xref: /freebsd/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers/DirectIvarAssignment.cpp (revision 2f513db72b034fd5ef7f080b11be5c711c15186a)
1 //=- DirectIvarAssignment.cpp - Check rules on ObjC properties -*- C++ ----*-==//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  Check that Objective C properties are set with the setter, not though a
10 //      direct assignment.
11 //
12 //  Two versions of a checker exist: one that checks all methods and the other
13 //      that only checks the methods annotated with
14 //      __attribute__((annotate("objc_no_direct_instance_variable_assignment")))
15 //
16 //  The checker does not warn about assignments to Ivars, annotated with
17 //       __attribute__((objc_allow_direct_instance_variable_assignment"))). This
18 //      annotation serves as a false positive suppression mechanism for the
19 //      checker. The annotation is allowed on properties and Ivars.
20 //
21 //===----------------------------------------------------------------------===//
22 
23 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
24 #include "clang/AST/Attr.h"
25 #include "clang/AST/DeclObjC.h"
26 #include "clang/AST/StmtVisitor.h"
27 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
28 #include "clang/StaticAnalyzer/Core/Checker.h"
29 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
30 #include "llvm/ADT/DenseMap.h"
31 
32 using namespace clang;
33 using namespace ento;
34 
35 namespace {
36 
37 /// The default method filter, which is used to filter out the methods on which
38 /// the check should not be performed.
39 ///
40 /// Checks for the init, dealloc, and any other functions that might be allowed
41 /// to perform direct instance variable assignment based on their name.
42 static bool DefaultMethodFilter(const ObjCMethodDecl *M) {
43   return M->getMethodFamily() == OMF_init ||
44          M->getMethodFamily() == OMF_dealloc ||
45          M->getMethodFamily() == OMF_copy ||
46          M->getMethodFamily() == OMF_mutableCopy ||
47          M->getSelector().getNameForSlot(0).find("init") != StringRef::npos ||
48          M->getSelector().getNameForSlot(0).find("Init") != StringRef::npos;
49 }
50 
51 class DirectIvarAssignment :
52   public Checker<check::ASTDecl<ObjCImplementationDecl> > {
53 
54   typedef llvm::DenseMap<const ObjCIvarDecl*,
55                          const ObjCPropertyDecl*> IvarToPropertyMapTy;
56 
57   /// A helper class, which walks the AST and locates all assignments to ivars
58   /// in the given function.
59   class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
60     const IvarToPropertyMapTy &IvarToPropMap;
61     const ObjCMethodDecl *MD;
62     const ObjCInterfaceDecl *InterfD;
63     BugReporter &BR;
64     const CheckerBase *Checker;
65     LocationOrAnalysisDeclContext DCtx;
66 
67   public:
68     MethodCrawler(const IvarToPropertyMapTy &InMap, const ObjCMethodDecl *InMD,
69                   const ObjCInterfaceDecl *InID, BugReporter &InBR,
70                   const CheckerBase *Checker, AnalysisDeclContext *InDCtx)
71         : IvarToPropMap(InMap), MD(InMD), InterfD(InID), BR(InBR),
72           Checker(Checker), DCtx(InDCtx) {}
73 
74     void VisitStmt(const Stmt *S) { VisitChildren(S); }
75 
76     void VisitBinaryOperator(const BinaryOperator *BO);
77 
78     void VisitChildren(const Stmt *S) {
79       for (const Stmt *Child : S->children())
80         if (Child)
81           this->Visit(Child);
82     }
83   };
84 
85 public:
86   bool (*ShouldSkipMethod)(const ObjCMethodDecl *);
87 
88   DirectIvarAssignment() : ShouldSkipMethod(&DefaultMethodFilter) {}
89 
90   void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
91                     BugReporter &BR) const;
92 };
93 
94 static const ObjCIvarDecl *findPropertyBackingIvar(const ObjCPropertyDecl *PD,
95                                                const ObjCInterfaceDecl *InterD,
96                                                ASTContext &Ctx) {
97   // Check for synthesized ivars.
98   ObjCIvarDecl *ID = PD->getPropertyIvarDecl();
99   if (ID)
100     return ID;
101 
102   ObjCInterfaceDecl *NonConstInterD = const_cast<ObjCInterfaceDecl*>(InterD);
103 
104   // Check for existing "_PropName".
105   ID = NonConstInterD->lookupInstanceVariable(PD->getDefaultSynthIvarName(Ctx));
106   if (ID)
107     return ID;
108 
109   // Check for existing "PropName".
110   IdentifierInfo *PropIdent = PD->getIdentifier();
111   ID = NonConstInterD->lookupInstanceVariable(PropIdent);
112 
113   return ID;
114 }
115 
116 void DirectIvarAssignment::checkASTDecl(const ObjCImplementationDecl *D,
117                                        AnalysisManager& Mgr,
118                                        BugReporter &BR) const {
119   const ObjCInterfaceDecl *InterD = D->getClassInterface();
120 
121 
122   IvarToPropertyMapTy IvarToPropMap;
123 
124   // Find all properties for this class.
125   for (const auto *PD : InterD->instance_properties()) {
126     // Find the corresponding IVar.
127     const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterD,
128                                                      Mgr.getASTContext());
129 
130     if (!ID)
131       continue;
132 
133     // Store the IVar to property mapping.
134     IvarToPropMap[ID] = PD;
135   }
136 
137   if (IvarToPropMap.empty())
138     return;
139 
140   for (const auto *M : D->instance_methods()) {
141     AnalysisDeclContext *DCtx = Mgr.getAnalysisDeclContext(M);
142 
143     if ((*ShouldSkipMethod)(M))
144       continue;
145 
146     const Stmt *Body = M->getBody();
147     assert(Body);
148 
149     MethodCrawler MC(IvarToPropMap, M->getCanonicalDecl(), InterD, BR, this,
150                      DCtx);
151     MC.VisitStmt(Body);
152   }
153 }
154 
155 static bool isAnnotatedToAllowDirectAssignment(const Decl *D) {
156   for (const auto *Ann : D->specific_attrs<AnnotateAttr>())
157     if (Ann->getAnnotation() ==
158         "objc_allow_direct_instance_variable_assignment")
159       return true;
160   return false;
161 }
162 
163 void DirectIvarAssignment::MethodCrawler::VisitBinaryOperator(
164                                                     const BinaryOperator *BO) {
165   if (!BO->isAssignmentOp())
166     return;
167 
168   const ObjCIvarRefExpr *IvarRef =
169           dyn_cast<ObjCIvarRefExpr>(BO->getLHS()->IgnoreParenCasts());
170 
171   if (!IvarRef)
172     return;
173 
174   if (const ObjCIvarDecl *D = IvarRef->getDecl()) {
175     IvarToPropertyMapTy::const_iterator I = IvarToPropMap.find(D);
176 
177     if (I != IvarToPropMap.end()) {
178       const ObjCPropertyDecl *PD = I->second;
179       // Skip warnings on Ivars, annotated with
180       // objc_allow_direct_instance_variable_assignment. This annotation serves
181       // as a false positive suppression mechanism for the checker. The
182       // annotation is allowed on properties and ivars.
183       if (isAnnotatedToAllowDirectAssignment(PD) ||
184           isAnnotatedToAllowDirectAssignment(D))
185         return;
186 
187       ObjCMethodDecl *GetterMethod =
188           InterfD->getInstanceMethod(PD->getGetterName());
189       ObjCMethodDecl *SetterMethod =
190           InterfD->getInstanceMethod(PD->getSetterName());
191 
192       if (SetterMethod && SetterMethod->getCanonicalDecl() == MD)
193         return;
194 
195       if (GetterMethod && GetterMethod->getCanonicalDecl() == MD)
196         return;
197 
198       BR.EmitBasicReport(
199           MD, Checker, "Property access", categories::CoreFoundationObjectiveC,
200           "Direct assignment to an instance variable backing a property; "
201           "use the setter instead",
202           PathDiagnosticLocation(IvarRef, BR.getSourceManager(), DCtx));
203     }
204   }
205 }
206 }
207 
208 // Register the checker that checks for direct accesses in functions annotated
209 // with __attribute__((annotate("objc_no_direct_instance_variable_assignment"))).
210 static bool AttrFilter(const ObjCMethodDecl *M) {
211   for (const auto *Ann : M->specific_attrs<AnnotateAttr>())
212     if (Ann->getAnnotation() == "objc_no_direct_instance_variable_assignment")
213       return false;
214   return true;
215 }
216 
217 // Register the checker that checks for direct accesses in all functions,
218 // except for the initialization and copy routines.
219 void ento::registerDirectIvarAssignment(CheckerManager &mgr) {
220   mgr.registerChecker<DirectIvarAssignment>();
221 }
222 
223 bool ento::shouldRegisterDirectIvarAssignment(const LangOptions &LO) {
224   return true;
225 }
226 
227 void ento::registerDirectIvarAssignmentForAnnotatedFunctions(
228     CheckerManager &mgr) {
229   mgr.getChecker<DirectIvarAssignment>()->ShouldSkipMethod = &AttrFilter;
230 }
231 
232 bool ento::shouldRegisterDirectIvarAssignmentForAnnotatedFunctions(
233                                                         const LangOptions &LO) {
234   return true;
235 }
236