1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file defines analysis_warnings::[Policy,Executor]. 10 // Together they are used by Sema to issue warnings based on inexpensive 11 // static analysis algorithms in libAnalysis. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #include "clang/Sema/AnalysisBasedWarnings.h" 16 #include "clang/AST/Decl.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/EvaluatedExprVisitor.h" 20 #include "clang/AST/Expr.h" 21 #include "clang/AST/ExprCXX.h" 22 #include "clang/AST/ExprObjC.h" 23 #include "clang/AST/OperationKinds.h" 24 #include "clang/AST/ParentMap.h" 25 #include "clang/AST/RecursiveASTVisitor.h" 26 #include "clang/AST/StmtCXX.h" 27 #include "clang/AST/StmtObjC.h" 28 #include "clang/AST/StmtVisitor.h" 29 #include "clang/AST/RecursiveASTVisitor.h" 30 #include "clang/AST/Type.h" 31 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 32 #include "clang/Analysis/Analyses/CalledOnceCheck.h" 33 #include "clang/Analysis/Analyses/Consumed.h" 34 #include "clang/Analysis/Analyses/ReachableCode.h" 35 #include "clang/Analysis/Analyses/ThreadSafety.h" 36 #include "clang/Analysis/Analyses/UninitializedValues.h" 37 #include "clang/Analysis/Analyses/UnsafeBufferUsage.h" 38 #include "clang/Analysis/AnalysisDeclContext.h" 39 #include "clang/Analysis/CFG.h" 40 #include "clang/Analysis/CFGStmtMap.h" 41 #include "clang/Basic/Diagnostic.h" 42 #include "clang/Basic/SourceLocation.h" 43 #include "clang/Basic/SourceManager.h" 44 #include "clang/Lex/Preprocessor.h" 45 #include "clang/Sema/ScopeInfo.h" 46 #include "clang/Sema/SemaInternal.h" 47 #include "llvm/ADT/ArrayRef.h" 48 #include "llvm/ADT/BitVector.h" 49 #include "llvm/ADT/MapVector.h" 50 #include "llvm/ADT/STLFunctionalExtras.h" 51 #include "llvm/ADT/SmallString.h" 52 #include "llvm/ADT/SmallVector.h" 53 #include "llvm/ADT/StringRef.h" 54 #include "llvm/Support/Casting.h" 55 #include <algorithm> 56 #include <deque> 57 #include <iterator> 58 #include <optional> 59 60 using namespace clang; 61 62 //===----------------------------------------------------------------------===// 63 // Unreachable code analysis. 64 //===----------------------------------------------------------------------===// 65 66 namespace { 67 class UnreachableCodeHandler : public reachable_code::Callback { 68 Sema &S; 69 SourceRange PreviousSilenceableCondVal; 70 71 public: 72 UnreachableCodeHandler(Sema &s) : S(s) {} 73 74 void HandleUnreachable(reachable_code::UnreachableKind UK, SourceLocation L, 75 SourceRange SilenceableCondVal, SourceRange R1, 76 SourceRange R2, bool HasFallThroughAttr) override { 77 // If the diagnosed code is `[[fallthrough]];` and 78 // `-Wunreachable-code-fallthrough` is enabled, suppress `code will never 79 // be executed` warning to avoid generating diagnostic twice 80 if (HasFallThroughAttr && 81 !S.getDiagnostics().isIgnored(diag::warn_unreachable_fallthrough_attr, 82 SourceLocation())) 83 return; 84 85 // Avoid reporting multiple unreachable code diagnostics that are 86 // triggered by the same conditional value. 87 if (PreviousSilenceableCondVal.isValid() && 88 SilenceableCondVal.isValid() && 89 PreviousSilenceableCondVal == SilenceableCondVal) 90 return; 91 PreviousSilenceableCondVal = SilenceableCondVal; 92 93 unsigned diag = diag::warn_unreachable; 94 switch (UK) { 95 case reachable_code::UK_Break: 96 diag = diag::warn_unreachable_break; 97 break; 98 case reachable_code::UK_Return: 99 diag = diag::warn_unreachable_return; 100 break; 101 case reachable_code::UK_Loop_Increment: 102 diag = diag::warn_unreachable_loop_increment; 103 break; 104 case reachable_code::UK_Other: 105 break; 106 } 107 108 S.Diag(L, diag) << R1 << R2; 109 110 SourceLocation Open = SilenceableCondVal.getBegin(); 111 if (Open.isValid()) { 112 SourceLocation Close = SilenceableCondVal.getEnd(); 113 Close = S.getLocForEndOfToken(Close); 114 if (Close.isValid()) { 115 S.Diag(Open, diag::note_unreachable_silence) 116 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 117 << FixItHint::CreateInsertion(Close, ")"); 118 } 119 } 120 } 121 }; 122 } // anonymous namespace 123 124 /// CheckUnreachable - Check for unreachable code. 125 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 126 // As a heuristic prune all diagnostics not in the main file. Currently 127 // the majority of warnings in headers are false positives. These 128 // are largely caused by configuration state, e.g. preprocessor 129 // defined code, etc. 130 // 131 // Note that this is also a performance optimization. Analyzing 132 // headers many times can be expensive. 133 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getBeginLoc())) 134 return; 135 136 UnreachableCodeHandler UC(S); 137 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 138 } 139 140 namespace { 141 /// Warn on logical operator errors in CFGBuilder 142 class LogicalErrorHandler : public CFGCallback { 143 Sema &S; 144 145 public: 146 LogicalErrorHandler(Sema &S) : S(S) {} 147 148 static bool HasMacroID(const Expr *E) { 149 if (E->getExprLoc().isMacroID()) 150 return true; 151 152 // Recurse to children. 153 for (const Stmt *SubStmt : E->children()) 154 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt)) 155 if (HasMacroID(SubExpr)) 156 return true; 157 158 return false; 159 } 160 161 void logicAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 162 if (HasMacroID(B)) 163 return; 164 165 unsigned DiagID = isAlwaysTrue 166 ? diag::warn_tautological_negation_or_compare 167 : diag::warn_tautological_negation_and_compare; 168 SourceRange DiagRange = B->getSourceRange(); 169 S.Diag(B->getExprLoc(), DiagID) << DiagRange; 170 } 171 172 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 173 if (HasMacroID(B)) 174 return; 175 176 SourceRange DiagRange = B->getSourceRange(); 177 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 178 << DiagRange << isAlwaysTrue; 179 } 180 181 void compareBitwiseEquality(const BinaryOperator *B, 182 bool isAlwaysTrue) override { 183 if (HasMacroID(B)) 184 return; 185 186 SourceRange DiagRange = B->getSourceRange(); 187 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 188 << DiagRange << isAlwaysTrue; 189 } 190 191 void compareBitwiseOr(const BinaryOperator *B) override { 192 if (HasMacroID(B)) 193 return; 194 195 SourceRange DiagRange = B->getSourceRange(); 196 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_or) << DiagRange; 197 } 198 199 static bool hasActiveDiagnostics(DiagnosticsEngine &Diags, 200 SourceLocation Loc) { 201 return !Diags.isIgnored(diag::warn_tautological_overlap_comparison, Loc) || 202 !Diags.isIgnored(diag::warn_comparison_bitwise_or, Loc) || 203 !Diags.isIgnored(diag::warn_tautological_negation_and_compare, Loc); 204 } 205 }; 206 } // anonymous namespace 207 208 //===----------------------------------------------------------------------===// 209 // Check for infinite self-recursion in functions 210 //===----------------------------------------------------------------------===// 211 212 // Returns true if the function is called anywhere within the CFGBlock. 213 // For member functions, the additional condition of being call from the 214 // this pointer is required. 215 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) { 216 // Process all the Stmt's in this block to find any calls to FD. 217 for (const auto &B : Block) { 218 if (B.getKind() != CFGElement::Statement) 219 continue; 220 221 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 222 if (!CE || !CE->getCalleeDecl() || 223 CE->getCalleeDecl()->getCanonicalDecl() != FD) 224 continue; 225 226 // Skip function calls which are qualified with a templated class. 227 if (const DeclRefExpr *DRE = 228 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) { 229 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 230 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 231 isa<TemplateSpecializationType>(NNS->getAsType())) { 232 continue; 233 } 234 } 235 } 236 237 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE); 238 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 239 !MCE->getMethodDecl()->isVirtual()) 240 return true; 241 } 242 return false; 243 } 244 245 // Returns true if every path from the entry block passes through a call to FD. 246 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) { 247 llvm::SmallPtrSet<CFGBlock *, 16> Visited; 248 llvm::SmallVector<CFGBlock *, 16> WorkList; 249 // Keep track of whether we found at least one recursive path. 250 bool foundRecursion = false; 251 252 const unsigned ExitID = cfg->getExit().getBlockID(); 253 254 // Seed the work list with the entry block. 255 WorkList.push_back(&cfg->getEntry()); 256 257 while (!WorkList.empty()) { 258 CFGBlock *Block = WorkList.pop_back_val(); 259 260 for (auto I = Block->succ_begin(), E = Block->succ_end(); I != E; ++I) { 261 if (CFGBlock *SuccBlock = *I) { 262 if (!Visited.insert(SuccBlock).second) 263 continue; 264 265 // Found a path to the exit node without a recursive call. 266 if (ExitID == SuccBlock->getBlockID()) 267 return false; 268 269 // If the successor block contains a recursive call, end analysis there. 270 if (hasRecursiveCallInPath(FD, *SuccBlock)) { 271 foundRecursion = true; 272 continue; 273 } 274 275 WorkList.push_back(SuccBlock); 276 } 277 } 278 } 279 return foundRecursion; 280 } 281 282 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 283 const Stmt *Body, AnalysisDeclContext &AC) { 284 FD = FD->getCanonicalDecl(); 285 286 // Only run on non-templated functions and non-templated members of 287 // templated classes. 288 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 289 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 290 return; 291 292 CFG *cfg = AC.getCFG(); 293 if (!cfg) return; 294 295 // If the exit block is unreachable, skip processing the function. 296 if (cfg->getExit().pred_empty()) 297 return; 298 299 // Emit diagnostic if a recursive function call is detected for all paths. 300 if (checkForRecursiveFunctionCall(FD, cfg)) 301 S.Diag(Body->getBeginLoc(), diag::warn_infinite_recursive_function); 302 } 303 304 //===----------------------------------------------------------------------===// 305 // Check for throw in a non-throwing function. 306 //===----------------------------------------------------------------------===// 307 308 /// Determine whether an exception thrown by E, unwinding from ThrowBlock, 309 /// can reach ExitBlock. 310 static bool throwEscapes(Sema &S, const CXXThrowExpr *E, CFGBlock &ThrowBlock, 311 CFG *Body) { 312 SmallVector<CFGBlock *, 16> Stack; 313 llvm::BitVector Queued(Body->getNumBlockIDs()); 314 315 Stack.push_back(&ThrowBlock); 316 Queued[ThrowBlock.getBlockID()] = true; 317 318 while (!Stack.empty()) { 319 CFGBlock &UnwindBlock = *Stack.back(); 320 Stack.pop_back(); 321 322 for (auto &Succ : UnwindBlock.succs()) { 323 if (!Succ.isReachable() || Queued[Succ->getBlockID()]) 324 continue; 325 326 if (Succ->getBlockID() == Body->getExit().getBlockID()) 327 return true; 328 329 if (auto *Catch = 330 dyn_cast_or_null<CXXCatchStmt>(Succ->getLabel())) { 331 QualType Caught = Catch->getCaughtType(); 332 if (Caught.isNull() || // catch (...) catches everything 333 !E->getSubExpr() || // throw; is considered cuaght by any handler 334 S.handlerCanCatch(Caught, E->getSubExpr()->getType())) 335 // Exception doesn't escape via this path. 336 break; 337 } else { 338 Stack.push_back(Succ); 339 Queued[Succ->getBlockID()] = true; 340 } 341 } 342 } 343 344 return false; 345 } 346 347 static void visitReachableThrows( 348 CFG *BodyCFG, 349 llvm::function_ref<void(const CXXThrowExpr *, CFGBlock &)> Visit) { 350 llvm::BitVector Reachable(BodyCFG->getNumBlockIDs()); 351 clang::reachable_code::ScanReachableFromBlock(&BodyCFG->getEntry(), Reachable); 352 for (CFGBlock *B : *BodyCFG) { 353 if (!Reachable[B->getBlockID()]) 354 continue; 355 for (CFGElement &E : *B) { 356 std::optional<CFGStmt> S = E.getAs<CFGStmt>(); 357 if (!S) 358 continue; 359 if (auto *Throw = dyn_cast<CXXThrowExpr>(S->getStmt())) 360 Visit(Throw, *B); 361 } 362 } 363 } 364 365 static void EmitDiagForCXXThrowInNonThrowingFunc(Sema &S, SourceLocation OpLoc, 366 const FunctionDecl *FD) { 367 if (!S.getSourceManager().isInSystemHeader(OpLoc) && 368 FD->getTypeSourceInfo()) { 369 S.Diag(OpLoc, diag::warn_throw_in_noexcept_func) << FD; 370 if (S.getLangOpts().CPlusPlus11 && 371 (isa<CXXDestructorDecl>(FD) || 372 FD->getDeclName().getCXXOverloadedOperator() == OO_Delete || 373 FD->getDeclName().getCXXOverloadedOperator() == OO_Array_Delete)) { 374 if (const auto *Ty = FD->getTypeSourceInfo()->getType()-> 375 getAs<FunctionProtoType>()) 376 S.Diag(FD->getLocation(), diag::note_throw_in_dtor) 377 << !isa<CXXDestructorDecl>(FD) << !Ty->hasExceptionSpec() 378 << FD->getExceptionSpecSourceRange(); 379 } else 380 S.Diag(FD->getLocation(), diag::note_throw_in_function) 381 << FD->getExceptionSpecSourceRange(); 382 } 383 } 384 385 static void checkThrowInNonThrowingFunc(Sema &S, const FunctionDecl *FD, 386 AnalysisDeclContext &AC) { 387 CFG *BodyCFG = AC.getCFG(); 388 if (!BodyCFG) 389 return; 390 if (BodyCFG->getExit().pred_empty()) 391 return; 392 visitReachableThrows(BodyCFG, [&](const CXXThrowExpr *Throw, CFGBlock &Block) { 393 if (throwEscapes(S, Throw, Block, BodyCFG)) 394 EmitDiagForCXXThrowInNonThrowingFunc(S, Throw->getThrowLoc(), FD); 395 }); 396 } 397 398 static bool isNoexcept(const FunctionDecl *FD) { 399 const auto *FPT = FD->getType()->castAs<FunctionProtoType>(); 400 if (FPT->isNothrow() || FD->hasAttr<NoThrowAttr>()) 401 return true; 402 return false; 403 } 404 405 //===----------------------------------------------------------------------===// 406 // Check for missing return value. 407 //===----------------------------------------------------------------------===// 408 409 enum ControlFlowKind { 410 UnknownFallThrough, 411 NeverFallThrough, 412 MaybeFallThrough, 413 AlwaysFallThrough, 414 NeverFallThroughOrReturn 415 }; 416 417 /// CheckFallThrough - Check that we don't fall off the end of a 418 /// Statement that should return a value. 419 /// 420 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 421 /// MaybeFallThrough iff we might or might not fall off the end, 422 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 423 /// return. We assume NeverFallThrough iff we never fall off the end of the 424 /// statement but we may return. We assume that functions not marked noreturn 425 /// will return. 426 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 427 CFG *cfg = AC.getCFG(); 428 if (!cfg) return UnknownFallThrough; 429 430 // The CFG leaves in dead things, and we don't want the dead code paths to 431 // confuse us, so we mark all live things first. 432 llvm::BitVector live(cfg->getNumBlockIDs()); 433 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 434 live); 435 436 bool AddEHEdges = AC.getAddEHEdges(); 437 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 438 // When there are things remaining dead, and we didn't add EH edges 439 // from CallExprs to the catch clauses, we have to go back and 440 // mark them as live. 441 for (const auto *B : *cfg) { 442 if (!live[B->getBlockID()]) { 443 if (B->pred_begin() == B->pred_end()) { 444 const Stmt *Term = B->getTerminatorStmt(); 445 if (Term && isa<CXXTryStmt>(Term)) 446 // When not adding EH edges from calls, catch clauses 447 // can otherwise seem dead. Avoid noting them as dead. 448 count += reachable_code::ScanReachableFromBlock(B, live); 449 continue; 450 } 451 } 452 } 453 454 // Now we know what is live, we check the live precessors of the exit block 455 // and look for fall through paths, being careful to ignore normal returns, 456 // and exceptional paths. 457 bool HasLiveReturn = false; 458 bool HasFakeEdge = false; 459 bool HasPlainEdge = false; 460 bool HasAbnormalEdge = false; 461 462 // Ignore default cases that aren't likely to be reachable because all 463 // enums in a switch(X) have explicit case statements. 464 CFGBlock::FilterOptions FO; 465 FO.IgnoreDefaultsWithCoveredEnums = 1; 466 467 for (CFGBlock::filtered_pred_iterator I = 468 cfg->getExit().filtered_pred_start_end(FO); 469 I.hasMore(); ++I) { 470 const CFGBlock &B = **I; 471 if (!live[B.getBlockID()]) 472 continue; 473 474 // Skip blocks which contain an element marked as no-return. They don't 475 // represent actually viable edges into the exit block, so mark them as 476 // abnormal. 477 if (B.hasNoReturnElement()) { 478 HasAbnormalEdge = true; 479 continue; 480 } 481 482 // Destructors can appear after the 'return' in the CFG. This is 483 // normal. We need to look pass the destructors for the return 484 // statement (if it exists). 485 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 486 487 for ( ; ri != re ; ++ri) 488 if (ri->getAs<CFGStmt>()) 489 break; 490 491 // No more CFGElements in the block? 492 if (ri == re) { 493 const Stmt *Term = B.getTerminatorStmt(); 494 if (Term && (isa<CXXTryStmt>(Term) || isa<ObjCAtTryStmt>(Term))) { 495 HasAbnormalEdge = true; 496 continue; 497 } 498 // A labeled empty statement, or the entry block... 499 HasPlainEdge = true; 500 continue; 501 } 502 503 CFGStmt CS = ri->castAs<CFGStmt>(); 504 const Stmt *S = CS.getStmt(); 505 if (isa<ReturnStmt>(S) || isa<CoreturnStmt>(S)) { 506 HasLiveReturn = true; 507 continue; 508 } 509 if (isa<ObjCAtThrowStmt>(S)) { 510 HasFakeEdge = true; 511 continue; 512 } 513 if (isa<CXXThrowExpr>(S)) { 514 HasFakeEdge = true; 515 continue; 516 } 517 if (isa<MSAsmStmt>(S)) { 518 // TODO: Verify this is correct. 519 HasFakeEdge = true; 520 HasLiveReturn = true; 521 continue; 522 } 523 if (isa<CXXTryStmt>(S)) { 524 HasAbnormalEdge = true; 525 continue; 526 } 527 if (!llvm::is_contained(B.succs(), &cfg->getExit())) { 528 HasAbnormalEdge = true; 529 continue; 530 } 531 532 HasPlainEdge = true; 533 } 534 if (!HasPlainEdge) { 535 if (HasLiveReturn) 536 return NeverFallThrough; 537 return NeverFallThroughOrReturn; 538 } 539 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 540 return MaybeFallThrough; 541 // This says AlwaysFallThrough for calls to functions that are not marked 542 // noreturn, that don't return. If people would like this warning to be more 543 // accurate, such functions should be marked as noreturn. 544 return AlwaysFallThrough; 545 } 546 547 namespace { 548 549 struct CheckFallThroughDiagnostics { 550 unsigned diag_MaybeFallThrough_HasNoReturn; 551 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 552 unsigned diag_AlwaysFallThrough_HasNoReturn; 553 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 554 unsigned diag_NeverFallThroughOrReturn; 555 enum { Function, Block, Lambda, Coroutine } funMode; 556 SourceLocation FuncLoc; 557 558 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 559 CheckFallThroughDiagnostics D; 560 D.FuncLoc = Func->getLocation(); 561 D.diag_MaybeFallThrough_HasNoReturn = 562 diag::warn_falloff_noreturn_function; 563 D.diag_MaybeFallThrough_ReturnsNonVoid = 564 diag::warn_maybe_falloff_nonvoid_function; 565 D.diag_AlwaysFallThrough_HasNoReturn = 566 diag::warn_falloff_noreturn_function; 567 D.diag_AlwaysFallThrough_ReturnsNonVoid = 568 diag::warn_falloff_nonvoid_function; 569 570 // Don't suggest that virtual functions be marked "noreturn", since they 571 // might be overridden by non-noreturn functions. 572 bool isVirtualMethod = false; 573 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 574 isVirtualMethod = Method->isVirtual(); 575 576 // Don't suggest that template instantiations be marked "noreturn" 577 bool isTemplateInstantiation = false; 578 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 579 isTemplateInstantiation = Function->isTemplateInstantiation(); 580 581 if (!isVirtualMethod && !isTemplateInstantiation) 582 D.diag_NeverFallThroughOrReturn = 583 diag::warn_suggest_noreturn_function; 584 else 585 D.diag_NeverFallThroughOrReturn = 0; 586 587 D.funMode = Function; 588 return D; 589 } 590 591 static CheckFallThroughDiagnostics MakeForCoroutine(const Decl *Func) { 592 CheckFallThroughDiagnostics D; 593 D.FuncLoc = Func->getLocation(); 594 D.diag_MaybeFallThrough_HasNoReturn = 0; 595 D.diag_MaybeFallThrough_ReturnsNonVoid = 596 diag::warn_maybe_falloff_nonvoid_coroutine; 597 D.diag_AlwaysFallThrough_HasNoReturn = 0; 598 D.diag_AlwaysFallThrough_ReturnsNonVoid = 599 diag::warn_falloff_nonvoid_coroutine; 600 D.diag_NeverFallThroughOrReturn = 0; 601 D.funMode = Coroutine; 602 return D; 603 } 604 605 static CheckFallThroughDiagnostics MakeForBlock() { 606 CheckFallThroughDiagnostics D; 607 D.diag_MaybeFallThrough_HasNoReturn = 608 diag::err_noreturn_block_has_return_expr; 609 D.diag_MaybeFallThrough_ReturnsNonVoid = 610 diag::err_maybe_falloff_nonvoid_block; 611 D.diag_AlwaysFallThrough_HasNoReturn = 612 diag::err_noreturn_block_has_return_expr; 613 D.diag_AlwaysFallThrough_ReturnsNonVoid = 614 diag::err_falloff_nonvoid_block; 615 D.diag_NeverFallThroughOrReturn = 0; 616 D.funMode = Block; 617 return D; 618 } 619 620 static CheckFallThroughDiagnostics MakeForLambda() { 621 CheckFallThroughDiagnostics D; 622 D.diag_MaybeFallThrough_HasNoReturn = 623 diag::err_noreturn_lambda_has_return_expr; 624 D.diag_MaybeFallThrough_ReturnsNonVoid = 625 diag::warn_maybe_falloff_nonvoid_lambda; 626 D.diag_AlwaysFallThrough_HasNoReturn = 627 diag::err_noreturn_lambda_has_return_expr; 628 D.diag_AlwaysFallThrough_ReturnsNonVoid = 629 diag::warn_falloff_nonvoid_lambda; 630 D.diag_NeverFallThroughOrReturn = 0; 631 D.funMode = Lambda; 632 return D; 633 } 634 635 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 636 bool HasNoReturn) const { 637 if (funMode == Function) { 638 return (ReturnsVoid || 639 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 640 FuncLoc)) && 641 (!HasNoReturn || 642 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 643 FuncLoc)) && 644 (!ReturnsVoid || 645 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 646 } 647 if (funMode == Coroutine) { 648 return (ReturnsVoid || 649 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, FuncLoc) || 650 D.isIgnored(diag::warn_maybe_falloff_nonvoid_coroutine, 651 FuncLoc)) && 652 (!HasNoReturn); 653 } 654 // For blocks / lambdas. 655 return ReturnsVoid && !HasNoReturn; 656 } 657 }; 658 659 } // anonymous namespace 660 661 /// CheckFallThroughForBody - Check that we don't fall off the end of a 662 /// function that should return a value. Check that we don't fall off the end 663 /// of a noreturn function. We assume that functions and blocks not marked 664 /// noreturn will return. 665 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 666 QualType BlockType, 667 const CheckFallThroughDiagnostics &CD, 668 AnalysisDeclContext &AC, 669 sema::FunctionScopeInfo *FSI) { 670 671 bool ReturnsVoid = false; 672 bool HasNoReturn = false; 673 bool IsCoroutine = FSI->isCoroutine(); 674 675 if (const auto *FD = dyn_cast<FunctionDecl>(D)) { 676 if (const auto *CBody = dyn_cast<CoroutineBodyStmt>(Body)) 677 ReturnsVoid = CBody->getFallthroughHandler() != nullptr; 678 else 679 ReturnsVoid = FD->getReturnType()->isVoidType(); 680 HasNoReturn = FD->isNoReturn(); 681 } 682 else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) { 683 ReturnsVoid = MD->getReturnType()->isVoidType(); 684 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 685 } 686 else if (isa<BlockDecl>(D)) { 687 if (const FunctionType *FT = 688 BlockType->getPointeeType()->getAs<FunctionType>()) { 689 if (FT->getReturnType()->isVoidType()) 690 ReturnsVoid = true; 691 if (FT->getNoReturnAttr()) 692 HasNoReturn = true; 693 } 694 } 695 696 DiagnosticsEngine &Diags = S.getDiagnostics(); 697 698 // Short circuit for compilation speed. 699 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 700 return; 701 SourceLocation LBrace = Body->getBeginLoc(), RBrace = Body->getEndLoc(); 702 auto EmitDiag = [&](SourceLocation Loc, unsigned DiagID) { 703 if (IsCoroutine) 704 S.Diag(Loc, DiagID) << FSI->CoroutinePromise->getType(); 705 else 706 S.Diag(Loc, DiagID); 707 }; 708 709 // cpu_dispatch functions permit empty function bodies for ICC compatibility. 710 if (D->getAsFunction() && D->getAsFunction()->isCPUDispatchMultiVersion()) 711 return; 712 713 // Either in a function body compound statement, or a function-try-block. 714 switch (CheckFallThrough(AC)) { 715 case UnknownFallThrough: 716 break; 717 718 case MaybeFallThrough: 719 if (HasNoReturn) 720 EmitDiag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn); 721 else if (!ReturnsVoid) 722 EmitDiag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid); 723 break; 724 case AlwaysFallThrough: 725 if (HasNoReturn) 726 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn); 727 else if (!ReturnsVoid) 728 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid); 729 break; 730 case NeverFallThroughOrReturn: 731 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 732 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 733 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD; 734 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 735 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD; 736 } else { 737 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn); 738 } 739 } 740 break; 741 case NeverFallThrough: 742 break; 743 } 744 } 745 746 //===----------------------------------------------------------------------===// 747 // -Wuninitialized 748 //===----------------------------------------------------------------------===// 749 750 namespace { 751 /// ContainsReference - A visitor class to search for references to 752 /// a particular declaration (the needle) within any evaluated component of an 753 /// expression (recursively). 754 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> { 755 bool FoundReference; 756 const DeclRefExpr *Needle; 757 758 public: 759 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited; 760 761 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 762 : Inherited(Context), FoundReference(false), Needle(Needle) {} 763 764 void VisitExpr(const Expr *E) { 765 // Stop evaluating if we already have a reference. 766 if (FoundReference) 767 return; 768 769 Inherited::VisitExpr(E); 770 } 771 772 void VisitDeclRefExpr(const DeclRefExpr *E) { 773 if (E == Needle) 774 FoundReference = true; 775 else 776 Inherited::VisitDeclRefExpr(E); 777 } 778 779 bool doesContainReference() const { return FoundReference; } 780 }; 781 } // anonymous namespace 782 783 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 784 QualType VariableTy = VD->getType().getCanonicalType(); 785 if (VariableTy->isBlockPointerType() && 786 !VD->hasAttr<BlocksAttr>()) { 787 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 788 << VD->getDeclName() 789 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 790 return true; 791 } 792 793 // Don't issue a fixit if there is already an initializer. 794 if (VD->getInit()) 795 return false; 796 797 // Don't suggest a fixit inside macros. 798 if (VD->getEndLoc().isMacroID()) 799 return false; 800 801 SourceLocation Loc = S.getLocForEndOfToken(VD->getEndLoc()); 802 803 // Suggest possible initialization (if any). 804 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 805 if (Init.empty()) 806 return false; 807 808 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 809 << FixItHint::CreateInsertion(Loc, Init); 810 return true; 811 } 812 813 /// Create a fixit to remove an if-like statement, on the assumption that its 814 /// condition is CondVal. 815 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 816 const Stmt *Else, bool CondVal, 817 FixItHint &Fixit1, FixItHint &Fixit2) { 818 if (CondVal) { 819 // If condition is always true, remove all but the 'then'. 820 Fixit1 = FixItHint::CreateRemoval( 821 CharSourceRange::getCharRange(If->getBeginLoc(), Then->getBeginLoc())); 822 if (Else) { 823 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getEndLoc()); 824 Fixit2 = 825 FixItHint::CreateRemoval(SourceRange(ElseKwLoc, Else->getEndLoc())); 826 } 827 } else { 828 // If condition is always false, remove all but the 'else'. 829 if (Else) 830 Fixit1 = FixItHint::CreateRemoval(CharSourceRange::getCharRange( 831 If->getBeginLoc(), Else->getBeginLoc())); 832 else 833 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 834 } 835 } 836 837 /// DiagUninitUse -- Helper function to produce a diagnostic for an 838 /// uninitialized use of a variable. 839 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 840 bool IsCapturedByBlock) { 841 bool Diagnosed = false; 842 843 switch (Use.getKind()) { 844 case UninitUse::Always: 845 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_var) 846 << VD->getDeclName() << IsCapturedByBlock 847 << Use.getUser()->getSourceRange(); 848 return; 849 850 case UninitUse::AfterDecl: 851 case UninitUse::AfterCall: 852 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 853 << VD->getDeclName() << IsCapturedByBlock 854 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 855 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 856 << VD->getSourceRange(); 857 S.Diag(Use.getUser()->getBeginLoc(), diag::note_uninit_var_use) 858 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 859 return; 860 861 case UninitUse::Maybe: 862 case UninitUse::Sometimes: 863 // Carry on to report sometimes-uninitialized branches, if possible, 864 // or a 'may be used uninitialized' diagnostic otherwise. 865 break; 866 } 867 868 // Diagnose each branch which leads to a sometimes-uninitialized use. 869 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 870 I != E; ++I) { 871 assert(Use.getKind() == UninitUse::Sometimes); 872 873 const Expr *User = Use.getUser(); 874 const Stmt *Term = I->Terminator; 875 876 // Information used when building the diagnostic. 877 unsigned DiagKind; 878 StringRef Str; 879 SourceRange Range; 880 881 // FixIts to suppress the diagnostic by removing the dead condition. 882 // For all binary terminators, branch 0 is taken if the condition is true, 883 // and branch 1 is taken if the condition is false. 884 int RemoveDiagKind = -1; 885 const char *FixitStr = 886 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 887 : (I->Output ? "1" : "0"); 888 FixItHint Fixit1, Fixit2; 889 890 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 891 default: 892 // Don't know how to report this. Just fall back to 'may be used 893 // uninitialized'. FIXME: Can this happen? 894 continue; 895 896 // "condition is true / condition is false". 897 case Stmt::IfStmtClass: { 898 const IfStmt *IS = cast<IfStmt>(Term); 899 DiagKind = 0; 900 Str = "if"; 901 Range = IS->getCond()->getSourceRange(); 902 RemoveDiagKind = 0; 903 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 904 I->Output, Fixit1, Fixit2); 905 break; 906 } 907 case Stmt::ConditionalOperatorClass: { 908 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 909 DiagKind = 0; 910 Str = "?:"; 911 Range = CO->getCond()->getSourceRange(); 912 RemoveDiagKind = 0; 913 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 914 I->Output, Fixit1, Fixit2); 915 break; 916 } 917 case Stmt::BinaryOperatorClass: { 918 const BinaryOperator *BO = cast<BinaryOperator>(Term); 919 if (!BO->isLogicalOp()) 920 continue; 921 DiagKind = 0; 922 Str = BO->getOpcodeStr(); 923 Range = BO->getLHS()->getSourceRange(); 924 RemoveDiagKind = 0; 925 if ((BO->getOpcode() == BO_LAnd && I->Output) || 926 (BO->getOpcode() == BO_LOr && !I->Output)) 927 // true && y -> y, false || y -> y. 928 Fixit1 = FixItHint::CreateRemoval( 929 SourceRange(BO->getBeginLoc(), BO->getOperatorLoc())); 930 else 931 // false && y -> false, true || y -> true. 932 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 933 break; 934 } 935 936 // "loop is entered / loop is exited". 937 case Stmt::WhileStmtClass: 938 DiagKind = 1; 939 Str = "while"; 940 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 941 RemoveDiagKind = 1; 942 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 943 break; 944 case Stmt::ForStmtClass: 945 DiagKind = 1; 946 Str = "for"; 947 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 948 RemoveDiagKind = 1; 949 if (I->Output) 950 Fixit1 = FixItHint::CreateRemoval(Range); 951 else 952 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 953 break; 954 case Stmt::CXXForRangeStmtClass: 955 if (I->Output == 1) { 956 // The use occurs if a range-based for loop's body never executes. 957 // That may be impossible, and there's no syntactic fix for this, 958 // so treat it as a 'may be uninitialized' case. 959 continue; 960 } 961 DiagKind = 1; 962 Str = "for"; 963 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 964 break; 965 966 // "condition is true / loop is exited". 967 case Stmt::DoStmtClass: 968 DiagKind = 2; 969 Str = "do"; 970 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 971 RemoveDiagKind = 1; 972 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 973 break; 974 975 // "switch case is taken". 976 case Stmt::CaseStmtClass: 977 DiagKind = 3; 978 Str = "case"; 979 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 980 break; 981 case Stmt::DefaultStmtClass: 982 DiagKind = 3; 983 Str = "default"; 984 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 985 break; 986 } 987 988 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 989 << VD->getDeclName() << IsCapturedByBlock << DiagKind 990 << Str << I->Output << Range; 991 S.Diag(User->getBeginLoc(), diag::note_uninit_var_use) 992 << IsCapturedByBlock << User->getSourceRange(); 993 if (RemoveDiagKind != -1) 994 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 995 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 996 997 Diagnosed = true; 998 } 999 1000 if (!Diagnosed) 1001 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_maybe_uninit_var) 1002 << VD->getDeclName() << IsCapturedByBlock 1003 << Use.getUser()->getSourceRange(); 1004 } 1005 1006 /// Diagnose uninitialized const reference usages. 1007 static bool DiagnoseUninitializedConstRefUse(Sema &S, const VarDecl *VD, 1008 const UninitUse &Use) { 1009 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_const_reference) 1010 << VD->getDeclName() << Use.getUser()->getSourceRange(); 1011 return true; 1012 } 1013 1014 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 1015 /// uninitialized variable. This manages the different forms of diagnostic 1016 /// emitted for particular types of uses. Returns true if the use was diagnosed 1017 /// as a warning. If a particular use is one we omit warnings for, returns 1018 /// false. 1019 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 1020 const UninitUse &Use, 1021 bool alwaysReportSelfInit = false) { 1022 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 1023 // Inspect the initializer of the variable declaration which is 1024 // being referenced prior to its initialization. We emit 1025 // specialized diagnostics for self-initialization, and we 1026 // specifically avoid warning about self references which take the 1027 // form of: 1028 // 1029 // int x = x; 1030 // 1031 // This is used to indicate to GCC that 'x' is intentionally left 1032 // uninitialized. Proven code paths which access 'x' in 1033 // an uninitialized state after this will still warn. 1034 if (const Expr *Initializer = VD->getInit()) { 1035 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 1036 return false; 1037 1038 ContainsReference CR(S.Context, DRE); 1039 CR.Visit(Initializer); 1040 if (CR.doesContainReference()) { 1041 S.Diag(DRE->getBeginLoc(), diag::warn_uninit_self_reference_in_init) 1042 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 1043 return true; 1044 } 1045 } 1046 1047 DiagUninitUse(S, VD, Use, false); 1048 } else { 1049 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 1050 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 1051 S.Diag(BE->getBeginLoc(), 1052 diag::warn_uninit_byref_blockvar_captured_by_block) 1053 << VD->getDeclName() 1054 << VD->getType().getQualifiers().hasObjCLifetime(); 1055 else 1056 DiagUninitUse(S, VD, Use, true); 1057 } 1058 1059 // Report where the variable was declared when the use wasn't within 1060 // the initializer of that declaration & we didn't already suggest 1061 // an initialization fixit. 1062 if (!SuggestInitializationFixit(S, VD)) 1063 S.Diag(VD->getBeginLoc(), diag::note_var_declared_here) 1064 << VD->getDeclName(); 1065 1066 return true; 1067 } 1068 1069 namespace { 1070 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 1071 public: 1072 FallthroughMapper(Sema &S) 1073 : FoundSwitchStatements(false), 1074 S(S) { 1075 } 1076 1077 bool foundSwitchStatements() const { return FoundSwitchStatements; } 1078 1079 void markFallthroughVisited(const AttributedStmt *Stmt) { 1080 bool Found = FallthroughStmts.erase(Stmt); 1081 assert(Found); 1082 (void)Found; 1083 } 1084 1085 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 1086 1087 const AttrStmts &getFallthroughStmts() const { 1088 return FallthroughStmts; 1089 } 1090 1091 void fillReachableBlocks(CFG *Cfg) { 1092 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 1093 std::deque<const CFGBlock *> BlockQueue; 1094 1095 ReachableBlocks.insert(&Cfg->getEntry()); 1096 BlockQueue.push_back(&Cfg->getEntry()); 1097 // Mark all case blocks reachable to avoid problems with switching on 1098 // constants, covered enums, etc. 1099 // These blocks can contain fall-through annotations, and we don't want to 1100 // issue a warn_fallthrough_attr_unreachable for them. 1101 for (const auto *B : *Cfg) { 1102 const Stmt *L = B->getLabel(); 1103 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second) 1104 BlockQueue.push_back(B); 1105 } 1106 1107 while (!BlockQueue.empty()) { 1108 const CFGBlock *P = BlockQueue.front(); 1109 BlockQueue.pop_front(); 1110 for (const CFGBlock *B : P->succs()) { 1111 if (B && ReachableBlocks.insert(B).second) 1112 BlockQueue.push_back(B); 1113 } 1114 } 1115 } 1116 1117 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt, 1118 bool IsTemplateInstantiation) { 1119 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 1120 1121 int UnannotatedCnt = 0; 1122 AnnotatedCnt = 0; 1123 1124 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 1125 while (!BlockQueue.empty()) { 1126 const CFGBlock *P = BlockQueue.front(); 1127 BlockQueue.pop_front(); 1128 if (!P) continue; 1129 1130 const Stmt *Term = P->getTerminatorStmt(); 1131 if (Term && isa<SwitchStmt>(Term)) 1132 continue; // Switch statement, good. 1133 1134 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 1135 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1136 continue; // Previous case label has no statements, good. 1137 1138 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 1139 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1140 continue; // Case label is preceded with a normal label, good. 1141 1142 if (!ReachableBlocks.count(P)) { 1143 for (const CFGElement &Elem : llvm::reverse(*P)) { 1144 if (std::optional<CFGStmt> CS = Elem.getAs<CFGStmt>()) { 1145 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 1146 // Don't issue a warning for an unreachable fallthrough 1147 // attribute in template instantiations as it may not be 1148 // unreachable in all instantiations of the template. 1149 if (!IsTemplateInstantiation) 1150 S.Diag(AS->getBeginLoc(), 1151 diag::warn_unreachable_fallthrough_attr); 1152 markFallthroughVisited(AS); 1153 ++AnnotatedCnt; 1154 break; 1155 } 1156 // Don't care about other unreachable statements. 1157 } 1158 } 1159 // If there are no unreachable statements, this may be a special 1160 // case in CFG: 1161 // case X: { 1162 // A a; // A has a destructor. 1163 // break; 1164 // } 1165 // // <<<< This place is represented by a 'hanging' CFG block. 1166 // case Y: 1167 continue; 1168 } 1169 1170 const Stmt *LastStmt = getLastStmt(*P); 1171 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 1172 markFallthroughVisited(AS); 1173 ++AnnotatedCnt; 1174 continue; // Fallthrough annotation, good. 1175 } 1176 1177 if (!LastStmt) { // This block contains no executable statements. 1178 // Traverse its predecessors. 1179 std::copy(P->pred_begin(), P->pred_end(), 1180 std::back_inserter(BlockQueue)); 1181 continue; 1182 } 1183 1184 ++UnannotatedCnt; 1185 } 1186 return !!UnannotatedCnt; 1187 } 1188 1189 // RecursiveASTVisitor setup. 1190 bool shouldWalkTypesOfTypeLocs() const { return false; } 1191 1192 bool VisitAttributedStmt(AttributedStmt *S) { 1193 if (asFallThroughAttr(S)) 1194 FallthroughStmts.insert(S); 1195 return true; 1196 } 1197 1198 bool VisitSwitchStmt(SwitchStmt *S) { 1199 FoundSwitchStatements = true; 1200 return true; 1201 } 1202 1203 // We don't want to traverse local type declarations. We analyze their 1204 // methods separately. 1205 bool TraverseDecl(Decl *D) { return true; } 1206 1207 // We analyze lambda bodies separately. Skip them here. 1208 bool TraverseLambdaExpr(LambdaExpr *LE) { 1209 // Traverse the captures, but not the body. 1210 for (const auto C : zip(LE->captures(), LE->capture_inits())) 1211 TraverseLambdaCapture(LE, &std::get<0>(C), std::get<1>(C)); 1212 return true; 1213 } 1214 1215 private: 1216 1217 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1218 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1219 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1220 return AS; 1221 } 1222 return nullptr; 1223 } 1224 1225 static const Stmt *getLastStmt(const CFGBlock &B) { 1226 if (const Stmt *Term = B.getTerminatorStmt()) 1227 return Term; 1228 for (const CFGElement &Elem : llvm::reverse(B)) 1229 if (std::optional<CFGStmt> CS = Elem.getAs<CFGStmt>()) 1230 return CS->getStmt(); 1231 // Workaround to detect a statement thrown out by CFGBuilder: 1232 // case X: {} case Y: 1233 // case X: ; case Y: 1234 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1235 if (!isa<SwitchCase>(SW->getSubStmt())) 1236 return SW->getSubStmt(); 1237 1238 return nullptr; 1239 } 1240 1241 bool FoundSwitchStatements; 1242 AttrStmts FallthroughStmts; 1243 Sema &S; 1244 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1245 }; 1246 } // anonymous namespace 1247 1248 static StringRef getFallthroughAttrSpelling(Preprocessor &PP, 1249 SourceLocation Loc) { 1250 TokenValue FallthroughTokens[] = { 1251 tok::l_square, tok::l_square, 1252 PP.getIdentifierInfo("fallthrough"), 1253 tok::r_square, tok::r_square 1254 }; 1255 1256 TokenValue ClangFallthroughTokens[] = { 1257 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1258 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1259 tok::r_square, tok::r_square 1260 }; 1261 1262 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus17 && !PP.getLangOpts().C23; 1263 1264 StringRef MacroName; 1265 if (PreferClangAttr) 1266 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1267 if (MacroName.empty()) 1268 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens); 1269 if (MacroName.empty() && !PreferClangAttr) 1270 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1271 if (MacroName.empty()) { 1272 if (!PreferClangAttr) 1273 MacroName = "[[fallthrough]]"; 1274 else if (PP.getLangOpts().CPlusPlus) 1275 MacroName = "[[clang::fallthrough]]"; 1276 else 1277 MacroName = "__attribute__((fallthrough))"; 1278 } 1279 return MacroName; 1280 } 1281 1282 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1283 bool PerFunction) { 1284 FallthroughMapper FM(S); 1285 FM.TraverseStmt(AC.getBody()); 1286 1287 if (!FM.foundSwitchStatements()) 1288 return; 1289 1290 if (PerFunction && FM.getFallthroughStmts().empty()) 1291 return; 1292 1293 CFG *Cfg = AC.getCFG(); 1294 1295 if (!Cfg) 1296 return; 1297 1298 FM.fillReachableBlocks(Cfg); 1299 1300 for (const CFGBlock *B : llvm::reverse(*Cfg)) { 1301 const Stmt *Label = B->getLabel(); 1302 1303 if (!isa_and_nonnull<SwitchCase>(Label)) 1304 continue; 1305 1306 int AnnotatedCnt; 1307 1308 bool IsTemplateInstantiation = false; 1309 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(AC.getDecl())) 1310 IsTemplateInstantiation = Function->isTemplateInstantiation(); 1311 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt, 1312 IsTemplateInstantiation)) 1313 continue; 1314 1315 S.Diag(Label->getBeginLoc(), 1316 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1317 : diag::warn_unannotated_fallthrough); 1318 1319 if (!AnnotatedCnt) { 1320 SourceLocation L = Label->getBeginLoc(); 1321 if (L.isMacroID()) 1322 continue; 1323 1324 const Stmt *Term = B->getTerminatorStmt(); 1325 // Skip empty cases. 1326 while (B->empty() && !Term && B->succ_size() == 1) { 1327 B = *B->succ_begin(); 1328 Term = B->getTerminatorStmt(); 1329 } 1330 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1331 Preprocessor &PP = S.getPreprocessor(); 1332 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L); 1333 SmallString<64> TextToInsert(AnnotationSpelling); 1334 TextToInsert += "; "; 1335 S.Diag(L, diag::note_insert_fallthrough_fixit) 1336 << AnnotationSpelling 1337 << FixItHint::CreateInsertion(L, TextToInsert); 1338 } 1339 S.Diag(L, diag::note_insert_break_fixit) 1340 << FixItHint::CreateInsertion(L, "break; "); 1341 } 1342 } 1343 1344 for (const auto *F : FM.getFallthroughStmts()) 1345 S.Diag(F->getBeginLoc(), diag::err_fallthrough_attr_invalid_placement); 1346 } 1347 1348 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1349 const Stmt *S) { 1350 assert(S); 1351 1352 do { 1353 switch (S->getStmtClass()) { 1354 case Stmt::ForStmtClass: 1355 case Stmt::WhileStmtClass: 1356 case Stmt::CXXForRangeStmtClass: 1357 case Stmt::ObjCForCollectionStmtClass: 1358 return true; 1359 case Stmt::DoStmtClass: { 1360 Expr::EvalResult Result; 1361 if (!cast<DoStmt>(S)->getCond()->EvaluateAsInt(Result, Ctx)) 1362 return true; 1363 return Result.Val.getInt().getBoolValue(); 1364 } 1365 default: 1366 break; 1367 } 1368 } while ((S = PM.getParent(S))); 1369 1370 return false; 1371 } 1372 1373 static void diagnoseRepeatedUseOfWeak(Sema &S, 1374 const sema::FunctionScopeInfo *CurFn, 1375 const Decl *D, 1376 const ParentMap &PM) { 1377 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1378 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1379 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1380 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1381 StmtUsesPair; 1382 1383 ASTContext &Ctx = S.getASTContext(); 1384 1385 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1386 1387 // Extract all weak objects that are referenced more than once. 1388 SmallVector<StmtUsesPair, 8> UsesByStmt; 1389 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1390 I != E; ++I) { 1391 const WeakUseVector &Uses = I->second; 1392 1393 // Find the first read of the weak object. 1394 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1395 for ( ; UI != UE; ++UI) { 1396 if (UI->isUnsafe()) 1397 break; 1398 } 1399 1400 // If there were only writes to this object, don't warn. 1401 if (UI == UE) 1402 continue; 1403 1404 // If there was only one read, followed by any number of writes, and the 1405 // read is not within a loop, don't warn. Additionally, don't warn in a 1406 // loop if the base object is a local variable -- local variables are often 1407 // changed in loops. 1408 if (UI == Uses.begin()) { 1409 WeakUseVector::const_iterator UI2 = UI; 1410 for (++UI2; UI2 != UE; ++UI2) 1411 if (UI2->isUnsafe()) 1412 break; 1413 1414 if (UI2 == UE) { 1415 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1416 continue; 1417 1418 const WeakObjectProfileTy &Profile = I->first; 1419 if (!Profile.isExactProfile()) 1420 continue; 1421 1422 const NamedDecl *Base = Profile.getBase(); 1423 if (!Base) 1424 Base = Profile.getProperty(); 1425 assert(Base && "A profile always has a base or property."); 1426 1427 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1428 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1429 continue; 1430 } 1431 } 1432 1433 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1434 } 1435 1436 if (UsesByStmt.empty()) 1437 return; 1438 1439 // Sort by first use so that we emit the warnings in a deterministic order. 1440 SourceManager &SM = S.getSourceManager(); 1441 llvm::sort(UsesByStmt, 1442 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1443 return SM.isBeforeInTranslationUnit(LHS.first->getBeginLoc(), 1444 RHS.first->getBeginLoc()); 1445 }); 1446 1447 // Classify the current code body for better warning text. 1448 // This enum should stay in sync with the cases in 1449 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1450 // FIXME: Should we use a common classification enum and the same set of 1451 // possibilities all throughout Sema? 1452 enum { 1453 Function, 1454 Method, 1455 Block, 1456 Lambda 1457 } FunctionKind; 1458 1459 if (isa<sema::BlockScopeInfo>(CurFn)) 1460 FunctionKind = Block; 1461 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1462 FunctionKind = Lambda; 1463 else if (isa<ObjCMethodDecl>(D)) 1464 FunctionKind = Method; 1465 else 1466 FunctionKind = Function; 1467 1468 // Iterate through the sorted problems and emit warnings for each. 1469 for (const auto &P : UsesByStmt) { 1470 const Stmt *FirstRead = P.first; 1471 const WeakObjectProfileTy &Key = P.second->first; 1472 const WeakUseVector &Uses = P.second->second; 1473 1474 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1475 // may not contain enough information to determine that these are different 1476 // properties. We can only be 100% sure of a repeated use in certain cases, 1477 // and we adjust the diagnostic kind accordingly so that the less certain 1478 // case can be turned off if it is too noisy. 1479 unsigned DiagKind; 1480 if (Key.isExactProfile()) 1481 DiagKind = diag::warn_arc_repeated_use_of_weak; 1482 else 1483 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1484 1485 // Classify the weak object being accessed for better warning text. 1486 // This enum should stay in sync with the cases in 1487 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1488 enum { 1489 Variable, 1490 Property, 1491 ImplicitProperty, 1492 Ivar 1493 } ObjectKind; 1494 1495 const NamedDecl *KeyProp = Key.getProperty(); 1496 if (isa<VarDecl>(KeyProp)) 1497 ObjectKind = Variable; 1498 else if (isa<ObjCPropertyDecl>(KeyProp)) 1499 ObjectKind = Property; 1500 else if (isa<ObjCMethodDecl>(KeyProp)) 1501 ObjectKind = ImplicitProperty; 1502 else if (isa<ObjCIvarDecl>(KeyProp)) 1503 ObjectKind = Ivar; 1504 else 1505 llvm_unreachable("Unexpected weak object kind!"); 1506 1507 // Do not warn about IBOutlet weak property receivers being set to null 1508 // since they are typically only used from the main thread. 1509 if (const ObjCPropertyDecl *Prop = dyn_cast<ObjCPropertyDecl>(KeyProp)) 1510 if (Prop->hasAttr<IBOutletAttr>()) 1511 continue; 1512 1513 // Show the first time the object was read. 1514 S.Diag(FirstRead->getBeginLoc(), DiagKind) 1515 << int(ObjectKind) << KeyProp << int(FunctionKind) 1516 << FirstRead->getSourceRange(); 1517 1518 // Print all the other accesses as notes. 1519 for (const auto &Use : Uses) { 1520 if (Use.getUseExpr() == FirstRead) 1521 continue; 1522 S.Diag(Use.getUseExpr()->getBeginLoc(), 1523 diag::note_arc_weak_also_accessed_here) 1524 << Use.getUseExpr()->getSourceRange(); 1525 } 1526 } 1527 } 1528 1529 namespace clang { 1530 namespace { 1531 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1532 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1533 typedef std::list<DelayedDiag> DiagList; 1534 1535 struct SortDiagBySourceLocation { 1536 SourceManager &SM; 1537 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1538 1539 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1540 // Although this call will be slow, this is only called when outputting 1541 // multiple warnings. 1542 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1543 } 1544 }; 1545 } // anonymous namespace 1546 } // namespace clang 1547 1548 namespace { 1549 class UninitValsDiagReporter : public UninitVariablesHandler { 1550 Sema &S; 1551 typedef SmallVector<UninitUse, 2> UsesVec; 1552 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1553 // Prefer using MapVector to DenseMap, so that iteration order will be 1554 // the same as insertion order. This is needed to obtain a deterministic 1555 // order of diagnostics when calling flushDiagnostics(). 1556 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1557 UsesMap uses; 1558 UsesMap constRefUses; 1559 1560 public: 1561 UninitValsDiagReporter(Sema &S) : S(S) {} 1562 ~UninitValsDiagReporter() override { flushDiagnostics(); } 1563 1564 MappedType &getUses(UsesMap &um, const VarDecl *vd) { 1565 MappedType &V = um[vd]; 1566 if (!V.getPointer()) 1567 V.setPointer(new UsesVec()); 1568 return V; 1569 } 1570 1571 void handleUseOfUninitVariable(const VarDecl *vd, 1572 const UninitUse &use) override { 1573 getUses(uses, vd).getPointer()->push_back(use); 1574 } 1575 1576 void handleConstRefUseOfUninitVariable(const VarDecl *vd, 1577 const UninitUse &use) override { 1578 getUses(constRefUses, vd).getPointer()->push_back(use); 1579 } 1580 1581 void handleSelfInit(const VarDecl *vd) override { 1582 getUses(uses, vd).setInt(true); 1583 getUses(constRefUses, vd).setInt(true); 1584 } 1585 1586 void flushDiagnostics() { 1587 for (const auto &P : uses) { 1588 const VarDecl *vd = P.first; 1589 const MappedType &V = P.second; 1590 1591 UsesVec *vec = V.getPointer(); 1592 bool hasSelfInit = V.getInt(); 1593 1594 // Specially handle the case where we have uses of an uninitialized 1595 // variable, but the root cause is an idiomatic self-init. We want 1596 // to report the diagnostic at the self-init since that is the root cause. 1597 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1598 DiagnoseUninitializedUse(S, vd, 1599 UninitUse(vd->getInit()->IgnoreParenCasts(), 1600 /* isAlwaysUninit */ true), 1601 /* alwaysReportSelfInit */ true); 1602 else { 1603 // Sort the uses by their SourceLocations. While not strictly 1604 // guaranteed to produce them in line/column order, this will provide 1605 // a stable ordering. 1606 llvm::sort(*vec, [](const UninitUse &a, const UninitUse &b) { 1607 // Prefer a more confident report over a less confident one. 1608 if (a.getKind() != b.getKind()) 1609 return a.getKind() > b.getKind(); 1610 return a.getUser()->getBeginLoc() < b.getUser()->getBeginLoc(); 1611 }); 1612 1613 for (const auto &U : *vec) { 1614 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1615 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1616 1617 if (DiagnoseUninitializedUse(S, vd, Use)) 1618 // Skip further diagnostics for this variable. We try to warn only 1619 // on the first point at which a variable is used uninitialized. 1620 break; 1621 } 1622 } 1623 1624 // Release the uses vector. 1625 delete vec; 1626 } 1627 1628 uses.clear(); 1629 1630 // Flush all const reference uses diags. 1631 for (const auto &P : constRefUses) { 1632 const VarDecl *vd = P.first; 1633 const MappedType &V = P.second; 1634 1635 UsesVec *vec = V.getPointer(); 1636 bool hasSelfInit = V.getInt(); 1637 1638 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1639 DiagnoseUninitializedUse(S, vd, 1640 UninitUse(vd->getInit()->IgnoreParenCasts(), 1641 /* isAlwaysUninit */ true), 1642 /* alwaysReportSelfInit */ true); 1643 else { 1644 for (const auto &U : *vec) { 1645 if (DiagnoseUninitializedConstRefUse(S, vd, U)) 1646 break; 1647 } 1648 } 1649 1650 // Release the uses vector. 1651 delete vec; 1652 } 1653 1654 constRefUses.clear(); 1655 } 1656 1657 private: 1658 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1659 return llvm::any_of(*vec, [](const UninitUse &U) { 1660 return U.getKind() == UninitUse::Always || 1661 U.getKind() == UninitUse::AfterCall || 1662 U.getKind() == UninitUse::AfterDecl; 1663 }); 1664 } 1665 }; 1666 1667 /// Inter-procedural data for the called-once checker. 1668 class CalledOnceInterProceduralData { 1669 public: 1670 // Add the delayed warning for the given block. 1671 void addDelayedWarning(const BlockDecl *Block, 1672 PartialDiagnosticAt &&Warning) { 1673 DelayedBlockWarnings[Block].emplace_back(std::move(Warning)); 1674 } 1675 // Report all of the warnings we've gathered for the given block. 1676 void flushWarnings(const BlockDecl *Block, Sema &S) { 1677 for (const PartialDiagnosticAt &Delayed : DelayedBlockWarnings[Block]) 1678 S.Diag(Delayed.first, Delayed.second); 1679 1680 discardWarnings(Block); 1681 } 1682 // Discard all of the warnings we've gathered for the given block. 1683 void discardWarnings(const BlockDecl *Block) { 1684 DelayedBlockWarnings.erase(Block); 1685 } 1686 1687 private: 1688 using DelayedDiagnostics = SmallVector<PartialDiagnosticAt, 2>; 1689 llvm::DenseMap<const BlockDecl *, DelayedDiagnostics> DelayedBlockWarnings; 1690 }; 1691 1692 class CalledOnceCheckReporter : public CalledOnceCheckHandler { 1693 public: 1694 CalledOnceCheckReporter(Sema &S, CalledOnceInterProceduralData &Data) 1695 : S(S), Data(Data) {} 1696 void handleDoubleCall(const ParmVarDecl *Parameter, const Expr *Call, 1697 const Expr *PrevCall, bool IsCompletionHandler, 1698 bool Poised) override { 1699 auto DiagToReport = IsCompletionHandler 1700 ? diag::warn_completion_handler_called_twice 1701 : diag::warn_called_once_gets_called_twice; 1702 S.Diag(Call->getBeginLoc(), DiagToReport) << Parameter; 1703 S.Diag(PrevCall->getBeginLoc(), diag::note_called_once_gets_called_twice) 1704 << Poised; 1705 } 1706 1707 void handleNeverCalled(const ParmVarDecl *Parameter, 1708 bool IsCompletionHandler) override { 1709 auto DiagToReport = IsCompletionHandler 1710 ? diag::warn_completion_handler_never_called 1711 : diag::warn_called_once_never_called; 1712 S.Diag(Parameter->getBeginLoc(), DiagToReport) 1713 << Parameter << /* Captured */ false; 1714 } 1715 1716 void handleNeverCalled(const ParmVarDecl *Parameter, const Decl *Function, 1717 const Stmt *Where, NeverCalledReason Reason, 1718 bool IsCalledDirectly, 1719 bool IsCompletionHandler) override { 1720 auto DiagToReport = IsCompletionHandler 1721 ? diag::warn_completion_handler_never_called_when 1722 : diag::warn_called_once_never_called_when; 1723 PartialDiagnosticAt Warning(Where->getBeginLoc(), S.PDiag(DiagToReport) 1724 << Parameter 1725 << IsCalledDirectly 1726 << (unsigned)Reason); 1727 1728 if (const auto *Block = dyn_cast<BlockDecl>(Function)) { 1729 // We shouldn't report these warnings on blocks immediately 1730 Data.addDelayedWarning(Block, std::move(Warning)); 1731 } else { 1732 S.Diag(Warning.first, Warning.second); 1733 } 1734 } 1735 1736 void handleCapturedNeverCalled(const ParmVarDecl *Parameter, 1737 const Decl *Where, 1738 bool IsCompletionHandler) override { 1739 auto DiagToReport = IsCompletionHandler 1740 ? diag::warn_completion_handler_never_called 1741 : diag::warn_called_once_never_called; 1742 S.Diag(Where->getBeginLoc(), DiagToReport) 1743 << Parameter << /* Captured */ true; 1744 } 1745 1746 void 1747 handleBlockThatIsGuaranteedToBeCalledOnce(const BlockDecl *Block) override { 1748 Data.flushWarnings(Block, S); 1749 } 1750 1751 void handleBlockWithNoGuarantees(const BlockDecl *Block) override { 1752 Data.discardWarnings(Block); 1753 } 1754 1755 private: 1756 Sema &S; 1757 CalledOnceInterProceduralData &Data; 1758 }; 1759 1760 constexpr unsigned CalledOnceWarnings[] = { 1761 diag::warn_called_once_never_called, 1762 diag::warn_called_once_never_called_when, 1763 diag::warn_called_once_gets_called_twice}; 1764 1765 constexpr unsigned CompletionHandlerWarnings[]{ 1766 diag::warn_completion_handler_never_called, 1767 diag::warn_completion_handler_never_called_when, 1768 diag::warn_completion_handler_called_twice}; 1769 1770 bool shouldAnalyzeCalledOnceImpl(llvm::ArrayRef<unsigned> DiagIDs, 1771 const DiagnosticsEngine &Diags, 1772 SourceLocation At) { 1773 return llvm::any_of(DiagIDs, [&Diags, At](unsigned DiagID) { 1774 return !Diags.isIgnored(DiagID, At); 1775 }); 1776 } 1777 1778 bool shouldAnalyzeCalledOnceConventions(const DiagnosticsEngine &Diags, 1779 SourceLocation At) { 1780 return shouldAnalyzeCalledOnceImpl(CompletionHandlerWarnings, Diags, At); 1781 } 1782 1783 bool shouldAnalyzeCalledOnceParameters(const DiagnosticsEngine &Diags, 1784 SourceLocation At) { 1785 return shouldAnalyzeCalledOnceImpl(CalledOnceWarnings, Diags, At) || 1786 shouldAnalyzeCalledOnceConventions(Diags, At); 1787 } 1788 } // anonymous namespace 1789 1790 //===----------------------------------------------------------------------===// 1791 // -Wthread-safety 1792 //===----------------------------------------------------------------------===// 1793 namespace clang { 1794 namespace threadSafety { 1795 namespace { 1796 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1797 Sema &S; 1798 DiagList Warnings; 1799 SourceLocation FunLocation, FunEndLocation; 1800 1801 const FunctionDecl *CurrentFunction; 1802 bool Verbose; 1803 1804 OptionalNotes getNotes() const { 1805 if (Verbose && CurrentFunction) { 1806 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1807 S.PDiag(diag::note_thread_warning_in_fun) 1808 << CurrentFunction); 1809 return OptionalNotes(1, FNote); 1810 } 1811 return OptionalNotes(); 1812 } 1813 1814 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1815 OptionalNotes ONS(1, Note); 1816 if (Verbose && CurrentFunction) { 1817 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1818 S.PDiag(diag::note_thread_warning_in_fun) 1819 << CurrentFunction); 1820 ONS.push_back(std::move(FNote)); 1821 } 1822 return ONS; 1823 } 1824 1825 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1826 const PartialDiagnosticAt &Note2) const { 1827 OptionalNotes ONS; 1828 ONS.push_back(Note1); 1829 ONS.push_back(Note2); 1830 if (Verbose && CurrentFunction) { 1831 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1832 S.PDiag(diag::note_thread_warning_in_fun) 1833 << CurrentFunction); 1834 ONS.push_back(std::move(FNote)); 1835 } 1836 return ONS; 1837 } 1838 1839 OptionalNotes makeLockedHereNote(SourceLocation LocLocked, StringRef Kind) { 1840 return LocLocked.isValid() 1841 ? getNotes(PartialDiagnosticAt( 1842 LocLocked, S.PDiag(diag::note_locked_here) << Kind)) 1843 : getNotes(); 1844 } 1845 1846 OptionalNotes makeUnlockedHereNote(SourceLocation LocUnlocked, 1847 StringRef Kind) { 1848 return LocUnlocked.isValid() 1849 ? getNotes(PartialDiagnosticAt( 1850 LocUnlocked, S.PDiag(diag::note_unlocked_here) << Kind)) 1851 : getNotes(); 1852 } 1853 1854 public: 1855 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1856 : S(S), FunLocation(FL), FunEndLocation(FEL), 1857 CurrentFunction(nullptr), Verbose(false) {} 1858 1859 void setVerbose(bool b) { Verbose = b; } 1860 1861 /// Emit all buffered diagnostics in order of sourcelocation. 1862 /// We need to output diagnostics produced while iterating through 1863 /// the lockset in deterministic order, so this function orders diagnostics 1864 /// and outputs them. 1865 void emitDiagnostics() { 1866 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1867 for (const auto &Diag : Warnings) { 1868 S.Diag(Diag.first.first, Diag.first.second); 1869 for (const auto &Note : Diag.second) 1870 S.Diag(Note.first, Note.second); 1871 } 1872 } 1873 1874 void handleInvalidLockExp(SourceLocation Loc) override { 1875 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1876 << Loc); 1877 Warnings.emplace_back(std::move(Warning), getNotes()); 1878 } 1879 1880 void handleUnmatchedUnlock(StringRef Kind, Name LockName, SourceLocation Loc, 1881 SourceLocation LocPreviousUnlock) override { 1882 if (Loc.isInvalid()) 1883 Loc = FunLocation; 1884 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_but_no_lock) 1885 << Kind << LockName); 1886 Warnings.emplace_back(std::move(Warning), 1887 makeUnlockedHereNote(LocPreviousUnlock, Kind)); 1888 } 1889 1890 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1891 LockKind Expected, LockKind Received, 1892 SourceLocation LocLocked, 1893 SourceLocation LocUnlock) override { 1894 if (LocUnlock.isInvalid()) 1895 LocUnlock = FunLocation; 1896 PartialDiagnosticAt Warning( 1897 LocUnlock, S.PDiag(diag::warn_unlock_kind_mismatch) 1898 << Kind << LockName << Received << Expected); 1899 Warnings.emplace_back(std::move(Warning), 1900 makeLockedHereNote(LocLocked, Kind)); 1901 } 1902 1903 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation LocLocked, 1904 SourceLocation LocDoubleLock) override { 1905 if (LocDoubleLock.isInvalid()) 1906 LocDoubleLock = FunLocation; 1907 PartialDiagnosticAt Warning(LocDoubleLock, S.PDiag(diag::warn_double_lock) 1908 << Kind << LockName); 1909 Warnings.emplace_back(std::move(Warning), 1910 makeLockedHereNote(LocLocked, Kind)); 1911 } 1912 1913 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1914 SourceLocation LocLocked, 1915 SourceLocation LocEndOfScope, 1916 LockErrorKind LEK) override { 1917 unsigned DiagID = 0; 1918 switch (LEK) { 1919 case LEK_LockedSomePredecessors: 1920 DiagID = diag::warn_lock_some_predecessors; 1921 break; 1922 case LEK_LockedSomeLoopIterations: 1923 DiagID = diag::warn_expecting_lock_held_on_loop; 1924 break; 1925 case LEK_LockedAtEndOfFunction: 1926 DiagID = diag::warn_no_unlock; 1927 break; 1928 case LEK_NotLockedAtEndOfFunction: 1929 DiagID = diag::warn_expecting_locked; 1930 break; 1931 } 1932 if (LocEndOfScope.isInvalid()) 1933 LocEndOfScope = FunEndLocation; 1934 1935 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1936 << LockName); 1937 Warnings.emplace_back(std::move(Warning), 1938 makeLockedHereNote(LocLocked, Kind)); 1939 } 1940 1941 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1942 SourceLocation Loc1, 1943 SourceLocation Loc2) override { 1944 PartialDiagnosticAt Warning(Loc1, 1945 S.PDiag(diag::warn_lock_exclusive_and_shared) 1946 << Kind << LockName); 1947 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1948 << Kind << LockName); 1949 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1950 } 1951 1952 void handleNoMutexHeld(const NamedDecl *D, ProtectedOperationKind POK, 1953 AccessKind AK, SourceLocation Loc) override { 1954 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1955 "Only works for variables"); 1956 unsigned DiagID = POK == POK_VarAccess? 1957 diag::warn_variable_requires_any_lock: 1958 diag::warn_var_deref_requires_any_lock; 1959 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1960 << D << getLockKindFromAccessKind(AK)); 1961 Warnings.emplace_back(std::move(Warning), getNotes()); 1962 } 1963 1964 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1965 ProtectedOperationKind POK, Name LockName, 1966 LockKind LK, SourceLocation Loc, 1967 Name *PossibleMatch) override { 1968 unsigned DiagID = 0; 1969 if (PossibleMatch) { 1970 switch (POK) { 1971 case POK_VarAccess: 1972 DiagID = diag::warn_variable_requires_lock_precise; 1973 break; 1974 case POK_VarDereference: 1975 DiagID = diag::warn_var_deref_requires_lock_precise; 1976 break; 1977 case POK_FunctionCall: 1978 DiagID = diag::warn_fun_requires_lock_precise; 1979 break; 1980 case POK_PassByRef: 1981 DiagID = diag::warn_guarded_pass_by_reference; 1982 break; 1983 case POK_PtPassByRef: 1984 DiagID = diag::warn_pt_guarded_pass_by_reference; 1985 break; 1986 case POK_ReturnByRef: 1987 DiagID = diag::warn_guarded_return_by_reference; 1988 break; 1989 case POK_PtReturnByRef: 1990 DiagID = diag::warn_pt_guarded_return_by_reference; 1991 break; 1992 } 1993 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1994 << D 1995 << LockName << LK); 1996 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1997 << *PossibleMatch); 1998 if (Verbose && POK == POK_VarAccess) { 1999 PartialDiagnosticAt VNote(D->getLocation(), 2000 S.PDiag(diag::note_guarded_by_declared_here) 2001 << D->getDeclName()); 2002 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote)); 2003 } else 2004 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 2005 } else { 2006 switch (POK) { 2007 case POK_VarAccess: 2008 DiagID = diag::warn_variable_requires_lock; 2009 break; 2010 case POK_VarDereference: 2011 DiagID = diag::warn_var_deref_requires_lock; 2012 break; 2013 case POK_FunctionCall: 2014 DiagID = diag::warn_fun_requires_lock; 2015 break; 2016 case POK_PassByRef: 2017 DiagID = diag::warn_guarded_pass_by_reference; 2018 break; 2019 case POK_PtPassByRef: 2020 DiagID = diag::warn_pt_guarded_pass_by_reference; 2021 break; 2022 case POK_ReturnByRef: 2023 DiagID = diag::warn_guarded_return_by_reference; 2024 break; 2025 case POK_PtReturnByRef: 2026 DiagID = diag::warn_pt_guarded_return_by_reference; 2027 break; 2028 } 2029 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 2030 << D 2031 << LockName << LK); 2032 if (Verbose && POK == POK_VarAccess) { 2033 PartialDiagnosticAt Note(D->getLocation(), 2034 S.PDiag(diag::note_guarded_by_declared_here)); 2035 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 2036 } else 2037 Warnings.emplace_back(std::move(Warning), getNotes()); 2038 } 2039 } 2040 2041 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 2042 SourceLocation Loc) override { 2043 PartialDiagnosticAt Warning(Loc, 2044 S.PDiag(diag::warn_acquire_requires_negative_cap) 2045 << Kind << LockName << Neg); 2046 Warnings.emplace_back(std::move(Warning), getNotes()); 2047 } 2048 2049 void handleNegativeNotHeld(const NamedDecl *D, Name LockName, 2050 SourceLocation Loc) override { 2051 PartialDiagnosticAt Warning( 2052 Loc, S.PDiag(diag::warn_fun_requires_negative_cap) << D << LockName); 2053 Warnings.emplace_back(std::move(Warning), getNotes()); 2054 } 2055 2056 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 2057 SourceLocation Loc) override { 2058 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 2059 << Kind << FunName << LockName); 2060 Warnings.emplace_back(std::move(Warning), getNotes()); 2061 } 2062 2063 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name, 2064 SourceLocation Loc) override { 2065 PartialDiagnosticAt Warning(Loc, 2066 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name); 2067 Warnings.emplace_back(std::move(Warning), getNotes()); 2068 } 2069 2070 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override { 2071 PartialDiagnosticAt Warning(Loc, 2072 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name); 2073 Warnings.emplace_back(std::move(Warning), getNotes()); 2074 } 2075 2076 void enterFunction(const FunctionDecl* FD) override { 2077 CurrentFunction = FD; 2078 } 2079 2080 void leaveFunction(const FunctionDecl* FD) override { 2081 CurrentFunction = nullptr; 2082 } 2083 }; 2084 } // anonymous namespace 2085 } // namespace threadSafety 2086 } // namespace clang 2087 2088 //===----------------------------------------------------------------------===// 2089 // -Wconsumed 2090 //===----------------------------------------------------------------------===// 2091 2092 namespace clang { 2093 namespace consumed { 2094 namespace { 2095 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 2096 2097 Sema &S; 2098 DiagList Warnings; 2099 2100 public: 2101 2102 ConsumedWarningsHandler(Sema &S) : S(S) {} 2103 2104 void emitDiagnostics() override { 2105 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 2106 for (const auto &Diag : Warnings) { 2107 S.Diag(Diag.first.first, Diag.first.second); 2108 for (const auto &Note : Diag.second) 2109 S.Diag(Note.first, Note.second); 2110 } 2111 } 2112 2113 void warnLoopStateMismatch(SourceLocation Loc, 2114 StringRef VariableName) override { 2115 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 2116 VariableName); 2117 2118 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2119 } 2120 2121 void warnParamReturnTypestateMismatch(SourceLocation Loc, 2122 StringRef VariableName, 2123 StringRef ExpectedState, 2124 StringRef ObservedState) override { 2125 2126 PartialDiagnosticAt Warning(Loc, S.PDiag( 2127 diag::warn_param_return_typestate_mismatch) << VariableName << 2128 ExpectedState << ObservedState); 2129 2130 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2131 } 2132 2133 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 2134 StringRef ObservedState) override { 2135 2136 PartialDiagnosticAt Warning(Loc, S.PDiag( 2137 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 2138 2139 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2140 } 2141 2142 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 2143 StringRef TypeName) override { 2144 PartialDiagnosticAt Warning(Loc, S.PDiag( 2145 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 2146 2147 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2148 } 2149 2150 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 2151 StringRef ObservedState) override { 2152 2153 PartialDiagnosticAt Warning(Loc, S.PDiag( 2154 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 2155 2156 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2157 } 2158 2159 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 2160 SourceLocation Loc) override { 2161 2162 PartialDiagnosticAt Warning(Loc, S.PDiag( 2163 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 2164 2165 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2166 } 2167 2168 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 2169 StringRef State, SourceLocation Loc) override { 2170 2171 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 2172 MethodName << VariableName << State); 2173 2174 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 2175 } 2176 }; 2177 } // anonymous namespace 2178 } // namespace consumed 2179 } // namespace clang 2180 2181 //===----------------------------------------------------------------------===// 2182 // Unsafe buffer usage analysis. 2183 //===----------------------------------------------------------------------===// 2184 2185 namespace { 2186 class UnsafeBufferUsageReporter : public UnsafeBufferUsageHandler { 2187 Sema &S; 2188 bool SuggestSuggestions; // Recommend -fsafe-buffer-usage-suggestions? 2189 2190 // Lists as a string the names of variables in `VarGroupForVD` except for `VD` 2191 // itself: 2192 std::string listVariableGroupAsString( 2193 const VarDecl *VD, const ArrayRef<const VarDecl *> &VarGroupForVD) const { 2194 if (VarGroupForVD.size() <= 1) 2195 return ""; 2196 2197 std::vector<StringRef> VarNames; 2198 auto PutInQuotes = [](StringRef S) -> std::string { 2199 return "'" + S.str() + "'"; 2200 }; 2201 2202 for (auto *V : VarGroupForVD) { 2203 if (V == VD) 2204 continue; 2205 VarNames.push_back(V->getName()); 2206 } 2207 if (VarNames.size() == 1) { 2208 return PutInQuotes(VarNames[0]); 2209 } 2210 if (VarNames.size() == 2) { 2211 return PutInQuotes(VarNames[0]) + " and " + PutInQuotes(VarNames[1]); 2212 } 2213 assert(VarGroupForVD.size() > 3); 2214 const unsigned N = VarNames.size() - 2215 2; // need to print the last two names as "..., X, and Y" 2216 std::string AllVars = ""; 2217 2218 for (unsigned I = 0; I < N; ++I) 2219 AllVars.append(PutInQuotes(VarNames[I]) + ", "); 2220 AllVars.append(PutInQuotes(VarNames[N]) + ", and " + 2221 PutInQuotes(VarNames[N + 1])); 2222 return AllVars; 2223 } 2224 2225 public: 2226 UnsafeBufferUsageReporter(Sema &S, bool SuggestSuggestions) 2227 : S(S), SuggestSuggestions(SuggestSuggestions) {} 2228 2229 void handleUnsafeOperation(const Stmt *Operation, bool IsRelatedToDecl, 2230 ASTContext &Ctx) override { 2231 SourceLocation Loc; 2232 SourceRange Range; 2233 unsigned MsgParam = 0; 2234 if (const auto *ASE = dyn_cast<ArraySubscriptExpr>(Operation)) { 2235 Loc = ASE->getBase()->getExprLoc(); 2236 Range = ASE->getBase()->getSourceRange(); 2237 MsgParam = 2; 2238 } else if (const auto *BO = dyn_cast<BinaryOperator>(Operation)) { 2239 BinaryOperator::Opcode Op = BO->getOpcode(); 2240 if (Op == BO_Add || Op == BO_AddAssign || Op == BO_Sub || 2241 Op == BO_SubAssign) { 2242 if (BO->getRHS()->getType()->isIntegerType()) { 2243 Loc = BO->getLHS()->getExprLoc(); 2244 Range = BO->getLHS()->getSourceRange(); 2245 } else { 2246 Loc = BO->getRHS()->getExprLoc(); 2247 Range = BO->getRHS()->getSourceRange(); 2248 } 2249 MsgParam = 1; 2250 } 2251 } else if (const auto *UO = dyn_cast<UnaryOperator>(Operation)) { 2252 UnaryOperator::Opcode Op = UO->getOpcode(); 2253 if (Op == UO_PreInc || Op == UO_PreDec || Op == UO_PostInc || 2254 Op == UO_PostDec) { 2255 Loc = UO->getSubExpr()->getExprLoc(); 2256 Range = UO->getSubExpr()->getSourceRange(); 2257 MsgParam = 1; 2258 } 2259 } else { 2260 if (isa<CallExpr>(Operation)) { 2261 // note_unsafe_buffer_operation doesn't have this mode yet. 2262 assert(!IsRelatedToDecl && "Not implemented yet!"); 2263 MsgParam = 3; 2264 } else if (const auto *ECE = dyn_cast<ExplicitCastExpr>(Operation)) { 2265 QualType destType = ECE->getType(); 2266 const uint64_t dSize = 2267 Ctx.getTypeSize(destType.getTypePtr()->getPointeeType()); 2268 if (const auto *CE = dyn_cast<CXXMemberCallExpr>(ECE->getSubExpr())) { 2269 QualType srcType = CE->getType(); 2270 const uint64_t sSize = 2271 Ctx.getTypeSize(srcType.getTypePtr()->getPointeeType()); 2272 if (sSize >= dSize) 2273 return; 2274 } 2275 MsgParam = 4; 2276 } 2277 Loc = Operation->getBeginLoc(); 2278 Range = Operation->getSourceRange(); 2279 } 2280 if (IsRelatedToDecl) { 2281 assert(!SuggestSuggestions && 2282 "Variables blamed for unsafe buffer usage without suggestions!"); 2283 S.Diag(Loc, diag::note_unsafe_buffer_operation) << MsgParam << Range; 2284 } else { 2285 S.Diag(Loc, diag::warn_unsafe_buffer_operation) << MsgParam << Range; 2286 if (SuggestSuggestions) { 2287 S.Diag(Loc, diag::note_safe_buffer_usage_suggestions_disabled); 2288 } 2289 } 2290 } 2291 2292 void handleUnsafeVariableGroup(const VarDecl *Variable, 2293 const VariableGroupsManager &VarGrpMgr, 2294 FixItList &&Fixes, const Decl *D) override { 2295 assert(!SuggestSuggestions && 2296 "Unsafe buffer usage fixits displayed without suggestions!"); 2297 S.Diag(Variable->getLocation(), diag::warn_unsafe_buffer_variable) 2298 << Variable << (Variable->getType()->isPointerType() ? 0 : 1) 2299 << Variable->getSourceRange(); 2300 if (!Fixes.empty()) { 2301 assert(isa<NamedDecl>(D) && 2302 "Fix-its are generated only for `NamedDecl`s"); 2303 const NamedDecl *ND = cast<NamedDecl>(D); 2304 bool BriefMsg = false; 2305 // If the variable group involves parameters, the diagnostic message will 2306 // NOT explain how the variables are grouped as the reason is non-trivial 2307 // and irrelavant to users' experience: 2308 const auto VarGroupForVD = VarGrpMgr.getGroupOfVar(Variable, &BriefMsg); 2309 unsigned FixItStrategy = 0; // For now we only have 'std::span' strategy 2310 const auto &FD = 2311 S.Diag(Variable->getLocation(), 2312 BriefMsg ? diag::note_unsafe_buffer_variable_fixit_together 2313 : diag::note_unsafe_buffer_variable_fixit_group); 2314 2315 FD << Variable << FixItStrategy; 2316 FD << listVariableGroupAsString(Variable, VarGroupForVD) 2317 << (VarGroupForVD.size() > 1) << ND; 2318 for (const auto &F : Fixes) { 2319 FD << F; 2320 } 2321 } 2322 2323 #ifndef NDEBUG 2324 if (areDebugNotesRequested()) 2325 for (const DebugNote &Note: DebugNotesByVar[Variable]) 2326 S.Diag(Note.first, diag::note_safe_buffer_debug_mode) << Note.second; 2327 #endif 2328 } 2329 2330 bool isSafeBufferOptOut(const SourceLocation &Loc) const override { 2331 return S.PP.isSafeBufferOptOut(S.getSourceManager(), Loc); 2332 } 2333 2334 // Returns the text representation of clang::unsafe_buffer_usage attribute. 2335 // `WSSuffix` holds customized "white-space"s, e.g., newline or whilespace 2336 // characters. 2337 std::string 2338 getUnsafeBufferUsageAttributeTextAt(SourceLocation Loc, 2339 StringRef WSSuffix = "") const override { 2340 Preprocessor &PP = S.getPreprocessor(); 2341 TokenValue ClangUnsafeBufferUsageTokens[] = { 2342 tok::l_square, 2343 tok::l_square, 2344 PP.getIdentifierInfo("clang"), 2345 tok::coloncolon, 2346 PP.getIdentifierInfo("unsafe_buffer_usage"), 2347 tok::r_square, 2348 tok::r_square}; 2349 2350 StringRef MacroName; 2351 2352 // The returned macro (it returns) is guaranteed not to be function-like: 2353 MacroName = PP.getLastMacroWithSpelling(Loc, ClangUnsafeBufferUsageTokens); 2354 if (MacroName.empty()) 2355 MacroName = "[[clang::unsafe_buffer_usage]]"; 2356 return MacroName.str() + WSSuffix.str(); 2357 } 2358 }; 2359 } // namespace 2360 2361 //===----------------------------------------------------------------------===// 2362 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 2363 // warnings on a function, method, or block. 2364 //===----------------------------------------------------------------------===// 2365 2366 sema::AnalysisBasedWarnings::Policy::Policy() { 2367 enableCheckFallThrough = 1; 2368 enableCheckUnreachable = 0; 2369 enableThreadSafetyAnalysis = 0; 2370 enableConsumedAnalysis = 0; 2371 } 2372 2373 /// InterProceduralData aims to be a storage of whatever data should be passed 2374 /// between analyses of different functions. 2375 /// 2376 /// At the moment, its primary goal is to make the information gathered during 2377 /// the analysis of the blocks available during the analysis of the enclosing 2378 /// function. This is important due to the fact that blocks are analyzed before 2379 /// the enclosed function is even parsed fully, so it is not viable to access 2380 /// anything in the outer scope while analyzing the block. On the other hand, 2381 /// re-building CFG for blocks and re-analyzing them when we do have all the 2382 /// information (i.e. during the analysis of the enclosing function) seems to be 2383 /// ill-designed. 2384 class sema::AnalysisBasedWarnings::InterProceduralData { 2385 public: 2386 // It is important to analyze blocks within functions because it's a very 2387 // common pattern to capture completion handler parameters by blocks. 2388 CalledOnceInterProceduralData CalledOnceData; 2389 }; 2390 2391 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 2392 return (unsigned)!D.isIgnored(diag, SourceLocation()); 2393 } 2394 2395 sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 2396 : S(s), IPData(std::make_unique<InterProceduralData>()), 2397 NumFunctionsAnalyzed(0), NumFunctionsWithBadCFGs(0), NumCFGBlocks(0), 2398 MaxCFGBlocksPerFunction(0), NumUninitAnalysisFunctions(0), 2399 NumUninitAnalysisVariables(0), MaxUninitAnalysisVariablesPerFunction(0), 2400 NumUninitAnalysisBlockVisits(0), 2401 MaxUninitAnalysisBlockVisitsPerFunction(0) { 2402 2403 using namespace diag; 2404 DiagnosticsEngine &D = S.getDiagnostics(); 2405 2406 DefaultPolicy.enableCheckUnreachable = 2407 isEnabled(D, warn_unreachable) || isEnabled(D, warn_unreachable_break) || 2408 isEnabled(D, warn_unreachable_return) || 2409 isEnabled(D, warn_unreachable_loop_increment); 2410 2411 DefaultPolicy.enableThreadSafetyAnalysis = isEnabled(D, warn_double_lock); 2412 2413 DefaultPolicy.enableConsumedAnalysis = 2414 isEnabled(D, warn_use_in_invalid_state); 2415 } 2416 2417 // We need this here for unique_ptr with forward declared class. 2418 sema::AnalysisBasedWarnings::~AnalysisBasedWarnings() = default; 2419 2420 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 2421 for (const auto &D : fscope->PossiblyUnreachableDiags) 2422 S.Diag(D.Loc, D.PD); 2423 } 2424 2425 // An AST Visitor that calls a callback function on each callable DEFINITION 2426 // that is NOT in a dependent context: 2427 class CallableVisitor : public RecursiveASTVisitor<CallableVisitor> { 2428 private: 2429 llvm::function_ref<void(const Decl *)> Callback; 2430 2431 public: 2432 CallableVisitor(llvm::function_ref<void(const Decl *)> Callback) 2433 : Callback(Callback) {} 2434 2435 bool VisitFunctionDecl(FunctionDecl *Node) { 2436 if (cast<DeclContext>(Node)->isDependentContext()) 2437 return true; // Not to analyze dependent decl 2438 // `FunctionDecl->hasBody()` returns true if the function has a body 2439 // somewhere defined. But we want to know if this `Node` has a body 2440 // child. So we use `doesThisDeclarationHaveABody`: 2441 if (Node->doesThisDeclarationHaveABody()) 2442 Callback(Node); 2443 return true; 2444 } 2445 2446 bool VisitBlockDecl(BlockDecl *Node) { 2447 if (cast<DeclContext>(Node)->isDependentContext()) 2448 return true; // Not to analyze dependent decl 2449 Callback(Node); 2450 return true; 2451 } 2452 2453 bool VisitObjCMethodDecl(ObjCMethodDecl *Node) { 2454 if (cast<DeclContext>(Node)->isDependentContext()) 2455 return true; // Not to analyze dependent decl 2456 if (Node->hasBody()) 2457 Callback(Node); 2458 return true; 2459 } 2460 2461 bool VisitLambdaExpr(LambdaExpr *Node) { 2462 return VisitFunctionDecl(Node->getCallOperator()); 2463 } 2464 2465 bool shouldVisitTemplateInstantiations() const { return true; } 2466 bool shouldVisitImplicitCode() const { return false; } 2467 }; 2468 2469 void clang::sema::AnalysisBasedWarnings::IssueWarnings( 2470 TranslationUnitDecl *TU) { 2471 if (!TU) 2472 return; // This is unexpected, give up quietly. 2473 2474 DiagnosticsEngine &Diags = S.getDiagnostics(); 2475 2476 if (S.hasUncompilableErrorOccurred() || Diags.getIgnoreAllWarnings()) 2477 // exit if having uncompilable errors or ignoring all warnings: 2478 return; 2479 2480 DiagnosticOptions &DiagOpts = Diags.getDiagnosticOptions(); 2481 2482 // UnsafeBufferUsage analysis settings. 2483 bool UnsafeBufferUsageCanEmitSuggestions = S.getLangOpts().CPlusPlus20; 2484 bool UnsafeBufferUsageShouldEmitSuggestions = // Should != Can. 2485 UnsafeBufferUsageCanEmitSuggestions && 2486 DiagOpts.ShowSafeBufferUsageSuggestions; 2487 bool UnsafeBufferUsageShouldSuggestSuggestions = 2488 UnsafeBufferUsageCanEmitSuggestions && 2489 !DiagOpts.ShowSafeBufferUsageSuggestions; 2490 UnsafeBufferUsageReporter R(S, UnsafeBufferUsageShouldSuggestSuggestions); 2491 2492 // The Callback function that performs analyses: 2493 auto CallAnalyzers = [&](const Decl *Node) -> void { 2494 // Perform unsafe buffer usage analysis: 2495 if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, 2496 Node->getBeginLoc()) || 2497 !Diags.isIgnored(diag::warn_unsafe_buffer_variable, 2498 Node->getBeginLoc())) { 2499 clang::checkUnsafeBufferUsage(Node, R, 2500 UnsafeBufferUsageShouldEmitSuggestions); 2501 } 2502 2503 // More analysis ... 2504 }; 2505 // Emit per-function analysis-based warnings that require the whole-TU 2506 // reasoning. Check if any of them is enabled at all before scanning the AST: 2507 if (!Diags.isIgnored(diag::warn_unsafe_buffer_operation, SourceLocation()) || 2508 !Diags.isIgnored(diag::warn_unsafe_buffer_variable, SourceLocation())) { 2509 CallableVisitor(CallAnalyzers).TraverseTranslationUnitDecl(TU); 2510 } 2511 } 2512 2513 void clang::sema::AnalysisBasedWarnings::IssueWarnings( 2514 sema::AnalysisBasedWarnings::Policy P, sema::FunctionScopeInfo *fscope, 2515 const Decl *D, QualType BlockType) { 2516 2517 // We avoid doing analysis-based warnings when there are errors for 2518 // two reasons: 2519 // (1) The CFGs often can't be constructed (if the body is invalid), so 2520 // don't bother trying. 2521 // (2) The code already has problems; running the analysis just takes more 2522 // time. 2523 DiagnosticsEngine &Diags = S.getDiagnostics(); 2524 2525 // Do not do any analysis if we are going to just ignore them. 2526 if (Diags.getIgnoreAllWarnings() || 2527 (Diags.getSuppressSystemWarnings() && 2528 S.SourceMgr.isInSystemHeader(D->getLocation()))) 2529 return; 2530 2531 // For code in dependent contexts, we'll do this at instantiation time. 2532 if (cast<DeclContext>(D)->isDependentContext()) 2533 return; 2534 2535 if (S.hasUncompilableErrorOccurred()) { 2536 // Flush out any possibly unreachable diagnostics. 2537 flushDiagnostics(S, fscope); 2538 return; 2539 } 2540 2541 const Stmt *Body = D->getBody(); 2542 assert(Body); 2543 2544 // Construct the analysis context with the specified CFG build options. 2545 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 2546 2547 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 2548 // explosion for destructors that can result and the compile time hit. 2549 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 2550 AC.getCFGBuildOptions().AddEHEdges = false; 2551 AC.getCFGBuildOptions().AddInitializers = true; 2552 AC.getCFGBuildOptions().AddImplicitDtors = true; 2553 AC.getCFGBuildOptions().AddTemporaryDtors = true; 2554 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 2555 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true; 2556 2557 // Force that certain expressions appear as CFGElements in the CFG. This 2558 // is used to speed up various analyses. 2559 // FIXME: This isn't the right factoring. This is here for initial 2560 // prototyping, but we need a way for analyses to say what expressions they 2561 // expect to always be CFGElements and then fill in the BuildOptions 2562 // appropriately. This is essentially a layering violation. 2563 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 2564 P.enableConsumedAnalysis) { 2565 // Unreachable code analysis and thread safety require a linearized CFG. 2566 AC.getCFGBuildOptions().setAllAlwaysAdd(); 2567 } 2568 else { 2569 AC.getCFGBuildOptions() 2570 .setAlwaysAdd(Stmt::BinaryOperatorClass) 2571 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 2572 .setAlwaysAdd(Stmt::BlockExprClass) 2573 .setAlwaysAdd(Stmt::CStyleCastExprClass) 2574 .setAlwaysAdd(Stmt::DeclRefExprClass) 2575 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 2576 .setAlwaysAdd(Stmt::UnaryOperatorClass); 2577 } 2578 2579 // Install the logical handler. 2580 std::optional<LogicalErrorHandler> LEH; 2581 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) { 2582 LEH.emplace(S); 2583 AC.getCFGBuildOptions().Observer = &*LEH; 2584 } 2585 2586 // Emit delayed diagnostics. 2587 if (!fscope->PossiblyUnreachableDiags.empty()) { 2588 bool analyzed = false; 2589 2590 // Register the expressions with the CFGBuilder. 2591 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2592 for (const Stmt *S : D.Stmts) 2593 AC.registerForcedBlockExpression(S); 2594 } 2595 2596 if (AC.getCFG()) { 2597 analyzed = true; 2598 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2599 bool AllReachable = true; 2600 for (const Stmt *S : D.Stmts) { 2601 const CFGBlock *block = AC.getBlockForRegisteredExpression(S); 2602 CFGReverseBlockReachabilityAnalysis *cra = 2603 AC.getCFGReachablityAnalysis(); 2604 // FIXME: We should be able to assert that block is non-null, but 2605 // the CFG analysis can skip potentially-evaluated expressions in 2606 // edge cases; see test/Sema/vla-2.c. 2607 if (block && cra) { 2608 // Can this block be reached from the entrance? 2609 if (!cra->isReachable(&AC.getCFG()->getEntry(), block)) { 2610 AllReachable = false; 2611 break; 2612 } 2613 } 2614 // If we cannot map to a basic block, assume the statement is 2615 // reachable. 2616 } 2617 2618 if (AllReachable) 2619 S.Diag(D.Loc, D.PD); 2620 } 2621 } 2622 2623 if (!analyzed) 2624 flushDiagnostics(S, fscope); 2625 } 2626 2627 // Warning: check missing 'return' 2628 if (P.enableCheckFallThrough) { 2629 const CheckFallThroughDiagnostics &CD = 2630 (isa<BlockDecl>(D) 2631 ? CheckFallThroughDiagnostics::MakeForBlock() 2632 : (isa<CXXMethodDecl>(D) && 2633 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 2634 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 2635 ? CheckFallThroughDiagnostics::MakeForLambda() 2636 : (fscope->isCoroutine() 2637 ? CheckFallThroughDiagnostics::MakeForCoroutine(D) 2638 : CheckFallThroughDiagnostics::MakeForFunction(D))); 2639 CheckFallThroughForBody(S, D, Body, BlockType, CD, AC, fscope); 2640 } 2641 2642 // Warning: check for unreachable code 2643 if (P.enableCheckUnreachable) { 2644 // Only check for unreachable code on non-template instantiations. 2645 // Different template instantiations can effectively change the control-flow 2646 // and it is very difficult to prove that a snippet of code in a template 2647 // is unreachable for all instantiations. 2648 bool isTemplateInstantiation = false; 2649 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 2650 isTemplateInstantiation = Function->isTemplateInstantiation(); 2651 if (!isTemplateInstantiation) 2652 CheckUnreachable(S, AC); 2653 } 2654 2655 // Check for thread safety violations 2656 if (P.enableThreadSafetyAnalysis) { 2657 SourceLocation FL = AC.getDecl()->getLocation(); 2658 SourceLocation FEL = AC.getDecl()->getEndLoc(); 2659 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 2660 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getBeginLoc())) 2661 Reporter.setIssueBetaWarnings(true); 2662 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getBeginLoc())) 2663 Reporter.setVerbose(true); 2664 2665 threadSafety::runThreadSafetyAnalysis(AC, Reporter, 2666 &S.ThreadSafetyDeclCache); 2667 Reporter.emitDiagnostics(); 2668 } 2669 2670 // Check for violations of consumed properties. 2671 if (P.enableConsumedAnalysis) { 2672 consumed::ConsumedWarningsHandler WarningHandler(S); 2673 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 2674 Analyzer.run(AC); 2675 } 2676 2677 if (!Diags.isIgnored(diag::warn_uninit_var, D->getBeginLoc()) || 2678 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getBeginLoc()) || 2679 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getBeginLoc()) || 2680 !Diags.isIgnored(diag::warn_uninit_const_reference, D->getBeginLoc())) { 2681 if (CFG *cfg = AC.getCFG()) { 2682 UninitValsDiagReporter reporter(S); 2683 UninitVariablesAnalysisStats stats; 2684 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2685 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2686 reporter, stats); 2687 2688 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2689 ++NumUninitAnalysisFunctions; 2690 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2691 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2692 MaxUninitAnalysisVariablesPerFunction = 2693 std::max(MaxUninitAnalysisVariablesPerFunction, 2694 stats.NumVariablesAnalyzed); 2695 MaxUninitAnalysisBlockVisitsPerFunction = 2696 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2697 stats.NumBlockVisits); 2698 } 2699 } 2700 } 2701 2702 // Check for violations of "called once" parameter properties. 2703 if (S.getLangOpts().ObjC && !S.getLangOpts().CPlusPlus && 2704 shouldAnalyzeCalledOnceParameters(Diags, D->getBeginLoc())) { 2705 if (AC.getCFG()) { 2706 CalledOnceCheckReporter Reporter(S, IPData->CalledOnceData); 2707 checkCalledOnceParameters( 2708 AC, Reporter, 2709 shouldAnalyzeCalledOnceConventions(Diags, D->getBeginLoc())); 2710 } 2711 } 2712 2713 bool FallThroughDiagFull = 2714 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getBeginLoc()); 2715 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2716 diag::warn_unannotated_fallthrough_per_function, D->getBeginLoc()); 2717 if (FallThroughDiagFull || FallThroughDiagPerFunction || 2718 fscope->HasFallthroughStmt) { 2719 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2720 } 2721 2722 if (S.getLangOpts().ObjCWeak && 2723 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getBeginLoc())) 2724 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2725 2726 2727 // Check for infinite self-recursion in functions 2728 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2729 D->getBeginLoc())) { 2730 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2731 checkRecursiveFunction(S, FD, Body, AC); 2732 } 2733 } 2734 2735 // Check for throw out of non-throwing function. 2736 if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc())) 2737 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) 2738 if (S.getLangOpts().CPlusPlus && !fscope->isCoroutine() && isNoexcept(FD)) 2739 checkThrowInNonThrowingFunc(S, FD, AC); 2740 2741 // If none of the previous checks caused a CFG build, trigger one here 2742 // for the logical error handler. 2743 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) { 2744 AC.getCFG(); 2745 } 2746 2747 // Collect statistics about the CFG if it was built. 2748 if (S.CollectStats && AC.isCFGBuilt()) { 2749 ++NumFunctionsAnalyzed; 2750 if (CFG *cfg = AC.getCFG()) { 2751 // If we successfully built a CFG for this context, record some more 2752 // detail information about it. 2753 NumCFGBlocks += cfg->getNumBlockIDs(); 2754 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2755 cfg->getNumBlockIDs()); 2756 } else { 2757 ++NumFunctionsWithBadCFGs; 2758 } 2759 } 2760 } 2761 2762 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2763 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2764 2765 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2766 unsigned AvgCFGBlocksPerFunction = 2767 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2768 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2769 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2770 << " " << NumCFGBlocks << " CFG blocks built.\n" 2771 << " " << AvgCFGBlocksPerFunction 2772 << " average CFG blocks per function.\n" 2773 << " " << MaxCFGBlocksPerFunction 2774 << " max CFG blocks per function.\n"; 2775 2776 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2777 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2778 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2779 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2780 llvm::errs() << NumUninitAnalysisFunctions 2781 << " functions analyzed for uninitialiazed variables\n" 2782 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2783 << " " << AvgUninitVariablesPerFunction 2784 << " average variables per function.\n" 2785 << " " << MaxUninitAnalysisVariablesPerFunction 2786 << " max variables per function.\n" 2787 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2788 << " " << AvgUninitBlockVisitsPerFunction 2789 << " average block visits per function.\n" 2790 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2791 << " max block visits per function.\n"; 2792 } 2793