1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file defines analysis_warnings::[Policy,Executor]. 10 // Together they are used by Sema to issue warnings based on inexpensive 11 // static analysis algorithms in libAnalysis. 12 // 13 //===----------------------------------------------------------------------===// 14 15 #include "clang/Sema/AnalysisBasedWarnings.h" 16 #include "clang/AST/DeclCXX.h" 17 #include "clang/AST/DeclObjC.h" 18 #include "clang/AST/EvaluatedExprVisitor.h" 19 #include "clang/AST/ExprCXX.h" 20 #include "clang/AST/ExprObjC.h" 21 #include "clang/AST/ParentMap.h" 22 #include "clang/AST/RecursiveASTVisitor.h" 23 #include "clang/AST/StmtCXX.h" 24 #include "clang/AST/StmtObjC.h" 25 #include "clang/AST/StmtVisitor.h" 26 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 27 #include "clang/Analysis/Analyses/Consumed.h" 28 #include "clang/Analysis/Analyses/ReachableCode.h" 29 #include "clang/Analysis/Analyses/ThreadSafety.h" 30 #include "clang/Analysis/Analyses/UninitializedValues.h" 31 #include "clang/Analysis/AnalysisDeclContext.h" 32 #include "clang/Analysis/CFG.h" 33 #include "clang/Analysis/CFGStmtMap.h" 34 #include "clang/Basic/SourceLocation.h" 35 #include "clang/Basic/SourceManager.h" 36 #include "clang/Lex/Preprocessor.h" 37 #include "clang/Sema/ScopeInfo.h" 38 #include "clang/Sema/SemaInternal.h" 39 #include "llvm/ADT/BitVector.h" 40 #include "llvm/ADT/MapVector.h" 41 #include "llvm/ADT/SmallString.h" 42 #include "llvm/ADT/SmallVector.h" 43 #include "llvm/ADT/StringRef.h" 44 #include "llvm/Support/Casting.h" 45 #include <algorithm> 46 #include <deque> 47 #include <iterator> 48 49 using namespace clang; 50 51 //===----------------------------------------------------------------------===// 52 // Unreachable code analysis. 53 //===----------------------------------------------------------------------===// 54 55 namespace { 56 class UnreachableCodeHandler : public reachable_code::Callback { 57 Sema &S; 58 SourceRange PreviousSilenceableCondVal; 59 60 public: 61 UnreachableCodeHandler(Sema &s) : S(s) {} 62 63 void HandleUnreachable(reachable_code::UnreachableKind UK, 64 SourceLocation L, 65 SourceRange SilenceableCondVal, 66 SourceRange R1, 67 SourceRange R2) override { 68 // Avoid reporting multiple unreachable code diagnostics that are 69 // triggered by the same conditional value. 70 if (PreviousSilenceableCondVal.isValid() && 71 SilenceableCondVal.isValid() && 72 PreviousSilenceableCondVal == SilenceableCondVal) 73 return; 74 PreviousSilenceableCondVal = SilenceableCondVal; 75 76 unsigned diag = diag::warn_unreachable; 77 switch (UK) { 78 case reachable_code::UK_Break: 79 diag = diag::warn_unreachable_break; 80 break; 81 case reachable_code::UK_Return: 82 diag = diag::warn_unreachable_return; 83 break; 84 case reachable_code::UK_Loop_Increment: 85 diag = diag::warn_unreachable_loop_increment; 86 break; 87 case reachable_code::UK_Other: 88 break; 89 } 90 91 S.Diag(L, diag) << R1 << R2; 92 93 SourceLocation Open = SilenceableCondVal.getBegin(); 94 if (Open.isValid()) { 95 SourceLocation Close = SilenceableCondVal.getEnd(); 96 Close = S.getLocForEndOfToken(Close); 97 if (Close.isValid()) { 98 S.Diag(Open, diag::note_unreachable_silence) 99 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 100 << FixItHint::CreateInsertion(Close, ")"); 101 } 102 } 103 } 104 }; 105 } // anonymous namespace 106 107 /// CheckUnreachable - Check for unreachable code. 108 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 109 // As a heuristic prune all diagnostics not in the main file. Currently 110 // the majority of warnings in headers are false positives. These 111 // are largely caused by configuration state, e.g. preprocessor 112 // defined code, etc. 113 // 114 // Note that this is also a performance optimization. Analyzing 115 // headers many times can be expensive. 116 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getBeginLoc())) 117 return; 118 119 UnreachableCodeHandler UC(S); 120 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 121 } 122 123 namespace { 124 /// Warn on logical operator errors in CFGBuilder 125 class LogicalErrorHandler : public CFGCallback { 126 Sema &S; 127 128 public: 129 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {} 130 131 static bool HasMacroID(const Expr *E) { 132 if (E->getExprLoc().isMacroID()) 133 return true; 134 135 // Recurse to children. 136 for (const Stmt *SubStmt : E->children()) 137 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt)) 138 if (HasMacroID(SubExpr)) 139 return true; 140 141 return false; 142 } 143 144 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 145 if (HasMacroID(B)) 146 return; 147 148 SourceRange DiagRange = B->getSourceRange(); 149 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 150 << DiagRange << isAlwaysTrue; 151 } 152 153 void compareBitwiseEquality(const BinaryOperator *B, 154 bool isAlwaysTrue) override { 155 if (HasMacroID(B)) 156 return; 157 158 SourceRange DiagRange = B->getSourceRange(); 159 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 160 << DiagRange << isAlwaysTrue; 161 } 162 163 void compareBitwiseOr(const BinaryOperator *B) override { 164 if (HasMacroID(B)) 165 return; 166 167 SourceRange DiagRange = B->getSourceRange(); 168 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_or) << DiagRange; 169 } 170 171 static bool hasActiveDiagnostics(DiagnosticsEngine &Diags, 172 SourceLocation Loc) { 173 return !Diags.isIgnored(diag::warn_tautological_overlap_comparison, Loc) || 174 !Diags.isIgnored(diag::warn_comparison_bitwise_or, Loc); 175 } 176 }; 177 } // anonymous namespace 178 179 //===----------------------------------------------------------------------===// 180 // Check for infinite self-recursion in functions 181 //===----------------------------------------------------------------------===// 182 183 // Returns true if the function is called anywhere within the CFGBlock. 184 // For member functions, the additional condition of being call from the 185 // this pointer is required. 186 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) { 187 // Process all the Stmt's in this block to find any calls to FD. 188 for (const auto &B : Block) { 189 if (B.getKind() != CFGElement::Statement) 190 continue; 191 192 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 193 if (!CE || !CE->getCalleeDecl() || 194 CE->getCalleeDecl()->getCanonicalDecl() != FD) 195 continue; 196 197 // Skip function calls which are qualified with a templated class. 198 if (const DeclRefExpr *DRE = 199 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) { 200 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 201 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 202 isa<TemplateSpecializationType>(NNS->getAsType())) { 203 continue; 204 } 205 } 206 } 207 208 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE); 209 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 210 !MCE->getMethodDecl()->isVirtual()) 211 return true; 212 } 213 return false; 214 } 215 216 // Returns true if every path from the entry block passes through a call to FD. 217 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) { 218 llvm::SmallPtrSet<CFGBlock *, 16> Visited; 219 llvm::SmallVector<CFGBlock *, 16> WorkList; 220 // Keep track of whether we found at least one recursive path. 221 bool foundRecursion = false; 222 223 const unsigned ExitID = cfg->getExit().getBlockID(); 224 225 // Seed the work list with the entry block. 226 WorkList.push_back(&cfg->getEntry()); 227 228 while (!WorkList.empty()) { 229 CFGBlock *Block = WorkList.pop_back_val(); 230 231 for (auto I = Block->succ_begin(), E = Block->succ_end(); I != E; ++I) { 232 if (CFGBlock *SuccBlock = *I) { 233 if (!Visited.insert(SuccBlock).second) 234 continue; 235 236 // Found a path to the exit node without a recursive call. 237 if (ExitID == SuccBlock->getBlockID()) 238 return false; 239 240 // If the successor block contains a recursive call, end analysis there. 241 if (hasRecursiveCallInPath(FD, *SuccBlock)) { 242 foundRecursion = true; 243 continue; 244 } 245 246 WorkList.push_back(SuccBlock); 247 } 248 } 249 } 250 return foundRecursion; 251 } 252 253 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 254 const Stmt *Body, AnalysisDeclContext &AC) { 255 FD = FD->getCanonicalDecl(); 256 257 // Only run on non-templated functions and non-templated members of 258 // templated classes. 259 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 260 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 261 return; 262 263 CFG *cfg = AC.getCFG(); 264 if (!cfg) return; 265 266 // If the exit block is unreachable, skip processing the function. 267 if (cfg->getExit().pred_empty()) 268 return; 269 270 // Emit diagnostic if a recursive function call is detected for all paths. 271 if (checkForRecursiveFunctionCall(FD, cfg)) 272 S.Diag(Body->getBeginLoc(), diag::warn_infinite_recursive_function); 273 } 274 275 //===----------------------------------------------------------------------===// 276 // Check for throw in a non-throwing function. 277 //===----------------------------------------------------------------------===// 278 279 /// Determine whether an exception thrown by E, unwinding from ThrowBlock, 280 /// can reach ExitBlock. 281 static bool throwEscapes(Sema &S, const CXXThrowExpr *E, CFGBlock &ThrowBlock, 282 CFG *Body) { 283 SmallVector<CFGBlock *, 16> Stack; 284 llvm::BitVector Queued(Body->getNumBlockIDs()); 285 286 Stack.push_back(&ThrowBlock); 287 Queued[ThrowBlock.getBlockID()] = true; 288 289 while (!Stack.empty()) { 290 CFGBlock &UnwindBlock = *Stack.back(); 291 Stack.pop_back(); 292 293 for (auto &Succ : UnwindBlock.succs()) { 294 if (!Succ.isReachable() || Queued[Succ->getBlockID()]) 295 continue; 296 297 if (Succ->getBlockID() == Body->getExit().getBlockID()) 298 return true; 299 300 if (auto *Catch = 301 dyn_cast_or_null<CXXCatchStmt>(Succ->getLabel())) { 302 QualType Caught = Catch->getCaughtType(); 303 if (Caught.isNull() || // catch (...) catches everything 304 !E->getSubExpr() || // throw; is considered cuaght by any handler 305 S.handlerCanCatch(Caught, E->getSubExpr()->getType())) 306 // Exception doesn't escape via this path. 307 break; 308 } else { 309 Stack.push_back(Succ); 310 Queued[Succ->getBlockID()] = true; 311 } 312 } 313 } 314 315 return false; 316 } 317 318 static void visitReachableThrows( 319 CFG *BodyCFG, 320 llvm::function_ref<void(const CXXThrowExpr *, CFGBlock &)> Visit) { 321 llvm::BitVector Reachable(BodyCFG->getNumBlockIDs()); 322 clang::reachable_code::ScanReachableFromBlock(&BodyCFG->getEntry(), Reachable); 323 for (CFGBlock *B : *BodyCFG) { 324 if (!Reachable[B->getBlockID()]) 325 continue; 326 for (CFGElement &E : *B) { 327 Optional<CFGStmt> S = E.getAs<CFGStmt>(); 328 if (!S) 329 continue; 330 if (auto *Throw = dyn_cast<CXXThrowExpr>(S->getStmt())) 331 Visit(Throw, *B); 332 } 333 } 334 } 335 336 static void EmitDiagForCXXThrowInNonThrowingFunc(Sema &S, SourceLocation OpLoc, 337 const FunctionDecl *FD) { 338 if (!S.getSourceManager().isInSystemHeader(OpLoc) && 339 FD->getTypeSourceInfo()) { 340 S.Diag(OpLoc, diag::warn_throw_in_noexcept_func) << FD; 341 if (S.getLangOpts().CPlusPlus11 && 342 (isa<CXXDestructorDecl>(FD) || 343 FD->getDeclName().getCXXOverloadedOperator() == OO_Delete || 344 FD->getDeclName().getCXXOverloadedOperator() == OO_Array_Delete)) { 345 if (const auto *Ty = FD->getTypeSourceInfo()->getType()-> 346 getAs<FunctionProtoType>()) 347 S.Diag(FD->getLocation(), diag::note_throw_in_dtor) 348 << !isa<CXXDestructorDecl>(FD) << !Ty->hasExceptionSpec() 349 << FD->getExceptionSpecSourceRange(); 350 } else 351 S.Diag(FD->getLocation(), diag::note_throw_in_function) 352 << FD->getExceptionSpecSourceRange(); 353 } 354 } 355 356 static void checkThrowInNonThrowingFunc(Sema &S, const FunctionDecl *FD, 357 AnalysisDeclContext &AC) { 358 CFG *BodyCFG = AC.getCFG(); 359 if (!BodyCFG) 360 return; 361 if (BodyCFG->getExit().pred_empty()) 362 return; 363 visitReachableThrows(BodyCFG, [&](const CXXThrowExpr *Throw, CFGBlock &Block) { 364 if (throwEscapes(S, Throw, Block, BodyCFG)) 365 EmitDiagForCXXThrowInNonThrowingFunc(S, Throw->getThrowLoc(), FD); 366 }); 367 } 368 369 static bool isNoexcept(const FunctionDecl *FD) { 370 const auto *FPT = FD->getType()->castAs<FunctionProtoType>(); 371 if (FPT->isNothrow() || FD->hasAttr<NoThrowAttr>()) 372 return true; 373 return false; 374 } 375 376 //===----------------------------------------------------------------------===// 377 // Check for missing return value. 378 //===----------------------------------------------------------------------===// 379 380 enum ControlFlowKind { 381 UnknownFallThrough, 382 NeverFallThrough, 383 MaybeFallThrough, 384 AlwaysFallThrough, 385 NeverFallThroughOrReturn 386 }; 387 388 /// CheckFallThrough - Check that we don't fall off the end of a 389 /// Statement that should return a value. 390 /// 391 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 392 /// MaybeFallThrough iff we might or might not fall off the end, 393 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 394 /// return. We assume NeverFallThrough iff we never fall off the end of the 395 /// statement but we may return. We assume that functions not marked noreturn 396 /// will return. 397 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 398 CFG *cfg = AC.getCFG(); 399 if (!cfg) return UnknownFallThrough; 400 401 // The CFG leaves in dead things, and we don't want the dead code paths to 402 // confuse us, so we mark all live things first. 403 llvm::BitVector live(cfg->getNumBlockIDs()); 404 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 405 live); 406 407 bool AddEHEdges = AC.getAddEHEdges(); 408 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 409 // When there are things remaining dead, and we didn't add EH edges 410 // from CallExprs to the catch clauses, we have to go back and 411 // mark them as live. 412 for (const auto *B : *cfg) { 413 if (!live[B->getBlockID()]) { 414 if (B->pred_begin() == B->pred_end()) { 415 const Stmt *Term = B->getTerminatorStmt(); 416 if (Term && isa<CXXTryStmt>(Term)) 417 // When not adding EH edges from calls, catch clauses 418 // can otherwise seem dead. Avoid noting them as dead. 419 count += reachable_code::ScanReachableFromBlock(B, live); 420 continue; 421 } 422 } 423 } 424 425 // Now we know what is live, we check the live precessors of the exit block 426 // and look for fall through paths, being careful to ignore normal returns, 427 // and exceptional paths. 428 bool HasLiveReturn = false; 429 bool HasFakeEdge = false; 430 bool HasPlainEdge = false; 431 bool HasAbnormalEdge = false; 432 433 // Ignore default cases that aren't likely to be reachable because all 434 // enums in a switch(X) have explicit case statements. 435 CFGBlock::FilterOptions FO; 436 FO.IgnoreDefaultsWithCoveredEnums = 1; 437 438 for (CFGBlock::filtered_pred_iterator I = 439 cfg->getExit().filtered_pred_start_end(FO); 440 I.hasMore(); ++I) { 441 const CFGBlock &B = **I; 442 if (!live[B.getBlockID()]) 443 continue; 444 445 // Skip blocks which contain an element marked as no-return. They don't 446 // represent actually viable edges into the exit block, so mark them as 447 // abnormal. 448 if (B.hasNoReturnElement()) { 449 HasAbnormalEdge = true; 450 continue; 451 } 452 453 // Destructors can appear after the 'return' in the CFG. This is 454 // normal. We need to look pass the destructors for the return 455 // statement (if it exists). 456 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 457 458 for ( ; ri != re ; ++ri) 459 if (ri->getAs<CFGStmt>()) 460 break; 461 462 // No more CFGElements in the block? 463 if (ri == re) { 464 const Stmt *Term = B.getTerminatorStmt(); 465 if (Term && isa<CXXTryStmt>(Term)) { 466 HasAbnormalEdge = true; 467 continue; 468 } 469 // A labeled empty statement, or the entry block... 470 HasPlainEdge = true; 471 continue; 472 } 473 474 CFGStmt CS = ri->castAs<CFGStmt>(); 475 const Stmt *S = CS.getStmt(); 476 if (isa<ReturnStmt>(S) || isa<CoreturnStmt>(S)) { 477 HasLiveReturn = true; 478 continue; 479 } 480 if (isa<ObjCAtThrowStmt>(S)) { 481 HasFakeEdge = true; 482 continue; 483 } 484 if (isa<CXXThrowExpr>(S)) { 485 HasFakeEdge = true; 486 continue; 487 } 488 if (isa<MSAsmStmt>(S)) { 489 // TODO: Verify this is correct. 490 HasFakeEdge = true; 491 HasLiveReturn = true; 492 continue; 493 } 494 if (isa<CXXTryStmt>(S)) { 495 HasAbnormalEdge = true; 496 continue; 497 } 498 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit()) 499 == B.succ_end()) { 500 HasAbnormalEdge = true; 501 continue; 502 } 503 504 HasPlainEdge = true; 505 } 506 if (!HasPlainEdge) { 507 if (HasLiveReturn) 508 return NeverFallThrough; 509 return NeverFallThroughOrReturn; 510 } 511 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 512 return MaybeFallThrough; 513 // This says AlwaysFallThrough for calls to functions that are not marked 514 // noreturn, that don't return. If people would like this warning to be more 515 // accurate, such functions should be marked as noreturn. 516 return AlwaysFallThrough; 517 } 518 519 namespace { 520 521 struct CheckFallThroughDiagnostics { 522 unsigned diag_MaybeFallThrough_HasNoReturn; 523 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 524 unsigned diag_AlwaysFallThrough_HasNoReturn; 525 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 526 unsigned diag_NeverFallThroughOrReturn; 527 enum { Function, Block, Lambda, Coroutine } funMode; 528 SourceLocation FuncLoc; 529 530 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 531 CheckFallThroughDiagnostics D; 532 D.FuncLoc = Func->getLocation(); 533 D.diag_MaybeFallThrough_HasNoReturn = 534 diag::warn_falloff_noreturn_function; 535 D.diag_MaybeFallThrough_ReturnsNonVoid = 536 diag::warn_maybe_falloff_nonvoid_function; 537 D.diag_AlwaysFallThrough_HasNoReturn = 538 diag::warn_falloff_noreturn_function; 539 D.diag_AlwaysFallThrough_ReturnsNonVoid = 540 diag::warn_falloff_nonvoid_function; 541 542 // Don't suggest that virtual functions be marked "noreturn", since they 543 // might be overridden by non-noreturn functions. 544 bool isVirtualMethod = false; 545 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 546 isVirtualMethod = Method->isVirtual(); 547 548 // Don't suggest that template instantiations be marked "noreturn" 549 bool isTemplateInstantiation = false; 550 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 551 isTemplateInstantiation = Function->isTemplateInstantiation(); 552 553 if (!isVirtualMethod && !isTemplateInstantiation) 554 D.diag_NeverFallThroughOrReturn = 555 diag::warn_suggest_noreturn_function; 556 else 557 D.diag_NeverFallThroughOrReturn = 0; 558 559 D.funMode = Function; 560 return D; 561 } 562 563 static CheckFallThroughDiagnostics MakeForCoroutine(const Decl *Func) { 564 CheckFallThroughDiagnostics D; 565 D.FuncLoc = Func->getLocation(); 566 D.diag_MaybeFallThrough_HasNoReturn = 0; 567 D.diag_MaybeFallThrough_ReturnsNonVoid = 568 diag::warn_maybe_falloff_nonvoid_coroutine; 569 D.diag_AlwaysFallThrough_HasNoReturn = 0; 570 D.diag_AlwaysFallThrough_ReturnsNonVoid = 571 diag::warn_falloff_nonvoid_coroutine; 572 D.funMode = Coroutine; 573 return D; 574 } 575 576 static CheckFallThroughDiagnostics MakeForBlock() { 577 CheckFallThroughDiagnostics D; 578 D.diag_MaybeFallThrough_HasNoReturn = 579 diag::err_noreturn_block_has_return_expr; 580 D.diag_MaybeFallThrough_ReturnsNonVoid = 581 diag::err_maybe_falloff_nonvoid_block; 582 D.diag_AlwaysFallThrough_HasNoReturn = 583 diag::err_noreturn_block_has_return_expr; 584 D.diag_AlwaysFallThrough_ReturnsNonVoid = 585 diag::err_falloff_nonvoid_block; 586 D.diag_NeverFallThroughOrReturn = 0; 587 D.funMode = Block; 588 return D; 589 } 590 591 static CheckFallThroughDiagnostics MakeForLambda() { 592 CheckFallThroughDiagnostics D; 593 D.diag_MaybeFallThrough_HasNoReturn = 594 diag::err_noreturn_lambda_has_return_expr; 595 D.diag_MaybeFallThrough_ReturnsNonVoid = 596 diag::warn_maybe_falloff_nonvoid_lambda; 597 D.diag_AlwaysFallThrough_HasNoReturn = 598 diag::err_noreturn_lambda_has_return_expr; 599 D.diag_AlwaysFallThrough_ReturnsNonVoid = 600 diag::warn_falloff_nonvoid_lambda; 601 D.diag_NeverFallThroughOrReturn = 0; 602 D.funMode = Lambda; 603 return D; 604 } 605 606 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 607 bool HasNoReturn) const { 608 if (funMode == Function) { 609 return (ReturnsVoid || 610 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 611 FuncLoc)) && 612 (!HasNoReturn || 613 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 614 FuncLoc)) && 615 (!ReturnsVoid || 616 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 617 } 618 if (funMode == Coroutine) { 619 return (ReturnsVoid || 620 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, FuncLoc) || 621 D.isIgnored(diag::warn_maybe_falloff_nonvoid_coroutine, 622 FuncLoc)) && 623 (!HasNoReturn); 624 } 625 // For blocks / lambdas. 626 return ReturnsVoid && !HasNoReturn; 627 } 628 }; 629 630 } // anonymous namespace 631 632 /// CheckFallThroughForBody - Check that we don't fall off the end of a 633 /// function that should return a value. Check that we don't fall off the end 634 /// of a noreturn function. We assume that functions and blocks not marked 635 /// noreturn will return. 636 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 637 QualType BlockType, 638 const CheckFallThroughDiagnostics &CD, 639 AnalysisDeclContext &AC, 640 sema::FunctionScopeInfo *FSI) { 641 642 bool ReturnsVoid = false; 643 bool HasNoReturn = false; 644 bool IsCoroutine = FSI->isCoroutine(); 645 646 if (const auto *FD = dyn_cast<FunctionDecl>(D)) { 647 if (const auto *CBody = dyn_cast<CoroutineBodyStmt>(Body)) 648 ReturnsVoid = CBody->getFallthroughHandler() != nullptr; 649 else 650 ReturnsVoid = FD->getReturnType()->isVoidType(); 651 HasNoReturn = FD->isNoReturn(); 652 } 653 else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) { 654 ReturnsVoid = MD->getReturnType()->isVoidType(); 655 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 656 } 657 else if (isa<BlockDecl>(D)) { 658 if (const FunctionType *FT = 659 BlockType->getPointeeType()->getAs<FunctionType>()) { 660 if (FT->getReturnType()->isVoidType()) 661 ReturnsVoid = true; 662 if (FT->getNoReturnAttr()) 663 HasNoReturn = true; 664 } 665 } 666 667 DiagnosticsEngine &Diags = S.getDiagnostics(); 668 669 // Short circuit for compilation speed. 670 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 671 return; 672 SourceLocation LBrace = Body->getBeginLoc(), RBrace = Body->getEndLoc(); 673 auto EmitDiag = [&](SourceLocation Loc, unsigned DiagID) { 674 if (IsCoroutine) 675 S.Diag(Loc, DiagID) << FSI->CoroutinePromise->getType(); 676 else 677 S.Diag(Loc, DiagID); 678 }; 679 680 // cpu_dispatch functions permit empty function bodies for ICC compatibility. 681 if (D->getAsFunction() && D->getAsFunction()->isCPUDispatchMultiVersion()) 682 return; 683 684 // Either in a function body compound statement, or a function-try-block. 685 switch (CheckFallThrough(AC)) { 686 case UnknownFallThrough: 687 break; 688 689 case MaybeFallThrough: 690 if (HasNoReturn) 691 EmitDiag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn); 692 else if (!ReturnsVoid) 693 EmitDiag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid); 694 break; 695 case AlwaysFallThrough: 696 if (HasNoReturn) 697 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn); 698 else if (!ReturnsVoid) 699 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid); 700 break; 701 case NeverFallThroughOrReturn: 702 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 703 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 704 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD; 705 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 706 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD; 707 } else { 708 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn); 709 } 710 } 711 break; 712 case NeverFallThrough: 713 break; 714 } 715 } 716 717 //===----------------------------------------------------------------------===// 718 // -Wuninitialized 719 //===----------------------------------------------------------------------===// 720 721 namespace { 722 /// ContainsReference - A visitor class to search for references to 723 /// a particular declaration (the needle) within any evaluated component of an 724 /// expression (recursively). 725 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> { 726 bool FoundReference; 727 const DeclRefExpr *Needle; 728 729 public: 730 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited; 731 732 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 733 : Inherited(Context), FoundReference(false), Needle(Needle) {} 734 735 void VisitExpr(const Expr *E) { 736 // Stop evaluating if we already have a reference. 737 if (FoundReference) 738 return; 739 740 Inherited::VisitExpr(E); 741 } 742 743 void VisitDeclRefExpr(const DeclRefExpr *E) { 744 if (E == Needle) 745 FoundReference = true; 746 else 747 Inherited::VisitDeclRefExpr(E); 748 } 749 750 bool doesContainReference() const { return FoundReference; } 751 }; 752 } // anonymous namespace 753 754 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 755 QualType VariableTy = VD->getType().getCanonicalType(); 756 if (VariableTy->isBlockPointerType() && 757 !VD->hasAttr<BlocksAttr>()) { 758 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 759 << VD->getDeclName() 760 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 761 return true; 762 } 763 764 // Don't issue a fixit if there is already an initializer. 765 if (VD->getInit()) 766 return false; 767 768 // Don't suggest a fixit inside macros. 769 if (VD->getEndLoc().isMacroID()) 770 return false; 771 772 SourceLocation Loc = S.getLocForEndOfToken(VD->getEndLoc()); 773 774 // Suggest possible initialization (if any). 775 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 776 if (Init.empty()) 777 return false; 778 779 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 780 << FixItHint::CreateInsertion(Loc, Init); 781 return true; 782 } 783 784 /// Create a fixit to remove an if-like statement, on the assumption that its 785 /// condition is CondVal. 786 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 787 const Stmt *Else, bool CondVal, 788 FixItHint &Fixit1, FixItHint &Fixit2) { 789 if (CondVal) { 790 // If condition is always true, remove all but the 'then'. 791 Fixit1 = FixItHint::CreateRemoval( 792 CharSourceRange::getCharRange(If->getBeginLoc(), Then->getBeginLoc())); 793 if (Else) { 794 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getEndLoc()); 795 Fixit2 = 796 FixItHint::CreateRemoval(SourceRange(ElseKwLoc, Else->getEndLoc())); 797 } 798 } else { 799 // If condition is always false, remove all but the 'else'. 800 if (Else) 801 Fixit1 = FixItHint::CreateRemoval(CharSourceRange::getCharRange( 802 If->getBeginLoc(), Else->getBeginLoc())); 803 else 804 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 805 } 806 } 807 808 /// DiagUninitUse -- Helper function to produce a diagnostic for an 809 /// uninitialized use of a variable. 810 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 811 bool IsCapturedByBlock) { 812 bool Diagnosed = false; 813 814 switch (Use.getKind()) { 815 case UninitUse::Always: 816 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_var) 817 << VD->getDeclName() << IsCapturedByBlock 818 << Use.getUser()->getSourceRange(); 819 return; 820 821 case UninitUse::AfterDecl: 822 case UninitUse::AfterCall: 823 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 824 << VD->getDeclName() << IsCapturedByBlock 825 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 826 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 827 << VD->getSourceRange(); 828 S.Diag(Use.getUser()->getBeginLoc(), diag::note_uninit_var_use) 829 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 830 return; 831 832 case UninitUse::Maybe: 833 case UninitUse::Sometimes: 834 // Carry on to report sometimes-uninitialized branches, if possible, 835 // or a 'may be used uninitialized' diagnostic otherwise. 836 break; 837 } 838 839 // Diagnose each branch which leads to a sometimes-uninitialized use. 840 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 841 I != E; ++I) { 842 assert(Use.getKind() == UninitUse::Sometimes); 843 844 const Expr *User = Use.getUser(); 845 const Stmt *Term = I->Terminator; 846 847 // Information used when building the diagnostic. 848 unsigned DiagKind; 849 StringRef Str; 850 SourceRange Range; 851 852 // FixIts to suppress the diagnostic by removing the dead condition. 853 // For all binary terminators, branch 0 is taken if the condition is true, 854 // and branch 1 is taken if the condition is false. 855 int RemoveDiagKind = -1; 856 const char *FixitStr = 857 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 858 : (I->Output ? "1" : "0"); 859 FixItHint Fixit1, Fixit2; 860 861 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 862 default: 863 // Don't know how to report this. Just fall back to 'may be used 864 // uninitialized'. FIXME: Can this happen? 865 continue; 866 867 // "condition is true / condition is false". 868 case Stmt::IfStmtClass: { 869 const IfStmt *IS = cast<IfStmt>(Term); 870 DiagKind = 0; 871 Str = "if"; 872 Range = IS->getCond()->getSourceRange(); 873 RemoveDiagKind = 0; 874 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 875 I->Output, Fixit1, Fixit2); 876 break; 877 } 878 case Stmt::ConditionalOperatorClass: { 879 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 880 DiagKind = 0; 881 Str = "?:"; 882 Range = CO->getCond()->getSourceRange(); 883 RemoveDiagKind = 0; 884 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 885 I->Output, Fixit1, Fixit2); 886 break; 887 } 888 case Stmt::BinaryOperatorClass: { 889 const BinaryOperator *BO = cast<BinaryOperator>(Term); 890 if (!BO->isLogicalOp()) 891 continue; 892 DiagKind = 0; 893 Str = BO->getOpcodeStr(); 894 Range = BO->getLHS()->getSourceRange(); 895 RemoveDiagKind = 0; 896 if ((BO->getOpcode() == BO_LAnd && I->Output) || 897 (BO->getOpcode() == BO_LOr && !I->Output)) 898 // true && y -> y, false || y -> y. 899 Fixit1 = FixItHint::CreateRemoval( 900 SourceRange(BO->getBeginLoc(), BO->getOperatorLoc())); 901 else 902 // false && y -> false, true || y -> true. 903 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 904 break; 905 } 906 907 // "loop is entered / loop is exited". 908 case Stmt::WhileStmtClass: 909 DiagKind = 1; 910 Str = "while"; 911 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 912 RemoveDiagKind = 1; 913 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 914 break; 915 case Stmt::ForStmtClass: 916 DiagKind = 1; 917 Str = "for"; 918 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 919 RemoveDiagKind = 1; 920 if (I->Output) 921 Fixit1 = FixItHint::CreateRemoval(Range); 922 else 923 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 924 break; 925 case Stmt::CXXForRangeStmtClass: 926 if (I->Output == 1) { 927 // The use occurs if a range-based for loop's body never executes. 928 // That may be impossible, and there's no syntactic fix for this, 929 // so treat it as a 'may be uninitialized' case. 930 continue; 931 } 932 DiagKind = 1; 933 Str = "for"; 934 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 935 break; 936 937 // "condition is true / loop is exited". 938 case Stmt::DoStmtClass: 939 DiagKind = 2; 940 Str = "do"; 941 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 942 RemoveDiagKind = 1; 943 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 944 break; 945 946 // "switch case is taken". 947 case Stmt::CaseStmtClass: 948 DiagKind = 3; 949 Str = "case"; 950 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 951 break; 952 case Stmt::DefaultStmtClass: 953 DiagKind = 3; 954 Str = "default"; 955 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 956 break; 957 } 958 959 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 960 << VD->getDeclName() << IsCapturedByBlock << DiagKind 961 << Str << I->Output << Range; 962 S.Diag(User->getBeginLoc(), diag::note_uninit_var_use) 963 << IsCapturedByBlock << User->getSourceRange(); 964 if (RemoveDiagKind != -1) 965 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 966 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 967 968 Diagnosed = true; 969 } 970 971 if (!Diagnosed) 972 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_maybe_uninit_var) 973 << VD->getDeclName() << IsCapturedByBlock 974 << Use.getUser()->getSourceRange(); 975 } 976 977 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 978 /// uninitialized variable. This manages the different forms of diagnostic 979 /// emitted for particular types of uses. Returns true if the use was diagnosed 980 /// as a warning. If a particular use is one we omit warnings for, returns 981 /// false. 982 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 983 const UninitUse &Use, 984 bool alwaysReportSelfInit = false) { 985 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 986 // Inspect the initializer of the variable declaration which is 987 // being referenced prior to its initialization. We emit 988 // specialized diagnostics for self-initialization, and we 989 // specifically avoid warning about self references which take the 990 // form of: 991 // 992 // int x = x; 993 // 994 // This is used to indicate to GCC that 'x' is intentionally left 995 // uninitialized. Proven code paths which access 'x' in 996 // an uninitialized state after this will still warn. 997 if (const Expr *Initializer = VD->getInit()) { 998 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 999 return false; 1000 1001 ContainsReference CR(S.Context, DRE); 1002 CR.Visit(Initializer); 1003 if (CR.doesContainReference()) { 1004 S.Diag(DRE->getBeginLoc(), diag::warn_uninit_self_reference_in_init) 1005 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 1006 return true; 1007 } 1008 } 1009 1010 DiagUninitUse(S, VD, Use, false); 1011 } else { 1012 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 1013 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 1014 S.Diag(BE->getBeginLoc(), 1015 diag::warn_uninit_byref_blockvar_captured_by_block) 1016 << VD->getDeclName() 1017 << VD->getType().getQualifiers().hasObjCLifetime(); 1018 else 1019 DiagUninitUse(S, VD, Use, true); 1020 } 1021 1022 // Report where the variable was declared when the use wasn't within 1023 // the initializer of that declaration & we didn't already suggest 1024 // an initialization fixit. 1025 if (!SuggestInitializationFixit(S, VD)) 1026 S.Diag(VD->getBeginLoc(), diag::note_var_declared_here) 1027 << VD->getDeclName(); 1028 1029 return true; 1030 } 1031 1032 namespace { 1033 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 1034 public: 1035 FallthroughMapper(Sema &S) 1036 : FoundSwitchStatements(false), 1037 S(S) { 1038 } 1039 1040 bool foundSwitchStatements() const { return FoundSwitchStatements; } 1041 1042 void markFallthroughVisited(const AttributedStmt *Stmt) { 1043 bool Found = FallthroughStmts.erase(Stmt); 1044 assert(Found); 1045 (void)Found; 1046 } 1047 1048 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 1049 1050 const AttrStmts &getFallthroughStmts() const { 1051 return FallthroughStmts; 1052 } 1053 1054 void fillReachableBlocks(CFG *Cfg) { 1055 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 1056 std::deque<const CFGBlock *> BlockQueue; 1057 1058 ReachableBlocks.insert(&Cfg->getEntry()); 1059 BlockQueue.push_back(&Cfg->getEntry()); 1060 // Mark all case blocks reachable to avoid problems with switching on 1061 // constants, covered enums, etc. 1062 // These blocks can contain fall-through annotations, and we don't want to 1063 // issue a warn_fallthrough_attr_unreachable for them. 1064 for (const auto *B : *Cfg) { 1065 const Stmt *L = B->getLabel(); 1066 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second) 1067 BlockQueue.push_back(B); 1068 } 1069 1070 while (!BlockQueue.empty()) { 1071 const CFGBlock *P = BlockQueue.front(); 1072 BlockQueue.pop_front(); 1073 for (CFGBlock::const_succ_iterator I = P->succ_begin(), 1074 E = P->succ_end(); 1075 I != E; ++I) { 1076 if (*I && ReachableBlocks.insert(*I).second) 1077 BlockQueue.push_back(*I); 1078 } 1079 } 1080 } 1081 1082 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt, 1083 bool IsTemplateInstantiation) { 1084 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 1085 1086 int UnannotatedCnt = 0; 1087 AnnotatedCnt = 0; 1088 1089 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 1090 while (!BlockQueue.empty()) { 1091 const CFGBlock *P = BlockQueue.front(); 1092 BlockQueue.pop_front(); 1093 if (!P) continue; 1094 1095 const Stmt *Term = P->getTerminatorStmt(); 1096 if (Term && isa<SwitchStmt>(Term)) 1097 continue; // Switch statement, good. 1098 1099 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 1100 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1101 continue; // Previous case label has no statements, good. 1102 1103 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 1104 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1105 continue; // Case label is preceded with a normal label, good. 1106 1107 if (!ReachableBlocks.count(P)) { 1108 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(), 1109 ElemEnd = P->rend(); 1110 ElemIt != ElemEnd; ++ElemIt) { 1111 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) { 1112 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 1113 // Don't issue a warning for an unreachable fallthrough 1114 // attribute in template instantiations as it may not be 1115 // unreachable in all instantiations of the template. 1116 if (!IsTemplateInstantiation) 1117 S.Diag(AS->getBeginLoc(), 1118 diag::warn_fallthrough_attr_unreachable); 1119 markFallthroughVisited(AS); 1120 ++AnnotatedCnt; 1121 break; 1122 } 1123 // Don't care about other unreachable statements. 1124 } 1125 } 1126 // If there are no unreachable statements, this may be a special 1127 // case in CFG: 1128 // case X: { 1129 // A a; // A has a destructor. 1130 // break; 1131 // } 1132 // // <<<< This place is represented by a 'hanging' CFG block. 1133 // case Y: 1134 continue; 1135 } 1136 1137 const Stmt *LastStmt = getLastStmt(*P); 1138 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 1139 markFallthroughVisited(AS); 1140 ++AnnotatedCnt; 1141 continue; // Fallthrough annotation, good. 1142 } 1143 1144 if (!LastStmt) { // This block contains no executable statements. 1145 // Traverse its predecessors. 1146 std::copy(P->pred_begin(), P->pred_end(), 1147 std::back_inserter(BlockQueue)); 1148 continue; 1149 } 1150 1151 ++UnannotatedCnt; 1152 } 1153 return !!UnannotatedCnt; 1154 } 1155 1156 // RecursiveASTVisitor setup. 1157 bool shouldWalkTypesOfTypeLocs() const { return false; } 1158 1159 bool VisitAttributedStmt(AttributedStmt *S) { 1160 if (asFallThroughAttr(S)) 1161 FallthroughStmts.insert(S); 1162 return true; 1163 } 1164 1165 bool VisitSwitchStmt(SwitchStmt *S) { 1166 FoundSwitchStatements = true; 1167 return true; 1168 } 1169 1170 // We don't want to traverse local type declarations. We analyze their 1171 // methods separately. 1172 bool TraverseDecl(Decl *D) { return true; } 1173 1174 // We analyze lambda bodies separately. Skip them here. 1175 bool TraverseLambdaExpr(LambdaExpr *LE) { 1176 // Traverse the captures, but not the body. 1177 for (const auto C : zip(LE->captures(), LE->capture_inits())) 1178 TraverseLambdaCapture(LE, &std::get<0>(C), std::get<1>(C)); 1179 return true; 1180 } 1181 1182 private: 1183 1184 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1185 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1186 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1187 return AS; 1188 } 1189 return nullptr; 1190 } 1191 1192 static const Stmt *getLastStmt(const CFGBlock &B) { 1193 if (const Stmt *Term = B.getTerminatorStmt()) 1194 return Term; 1195 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(), 1196 ElemEnd = B.rend(); 1197 ElemIt != ElemEnd; ++ElemIt) { 1198 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) 1199 return CS->getStmt(); 1200 } 1201 // Workaround to detect a statement thrown out by CFGBuilder: 1202 // case X: {} case Y: 1203 // case X: ; case Y: 1204 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1205 if (!isa<SwitchCase>(SW->getSubStmt())) 1206 return SW->getSubStmt(); 1207 1208 return nullptr; 1209 } 1210 1211 bool FoundSwitchStatements; 1212 AttrStmts FallthroughStmts; 1213 Sema &S; 1214 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1215 }; 1216 } // anonymous namespace 1217 1218 static StringRef getFallthroughAttrSpelling(Preprocessor &PP, 1219 SourceLocation Loc) { 1220 TokenValue FallthroughTokens[] = { 1221 tok::l_square, tok::l_square, 1222 PP.getIdentifierInfo("fallthrough"), 1223 tok::r_square, tok::r_square 1224 }; 1225 1226 TokenValue ClangFallthroughTokens[] = { 1227 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1228 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1229 tok::r_square, tok::r_square 1230 }; 1231 1232 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus17 && !PP.getLangOpts().C2x; 1233 1234 StringRef MacroName; 1235 if (PreferClangAttr) 1236 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1237 if (MacroName.empty()) 1238 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens); 1239 if (MacroName.empty() && !PreferClangAttr) 1240 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1241 if (MacroName.empty()) { 1242 if (!PreferClangAttr) 1243 MacroName = "[[fallthrough]]"; 1244 else if (PP.getLangOpts().CPlusPlus) 1245 MacroName = "[[clang::fallthrough]]"; 1246 else 1247 MacroName = "__attribute__((fallthrough))"; 1248 } 1249 return MacroName; 1250 } 1251 1252 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1253 bool PerFunction) { 1254 FallthroughMapper FM(S); 1255 FM.TraverseStmt(AC.getBody()); 1256 1257 if (!FM.foundSwitchStatements()) 1258 return; 1259 1260 if (PerFunction && FM.getFallthroughStmts().empty()) 1261 return; 1262 1263 CFG *Cfg = AC.getCFG(); 1264 1265 if (!Cfg) 1266 return; 1267 1268 FM.fillReachableBlocks(Cfg); 1269 1270 for (const CFGBlock *B : llvm::reverse(*Cfg)) { 1271 const Stmt *Label = B->getLabel(); 1272 1273 if (!Label || !isa<SwitchCase>(Label)) 1274 continue; 1275 1276 int AnnotatedCnt; 1277 1278 bool IsTemplateInstantiation = false; 1279 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(AC.getDecl())) 1280 IsTemplateInstantiation = Function->isTemplateInstantiation(); 1281 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt, 1282 IsTemplateInstantiation)) 1283 continue; 1284 1285 S.Diag(Label->getBeginLoc(), 1286 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1287 : diag::warn_unannotated_fallthrough); 1288 1289 if (!AnnotatedCnt) { 1290 SourceLocation L = Label->getBeginLoc(); 1291 if (L.isMacroID()) 1292 continue; 1293 1294 const Stmt *Term = B->getTerminatorStmt(); 1295 // Skip empty cases. 1296 while (B->empty() && !Term && B->succ_size() == 1) { 1297 B = *B->succ_begin(); 1298 Term = B->getTerminatorStmt(); 1299 } 1300 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1301 Preprocessor &PP = S.getPreprocessor(); 1302 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L); 1303 SmallString<64> TextToInsert(AnnotationSpelling); 1304 TextToInsert += "; "; 1305 S.Diag(L, diag::note_insert_fallthrough_fixit) 1306 << AnnotationSpelling 1307 << FixItHint::CreateInsertion(L, TextToInsert); 1308 } 1309 S.Diag(L, diag::note_insert_break_fixit) 1310 << FixItHint::CreateInsertion(L, "break; "); 1311 } 1312 } 1313 1314 for (const auto *F : FM.getFallthroughStmts()) 1315 S.Diag(F->getBeginLoc(), diag::err_fallthrough_attr_invalid_placement); 1316 } 1317 1318 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1319 const Stmt *S) { 1320 assert(S); 1321 1322 do { 1323 switch (S->getStmtClass()) { 1324 case Stmt::ForStmtClass: 1325 case Stmt::WhileStmtClass: 1326 case Stmt::CXXForRangeStmtClass: 1327 case Stmt::ObjCForCollectionStmtClass: 1328 return true; 1329 case Stmt::DoStmtClass: { 1330 Expr::EvalResult Result; 1331 if (!cast<DoStmt>(S)->getCond()->EvaluateAsInt(Result, Ctx)) 1332 return true; 1333 return Result.Val.getInt().getBoolValue(); 1334 } 1335 default: 1336 break; 1337 } 1338 } while ((S = PM.getParent(S))); 1339 1340 return false; 1341 } 1342 1343 static void diagnoseRepeatedUseOfWeak(Sema &S, 1344 const sema::FunctionScopeInfo *CurFn, 1345 const Decl *D, 1346 const ParentMap &PM) { 1347 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1348 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1349 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1350 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1351 StmtUsesPair; 1352 1353 ASTContext &Ctx = S.getASTContext(); 1354 1355 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1356 1357 // Extract all weak objects that are referenced more than once. 1358 SmallVector<StmtUsesPair, 8> UsesByStmt; 1359 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1360 I != E; ++I) { 1361 const WeakUseVector &Uses = I->second; 1362 1363 // Find the first read of the weak object. 1364 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1365 for ( ; UI != UE; ++UI) { 1366 if (UI->isUnsafe()) 1367 break; 1368 } 1369 1370 // If there were only writes to this object, don't warn. 1371 if (UI == UE) 1372 continue; 1373 1374 // If there was only one read, followed by any number of writes, and the 1375 // read is not within a loop, don't warn. Additionally, don't warn in a 1376 // loop if the base object is a local variable -- local variables are often 1377 // changed in loops. 1378 if (UI == Uses.begin()) { 1379 WeakUseVector::const_iterator UI2 = UI; 1380 for (++UI2; UI2 != UE; ++UI2) 1381 if (UI2->isUnsafe()) 1382 break; 1383 1384 if (UI2 == UE) { 1385 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1386 continue; 1387 1388 const WeakObjectProfileTy &Profile = I->first; 1389 if (!Profile.isExactProfile()) 1390 continue; 1391 1392 const NamedDecl *Base = Profile.getBase(); 1393 if (!Base) 1394 Base = Profile.getProperty(); 1395 assert(Base && "A profile always has a base or property."); 1396 1397 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1398 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1399 continue; 1400 } 1401 } 1402 1403 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1404 } 1405 1406 if (UsesByStmt.empty()) 1407 return; 1408 1409 // Sort by first use so that we emit the warnings in a deterministic order. 1410 SourceManager &SM = S.getSourceManager(); 1411 llvm::sort(UsesByStmt, 1412 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1413 return SM.isBeforeInTranslationUnit(LHS.first->getBeginLoc(), 1414 RHS.first->getBeginLoc()); 1415 }); 1416 1417 // Classify the current code body for better warning text. 1418 // This enum should stay in sync with the cases in 1419 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1420 // FIXME: Should we use a common classification enum and the same set of 1421 // possibilities all throughout Sema? 1422 enum { 1423 Function, 1424 Method, 1425 Block, 1426 Lambda 1427 } FunctionKind; 1428 1429 if (isa<sema::BlockScopeInfo>(CurFn)) 1430 FunctionKind = Block; 1431 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1432 FunctionKind = Lambda; 1433 else if (isa<ObjCMethodDecl>(D)) 1434 FunctionKind = Method; 1435 else 1436 FunctionKind = Function; 1437 1438 // Iterate through the sorted problems and emit warnings for each. 1439 for (const auto &P : UsesByStmt) { 1440 const Stmt *FirstRead = P.first; 1441 const WeakObjectProfileTy &Key = P.second->first; 1442 const WeakUseVector &Uses = P.second->second; 1443 1444 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1445 // may not contain enough information to determine that these are different 1446 // properties. We can only be 100% sure of a repeated use in certain cases, 1447 // and we adjust the diagnostic kind accordingly so that the less certain 1448 // case can be turned off if it is too noisy. 1449 unsigned DiagKind; 1450 if (Key.isExactProfile()) 1451 DiagKind = diag::warn_arc_repeated_use_of_weak; 1452 else 1453 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1454 1455 // Classify the weak object being accessed for better warning text. 1456 // This enum should stay in sync with the cases in 1457 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1458 enum { 1459 Variable, 1460 Property, 1461 ImplicitProperty, 1462 Ivar 1463 } ObjectKind; 1464 1465 const NamedDecl *KeyProp = Key.getProperty(); 1466 if (isa<VarDecl>(KeyProp)) 1467 ObjectKind = Variable; 1468 else if (isa<ObjCPropertyDecl>(KeyProp)) 1469 ObjectKind = Property; 1470 else if (isa<ObjCMethodDecl>(KeyProp)) 1471 ObjectKind = ImplicitProperty; 1472 else if (isa<ObjCIvarDecl>(KeyProp)) 1473 ObjectKind = Ivar; 1474 else 1475 llvm_unreachable("Unexpected weak object kind!"); 1476 1477 // Do not warn about IBOutlet weak property receivers being set to null 1478 // since they are typically only used from the main thread. 1479 if (const ObjCPropertyDecl *Prop = dyn_cast<ObjCPropertyDecl>(KeyProp)) 1480 if (Prop->hasAttr<IBOutletAttr>()) 1481 continue; 1482 1483 // Show the first time the object was read. 1484 S.Diag(FirstRead->getBeginLoc(), DiagKind) 1485 << int(ObjectKind) << KeyProp << int(FunctionKind) 1486 << FirstRead->getSourceRange(); 1487 1488 // Print all the other accesses as notes. 1489 for (const auto &Use : Uses) { 1490 if (Use.getUseExpr() == FirstRead) 1491 continue; 1492 S.Diag(Use.getUseExpr()->getBeginLoc(), 1493 diag::note_arc_weak_also_accessed_here) 1494 << Use.getUseExpr()->getSourceRange(); 1495 } 1496 } 1497 } 1498 1499 namespace { 1500 class UninitValsDiagReporter : public UninitVariablesHandler { 1501 Sema &S; 1502 typedef SmallVector<UninitUse, 2> UsesVec; 1503 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1504 // Prefer using MapVector to DenseMap, so that iteration order will be 1505 // the same as insertion order. This is needed to obtain a deterministic 1506 // order of diagnostics when calling flushDiagnostics(). 1507 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1508 UsesMap uses; 1509 1510 public: 1511 UninitValsDiagReporter(Sema &S) : S(S) {} 1512 ~UninitValsDiagReporter() override { flushDiagnostics(); } 1513 1514 MappedType &getUses(const VarDecl *vd) { 1515 MappedType &V = uses[vd]; 1516 if (!V.getPointer()) 1517 V.setPointer(new UsesVec()); 1518 return V; 1519 } 1520 1521 void handleUseOfUninitVariable(const VarDecl *vd, 1522 const UninitUse &use) override { 1523 getUses(vd).getPointer()->push_back(use); 1524 } 1525 1526 void handleSelfInit(const VarDecl *vd) override { 1527 getUses(vd).setInt(true); 1528 } 1529 1530 void flushDiagnostics() { 1531 for (const auto &P : uses) { 1532 const VarDecl *vd = P.first; 1533 const MappedType &V = P.second; 1534 1535 UsesVec *vec = V.getPointer(); 1536 bool hasSelfInit = V.getInt(); 1537 1538 // Specially handle the case where we have uses of an uninitialized 1539 // variable, but the root cause is an idiomatic self-init. We want 1540 // to report the diagnostic at the self-init since that is the root cause. 1541 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1542 DiagnoseUninitializedUse(S, vd, 1543 UninitUse(vd->getInit()->IgnoreParenCasts(), 1544 /* isAlwaysUninit */ true), 1545 /* alwaysReportSelfInit */ true); 1546 else { 1547 // Sort the uses by their SourceLocations. While not strictly 1548 // guaranteed to produce them in line/column order, this will provide 1549 // a stable ordering. 1550 llvm::sort(vec->begin(), vec->end(), 1551 [](const UninitUse &a, const UninitUse &b) { 1552 // Prefer a more confident report over a less confident one. 1553 if (a.getKind() != b.getKind()) 1554 return a.getKind() > b.getKind(); 1555 return a.getUser()->getBeginLoc() < b.getUser()->getBeginLoc(); 1556 }); 1557 1558 for (const auto &U : *vec) { 1559 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1560 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1561 1562 if (DiagnoseUninitializedUse(S, vd, Use)) 1563 // Skip further diagnostics for this variable. We try to warn only 1564 // on the first point at which a variable is used uninitialized. 1565 break; 1566 } 1567 } 1568 1569 // Release the uses vector. 1570 delete vec; 1571 } 1572 1573 uses.clear(); 1574 } 1575 1576 private: 1577 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1578 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) { 1579 return U.getKind() == UninitUse::Always || 1580 U.getKind() == UninitUse::AfterCall || 1581 U.getKind() == UninitUse::AfterDecl; 1582 }); 1583 } 1584 }; 1585 } // anonymous namespace 1586 1587 namespace clang { 1588 namespace { 1589 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1590 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1591 typedef std::list<DelayedDiag> DiagList; 1592 1593 struct SortDiagBySourceLocation { 1594 SourceManager &SM; 1595 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1596 1597 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1598 // Although this call will be slow, this is only called when outputting 1599 // multiple warnings. 1600 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1601 } 1602 }; 1603 } // anonymous namespace 1604 } // namespace clang 1605 1606 //===----------------------------------------------------------------------===// 1607 // -Wthread-safety 1608 //===----------------------------------------------------------------------===// 1609 namespace clang { 1610 namespace threadSafety { 1611 namespace { 1612 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1613 Sema &S; 1614 DiagList Warnings; 1615 SourceLocation FunLocation, FunEndLocation; 1616 1617 const FunctionDecl *CurrentFunction; 1618 bool Verbose; 1619 1620 OptionalNotes getNotes() const { 1621 if (Verbose && CurrentFunction) { 1622 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1623 S.PDiag(diag::note_thread_warning_in_fun) 1624 << CurrentFunction); 1625 return OptionalNotes(1, FNote); 1626 } 1627 return OptionalNotes(); 1628 } 1629 1630 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1631 OptionalNotes ONS(1, Note); 1632 if (Verbose && CurrentFunction) { 1633 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1634 S.PDiag(diag::note_thread_warning_in_fun) 1635 << CurrentFunction); 1636 ONS.push_back(std::move(FNote)); 1637 } 1638 return ONS; 1639 } 1640 1641 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1642 const PartialDiagnosticAt &Note2) const { 1643 OptionalNotes ONS; 1644 ONS.push_back(Note1); 1645 ONS.push_back(Note2); 1646 if (Verbose && CurrentFunction) { 1647 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1648 S.PDiag(diag::note_thread_warning_in_fun) 1649 << CurrentFunction); 1650 ONS.push_back(std::move(FNote)); 1651 } 1652 return ONS; 1653 } 1654 1655 OptionalNotes makeLockedHereNote(SourceLocation LocLocked, StringRef Kind) { 1656 return LocLocked.isValid() 1657 ? getNotes(PartialDiagnosticAt( 1658 LocLocked, S.PDiag(diag::note_locked_here) << Kind)) 1659 : getNotes(); 1660 } 1661 1662 public: 1663 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1664 : S(S), FunLocation(FL), FunEndLocation(FEL), 1665 CurrentFunction(nullptr), Verbose(false) {} 1666 1667 void setVerbose(bool b) { Verbose = b; } 1668 1669 /// Emit all buffered diagnostics in order of sourcelocation. 1670 /// We need to output diagnostics produced while iterating through 1671 /// the lockset in deterministic order, so this function orders diagnostics 1672 /// and outputs them. 1673 void emitDiagnostics() { 1674 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1675 for (const auto &Diag : Warnings) { 1676 S.Diag(Diag.first.first, Diag.first.second); 1677 for (const auto &Note : Diag.second) 1678 S.Diag(Note.first, Note.second); 1679 } 1680 } 1681 1682 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override { 1683 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1684 << Loc); 1685 Warnings.emplace_back(std::move(Warning), getNotes()); 1686 } 1687 1688 void handleUnmatchedUnlock(StringRef Kind, Name LockName, 1689 SourceLocation Loc) override { 1690 if (Loc.isInvalid()) 1691 Loc = FunLocation; 1692 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_but_no_lock) 1693 << Kind << LockName); 1694 Warnings.emplace_back(std::move(Warning), getNotes()); 1695 } 1696 1697 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1698 LockKind Expected, LockKind Received, 1699 SourceLocation LocLocked, 1700 SourceLocation LocUnlock) override { 1701 if (LocUnlock.isInvalid()) 1702 LocUnlock = FunLocation; 1703 PartialDiagnosticAt Warning( 1704 LocUnlock, S.PDiag(diag::warn_unlock_kind_mismatch) 1705 << Kind << LockName << Received << Expected); 1706 Warnings.emplace_back(std::move(Warning), 1707 makeLockedHereNote(LocLocked, Kind)); 1708 } 1709 1710 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation LocLocked, 1711 SourceLocation LocDoubleLock) override { 1712 if (LocDoubleLock.isInvalid()) 1713 LocDoubleLock = FunLocation; 1714 PartialDiagnosticAt Warning(LocDoubleLock, S.PDiag(diag::warn_double_lock) 1715 << Kind << LockName); 1716 Warnings.emplace_back(std::move(Warning), 1717 makeLockedHereNote(LocLocked, Kind)); 1718 } 1719 1720 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1721 SourceLocation LocLocked, 1722 SourceLocation LocEndOfScope, 1723 LockErrorKind LEK) override { 1724 unsigned DiagID = 0; 1725 switch (LEK) { 1726 case LEK_LockedSomePredecessors: 1727 DiagID = diag::warn_lock_some_predecessors; 1728 break; 1729 case LEK_LockedSomeLoopIterations: 1730 DiagID = diag::warn_expecting_lock_held_on_loop; 1731 break; 1732 case LEK_LockedAtEndOfFunction: 1733 DiagID = diag::warn_no_unlock; 1734 break; 1735 case LEK_NotLockedAtEndOfFunction: 1736 DiagID = diag::warn_expecting_locked; 1737 break; 1738 } 1739 if (LocEndOfScope.isInvalid()) 1740 LocEndOfScope = FunEndLocation; 1741 1742 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1743 << LockName); 1744 Warnings.emplace_back(std::move(Warning), 1745 makeLockedHereNote(LocLocked, Kind)); 1746 } 1747 1748 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1749 SourceLocation Loc1, 1750 SourceLocation Loc2) override { 1751 PartialDiagnosticAt Warning(Loc1, 1752 S.PDiag(diag::warn_lock_exclusive_and_shared) 1753 << Kind << LockName); 1754 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1755 << Kind << LockName); 1756 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1757 } 1758 1759 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D, 1760 ProtectedOperationKind POK, AccessKind AK, 1761 SourceLocation Loc) override { 1762 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1763 "Only works for variables"); 1764 unsigned DiagID = POK == POK_VarAccess? 1765 diag::warn_variable_requires_any_lock: 1766 diag::warn_var_deref_requires_any_lock; 1767 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1768 << D << getLockKindFromAccessKind(AK)); 1769 Warnings.emplace_back(std::move(Warning), getNotes()); 1770 } 1771 1772 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1773 ProtectedOperationKind POK, Name LockName, 1774 LockKind LK, SourceLocation Loc, 1775 Name *PossibleMatch) override { 1776 unsigned DiagID = 0; 1777 if (PossibleMatch) { 1778 switch (POK) { 1779 case POK_VarAccess: 1780 DiagID = diag::warn_variable_requires_lock_precise; 1781 break; 1782 case POK_VarDereference: 1783 DiagID = diag::warn_var_deref_requires_lock_precise; 1784 break; 1785 case POK_FunctionCall: 1786 DiagID = diag::warn_fun_requires_lock_precise; 1787 break; 1788 case POK_PassByRef: 1789 DiagID = diag::warn_guarded_pass_by_reference; 1790 break; 1791 case POK_PtPassByRef: 1792 DiagID = diag::warn_pt_guarded_pass_by_reference; 1793 break; 1794 } 1795 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1796 << D 1797 << LockName << LK); 1798 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1799 << *PossibleMatch); 1800 if (Verbose && POK == POK_VarAccess) { 1801 PartialDiagnosticAt VNote(D->getLocation(), 1802 S.PDiag(diag::note_guarded_by_declared_here) 1803 << D->getNameAsString()); 1804 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote)); 1805 } else 1806 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1807 } else { 1808 switch (POK) { 1809 case POK_VarAccess: 1810 DiagID = diag::warn_variable_requires_lock; 1811 break; 1812 case POK_VarDereference: 1813 DiagID = diag::warn_var_deref_requires_lock; 1814 break; 1815 case POK_FunctionCall: 1816 DiagID = diag::warn_fun_requires_lock; 1817 break; 1818 case POK_PassByRef: 1819 DiagID = diag::warn_guarded_pass_by_reference; 1820 break; 1821 case POK_PtPassByRef: 1822 DiagID = diag::warn_pt_guarded_pass_by_reference; 1823 break; 1824 } 1825 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1826 << D 1827 << LockName << LK); 1828 if (Verbose && POK == POK_VarAccess) { 1829 PartialDiagnosticAt Note(D->getLocation(), 1830 S.PDiag(diag::note_guarded_by_declared_here)); 1831 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1832 } else 1833 Warnings.emplace_back(std::move(Warning), getNotes()); 1834 } 1835 } 1836 1837 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 1838 SourceLocation Loc) override { 1839 PartialDiagnosticAt Warning(Loc, 1840 S.PDiag(diag::warn_acquire_requires_negative_cap) 1841 << Kind << LockName << Neg); 1842 Warnings.emplace_back(std::move(Warning), getNotes()); 1843 } 1844 1845 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 1846 SourceLocation Loc) override { 1847 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 1848 << Kind << FunName << LockName); 1849 Warnings.emplace_back(std::move(Warning), getNotes()); 1850 } 1851 1852 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name, 1853 SourceLocation Loc) override { 1854 PartialDiagnosticAt Warning(Loc, 1855 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name); 1856 Warnings.emplace_back(std::move(Warning), getNotes()); 1857 } 1858 1859 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override { 1860 PartialDiagnosticAt Warning(Loc, 1861 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name); 1862 Warnings.emplace_back(std::move(Warning), getNotes()); 1863 } 1864 1865 void enterFunction(const FunctionDecl* FD) override { 1866 CurrentFunction = FD; 1867 } 1868 1869 void leaveFunction(const FunctionDecl* FD) override { 1870 CurrentFunction = nullptr; 1871 } 1872 }; 1873 } // anonymous namespace 1874 } // namespace threadSafety 1875 } // namespace clang 1876 1877 //===----------------------------------------------------------------------===// 1878 // -Wconsumed 1879 //===----------------------------------------------------------------------===// 1880 1881 namespace clang { 1882 namespace consumed { 1883 namespace { 1884 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 1885 1886 Sema &S; 1887 DiagList Warnings; 1888 1889 public: 1890 1891 ConsumedWarningsHandler(Sema &S) : S(S) {} 1892 1893 void emitDiagnostics() override { 1894 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1895 for (const auto &Diag : Warnings) { 1896 S.Diag(Diag.first.first, Diag.first.second); 1897 for (const auto &Note : Diag.second) 1898 S.Diag(Note.first, Note.second); 1899 } 1900 } 1901 1902 void warnLoopStateMismatch(SourceLocation Loc, 1903 StringRef VariableName) override { 1904 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 1905 VariableName); 1906 1907 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1908 } 1909 1910 void warnParamReturnTypestateMismatch(SourceLocation Loc, 1911 StringRef VariableName, 1912 StringRef ExpectedState, 1913 StringRef ObservedState) override { 1914 1915 PartialDiagnosticAt Warning(Loc, S.PDiag( 1916 diag::warn_param_return_typestate_mismatch) << VariableName << 1917 ExpectedState << ObservedState); 1918 1919 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1920 } 1921 1922 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1923 StringRef ObservedState) override { 1924 1925 PartialDiagnosticAt Warning(Loc, S.PDiag( 1926 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 1927 1928 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1929 } 1930 1931 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 1932 StringRef TypeName) override { 1933 PartialDiagnosticAt Warning(Loc, S.PDiag( 1934 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 1935 1936 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1937 } 1938 1939 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1940 StringRef ObservedState) override { 1941 1942 PartialDiagnosticAt Warning(Loc, S.PDiag( 1943 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 1944 1945 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1946 } 1947 1948 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 1949 SourceLocation Loc) override { 1950 1951 PartialDiagnosticAt Warning(Loc, S.PDiag( 1952 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 1953 1954 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1955 } 1956 1957 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 1958 StringRef State, SourceLocation Loc) override { 1959 1960 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 1961 MethodName << VariableName << State); 1962 1963 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1964 } 1965 }; 1966 } // anonymous namespace 1967 } // namespace consumed 1968 } // namespace clang 1969 1970 //===----------------------------------------------------------------------===// 1971 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 1972 // warnings on a function, method, or block. 1973 //===----------------------------------------------------------------------===// 1974 1975 clang::sema::AnalysisBasedWarnings::Policy::Policy() { 1976 enableCheckFallThrough = 1; 1977 enableCheckUnreachable = 0; 1978 enableThreadSafetyAnalysis = 0; 1979 enableConsumedAnalysis = 0; 1980 } 1981 1982 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 1983 return (unsigned)!D.isIgnored(diag, SourceLocation()); 1984 } 1985 1986 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 1987 : S(s), 1988 NumFunctionsAnalyzed(0), 1989 NumFunctionsWithBadCFGs(0), 1990 NumCFGBlocks(0), 1991 MaxCFGBlocksPerFunction(0), 1992 NumUninitAnalysisFunctions(0), 1993 NumUninitAnalysisVariables(0), 1994 MaxUninitAnalysisVariablesPerFunction(0), 1995 NumUninitAnalysisBlockVisits(0), 1996 MaxUninitAnalysisBlockVisitsPerFunction(0) { 1997 1998 using namespace diag; 1999 DiagnosticsEngine &D = S.getDiagnostics(); 2000 2001 DefaultPolicy.enableCheckUnreachable = 2002 isEnabled(D, warn_unreachable) || 2003 isEnabled(D, warn_unreachable_break) || 2004 isEnabled(D, warn_unreachable_return) || 2005 isEnabled(D, warn_unreachable_loop_increment); 2006 2007 DefaultPolicy.enableThreadSafetyAnalysis = 2008 isEnabled(D, warn_double_lock); 2009 2010 DefaultPolicy.enableConsumedAnalysis = 2011 isEnabled(D, warn_use_in_invalid_state); 2012 } 2013 2014 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 2015 for (const auto &D : fscope->PossiblyUnreachableDiags) 2016 S.Diag(D.Loc, D.PD); 2017 } 2018 2019 void clang::sema:: 2020 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P, 2021 sema::FunctionScopeInfo *fscope, 2022 const Decl *D, QualType BlockType) { 2023 2024 // We avoid doing analysis-based warnings when there are errors for 2025 // two reasons: 2026 // (1) The CFGs often can't be constructed (if the body is invalid), so 2027 // don't bother trying. 2028 // (2) The code already has problems; running the analysis just takes more 2029 // time. 2030 DiagnosticsEngine &Diags = S.getDiagnostics(); 2031 2032 // Do not do any analysis if we are going to just ignore them. 2033 if (Diags.getIgnoreAllWarnings() || 2034 (Diags.getSuppressSystemWarnings() && 2035 S.SourceMgr.isInSystemHeader(D->getLocation()))) 2036 return; 2037 2038 // For code in dependent contexts, we'll do this at instantiation time. 2039 if (cast<DeclContext>(D)->isDependentContext()) 2040 return; 2041 2042 if (Diags.hasUncompilableErrorOccurred()) { 2043 // Flush out any possibly unreachable diagnostics. 2044 flushDiagnostics(S, fscope); 2045 return; 2046 } 2047 2048 const Stmt *Body = D->getBody(); 2049 assert(Body); 2050 2051 // Construct the analysis context with the specified CFG build options. 2052 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 2053 2054 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 2055 // explosion for destructors that can result and the compile time hit. 2056 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 2057 AC.getCFGBuildOptions().AddEHEdges = false; 2058 AC.getCFGBuildOptions().AddInitializers = true; 2059 AC.getCFGBuildOptions().AddImplicitDtors = true; 2060 AC.getCFGBuildOptions().AddTemporaryDtors = true; 2061 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 2062 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true; 2063 2064 // Force that certain expressions appear as CFGElements in the CFG. This 2065 // is used to speed up various analyses. 2066 // FIXME: This isn't the right factoring. This is here for initial 2067 // prototyping, but we need a way for analyses to say what expressions they 2068 // expect to always be CFGElements and then fill in the BuildOptions 2069 // appropriately. This is essentially a layering violation. 2070 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 2071 P.enableConsumedAnalysis) { 2072 // Unreachable code analysis and thread safety require a linearized CFG. 2073 AC.getCFGBuildOptions().setAllAlwaysAdd(); 2074 } 2075 else { 2076 AC.getCFGBuildOptions() 2077 .setAlwaysAdd(Stmt::BinaryOperatorClass) 2078 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 2079 .setAlwaysAdd(Stmt::BlockExprClass) 2080 .setAlwaysAdd(Stmt::CStyleCastExprClass) 2081 .setAlwaysAdd(Stmt::DeclRefExprClass) 2082 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 2083 .setAlwaysAdd(Stmt::UnaryOperatorClass) 2084 .setAlwaysAdd(Stmt::AttributedStmtClass); 2085 } 2086 2087 // Install the logical handler. 2088 llvm::Optional<LogicalErrorHandler> LEH; 2089 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) { 2090 LEH.emplace(S); 2091 AC.getCFGBuildOptions().Observer = &*LEH; 2092 } 2093 2094 // Emit delayed diagnostics. 2095 if (!fscope->PossiblyUnreachableDiags.empty()) { 2096 bool analyzed = false; 2097 2098 // Register the expressions with the CFGBuilder. 2099 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2100 for (const Stmt *S : D.Stmts) 2101 AC.registerForcedBlockExpression(S); 2102 } 2103 2104 if (AC.getCFG()) { 2105 analyzed = true; 2106 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2107 bool AllReachable = true; 2108 for (const Stmt *S : D.Stmts) { 2109 const CFGBlock *block = AC.getBlockForRegisteredExpression(S); 2110 CFGReverseBlockReachabilityAnalysis *cra = 2111 AC.getCFGReachablityAnalysis(); 2112 // FIXME: We should be able to assert that block is non-null, but 2113 // the CFG analysis can skip potentially-evaluated expressions in 2114 // edge cases; see test/Sema/vla-2.c. 2115 if (block && cra) { 2116 // Can this block be reached from the entrance? 2117 if (!cra->isReachable(&AC.getCFG()->getEntry(), block)) { 2118 AllReachable = false; 2119 break; 2120 } 2121 } 2122 // If we cannot map to a basic block, assume the statement is 2123 // reachable. 2124 } 2125 2126 if (AllReachable) 2127 S.Diag(D.Loc, D.PD); 2128 } 2129 } 2130 2131 if (!analyzed) 2132 flushDiagnostics(S, fscope); 2133 } 2134 2135 // Warning: check missing 'return' 2136 if (P.enableCheckFallThrough) { 2137 const CheckFallThroughDiagnostics &CD = 2138 (isa<BlockDecl>(D) 2139 ? CheckFallThroughDiagnostics::MakeForBlock() 2140 : (isa<CXXMethodDecl>(D) && 2141 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 2142 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 2143 ? CheckFallThroughDiagnostics::MakeForLambda() 2144 : (fscope->isCoroutine() 2145 ? CheckFallThroughDiagnostics::MakeForCoroutine(D) 2146 : CheckFallThroughDiagnostics::MakeForFunction(D))); 2147 CheckFallThroughForBody(S, D, Body, BlockType, CD, AC, fscope); 2148 } 2149 2150 // Warning: check for unreachable code 2151 if (P.enableCheckUnreachable) { 2152 // Only check for unreachable code on non-template instantiations. 2153 // Different template instantiations can effectively change the control-flow 2154 // and it is very difficult to prove that a snippet of code in a template 2155 // is unreachable for all instantiations. 2156 bool isTemplateInstantiation = false; 2157 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 2158 isTemplateInstantiation = Function->isTemplateInstantiation(); 2159 if (!isTemplateInstantiation) 2160 CheckUnreachable(S, AC); 2161 } 2162 2163 // Check for thread safety violations 2164 if (P.enableThreadSafetyAnalysis) { 2165 SourceLocation FL = AC.getDecl()->getLocation(); 2166 SourceLocation FEL = AC.getDecl()->getEndLoc(); 2167 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 2168 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getBeginLoc())) 2169 Reporter.setIssueBetaWarnings(true); 2170 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getBeginLoc())) 2171 Reporter.setVerbose(true); 2172 2173 threadSafety::runThreadSafetyAnalysis(AC, Reporter, 2174 &S.ThreadSafetyDeclCache); 2175 Reporter.emitDiagnostics(); 2176 } 2177 2178 // Check for violations of consumed properties. 2179 if (P.enableConsumedAnalysis) { 2180 consumed::ConsumedWarningsHandler WarningHandler(S); 2181 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 2182 Analyzer.run(AC); 2183 } 2184 2185 if (!Diags.isIgnored(diag::warn_uninit_var, D->getBeginLoc()) || 2186 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getBeginLoc()) || 2187 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getBeginLoc())) { 2188 if (CFG *cfg = AC.getCFG()) { 2189 UninitValsDiagReporter reporter(S); 2190 UninitVariablesAnalysisStats stats; 2191 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2192 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2193 reporter, stats); 2194 2195 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2196 ++NumUninitAnalysisFunctions; 2197 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2198 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2199 MaxUninitAnalysisVariablesPerFunction = 2200 std::max(MaxUninitAnalysisVariablesPerFunction, 2201 stats.NumVariablesAnalyzed); 2202 MaxUninitAnalysisBlockVisitsPerFunction = 2203 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2204 stats.NumBlockVisits); 2205 } 2206 } 2207 } 2208 2209 bool FallThroughDiagFull = 2210 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getBeginLoc()); 2211 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2212 diag::warn_unannotated_fallthrough_per_function, D->getBeginLoc()); 2213 if (FallThroughDiagFull || FallThroughDiagPerFunction || 2214 fscope->HasFallthroughStmt) { 2215 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2216 } 2217 2218 if (S.getLangOpts().ObjCWeak && 2219 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getBeginLoc())) 2220 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2221 2222 2223 // Check for infinite self-recursion in functions 2224 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2225 D->getBeginLoc())) { 2226 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2227 checkRecursiveFunction(S, FD, Body, AC); 2228 } 2229 } 2230 2231 // Check for throw out of non-throwing function. 2232 if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc())) 2233 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) 2234 if (S.getLangOpts().CPlusPlus && isNoexcept(FD)) 2235 checkThrowInNonThrowingFunc(S, FD, AC); 2236 2237 // If none of the previous checks caused a CFG build, trigger one here 2238 // for the logical error handler. 2239 if (LogicalErrorHandler::hasActiveDiagnostics(Diags, D->getBeginLoc())) { 2240 AC.getCFG(); 2241 } 2242 2243 // Collect statistics about the CFG if it was built. 2244 if (S.CollectStats && AC.isCFGBuilt()) { 2245 ++NumFunctionsAnalyzed; 2246 if (CFG *cfg = AC.getCFG()) { 2247 // If we successfully built a CFG for this context, record some more 2248 // detail information about it. 2249 NumCFGBlocks += cfg->getNumBlockIDs(); 2250 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2251 cfg->getNumBlockIDs()); 2252 } else { 2253 ++NumFunctionsWithBadCFGs; 2254 } 2255 } 2256 } 2257 2258 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2259 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2260 2261 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2262 unsigned AvgCFGBlocksPerFunction = 2263 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2264 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2265 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2266 << " " << NumCFGBlocks << " CFG blocks built.\n" 2267 << " " << AvgCFGBlocksPerFunction 2268 << " average CFG blocks per function.\n" 2269 << " " << MaxCFGBlocksPerFunction 2270 << " max CFG blocks per function.\n"; 2271 2272 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2273 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2274 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2275 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2276 llvm::errs() << NumUninitAnalysisFunctions 2277 << " functions analyzed for uninitialiazed variables\n" 2278 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2279 << " " << AvgUninitVariablesPerFunction 2280 << " average variables per function.\n" 2281 << " " << MaxUninitAnalysisVariablesPerFunction 2282 << " max variables per function.\n" 2283 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2284 << " " << AvgUninitBlockVisitsPerFunction 2285 << " average block visits per function.\n" 2286 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2287 << " max block visits per function.\n"; 2288 } 2289