1 //== BodyFarm.cpp - Factory for conjuring up fake bodies ----------*- C++ -*-// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // BodyFarm is a factory for creating faux implementations for functions/methods 10 // for analysis purposes. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "clang/Analysis/BodyFarm.h" 15 #include "clang/AST/ASTContext.h" 16 #include "clang/AST/CXXInheritance.h" 17 #include "clang/AST/Decl.h" 18 #include "clang/AST/Expr.h" 19 #include "clang/AST/ExprCXX.h" 20 #include "clang/AST/ExprObjC.h" 21 #include "clang/AST/NestedNameSpecifier.h" 22 #include "clang/Analysis/CodeInjector.h" 23 #include "clang/Basic/OperatorKinds.h" 24 #include "llvm/ADT/StringSwitch.h" 25 #include "llvm/Support/Debug.h" 26 27 #define DEBUG_TYPE "body-farm" 28 29 using namespace clang; 30 31 //===----------------------------------------------------------------------===// 32 // Helper creation functions for constructing faux ASTs. 33 //===----------------------------------------------------------------------===// 34 35 static bool isDispatchBlock(QualType Ty) { 36 // Is it a block pointer? 37 const BlockPointerType *BPT = Ty->getAs<BlockPointerType>(); 38 if (!BPT) 39 return false; 40 41 // Check if the block pointer type takes no arguments and 42 // returns void. 43 const FunctionProtoType *FT = 44 BPT->getPointeeType()->getAs<FunctionProtoType>(); 45 return FT && FT->getReturnType()->isVoidType() && FT->getNumParams() == 0; 46 } 47 48 namespace { 49 class ASTMaker { 50 public: 51 ASTMaker(ASTContext &C) : C(C) {} 52 53 /// Create a new BinaryOperator representing a simple assignment. 54 BinaryOperator *makeAssignment(const Expr *LHS, const Expr *RHS, QualType Ty); 55 56 /// Create a new BinaryOperator representing a comparison. 57 BinaryOperator *makeComparison(const Expr *LHS, const Expr *RHS, 58 BinaryOperator::Opcode Op); 59 60 /// Create a new compound stmt using the provided statements. 61 CompoundStmt *makeCompound(ArrayRef<Stmt*>); 62 63 /// Create a new DeclRefExpr for the referenced variable. 64 DeclRefExpr *makeDeclRefExpr(const VarDecl *D, 65 bool RefersToEnclosingVariableOrCapture = false); 66 67 /// Create a new UnaryOperator representing a dereference. 68 UnaryOperator *makeDereference(const Expr *Arg, QualType Ty); 69 70 /// Create an implicit cast for an integer conversion. 71 Expr *makeIntegralCast(const Expr *Arg, QualType Ty); 72 73 /// Create an implicit cast to a builtin boolean type. 74 ImplicitCastExpr *makeIntegralCastToBoolean(const Expr *Arg); 75 76 /// Create an implicit cast for lvalue-to-rvaluate conversions. 77 ImplicitCastExpr *makeLvalueToRvalue(const Expr *Arg, QualType Ty); 78 79 /// Make RValue out of variable declaration, creating a temporary 80 /// DeclRefExpr in the process. 81 ImplicitCastExpr * 82 makeLvalueToRvalue(const VarDecl *Decl, 83 bool RefersToEnclosingVariableOrCapture = false); 84 85 /// Create an implicit cast of the given type. 86 ImplicitCastExpr *makeImplicitCast(const Expr *Arg, QualType Ty, 87 CastKind CK = CK_LValueToRValue); 88 89 /// Create an Objective-C bool literal. 90 ObjCBoolLiteralExpr *makeObjCBool(bool Val); 91 92 /// Create an Objective-C ivar reference. 93 ObjCIvarRefExpr *makeObjCIvarRef(const Expr *Base, const ObjCIvarDecl *IVar); 94 95 /// Create a Return statement. 96 ReturnStmt *makeReturn(const Expr *RetVal); 97 98 /// Create an integer literal expression of the given type. 99 IntegerLiteral *makeIntegerLiteral(uint64_t Value, QualType Ty); 100 101 /// Create a member expression. 102 MemberExpr *makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 103 bool IsArrow = false, 104 ExprValueKind ValueKind = VK_LValue); 105 106 /// Returns a *first* member field of a record declaration with a given name. 107 /// \return an nullptr if no member with such a name exists. 108 ValueDecl *findMemberField(const RecordDecl *RD, StringRef Name); 109 110 private: 111 ASTContext &C; 112 }; 113 } 114 115 BinaryOperator *ASTMaker::makeAssignment(const Expr *LHS, const Expr *RHS, 116 QualType Ty) { 117 return BinaryOperator::Create( 118 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), BO_Assign, Ty, 119 VK_PRValue, OK_Ordinary, SourceLocation(), FPOptionsOverride()); 120 } 121 122 BinaryOperator *ASTMaker::makeComparison(const Expr *LHS, const Expr *RHS, 123 BinaryOperator::Opcode Op) { 124 assert(BinaryOperator::isLogicalOp(Op) || 125 BinaryOperator::isComparisonOp(Op)); 126 return BinaryOperator::Create( 127 C, const_cast<Expr *>(LHS), const_cast<Expr *>(RHS), Op, 128 C.getLogicalOperationType(), VK_PRValue, OK_Ordinary, SourceLocation(), 129 FPOptionsOverride()); 130 } 131 132 CompoundStmt *ASTMaker::makeCompound(ArrayRef<Stmt *> Stmts) { 133 return CompoundStmt::Create(C, Stmts, SourceLocation(), SourceLocation()); 134 } 135 136 DeclRefExpr *ASTMaker::makeDeclRefExpr( 137 const VarDecl *D, 138 bool RefersToEnclosingVariableOrCapture) { 139 QualType Type = D->getType().getNonReferenceType(); 140 141 DeclRefExpr *DR = DeclRefExpr::Create( 142 C, NestedNameSpecifierLoc(), SourceLocation(), const_cast<VarDecl *>(D), 143 RefersToEnclosingVariableOrCapture, SourceLocation(), Type, VK_LValue); 144 return DR; 145 } 146 147 UnaryOperator *ASTMaker::makeDereference(const Expr *Arg, QualType Ty) { 148 return UnaryOperator::Create(C, const_cast<Expr *>(Arg), UO_Deref, Ty, 149 VK_LValue, OK_Ordinary, SourceLocation(), 150 /*CanOverflow*/ false, FPOptionsOverride()); 151 } 152 153 ImplicitCastExpr *ASTMaker::makeLvalueToRvalue(const Expr *Arg, QualType Ty) { 154 return makeImplicitCast(Arg, Ty, CK_LValueToRValue); 155 } 156 157 ImplicitCastExpr * 158 ASTMaker::makeLvalueToRvalue(const VarDecl *Arg, 159 bool RefersToEnclosingVariableOrCapture) { 160 QualType Type = Arg->getType().getNonReferenceType(); 161 return makeLvalueToRvalue(makeDeclRefExpr(Arg, 162 RefersToEnclosingVariableOrCapture), 163 Type); 164 } 165 166 ImplicitCastExpr *ASTMaker::makeImplicitCast(const Expr *Arg, QualType Ty, 167 CastKind CK) { 168 return ImplicitCastExpr::Create(C, Ty, 169 /* CastKind=*/CK, 170 /* Expr=*/const_cast<Expr *>(Arg), 171 /* CXXCastPath=*/nullptr, 172 /* ExprValueKind=*/VK_PRValue, 173 /* FPFeatures */ FPOptionsOverride()); 174 } 175 176 Expr *ASTMaker::makeIntegralCast(const Expr *Arg, QualType Ty) { 177 if (Arg->getType() == Ty) 178 return const_cast<Expr*>(Arg); 179 return makeImplicitCast(Arg, Ty, CK_IntegralCast); 180 } 181 182 ImplicitCastExpr *ASTMaker::makeIntegralCastToBoolean(const Expr *Arg) { 183 return makeImplicitCast(Arg, C.BoolTy, CK_IntegralToBoolean); 184 } 185 186 ObjCBoolLiteralExpr *ASTMaker::makeObjCBool(bool Val) { 187 QualType Ty = C.getBOOLDecl() ? C.getBOOLType() : C.ObjCBuiltinBoolTy; 188 return new (C) ObjCBoolLiteralExpr(Val, Ty, SourceLocation()); 189 } 190 191 ObjCIvarRefExpr *ASTMaker::makeObjCIvarRef(const Expr *Base, 192 const ObjCIvarDecl *IVar) { 193 return new (C) ObjCIvarRefExpr(const_cast<ObjCIvarDecl*>(IVar), 194 IVar->getType(), SourceLocation(), 195 SourceLocation(), const_cast<Expr*>(Base), 196 /*arrow=*/true, /*free=*/false); 197 } 198 199 ReturnStmt *ASTMaker::makeReturn(const Expr *RetVal) { 200 return ReturnStmt::Create(C, SourceLocation(), const_cast<Expr *>(RetVal), 201 /* NRVOCandidate=*/nullptr); 202 } 203 204 IntegerLiteral *ASTMaker::makeIntegerLiteral(uint64_t Value, QualType Ty) { 205 llvm::APInt APValue = llvm::APInt(C.getTypeSize(Ty), Value); 206 return IntegerLiteral::Create(C, APValue, Ty, SourceLocation()); 207 } 208 209 MemberExpr *ASTMaker::makeMemberExpression(Expr *base, ValueDecl *MemberDecl, 210 bool IsArrow, 211 ExprValueKind ValueKind) { 212 213 DeclAccessPair FoundDecl = DeclAccessPair::make(MemberDecl, AS_public); 214 return MemberExpr::Create( 215 C, base, IsArrow, SourceLocation(), NestedNameSpecifierLoc(), 216 SourceLocation(), MemberDecl, FoundDecl, 217 DeclarationNameInfo(MemberDecl->getDeclName(), SourceLocation()), 218 /* TemplateArgumentListInfo=*/ nullptr, MemberDecl->getType(), ValueKind, 219 OK_Ordinary, NOUR_None); 220 } 221 222 ValueDecl *ASTMaker::findMemberField(const RecordDecl *RD, StringRef Name) { 223 224 CXXBasePaths Paths( 225 /* FindAmbiguities=*/false, 226 /* RecordPaths=*/false, 227 /* DetectVirtual=*/ false); 228 const IdentifierInfo &II = C.Idents.get(Name); 229 DeclarationName DeclName = C.DeclarationNames.getIdentifier(&II); 230 231 DeclContextLookupResult Decls = RD->lookup(DeclName); 232 for (NamedDecl *FoundDecl : Decls) 233 if (!FoundDecl->getDeclContext()->isFunctionOrMethod()) 234 return cast<ValueDecl>(FoundDecl); 235 236 return nullptr; 237 } 238 239 //===----------------------------------------------------------------------===// 240 // Creation functions for faux ASTs. 241 //===----------------------------------------------------------------------===// 242 243 typedef Stmt *(*FunctionFarmer)(ASTContext &C, const FunctionDecl *D); 244 245 static CallExpr *create_call_once_funcptr_call(ASTContext &C, ASTMaker M, 246 const ParmVarDecl *Callback, 247 ArrayRef<Expr *> CallArgs) { 248 249 QualType Ty = Callback->getType(); 250 DeclRefExpr *Call = M.makeDeclRefExpr(Callback); 251 Expr *SubExpr; 252 if (Ty->isRValueReferenceType()) { 253 SubExpr = M.makeImplicitCast( 254 Call, Ty.getNonReferenceType(), CK_LValueToRValue); 255 } else if (Ty->isLValueReferenceType() && 256 Call->getType()->isFunctionType()) { 257 Ty = C.getPointerType(Ty.getNonReferenceType()); 258 SubExpr = M.makeImplicitCast(Call, Ty, CK_FunctionToPointerDecay); 259 } else if (Ty->isLValueReferenceType() 260 && Call->getType()->isPointerType() 261 && Call->getType()->getPointeeType()->isFunctionType()){ 262 SubExpr = Call; 263 } else { 264 llvm_unreachable("Unexpected state"); 265 } 266 267 return CallExpr::Create(C, SubExpr, CallArgs, C.VoidTy, VK_PRValue, 268 SourceLocation(), FPOptionsOverride()); 269 } 270 271 static CallExpr *create_call_once_lambda_call(ASTContext &C, ASTMaker M, 272 const ParmVarDecl *Callback, 273 CXXRecordDecl *CallbackDecl, 274 ArrayRef<Expr *> CallArgs) { 275 assert(CallbackDecl != nullptr); 276 assert(CallbackDecl->isLambda()); 277 FunctionDecl *callOperatorDecl = CallbackDecl->getLambdaCallOperator(); 278 assert(callOperatorDecl != nullptr); 279 280 DeclRefExpr *callOperatorDeclRef = 281 DeclRefExpr::Create(/* Ctx =*/ C, 282 /* QualifierLoc =*/ NestedNameSpecifierLoc(), 283 /* TemplateKWLoc =*/ SourceLocation(), 284 const_cast<FunctionDecl *>(callOperatorDecl), 285 /* RefersToEnclosingVariableOrCapture=*/ false, 286 /* NameLoc =*/ SourceLocation(), 287 /* T =*/ callOperatorDecl->getType(), 288 /* VK =*/ VK_LValue); 289 290 return CXXOperatorCallExpr::Create( 291 /*AstContext=*/C, OO_Call, callOperatorDeclRef, 292 /*Args=*/CallArgs, 293 /*QualType=*/C.VoidTy, 294 /*ExprValueType=*/VK_PRValue, 295 /*SourceLocation=*/SourceLocation(), 296 /*FPFeatures=*/FPOptionsOverride()); 297 } 298 299 /// Create a fake body for std::call_once. 300 /// Emulates the following function body: 301 /// 302 /// \code 303 /// typedef struct once_flag_s { 304 /// unsigned long __state = 0; 305 /// } once_flag; 306 /// template<class Callable> 307 /// void call_once(once_flag& o, Callable func) { 308 /// if (!o.__state) { 309 /// func(); 310 /// } 311 /// o.__state = 1; 312 /// } 313 /// \endcode 314 static Stmt *create_call_once(ASTContext &C, const FunctionDecl *D) { 315 LLVM_DEBUG(llvm::dbgs() << "Generating body for call_once\n"); 316 317 // We need at least two parameters. 318 if (D->param_size() < 2) 319 return nullptr; 320 321 ASTMaker M(C); 322 323 const ParmVarDecl *Flag = D->getParamDecl(0); 324 const ParmVarDecl *Callback = D->getParamDecl(1); 325 326 if (!Callback->getType()->isReferenceType()) { 327 llvm::dbgs() << "libcxx03 std::call_once implementation, skipping.\n"; 328 return nullptr; 329 } 330 if (!Flag->getType()->isReferenceType()) { 331 llvm::dbgs() << "unknown std::call_once implementation, skipping.\n"; 332 return nullptr; 333 } 334 335 QualType CallbackType = Callback->getType().getNonReferenceType(); 336 337 // Nullable pointer, non-null iff function is a CXXRecordDecl. 338 CXXRecordDecl *CallbackRecordDecl = CallbackType->getAsCXXRecordDecl(); 339 QualType FlagType = Flag->getType().getNonReferenceType(); 340 auto *FlagRecordDecl = FlagType->getAsRecordDecl(); 341 342 if (!FlagRecordDecl) { 343 LLVM_DEBUG(llvm::dbgs() << "Flag field is not a record: " 344 << "unknown std::call_once implementation, " 345 << "ignoring the call.\n"); 346 return nullptr; 347 } 348 349 // We initially assume libc++ implementation of call_once, 350 // where the once_flag struct has a field `__state_`. 351 ValueDecl *FlagFieldDecl = M.findMemberField(FlagRecordDecl, "__state_"); 352 353 // Otherwise, try libstdc++ implementation, with a field 354 // `_M_once` 355 if (!FlagFieldDecl) { 356 FlagFieldDecl = M.findMemberField(FlagRecordDecl, "_M_once"); 357 } 358 359 if (!FlagFieldDecl) { 360 LLVM_DEBUG(llvm::dbgs() << "No field _M_once or __state_ found on " 361 << "std::once_flag struct: unknown std::call_once " 362 << "implementation, ignoring the call."); 363 return nullptr; 364 } 365 366 bool isLambdaCall = CallbackRecordDecl && CallbackRecordDecl->isLambda(); 367 if (CallbackRecordDecl && !isLambdaCall) { 368 LLVM_DEBUG(llvm::dbgs() 369 << "Not supported: synthesizing body for functors when " 370 << "body farming std::call_once, ignoring the call."); 371 return nullptr; 372 } 373 374 SmallVector<Expr *, 5> CallArgs; 375 const FunctionProtoType *CallbackFunctionType; 376 if (isLambdaCall) { 377 378 // Lambda requires callback itself inserted as a first parameter. 379 CallArgs.push_back( 380 M.makeDeclRefExpr(Callback, 381 /* RefersToEnclosingVariableOrCapture=*/ true)); 382 CallbackFunctionType = CallbackRecordDecl->getLambdaCallOperator() 383 ->getType() 384 ->getAs<FunctionProtoType>(); 385 } else if (!CallbackType->getPointeeType().isNull()) { 386 CallbackFunctionType = 387 CallbackType->getPointeeType()->getAs<FunctionProtoType>(); 388 } else { 389 CallbackFunctionType = CallbackType->getAs<FunctionProtoType>(); 390 } 391 392 if (!CallbackFunctionType) 393 return nullptr; 394 395 // First two arguments are used for the flag and for the callback. 396 if (D->getNumParams() != CallbackFunctionType->getNumParams() + 2) { 397 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 398 << "params passed to std::call_once, " 399 << "ignoring the call\n"); 400 return nullptr; 401 } 402 403 // All arguments past first two ones are passed to the callback, 404 // and we turn lvalues into rvalues if the argument is not passed by 405 // reference. 406 for (unsigned int ParamIdx = 2; ParamIdx < D->getNumParams(); ParamIdx++) { 407 const ParmVarDecl *PDecl = D->getParamDecl(ParamIdx); 408 assert(PDecl); 409 if (CallbackFunctionType->getParamType(ParamIdx - 2) 410 .getNonReferenceType() 411 .getCanonicalType() != 412 PDecl->getType().getNonReferenceType().getCanonicalType()) { 413 LLVM_DEBUG(llvm::dbgs() << "Types of params of the callback do not match " 414 << "params passed to std::call_once, " 415 << "ignoring the call\n"); 416 return nullptr; 417 } 418 Expr *ParamExpr = M.makeDeclRefExpr(PDecl); 419 if (!CallbackFunctionType->getParamType(ParamIdx - 2)->isReferenceType()) { 420 QualType PTy = PDecl->getType().getNonReferenceType(); 421 ParamExpr = M.makeLvalueToRvalue(ParamExpr, PTy); 422 } 423 CallArgs.push_back(ParamExpr); 424 } 425 426 CallExpr *CallbackCall; 427 if (isLambdaCall) { 428 429 CallbackCall = create_call_once_lambda_call(C, M, Callback, 430 CallbackRecordDecl, CallArgs); 431 } else { 432 433 // Function pointer case. 434 CallbackCall = create_call_once_funcptr_call(C, M, Callback, CallArgs); 435 } 436 437 DeclRefExpr *FlagDecl = 438 M.makeDeclRefExpr(Flag, 439 /* RefersToEnclosingVariableOrCapture=*/true); 440 441 442 MemberExpr *Deref = M.makeMemberExpression(FlagDecl, FlagFieldDecl); 443 assert(Deref->isLValue()); 444 QualType DerefType = Deref->getType(); 445 446 // Negation predicate. 447 UnaryOperator *FlagCheck = UnaryOperator::Create( 448 C, 449 /* input=*/ 450 M.makeImplicitCast(M.makeLvalueToRvalue(Deref, DerefType), DerefType, 451 CK_IntegralToBoolean), 452 /* opc=*/UO_LNot, 453 /* QualType=*/C.IntTy, 454 /* ExprValueKind=*/VK_PRValue, 455 /* ExprObjectKind=*/OK_Ordinary, SourceLocation(), 456 /* CanOverflow*/ false, FPOptionsOverride()); 457 458 // Create assignment. 459 BinaryOperator *FlagAssignment = M.makeAssignment( 460 Deref, M.makeIntegralCast(M.makeIntegerLiteral(1, C.IntTy), DerefType), 461 DerefType); 462 463 auto *Out = 464 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 465 /* Init=*/nullptr, 466 /* Var=*/nullptr, 467 /* Cond=*/FlagCheck, 468 /* LPL=*/SourceLocation(), 469 /* RPL=*/SourceLocation(), 470 /* Then=*/M.makeCompound({CallbackCall, FlagAssignment})); 471 472 return Out; 473 } 474 475 /// Create a fake body for dispatch_once. 476 static Stmt *create_dispatch_once(ASTContext &C, const FunctionDecl *D) { 477 // Check if we have at least two parameters. 478 if (D->param_size() != 2) 479 return nullptr; 480 481 // Check if the first parameter is a pointer to integer type. 482 const ParmVarDecl *Predicate = D->getParamDecl(0); 483 QualType PredicateQPtrTy = Predicate->getType(); 484 const PointerType *PredicatePtrTy = PredicateQPtrTy->getAs<PointerType>(); 485 if (!PredicatePtrTy) 486 return nullptr; 487 QualType PredicateTy = PredicatePtrTy->getPointeeType(); 488 if (!PredicateTy->isIntegerType()) 489 return nullptr; 490 491 // Check if the second parameter is the proper block type. 492 const ParmVarDecl *Block = D->getParamDecl(1); 493 QualType Ty = Block->getType(); 494 if (!isDispatchBlock(Ty)) 495 return nullptr; 496 497 // Everything checks out. Create a fakse body that checks the predicate, 498 // sets it, and calls the block. Basically, an AST dump of: 499 // 500 // void dispatch_once(dispatch_once_t *predicate, dispatch_block_t block) { 501 // if (*predicate != ~0l) { 502 // *predicate = ~0l; 503 // block(); 504 // } 505 // } 506 507 ASTMaker M(C); 508 509 // (1) Create the call. 510 CallExpr *CE = CallExpr::Create( 511 /*ASTContext=*/C, 512 /*StmtClass=*/M.makeLvalueToRvalue(/*Expr=*/Block), 513 /*Args=*/None, 514 /*QualType=*/C.VoidTy, 515 /*ExprValueType=*/VK_PRValue, 516 /*SourceLocation=*/SourceLocation(), FPOptionsOverride()); 517 518 // (2) Create the assignment to the predicate. 519 Expr *DoneValue = 520 UnaryOperator::Create(C, M.makeIntegerLiteral(0, C.LongTy), UO_Not, 521 C.LongTy, VK_PRValue, OK_Ordinary, SourceLocation(), 522 /*CanOverflow*/ false, FPOptionsOverride()); 523 524 BinaryOperator *B = 525 M.makeAssignment( 526 M.makeDereference( 527 M.makeLvalueToRvalue( 528 M.makeDeclRefExpr(Predicate), PredicateQPtrTy), 529 PredicateTy), 530 M.makeIntegralCast(DoneValue, PredicateTy), 531 PredicateTy); 532 533 // (3) Create the compound statement. 534 Stmt *Stmts[] = { B, CE }; 535 CompoundStmt *CS = M.makeCompound(Stmts); 536 537 // (4) Create the 'if' condition. 538 ImplicitCastExpr *LValToRval = 539 M.makeLvalueToRvalue( 540 M.makeDereference( 541 M.makeLvalueToRvalue( 542 M.makeDeclRefExpr(Predicate), 543 PredicateQPtrTy), 544 PredicateTy), 545 PredicateTy); 546 547 Expr *GuardCondition = M.makeComparison(LValToRval, DoneValue, BO_NE); 548 // (5) Create the 'if' statement. 549 auto *If = IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 550 /* Init=*/nullptr, 551 /* Var=*/nullptr, 552 /* Cond=*/GuardCondition, 553 /* LPL=*/SourceLocation(), 554 /* RPL=*/SourceLocation(), 555 /* Then=*/CS); 556 return If; 557 } 558 559 /// Create a fake body for dispatch_sync. 560 static Stmt *create_dispatch_sync(ASTContext &C, const FunctionDecl *D) { 561 // Check if we have at least two parameters. 562 if (D->param_size() != 2) 563 return nullptr; 564 565 // Check if the second parameter is a block. 566 const ParmVarDecl *PV = D->getParamDecl(1); 567 QualType Ty = PV->getType(); 568 if (!isDispatchBlock(Ty)) 569 return nullptr; 570 571 // Everything checks out. Create a fake body that just calls the block. 572 // This is basically just an AST dump of: 573 // 574 // void dispatch_sync(dispatch_queue_t queue, void (^block)(void)) { 575 // block(); 576 // } 577 // 578 ASTMaker M(C); 579 DeclRefExpr *DR = M.makeDeclRefExpr(PV); 580 ImplicitCastExpr *ICE = M.makeLvalueToRvalue(DR, Ty); 581 CallExpr *CE = CallExpr::Create(C, ICE, None, C.VoidTy, VK_PRValue, 582 SourceLocation(), FPOptionsOverride()); 583 return CE; 584 } 585 586 static Stmt *create_OSAtomicCompareAndSwap(ASTContext &C, const FunctionDecl *D) 587 { 588 // There are exactly 3 arguments. 589 if (D->param_size() != 3) 590 return nullptr; 591 592 // Signature: 593 // _Bool OSAtomicCompareAndSwapPtr(void *__oldValue, 594 // void *__newValue, 595 // void * volatile *__theValue) 596 // Generate body: 597 // if (oldValue == *theValue) { 598 // *theValue = newValue; 599 // return YES; 600 // } 601 // else return NO; 602 603 QualType ResultTy = D->getReturnType(); 604 bool isBoolean = ResultTy->isBooleanType(); 605 if (!isBoolean && !ResultTy->isIntegralType(C)) 606 return nullptr; 607 608 const ParmVarDecl *OldValue = D->getParamDecl(0); 609 QualType OldValueTy = OldValue->getType(); 610 611 const ParmVarDecl *NewValue = D->getParamDecl(1); 612 QualType NewValueTy = NewValue->getType(); 613 614 assert(OldValueTy == NewValueTy); 615 616 const ParmVarDecl *TheValue = D->getParamDecl(2); 617 QualType TheValueTy = TheValue->getType(); 618 const PointerType *PT = TheValueTy->getAs<PointerType>(); 619 if (!PT) 620 return nullptr; 621 QualType PointeeTy = PT->getPointeeType(); 622 623 ASTMaker M(C); 624 // Construct the comparison. 625 Expr *Comparison = 626 M.makeComparison( 627 M.makeLvalueToRvalue(M.makeDeclRefExpr(OldValue), OldValueTy), 628 M.makeLvalueToRvalue( 629 M.makeDereference( 630 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 631 PointeeTy), 632 PointeeTy), 633 BO_EQ); 634 635 // Construct the body of the IfStmt. 636 Stmt *Stmts[2]; 637 Stmts[0] = 638 M.makeAssignment( 639 M.makeDereference( 640 M.makeLvalueToRvalue(M.makeDeclRefExpr(TheValue), TheValueTy), 641 PointeeTy), 642 M.makeLvalueToRvalue(M.makeDeclRefExpr(NewValue), NewValueTy), 643 NewValueTy); 644 645 Expr *BoolVal = M.makeObjCBool(true); 646 Expr *RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 647 : M.makeIntegralCast(BoolVal, ResultTy); 648 Stmts[1] = M.makeReturn(RetVal); 649 CompoundStmt *Body = M.makeCompound(Stmts); 650 651 // Construct the else clause. 652 BoolVal = M.makeObjCBool(false); 653 RetVal = isBoolean ? M.makeIntegralCastToBoolean(BoolVal) 654 : M.makeIntegralCast(BoolVal, ResultTy); 655 Stmt *Else = M.makeReturn(RetVal); 656 657 /// Construct the If. 658 auto *If = 659 IfStmt::Create(C, SourceLocation(), IfStatementKind::Ordinary, 660 /* Init=*/nullptr, 661 /* Var=*/nullptr, Comparison, 662 /* LPL=*/SourceLocation(), 663 /* RPL=*/SourceLocation(), Body, SourceLocation(), Else); 664 665 return If; 666 } 667 668 Stmt *BodyFarm::getBody(const FunctionDecl *D) { 669 Optional<Stmt *> &Val = Bodies[D]; 670 if (Val.hasValue()) 671 return Val.getValue(); 672 673 Val = nullptr; 674 675 if (D->getIdentifier() == nullptr) 676 return nullptr; 677 678 StringRef Name = D->getName(); 679 if (Name.empty()) 680 return nullptr; 681 682 FunctionFarmer FF; 683 684 if (Name.startswith("OSAtomicCompareAndSwap") || 685 Name.startswith("objc_atomicCompareAndSwap")) { 686 FF = create_OSAtomicCompareAndSwap; 687 } else if (Name == "call_once" && D->getDeclContext()->isStdNamespace()) { 688 FF = create_call_once; 689 } else { 690 FF = llvm::StringSwitch<FunctionFarmer>(Name) 691 .Case("dispatch_sync", create_dispatch_sync) 692 .Case("dispatch_once", create_dispatch_once) 693 .Default(nullptr); 694 } 695 696 if (FF) { Val = FF(C, D); } 697 else if (Injector) { Val = Injector->getBody(D); } 698 return Val.getValue(); 699 } 700 701 static const ObjCIvarDecl *findBackingIvar(const ObjCPropertyDecl *Prop) { 702 const ObjCIvarDecl *IVar = Prop->getPropertyIvarDecl(); 703 704 if (IVar) 705 return IVar; 706 707 // When a readonly property is shadowed in a class extensions with a 708 // a readwrite property, the instance variable belongs to the shadowing 709 // property rather than the shadowed property. If there is no instance 710 // variable on a readonly property, check to see whether the property is 711 // shadowed and if so try to get the instance variable from shadowing 712 // property. 713 if (!Prop->isReadOnly()) 714 return nullptr; 715 716 auto *Container = cast<ObjCContainerDecl>(Prop->getDeclContext()); 717 const ObjCInterfaceDecl *PrimaryInterface = nullptr; 718 if (auto *InterfaceDecl = dyn_cast<ObjCInterfaceDecl>(Container)) { 719 PrimaryInterface = InterfaceDecl; 720 } else if (auto *CategoryDecl = dyn_cast<ObjCCategoryDecl>(Container)) { 721 PrimaryInterface = CategoryDecl->getClassInterface(); 722 } else if (auto *ImplDecl = dyn_cast<ObjCImplDecl>(Container)) { 723 PrimaryInterface = ImplDecl->getClassInterface(); 724 } else { 725 return nullptr; 726 } 727 728 // FindPropertyVisibleInPrimaryClass() looks first in class extensions, so it 729 // is guaranteed to find the shadowing property, if it exists, rather than 730 // the shadowed property. 731 auto *ShadowingProp = PrimaryInterface->FindPropertyVisibleInPrimaryClass( 732 Prop->getIdentifier(), Prop->getQueryKind()); 733 if (ShadowingProp && ShadowingProp != Prop) { 734 IVar = ShadowingProp->getPropertyIvarDecl(); 735 } 736 737 return IVar; 738 } 739 740 static Stmt *createObjCPropertyGetter(ASTContext &Ctx, 741 const ObjCMethodDecl *MD) { 742 // First, find the backing ivar. 743 const ObjCIvarDecl *IVar = nullptr; 744 const ObjCPropertyDecl *Prop = nullptr; 745 746 // Property accessor stubs sometimes do not correspond to any property decl 747 // in the current interface (but in a superclass). They still have a 748 // corresponding property impl decl in this case. 749 if (MD->isSynthesizedAccessorStub()) { 750 const ObjCInterfaceDecl *IntD = MD->getClassInterface(); 751 const ObjCImplementationDecl *ImpD = IntD->getImplementation(); 752 for (const auto *PI : ImpD->property_impls()) { 753 if (const ObjCPropertyDecl *Candidate = PI->getPropertyDecl()) { 754 if (Candidate->getGetterName() == MD->getSelector()) { 755 Prop = Candidate; 756 IVar = Prop->getPropertyIvarDecl(); 757 } 758 } 759 } 760 } 761 762 if (!IVar) { 763 Prop = MD->findPropertyDecl(); 764 IVar = findBackingIvar(Prop); 765 } 766 767 if (!IVar || !Prop) 768 return nullptr; 769 770 // Ignore weak variables, which have special behavior. 771 if (Prop->getPropertyAttributes() & ObjCPropertyAttribute::kind_weak) 772 return nullptr; 773 774 // Look to see if Sema has synthesized a body for us. This happens in 775 // Objective-C++ because the return value may be a C++ class type with a 776 // non-trivial copy constructor. We can only do this if we can find the 777 // @synthesize for this property, though (or if we know it's been auto- 778 // synthesized). 779 const ObjCImplementationDecl *ImplDecl = 780 IVar->getContainingInterface()->getImplementation(); 781 if (ImplDecl) { 782 for (const auto *I : ImplDecl->property_impls()) { 783 if (I->getPropertyDecl() != Prop) 784 continue; 785 786 if (I->getGetterCXXConstructor()) { 787 ASTMaker M(Ctx); 788 return M.makeReturn(I->getGetterCXXConstructor()); 789 } 790 } 791 } 792 793 // We expect that the property is the same type as the ivar, or a reference to 794 // it, and that it is either an object pointer or trivially copyable. 795 if (!Ctx.hasSameUnqualifiedType(IVar->getType(), 796 Prop->getType().getNonReferenceType())) 797 return nullptr; 798 if (!IVar->getType()->isObjCLifetimeType() && 799 !IVar->getType().isTriviallyCopyableType(Ctx)) 800 return nullptr; 801 802 // Generate our body: 803 // return self->_ivar; 804 ASTMaker M(Ctx); 805 806 const VarDecl *selfVar = MD->getSelfDecl(); 807 if (!selfVar) 808 return nullptr; 809 810 Expr *loadedIVar = M.makeObjCIvarRef( 811 M.makeLvalueToRvalue(M.makeDeclRefExpr(selfVar), selfVar->getType()), 812 IVar); 813 814 if (!MD->getReturnType()->isReferenceType()) 815 loadedIVar = M.makeLvalueToRvalue(loadedIVar, IVar->getType()); 816 817 return M.makeReturn(loadedIVar); 818 } 819 820 Stmt *BodyFarm::getBody(const ObjCMethodDecl *D) { 821 // We currently only know how to synthesize property accessors. 822 if (!D->isPropertyAccessor()) 823 return nullptr; 824 825 D = D->getCanonicalDecl(); 826 827 // We should not try to synthesize explicitly redefined accessors. 828 // We do not know for sure how they behave. 829 if (!D->isImplicit()) 830 return nullptr; 831 832 Optional<Stmt *> &Val = Bodies[D]; 833 if (Val.hasValue()) 834 return Val.getValue(); 835 Val = nullptr; 836 837 // For now, we only synthesize getters. 838 // Synthesizing setters would cause false negatives in the 839 // RetainCountChecker because the method body would bind the parameter 840 // to an instance variable, causing it to escape. This would prevent 841 // warning in the following common scenario: 842 // 843 // id foo = [[NSObject alloc] init]; 844 // self.foo = foo; // We should warn that foo leaks here. 845 // 846 if (D->param_size() != 0) 847 return nullptr; 848 849 // If the property was defined in an extension, search the extensions for 850 // overrides. 851 const ObjCInterfaceDecl *OID = D->getClassInterface(); 852 if (dyn_cast<ObjCInterfaceDecl>(D->getParent()) != OID) 853 for (auto *Ext : OID->known_extensions()) { 854 auto *OMD = Ext->getInstanceMethod(D->getSelector()); 855 if (OMD && !OMD->isImplicit()) 856 return nullptr; 857 } 858 859 Val = createObjCPropertyGetter(C, D); 860 861 return Val.getValue(); 862 } 863