xref: /freebsd/contrib/llvm-project/clang/lib/StaticAnalyzer/Checkers/IvarInvalidationChecker.cpp (revision 3dd5524264095ed8612c28908e13f80668eff2f9)
1 //===- IvarInvalidationChecker.cpp ------------------------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 //  This checker implements annotation driven invalidation checking. If a class
10 //  contains a method annotated with 'objc_instance_variable_invalidator',
11 //  - (void) foo
12 //           __attribute__((annotate("objc_instance_variable_invalidator")));
13 //  all the "ivalidatable" instance variables of this class should be
14 //  invalidated. We call an instance variable ivalidatable if it is an object of
15 //  a class which contains an invalidation method. There could be multiple
16 //  methods annotated with such annotations per class, either one can be used
17 //  to invalidate the ivar. An ivar or property are considered to be
18 //  invalidated if they are being assigned 'nil' or an invalidation method has
19 //  been called on them. An invalidation method should either invalidate all
20 //  the ivars or call another invalidation method (on self).
21 //
22 //  Partial invalidor annotation allows to address cases when ivars are
23 //  invalidated by other methods, which might or might not be called from
24 //  the invalidation method. The checker checks that each invalidation
25 //  method and all the partial methods cumulatively invalidate all ivars.
26 //    __attribute__((annotate("objc_instance_variable_invalidator_partial")));
27 //
28 //===----------------------------------------------------------------------===//
29 
30 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
31 #include "clang/AST/Attr.h"
32 #include "clang/AST/DeclObjC.h"
33 #include "clang/AST/StmtVisitor.h"
34 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
35 #include "clang/StaticAnalyzer/Core/Checker.h"
36 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
37 #include "llvm/ADT/DenseMap.h"
38 #include "llvm/ADT/SetVector.h"
39 #include "llvm/ADT/SmallString.h"
40 
41 using namespace clang;
42 using namespace ento;
43 
44 namespace {
45 struct ChecksFilter {
46   /// Check for missing invalidation method declarations.
47   bool check_MissingInvalidationMethod = false;
48   /// Check that all ivars are invalidated.
49   bool check_InstanceVariableInvalidation = false;
50 
51   CheckerNameRef checkName_MissingInvalidationMethod;
52   CheckerNameRef checkName_InstanceVariableInvalidation;
53 };
54 
55 class IvarInvalidationCheckerImpl {
56   typedef llvm::SmallSetVector<const ObjCMethodDecl*, 2> MethodSet;
57   typedef llvm::DenseMap<const ObjCMethodDecl*,
58                          const ObjCIvarDecl*> MethToIvarMapTy;
59   typedef llvm::DenseMap<const ObjCPropertyDecl*,
60                          const ObjCIvarDecl*> PropToIvarMapTy;
61   typedef llvm::DenseMap<const ObjCIvarDecl*,
62                          const ObjCPropertyDecl*> IvarToPropMapTy;
63 
64   struct InvalidationInfo {
65     /// Has the ivar been invalidated?
66     bool IsInvalidated;
67 
68     /// The methods which can be used to invalidate the ivar.
69     MethodSet InvalidationMethods;
70 
71     InvalidationInfo() : IsInvalidated(false) {}
72     void addInvalidationMethod(const ObjCMethodDecl *MD) {
73       InvalidationMethods.insert(MD);
74     }
75 
76     bool needsInvalidation() const {
77       return !InvalidationMethods.empty();
78     }
79 
80     bool hasMethod(const ObjCMethodDecl *MD) {
81       if (IsInvalidated)
82         return true;
83       for (MethodSet::iterator I = InvalidationMethods.begin(),
84           E = InvalidationMethods.end(); I != E; ++I) {
85         if (*I == MD) {
86           IsInvalidated = true;
87           return true;
88         }
89       }
90       return false;
91     }
92   };
93 
94   typedef llvm::DenseMap<const ObjCIvarDecl*, InvalidationInfo> IvarSet;
95 
96   /// Statement visitor, which walks the method body and flags the ivars
97   /// referenced in it (either directly or via property).
98   class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
99     /// The set of Ivars which need to be invalidated.
100     IvarSet &IVars;
101 
102     /// Flag is set as the result of a message send to another
103     /// invalidation method.
104     bool &CalledAnotherInvalidationMethod;
105 
106     /// Property setter to ivar mapping.
107     const MethToIvarMapTy &PropertySetterToIvarMap;
108 
109     /// Property getter to ivar mapping.
110     const MethToIvarMapTy &PropertyGetterToIvarMap;
111 
112     /// Property to ivar mapping.
113     const PropToIvarMapTy &PropertyToIvarMap;
114 
115     /// The invalidation method being currently processed.
116     const ObjCMethodDecl *InvalidationMethod;
117 
118     ASTContext &Ctx;
119 
120     /// Peel off parens, casts, OpaqueValueExpr, and PseudoObjectExpr.
121     const Expr *peel(const Expr *E) const;
122 
123     /// Does this expression represent zero: '0'?
124     bool isZero(const Expr *E) const;
125 
126     /// Mark the given ivar as invalidated.
127     void markInvalidated(const ObjCIvarDecl *Iv);
128 
129     /// Checks if IvarRef refers to the tracked IVar, if yes, marks it as
130     /// invalidated.
131     void checkObjCIvarRefExpr(const ObjCIvarRefExpr *IvarRef);
132 
133     /// Checks if ObjCPropertyRefExpr refers to the tracked IVar, if yes, marks
134     /// it as invalidated.
135     void checkObjCPropertyRefExpr(const ObjCPropertyRefExpr *PA);
136 
137     /// Checks if ObjCMessageExpr refers to (is a getter for) the tracked IVar,
138     /// if yes, marks it as invalidated.
139     void checkObjCMessageExpr(const ObjCMessageExpr *ME);
140 
141     /// Checks if the Expr refers to an ivar, if yes, marks it as invalidated.
142     void check(const Expr *E);
143 
144   public:
145     MethodCrawler(IvarSet &InIVars,
146                   bool &InCalledAnotherInvalidationMethod,
147                   const MethToIvarMapTy &InPropertySetterToIvarMap,
148                   const MethToIvarMapTy &InPropertyGetterToIvarMap,
149                   const PropToIvarMapTy &InPropertyToIvarMap,
150                   ASTContext &InCtx)
151     : IVars(InIVars),
152       CalledAnotherInvalidationMethod(InCalledAnotherInvalidationMethod),
153       PropertySetterToIvarMap(InPropertySetterToIvarMap),
154       PropertyGetterToIvarMap(InPropertyGetterToIvarMap),
155       PropertyToIvarMap(InPropertyToIvarMap),
156       InvalidationMethod(nullptr),
157       Ctx(InCtx) {}
158 
159     void VisitStmt(const Stmt *S) { VisitChildren(S); }
160 
161     void VisitBinaryOperator(const BinaryOperator *BO);
162 
163     void VisitObjCMessageExpr(const ObjCMessageExpr *ME);
164 
165     void VisitChildren(const Stmt *S) {
166       for (const auto *Child : S->children()) {
167         if (Child)
168           this->Visit(Child);
169         if (CalledAnotherInvalidationMethod)
170           return;
171       }
172     }
173   };
174 
175   /// Check if the any of the methods inside the interface are annotated with
176   /// the invalidation annotation, update the IvarInfo accordingly.
177   /// \param LookForPartial is set when we are searching for partial
178   ///        invalidators.
179   static void containsInvalidationMethod(const ObjCContainerDecl *D,
180                                          InvalidationInfo &Out,
181                                          bool LookForPartial);
182 
183   /// Check if ivar should be tracked and add to TrackedIvars if positive.
184   /// Returns true if ivar should be tracked.
185   static bool trackIvar(const ObjCIvarDecl *Iv, IvarSet &TrackedIvars,
186                         const ObjCIvarDecl **FirstIvarDecl);
187 
188   /// Given the property declaration, and the list of tracked ivars, finds
189   /// the ivar backing the property when possible. Returns '0' when no such
190   /// ivar could be found.
191   static const ObjCIvarDecl *findPropertyBackingIvar(
192       const ObjCPropertyDecl *Prop,
193       const ObjCInterfaceDecl *InterfaceD,
194       IvarSet &TrackedIvars,
195       const ObjCIvarDecl **FirstIvarDecl);
196 
197   /// Print ivar name or the property if the given ivar backs a property.
198   static void printIvar(llvm::raw_svector_ostream &os,
199                         const ObjCIvarDecl *IvarDecl,
200                         const IvarToPropMapTy &IvarToPopertyMap);
201 
202   void reportNoInvalidationMethod(CheckerNameRef CheckName,
203                                   const ObjCIvarDecl *FirstIvarDecl,
204                                   const IvarToPropMapTy &IvarToPopertyMap,
205                                   const ObjCInterfaceDecl *InterfaceD,
206                                   bool MissingDeclaration) const;
207 
208   void reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
209                                    const IvarToPropMapTy &IvarToPopertyMap,
210                                    const ObjCMethodDecl *MethodD) const;
211 
212   AnalysisManager& Mgr;
213   BugReporter &BR;
214   /// Filter on the checks performed.
215   const ChecksFilter &Filter;
216 
217 public:
218   IvarInvalidationCheckerImpl(AnalysisManager& InMgr,
219                               BugReporter &InBR,
220                               const ChecksFilter &InFilter) :
221     Mgr (InMgr), BR(InBR), Filter(InFilter) {}
222 
223   void visit(const ObjCImplementationDecl *D) const;
224 };
225 
226 static bool isInvalidationMethod(const ObjCMethodDecl *M, bool LookForPartial) {
227   for (const auto *Ann : M->specific_attrs<AnnotateAttr>()) {
228     if (!LookForPartial &&
229         Ann->getAnnotation() == "objc_instance_variable_invalidator")
230       return true;
231     if (LookForPartial &&
232         Ann->getAnnotation() == "objc_instance_variable_invalidator_partial")
233       return true;
234   }
235   return false;
236 }
237 
238 void IvarInvalidationCheckerImpl::containsInvalidationMethod(
239     const ObjCContainerDecl *D, InvalidationInfo &OutInfo, bool Partial) {
240 
241   if (!D)
242     return;
243 
244   assert(!isa<ObjCImplementationDecl>(D));
245   // TODO: Cache the results.
246 
247   // Check all methods.
248   for (const auto *MDI : D->methods())
249     if (isInvalidationMethod(MDI, Partial))
250       OutInfo.addInvalidationMethod(
251           cast<ObjCMethodDecl>(MDI->getCanonicalDecl()));
252 
253   // If interface, check all parent protocols and super.
254   if (const ObjCInterfaceDecl *InterfD = dyn_cast<ObjCInterfaceDecl>(D)) {
255 
256     // Visit all protocols.
257     for (const auto *I : InterfD->protocols())
258       containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
259 
260     // Visit all categories in case the invalidation method is declared in
261     // a category.
262     for (const auto *Ext : InterfD->visible_extensions())
263       containsInvalidationMethod(Ext, OutInfo, Partial);
264 
265     containsInvalidationMethod(InterfD->getSuperClass(), OutInfo, Partial);
266     return;
267   }
268 
269   // If protocol, check all parent protocols.
270   if (const ObjCProtocolDecl *ProtD = dyn_cast<ObjCProtocolDecl>(D)) {
271     for (const auto *I : ProtD->protocols()) {
272       containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
273     }
274     return;
275   }
276 }
277 
278 bool IvarInvalidationCheckerImpl::trackIvar(const ObjCIvarDecl *Iv,
279                                         IvarSet &TrackedIvars,
280                                         const ObjCIvarDecl **FirstIvarDecl) {
281   QualType IvQTy = Iv->getType();
282   const ObjCObjectPointerType *IvTy = IvQTy->getAs<ObjCObjectPointerType>();
283   if (!IvTy)
284     return false;
285   const ObjCInterfaceDecl *IvInterf = IvTy->getInterfaceDecl();
286 
287   InvalidationInfo Info;
288   containsInvalidationMethod(IvInterf, Info, /*LookForPartial*/ false);
289   if (Info.needsInvalidation()) {
290     const ObjCIvarDecl *I = cast<ObjCIvarDecl>(Iv->getCanonicalDecl());
291     TrackedIvars[I] = Info;
292     if (!*FirstIvarDecl)
293       *FirstIvarDecl = I;
294     return true;
295   }
296   return false;
297 }
298 
299 const ObjCIvarDecl *IvarInvalidationCheckerImpl::findPropertyBackingIvar(
300                         const ObjCPropertyDecl *Prop,
301                         const ObjCInterfaceDecl *InterfaceD,
302                         IvarSet &TrackedIvars,
303                         const ObjCIvarDecl **FirstIvarDecl) {
304   const ObjCIvarDecl *IvarD = nullptr;
305 
306   // Lookup for the synthesized case.
307   IvarD = Prop->getPropertyIvarDecl();
308   // We only track the ivars/properties that are defined in the current
309   // class (not the parent).
310   if (IvarD && IvarD->getContainingInterface() == InterfaceD) {
311     if (TrackedIvars.count(IvarD)) {
312       return IvarD;
313     }
314     // If the ivar is synthesized we still want to track it.
315     if (trackIvar(IvarD, TrackedIvars, FirstIvarDecl))
316       return IvarD;
317   }
318 
319   // Lookup IVars named "_PropName"or "PropName" among the tracked Ivars.
320   StringRef PropName = Prop->getIdentifier()->getName();
321   for (IvarSet::const_iterator I = TrackedIvars.begin(),
322                                E = TrackedIvars.end(); I != E; ++I) {
323     const ObjCIvarDecl *Iv = I->first;
324     StringRef IvarName = Iv->getName();
325 
326     if (IvarName == PropName)
327       return Iv;
328 
329     SmallString<128> PropNameWithUnderscore;
330     {
331       llvm::raw_svector_ostream os(PropNameWithUnderscore);
332       os << '_' << PropName;
333     }
334     if (IvarName == PropNameWithUnderscore)
335       return Iv;
336   }
337 
338   // Note, this is a possible source of false positives. We could look at the
339   // getter implementation to find the ivar when its name is not derived from
340   // the property name.
341   return nullptr;
342 }
343 
344 void IvarInvalidationCheckerImpl::printIvar(llvm::raw_svector_ostream &os,
345                                       const ObjCIvarDecl *IvarDecl,
346                                       const IvarToPropMapTy &IvarToPopertyMap) {
347   if (IvarDecl->getSynthesize()) {
348     const ObjCPropertyDecl *PD = IvarToPopertyMap.lookup(IvarDecl);
349     assert(PD &&"Do we synthesize ivars for something other than properties?");
350     os << "Property "<< PD->getName() << " ";
351   } else {
352     os << "Instance variable "<< IvarDecl->getName() << " ";
353   }
354 }
355 
356 // Check that the invalidatable interfaces with ivars/properties implement the
357 // invalidation methods.
358 void IvarInvalidationCheckerImpl::
359 visit(const ObjCImplementationDecl *ImplD) const {
360   // Collect all ivars that need cleanup.
361   IvarSet Ivars;
362   // Record the first Ivar needing invalidation; used in reporting when only
363   // one ivar is sufficient. Cannot grab the first on the Ivars set to ensure
364   // deterministic output.
365   const ObjCIvarDecl *FirstIvarDecl = nullptr;
366   const ObjCInterfaceDecl *InterfaceD = ImplD->getClassInterface();
367 
368   // Collect ivars declared in this class, its extensions and its implementation
369   ObjCInterfaceDecl *IDecl = const_cast<ObjCInterfaceDecl *>(InterfaceD);
370   for (const ObjCIvarDecl *Iv = IDecl->all_declared_ivar_begin(); Iv;
371        Iv= Iv->getNextIvar())
372     trackIvar(Iv, Ivars, &FirstIvarDecl);
373 
374   // Construct Property/Property Accessor to Ivar maps to assist checking if an
375   // ivar which is backing a property has been reset.
376   MethToIvarMapTy PropSetterToIvarMap;
377   MethToIvarMapTy PropGetterToIvarMap;
378   PropToIvarMapTy PropertyToIvarMap;
379   IvarToPropMapTy IvarToPopertyMap;
380 
381   ObjCInterfaceDecl::PropertyMap PropMap;
382   ObjCInterfaceDecl::PropertyDeclOrder PropOrder;
383   InterfaceD->collectPropertiesToImplement(PropMap, PropOrder);
384 
385   for (ObjCInterfaceDecl::PropertyMap::iterator
386       I = PropMap.begin(), E = PropMap.end(); I != E; ++I) {
387     const ObjCPropertyDecl *PD = I->second;
388     if (PD->isClassProperty())
389       continue;
390 
391     const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterfaceD, Ivars,
392                                                      &FirstIvarDecl);
393     if (!ID)
394       continue;
395 
396     // Store the mappings.
397     PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
398     PropertyToIvarMap[PD] = ID;
399     IvarToPopertyMap[ID] = PD;
400 
401     // Find the setter and the getter.
402     const ObjCMethodDecl *SetterD = PD->getSetterMethodDecl();
403     if (SetterD) {
404       SetterD = SetterD->getCanonicalDecl();
405       PropSetterToIvarMap[SetterD] = ID;
406     }
407 
408     const ObjCMethodDecl *GetterD = PD->getGetterMethodDecl();
409     if (GetterD) {
410       GetterD = GetterD->getCanonicalDecl();
411       PropGetterToIvarMap[GetterD] = ID;
412     }
413   }
414 
415   // If no ivars need invalidation, there is nothing to check here.
416   if (Ivars.empty())
417     return;
418 
419   // Find all partial invalidation methods.
420   InvalidationInfo PartialInfo;
421   containsInvalidationMethod(InterfaceD, PartialInfo, /*LookForPartial*/ true);
422 
423   // Remove ivars invalidated by the partial invalidation methods. They do not
424   // need to be invalidated in the regular invalidation methods.
425   bool AtImplementationContainsAtLeastOnePartialInvalidationMethod = false;
426   for (MethodSet::iterator
427       I = PartialInfo.InvalidationMethods.begin(),
428       E = PartialInfo.InvalidationMethods.end(); I != E; ++I) {
429     const ObjCMethodDecl *InterfD = *I;
430 
431     // Get the corresponding method in the @implementation.
432     const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
433                                                InterfD->isInstanceMethod());
434     if (D && D->hasBody()) {
435       AtImplementationContainsAtLeastOnePartialInvalidationMethod = true;
436 
437       bool CalledAnotherInvalidationMethod = false;
438       // The MethodCrowler is going to remove the invalidated ivars.
439       MethodCrawler(Ivars,
440                     CalledAnotherInvalidationMethod,
441                     PropSetterToIvarMap,
442                     PropGetterToIvarMap,
443                     PropertyToIvarMap,
444                     BR.getContext()).VisitStmt(D->getBody());
445       // If another invalidation method was called, trust that full invalidation
446       // has occurred.
447       if (CalledAnotherInvalidationMethod)
448         Ivars.clear();
449     }
450   }
451 
452   // If all ivars have been invalidated by partial invalidators, there is
453   // nothing to check here.
454   if (Ivars.empty())
455     return;
456 
457   // Find all invalidation methods in this @interface declaration and parents.
458   InvalidationInfo Info;
459   containsInvalidationMethod(InterfaceD, Info, /*LookForPartial*/ false);
460 
461   // Report an error in case none of the invalidation methods are declared.
462   if (!Info.needsInvalidation() && !PartialInfo.needsInvalidation()) {
463     if (Filter.check_MissingInvalidationMethod)
464       reportNoInvalidationMethod(Filter.checkName_MissingInvalidationMethod,
465                                  FirstIvarDecl, IvarToPopertyMap, InterfaceD,
466                                  /*MissingDeclaration*/ true);
467     // If there are no invalidation methods, there is no ivar validation work
468     // to be done.
469     return;
470   }
471 
472   // Only check if Ivars are invalidated when InstanceVariableInvalidation
473   // has been requested.
474   if (!Filter.check_InstanceVariableInvalidation)
475     return;
476 
477   // Check that all ivars are invalidated by the invalidation methods.
478   bool AtImplementationContainsAtLeastOneInvalidationMethod = false;
479   for (MethodSet::iterator I = Info.InvalidationMethods.begin(),
480                            E = Info.InvalidationMethods.end(); I != E; ++I) {
481     const ObjCMethodDecl *InterfD = *I;
482 
483     // Get the corresponding method in the @implementation.
484     const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
485                                                InterfD->isInstanceMethod());
486     if (D && D->hasBody()) {
487       AtImplementationContainsAtLeastOneInvalidationMethod = true;
488 
489       // Get a copy of ivars needing invalidation.
490       IvarSet IvarsI = Ivars;
491 
492       bool CalledAnotherInvalidationMethod = false;
493       MethodCrawler(IvarsI,
494                     CalledAnotherInvalidationMethod,
495                     PropSetterToIvarMap,
496                     PropGetterToIvarMap,
497                     PropertyToIvarMap,
498                     BR.getContext()).VisitStmt(D->getBody());
499       // If another invalidation method was called, trust that full invalidation
500       // has occurred.
501       if (CalledAnotherInvalidationMethod)
502         continue;
503 
504       // Warn on the ivars that were not invalidated by the method.
505       for (IvarSet::const_iterator
506           I = IvarsI.begin(), E = IvarsI.end(); I != E; ++I)
507         reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, D);
508     }
509   }
510 
511   // Report an error in case none of the invalidation methods are implemented.
512   if (!AtImplementationContainsAtLeastOneInvalidationMethod) {
513     if (AtImplementationContainsAtLeastOnePartialInvalidationMethod) {
514       // Warn on the ivars that were not invalidated by the prrtial
515       // invalidation methods.
516       for (IvarSet::const_iterator
517            I = Ivars.begin(), E = Ivars.end(); I != E; ++I)
518         reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, nullptr);
519     } else {
520       // Otherwise, no invalidation methods were implemented.
521       reportNoInvalidationMethod(Filter.checkName_InstanceVariableInvalidation,
522                                  FirstIvarDecl, IvarToPopertyMap, InterfaceD,
523                                  /*MissingDeclaration*/ false);
524     }
525   }
526 }
527 
528 void IvarInvalidationCheckerImpl::reportNoInvalidationMethod(
529     CheckerNameRef CheckName, const ObjCIvarDecl *FirstIvarDecl,
530     const IvarToPropMapTy &IvarToPopertyMap,
531     const ObjCInterfaceDecl *InterfaceD, bool MissingDeclaration) const {
532   SmallString<128> sbuf;
533   llvm::raw_svector_ostream os(sbuf);
534   assert(FirstIvarDecl);
535   printIvar(os, FirstIvarDecl, IvarToPopertyMap);
536   os << "needs to be invalidated; ";
537   if (MissingDeclaration)
538     os << "no invalidation method is declared for ";
539   else
540     os << "no invalidation method is defined in the @implementation for ";
541   os << InterfaceD->getName();
542 
543   PathDiagnosticLocation IvarDecLocation =
544     PathDiagnosticLocation::createBegin(FirstIvarDecl, BR.getSourceManager());
545 
546   BR.EmitBasicReport(FirstIvarDecl, CheckName, "Incomplete invalidation",
547                      categories::CoreFoundationObjectiveC, os.str(),
548                      IvarDecLocation);
549 }
550 
551 void IvarInvalidationCheckerImpl::
552 reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
553                             const IvarToPropMapTy &IvarToPopertyMap,
554                             const ObjCMethodDecl *MethodD) const {
555   SmallString<128> sbuf;
556   llvm::raw_svector_ostream os(sbuf);
557   printIvar(os, IvarD, IvarToPopertyMap);
558   os << "needs to be invalidated or set to nil";
559   if (MethodD) {
560     PathDiagnosticLocation MethodDecLocation =
561                            PathDiagnosticLocation::createEnd(MethodD->getBody(),
562                            BR.getSourceManager(),
563                            Mgr.getAnalysisDeclContext(MethodD));
564     BR.EmitBasicReport(MethodD, Filter.checkName_InstanceVariableInvalidation,
565                        "Incomplete invalidation",
566                        categories::CoreFoundationObjectiveC, os.str(),
567                        MethodDecLocation);
568   } else {
569     BR.EmitBasicReport(
570         IvarD, Filter.checkName_InstanceVariableInvalidation,
571         "Incomplete invalidation", categories::CoreFoundationObjectiveC,
572         os.str(),
573         PathDiagnosticLocation::createBegin(IvarD, BR.getSourceManager()));
574   }
575 }
576 
577 void IvarInvalidationCheckerImpl::MethodCrawler::markInvalidated(
578     const ObjCIvarDecl *Iv) {
579   IvarSet::iterator I = IVars.find(Iv);
580   if (I != IVars.end()) {
581     // If InvalidationMethod is present, we are processing the message send and
582     // should ensure we are invalidating with the appropriate method,
583     // otherwise, we are processing setting to 'nil'.
584     if (!InvalidationMethod || I->second.hasMethod(InvalidationMethod))
585       IVars.erase(I);
586   }
587 }
588 
589 const Expr *IvarInvalidationCheckerImpl::MethodCrawler::peel(const Expr *E) const {
590   E = E->IgnoreParenCasts();
591   if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E))
592     E = POE->getSyntacticForm()->IgnoreParenCasts();
593   if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E))
594     E = OVE->getSourceExpr()->IgnoreParenCasts();
595   return E;
596 }
597 
598 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCIvarRefExpr(
599     const ObjCIvarRefExpr *IvarRef) {
600   if (const Decl *D = IvarRef->getDecl())
601     markInvalidated(cast<ObjCIvarDecl>(D->getCanonicalDecl()));
602 }
603 
604 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCMessageExpr(
605     const ObjCMessageExpr *ME) {
606   const ObjCMethodDecl *MD = ME->getMethodDecl();
607   if (MD) {
608     MD = MD->getCanonicalDecl();
609     MethToIvarMapTy::const_iterator IvI = PropertyGetterToIvarMap.find(MD);
610     if (IvI != PropertyGetterToIvarMap.end())
611       markInvalidated(IvI->second);
612   }
613 }
614 
615 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCPropertyRefExpr(
616     const ObjCPropertyRefExpr *PA) {
617 
618   if (PA->isExplicitProperty()) {
619     const ObjCPropertyDecl *PD = PA->getExplicitProperty();
620     if (PD) {
621       PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
622       PropToIvarMapTy::const_iterator IvI = PropertyToIvarMap.find(PD);
623       if (IvI != PropertyToIvarMap.end())
624         markInvalidated(IvI->second);
625       return;
626     }
627   }
628 
629   if (PA->isImplicitProperty()) {
630     const ObjCMethodDecl *MD = PA->getImplicitPropertySetter();
631     if (MD) {
632       MD = MD->getCanonicalDecl();
633       MethToIvarMapTy::const_iterator IvI =PropertyGetterToIvarMap.find(MD);
634       if (IvI != PropertyGetterToIvarMap.end())
635         markInvalidated(IvI->second);
636       return;
637     }
638   }
639 }
640 
641 bool IvarInvalidationCheckerImpl::MethodCrawler::isZero(const Expr *E) const {
642   E = peel(E);
643 
644   return (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull)
645            != Expr::NPCK_NotNull);
646 }
647 
648 void IvarInvalidationCheckerImpl::MethodCrawler::check(const Expr *E) {
649   E = peel(E);
650 
651   if (const ObjCIvarRefExpr *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {
652     checkObjCIvarRefExpr(IvarRef);
653     return;
654   }
655 
656   if (const ObjCPropertyRefExpr *PropRef = dyn_cast<ObjCPropertyRefExpr>(E)) {
657     checkObjCPropertyRefExpr(PropRef);
658     return;
659   }
660 
661   if (const ObjCMessageExpr *MsgExpr = dyn_cast<ObjCMessageExpr>(E)) {
662     checkObjCMessageExpr(MsgExpr);
663     return;
664   }
665 }
666 
667 void IvarInvalidationCheckerImpl::MethodCrawler::VisitBinaryOperator(
668     const BinaryOperator *BO) {
669   VisitStmt(BO);
670 
671   // Do we assign/compare against zero? If yes, check the variable we are
672   // assigning to.
673   BinaryOperatorKind Opcode = BO->getOpcode();
674   if (Opcode != BO_Assign &&
675       Opcode != BO_EQ &&
676       Opcode != BO_NE)
677     return;
678 
679   if (isZero(BO->getRHS())) {
680       check(BO->getLHS());
681       return;
682   }
683 
684   if (Opcode != BO_Assign && isZero(BO->getLHS())) {
685     check(BO->getRHS());
686     return;
687   }
688 }
689 
690 void IvarInvalidationCheckerImpl::MethodCrawler::VisitObjCMessageExpr(
691   const ObjCMessageExpr *ME) {
692   const ObjCMethodDecl *MD = ME->getMethodDecl();
693   const Expr *Receiver = ME->getInstanceReceiver();
694 
695   // Stop if we are calling '[self invalidate]'.
696   if (Receiver && isInvalidationMethod(MD, /*LookForPartial*/ false))
697     if (Receiver->isObjCSelfExpr()) {
698       CalledAnotherInvalidationMethod = true;
699       return;
700     }
701 
702   // Check if we call a setter and set the property to 'nil'.
703   if (MD && (ME->getNumArgs() == 1) && isZero(ME->getArg(0))) {
704     MD = MD->getCanonicalDecl();
705     MethToIvarMapTy::const_iterator IvI = PropertySetterToIvarMap.find(MD);
706     if (IvI != PropertySetterToIvarMap.end()) {
707       markInvalidated(IvI->second);
708       return;
709     }
710   }
711 
712   // Check if we call the 'invalidation' routine on the ivar.
713   if (Receiver) {
714     InvalidationMethod = MD;
715     check(Receiver->IgnoreParenCasts());
716     InvalidationMethod = nullptr;
717   }
718 
719   VisitStmt(ME);
720 }
721 } // end anonymous namespace
722 
723 // Register the checkers.
724 namespace {
725 class IvarInvalidationChecker :
726   public Checker<check::ASTDecl<ObjCImplementationDecl> > {
727 public:
728   ChecksFilter Filter;
729 public:
730   void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
731                     BugReporter &BR) const {
732     IvarInvalidationCheckerImpl Walker(Mgr, BR, Filter);
733     Walker.visit(D);
734   }
735 };
736 } // end anonymous namespace
737 
738 void ento::registerIvarInvalidationModeling(CheckerManager &mgr) {
739   mgr.registerChecker<IvarInvalidationChecker>();
740 }
741 
742 bool ento::shouldRegisterIvarInvalidationModeling(const CheckerManager &mgr) {
743   return true;
744 }
745 
746 #define REGISTER_CHECKER(name)                                                 \
747   void ento::register##name(CheckerManager &mgr) {                             \
748     IvarInvalidationChecker *checker =                                         \
749         mgr.getChecker<IvarInvalidationChecker>();                             \
750     checker->Filter.check_##name = true;                                       \
751     checker->Filter.checkName_##name = mgr.getCurrentCheckerName();            \
752   }                                                                            \
753                                                                                \
754   bool ento::shouldRegister##name(const CheckerManager &mgr) { return true; }
755 
756 REGISTER_CHECKER(InstanceVariableInvalidation)
757 REGISTER_CHECKER(MissingInvalidationMethod)
758