DerefType), 492 DerefType); 493 494 auto *Out = 495 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 496 /* Init=*/nullptr, 497 /* Var=*/nullptr, 498 /* Cond=*/FlagCheck, 499 /* LPL=*/SourceLocation(), 500 /* RPL=*/SourceLocation(), 501 /* Then=*/M.makeCompound({CallbackCall, FlagAssignment})); 502 503 return Out; 504 } 505 506 /// Create a fake body for dispatch_once. 507 static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) { 508 // Check if we have at least two parameters. 509 if (D->param_size() != 2) 510 return nullptr; 511 512 // Check if the first parameter is a pointer to integer type. 513 const ParmVarDecl *Predicate = D->getParamDecl(0); 514 QualType PredicateQPtrTy = Predicate->getType(); 515 const PointerType *PredicatePtrTy = PredicateQPtrTy->getAs<PointerType>(); 516 if (!PredicatePtrTy) 517 return nullptr; 518 QualType PredicateTy = PredicatePtrTy->getPointeeType(); 519 if (!PredicateTy->isIntegerType()) 520 return nullptr; 521 522 // Check if the second parameter is the proper block type. 523 const ParmVarDecl *Block = D->getParamDecl(1); 524 QualType Ty = Block->getType(); 525 if (!isDispatchBlock(Ty)) 526 return nullptr; 527 528 // Everything checks out. Create a fakse body that checks the predicate, 529 // sets it, and calls the block. Basically, an AST dump of: 530 // 531 // void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block) { 532 // if (*predicate != ~0l) { 533 // *predicate = ~0l; 534 // block(); 535 // } 536 // } 537 538 ASTMaker M(C); 539 540 // (1) Create the call. 541 CallExpr *CE = CallExpr::Create( 542 /*ASTContext=*/C, 543 /*StmtClass=*/M.makeLvalueToRvalue(/*Expr=*/Block), 544 /*Args=*/None, 545 /*QualType=*/C.VoidTy, 546 /*ExprValueType=*/VK_PRValue, 547 /*SourceLocation=*/SourceLocation(), FPOptionsOverride()); 548 549 // (2) Create the assignment to the predicate. 550 Expr *DoneValue = 551 UnaryOperator::Create(C, M.makeIntegerLiteral(0, C.LongTy), UO_Not, 552 C.LongTy, VK_PRValue, OK_Ordinary, SourceLocation(), 553 /*CanOverflow*/ false, FPOptionsOverride()); 554 555 BinaryOperator *B = 556 M.makeAssignment( 557 M.makeDereference( 558 M.makeLvalueToRvalue( 559 M.makeDeclRefExpr(Predicate), PredicateQPtrTy), 560 PredicateTy), 561 M.makeIntegralCast(DoneValue, PredicateTy), 562 PredicateTy); 563 564 // (3) Create the compound statement. 565 Stmt *Stmts[] = { B, CE }; 566 CompoundStmt *CS = M.makeCompound(Stmts); 567 568 // (4) Create the 'if' condition. 569 ImplicitCastExpr *LValToRval = 570 M.makeLvalueToRvalue( 571 M.makeDereference( 572 M.makeLvalueToRvalue( 573 M.makeDeclRefExpr(Predicate), 574 PredicateQPtrTy), 575 PredicateTy), 576 PredicateTy); 577 578 Expr *GuardCondition = M.makeComparison(LValToRval, DoneValue, BO_NE); 579 // (5) Create the 'if' statement. 580 auto *If = IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 581 /* Init=*/nullptr, 582 /* Var=*/nullptr, 583 /* Cond=*/GuardCondition, 584 /* LPL=*/SourceLocation(), 585 /* RPL=*/SourceLocation(), 586 /* Then=*/CS); 587 return If; 588 } 589 590 /// Create a fake body for dispatch_sync. 591 static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) { 592 // Check if we have at least two parameters. 593 if (D->param_size() != 2) 594 return nullptr; 595 596 // Check if the second parameter is a block. 597 const ParmVarDecl *PV = D->getParamDecl(1); 598 QualType Ty = PV->getType(); 599 if (!isDispatchBlock(Ty)) 600 return nullptr; 601 602 // Everything checks out. Create a fake body that just calls the block. 603 // This is basically just an AST dump of: 604 // 605 // void dispatch_sync(dispatch_queue_t queue, void (^block)(void)) { 606 // block(); 607 // } 608 // 609 ASTMaker M(C); 610 DeclRefExpr *DR = M.makeDeclRefExpr(PV); 611 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty); 612 CallExpr *CE = CallExpr::Create(C, ICE, None, C.VoidTy, VK_PRValue, 613 SourceLocation(), FPOptionsOverride()); 614 return CE; 615 } 616 617 static Stmt *create_OSAtomicCompareAndSwap(ASTContext &C, const FunctionDecl *D) 618 { 619 // There are exactly 3 arguments. 620 if (D->param_size() != 3) 621 return nullptr; 622 623 // Signature: 624 // _Bool OSAtomicCompareAndSwapPtr(void *__oldValue, 625 // void *__newValue, 626 // void * volatile *__theValue) 627 // Generate body: 628 // if (oldValue == *theValue) { 629 // *theValue = newValue; 630 // return YES; 631 // } 632 // else return NO; 633 634 QualType ResultTy = D->getReturnType(); 635 bool isBoolean = ResultTy->isBooleanType(); 636 if (!isBoolean && !ResultTy->isIntegralType(C)) 637 return nullptr; 638 639 const ParmVarDecl *OldValue = D->getParamDecl(0); 640 QualType OldValueTy = OldValue->getType(); 641 642 const ParmVarDecl *NewValue = D->getParamDecl(1); 643 QualType NewValueTy = NewValue->getType(); 644 645 assert(OldValueTy == NewValueTy); 646 647 const ParmVarDecl *TheValue = D->getParamDecl(2); 648 QualType TheValueTy = TheValue->getType(); 649 const PointerType *PT = TheValueTy->getAs<PointerType>(); 650 if (!PT) 651 return nullptr; 652 QualType PointeeTy = PT->getPointeeType(); 653 654 ASTMaker M(C); 655 // Construct the comparison. 656 Expr *Comparison = 657 M.makeComparison( 658 M.makeLvalueToRvalue(M.makeDeclRefExpr(OldValue), OldValueTy), 659 M.makeLvalueToRvalue( 660 M.makeDereference( 661 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 662 PointeeTy), 663 PointeeTy), 664 BO_EQ); 665 666 // Construct the body of the IfStmt. 667 Stmt *Stmts[2]; 668 Stmts[0] = 669 M.makeAssignment( 670 M.makeDereference( 671 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 672 PointeeTy), 673 M.makeLvalueToRvalue(M.makeDeclRefExpr(NewValue), NewValueTy), 674 NewValueTy); 675 676 Expr *BoolVal = M.makeObjCBool(true); 677 Expr *RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 678 : M.makeIntegralCast(BoolVal, ResultTy); 679 Stmts[1] = M.makeReturn(RetVal); 680 CompoundStmt *Body = M.makeCompound(Stmts); 681 682 // Construct the else clause. 683 BoolVal = M.makeObjCBool(false); 684 RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 685 : M.makeIntegralCast(BoolVal, ResultTy); 686 Stmt *Else = M.makeReturn(RetVal); 687 688 /// Construct the If. 689 auto *If = 690 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 691 /* Init=*/nullptr, 692 /* Var=*/nullptr, Comparison, 693 /* LPL=*/SourceLocation(), 694 /* RPL=*/SourceLocation(), Body, SourceLocation(), Else); 695 696 return If; 697 } 698 699 Stmt *BodyFarm::getBody(const FunctionDecl *D) { 700 Optional<Stmt *> &Val = Bodies[D]; 701 if (Val) 702 return Val.value(); 703 704 Val = nullptr; 705 706 if (D->getIdentifier() == nullptr) 707 return nullptr; 708 709 StringRef Name = D->getName(); 710 if (Name.empty()) 711 return nullptr; 712 713 FunctionFarmer FF; 714 715 if (unsigned BuiltinID = D->getBuiltinID()) { 716 switch (BuiltinID) { 717 case Builtin::BIas_const: 718 case Builtin::BIforward: 719 case Builtin::BImove: 720 case Builtin::BImove_if_noexcept: 721 FF = create_std_move_forward; 722 break; 723 default: 724 FF = nullptr; 725 break; 726 } 727 } else if (Name.startswith("OSAtomicCompareAndSwap") || 728 Name.startswith("objc_atomicCompareAndSwap")) { 729 FF = create_OSAtomicCompareAndSwap; 730 } else if (Name == "call_once" && D->getDeclContext()->isStdNamespace()) { 731 FF = create_call_once; 732 } else { 733 FF = llvm::StringSwitch<FunctionFarmer>(Name) 734 .Case("dispatch_sync", create_dispatch_sync) 735 .Case("dispatch_once", create_dispatch_once) 736 .Default(nullptr); 737 } 738 739 if (FF) { Val = FF(C, D); } 740 else if (Injector) { Val = Injector->getBody(D); } 741 return *Val; 742 } 743 744 static const ObjCIvarDecl *findBackingIvar(const ObjCPropertyDecl *Prop) { 745 const ObjCIvarDecl *IVar = Prop->getPropertyIvarDecl(); 746 747 if (IVar) 748 return IVar; 749 750 // When a readonly property is shadowed in a class extensions with a 751 // a readwrite property, the instance variable belongs to the shadowing 752 // property rather than the shadowed property. If there is no instance 753 // variable on a readonly property, check to see whether the property is 754 // shadowed and if so try to get the instance variable from shadowing 755 // property. 756 if (!Prop->isReadOnly()) 757 return nullptr; 758 759 auto *Container = cast<ObjCContainerDecl>(Prop->getDeclContext()); 760 const ObjCInterfaceDecl *PrimaryInterface = nullptr; 761 if (auto *InterfaceDecl = dyn_cast<ObjCInterfaceDecl>(Container)) { 762 PrimaryInterface = InterfaceDecl; 763 } else if (auto *CategoryDecl = dyn_cast<ObjCCategoryDecl>(Container)) { 764 PrimaryInterface = CategoryDecl->getClassInterface(); 765 } else if (auto *ImplDecl = dyn_cast<ObjCImplDecl>(Container)) { 766 PrimaryInterface = ImplDecl->getClassInterface(); 767 } else { 768 return nullptr; 769 } 770 771 // FindPropertyVisibleInPrimaryClass() looks first in class extensions, so it 772 // is guaranteed to find the shadowing property, if it exists, rather than 773 // the shadowed property. 774 auto *ShadowingProp = PrimaryInterface->FindPropertyVisibleInPrimaryClass( 775 Prop->getIdentifier(), Prop->getQueryKind()); 776 if (ShadowingProp && ShadowingProp != Prop) { 777 IVar = ShadowingProp->getPropertyIvarDecl(); 778 } 779 780 return IVar; 781 } 782 783 static Stmt *createObjCPropertyGetter(ASTContext &Ctx, 784 const ObjCMethodDecl *MD) { 785 // First, find the backing ivar. 786 const ObjCIvarDecl *IVar = nullptr; 787 const ObjCPropertyDecl *Prop = nullptr; 788 789 // Property accessor stubs sometimes do not correspond to any property decl 790 // in the current interface (but in a superclass). They still have a 791 // corresponding property impl decl in this case. 792 if (MD->isSynthesizedAccessorStub()) { 793 const ObjCInterfaceDecl *IntD = MD->getClassInterface(); 794 const ObjCImplementationDecl *ImpD = IntD->getImplementation(); 795 for (const auto *PI : ImpD->property_impls()) { 796 if (const ObjCPropertyDecl *Candidate = PI->getPropertyDecl()) { 797 if (Candidate->getGetterName() == MD->getSelector()) { 798 Prop = Candidate; 799 IVar = Prop->getPropertyIvarDecl(); 800 } 801 } 802 } 803 } 804 805 if (!IVar) { 806 Prop = MD->findPropertyDecl(); 807 IVar = findBackingIvar(Prop); 808 } 809 810 if (!IVar || !Prop) 811 return nullptr; 812 813 // Ignore weak variables, which have special behavior. 814 if (Prop->getPropertyAttributes() & ObjCPropertyAttribute::kind_weak) 815 return nullptr; 816 817 // Look to see if Sema has synthesized a body for us. This happens in 818 // Objective-C++ because the return value may be a C++ class type with a 819 // non-trivial copy constructor. We can only do this if we can find the 820 // @synthesize for this property, though (or if we know it's been auto- 821 // synthesized). 822 const ObjCImplementationDecl *ImplDecl = 823 IVar->getContainingInterface()->getImplementation(); 824 if (ImplDecl) { 825 for (const auto *I : ImplDecl->property_impls()) { 826 if (I->getPropertyDecl() != Prop) 827 continue; 828 829 if (I->getGetterCXXConstructor()) { 830 ASTMaker M(Ctx); 831 return M.makeReturn(I->getGetterCXXConstructor()); 832 } 833 } 834 } 835 836 // We expect that the property is the same type as the ivar, or a reference to 837 // it, and that it is either an object pointer or trivially copyable. 838 if (!Ctx.hasSameUnqualifiedType(IVar->getType(), 839 Prop->getType().getNonReferenceType())) 840 return nullptr; 841 if (!IVar->getType()->isObjCLifetimeType() && 842 !IVar->getType().isTriviallyCopyableType(Ctx)) 843 return nullptr; 844 845 // Generate our body: 846 // return self->_ivar; 847 ASTMaker M(Ctx); 848 849 const VarDecl *selfVar = MD->getSelfDecl(); 850 if (!selfVar) 851 return nullptr; 852 853 Expr *loadedIVar = M.makeObjCIvarRef( 854 M.makeLvalueToRvalue(M.makeDeclRefExpr(selfVar), selfVar->getType()), 855 IVar); 856 857 if (!MD->getReturnType()->isReferenceType()) 858 loadedIVar = M.makeLvalueToRvalue(loadedIVar, IVar->getType()); 859 860 return M.makeReturn(loadedIVar); 861 } 862 863 Stmt *BodyFarm::getBody(const ObjCMethodDecl *D) { 864 // We currently only know how to synthesize property accessors. 865 if (!D->isPropertyAccessor()) 866 return nullptr; 867 868 D = D->getCanonicalDecl(); 869 870 // We should not try to synthesize explicitly redefined accessors. 871 // We do not know for sure how they behave. 872 if (!D->isImplicit()) 873 return nullptr; 874 875 Optional<Stmt *> &Val = Bodies[D]; 876 if (Val) 877 return Val.value(); 878 Val = nullptr; 879 880 // For now, we only synthesize getters. 881 // Synthesizing setters would cause false negatives in the 882 // RetainCountChecker because the method body would bind the parameter 883 // to an instance variable, causing it to escape. This would prevent 884 // warning in the following common scenario: 885 // 886 // id foo = [[NSObject alloc] init]; 887 // self.foo = foo; // We should warn that foo leaks here. 888 // 889 if (D->param_size() != 0) 890 return nullptr; 891 892 // If the property was defined in an extension, search the extensions for 893 // overrides. 894 const ObjCInterfaceDecl *OID = D->getClassInterface(); 895 if (dyn_cast<ObjCInterfaceDecl>(D->getParent()) != OID) 896 for (auto *Ext : OID->known_extensions()) { 897 auto *OMD = Ext->getInstanceMethod(D->getSelector()); 898 if (OMD && !OMD->isImplicit()) 899 return nullptr; 900 } 901 902 Val = createObjCPropertyGetter(C, D); 903 904 return *Val; 905 } 906