1 //===--- AnalysisConsumer.cpp - ASTConsumer for running Analyses ----------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // "Meta" ASTConsumer for running different source analyses. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h" 14 #include "ModelInjector.h" 15 #include "clang/Analysis/PathDiagnostic.h" 16 #include "clang/AST/Decl.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/RecursiveASTVisitor.h" 20 #include "clang/Analysis/Analyses/LiveVariables.h" 21 #include "clang/Analysis/CFG.h" 22 #include "clang/Analysis/CallGraph.h" 23 #include "clang/Analysis/CodeInjector.h" 24 #include "clang/Basic/SourceManager.h" 25 #include "clang/CrossTU/CrossTranslationUnit.h" 26 #include "clang/Frontend/CompilerInstance.h" 27 #include "clang/Lex/Preprocessor.h" 28 #include "clang/StaticAnalyzer/Checkers/LocalCheckers.h" 29 #include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" 30 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 31 #include "clang/StaticAnalyzer/Core/CheckerManager.h" 32 #include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" 33 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 34 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" 35 #include "clang/StaticAnalyzer/Frontend/CheckerRegistration.h" 36 #include "llvm/ADT/PostOrderIterator.h" 37 #include "llvm/ADT/Statistic.h" 38 #include "llvm/Support/FileSystem.h" 39 #include "llvm/Support/Path.h" 40 #include "llvm/Support/Program.h" 41 #include "llvm/Support/Timer.h" 42 #include "llvm/Support/raw_ostream.h" 43 #include <memory> 44 #include <queue> 45 #include <utility> 46 47 using namespace clang; 48 using namespace ento; 49 50 #define DEBUG_TYPE "AnalysisConsumer" 51 52 STATISTIC(NumFunctionTopLevel, "The # of functions at top level."); 53 STATISTIC(NumFunctionsAnalyzed, 54 "The # of functions and blocks analyzed (as top level " 55 "with inlining turned on)."); 56 STATISTIC(NumBlocksInAnalyzedFunctions, 57 "The # of basic blocks in the analyzed functions."); 58 STATISTIC(NumVisitedBlocksInAnalyzedFunctions, 59 "The # of visited basic blocks in the analyzed functions."); 60 STATISTIC(PercentReachableBlocks, "The % of reachable basic blocks."); 61 STATISTIC(MaxCFGSize, "The maximum number of basic blocks in a function."); 62 63 //===----------------------------------------------------------------------===// 64 // Special PathDiagnosticConsumers. 65 //===----------------------------------------------------------------------===// 66 67 void ento::createPlistHTMLDiagnosticConsumer( 68 AnalyzerOptions &AnalyzerOpts, PathDiagnosticConsumers &C, 69 const std::string &prefix, const Preprocessor &PP, 70 const cross_tu::CrossTranslationUnitContext &CTU) { 71 createHTMLDiagnosticConsumer(AnalyzerOpts, C, 72 llvm::sys::path::parent_path(prefix), PP, CTU); 73 createPlistMultiFileDiagnosticConsumer(AnalyzerOpts, C, prefix, PP, CTU); 74 } 75 76 void ento::createTextPathDiagnosticConsumer( 77 AnalyzerOptions &AnalyzerOpts, PathDiagnosticConsumers &C, 78 const std::string &Prefix, const clang::Preprocessor &PP, 79 const cross_tu::CrossTranslationUnitContext &CTU) { 80 llvm_unreachable("'text' consumer should be enabled on ClangDiags"); 81 } 82 83 namespace { 84 class ClangDiagPathDiagConsumer : public PathDiagnosticConsumer { 85 DiagnosticsEngine &Diag; 86 bool IncludePath = false, ShouldEmitAsError = false, FixitsAsRemarks = false; 87 88 public: 89 ClangDiagPathDiagConsumer(DiagnosticsEngine &Diag) 90 : Diag(Diag) {} 91 ~ClangDiagPathDiagConsumer() override {} 92 StringRef getName() const override { return "ClangDiags"; } 93 94 bool supportsLogicalOpControlFlow() const override { return true; } 95 bool supportsCrossFileDiagnostics() const override { return true; } 96 97 PathGenerationScheme getGenerationScheme() const override { 98 return IncludePath ? Minimal : None; 99 } 100 101 void enablePaths() { IncludePath = true; } 102 void enableWerror() { ShouldEmitAsError = true; } 103 void enableFixitsAsRemarks() { FixitsAsRemarks = true; } 104 105 void FlushDiagnosticsImpl(std::vector<const PathDiagnostic *> &Diags, 106 FilesMade *filesMade) override { 107 unsigned WarnID = 108 ShouldEmitAsError 109 ? Diag.getCustomDiagID(DiagnosticsEngine::Error, "%0") 110 : Diag.getCustomDiagID(DiagnosticsEngine::Warning, "%0"); 111 unsigned NoteID = Diag.getCustomDiagID(DiagnosticsEngine::Note, "%0"); 112 unsigned RemarkID = Diag.getCustomDiagID(DiagnosticsEngine::Remark, "%0"); 113 114 auto reportPiece = 115 [&](unsigned ID, SourceLocation Loc, StringRef String, 116 ArrayRef<SourceRange> Ranges, ArrayRef<FixItHint> Fixits) { 117 if (!FixitsAsRemarks) { 118 Diag.Report(Loc, ID) << String << Ranges << Fixits; 119 } else { 120 Diag.Report(Loc, ID) << String << Ranges; 121 for (const FixItHint &Hint : Fixits) { 122 SourceManager &SM = Diag.getSourceManager(); 123 llvm::SmallString<128> Str; 124 llvm::raw_svector_ostream OS(Str); 125 // FIXME: Add support for InsertFromRange and 126 // BeforePreviousInsertion. 127 assert(!Hint.InsertFromRange.isValid() && "Not implemented yet!"); 128 assert(!Hint.BeforePreviousInsertions && "Not implemented yet!"); 129 OS << SM.getSpellingColumnNumber(Hint.RemoveRange.getBegin()) 130 << "-" << SM.getSpellingColumnNumber(Hint.RemoveRange.getEnd()) 131 << ": '" << Hint.CodeToInsert << "'"; 132 Diag.Report(Loc, RemarkID) << OS.str(); 133 } 134 } 135 }; 136 137 for (std::vector<const PathDiagnostic *>::iterator I = Diags.begin(), 138 E = Diags.end(); 139 I != E; ++I) { 140 const PathDiagnostic *PD = *I; 141 reportPiece(WarnID, PD->getLocation().asLocation(), 142 PD->getShortDescription(), PD->path.back()->getRanges(), 143 PD->path.back()->getFixits()); 144 145 // First, add extra notes, even if paths should not be included. 146 for (const auto &Piece : PD->path) { 147 if (!isa<PathDiagnosticNotePiece>(Piece.get())) 148 continue; 149 150 reportPiece(NoteID, Piece->getLocation().asLocation(), 151 Piece->getString(), Piece->getRanges(), Piece->getFixits()); 152 } 153 154 if (!IncludePath) 155 continue; 156 157 // Then, add the path notes if necessary. 158 PathPieces FlatPath = PD->path.flatten(/*ShouldFlattenMacros=*/true); 159 for (const auto &Piece : FlatPath) { 160 if (isa<PathDiagnosticNotePiece>(Piece.get())) 161 continue; 162 163 reportPiece(NoteID, Piece->getLocation().asLocation(), 164 Piece->getString(), Piece->getRanges(), Piece->getFixits()); 165 } 166 } 167 } 168 }; 169 } // end anonymous namespace 170 171 //===----------------------------------------------------------------------===// 172 // AnalysisConsumer declaration. 173 //===----------------------------------------------------------------------===// 174 175 namespace { 176 177 class AnalysisConsumer : public AnalysisASTConsumer, 178 public RecursiveASTVisitor<AnalysisConsumer> { 179 enum { 180 AM_None = 0, 181 AM_Syntax = 0x1, 182 AM_Path = 0x2 183 }; 184 typedef unsigned AnalysisMode; 185 186 /// Mode of the analyzes while recursively visiting Decls. 187 AnalysisMode RecVisitorMode; 188 /// Bug Reporter to use while recursively visiting Decls. 189 BugReporter *RecVisitorBR; 190 191 std::vector<std::function<void(CheckerRegistry &)>> CheckerRegistrationFns; 192 193 public: 194 ASTContext *Ctx; 195 const Preprocessor &PP; 196 const std::string OutDir; 197 AnalyzerOptionsRef Opts; 198 ArrayRef<std::string> Plugins; 199 CodeInjector *Injector; 200 cross_tu::CrossTranslationUnitContext CTU; 201 202 /// Stores the declarations from the local translation unit. 203 /// Note, we pre-compute the local declarations at parse time as an 204 /// optimization to make sure we do not deserialize everything from disk. 205 /// The local declaration to all declarations ratio might be very small when 206 /// working with a PCH file. 207 SetOfDecls LocalTUDecls; 208 209 // Set of PathDiagnosticConsumers. Owned by AnalysisManager. 210 PathDiagnosticConsumers PathConsumers; 211 212 StoreManagerCreator CreateStoreMgr; 213 ConstraintManagerCreator CreateConstraintMgr; 214 215 std::unique_ptr<CheckerManager> checkerMgr; 216 std::unique_ptr<AnalysisManager> Mgr; 217 218 /// Time the analyzes time of each translation unit. 219 std::unique_ptr<llvm::TimerGroup> AnalyzerTimers; 220 std::unique_ptr<llvm::Timer> SyntaxCheckTimer; 221 std::unique_ptr<llvm::Timer> ExprEngineTimer; 222 std::unique_ptr<llvm::Timer> BugReporterTimer; 223 224 /// The information about analyzed functions shared throughout the 225 /// translation unit. 226 FunctionSummariesTy FunctionSummaries; 227 228 AnalysisConsumer(CompilerInstance &CI, const std::string &outdir, 229 AnalyzerOptionsRef opts, ArrayRef<std::string> plugins, 230 CodeInjector *injector) 231 : RecVisitorMode(0), RecVisitorBR(nullptr), Ctx(nullptr), 232 PP(CI.getPreprocessor()), OutDir(outdir), Opts(std::move(opts)), 233 Plugins(plugins), Injector(injector), CTU(CI) { 234 DigestAnalyzerOptions(); 235 if (Opts->PrintStats || Opts->ShouldSerializeStats) { 236 AnalyzerTimers = std::make_unique<llvm::TimerGroup>( 237 "analyzer", "Analyzer timers"); 238 SyntaxCheckTimer = std::make_unique<llvm::Timer>( 239 "syntaxchecks", "Syntax-based analysis time", *AnalyzerTimers); 240 ExprEngineTimer = std::make_unique<llvm::Timer>( 241 "exprengine", "Path exploration time", *AnalyzerTimers); 242 BugReporterTimer = std::make_unique<llvm::Timer>( 243 "bugreporter", "Path-sensitive report post-processing time", 244 *AnalyzerTimers); 245 llvm::EnableStatistics(/* PrintOnExit= */ false); 246 } 247 } 248 249 ~AnalysisConsumer() override { 250 if (Opts->PrintStats) { 251 llvm::PrintStatistics(); 252 } 253 } 254 255 void DigestAnalyzerOptions() { 256 if (Opts->AnalysisDiagOpt != PD_NONE) { 257 // Create the PathDiagnosticConsumer. 258 ClangDiagPathDiagConsumer *clangDiags = 259 new ClangDiagPathDiagConsumer(PP.getDiagnostics()); 260 PathConsumers.push_back(clangDiags); 261 262 if (Opts->AnalyzerWerror) 263 clangDiags->enableWerror(); 264 265 if (Opts->ShouldEmitFixItHintsAsRemarks) 266 clangDiags->enableFixitsAsRemarks(); 267 268 if (Opts->AnalysisDiagOpt == PD_TEXT) { 269 clangDiags->enablePaths(); 270 271 } else if (!OutDir.empty()) { 272 switch (Opts->AnalysisDiagOpt) { 273 default: 274 #define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN) \ 275 case PD_##NAME: \ 276 CREATEFN(*Opts.get(), PathConsumers, OutDir, PP, CTU); \ 277 break; 278 #include "clang/StaticAnalyzer/Core/Analyses.def" 279 } 280 } 281 } 282 283 // Create the analyzer component creators. 284 switch (Opts->AnalysisStoreOpt) { 285 default: 286 llvm_unreachable("Unknown store manager."); 287 #define ANALYSIS_STORE(NAME, CMDFLAG, DESC, CREATEFN) \ 288 case NAME##Model: CreateStoreMgr = CREATEFN; break; 289 #include "clang/StaticAnalyzer/Core/Analyses.def" 290 } 291 292 switch (Opts->AnalysisConstraintsOpt) { 293 default: 294 llvm_unreachable("Unknown constraint manager."); 295 #define ANALYSIS_CONSTRAINTS(NAME, CMDFLAG, DESC, CREATEFN) \ 296 case NAME##Model: CreateConstraintMgr = CREATEFN; break; 297 #include "clang/StaticAnalyzer/Core/Analyses.def" 298 } 299 } 300 301 void DisplayFunction(const Decl *D, AnalysisMode Mode, 302 ExprEngine::InliningModes IMode) { 303 if (!Opts->AnalyzerDisplayProgress) 304 return; 305 306 SourceManager &SM = Mgr->getASTContext().getSourceManager(); 307 PresumedLoc Loc = SM.getPresumedLoc(D->getLocation()); 308 if (Loc.isValid()) { 309 llvm::errs() << "ANALYZE"; 310 311 if (Mode == AM_Syntax) 312 llvm::errs() << " (Syntax)"; 313 else if (Mode == AM_Path) { 314 llvm::errs() << " (Path, "; 315 switch (IMode) { 316 case ExprEngine::Inline_Minimal: 317 llvm::errs() << " Inline_Minimal"; 318 break; 319 case ExprEngine::Inline_Regular: 320 llvm::errs() << " Inline_Regular"; 321 break; 322 } 323 llvm::errs() << ")"; 324 } 325 else 326 assert(Mode == (AM_Syntax | AM_Path) && "Unexpected mode!"); 327 328 llvm::errs() << ": " << Loc.getFilename() << ' ' 329 << getFunctionName(D) << '\n'; 330 } 331 } 332 333 void Initialize(ASTContext &Context) override { 334 Ctx = &Context; 335 checkerMgr = createCheckerManager( 336 *Ctx, *Opts, Plugins, CheckerRegistrationFns, PP.getDiagnostics()); 337 338 Mgr = std::make_unique<AnalysisManager>(*Ctx, PathConsumers, CreateStoreMgr, 339 CreateConstraintMgr, 340 checkerMgr.get(), *Opts, Injector); 341 } 342 343 /// Store the top level decls in the set to be processed later on. 344 /// (Doing this pre-processing avoids deserialization of data from PCH.) 345 bool HandleTopLevelDecl(DeclGroupRef D) override; 346 void HandleTopLevelDeclInObjCContainer(DeclGroupRef D) override; 347 348 void HandleTranslationUnit(ASTContext &C) override; 349 350 /// Determine which inlining mode should be used when this function is 351 /// analyzed. This allows to redefine the default inlining policies when 352 /// analyzing a given function. 353 ExprEngine::InliningModes 354 getInliningModeForFunction(const Decl *D, const SetOfConstDecls &Visited); 355 356 /// Build the call graph for all the top level decls of this TU and 357 /// use it to define the order in which the functions should be visited. 358 void HandleDeclsCallGraph(const unsigned LocalTUDeclsSize); 359 360 /// Run analyzes(syntax or path sensitive) on the given function. 361 /// \param Mode - determines if we are requesting syntax only or path 362 /// sensitive only analysis. 363 /// \param VisitedCallees - The output parameter, which is populated with the 364 /// set of functions which should be considered analyzed after analyzing the 365 /// given root function. 366 void HandleCode(Decl *D, AnalysisMode Mode, 367 ExprEngine::InliningModes IMode = ExprEngine::Inline_Minimal, 368 SetOfConstDecls *VisitedCallees = nullptr); 369 370 void RunPathSensitiveChecks(Decl *D, 371 ExprEngine::InliningModes IMode, 372 SetOfConstDecls *VisitedCallees); 373 374 /// Visitors for the RecursiveASTVisitor. 375 bool shouldWalkTypesOfTypeLocs() const { return false; } 376 377 /// Handle callbacks for arbitrary Decls. 378 bool VisitDecl(Decl *D) { 379 AnalysisMode Mode = getModeForDecl(D, RecVisitorMode); 380 if (Mode & AM_Syntax) { 381 if (SyntaxCheckTimer) 382 SyntaxCheckTimer->startTimer(); 383 checkerMgr->runCheckersOnASTDecl(D, *Mgr, *RecVisitorBR); 384 if (SyntaxCheckTimer) 385 SyntaxCheckTimer->stopTimer(); 386 } 387 return true; 388 } 389 390 bool VisitVarDecl(VarDecl *VD) { 391 if (!Opts->IsNaiveCTUEnabled) 392 return true; 393 394 if (VD->hasExternalStorage() || VD->isStaticDataMember()) { 395 if (!cross_tu::containsConst(VD, *Ctx)) 396 return true; 397 } else { 398 // Cannot be initialized in another TU. 399 return true; 400 } 401 402 if (VD->getAnyInitializer()) 403 return true; 404 405 llvm::Expected<const VarDecl *> CTUDeclOrError = 406 CTU.getCrossTUDefinition(VD, Opts->CTUDir, Opts->CTUIndexName, 407 Opts->DisplayCTUProgress); 408 409 if (!CTUDeclOrError) { 410 handleAllErrors(CTUDeclOrError.takeError(), 411 [&](const cross_tu::IndexError &IE) { 412 CTU.emitCrossTUDiagnostics(IE); 413 }); 414 } 415 416 return true; 417 } 418 419 bool VisitFunctionDecl(FunctionDecl *FD) { 420 IdentifierInfo *II = FD->getIdentifier(); 421 if (II && II->getName().startswith("__inline")) 422 return true; 423 424 // We skip function template definitions, as their semantics is 425 // only determined when they are instantiated. 426 if (FD->isThisDeclarationADefinition() && 427 !FD->isDependentContext()) { 428 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 429 HandleCode(FD, RecVisitorMode); 430 } 431 return true; 432 } 433 434 bool VisitObjCMethodDecl(ObjCMethodDecl *MD) { 435 if (MD->isThisDeclarationADefinition()) { 436 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 437 HandleCode(MD, RecVisitorMode); 438 } 439 return true; 440 } 441 442 bool VisitBlockDecl(BlockDecl *BD) { 443 if (BD->hasBody()) { 444 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 445 // Since we skip function template definitions, we should skip blocks 446 // declared in those functions as well. 447 if (!BD->isDependentContext()) { 448 HandleCode(BD, RecVisitorMode); 449 } 450 } 451 return true; 452 } 453 454 void AddDiagnosticConsumer(PathDiagnosticConsumer *Consumer) override { 455 PathConsumers.push_back(Consumer); 456 } 457 458 void AddCheckerRegistrationFn(std::function<void(CheckerRegistry&)> Fn) override { 459 CheckerRegistrationFns.push_back(std::move(Fn)); 460 } 461 462 private: 463 void storeTopLevelDecls(DeclGroupRef DG); 464 std::string getFunctionName(const Decl *D); 465 466 /// Check if we should skip (not analyze) the given function. 467 AnalysisMode getModeForDecl(Decl *D, AnalysisMode Mode); 468 void runAnalysisOnTranslationUnit(ASTContext &C); 469 470 /// Print \p S to stderr if \c Opts->AnalyzerDisplayProgress is set. 471 void reportAnalyzerProgress(StringRef S); 472 }; 473 } // end anonymous namespace 474 475 476 //===----------------------------------------------------------------------===// 477 // AnalysisConsumer implementation. 478 //===----------------------------------------------------------------------===// 479 bool AnalysisConsumer::HandleTopLevelDecl(DeclGroupRef DG) { 480 storeTopLevelDecls(DG); 481 return true; 482 } 483 484 void AnalysisConsumer::HandleTopLevelDeclInObjCContainer(DeclGroupRef DG) { 485 storeTopLevelDecls(DG); 486 } 487 488 void AnalysisConsumer::storeTopLevelDecls(DeclGroupRef DG) { 489 for (DeclGroupRef::iterator I = DG.begin(), E = DG.end(); I != E; ++I) { 490 491 // Skip ObjCMethodDecl, wait for the objc container to avoid 492 // analyzing twice. 493 if (isa<ObjCMethodDecl>(*I)) 494 continue; 495 496 LocalTUDecls.push_back(*I); 497 } 498 } 499 500 static bool shouldSkipFunction(const Decl *D, 501 const SetOfConstDecls &Visited, 502 const SetOfConstDecls &VisitedAsTopLevel) { 503 if (VisitedAsTopLevel.count(D)) 504 return true; 505 506 // We want to re-analyse the functions as top level in the following cases: 507 // - The 'init' methods should be reanalyzed because 508 // ObjCNonNilReturnValueChecker assumes that '[super init]' never returns 509 // 'nil' and unless we analyze the 'init' functions as top level, we will 510 // not catch errors within defensive code. 511 // - We want to reanalyze all ObjC methods as top level to report Retain 512 // Count naming convention errors more aggressively. 513 if (isa<ObjCMethodDecl>(D)) 514 return false; 515 // We also want to reanalyze all C++ copy and move assignment operators to 516 // separately check the two cases where 'this' aliases with the parameter and 517 // where it may not. (cplusplus.SelfAssignmentChecker) 518 if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) { 519 if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator()) 520 return false; 521 } 522 523 // Otherwise, if we visited the function before, do not reanalyze it. 524 return Visited.count(D); 525 } 526 527 ExprEngine::InliningModes 528 AnalysisConsumer::getInliningModeForFunction(const Decl *D, 529 const SetOfConstDecls &Visited) { 530 // We want to reanalyze all ObjC methods as top level to report Retain 531 // Count naming convention errors more aggressively. But we should tune down 532 // inlining when reanalyzing an already inlined function. 533 if (Visited.count(D) && isa<ObjCMethodDecl>(D)) { 534 const ObjCMethodDecl *ObjCM = cast<ObjCMethodDecl>(D); 535 if (ObjCM->getMethodFamily() != OMF_init) 536 return ExprEngine::Inline_Minimal; 537 } 538 539 return ExprEngine::Inline_Regular; 540 } 541 542 void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { 543 // Build the Call Graph by adding all the top level declarations to the graph. 544 // Note: CallGraph can trigger deserialization of more items from a pch 545 // (though HandleInterestingDecl); triggering additions to LocalTUDecls. 546 // We rely on random access to add the initially processed Decls to CG. 547 CallGraph CG; 548 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 549 CG.addToCallGraph(LocalTUDecls[i]); 550 } 551 552 // Walk over all of the call graph nodes in topological order, so that we 553 // analyze parents before the children. Skip the functions inlined into 554 // the previously processed functions. Use external Visited set to identify 555 // inlined functions. The topological order allows the "do not reanalyze 556 // previously inlined function" performance heuristic to be triggered more 557 // often. 558 SetOfConstDecls Visited; 559 SetOfConstDecls VisitedAsTopLevel; 560 llvm::ReversePostOrderTraversal<clang::CallGraph*> RPOT(&CG); 561 for (llvm::ReversePostOrderTraversal<clang::CallGraph*>::rpo_iterator 562 I = RPOT.begin(), E = RPOT.end(); I != E; ++I) { 563 NumFunctionTopLevel++; 564 565 CallGraphNode *N = *I; 566 Decl *D = N->getDecl(); 567 568 // Skip the abstract root node. 569 if (!D) 570 continue; 571 572 // Skip the functions which have been processed already or previously 573 // inlined. 574 if (shouldSkipFunction(D, Visited, VisitedAsTopLevel)) 575 continue; 576 577 // Analyze the function. 578 SetOfConstDecls VisitedCallees; 579 580 HandleCode(D, AM_Path, getInliningModeForFunction(D, Visited), 581 (Mgr->options.InliningMode == All ? nullptr : &VisitedCallees)); 582 583 // Add the visited callees to the global visited set. 584 for (const Decl *Callee : VisitedCallees) 585 // Decls from CallGraph are already canonical. But Decls coming from 586 // CallExprs may be not. We should canonicalize them manually. 587 Visited.insert(isa<ObjCMethodDecl>(Callee) ? Callee 588 : Callee->getCanonicalDecl()); 589 VisitedAsTopLevel.insert(D); 590 } 591 } 592 593 static bool isBisonFile(ASTContext &C) { 594 const SourceManager &SM = C.getSourceManager(); 595 FileID FID = SM.getMainFileID(); 596 StringRef Buffer = SM.getBuffer(FID)->getBuffer(); 597 if (Buffer.startswith("/* A Bison parser, made by")) 598 return true; 599 return false; 600 } 601 602 void AnalysisConsumer::runAnalysisOnTranslationUnit(ASTContext &C) { 603 BugReporter BR(*Mgr); 604 TranslationUnitDecl *TU = C.getTranslationUnitDecl(); 605 if (SyntaxCheckTimer) 606 SyntaxCheckTimer->startTimer(); 607 checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR); 608 if (SyntaxCheckTimer) 609 SyntaxCheckTimer->stopTimer(); 610 611 // Run the AST-only checks using the order in which functions are defined. 612 // If inlining is not turned on, use the simplest function order for path 613 // sensitive analyzes as well. 614 RecVisitorMode = AM_Syntax; 615 if (!Mgr->shouldInlineCall()) 616 RecVisitorMode |= AM_Path; 617 RecVisitorBR = &BR; 618 619 // Process all the top level declarations. 620 // 621 // Note: TraverseDecl may modify LocalTUDecls, but only by appending more 622 // entries. Thus we don't use an iterator, but rely on LocalTUDecls 623 // random access. By doing so, we automatically compensate for iterators 624 // possibly being invalidated, although this is a bit slower. 625 const unsigned LocalTUDeclsSize = LocalTUDecls.size(); 626 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 627 TraverseDecl(LocalTUDecls[i]); 628 } 629 630 if (Mgr->shouldInlineCall()) 631 HandleDeclsCallGraph(LocalTUDeclsSize); 632 633 // After all decls handled, run checkers on the entire TranslationUnit. 634 checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR); 635 636 BR.FlushReports(); 637 RecVisitorBR = nullptr; 638 } 639 640 void AnalysisConsumer::reportAnalyzerProgress(StringRef S) { 641 if (Opts->AnalyzerDisplayProgress) 642 llvm::errs() << S; 643 } 644 645 void AnalysisConsumer::HandleTranslationUnit(ASTContext &C) { 646 647 // Don't run the actions if an error has occurred with parsing the file. 648 DiagnosticsEngine &Diags = PP.getDiagnostics(); 649 if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred()) 650 return; 651 652 if (isBisonFile(C)) { 653 reportAnalyzerProgress("Skipping bison-generated file\n"); 654 } else if (Opts->DisableAllCheckers) { 655 656 // Don't analyze if the user explicitly asked for no checks to be performed 657 // on this file. 658 reportAnalyzerProgress("All checks are disabled using a supplied option\n"); 659 } else { 660 // Otherwise, just run the analysis. 661 runAnalysisOnTranslationUnit(C); 662 } 663 664 // Count how many basic blocks we have not covered. 665 NumBlocksInAnalyzedFunctions = FunctionSummaries.getTotalNumBasicBlocks(); 666 NumVisitedBlocksInAnalyzedFunctions = 667 FunctionSummaries.getTotalNumVisitedBasicBlocks(); 668 if (NumBlocksInAnalyzedFunctions > 0) 669 PercentReachableBlocks = 670 (FunctionSummaries.getTotalNumVisitedBasicBlocks() * 100) / 671 NumBlocksInAnalyzedFunctions; 672 673 // Explicitly destroy the PathDiagnosticConsumer. This will flush its output. 674 // FIXME: This should be replaced with something that doesn't rely on 675 // side-effects in PathDiagnosticConsumer's destructor. This is required when 676 // used with option -disable-free. 677 Mgr.reset(); 678 } 679 680 std::string AnalysisConsumer::getFunctionName(const Decl *D) { 681 std::string Str; 682 llvm::raw_string_ostream OS(Str); 683 684 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 685 OS << FD->getQualifiedNameAsString(); 686 687 // In C++, there are overloads. 688 if (Ctx->getLangOpts().CPlusPlus) { 689 OS << '('; 690 for (const auto &P : FD->parameters()) { 691 if (P != *FD->param_begin()) 692 OS << ", "; 693 OS << P->getType().getAsString(); 694 } 695 OS << ')'; 696 } 697 698 } else if (isa<BlockDecl>(D)) { 699 PresumedLoc Loc = Ctx->getSourceManager().getPresumedLoc(D->getLocation()); 700 701 if (Loc.isValid()) { 702 OS << "block (line: " << Loc.getLine() << ", col: " << Loc.getColumn() 703 << ')'; 704 } 705 706 } else if (const ObjCMethodDecl *OMD = dyn_cast<ObjCMethodDecl>(D)) { 707 708 // FIXME: copy-pasted from CGDebugInfo.cpp. 709 OS << (OMD->isInstanceMethod() ? '-' : '+') << '['; 710 const DeclContext *DC = OMD->getDeclContext(); 711 if (const auto *OID = dyn_cast<ObjCImplementationDecl>(DC)) { 712 OS << OID->getName(); 713 } else if (const auto *OID = dyn_cast<ObjCInterfaceDecl>(DC)) { 714 OS << OID->getName(); 715 } else if (const auto *OC = dyn_cast<ObjCCategoryDecl>(DC)) { 716 if (OC->IsClassExtension()) { 717 OS << OC->getClassInterface()->getName(); 718 } else { 719 OS << OC->getIdentifier()->getNameStart() << '(' 720 << OC->getIdentifier()->getNameStart() << ')'; 721 } 722 } else if (const auto *OCD = dyn_cast<ObjCCategoryImplDecl>(DC)) { 723 OS << OCD->getClassInterface()->getName() << '(' 724 << OCD->getName() << ')'; 725 } 726 OS << ' ' << OMD->getSelector().getAsString() << ']'; 727 728 } 729 730 return OS.str(); 731 } 732 733 AnalysisConsumer::AnalysisMode 734 AnalysisConsumer::getModeForDecl(Decl *D, AnalysisMode Mode) { 735 if (!Opts->AnalyzeSpecificFunction.empty() && 736 getFunctionName(D) != Opts->AnalyzeSpecificFunction) 737 return AM_None; 738 739 // Unless -analyze-all is specified, treat decls differently depending on 740 // where they came from: 741 // - Main source file: run both path-sensitive and non-path-sensitive checks. 742 // - Header files: run non-path-sensitive checks only. 743 // - System headers: don't run any checks. 744 SourceManager &SM = Ctx->getSourceManager(); 745 const Stmt *Body = D->getBody(); 746 SourceLocation SL = Body ? Body->getBeginLoc() : D->getLocation(); 747 SL = SM.getExpansionLoc(SL); 748 749 if (!Opts->AnalyzeAll && !Mgr->isInCodeFile(SL)) { 750 if (SL.isInvalid() || SM.isInSystemHeader(SL)) 751 return AM_None; 752 return Mode & ~AM_Path; 753 } 754 755 return Mode; 756 } 757 758 void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode, 759 ExprEngine::InliningModes IMode, 760 SetOfConstDecls *VisitedCallees) { 761 if (!D->hasBody()) 762 return; 763 Mode = getModeForDecl(D, Mode); 764 if (Mode == AM_None) 765 return; 766 767 // Clear the AnalysisManager of old AnalysisDeclContexts. 768 Mgr->ClearContexts(); 769 // Ignore autosynthesized code. 770 if (Mgr->getAnalysisDeclContext(D)->isBodyAutosynthesized()) 771 return; 772 773 DisplayFunction(D, Mode, IMode); 774 CFG *DeclCFG = Mgr->getCFG(D); 775 if (DeclCFG) 776 MaxCFGSize.updateMax(DeclCFG->size()); 777 778 BugReporter BR(*Mgr); 779 780 if (Mode & AM_Syntax) { 781 if (SyntaxCheckTimer) 782 SyntaxCheckTimer->startTimer(); 783 checkerMgr->runCheckersOnASTBody(D, *Mgr, BR); 784 if (SyntaxCheckTimer) 785 SyntaxCheckTimer->stopTimer(); 786 } 787 788 BR.FlushReports(); 789 790 if ((Mode & AM_Path) && checkerMgr->hasPathSensitiveCheckers()) { 791 RunPathSensitiveChecks(D, IMode, VisitedCallees); 792 if (IMode != ExprEngine::Inline_Minimal) 793 NumFunctionsAnalyzed++; 794 } 795 } 796 797 //===----------------------------------------------------------------------===// 798 // Path-sensitive checking. 799 //===----------------------------------------------------------------------===// 800 801 void AnalysisConsumer::RunPathSensitiveChecks(Decl *D, 802 ExprEngine::InliningModes IMode, 803 SetOfConstDecls *VisitedCallees) { 804 // Construct the analysis engine. First check if the CFG is valid. 805 // FIXME: Inter-procedural analysis will need to handle invalid CFGs. 806 if (!Mgr->getCFG(D)) 807 return; 808 809 // See if the LiveVariables analysis scales. 810 if (!Mgr->getAnalysisDeclContext(D)->getAnalysis<RelaxedLiveVariables>()) 811 return; 812 813 ExprEngine Eng(CTU, *Mgr, VisitedCallees, &FunctionSummaries, IMode); 814 815 // Execute the worklist algorithm. 816 if (ExprEngineTimer) 817 ExprEngineTimer->startTimer(); 818 Eng.ExecuteWorkList(Mgr->getAnalysisDeclContextManager().getStackFrame(D), 819 Mgr->options.MaxNodesPerTopLevelFunction); 820 if (ExprEngineTimer) 821 ExprEngineTimer->stopTimer(); 822 823 if (!Mgr->options.DumpExplodedGraphTo.empty()) 824 Eng.DumpGraph(Mgr->options.TrimGraph, Mgr->options.DumpExplodedGraphTo); 825 826 // Visualize the exploded graph. 827 if (Mgr->options.visualizeExplodedGraphWithGraphViz) 828 Eng.ViewGraph(Mgr->options.TrimGraph); 829 830 // Display warnings. 831 if (BugReporterTimer) 832 BugReporterTimer->startTimer(); 833 Eng.getBugReporter().FlushReports(); 834 if (BugReporterTimer) 835 BugReporterTimer->stopTimer(); 836 } 837 838 //===----------------------------------------------------------------------===// 839 // AnalysisConsumer creation. 840 //===----------------------------------------------------------------------===// 841 842 std::unique_ptr<AnalysisASTConsumer> 843 ento::CreateAnalysisConsumer(CompilerInstance &CI) { 844 // Disable the effects of '-Werror' when using the AnalysisConsumer. 845 CI.getPreprocessor().getDiagnostics().setWarningsAsErrors(false); 846 847 AnalyzerOptionsRef analyzerOpts = CI.getAnalyzerOpts(); 848 bool hasModelPath = analyzerOpts->Config.count("model-path") > 0; 849 850 return std::make_unique<AnalysisConsumer>( 851 CI, CI.getFrontendOpts().OutputFile, analyzerOpts, 852 CI.getFrontendOpts().Plugins, 853 hasModelPath ? new ModelInjector(CI) : nullptr); 854 } 855