1fec1a442SValeriy Savchenko //===- CalledOnceCheck.cpp - Check 'called once' parameters ---------------===//
2fec1a442SValeriy Savchenko //
3fec1a442SValeriy Savchenko // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4fec1a442SValeriy Savchenko // See https://llvm.org/LICENSE.txt for license information.
5fec1a442SValeriy Savchenko // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6fec1a442SValeriy Savchenko //
7fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
8fec1a442SValeriy Savchenko
9fec1a442SValeriy Savchenko #include "clang/Analysis/Analyses/CalledOnceCheck.h"
10f1a7d5a7SValeriy Savchenko #include "clang/AST/ASTContext.h"
11fec1a442SValeriy Savchenko #include "clang/AST/Attr.h"
12fec1a442SValeriy Savchenko #include "clang/AST/Decl.h"
13fec1a442SValeriy Savchenko #include "clang/AST/DeclBase.h"
14fec1a442SValeriy Savchenko #include "clang/AST/Expr.h"
15fec1a442SValeriy Savchenko #include "clang/AST/ExprObjC.h"
16fec1a442SValeriy Savchenko #include "clang/AST/OperationKinds.h"
17fec1a442SValeriy Savchenko #include "clang/AST/ParentMap.h"
18fec1a442SValeriy Savchenko #include "clang/AST/RecursiveASTVisitor.h"
19fec1a442SValeriy Savchenko #include "clang/AST/Stmt.h"
20fec1a442SValeriy Savchenko #include "clang/AST/StmtObjC.h"
21fec1a442SValeriy Savchenko #include "clang/AST/StmtVisitor.h"
22fec1a442SValeriy Savchenko #include "clang/AST/Type.h"
23fec1a442SValeriy Savchenko #include "clang/Analysis/AnalysisDeclContext.h"
24fec1a442SValeriy Savchenko #include "clang/Analysis/CFG.h"
25fec1a442SValeriy Savchenko #include "clang/Analysis/FlowSensitive/DataflowWorklist.h"
26d1522d34SValeriy Savchenko #include "clang/Basic/Builtins.h"
27fec1a442SValeriy Savchenko #include "clang/Basic/IdentifierTable.h"
28fec1a442SValeriy Savchenko #include "clang/Basic/LLVM.h"
29fec1a442SValeriy Savchenko #include "llvm/ADT/BitVector.h"
30fec1a442SValeriy Savchenko #include "llvm/ADT/BitmaskEnum.h"
31fec1a442SValeriy Savchenko #include "llvm/ADT/Optional.h"
32fec1a442SValeriy Savchenko #include "llvm/ADT/PointerIntPair.h"
33fec1a442SValeriy Savchenko #include "llvm/ADT/STLExtras.h"
34fec1a442SValeriy Savchenko #include "llvm/ADT/Sequence.h"
35fec1a442SValeriy Savchenko #include "llvm/ADT/SmallVector.h"
36fec1a442SValeriy Savchenko #include "llvm/ADT/StringRef.h"
37fec1a442SValeriy Savchenko #include "llvm/Support/Casting.h"
38fec1a442SValeriy Savchenko #include "llvm/Support/Compiler.h"
39fec1a442SValeriy Savchenko #include "llvm/Support/ErrorHandling.h"
40fec1a442SValeriy Savchenko #include <memory>
41fec1a442SValeriy Savchenko
42fec1a442SValeriy Savchenko using namespace clang;
43fec1a442SValeriy Savchenko
44fec1a442SValeriy Savchenko namespace {
45fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_MAX_NUMBER_OF_PARAMS = 2;
46fec1a442SValeriy Savchenko template <class T>
47fec1a442SValeriy Savchenko using ParamSizedVector = llvm::SmallVector<T, EXPECTED_MAX_NUMBER_OF_PARAMS>;
48fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_NUMBER_OF_BASIC_BLOCKS = 8;
49fec1a442SValeriy Savchenko template <class T>
50fec1a442SValeriy Savchenko using CFGSizedVector = llvm::SmallVector<T, EXPECTED_NUMBER_OF_BASIC_BLOCKS>;
51fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_NAMES[] = {
5259112eacSValeriy Savchenko "completionHandler", "completion", "withCompletionHandler",
5359112eacSValeriy Savchenko "withCompletion", "completionBlock", "withCompletionBlock",
5459112eacSValeriy Savchenko "replyTo", "reply", "withReplyTo"};
55fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_SUFFIXES[] = {
5659112eacSValeriy Savchenko "WithCompletionHandler", "WithCompletion", "WithCompletionBlock",
5759112eacSValeriy Savchenko "WithReplyTo", "WithReply"};
58fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_CONDITIONS[] = {
59fec1a442SValeriy Savchenko "error", "cancel", "shouldCall", "done", "OK", "success"};
60fec1a442SValeriy Savchenko
61f1a7d5a7SValeriy Savchenko struct KnownCalledOnceParameter {
62f1a7d5a7SValeriy Savchenko llvm::StringLiteral FunctionName;
63f1a7d5a7SValeriy Savchenko unsigned ParamIndex;
64f1a7d5a7SValeriy Savchenko };
65f1a7d5a7SValeriy Savchenko constexpr KnownCalledOnceParameter KNOWN_CALLED_ONCE_PARAMETERS[] = {
668b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_async"}, 1},
678b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_async_and_wait"}, 1},
688b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_after"}, 2},
698b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_sync"}, 1},
708b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_once"}, 1},
718b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_async"}, 1},
728b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_async_and_wait"}, 1},
738b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_sync"}, 1}};
74f1a7d5a7SValeriy Savchenko
75fec1a442SValeriy Savchenko class ParameterStatus {
76fec1a442SValeriy Savchenko public:
77fec1a442SValeriy Savchenko // Status kind is basically the main part of parameter's status.
78fec1a442SValeriy Savchenko // The kind represents our knowledge (so far) about a tracked parameter
79fec1a442SValeriy Savchenko // in the context of this analysis.
80fec1a442SValeriy Savchenko //
81fec1a442SValeriy Savchenko // Since we want to report on missing and extraneous calls, we need to
82fec1a442SValeriy Savchenko // track the fact whether paramater was called or not. This automatically
83fec1a442SValeriy Savchenko // decides two kinds: `NotCalled` and `Called`.
84fec1a442SValeriy Savchenko //
85fec1a442SValeriy Savchenko // One of the erroneous situations is the case when parameter is called only
86fec1a442SValeriy Savchenko // on some of the paths. We could've considered it `NotCalled`, but we want
87fec1a442SValeriy Savchenko // to report double call warnings even if these two calls are not guaranteed
88fec1a442SValeriy Savchenko // to happen in every execution. We also don't want to have it as `Called`
89fec1a442SValeriy Savchenko // because not calling tracked parameter on all of the paths is an error
90fec1a442SValeriy Savchenko // on its own. For these reasons, we need to have a separate kind,
91fec1a442SValeriy Savchenko // `MaybeCalled`, and change `Called` to `DefinitelyCalled` to avoid
92fec1a442SValeriy Savchenko // confusion.
93fec1a442SValeriy Savchenko //
94fec1a442SValeriy Savchenko // Two violations of calling parameter more than once and not calling it on
95fec1a442SValeriy Savchenko // every path are not, however, mutually exclusive. In situations where both
96fec1a442SValeriy Savchenko // violations take place, we prefer to report ONLY double call. It's always
97fec1a442SValeriy Savchenko // harder to pinpoint a bug that has arisen when a user neglects to take the
98fec1a442SValeriy Savchenko // right action (and therefore, no action is taken), than when a user takes
99fec1a442SValeriy Savchenko // the wrong action. And, in order to remember that we already reported
100fec1a442SValeriy Savchenko // a double call, we need another kind: `Reported`.
101fec1a442SValeriy Savchenko //
102fec1a442SValeriy Savchenko // Our analysis is intra-procedural and, while in the perfect world,
103fec1a442SValeriy Savchenko // developers only use tracked parameters to call them, in the real world,
104fec1a442SValeriy Savchenko // the picture might be different. Parameters can be stored in global
105fec1a442SValeriy Savchenko // variables or leaked into other functions that we know nothing about.
106fec1a442SValeriy Savchenko // We try to be lenient and trust users. Another kind `Escaped` reflects
107fec1a442SValeriy Savchenko // such situations. We don't know if it gets called there or not, but we
108fec1a442SValeriy Savchenko // should always think of `Escaped` as the best possible option.
109fec1a442SValeriy Savchenko //
110fec1a442SValeriy Savchenko // Some of the paths in the analyzed functions might end with a call
111fec1a442SValeriy Savchenko // to noreturn functions. Such paths are not required to have parameter
112fec1a442SValeriy Savchenko // calls and we want to track that. For the purposes of better diagnostics,
113fec1a442SValeriy Savchenko // we don't want to reuse `Escaped` and, thus, have another kind `NoReturn`.
114fec1a442SValeriy Savchenko //
115fec1a442SValeriy Savchenko // Additionally, we have `NotVisited` kind that tells us nothing about
116fec1a442SValeriy Savchenko // a tracked parameter, but is used for tracking analyzed (aka visited)
117fec1a442SValeriy Savchenko // basic blocks.
118fec1a442SValeriy Savchenko //
119fec1a442SValeriy Savchenko // If we consider `|` to be a JOIN operation of two kinds coming from
120fec1a442SValeriy Savchenko // two different paths, the following properties must hold:
121fec1a442SValeriy Savchenko //
122fec1a442SValeriy Savchenko // 1. for any Kind K: K | K == K
123fec1a442SValeriy Savchenko // Joining two identical kinds should result in the same kind.
124fec1a442SValeriy Savchenko //
125fec1a442SValeriy Savchenko // 2. for any Kind K: Reported | K == Reported
126fec1a442SValeriy Savchenko // Doesn't matter on which path it was reported, it still is.
127fec1a442SValeriy Savchenko //
128fec1a442SValeriy Savchenko // 3. for any Kind K: NoReturn | K == K
129fec1a442SValeriy Savchenko // We can totally ignore noreturn paths during merges.
130fec1a442SValeriy Savchenko //
131fec1a442SValeriy Savchenko // 4. DefinitelyCalled | NotCalled == MaybeCalled
132fec1a442SValeriy Savchenko // Called on one path, not called on another - that's simply
133fec1a442SValeriy Savchenko // a definition for MaybeCalled.
134fec1a442SValeriy Savchenko //
135fec1a442SValeriy Savchenko // 5. for any Kind K in [DefinitelyCalled, NotCalled, MaybeCalled]:
136fec1a442SValeriy Savchenko // Escaped | K == K
137fec1a442SValeriy Savchenko // Escaped mirrors other statuses after joins.
138fec1a442SValeriy Savchenko // Every situation, when we join any of the listed kinds K,
139fec1a442SValeriy Savchenko // is a violation. For this reason, in order to assume the
140fec1a442SValeriy Savchenko // best outcome for this escape, we consider it to be the
141fec1a442SValeriy Savchenko // same as the other path.
142fec1a442SValeriy Savchenko //
143fec1a442SValeriy Savchenko // 6. for any Kind K in [DefinitelyCalled, NotCalled]:
144fec1a442SValeriy Savchenko // MaybeCalled | K == MaybeCalled
145fec1a442SValeriy Savchenko // MaybeCalled should basically stay after almost every join.
146fec1a442SValeriy Savchenko enum Kind {
147fec1a442SValeriy Savchenko // No-return paths should be absolutely transparent for the analysis.
148fec1a442SValeriy Savchenko // 0x0 is the identity element for selected join operation (binary or).
149fec1a442SValeriy Savchenko NoReturn = 0x0, /* 0000 */
150fec1a442SValeriy Savchenko // Escaped marks situations when marked parameter escaped into
151fec1a442SValeriy Savchenko // another function (so we can assume that it was possibly called there).
152fec1a442SValeriy Savchenko Escaped = 0x1, /* 0001 */
153fec1a442SValeriy Savchenko // Parameter was definitely called once at this point.
154fec1a442SValeriy Savchenko DefinitelyCalled = 0x3, /* 0011 */
155fec1a442SValeriy Savchenko // Kinds less or equal to NON_ERROR_STATUS are not considered errors.
156fec1a442SValeriy Savchenko NON_ERROR_STATUS = DefinitelyCalled,
157fec1a442SValeriy Savchenko // Parameter was not yet called.
158fec1a442SValeriy Savchenko NotCalled = 0x5, /* 0101 */
159fec1a442SValeriy Savchenko // Parameter was not called at least on one path leading to this point,
160fec1a442SValeriy Savchenko // while there is also at least one path that it gets called.
161fec1a442SValeriy Savchenko MaybeCalled = 0x7, /* 0111 */
162fec1a442SValeriy Savchenko // Parameter was not yet analyzed.
163fec1a442SValeriy Savchenko NotVisited = 0x8, /* 1000 */
164fec1a442SValeriy Savchenko // We already reported a violation and stopped tracking calls for this
165fec1a442SValeriy Savchenko // parameter.
166fec1a442SValeriy Savchenko Reported = 0x15, /* 1111 */
167fec1a442SValeriy Savchenko LLVM_MARK_AS_BITMASK_ENUM(/* LargestValue = */ Reported)
168fec1a442SValeriy Savchenko };
169fec1a442SValeriy Savchenko
170fec1a442SValeriy Savchenko constexpr ParameterStatus() = default;
ParameterStatus(Kind K)171fec1a442SValeriy Savchenko /* implicit */ ParameterStatus(Kind K) : StatusKind(K) {
172fec1a442SValeriy Savchenko assert(!seenAnyCalls(K) && "Can't initialize status without a call");
173fec1a442SValeriy Savchenko }
ParameterStatus(Kind K,const Expr * Call)174fec1a442SValeriy Savchenko ParameterStatus(Kind K, const Expr *Call) : StatusKind(K), Call(Call) {
175fec1a442SValeriy Savchenko assert(seenAnyCalls(K) && "This kind is not supposed to have a call");
176fec1a442SValeriy Savchenko }
177fec1a442SValeriy Savchenko
getCall() const178fec1a442SValeriy Savchenko const Expr &getCall() const {
179fec1a442SValeriy Savchenko assert(seenAnyCalls(getKind()) && "ParameterStatus doesn't have a call");
180fec1a442SValeriy Savchenko return *Call;
181fec1a442SValeriy Savchenko }
seenAnyCalls(Kind K)182fec1a442SValeriy Savchenko static bool seenAnyCalls(Kind K) {
183fec1a442SValeriy Savchenko return (K & DefinitelyCalled) == DefinitelyCalled && K != Reported;
184fec1a442SValeriy Savchenko }
seenAnyCalls() const185fec1a442SValeriy Savchenko bool seenAnyCalls() const { return seenAnyCalls(getKind()); }
186fec1a442SValeriy Savchenko
isErrorStatus(Kind K)187fec1a442SValeriy Savchenko static bool isErrorStatus(Kind K) { return K > NON_ERROR_STATUS; }
isErrorStatus() const188fec1a442SValeriy Savchenko bool isErrorStatus() const { return isErrorStatus(getKind()); }
189fec1a442SValeriy Savchenko
getKind() const190fec1a442SValeriy Savchenko Kind getKind() const { return StatusKind; }
191fec1a442SValeriy Savchenko
join(const ParameterStatus & Other)192fec1a442SValeriy Savchenko void join(const ParameterStatus &Other) {
193fec1a442SValeriy Savchenko // If we have a pointer already, let's keep it.
194fec1a442SValeriy Savchenko // For the purposes of the analysis, it doesn't really matter
195fec1a442SValeriy Savchenko // which call we report.
196fec1a442SValeriy Savchenko //
197fec1a442SValeriy Savchenko // If we don't have a pointer, let's take whatever gets joined.
198fec1a442SValeriy Savchenko if (!Call) {
199fec1a442SValeriy Savchenko Call = Other.Call;
200fec1a442SValeriy Savchenko }
201fec1a442SValeriy Savchenko // Join kinds.
202fec1a442SValeriy Savchenko StatusKind |= Other.getKind();
203fec1a442SValeriy Savchenko }
204fec1a442SValeriy Savchenko
operator ==(const ParameterStatus & Other) const205fec1a442SValeriy Savchenko bool operator==(const ParameterStatus &Other) const {
206fec1a442SValeriy Savchenko // We compare only kinds, pointers on their own is only additional
207fec1a442SValeriy Savchenko // information.
208fec1a442SValeriy Savchenko return getKind() == Other.getKind();
209fec1a442SValeriy Savchenko }
210fec1a442SValeriy Savchenko
211fec1a442SValeriy Savchenko private:
212fec1a442SValeriy Savchenko // It would've been a perfect place to use llvm::PointerIntPair, but
213fec1a442SValeriy Savchenko // unfortunately NumLowBitsAvailable for clang::Expr had been reduced to 2.
214fec1a442SValeriy Savchenko Kind StatusKind = NotVisited;
215fec1a442SValeriy Savchenko const Expr *Call = nullptr;
216fec1a442SValeriy Savchenko };
217fec1a442SValeriy Savchenko
218fec1a442SValeriy Savchenko /// State aggregates statuses of all tracked parameters.
219fec1a442SValeriy Savchenko class State {
220fec1a442SValeriy Savchenko public:
State(unsigned Size,ParameterStatus::Kind K=ParameterStatus::NotVisited)221fec1a442SValeriy Savchenko State(unsigned Size, ParameterStatus::Kind K = ParameterStatus::NotVisited)
222fec1a442SValeriy Savchenko : ParamData(Size, K) {}
223fec1a442SValeriy Savchenko
224fec1a442SValeriy Savchenko /// Return status of a parameter with the given index.
225fec1a442SValeriy Savchenko /// \{
getStatusFor(unsigned Index)226fec1a442SValeriy Savchenko ParameterStatus &getStatusFor(unsigned Index) { return ParamData[Index]; }
getStatusFor(unsigned Index) const227fec1a442SValeriy Savchenko const ParameterStatus &getStatusFor(unsigned Index) const {
228fec1a442SValeriy Savchenko return ParamData[Index];
229fec1a442SValeriy Savchenko }
230fec1a442SValeriy Savchenko /// \}
231fec1a442SValeriy Savchenko
232fec1a442SValeriy Savchenko /// Return true if parameter with the given index can be called.
seenAnyCalls(unsigned Index) const233fec1a442SValeriy Savchenko bool seenAnyCalls(unsigned Index) const {
234fec1a442SValeriy Savchenko return getStatusFor(Index).seenAnyCalls();
235fec1a442SValeriy Savchenko }
236fec1a442SValeriy Savchenko /// Return a reference that we consider a call.
237fec1a442SValeriy Savchenko ///
238fec1a442SValeriy Savchenko /// Should only be used for parameters that can be called.
getCallFor(unsigned Index) const239fec1a442SValeriy Savchenko const Expr &getCallFor(unsigned Index) const {
240fec1a442SValeriy Savchenko return getStatusFor(Index).getCall();
241fec1a442SValeriy Savchenko }
242fec1a442SValeriy Savchenko /// Return status kind of parameter with the given index.
getKindFor(unsigned Index) const243fec1a442SValeriy Savchenko ParameterStatus::Kind getKindFor(unsigned Index) const {
244fec1a442SValeriy Savchenko return getStatusFor(Index).getKind();
245fec1a442SValeriy Savchenko }
246fec1a442SValeriy Savchenko
isVisited() const247fec1a442SValeriy Savchenko bool isVisited() const {
248fec1a442SValeriy Savchenko return llvm::all_of(ParamData, [](const ParameterStatus &S) {
249fec1a442SValeriy Savchenko return S.getKind() != ParameterStatus::NotVisited;
250fec1a442SValeriy Savchenko });
251fec1a442SValeriy Savchenko }
252fec1a442SValeriy Savchenko
253fec1a442SValeriy Savchenko // Join other state into the current state.
join(const State & Other)254fec1a442SValeriy Savchenko void join(const State &Other) {
255fec1a442SValeriy Savchenko assert(ParamData.size() == Other.ParamData.size() &&
256fec1a442SValeriy Savchenko "Couldn't join statuses with different sizes");
257fec1a442SValeriy Savchenko for (auto Pair : llvm::zip(ParamData, Other.ParamData)) {
258fec1a442SValeriy Savchenko std::get<0>(Pair).join(std::get<1>(Pair));
259fec1a442SValeriy Savchenko }
260fec1a442SValeriy Savchenko }
261fec1a442SValeriy Savchenko
262fec1a442SValeriy Savchenko using iterator = ParamSizedVector<ParameterStatus>::iterator;
263fec1a442SValeriy Savchenko using const_iterator = ParamSizedVector<ParameterStatus>::const_iterator;
264fec1a442SValeriy Savchenko
begin()265fec1a442SValeriy Savchenko iterator begin() { return ParamData.begin(); }
end()266fec1a442SValeriy Savchenko iterator end() { return ParamData.end(); }
267fec1a442SValeriy Savchenko
begin() const268fec1a442SValeriy Savchenko const_iterator begin() const { return ParamData.begin(); }
end() const269fec1a442SValeriy Savchenko const_iterator end() const { return ParamData.end(); }
270fec1a442SValeriy Savchenko
operator ==(const State & Other) const271fec1a442SValeriy Savchenko bool operator==(const State &Other) const {
272fec1a442SValeriy Savchenko return ParamData == Other.ParamData;
273fec1a442SValeriy Savchenko }
274fec1a442SValeriy Savchenko
275fec1a442SValeriy Savchenko private:
276fec1a442SValeriy Savchenko ParamSizedVector<ParameterStatus> ParamData;
277fec1a442SValeriy Savchenko };
278fec1a442SValeriy Savchenko
279fec1a442SValeriy Savchenko /// A simple class that finds DeclRefExpr in the given expression.
280fec1a442SValeriy Savchenko ///
281fec1a442SValeriy Savchenko /// However, we don't want to find ANY nested DeclRefExpr skipping whatever
282fec1a442SValeriy Savchenko /// expressions on our way. Only certain expressions considered "no-op"
283fec1a442SValeriy Savchenko /// for our task are indeed skipped.
284fec1a442SValeriy Savchenko class DeclRefFinder
285fec1a442SValeriy Savchenko : public ConstStmtVisitor<DeclRefFinder, const DeclRefExpr *> {
286fec1a442SValeriy Savchenko public:
287fec1a442SValeriy Savchenko /// Find a DeclRefExpr in the given expression.
288fec1a442SValeriy Savchenko ///
289fec1a442SValeriy Savchenko /// In its most basic form (ShouldRetrieveFromComparisons == false),
290fec1a442SValeriy Savchenko /// this function can be simply reduced to the following question:
291fec1a442SValeriy Savchenko ///
292fec1a442SValeriy Savchenko /// - If expression E is used as a function argument, could we say
293fec1a442SValeriy Savchenko /// that DeclRefExpr nested in E is used as an argument?
294fec1a442SValeriy Savchenko ///
295fec1a442SValeriy Savchenko /// According to this rule, we can say that parens, casts and dereferencing
296fec1a442SValeriy Savchenko /// (dereferencing only applied to function pointers, but this is our case)
297fec1a442SValeriy Savchenko /// can be skipped.
298fec1a442SValeriy Savchenko ///
299fec1a442SValeriy Savchenko /// When we should look into comparisons the question changes to:
300fec1a442SValeriy Savchenko ///
301fec1a442SValeriy Savchenko /// - If expression E is used as a condition, could we say that
302fec1a442SValeriy Savchenko /// DeclRefExpr is being checked?
303fec1a442SValeriy Savchenko ///
304fec1a442SValeriy Savchenko /// And even though, these are two different questions, they have quite a lot
305fec1a442SValeriy Savchenko /// in common. Actually, we can say that whatever expression answers
306fec1a442SValeriy Savchenko /// positively the first question also fits the second question as well.
307fec1a442SValeriy Savchenko ///
308fec1a442SValeriy Savchenko /// In addition, we skip binary operators == and !=, and unary opeartor !.
find(const Expr * E,bool ShouldRetrieveFromComparisons=false)309fec1a442SValeriy Savchenko static const DeclRefExpr *find(const Expr *E,
310fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) {
311fec1a442SValeriy Savchenko return DeclRefFinder(ShouldRetrieveFromComparisons).Visit(E);
312fec1a442SValeriy Savchenko }
313fec1a442SValeriy Savchenko
VisitDeclRefExpr(const DeclRefExpr * DR)314fec1a442SValeriy Savchenko const DeclRefExpr *VisitDeclRefExpr(const DeclRefExpr *DR) { return DR; }
315fec1a442SValeriy Savchenko
VisitUnaryOperator(const UnaryOperator * UO)316fec1a442SValeriy Savchenko const DeclRefExpr *VisitUnaryOperator(const UnaryOperator *UO) {
317fec1a442SValeriy Savchenko switch (UO->getOpcode()) {
318fec1a442SValeriy Savchenko case UO_LNot:
319fec1a442SValeriy Savchenko // We care about logical not only if we care about comparisons.
320fec1a442SValeriy Savchenko if (!ShouldRetrieveFromComparisons)
321fec1a442SValeriy Savchenko return nullptr;
322fec1a442SValeriy Savchenko LLVM_FALLTHROUGH;
323fec1a442SValeriy Savchenko // Function pointer/references can be dereferenced before a call.
324fec1a442SValeriy Savchenko // That doesn't make it, however, any different from a regular call.
325fec1a442SValeriy Savchenko // For this reason, dereference operation is a "no-op".
326fec1a442SValeriy Savchenko case UO_Deref:
327fec1a442SValeriy Savchenko return Visit(UO->getSubExpr());
328fec1a442SValeriy Savchenko default:
329fec1a442SValeriy Savchenko return nullptr;
330fec1a442SValeriy Savchenko }
331fec1a442SValeriy Savchenko }
332fec1a442SValeriy Savchenko
VisitBinaryOperator(const BinaryOperator * BO)333fec1a442SValeriy Savchenko const DeclRefExpr *VisitBinaryOperator(const BinaryOperator *BO) {
334fec1a442SValeriy Savchenko if (!ShouldRetrieveFromComparisons)
335fec1a442SValeriy Savchenko return nullptr;
336fec1a442SValeriy Savchenko
337fec1a442SValeriy Savchenko switch (BO->getOpcode()) {
338fec1a442SValeriy Savchenko case BO_EQ:
339fec1a442SValeriy Savchenko case BO_NE: {
340fec1a442SValeriy Savchenko const DeclRefExpr *LHS = Visit(BO->getLHS());
341fec1a442SValeriy Savchenko return LHS ? LHS : Visit(BO->getRHS());
342fec1a442SValeriy Savchenko }
343fec1a442SValeriy Savchenko default:
344fec1a442SValeriy Savchenko return nullptr;
345fec1a442SValeriy Savchenko }
346fec1a442SValeriy Savchenko }
347fec1a442SValeriy Savchenko
VisitOpaqueValueExpr(const OpaqueValueExpr * OVE)348fec1a442SValeriy Savchenko const DeclRefExpr *VisitOpaqueValueExpr(const OpaqueValueExpr *OVE) {
349fec1a442SValeriy Savchenko return Visit(OVE->getSourceExpr());
350fec1a442SValeriy Savchenko }
351fec1a442SValeriy Savchenko
VisitCallExpr(const CallExpr * CE)352d1522d34SValeriy Savchenko const DeclRefExpr *VisitCallExpr(const CallExpr *CE) {
353d1522d34SValeriy Savchenko if (!ShouldRetrieveFromComparisons)
354d1522d34SValeriy Savchenko return nullptr;
355d1522d34SValeriy Savchenko
356d1522d34SValeriy Savchenko // We want to see through some of the boolean builtin functions
357d1522d34SValeriy Savchenko // that we are likely to see in conditions.
358d1522d34SValeriy Savchenko switch (CE->getBuiltinCallee()) {
359d1522d34SValeriy Savchenko case Builtin::BI__builtin_expect:
360d1522d34SValeriy Savchenko case Builtin::BI__builtin_expect_with_probability: {
361d1522d34SValeriy Savchenko assert(CE->getNumArgs() >= 2);
362d1522d34SValeriy Savchenko
363d1522d34SValeriy Savchenko const DeclRefExpr *Candidate = Visit(CE->getArg(0));
364d1522d34SValeriy Savchenko return Candidate != nullptr ? Candidate : Visit(CE->getArg(1));
365d1522d34SValeriy Savchenko }
366d1522d34SValeriy Savchenko
367d1522d34SValeriy Savchenko case Builtin::BI__builtin_unpredictable:
368d1522d34SValeriy Savchenko return Visit(CE->getArg(0));
369d1522d34SValeriy Savchenko
370d1522d34SValeriy Savchenko default:
371d1522d34SValeriy Savchenko return nullptr;
372d1522d34SValeriy Savchenko }
373d1522d34SValeriy Savchenko }
374d1522d34SValeriy Savchenko
VisitExpr(const Expr * E)375fec1a442SValeriy Savchenko const DeclRefExpr *VisitExpr(const Expr *E) {
376fec1a442SValeriy Savchenko // It is a fallback method that gets called whenever the actual type
377fec1a442SValeriy Savchenko // of the given expression is not covered.
378fec1a442SValeriy Savchenko //
379fec1a442SValeriy Savchenko // We first check if we have anything to skip. And then repeat the whole
380fec1a442SValeriy Savchenko // procedure for a nested expression instead.
381fec1a442SValeriy Savchenko const Expr *DeclutteredExpr = E->IgnoreParenCasts();
382fec1a442SValeriy Savchenko return E != DeclutteredExpr ? Visit(DeclutteredExpr) : nullptr;
383fec1a442SValeriy Savchenko }
384fec1a442SValeriy Savchenko
385fec1a442SValeriy Savchenko private:
DeclRefFinder(bool ShouldRetrieveFromComparisons)386fec1a442SValeriy Savchenko DeclRefFinder(bool ShouldRetrieveFromComparisons)
387fec1a442SValeriy Savchenko : ShouldRetrieveFromComparisons(ShouldRetrieveFromComparisons) {}
388fec1a442SValeriy Savchenko
389fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons;
390fec1a442SValeriy Savchenko };
391fec1a442SValeriy Savchenko
findDeclRefExpr(const Expr * In,bool ShouldRetrieveFromComparisons=false)392fec1a442SValeriy Savchenko const DeclRefExpr *findDeclRefExpr(const Expr *In,
393fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) {
394fec1a442SValeriy Savchenko return DeclRefFinder::find(In, ShouldRetrieveFromComparisons);
395fec1a442SValeriy Savchenko }
396fec1a442SValeriy Savchenko
397fec1a442SValeriy Savchenko const ParmVarDecl *
findReferencedParmVarDecl(const Expr * In,bool ShouldRetrieveFromComparisons=false)398fec1a442SValeriy Savchenko findReferencedParmVarDecl(const Expr *In,
399fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) {
400fec1a442SValeriy Savchenko if (const DeclRefExpr *DR =
401fec1a442SValeriy Savchenko findDeclRefExpr(In, ShouldRetrieveFromComparisons)) {
402fec1a442SValeriy Savchenko return dyn_cast<ParmVarDecl>(DR->getDecl());
403fec1a442SValeriy Savchenko }
404fec1a442SValeriy Savchenko
405fec1a442SValeriy Savchenko return nullptr;
406fec1a442SValeriy Savchenko }
407fec1a442SValeriy Savchenko
408fec1a442SValeriy Savchenko /// Return conditions expression of a statement if it has one.
getCondition(const Stmt * S)409fec1a442SValeriy Savchenko const Expr *getCondition(const Stmt *S) {
410fec1a442SValeriy Savchenko if (!S) {
411fec1a442SValeriy Savchenko return nullptr;
412fec1a442SValeriy Savchenko }
413fec1a442SValeriy Savchenko
414fec1a442SValeriy Savchenko if (const auto *If = dyn_cast<IfStmt>(S)) {
415fec1a442SValeriy Savchenko return If->getCond();
416fec1a442SValeriy Savchenko }
417fec1a442SValeriy Savchenko if (const auto *Ternary = dyn_cast<AbstractConditionalOperator>(S)) {
418fec1a442SValeriy Savchenko return Ternary->getCond();
419fec1a442SValeriy Savchenko }
420fec1a442SValeriy Savchenko
421fec1a442SValeriy Savchenko return nullptr;
422fec1a442SValeriy Savchenko }
423fec1a442SValeriy Savchenko
424fec1a442SValeriy Savchenko /// A small helper class that collects all named identifiers in the given
425fec1a442SValeriy Savchenko /// expression. It traverses it recursively, so names from deeper levels
426fec1a442SValeriy Savchenko /// of the AST will end up in the results.
427fec1a442SValeriy Savchenko /// Results might have duplicate names, if this is a problem, convert to
428fec1a442SValeriy Savchenko /// string sets afterwards.
429fec1a442SValeriy Savchenko class NamesCollector : public RecursiveASTVisitor<NamesCollector> {
430fec1a442SValeriy Savchenko public:
431fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_NUMBER_OF_NAMES = 5;
432fec1a442SValeriy Savchenko using NameCollection =
433fec1a442SValeriy Savchenko llvm::SmallVector<llvm::StringRef, EXPECTED_NUMBER_OF_NAMES>;
434fec1a442SValeriy Savchenko
collect(const Expr * From)435fec1a442SValeriy Savchenko static NameCollection collect(const Expr *From) {
436fec1a442SValeriy Savchenko NamesCollector Impl;
437fec1a442SValeriy Savchenko Impl.TraverseStmt(const_cast<Expr *>(From));
438fec1a442SValeriy Savchenko return Impl.Result;
439fec1a442SValeriy Savchenko }
440fec1a442SValeriy Savchenko
VisitDeclRefExpr(const DeclRefExpr * E)441fec1a442SValeriy Savchenko bool VisitDeclRefExpr(const DeclRefExpr *E) {
442fec1a442SValeriy Savchenko Result.push_back(E->getDecl()->getName());
443fec1a442SValeriy Savchenko return true;
444fec1a442SValeriy Savchenko }
445fec1a442SValeriy Savchenko
VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr * E)446fec1a442SValeriy Savchenko bool VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr *E) {
447fec1a442SValeriy Savchenko llvm::StringRef Name;
448fec1a442SValeriy Savchenko
449fec1a442SValeriy Savchenko if (E->isImplicitProperty()) {
450fec1a442SValeriy Savchenko ObjCMethodDecl *PropertyMethodDecl = nullptr;
451fec1a442SValeriy Savchenko if (E->isMessagingGetter()) {
452fec1a442SValeriy Savchenko PropertyMethodDecl = E->getImplicitPropertyGetter();
453fec1a442SValeriy Savchenko } else {
454fec1a442SValeriy Savchenko PropertyMethodDecl = E->getImplicitPropertySetter();
455fec1a442SValeriy Savchenko }
456fec1a442SValeriy Savchenko assert(PropertyMethodDecl &&
457fec1a442SValeriy Savchenko "Implicit property must have associated declaration");
458fec1a442SValeriy Savchenko Name = PropertyMethodDecl->getSelector().getNameForSlot(0);
459fec1a442SValeriy Savchenko } else {
460fec1a442SValeriy Savchenko assert(E->isExplicitProperty());
461fec1a442SValeriy Savchenko Name = E->getExplicitProperty()->getName();
462fec1a442SValeriy Savchenko }
463fec1a442SValeriy Savchenko
464fec1a442SValeriy Savchenko Result.push_back(Name);
465fec1a442SValeriy Savchenko return true;
466fec1a442SValeriy Savchenko }
467fec1a442SValeriy Savchenko
468fec1a442SValeriy Savchenko private:
469fec1a442SValeriy Savchenko NamesCollector() = default;
470fec1a442SValeriy Savchenko NameCollection Result;
471fec1a442SValeriy Savchenko };
472fec1a442SValeriy Savchenko
473fec1a442SValeriy Savchenko /// Check whether the given expression mentions any of conventional names.
mentionsAnyOfConventionalNames(const Expr * E)474fec1a442SValeriy Savchenko bool mentionsAnyOfConventionalNames(const Expr *E) {
475fec1a442SValeriy Savchenko NamesCollector::NameCollection MentionedNames = NamesCollector::collect(E);
476fec1a442SValeriy Savchenko
477fec1a442SValeriy Savchenko return llvm::any_of(MentionedNames, [](llvm::StringRef ConditionName) {
478fec1a442SValeriy Savchenko return llvm::any_of(
479fec1a442SValeriy Savchenko CONVENTIONAL_CONDITIONS,
480fec1a442SValeriy Savchenko [ConditionName](const llvm::StringLiteral &Conventional) {
481e5c7c171SMartin Storsjö return ConditionName.contains_insensitive(Conventional);
482fec1a442SValeriy Savchenko });
483fec1a442SValeriy Savchenko });
484fec1a442SValeriy Savchenko }
485fec1a442SValeriy Savchenko
486fec1a442SValeriy Savchenko /// Clarification is a simple pair of a reason why parameter is not called
487fec1a442SValeriy Savchenko /// on every path and a statement to blame.
488fec1a442SValeriy Savchenko struct Clarification {
489fec1a442SValeriy Savchenko NeverCalledReason Reason;
490fec1a442SValeriy Savchenko const Stmt *Location;
491fec1a442SValeriy Savchenko };
492fec1a442SValeriy Savchenko
493fec1a442SValeriy Savchenko /// A helper class that can produce a clarification based on the given pair
494fec1a442SValeriy Savchenko /// of basic blocks.
495fec1a442SValeriy Savchenko class NotCalledClarifier
496fec1a442SValeriy Savchenko : public ConstStmtVisitor<NotCalledClarifier,
497fec1a442SValeriy Savchenko llvm::Optional<Clarification>> {
498fec1a442SValeriy Savchenko public:
499fec1a442SValeriy Savchenko /// The main entrypoint for the class, the function that tries to find the
500fec1a442SValeriy Savchenko /// clarification of how to explain which sub-path starts with a CFG edge
501fec1a442SValeriy Savchenko /// from Conditional to SuccWithoutCall.
502fec1a442SValeriy Savchenko ///
503fec1a442SValeriy Savchenko /// This means that this function has one precondition:
504fec1a442SValeriy Savchenko /// SuccWithoutCall should be a successor block for Conditional.
505fec1a442SValeriy Savchenko ///
506fec1a442SValeriy Savchenko /// Because clarification is not needed for non-trivial pairs of blocks
507fec1a442SValeriy Savchenko /// (i.e. SuccWithoutCall is not the only successor), it returns meaningful
508fec1a442SValeriy Savchenko /// results only for such cases. For this very reason, the parent basic
509fec1a442SValeriy Savchenko /// block, Conditional, is named that way, so it is clear what kind of
510fec1a442SValeriy Savchenko /// block is expected.
511fec1a442SValeriy Savchenko static llvm::Optional<Clarification>
clarify(const CFGBlock * Conditional,const CFGBlock * SuccWithoutCall)512fec1a442SValeriy Savchenko clarify(const CFGBlock *Conditional, const CFGBlock *SuccWithoutCall) {
513fec1a442SValeriy Savchenko if (const Stmt *Terminator = Conditional->getTerminatorStmt()) {
514fec1a442SValeriy Savchenko return NotCalledClarifier{Conditional, SuccWithoutCall}.Visit(Terminator);
515fec1a442SValeriy Savchenko }
516fec1a442SValeriy Savchenko return llvm::None;
517fec1a442SValeriy Savchenko }
518fec1a442SValeriy Savchenko
VisitIfStmt(const IfStmt * If)519fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitIfStmt(const IfStmt *If) {
520fec1a442SValeriy Savchenko return VisitBranchingBlock(If, NeverCalledReason::IfThen);
521fec1a442SValeriy Savchenko }
522fec1a442SValeriy Savchenko
523fec1a442SValeriy Savchenko llvm::Optional<Clarification>
VisitAbstractConditionalOperator(const AbstractConditionalOperator * Ternary)524fec1a442SValeriy Savchenko VisitAbstractConditionalOperator(const AbstractConditionalOperator *Ternary) {
525fec1a442SValeriy Savchenko return VisitBranchingBlock(Ternary, NeverCalledReason::IfThen);
526fec1a442SValeriy Savchenko }
527fec1a442SValeriy Savchenko
VisitSwitchStmt(const SwitchStmt * Switch)528fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitSwitchStmt(const SwitchStmt *Switch) {
529fec1a442SValeriy Savchenko const Stmt *CaseToBlame = SuccInQuestion->getLabel();
530fec1a442SValeriy Savchenko if (!CaseToBlame) {
531fec1a442SValeriy Savchenko // If interesting basic block is not labeled, it means that this
532fec1a442SValeriy Savchenko // basic block does not represent any of the cases.
533fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::SwitchSkipped, Switch};
534fec1a442SValeriy Savchenko }
535fec1a442SValeriy Savchenko
536fec1a442SValeriy Savchenko for (const SwitchCase *Case = Switch->getSwitchCaseList(); Case;
537fec1a442SValeriy Savchenko Case = Case->getNextSwitchCase()) {
538fec1a442SValeriy Savchenko if (Case == CaseToBlame) {
539fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::Switch, Case};
540fec1a442SValeriy Savchenko }
541fec1a442SValeriy Savchenko }
542fec1a442SValeriy Savchenko
543fec1a442SValeriy Savchenko llvm_unreachable("Found unexpected switch structure");
544fec1a442SValeriy Savchenko }
545fec1a442SValeriy Savchenko
VisitForStmt(const ForStmt * For)546fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitForStmt(const ForStmt *For) {
547fec1a442SValeriy Savchenko return VisitBranchingBlock(For, NeverCalledReason::LoopEntered);
548fec1a442SValeriy Savchenko }
549fec1a442SValeriy Savchenko
VisitWhileStmt(const WhileStmt * While)550fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitWhileStmt(const WhileStmt *While) {
551fec1a442SValeriy Savchenko return VisitBranchingBlock(While, NeverCalledReason::LoopEntered);
552fec1a442SValeriy Savchenko }
553fec1a442SValeriy Savchenko
554fec1a442SValeriy Savchenko llvm::Optional<Clarification>
VisitBranchingBlock(const Stmt * Terminator,NeverCalledReason DefaultReason)555fec1a442SValeriy Savchenko VisitBranchingBlock(const Stmt *Terminator, NeverCalledReason DefaultReason) {
556fec1a442SValeriy Savchenko assert(Parent->succ_size() == 2 &&
557fec1a442SValeriy Savchenko "Branching block should have exactly two successors");
558fec1a442SValeriy Savchenko unsigned SuccessorIndex = getSuccessorIndex(Parent, SuccInQuestion);
559fec1a442SValeriy Savchenko NeverCalledReason ActualReason =
560fec1a442SValeriy Savchenko updateForSuccessor(DefaultReason, SuccessorIndex);
561fec1a442SValeriy Savchenko return Clarification{ActualReason, Terminator};
562fec1a442SValeriy Savchenko }
563fec1a442SValeriy Savchenko
VisitBinaryOperator(const BinaryOperator *)564fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitBinaryOperator(const BinaryOperator *) {
565fec1a442SValeriy Savchenko // We don't want to report on short-curcuit logical operations.
566fec1a442SValeriy Savchenko return llvm::None;
567fec1a442SValeriy Savchenko }
568fec1a442SValeriy Savchenko
VisitStmt(const Stmt * Terminator)569fec1a442SValeriy Savchenko llvm::Optional<Clarification> VisitStmt(const Stmt *Terminator) {
570fec1a442SValeriy Savchenko // If we got here, we didn't have a visit function for more derived
571fec1a442SValeriy Savchenko // classes of statement that this terminator actually belongs to.
572fec1a442SValeriy Savchenko //
573fec1a442SValeriy Savchenko // This is not a good scenario and should not happen in practice, but
574fec1a442SValeriy Savchenko // at least we'll warn the user.
575fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::FallbackReason, Terminator};
576fec1a442SValeriy Savchenko }
577fec1a442SValeriy Savchenko
getSuccessorIndex(const CFGBlock * Parent,const CFGBlock * Child)578fec1a442SValeriy Savchenko static unsigned getSuccessorIndex(const CFGBlock *Parent,
579fec1a442SValeriy Savchenko const CFGBlock *Child) {
580fec1a442SValeriy Savchenko CFGBlock::const_succ_iterator It = llvm::find(Parent->succs(), Child);
581fec1a442SValeriy Savchenko assert(It != Parent->succ_end() &&
582fec1a442SValeriy Savchenko "Given blocks should be in parent-child relationship");
583fec1a442SValeriy Savchenko return It - Parent->succ_begin();
584fec1a442SValeriy Savchenko }
585fec1a442SValeriy Savchenko
586fec1a442SValeriy Savchenko static NeverCalledReason
updateForSuccessor(NeverCalledReason ReasonForTrueBranch,unsigned SuccessorIndex)587fec1a442SValeriy Savchenko updateForSuccessor(NeverCalledReason ReasonForTrueBranch,
588fec1a442SValeriy Savchenko unsigned SuccessorIndex) {
589fec1a442SValeriy Savchenko assert(SuccessorIndex <= 1);
590fec1a442SValeriy Savchenko unsigned RawReason =
591fec1a442SValeriy Savchenko static_cast<unsigned>(ReasonForTrueBranch) + SuccessorIndex;
592fec1a442SValeriy Savchenko assert(RawReason <=
593fec1a442SValeriy Savchenko static_cast<unsigned>(NeverCalledReason::LARGEST_VALUE));
594fec1a442SValeriy Savchenko return static_cast<NeverCalledReason>(RawReason);
595fec1a442SValeriy Savchenko }
596fec1a442SValeriy Savchenko
597fec1a442SValeriy Savchenko private:
NotCalledClarifier(const CFGBlock * Parent,const CFGBlock * SuccInQuestion)598fec1a442SValeriy Savchenko NotCalledClarifier(const CFGBlock *Parent, const CFGBlock *SuccInQuestion)
599fec1a442SValeriy Savchenko : Parent(Parent), SuccInQuestion(SuccInQuestion) {}
600fec1a442SValeriy Savchenko
601fec1a442SValeriy Savchenko const CFGBlock *Parent, *SuccInQuestion;
602fec1a442SValeriy Savchenko };
603fec1a442SValeriy Savchenko
604fec1a442SValeriy Savchenko class CalledOnceChecker : public ConstStmtVisitor<CalledOnceChecker> {
605fec1a442SValeriy Savchenko public:
check(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)606fec1a442SValeriy Savchenko static void check(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
607fec1a442SValeriy Savchenko bool CheckConventionalParameters) {
608fec1a442SValeriy Savchenko CalledOnceChecker(AC, Handler, CheckConventionalParameters).check();
609fec1a442SValeriy Savchenko }
610fec1a442SValeriy Savchenko
611fec1a442SValeriy Savchenko private:
CalledOnceChecker(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)612fec1a442SValeriy Savchenko CalledOnceChecker(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
613fec1a442SValeriy Savchenko bool CheckConventionalParameters)
614fec1a442SValeriy Savchenko : FunctionCFG(*AC.getCFG()), AC(AC), Handler(Handler),
615fec1a442SValeriy Savchenko CheckConventionalParameters(CheckConventionalParameters),
616fec1a442SValeriy Savchenko CurrentState(0) {
617fec1a442SValeriy Savchenko initDataStructures();
618a032a4e7SYang Fan assert((size() == 0 || !States.empty()) &&
619a032a4e7SYang Fan "Data structures are inconsistent");
620fec1a442SValeriy Savchenko }
621fec1a442SValeriy Savchenko
622fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
623fec1a442SValeriy Savchenko // Initializing functions
624fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
625fec1a442SValeriy Savchenko
initDataStructures()626fec1a442SValeriy Savchenko void initDataStructures() {
627fec1a442SValeriy Savchenko const Decl *AnalyzedDecl = AC.getDecl();
628fec1a442SValeriy Savchenko
629fec1a442SValeriy Savchenko if (const auto *Function = dyn_cast<FunctionDecl>(AnalyzedDecl)) {
630fec1a442SValeriy Savchenko findParamsToTrack(Function);
631fec1a442SValeriy Savchenko } else if (const auto *Method = dyn_cast<ObjCMethodDecl>(AnalyzedDecl)) {
632fec1a442SValeriy Savchenko findParamsToTrack(Method);
633fec1a442SValeriy Savchenko } else if (const auto *Block = dyn_cast<BlockDecl>(AnalyzedDecl)) {
634fec1a442SValeriy Savchenko findCapturesToTrack(Block);
635fec1a442SValeriy Savchenko findParamsToTrack(Block);
636fec1a442SValeriy Savchenko }
637fec1a442SValeriy Savchenko
638fec1a442SValeriy Savchenko // Have something to track, let's init states for every block from the CFG.
639fec1a442SValeriy Savchenko if (size() != 0) {
640fec1a442SValeriy Savchenko States =
641fec1a442SValeriy Savchenko CFGSizedVector<State>(FunctionCFG.getNumBlockIDs(), State(size()));
642fec1a442SValeriy Savchenko }
643fec1a442SValeriy Savchenko }
644fec1a442SValeriy Savchenko
findCapturesToTrack(const BlockDecl * Block)645fec1a442SValeriy Savchenko void findCapturesToTrack(const BlockDecl *Block) {
646fec1a442SValeriy Savchenko for (const auto &Capture : Block->captures()) {
647fec1a442SValeriy Savchenko if (const auto *P = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
648fec1a442SValeriy Savchenko // Parameter DeclContext is its owning function or method.
649fec1a442SValeriy Savchenko const DeclContext *ParamContext = P->getDeclContext();
650fec1a442SValeriy Savchenko if (shouldBeCalledOnce(ParamContext, P)) {
651fec1a442SValeriy Savchenko TrackedParams.push_back(P);
652fec1a442SValeriy Savchenko }
653fec1a442SValeriy Savchenko }
654fec1a442SValeriy Savchenko }
655fec1a442SValeriy Savchenko }
656fec1a442SValeriy Savchenko
657fec1a442SValeriy Savchenko template <class FunctionLikeDecl>
findParamsToTrack(const FunctionLikeDecl * Function)658fec1a442SValeriy Savchenko void findParamsToTrack(const FunctionLikeDecl *Function) {
659fec1a442SValeriy Savchenko for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
660fec1a442SValeriy Savchenko if (shouldBeCalledOnce(Function, Index)) {
661fec1a442SValeriy Savchenko TrackedParams.push_back(Function->getParamDecl(Index));
662fec1a442SValeriy Savchenko }
663fec1a442SValeriy Savchenko }
664fec1a442SValeriy Savchenko }
665fec1a442SValeriy Savchenko
666fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
667fec1a442SValeriy Savchenko // Main logic 'check' functions
668fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
669fec1a442SValeriy Savchenko
check()670fec1a442SValeriy Savchenko void check() {
671fec1a442SValeriy Savchenko // Nothing to check here: we don't have marked parameters.
672fec1a442SValeriy Savchenko if (size() == 0 || isPossiblyEmptyImpl())
673fec1a442SValeriy Savchenko return;
674fec1a442SValeriy Savchenko
675fec1a442SValeriy Savchenko assert(
676fec1a442SValeriy Savchenko llvm::none_of(States, [](const State &S) { return S.isVisited(); }) &&
677fec1a442SValeriy Savchenko "None of the blocks should be 'visited' before the analysis");
678fec1a442SValeriy Savchenko
679fec1a442SValeriy Savchenko // For our task, both backward and forward approaches suite well.
680fec1a442SValeriy Savchenko // However, in order to report better diagnostics, we decided to go with
681fec1a442SValeriy Savchenko // backward analysis.
682fec1a442SValeriy Savchenko //
683fec1a442SValeriy Savchenko // Let's consider the following CFG and how forward and backward analyses
684fec1a442SValeriy Savchenko // will work for it.
685fec1a442SValeriy Savchenko //
686fec1a442SValeriy Savchenko // FORWARD: | BACKWARD:
687fec1a442SValeriy Savchenko // #1 | #1
688fec1a442SValeriy Savchenko // +---------+ | +-----------+
689fec1a442SValeriy Savchenko // | if | | |MaybeCalled|
690fec1a442SValeriy Savchenko // +---------+ | +-----------+
691fec1a442SValeriy Savchenko // |NotCalled| | | if |
692fec1a442SValeriy Savchenko // +---------+ | +-----------+
693fec1a442SValeriy Savchenko // / \ | / \
694fec1a442SValeriy Savchenko // #2 / \ #3 | #2 / \ #3
695fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+
696fec1a442SValeriy Savchenko // | foo() | | ... | | |DefinitelyCalled| |NotCalled|
697fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+
698fec1a442SValeriy Savchenko // |DefinitelyCalled| |NotCalled| | | foo() | | ... |
699fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+
700fec1a442SValeriy Savchenko // \ / | \ /
701fec1a442SValeriy Savchenko // \ #4 / | \ #4 /
702fec1a442SValeriy Savchenko // +-----------+ | +---------+
703fec1a442SValeriy Savchenko // | ... | | |NotCalled|
704fec1a442SValeriy Savchenko // +-----------+ | +---------+
705fec1a442SValeriy Savchenko // |MaybeCalled| | | ... |
706fec1a442SValeriy Savchenko // +-----------+ | +---------+
707fec1a442SValeriy Savchenko //
708fec1a442SValeriy Savchenko // The most natural way to report lacking call in the block #3 would be to
709fec1a442SValeriy Savchenko // message that the false branch of the if statement in the block #1 doesn't
710fec1a442SValeriy Savchenko // have a call. And while with the forward approach we'll need to find a
711fec1a442SValeriy Savchenko // least common ancestor or something like that to find the 'if' to blame,
712fec1a442SValeriy Savchenko // backward analysis gives it to us out of the box.
713fec1a442SValeriy Savchenko BackwardDataflowWorklist Worklist(FunctionCFG, AC);
714fec1a442SValeriy Savchenko
715fec1a442SValeriy Savchenko // Let's visit EXIT.
716fec1a442SValeriy Savchenko const CFGBlock *Exit = &FunctionCFG.getExit();
717fec1a442SValeriy Savchenko assignState(Exit, State(size(), ParameterStatus::NotCalled));
718fec1a442SValeriy Savchenko Worklist.enqueuePredecessors(Exit);
719fec1a442SValeriy Savchenko
720fec1a442SValeriy Savchenko while (const CFGBlock *BB = Worklist.dequeue()) {
721fec1a442SValeriy Savchenko assert(BB && "Worklist should filter out null blocks");
722fec1a442SValeriy Savchenko check(BB);
723fec1a442SValeriy Savchenko assert(CurrentState.isVisited() &&
724fec1a442SValeriy Savchenko "After the check, basic block should be visited");
725fec1a442SValeriy Savchenko
726fec1a442SValeriy Savchenko // Traverse successor basic blocks if the status of this block
727fec1a442SValeriy Savchenko // has changed.
728fec1a442SValeriy Savchenko if (assignState(BB, CurrentState)) {
729fec1a442SValeriy Savchenko Worklist.enqueuePredecessors(BB);
730fec1a442SValeriy Savchenko }
731fec1a442SValeriy Savchenko }
732fec1a442SValeriy Savchenko
733fec1a442SValeriy Savchenko // Check that we have all tracked parameters at the last block.
734fec1a442SValeriy Savchenko // As we are performing a backward version of the analysis,
735fec1a442SValeriy Savchenko // it should be the ENTRY block.
736fec1a442SValeriy Savchenko checkEntry(&FunctionCFG.getEntry());
737fec1a442SValeriy Savchenko }
738fec1a442SValeriy Savchenko
check(const CFGBlock * BB)739fec1a442SValeriy Savchenko void check(const CFGBlock *BB) {
740fec1a442SValeriy Savchenko // We start with a state 'inherited' from all the successors.
741fec1a442SValeriy Savchenko CurrentState = joinSuccessors(BB);
742fec1a442SValeriy Savchenko assert(CurrentState.isVisited() &&
743fec1a442SValeriy Savchenko "Shouldn't start with a 'not visited' state");
744fec1a442SValeriy Savchenko
745fec1a442SValeriy Savchenko // This is the 'exit' situation, broken promises are probably OK
746fec1a442SValeriy Savchenko // in such scenarios.
747fec1a442SValeriy Savchenko if (BB->hasNoReturnElement()) {
748fec1a442SValeriy Savchenko markNoReturn();
749fec1a442SValeriy Savchenko // This block still can have calls (even multiple calls) and
750fec1a442SValeriy Savchenko // for this reason there is no early return here.
751fec1a442SValeriy Savchenko }
752fec1a442SValeriy Savchenko
753fec1a442SValeriy Savchenko // We use a backward dataflow propagation and for this reason we
754fec1a442SValeriy Savchenko // should traverse basic blocks bottom-up.
755fec1a442SValeriy Savchenko for (const CFGElement &Element : llvm::reverse(*BB)) {
756fec1a442SValeriy Savchenko if (Optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
757fec1a442SValeriy Savchenko check(S->getStmt());
758fec1a442SValeriy Savchenko }
759fec1a442SValeriy Savchenko }
760fec1a442SValeriy Savchenko }
check(const Stmt * S)761fec1a442SValeriy Savchenko void check(const Stmt *S) { Visit(S); }
762fec1a442SValeriy Savchenko
checkEntry(const CFGBlock * Entry)763fec1a442SValeriy Savchenko void checkEntry(const CFGBlock *Entry) {
764fec1a442SValeriy Savchenko // We finalize this algorithm with the ENTRY block because
765fec1a442SValeriy Savchenko // we use a backward version of the analysis. This is where
766fec1a442SValeriy Savchenko // we can judge that some of the tracked parameters are not called on
767fec1a442SValeriy Savchenko // every path from ENTRY to EXIT.
768fec1a442SValeriy Savchenko
769fec1a442SValeriy Savchenko const State &EntryStatus = getState(Entry);
770fec1a442SValeriy Savchenko llvm::BitVector NotCalledOnEveryPath(size(), false);
771fec1a442SValeriy Savchenko llvm::BitVector NotUsedOnEveryPath(size(), false);
772fec1a442SValeriy Savchenko
773fec1a442SValeriy Savchenko // Check if there are no calls of the marked parameter at all
774fec1a442SValeriy Savchenko for (const auto &IndexedStatus : llvm::enumerate(EntryStatus)) {
775fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
776fec1a442SValeriy Savchenko
777fec1a442SValeriy Savchenko switch (IndexedStatus.value().getKind()) {
778fec1a442SValeriy Savchenko case ParameterStatus::NotCalled:
779fec1a442SValeriy Savchenko // If there were places where this parameter escapes (aka being used),
780fec1a442SValeriy Savchenko // we can provide a more useful diagnostic by pointing at the exact
781fec1a442SValeriy Savchenko // branches where it is not even mentioned.
782fec1a442SValeriy Savchenko if (!hasEverEscaped(IndexedStatus.index())) {
783fec1a442SValeriy Savchenko // This parameter is was not used at all, so we should report the
784fec1a442SValeriy Savchenko // most generic version of the warning.
785fec1a442SValeriy Savchenko if (isCaptured(Parameter)) {
786fec1a442SValeriy Savchenko // We want to specify that it was captured by the block.
787fec1a442SValeriy Savchenko Handler.handleCapturedNeverCalled(Parameter, AC.getDecl(),
788fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter));
789fec1a442SValeriy Savchenko } else {
790fec1a442SValeriy Savchenko Handler.handleNeverCalled(Parameter,
791fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter));
792fec1a442SValeriy Savchenko }
793fec1a442SValeriy Savchenko } else {
794fec1a442SValeriy Savchenko // Mark it as 'interesting' to figure out which paths don't even
795fec1a442SValeriy Savchenko // have escapes.
796fec1a442SValeriy Savchenko NotUsedOnEveryPath[IndexedStatus.index()] = true;
797fec1a442SValeriy Savchenko }
798fec1a442SValeriy Savchenko
799fec1a442SValeriy Savchenko break;
800fec1a442SValeriy Savchenko case ParameterStatus::MaybeCalled:
801fec1a442SValeriy Savchenko // If we have 'maybe called' at this point, we have an error
802fec1a442SValeriy Savchenko // that there is at least one path where this parameter
803fec1a442SValeriy Savchenko // is not called.
804fec1a442SValeriy Savchenko //
805fec1a442SValeriy Savchenko // However, reporting the warning with only that information can be
806fec1a442SValeriy Savchenko // too vague for the users. For this reason, we mark such parameters
807fec1a442SValeriy Savchenko // as "interesting" for further analysis.
808fec1a442SValeriy Savchenko NotCalledOnEveryPath[IndexedStatus.index()] = true;
809fec1a442SValeriy Savchenko break;
810fec1a442SValeriy Savchenko default:
811fec1a442SValeriy Savchenko break;
812fec1a442SValeriy Savchenko }
813fec1a442SValeriy Savchenko }
814fec1a442SValeriy Savchenko
8154a7afc9aSValeriy Savchenko // Early exit if we don't have parameters for extra analysis...
8164a7afc9aSValeriy Savchenko if (NotCalledOnEveryPath.none() && NotUsedOnEveryPath.none() &&
8174a7afc9aSValeriy Savchenko // ... or if we've seen variables with cleanup functions.
8184a7afc9aSValeriy Savchenko // We can't reason that we've seen every path in this case,
8194a7afc9aSValeriy Savchenko // and thus abandon reporting any warnings that imply that.
8204a7afc9aSValeriy Savchenko !FunctionHasCleanupVars)
821fec1a442SValeriy Savchenko return;
822fec1a442SValeriy Savchenko
823fec1a442SValeriy Savchenko // We are looking for a pair of blocks A, B so that the following is true:
824fec1a442SValeriy Savchenko // * A is a predecessor of B
825fec1a442SValeriy Savchenko // * B is marked as NotCalled
826fec1a442SValeriy Savchenko // * A has at least one successor marked as either
827fec1a442SValeriy Savchenko // Escaped or DefinitelyCalled
828fec1a442SValeriy Savchenko //
829fec1a442SValeriy Savchenko // In that situation, it is guaranteed that B is the first block of the path
830fec1a442SValeriy Savchenko // where the user doesn't call or use parameter in question.
831fec1a442SValeriy Savchenko //
832fec1a442SValeriy Savchenko // For this reason, branch A -> B can be used for reporting.
833fec1a442SValeriy Savchenko //
834fec1a442SValeriy Savchenko // This part of the algorithm is guarded by a condition that the function
835fec1a442SValeriy Savchenko // does indeed have a violation of contract. For this reason, we can
836fec1a442SValeriy Savchenko // spend more time to find a good spot to place the warning.
837fec1a442SValeriy Savchenko //
838fec1a442SValeriy Savchenko // The following algorithm has the worst case complexity of O(V + E),
839fec1a442SValeriy Savchenko // where V is the number of basic blocks in FunctionCFG,
840fec1a442SValeriy Savchenko // E is the number of edges between blocks in FunctionCFG.
841fec1a442SValeriy Savchenko for (const CFGBlock *BB : FunctionCFG) {
842fec1a442SValeriy Savchenko if (!BB)
843fec1a442SValeriy Savchenko continue;
844fec1a442SValeriy Savchenko
845fec1a442SValeriy Savchenko const State &BlockState = getState(BB);
846fec1a442SValeriy Savchenko
847fec1a442SValeriy Savchenko for (unsigned Index : llvm::seq(0u, size())) {
848fec1a442SValeriy Savchenko // We don't want to use 'isLosingCall' here because we want to report
849fec1a442SValeriy Savchenko // the following situation as well:
850fec1a442SValeriy Savchenko //
851fec1a442SValeriy Savchenko // MaybeCalled
852fec1a442SValeriy Savchenko // | ... |
853fec1a442SValeriy Savchenko // MaybeCalled NotCalled
854fec1a442SValeriy Savchenko //
855fec1a442SValeriy Savchenko // Even though successor is not 'DefinitelyCalled', it is still useful
856fec1a442SValeriy Savchenko // to report it, it is still a path without a call.
857fec1a442SValeriy Savchenko if (NotCalledOnEveryPath[Index] &&
858fec1a442SValeriy Savchenko BlockState.getKindFor(Index) == ParameterStatus::MaybeCalled) {
859fec1a442SValeriy Savchenko
860fec1a442SValeriy Savchenko findAndReportNotCalledBranches(BB, Index);
861fec1a442SValeriy Savchenko } else if (NotUsedOnEveryPath[Index] &&
862fec1a442SValeriy Savchenko isLosingEscape(BlockState, BB, Index)) {
863fec1a442SValeriy Savchenko
864fec1a442SValeriy Savchenko findAndReportNotCalledBranches(BB, Index, /* IsEscape = */ true);
865fec1a442SValeriy Savchenko }
866fec1a442SValeriy Savchenko }
867fec1a442SValeriy Savchenko }
868fec1a442SValeriy Savchenko }
869fec1a442SValeriy Savchenko
870fec1a442SValeriy Savchenko /// Check potential call of a tracked parameter.
checkDirectCall(const CallExpr * Call)871fec1a442SValeriy Savchenko void checkDirectCall(const CallExpr *Call) {
872fec1a442SValeriy Savchenko if (auto Index = getIndexOfCallee(Call)) {
873fec1a442SValeriy Savchenko processCallFor(*Index, Call);
874fec1a442SValeriy Savchenko }
875fec1a442SValeriy Savchenko }
876fec1a442SValeriy Savchenko
877fec1a442SValeriy Savchenko /// Check the call expression for being an indirect call of one of the tracked
878fec1a442SValeriy Savchenko /// parameters. It is indirect in the sense that this particular call is not
879fec1a442SValeriy Savchenko /// calling the parameter itself, but rather uses it as the argument.
880fec1a442SValeriy Savchenko template <class CallLikeExpr>
checkIndirectCall(const CallLikeExpr * CallOrMessage)881fec1a442SValeriy Savchenko void checkIndirectCall(const CallLikeExpr *CallOrMessage) {
882fec1a442SValeriy Savchenko // CallExpr::arguments does not interact nicely with llvm::enumerate.
883fec1a442SValeriy Savchenko llvm::ArrayRef<const Expr *> Arguments = llvm::makeArrayRef(
884fec1a442SValeriy Savchenko CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
885fec1a442SValeriy Savchenko
886fec1a442SValeriy Savchenko // Let's check if any of the call arguments is a point of interest.
887fec1a442SValeriy Savchenko for (const auto &Argument : llvm::enumerate(Arguments)) {
888fec1a442SValeriy Savchenko if (auto Index = getIndexOfExpression(Argument.value())) {
889fec1a442SValeriy Savchenko if (shouldBeCalledOnce(CallOrMessage, Argument.index())) {
890fec1a442SValeriy Savchenko // If the corresponding parameter is marked as 'called_once' we should
891fec1a442SValeriy Savchenko // consider it as a call.
892fec1a442SValeriy Savchenko processCallFor(*Index, CallOrMessage);
893c86dacd1SValeriy Savchenko } else {
894fec1a442SValeriy Savchenko // Otherwise, we mark this parameter as escaped, which can be
895fec1a442SValeriy Savchenko // interpreted both as called or not called depending on the context.
896c86dacd1SValeriy Savchenko processEscapeFor(*Index);
897fec1a442SValeriy Savchenko }
898fec1a442SValeriy Savchenko // Otherwise, let's keep the state as it is.
899fec1a442SValeriy Savchenko }
900fec1a442SValeriy Savchenko }
901fec1a442SValeriy Savchenko }
902fec1a442SValeriy Savchenko
903fec1a442SValeriy Savchenko /// Process call of the parameter with the given index
processCallFor(unsigned Index,const Expr * Call)904fec1a442SValeriy Savchenko void processCallFor(unsigned Index, const Expr *Call) {
905fec1a442SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index);
906fec1a442SValeriy Savchenko
907fec1a442SValeriy Savchenko if (CurrentParamStatus.seenAnyCalls()) {
908fec1a442SValeriy Savchenko
909fec1a442SValeriy Savchenko // At this point, this parameter was called, so this is a second call.
910fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(Index);
911fec1a442SValeriy Savchenko Handler.handleDoubleCall(
912fec1a442SValeriy Savchenko Parameter, &CurrentState.getCallFor(Index), Call,
913fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter),
914fec1a442SValeriy Savchenko // We are sure that the second call is definitely
915fec1a442SValeriy Savchenko // going to happen if the status is 'DefinitelyCalled'.
916fec1a442SValeriy Savchenko CurrentParamStatus.getKind() == ParameterStatus::DefinitelyCalled);
917fec1a442SValeriy Savchenko
918fec1a442SValeriy Savchenko // Mark this parameter as already reported on, so we don't repeat
919fec1a442SValeriy Savchenko // warnings.
920fec1a442SValeriy Savchenko CurrentParamStatus = ParameterStatus::Reported;
921fec1a442SValeriy Savchenko
922fec1a442SValeriy Savchenko } else if (CurrentParamStatus.getKind() != ParameterStatus::Reported) {
923fec1a442SValeriy Savchenko // If we didn't report anything yet, let's mark this parameter
924fec1a442SValeriy Savchenko // as called.
925fec1a442SValeriy Savchenko ParameterStatus Called(ParameterStatus::DefinitelyCalled, Call);
926fec1a442SValeriy Savchenko CurrentParamStatus = Called;
927fec1a442SValeriy Savchenko }
928fec1a442SValeriy Savchenko }
929fec1a442SValeriy Savchenko
930c86dacd1SValeriy Savchenko /// Process escape of the parameter with the given index
processEscapeFor(unsigned Index)931c86dacd1SValeriy Savchenko void processEscapeFor(unsigned Index) {
932c86dacd1SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index);
933c86dacd1SValeriy Savchenko
934c86dacd1SValeriy Savchenko // Escape overrides whatever error we think happened.
935c86dacd1SValeriy Savchenko if (CurrentParamStatus.isErrorStatus()) {
936c86dacd1SValeriy Savchenko CurrentParamStatus = ParameterStatus::Escaped;
937c86dacd1SValeriy Savchenko }
938c86dacd1SValeriy Savchenko }
939c86dacd1SValeriy Savchenko
findAndReportNotCalledBranches(const CFGBlock * Parent,unsigned Index,bool IsEscape=false)940fec1a442SValeriy Savchenko void findAndReportNotCalledBranches(const CFGBlock *Parent, unsigned Index,
941fec1a442SValeriy Savchenko bool IsEscape = false) {
942fec1a442SValeriy Savchenko for (const CFGBlock *Succ : Parent->succs()) {
943fec1a442SValeriy Savchenko if (!Succ)
944fec1a442SValeriy Savchenko continue;
945fec1a442SValeriy Savchenko
946fec1a442SValeriy Savchenko if (getState(Succ).getKindFor(Index) == ParameterStatus::NotCalled) {
947fec1a442SValeriy Savchenko assert(Parent->succ_size() >= 2 &&
948fec1a442SValeriy Savchenko "Block should have at least two successors at this point");
949fec1a442SValeriy Savchenko if (auto Clarification = NotCalledClarifier::clarify(Parent, Succ)) {
950fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(Index);
951f1a7d5a7SValeriy Savchenko Handler.handleNeverCalled(
952f1a7d5a7SValeriy Savchenko Parameter, AC.getDecl(), Clarification->Location,
953f1a7d5a7SValeriy Savchenko Clarification->Reason, !IsEscape, !isExplicitlyMarked(Parameter));
954fec1a442SValeriy Savchenko }
955fec1a442SValeriy Savchenko }
956fec1a442SValeriy Savchenko }
957fec1a442SValeriy Savchenko }
958fec1a442SValeriy Savchenko
959fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
960fec1a442SValeriy Savchenko // Predicate functions to check parameters
961fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
962fec1a442SValeriy Savchenko
963fec1a442SValeriy Savchenko /// Return true if parameter is explicitly marked as 'called_once'.
isExplicitlyMarked(const ParmVarDecl * Parameter)964fec1a442SValeriy Savchenko static bool isExplicitlyMarked(const ParmVarDecl *Parameter) {
965fec1a442SValeriy Savchenko return Parameter->hasAttr<CalledOnceAttr>();
966fec1a442SValeriy Savchenko }
967fec1a442SValeriy Savchenko
968fec1a442SValeriy Savchenko /// Return true if the given name matches conventional pattens.
isConventional(llvm::StringRef Name)969fec1a442SValeriy Savchenko static bool isConventional(llvm::StringRef Name) {
970fec1a442SValeriy Savchenko return llvm::count(CONVENTIONAL_NAMES, Name) != 0;
971fec1a442SValeriy Savchenko }
972fec1a442SValeriy Savchenko
973fec1a442SValeriy Savchenko /// Return true if the given name has conventional suffixes.
hasConventionalSuffix(llvm::StringRef Name)974fec1a442SValeriy Savchenko static bool hasConventionalSuffix(llvm::StringRef Name) {
975fec1a442SValeriy Savchenko return llvm::any_of(CONVENTIONAL_SUFFIXES, [Name](llvm::StringRef Suffix) {
976fec1a442SValeriy Savchenko return Name.endswith(Suffix);
977fec1a442SValeriy Savchenko });
978fec1a442SValeriy Savchenko }
979fec1a442SValeriy Savchenko
980fec1a442SValeriy Savchenko /// Return true if the given type can be used for conventional parameters.
isConventional(QualType Ty)981fec1a442SValeriy Savchenko static bool isConventional(QualType Ty) {
982fec1a442SValeriy Savchenko if (!Ty->isBlockPointerType()) {
983fec1a442SValeriy Savchenko return false;
984fec1a442SValeriy Savchenko }
985fec1a442SValeriy Savchenko
9862901dc75SSimon Pilgrim QualType BlockType = Ty->castAs<BlockPointerType>()->getPointeeType();
987fec1a442SValeriy Savchenko // Completion handlers should have a block type with void return type.
9882901dc75SSimon Pilgrim return BlockType->castAs<FunctionType>()->getReturnType()->isVoidType();
989fec1a442SValeriy Savchenko }
990fec1a442SValeriy Savchenko
991fec1a442SValeriy Savchenko /// Return true if the only parameter of the function is conventional.
isOnlyParameterConventional(const FunctionDecl * Function)992fec1a442SValeriy Savchenko static bool isOnlyParameterConventional(const FunctionDecl *Function) {
993c4355670SErik Pilkington IdentifierInfo *II = Function->getIdentifier();
994c4355670SErik Pilkington return Function->getNumParams() == 1 && II &&
995c4355670SErik Pilkington hasConventionalSuffix(II->getName());
996fec1a442SValeriy Savchenko }
997fec1a442SValeriy Savchenko
998fec1a442SValeriy Savchenko /// Return true/false if 'swift_async' attribute states that the given
999fec1a442SValeriy Savchenko /// parameter is conventionally called once.
1000fec1a442SValeriy Savchenko /// Return llvm::None if the given declaration doesn't have 'swift_async'
1001fec1a442SValeriy Savchenko /// attribute.
isConventionalSwiftAsync(const Decl * D,unsigned ParamIndex)1002fec1a442SValeriy Savchenko static llvm::Optional<bool> isConventionalSwiftAsync(const Decl *D,
1003fec1a442SValeriy Savchenko unsigned ParamIndex) {
1004fec1a442SValeriy Savchenko if (const SwiftAsyncAttr *A = D->getAttr<SwiftAsyncAttr>()) {
1005fec1a442SValeriy Savchenko if (A->getKind() == SwiftAsyncAttr::None) {
1006fec1a442SValeriy Savchenko return false;
1007fec1a442SValeriy Savchenko }
1008fec1a442SValeriy Savchenko
1009fec1a442SValeriy Savchenko return A->getCompletionHandlerIndex().getASTIndex() == ParamIndex;
1010fec1a442SValeriy Savchenko }
1011fec1a442SValeriy Savchenko return llvm::None;
1012fec1a442SValeriy Savchenko }
1013fec1a442SValeriy Savchenko
101477f1e096SValeriy Savchenko /// Return true if the specified selector represents init method.
isInitMethod(Selector MethodSelector)101577f1e096SValeriy Savchenko static bool isInitMethod(Selector MethodSelector) {
101677f1e096SValeriy Savchenko return MethodSelector.getMethodFamily() == OMF_init;
101777f1e096SValeriy Savchenko }
101877f1e096SValeriy Savchenko
1019fec1a442SValeriy Savchenko /// Return true if the specified selector piece matches conventions.
isConventionalSelectorPiece(Selector MethodSelector,unsigned PieceIndex,QualType PieceType)1020fec1a442SValeriy Savchenko static bool isConventionalSelectorPiece(Selector MethodSelector,
1021fec1a442SValeriy Savchenko unsigned PieceIndex,
1022fec1a442SValeriy Savchenko QualType PieceType) {
102377f1e096SValeriy Savchenko if (!isConventional(PieceType) || isInitMethod(MethodSelector)) {
1024fec1a442SValeriy Savchenko return false;
1025fec1a442SValeriy Savchenko }
1026fec1a442SValeriy Savchenko
1027fec1a442SValeriy Savchenko if (MethodSelector.getNumArgs() == 1) {
1028fec1a442SValeriy Savchenko assert(PieceIndex == 0);
1029fec1a442SValeriy Savchenko return hasConventionalSuffix(MethodSelector.getNameForSlot(0));
1030fec1a442SValeriy Savchenko }
1031fec1a442SValeriy Savchenko
103259112eacSValeriy Savchenko llvm::StringRef PieceName = MethodSelector.getNameForSlot(PieceIndex);
103359112eacSValeriy Savchenko return isConventional(PieceName) || hasConventionalSuffix(PieceName);
1034fec1a442SValeriy Savchenko }
1035fec1a442SValeriy Savchenko
shouldBeCalledOnce(const ParmVarDecl * Parameter) const1036fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ParmVarDecl *Parameter) const {
1037fec1a442SValeriy Savchenko return isExplicitlyMarked(Parameter) ||
1038fec1a442SValeriy Savchenko (CheckConventionalParameters &&
103959112eacSValeriy Savchenko (isConventional(Parameter->getName()) ||
104059112eacSValeriy Savchenko hasConventionalSuffix(Parameter->getName())) &&
1041fec1a442SValeriy Savchenko isConventional(Parameter->getType()));
1042fec1a442SValeriy Savchenko }
1043fec1a442SValeriy Savchenko
shouldBeCalledOnce(const DeclContext * ParamContext,const ParmVarDecl * Param)1044fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const DeclContext *ParamContext,
1045fec1a442SValeriy Savchenko const ParmVarDecl *Param) {
1046fec1a442SValeriy Savchenko unsigned ParamIndex = Param->getFunctionScopeIndex();
1047fec1a442SValeriy Savchenko if (const auto *Function = dyn_cast<FunctionDecl>(ParamContext)) {
1048fec1a442SValeriy Savchenko return shouldBeCalledOnce(Function, ParamIndex);
1049fec1a442SValeriy Savchenko }
1050fec1a442SValeriy Savchenko if (const auto *Method = dyn_cast<ObjCMethodDecl>(ParamContext)) {
1051fec1a442SValeriy Savchenko return shouldBeCalledOnce(Method, ParamIndex);
1052fec1a442SValeriy Savchenko }
1053fec1a442SValeriy Savchenko return shouldBeCalledOnce(Param);
1054fec1a442SValeriy Savchenko }
1055fec1a442SValeriy Savchenko
shouldBeCalledOnce(const BlockDecl * Block,unsigned ParamIndex) const1056fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const BlockDecl *Block, unsigned ParamIndex) const {
1057fec1a442SValeriy Savchenko return shouldBeCalledOnce(Block->getParamDecl(ParamIndex));
1058fec1a442SValeriy Savchenko }
1059fec1a442SValeriy Savchenko
shouldBeCalledOnce(const FunctionDecl * Function,unsigned ParamIndex) const1060fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const FunctionDecl *Function,
1061fec1a442SValeriy Savchenko unsigned ParamIndex) const {
1062fec1a442SValeriy Savchenko if (ParamIndex >= Function->getNumParams()) {
1063fec1a442SValeriy Savchenko return false;
1064fec1a442SValeriy Savchenko }
1065fec1a442SValeriy Savchenko // 'swift_async' goes first and overrides anything else.
1066fec1a442SValeriy Savchenko if (auto ConventionalAsync =
1067fec1a442SValeriy Savchenko isConventionalSwiftAsync(Function, ParamIndex)) {
1068*ca4af13eSKazu Hirata return *ConventionalAsync;
1069fec1a442SValeriy Savchenko }
1070fec1a442SValeriy Savchenko
1071fec1a442SValeriy Savchenko return shouldBeCalledOnce(Function->getParamDecl(ParamIndex)) ||
1072fec1a442SValeriy Savchenko (CheckConventionalParameters &&
1073fec1a442SValeriy Savchenko isOnlyParameterConventional(Function));
1074fec1a442SValeriy Savchenko }
1075fec1a442SValeriy Savchenko
shouldBeCalledOnce(const ObjCMethodDecl * Method,unsigned ParamIndex) const1076fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ObjCMethodDecl *Method,
1077fec1a442SValeriy Savchenko unsigned ParamIndex) const {
1078fec1a442SValeriy Savchenko Selector MethodSelector = Method->getSelector();
1079fec1a442SValeriy Savchenko if (ParamIndex >= MethodSelector.getNumArgs()) {
1080fec1a442SValeriy Savchenko return false;
1081fec1a442SValeriy Savchenko }
1082fec1a442SValeriy Savchenko
1083fec1a442SValeriy Savchenko // 'swift_async' goes first and overrides anything else.
1084fec1a442SValeriy Savchenko if (auto ConventionalAsync = isConventionalSwiftAsync(Method, ParamIndex)) {
1085*ca4af13eSKazu Hirata return *ConventionalAsync;
1086fec1a442SValeriy Savchenko }
1087fec1a442SValeriy Savchenko
1088fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = Method->getParamDecl(ParamIndex);
1089fec1a442SValeriy Savchenko return shouldBeCalledOnce(Parameter) ||
1090fec1a442SValeriy Savchenko (CheckConventionalParameters &&
1091fec1a442SValeriy Savchenko isConventionalSelectorPiece(MethodSelector, ParamIndex,
1092fec1a442SValeriy Savchenko Parameter->getType()));
1093fec1a442SValeriy Savchenko }
1094fec1a442SValeriy Savchenko
shouldBeCalledOnce(const CallExpr * Call,unsigned ParamIndex) const1095fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const CallExpr *Call, unsigned ParamIndex) const {
1096fec1a442SValeriy Savchenko const FunctionDecl *Function = Call->getDirectCallee();
1097fec1a442SValeriy Savchenko return Function && shouldBeCalledOnce(Function, ParamIndex);
1098fec1a442SValeriy Savchenko }
1099fec1a442SValeriy Savchenko
shouldBeCalledOnce(const ObjCMessageExpr * Message,unsigned ParamIndex) const1100fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ObjCMessageExpr *Message,
1101fec1a442SValeriy Savchenko unsigned ParamIndex) const {
1102fec1a442SValeriy Savchenko const ObjCMethodDecl *Method = Message->getMethodDecl();
1103fec1a442SValeriy Savchenko return Method && ParamIndex < Method->param_size() &&
1104fec1a442SValeriy Savchenko shouldBeCalledOnce(Method, ParamIndex);
1105fec1a442SValeriy Savchenko }
1106fec1a442SValeriy Savchenko
1107fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
1108fec1a442SValeriy Savchenko // Utility methods
1109fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
1110fec1a442SValeriy Savchenko
isCaptured(const ParmVarDecl * Parameter) const1111fec1a442SValeriy Savchenko bool isCaptured(const ParmVarDecl *Parameter) const {
1112fec1a442SValeriy Savchenko if (const BlockDecl *Block = dyn_cast<BlockDecl>(AC.getDecl())) {
1113fec1a442SValeriy Savchenko return Block->capturesVariable(Parameter);
1114fec1a442SValeriy Savchenko }
1115fec1a442SValeriy Savchenko return false;
1116fec1a442SValeriy Savchenko }
1117fec1a442SValeriy Savchenko
1118f1a7d5a7SValeriy Savchenko // Return a call site where the block is called exactly once or null otherwise
getBlockGuaraneedCallSite(const BlockExpr * Block) const1119f1a7d5a7SValeriy Savchenko const Expr *getBlockGuaraneedCallSite(const BlockExpr *Block) const {
1120f1a7d5a7SValeriy Savchenko ParentMap &PM = AC.getParentMap();
1121f1a7d5a7SValeriy Savchenko
1122f1a7d5a7SValeriy Savchenko // We don't want to track the block through assignments and so on, instead
1123f1a7d5a7SValeriy Savchenko // we simply see how the block used and if it's used directly in a call,
1124f1a7d5a7SValeriy Savchenko // we decide based on call to what it is.
1125f1a7d5a7SValeriy Savchenko //
1126f1a7d5a7SValeriy Savchenko // In order to do this, we go up the parents of the block looking for
1127f1a7d5a7SValeriy Savchenko // a call or a message expressions. These might not be immediate parents
1128f1a7d5a7SValeriy Savchenko // of the actual block expression due to casts and parens, so we skip them.
1129f1a7d5a7SValeriy Savchenko for (const Stmt *Prev = Block, *Current = PM.getParent(Block);
1130f1a7d5a7SValeriy Savchenko Current != nullptr; Prev = Current, Current = PM.getParent(Current)) {
1131f1a7d5a7SValeriy Savchenko // Skip no-op (for our case) operations.
1132f1a7d5a7SValeriy Savchenko if (isa<CastExpr>(Current) || isa<ParenExpr>(Current))
1133f1a7d5a7SValeriy Savchenko continue;
1134f1a7d5a7SValeriy Savchenko
1135f1a7d5a7SValeriy Savchenko // At this point, Prev represents our block as an immediate child of the
1136f1a7d5a7SValeriy Savchenko // call.
1137f1a7d5a7SValeriy Savchenko if (const auto *Call = dyn_cast<CallExpr>(Current)) {
1138f1a7d5a7SValeriy Savchenko // It might be the call of the Block itself...
1139f1a7d5a7SValeriy Savchenko if (Call->getCallee() == Prev)
1140f1a7d5a7SValeriy Savchenko return Call;
1141f1a7d5a7SValeriy Savchenko
1142f1a7d5a7SValeriy Savchenko // ...or it can be an indirect call of the block.
1143f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Call, Prev) ? Call : nullptr;
1144f1a7d5a7SValeriy Savchenko }
1145f1a7d5a7SValeriy Savchenko if (const auto *Message = dyn_cast<ObjCMessageExpr>(Current)) {
1146f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Message, Prev) ? Message
1147f1a7d5a7SValeriy Savchenko : nullptr;
1148f1a7d5a7SValeriy Savchenko }
1149f1a7d5a7SValeriy Savchenko
1150f1a7d5a7SValeriy Savchenko break;
1151f1a7d5a7SValeriy Savchenko }
1152f1a7d5a7SValeriy Savchenko
1153f1a7d5a7SValeriy Savchenko return nullptr;
1154f1a7d5a7SValeriy Savchenko }
1155f1a7d5a7SValeriy Savchenko
1156f1a7d5a7SValeriy Savchenko template <class CallLikeExpr>
shouldBlockArgumentBeCalledOnce(const CallLikeExpr * CallOrMessage,const Stmt * BlockArgument) const1157f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const CallLikeExpr *CallOrMessage,
1158f1a7d5a7SValeriy Savchenko const Stmt *BlockArgument) const {
1159f1a7d5a7SValeriy Savchenko // CallExpr::arguments does not interact nicely with llvm::enumerate.
1160f1a7d5a7SValeriy Savchenko llvm::ArrayRef<const Expr *> Arguments = llvm::makeArrayRef(
1161f1a7d5a7SValeriy Savchenko CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
1162f1a7d5a7SValeriy Savchenko
1163f1a7d5a7SValeriy Savchenko for (const auto &Argument : llvm::enumerate(Arguments)) {
1164f1a7d5a7SValeriy Savchenko if (Argument.value() == BlockArgument) {
1165f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(CallOrMessage, Argument.index());
1166f1a7d5a7SValeriy Savchenko }
1167f1a7d5a7SValeriy Savchenko }
1168f1a7d5a7SValeriy Savchenko
1169f1a7d5a7SValeriy Savchenko return false;
1170f1a7d5a7SValeriy Savchenko }
1171f1a7d5a7SValeriy Savchenko
shouldBlockArgumentBeCalledOnce(const CallExpr * Call,unsigned ParamIndex) const1172f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const CallExpr *Call,
1173f1a7d5a7SValeriy Savchenko unsigned ParamIndex) const {
1174f1a7d5a7SValeriy Savchenko const FunctionDecl *Function = Call->getDirectCallee();
1175f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Function, ParamIndex) ||
1176f1a7d5a7SValeriy Savchenko shouldBeCalledOnce(Call, ParamIndex);
1177f1a7d5a7SValeriy Savchenko }
1178f1a7d5a7SValeriy Savchenko
shouldBlockArgumentBeCalledOnce(const ObjCMessageExpr * Message,unsigned ParamIndex) const1179f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const ObjCMessageExpr *Message,
1180f1a7d5a7SValeriy Savchenko unsigned ParamIndex) const {
1181f1a7d5a7SValeriy Savchenko // At the moment, we don't have any Obj-C methods we want to specifically
1182f1a7d5a7SValeriy Savchenko // check in here.
1183f1a7d5a7SValeriy Savchenko return shouldBeCalledOnce(Message, ParamIndex);
1184f1a7d5a7SValeriy Savchenko }
1185f1a7d5a7SValeriy Savchenko
shouldBlockArgumentBeCalledOnce(const FunctionDecl * Function,unsigned ParamIndex)1186f1a7d5a7SValeriy Savchenko static bool shouldBlockArgumentBeCalledOnce(const FunctionDecl *Function,
1187f1a7d5a7SValeriy Savchenko unsigned ParamIndex) {
1188f1a7d5a7SValeriy Savchenko // There is a list of important API functions that while not following
1189f1a7d5a7SValeriy Savchenko // conventions nor being directly annotated, still guarantee that the
1190f1a7d5a7SValeriy Savchenko // callback parameter will be called exactly once.
1191f1a7d5a7SValeriy Savchenko //
1192f1a7d5a7SValeriy Savchenko // Here we check if this is the case.
1193f1a7d5a7SValeriy Savchenko return Function &&
1194f1a7d5a7SValeriy Savchenko llvm::any_of(KNOWN_CALLED_ONCE_PARAMETERS,
1195f1a7d5a7SValeriy Savchenko [Function, ParamIndex](
1196f1a7d5a7SValeriy Savchenko const KnownCalledOnceParameter &Reference) {
1197f1a7d5a7SValeriy Savchenko return Reference.FunctionName ==
1198f1a7d5a7SValeriy Savchenko Function->getName() &&
1199f1a7d5a7SValeriy Savchenko Reference.ParamIndex == ParamIndex;
1200f1a7d5a7SValeriy Savchenko });
1201f1a7d5a7SValeriy Savchenko }
1202f1a7d5a7SValeriy Savchenko
1203fec1a442SValeriy Savchenko /// Return true if the analyzed function is actually a default implementation
1204fec1a442SValeriy Savchenko /// of the method that has to be overriden.
1205fec1a442SValeriy Savchenko ///
1206fec1a442SValeriy Savchenko /// These functions can have tracked parameters, but wouldn't call them
1207fec1a442SValeriy Savchenko /// because they are not designed to perform any meaningful actions.
1208fec1a442SValeriy Savchenko ///
1209fec1a442SValeriy Savchenko /// There are a couple of flavors of such default implementations:
1210fec1a442SValeriy Savchenko /// 1. Empty methods or methods with a single return statement
1211fec1a442SValeriy Savchenko /// 2. Methods that have one block with a call to no return function
1212fec1a442SValeriy Savchenko /// 3. Methods with only assertion-like operations
isPossiblyEmptyImpl() const1213fec1a442SValeriy Savchenko bool isPossiblyEmptyImpl() const {
1214fec1a442SValeriy Savchenko if (!isa<ObjCMethodDecl>(AC.getDecl())) {
1215fec1a442SValeriy Savchenko // We care only about functions that are not supposed to be called.
1216fec1a442SValeriy Savchenko // Only methods can be overriden.
1217fec1a442SValeriy Savchenko return false;
1218fec1a442SValeriy Savchenko }
1219fec1a442SValeriy Savchenko
1220fec1a442SValeriy Savchenko // Case #1 (without return statements)
1221fec1a442SValeriy Savchenko if (FunctionCFG.size() == 2) {
1222fec1a442SValeriy Savchenko // Method has only two blocks: ENTRY and EXIT.
1223fec1a442SValeriy Savchenko // This is equivalent to empty function.
1224fec1a442SValeriy Savchenko return true;
1225fec1a442SValeriy Savchenko }
1226fec1a442SValeriy Savchenko
1227fec1a442SValeriy Savchenko // Case #2
1228fec1a442SValeriy Savchenko if (FunctionCFG.size() == 3) {
1229fec1a442SValeriy Savchenko const CFGBlock &Entry = FunctionCFG.getEntry();
1230fec1a442SValeriy Savchenko if (Entry.succ_empty()) {
1231fec1a442SValeriy Savchenko return false;
1232fec1a442SValeriy Savchenko }
1233fec1a442SValeriy Savchenko
1234fec1a442SValeriy Savchenko const CFGBlock *OnlyBlock = *Entry.succ_begin();
1235fec1a442SValeriy Savchenko // Method has only one block, let's see if it has a no-return
1236fec1a442SValeriy Savchenko // element.
1237fec1a442SValeriy Savchenko if (OnlyBlock && OnlyBlock->hasNoReturnElement()) {
1238fec1a442SValeriy Savchenko return true;
1239fec1a442SValeriy Savchenko }
1240fec1a442SValeriy Savchenko // Fallthrough, CFGs with only one block can fall into #1 and #3 as well.
1241fec1a442SValeriy Savchenko }
1242fec1a442SValeriy Savchenko
1243fec1a442SValeriy Savchenko // Cases #1 (return statements) and #3.
1244fec1a442SValeriy Savchenko //
1245fec1a442SValeriy Savchenko // It is hard to detect that something is an assertion or came
1246fec1a442SValeriy Savchenko // from assertion. Here we use a simple heuristic:
1247fec1a442SValeriy Savchenko //
1248fec1a442SValeriy Savchenko // - If it came from a macro, it can be an assertion.
1249fec1a442SValeriy Savchenko //
1250fec1a442SValeriy Savchenko // Additionally, we can't assume a number of basic blocks or the CFG's
1251fec1a442SValeriy Savchenko // structure because assertions might include loops and conditions.
1252fec1a442SValeriy Savchenko return llvm::all_of(FunctionCFG, [](const CFGBlock *BB) {
1253fec1a442SValeriy Savchenko if (!BB) {
1254fec1a442SValeriy Savchenko // Unreachable blocks are totally fine.
1255fec1a442SValeriy Savchenko return true;
1256fec1a442SValeriy Savchenko }
1257fec1a442SValeriy Savchenko
1258fec1a442SValeriy Savchenko // Return statements can have sub-expressions that are represented as
1259fec1a442SValeriy Savchenko // separate statements of a basic block. We should allow this.
1260fec1a442SValeriy Savchenko // This parent map will be initialized with a parent tree for all
1261fec1a442SValeriy Savchenko // subexpressions of the block's return statement (if it has one).
1262fec1a442SValeriy Savchenko std::unique_ptr<ParentMap> ReturnChildren;
1263fec1a442SValeriy Savchenko
1264fec1a442SValeriy Savchenko return llvm::all_of(
1265fec1a442SValeriy Savchenko llvm::reverse(*BB), // we should start with return statements, if we
1266fec1a442SValeriy Savchenko // have any, i.e. from the bottom of the block
1267fec1a442SValeriy Savchenko [&ReturnChildren](const CFGElement &Element) {
1268fec1a442SValeriy Savchenko if (Optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
1269fec1a442SValeriy Savchenko const Stmt *SuspiciousStmt = S->getStmt();
1270fec1a442SValeriy Savchenko
1271fec1a442SValeriy Savchenko if (isa<ReturnStmt>(SuspiciousStmt)) {
1272fec1a442SValeriy Savchenko // Let's initialize this structure to test whether
1273fec1a442SValeriy Savchenko // some further statement is a part of this return.
1274fec1a442SValeriy Savchenko ReturnChildren = std::make_unique<ParentMap>(
1275fec1a442SValeriy Savchenko const_cast<Stmt *>(SuspiciousStmt));
1276fec1a442SValeriy Savchenko // Return statements are allowed as part of #1.
1277fec1a442SValeriy Savchenko return true;
1278fec1a442SValeriy Savchenko }
1279fec1a442SValeriy Savchenko
1280fec1a442SValeriy Savchenko return SuspiciousStmt->getBeginLoc().isMacroID() ||
1281fec1a442SValeriy Savchenko (ReturnChildren &&
1282fec1a442SValeriy Savchenko ReturnChildren->hasParent(SuspiciousStmt));
1283fec1a442SValeriy Savchenko }
1284fec1a442SValeriy Savchenko return true;
1285fec1a442SValeriy Savchenko });
1286fec1a442SValeriy Savchenko });
1287fec1a442SValeriy Savchenko }
1288fec1a442SValeriy Savchenko
1289fec1a442SValeriy Savchenko /// Check if parameter with the given index has ever escaped.
hasEverEscaped(unsigned Index) const1290fec1a442SValeriy Savchenko bool hasEverEscaped(unsigned Index) const {
1291fec1a442SValeriy Savchenko return llvm::any_of(States, [Index](const State &StateForOneBB) {
1292fec1a442SValeriy Savchenko return StateForOneBB.getKindFor(Index) == ParameterStatus::Escaped;
1293fec1a442SValeriy Savchenko });
1294fec1a442SValeriy Savchenko }
1295fec1a442SValeriy Savchenko
1296fec1a442SValeriy Savchenko /// Return status stored for the given basic block.
1297fec1a442SValeriy Savchenko /// \{
getState(const CFGBlock * BB)1298fec1a442SValeriy Savchenko State &getState(const CFGBlock *BB) {
1299fec1a442SValeriy Savchenko assert(BB);
1300fec1a442SValeriy Savchenko return States[BB->getBlockID()];
1301fec1a442SValeriy Savchenko }
getState(const CFGBlock * BB) const1302fec1a442SValeriy Savchenko const State &getState(const CFGBlock *BB) const {
1303fec1a442SValeriy Savchenko assert(BB);
1304fec1a442SValeriy Savchenko return States[BB->getBlockID()];
1305fec1a442SValeriy Savchenko }
1306fec1a442SValeriy Savchenko /// \}
1307fec1a442SValeriy Savchenko
1308fec1a442SValeriy Savchenko /// Assign status to the given basic block.
1309fec1a442SValeriy Savchenko ///
1310fec1a442SValeriy Savchenko /// Returns true when the stored status changed.
assignState(const CFGBlock * BB,const State & ToAssign)1311fec1a442SValeriy Savchenko bool assignState(const CFGBlock *BB, const State &ToAssign) {
1312fec1a442SValeriy Savchenko State &Current = getState(BB);
1313fec1a442SValeriy Savchenko if (Current == ToAssign) {
1314fec1a442SValeriy Savchenko return false;
1315fec1a442SValeriy Savchenko }
1316fec1a442SValeriy Savchenko
1317fec1a442SValeriy Savchenko Current = ToAssign;
1318fec1a442SValeriy Savchenko return true;
1319fec1a442SValeriy Savchenko }
1320fec1a442SValeriy Savchenko
1321fec1a442SValeriy Savchenko /// Join all incoming statuses for the given basic block.
joinSuccessors(const CFGBlock * BB) const1322fec1a442SValeriy Savchenko State joinSuccessors(const CFGBlock *BB) const {
1323fec1a442SValeriy Savchenko auto Succs =
1324fec1a442SValeriy Savchenko llvm::make_filter_range(BB->succs(), [this](const CFGBlock *Succ) {
1325fec1a442SValeriy Savchenko return Succ && this->getState(Succ).isVisited();
1326fec1a442SValeriy Savchenko });
1327fec1a442SValeriy Savchenko // We came to this block from somewhere after all.
1328fec1a442SValeriy Savchenko assert(!Succs.empty() &&
1329fec1a442SValeriy Savchenko "Basic block should have at least one visited successor");
1330fec1a442SValeriy Savchenko
1331fec1a442SValeriy Savchenko State Result = getState(*Succs.begin());
1332fec1a442SValeriy Savchenko
1333fec1a442SValeriy Savchenko for (const CFGBlock *Succ : llvm::drop_begin(Succs, 1)) {
1334fec1a442SValeriy Savchenko Result.join(getState(Succ));
1335fec1a442SValeriy Savchenko }
1336fec1a442SValeriy Savchenko
1337fec1a442SValeriy Savchenko if (const Expr *Condition = getCondition(BB->getTerminatorStmt())) {
1338fec1a442SValeriy Savchenko handleConditional(BB, Condition, Result);
1339fec1a442SValeriy Savchenko }
1340fec1a442SValeriy Savchenko
1341fec1a442SValeriy Savchenko return Result;
1342fec1a442SValeriy Savchenko }
1343fec1a442SValeriy Savchenko
handleConditional(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1344fec1a442SValeriy Savchenko void handleConditional(const CFGBlock *BB, const Expr *Condition,
1345fec1a442SValeriy Savchenko State &ToAlter) const {
1346fec1a442SValeriy Savchenko handleParameterCheck(BB, Condition, ToAlter);
1347fec1a442SValeriy Savchenko if (SuppressOnConventionalErrorPaths) {
1348fec1a442SValeriy Savchenko handleConventionalCheck(BB, Condition, ToAlter);
1349fec1a442SValeriy Savchenko }
1350fec1a442SValeriy Savchenko }
1351fec1a442SValeriy Savchenko
handleParameterCheck(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1352fec1a442SValeriy Savchenko void handleParameterCheck(const CFGBlock *BB, const Expr *Condition,
1353fec1a442SValeriy Savchenko State &ToAlter) const {
1354fec1a442SValeriy Savchenko // In this function, we try to deal with the following pattern:
1355fec1a442SValeriy Savchenko //
1356fec1a442SValeriy Savchenko // if (parameter)
1357fec1a442SValeriy Savchenko // parameter(...);
1358fec1a442SValeriy Savchenko //
1359fec1a442SValeriy Savchenko // It's not good to show a warning here because clearly 'parameter'
1360fec1a442SValeriy Savchenko // couldn't and shouldn't be called on the 'else' path.
1361fec1a442SValeriy Savchenko //
1362fec1a442SValeriy Savchenko // Let's check if this if statement has a check involving one of
1363fec1a442SValeriy Savchenko // the tracked parameters.
1364fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(
1365fec1a442SValeriy Savchenko Condition,
1366fec1a442SValeriy Savchenko /* ShouldRetrieveFromComparisons = */ true)) {
1367fec1a442SValeriy Savchenko if (const auto Index = getIndex(*Parameter)) {
1368fec1a442SValeriy Savchenko ParameterStatus &CurrentStatus = ToAlter.getStatusFor(*Index);
1369fec1a442SValeriy Savchenko
1370fec1a442SValeriy Savchenko // We don't want to deep dive into semantics of the check and
1371fec1a442SValeriy Savchenko // figure out if that check was for null or something else.
1372fec1a442SValeriy Savchenko // We simply trust the user that they know what they are doing.
1373fec1a442SValeriy Savchenko //
1374fec1a442SValeriy Savchenko // For this reason, in the following loop we look for the
1375fec1a442SValeriy Savchenko // best-looking option.
1376fec1a442SValeriy Savchenko for (const CFGBlock *Succ : BB->succs()) {
1377fec1a442SValeriy Savchenko if (!Succ)
1378fec1a442SValeriy Savchenko continue;
1379fec1a442SValeriy Savchenko
1380fec1a442SValeriy Savchenko const ParameterStatus &StatusInSucc =
1381fec1a442SValeriy Savchenko getState(Succ).getStatusFor(*Index);
1382fec1a442SValeriy Savchenko
1383fec1a442SValeriy Savchenko if (StatusInSucc.isErrorStatus()) {
1384fec1a442SValeriy Savchenko continue;
1385fec1a442SValeriy Savchenko }
1386fec1a442SValeriy Savchenko
1387fec1a442SValeriy Savchenko // Let's use this status instead.
1388fec1a442SValeriy Savchenko CurrentStatus = StatusInSucc;
1389fec1a442SValeriy Savchenko
1390fec1a442SValeriy Savchenko if (StatusInSucc.getKind() == ParameterStatus::DefinitelyCalled) {
1391fec1a442SValeriy Savchenko // This is the best option to have and we already found it.
1392fec1a442SValeriy Savchenko break;
1393fec1a442SValeriy Savchenko }
1394fec1a442SValeriy Savchenko
1395fec1a442SValeriy Savchenko // If we found 'Escaped' first, we still might find 'DefinitelyCalled'
1396fec1a442SValeriy Savchenko // on the other branch. And we prefer the latter.
1397fec1a442SValeriy Savchenko }
1398fec1a442SValeriy Savchenko }
1399fec1a442SValeriy Savchenko }
1400fec1a442SValeriy Savchenko }
1401fec1a442SValeriy Savchenko
handleConventionalCheck(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1402fec1a442SValeriy Savchenko void handleConventionalCheck(const CFGBlock *BB, const Expr *Condition,
1403fec1a442SValeriy Savchenko State &ToAlter) const {
1404fec1a442SValeriy Savchenko // Even when the analysis is technically correct, it is a widespread pattern
1405fec1a442SValeriy Savchenko // not to call completion handlers in some scenarios. These usually have
1406fec1a442SValeriy Savchenko // typical conditional names, such as 'error' or 'cancel'.
1407fec1a442SValeriy Savchenko if (!mentionsAnyOfConventionalNames(Condition)) {
1408fec1a442SValeriy Savchenko return;
1409fec1a442SValeriy Savchenko }
1410fec1a442SValeriy Savchenko
1411fec1a442SValeriy Savchenko for (const auto &IndexedStatus : llvm::enumerate(ToAlter)) {
1412fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
1413fec1a442SValeriy Savchenko // Conventions do not apply to explicitly marked parameters.
1414fec1a442SValeriy Savchenko if (isExplicitlyMarked(Parameter)) {
1415fec1a442SValeriy Savchenko continue;
1416fec1a442SValeriy Savchenko }
1417fec1a442SValeriy Savchenko
1418fec1a442SValeriy Savchenko ParameterStatus &CurrentStatus = IndexedStatus.value();
1419fec1a442SValeriy Savchenko // If we did find that on one of the branches the user uses the callback
1420fec1a442SValeriy Savchenko // and doesn't on the other path, we believe that they know what they are
1421fec1a442SValeriy Savchenko // doing and trust them.
1422fec1a442SValeriy Savchenko //
1423fec1a442SValeriy Savchenko // There are two possible scenarios for that:
1424fec1a442SValeriy Savchenko // 1. Current status is 'MaybeCalled' and one of the branches is
1425fec1a442SValeriy Savchenko // 'DefinitelyCalled'
1426fec1a442SValeriy Savchenko // 2. Current status is 'NotCalled' and one of the branches is 'Escaped'
1427fec1a442SValeriy Savchenko if (isLosingCall(ToAlter, BB, IndexedStatus.index()) ||
1428fec1a442SValeriy Savchenko isLosingEscape(ToAlter, BB, IndexedStatus.index())) {
1429fec1a442SValeriy Savchenko CurrentStatus = ParameterStatus::Escaped;
1430fec1a442SValeriy Savchenko }
1431fec1a442SValeriy Savchenko }
1432fec1a442SValeriy Savchenko }
1433fec1a442SValeriy Savchenko
isLosingCall(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex) const1434fec1a442SValeriy Savchenko bool isLosingCall(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1435fec1a442SValeriy Savchenko unsigned ParameterIndex) const {
1436fec1a442SValeriy Savchenko // Let's check if the block represents DefinitelyCalled -> MaybeCalled
1437fec1a442SValeriy Savchenko // transition.
1438fec1a442SValeriy Savchenko return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1439fec1a442SValeriy Savchenko ParameterStatus::MaybeCalled,
1440fec1a442SValeriy Savchenko ParameterStatus::DefinitelyCalled);
1441fec1a442SValeriy Savchenko }
1442fec1a442SValeriy Savchenko
isLosingEscape(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex) const1443fec1a442SValeriy Savchenko bool isLosingEscape(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1444fec1a442SValeriy Savchenko unsigned ParameterIndex) const {
1445fec1a442SValeriy Savchenko // Let's check if the block represents Escaped -> NotCalled transition.
1446fec1a442SValeriy Savchenko return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1447fec1a442SValeriy Savchenko ParameterStatus::NotCalled, ParameterStatus::Escaped);
1448fec1a442SValeriy Savchenko }
1449fec1a442SValeriy Savchenko
isLosingJoin(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex,ParameterStatus::Kind AfterJoin,ParameterStatus::Kind BeforeJoin) const1450fec1a442SValeriy Savchenko bool isLosingJoin(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1451fec1a442SValeriy Savchenko unsigned ParameterIndex, ParameterStatus::Kind AfterJoin,
1452fec1a442SValeriy Savchenko ParameterStatus::Kind BeforeJoin) const {
1453fec1a442SValeriy Savchenko assert(!ParameterStatus::isErrorStatus(BeforeJoin) &&
1454fec1a442SValeriy Savchenko ParameterStatus::isErrorStatus(AfterJoin) &&
1455fec1a442SValeriy Savchenko "It's not a losing join if statuses do not represent "
1456fec1a442SValeriy Savchenko "correct-to-error transition");
1457fec1a442SValeriy Savchenko
1458fec1a442SValeriy Savchenko const ParameterStatus &CurrentStatus =
1459fec1a442SValeriy Savchenko StateAfterJoin.getStatusFor(ParameterIndex);
1460fec1a442SValeriy Savchenko
1461fec1a442SValeriy Savchenko return CurrentStatus.getKind() == AfterJoin &&
1462fec1a442SValeriy Savchenko anySuccessorHasStatus(JoinBlock, ParameterIndex, BeforeJoin);
1463fec1a442SValeriy Savchenko }
1464fec1a442SValeriy Savchenko
1465fec1a442SValeriy Savchenko /// Return true if any of the successors of the given basic block has
1466fec1a442SValeriy Savchenko /// a specified status for the given parameter.
anySuccessorHasStatus(const CFGBlock * Parent,unsigned ParameterIndex,ParameterStatus::Kind ToFind) const1467fec1a442SValeriy Savchenko bool anySuccessorHasStatus(const CFGBlock *Parent, unsigned ParameterIndex,
1468fec1a442SValeriy Savchenko ParameterStatus::Kind ToFind) const {
1469fec1a442SValeriy Savchenko return llvm::any_of(
1470fec1a442SValeriy Savchenko Parent->succs(), [this, ParameterIndex, ToFind](const CFGBlock *Succ) {
1471fec1a442SValeriy Savchenko return Succ && getState(Succ).getKindFor(ParameterIndex) == ToFind;
1472fec1a442SValeriy Savchenko });
1473fec1a442SValeriy Savchenko }
1474fec1a442SValeriy Savchenko
1475fec1a442SValeriy Savchenko /// Check given expression that was discovered to escape.
checkEscapee(const Expr * E)1476fec1a442SValeriy Savchenko void checkEscapee(const Expr *E) {
1477fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1478fec1a442SValeriy Savchenko checkEscapee(*Parameter);
1479fec1a442SValeriy Savchenko }
1480fec1a442SValeriy Savchenko }
1481fec1a442SValeriy Savchenko
1482fec1a442SValeriy Savchenko /// Check given parameter that was discovered to escape.
checkEscapee(const ParmVarDecl & Parameter)1483fec1a442SValeriy Savchenko void checkEscapee(const ParmVarDecl &Parameter) {
1484fec1a442SValeriy Savchenko if (auto Index = getIndex(Parameter)) {
1485c86dacd1SValeriy Savchenko processEscapeFor(*Index);
1486fec1a442SValeriy Savchenko }
1487fec1a442SValeriy Savchenko }
1488fec1a442SValeriy Savchenko
1489fec1a442SValeriy Savchenko /// Mark all parameters in the current state as 'no-return'.
markNoReturn()1490fec1a442SValeriy Savchenko void markNoReturn() {
1491fec1a442SValeriy Savchenko for (ParameterStatus &PS : CurrentState) {
1492fec1a442SValeriy Savchenko PS = ParameterStatus::NoReturn;
1493fec1a442SValeriy Savchenko }
1494fec1a442SValeriy Savchenko }
1495fec1a442SValeriy Savchenko
1496fec1a442SValeriy Savchenko /// Check if the given assignment represents suppression and act on it.
checkSuppression(const BinaryOperator * Assignment)1497fec1a442SValeriy Savchenko void checkSuppression(const BinaryOperator *Assignment) {
1498fec1a442SValeriy Savchenko // Suppression has the following form:
1499fec1a442SValeriy Savchenko // parameter = 0;
1500fec1a442SValeriy Savchenko // 0 can be of any form (NULL, nil, etc.)
1501fec1a442SValeriy Savchenko if (auto Index = getIndexOfExpression(Assignment->getLHS())) {
1502fec1a442SValeriy Savchenko
1503fec1a442SValeriy Savchenko // We don't care what is written in the RHS, it could be whatever
1504fec1a442SValeriy Savchenko // we can interpret as 0.
1505fec1a442SValeriy Savchenko if (auto Constant =
1506fec1a442SValeriy Savchenko Assignment->getRHS()->IgnoreParenCasts()->getIntegerConstantExpr(
1507fec1a442SValeriy Savchenko AC.getASTContext())) {
1508fec1a442SValeriy Savchenko
1509fec1a442SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
1510fec1a442SValeriy Savchenko
1511fec1a442SValeriy Savchenko if (0 == *Constant && CurrentParamStatus.seenAnyCalls()) {
1512fec1a442SValeriy Savchenko // Even though this suppression mechanism is introduced to tackle
1513fec1a442SValeriy Savchenko // false positives for multiple calls, the fact that the user has
1514fec1a442SValeriy Savchenko // to use suppression can also tell us that we couldn't figure out
1515fec1a442SValeriy Savchenko // how different paths cancel each other out. And if that is true,
1516fec1a442SValeriy Savchenko // we will most certainly have false positives about parameters not
1517fec1a442SValeriy Savchenko // being called on certain paths.
1518fec1a442SValeriy Savchenko //
1519fec1a442SValeriy Savchenko // For this reason, we abandon tracking this parameter altogether.
1520fec1a442SValeriy Savchenko CurrentParamStatus = ParameterStatus::Reported;
1521fec1a442SValeriy Savchenko }
1522fec1a442SValeriy Savchenko }
1523fec1a442SValeriy Savchenko }
1524fec1a442SValeriy Savchenko }
1525fec1a442SValeriy Savchenko
1526fec1a442SValeriy Savchenko public:
1527fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
1528fec1a442SValeriy Savchenko // Tree traversal methods
1529fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===//
1530fec1a442SValeriy Savchenko
VisitCallExpr(const CallExpr * Call)1531fec1a442SValeriy Savchenko void VisitCallExpr(const CallExpr *Call) {
1532fec1a442SValeriy Savchenko // This call might be a direct call, i.e. a parameter call...
1533fec1a442SValeriy Savchenko checkDirectCall(Call);
1534fec1a442SValeriy Savchenko // ... or an indirect call, i.e. when parameter is an argument.
1535fec1a442SValeriy Savchenko checkIndirectCall(Call);
1536fec1a442SValeriy Savchenko }
1537fec1a442SValeriy Savchenko
VisitObjCMessageExpr(const ObjCMessageExpr * Message)1538fec1a442SValeriy Savchenko void VisitObjCMessageExpr(const ObjCMessageExpr *Message) {
1539fec1a442SValeriy Savchenko // The most common situation that we are defending against here is
1540fec1a442SValeriy Savchenko // copying a tracked parameter.
1541fec1a442SValeriy Savchenko if (const Expr *Receiver = Message->getInstanceReceiver()) {
1542fec1a442SValeriy Savchenko checkEscapee(Receiver);
1543fec1a442SValeriy Savchenko }
1544fec1a442SValeriy Savchenko // Message expressions unlike calls, could not be direct.
1545fec1a442SValeriy Savchenko checkIndirectCall(Message);
1546fec1a442SValeriy Savchenko }
1547fec1a442SValeriy Savchenko
VisitBlockExpr(const BlockExpr * Block)1548fec1a442SValeriy Savchenko void VisitBlockExpr(const BlockExpr *Block) {
1549f1a7d5a7SValeriy Savchenko // Block expressions are tricky. It is a very common practice to capture
1550f1a7d5a7SValeriy Savchenko // completion handlers by blocks and use them there.
1551f1a7d5a7SValeriy Savchenko // For this reason, it is important to analyze blocks and report warnings
1552f1a7d5a7SValeriy Savchenko // for completion handler misuse in blocks.
1553fec1a442SValeriy Savchenko //
1554f1a7d5a7SValeriy Savchenko // However, it can be quite difficult to track how the block itself is being
1555f1a7d5a7SValeriy Savchenko // used. The full precise anlysis of that will be similar to alias analysis
1556f1a7d5a7SValeriy Savchenko // for completion handlers and can be too heavyweight for a compile-time
1557f1a7d5a7SValeriy Savchenko // diagnostic. Instead, we judge about the immediate use of the block.
1558f1a7d5a7SValeriy Savchenko //
1559f1a7d5a7SValeriy Savchenko // Here, we try to find a call expression where we know due to conventions,
1560f1a7d5a7SValeriy Savchenko // annotations, or other reasons that the block is called once and only
1561f1a7d5a7SValeriy Savchenko // once.
1562f1a7d5a7SValeriy Savchenko const Expr *CalledOnceCallSite = getBlockGuaraneedCallSite(Block);
1563f1a7d5a7SValeriy Savchenko
1564f1a7d5a7SValeriy Savchenko // We need to report this information to the handler because in the
1565f1a7d5a7SValeriy Savchenko // situation when we know that the block is called exactly once, we can be
1566f1a7d5a7SValeriy Savchenko // stricter in terms of reported diagnostics.
1567f1a7d5a7SValeriy Savchenko if (CalledOnceCallSite) {
1568f1a7d5a7SValeriy Savchenko Handler.handleBlockThatIsGuaranteedToBeCalledOnce(Block->getBlockDecl());
1569f1a7d5a7SValeriy Savchenko } else {
1570f1a7d5a7SValeriy Savchenko Handler.handleBlockWithNoGuarantees(Block->getBlockDecl());
1571f1a7d5a7SValeriy Savchenko }
1572f1a7d5a7SValeriy Savchenko
1573f1a7d5a7SValeriy Savchenko for (const auto &Capture : Block->getBlockDecl()->captures()) {
1574fec1a442SValeriy Savchenko if (const auto *Param = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
1575f1a7d5a7SValeriy Savchenko if (auto Index = getIndex(*Param)) {
1576f1a7d5a7SValeriy Savchenko if (CalledOnceCallSite) {
1577f1a7d5a7SValeriy Savchenko // The call site of a block can be considered a call site of the
1578f1a7d5a7SValeriy Savchenko // captured parameter we track.
1579f1a7d5a7SValeriy Savchenko processCallFor(*Index, CalledOnceCallSite);
1580f1a7d5a7SValeriy Savchenko } else {
1581f1a7d5a7SValeriy Savchenko // We still should consider this block as an escape for parameter,
1582f1a7d5a7SValeriy Savchenko // if we don't know about its call site or the number of time it
1583f1a7d5a7SValeriy Savchenko // can be invoked.
1584f1a7d5a7SValeriy Savchenko processEscapeFor(*Index);
1585f1a7d5a7SValeriy Savchenko }
1586f1a7d5a7SValeriy Savchenko }
1587fec1a442SValeriy Savchenko }
1588fec1a442SValeriy Savchenko }
1589fec1a442SValeriy Savchenko }
1590fec1a442SValeriy Savchenko
VisitBinaryOperator(const BinaryOperator * Op)1591fec1a442SValeriy Savchenko void VisitBinaryOperator(const BinaryOperator *Op) {
1592fec1a442SValeriy Savchenko if (Op->getOpcode() == clang::BO_Assign) {
1593fec1a442SValeriy Savchenko // Let's check if one of the tracked parameters is assigned into
1594fec1a442SValeriy Savchenko // something, and if it is we don't want to track extra variables, so we
1595fec1a442SValeriy Savchenko // consider it as an escapee.
1596fec1a442SValeriy Savchenko checkEscapee(Op->getRHS());
1597fec1a442SValeriy Savchenko
1598fec1a442SValeriy Savchenko // Let's check whether this assignment is a suppression.
1599fec1a442SValeriy Savchenko checkSuppression(Op);
1600fec1a442SValeriy Savchenko }
1601fec1a442SValeriy Savchenko }
1602fec1a442SValeriy Savchenko
VisitDeclStmt(const DeclStmt * DS)1603fec1a442SValeriy Savchenko void VisitDeclStmt(const DeclStmt *DS) {
1604fec1a442SValeriy Savchenko // Variable initialization is not assignment and should be handled
1605fec1a442SValeriy Savchenko // separately.
1606fec1a442SValeriy Savchenko //
1607fec1a442SValeriy Savchenko // Multiple declarations can be a part of declaration statement.
1608fec1a442SValeriy Savchenko for (const auto *Declaration : DS->getDeclGroup()) {
1609fec1a442SValeriy Savchenko if (const auto *Var = dyn_cast<VarDecl>(Declaration)) {
1610fec1a442SValeriy Savchenko if (Var->getInit()) {
1611fec1a442SValeriy Savchenko checkEscapee(Var->getInit());
1612fec1a442SValeriy Savchenko }
16134a7afc9aSValeriy Savchenko
16144a7afc9aSValeriy Savchenko if (Var->hasAttr<CleanupAttr>()) {
16154a7afc9aSValeriy Savchenko FunctionHasCleanupVars = true;
16164a7afc9aSValeriy Savchenko }
1617fec1a442SValeriy Savchenko }
1618fec1a442SValeriy Savchenko }
1619fec1a442SValeriy Savchenko }
1620fec1a442SValeriy Savchenko
VisitCStyleCastExpr(const CStyleCastExpr * Cast)1621fec1a442SValeriy Savchenko void VisitCStyleCastExpr(const CStyleCastExpr *Cast) {
1622fec1a442SValeriy Savchenko // We consider '(void)parameter' as a manual no-op escape.
1623fec1a442SValeriy Savchenko // It should be used to explicitly tell the analysis that this parameter
1624fec1a442SValeriy Savchenko // is intentionally not called on this path.
1625fec1a442SValeriy Savchenko if (Cast->getType().getCanonicalType()->isVoidType()) {
1626fec1a442SValeriy Savchenko checkEscapee(Cast->getSubExpr());
1627fec1a442SValeriy Savchenko }
1628fec1a442SValeriy Savchenko }
1629fec1a442SValeriy Savchenko
VisitObjCAtThrowStmt(const ObjCAtThrowStmt *)1630fec1a442SValeriy Savchenko void VisitObjCAtThrowStmt(const ObjCAtThrowStmt *) {
1631fec1a442SValeriy Savchenko // It is OK not to call marked parameters on exceptional paths.
1632fec1a442SValeriy Savchenko markNoReturn();
1633fec1a442SValeriy Savchenko }
1634fec1a442SValeriy Savchenko
1635fec1a442SValeriy Savchenko private:
size() const1636fec1a442SValeriy Savchenko unsigned size() const { return TrackedParams.size(); }
1637fec1a442SValeriy Savchenko
getIndexOfCallee(const CallExpr * Call) const1638fec1a442SValeriy Savchenko llvm::Optional<unsigned> getIndexOfCallee(const CallExpr *Call) const {
1639fec1a442SValeriy Savchenko return getIndexOfExpression(Call->getCallee());
1640fec1a442SValeriy Savchenko }
1641fec1a442SValeriy Savchenko
getIndexOfExpression(const Expr * E) const1642fec1a442SValeriy Savchenko llvm::Optional<unsigned> getIndexOfExpression(const Expr *E) const {
1643fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1644fec1a442SValeriy Savchenko return getIndex(*Parameter);
1645fec1a442SValeriy Savchenko }
1646fec1a442SValeriy Savchenko
1647fec1a442SValeriy Savchenko return llvm::None;
1648fec1a442SValeriy Savchenko }
1649fec1a442SValeriy Savchenko
getIndex(const ParmVarDecl & Parameter) const1650fec1a442SValeriy Savchenko llvm::Optional<unsigned> getIndex(const ParmVarDecl &Parameter) const {
1651fec1a442SValeriy Savchenko // Expected number of parameters that we actually track is 1.
1652fec1a442SValeriy Savchenko //
1653fec1a442SValeriy Savchenko // Also, the maximum number of declared parameters could not be on a scale
1654fec1a442SValeriy Savchenko // of hundreds of thousands.
1655fec1a442SValeriy Savchenko //
1656fec1a442SValeriy Savchenko // In this setting, linear search seems reasonable and even performs better
1657fec1a442SValeriy Savchenko // than bisection.
1658fec1a442SValeriy Savchenko ParamSizedVector<const ParmVarDecl *>::const_iterator It =
1659fec1a442SValeriy Savchenko llvm::find(TrackedParams, &Parameter);
1660fec1a442SValeriy Savchenko
1661fec1a442SValeriy Savchenko if (It != TrackedParams.end()) {
1662fec1a442SValeriy Savchenko return It - TrackedParams.begin();
1663fec1a442SValeriy Savchenko }
1664fec1a442SValeriy Savchenko
1665fec1a442SValeriy Savchenko return llvm::None;
1666fec1a442SValeriy Savchenko }
1667fec1a442SValeriy Savchenko
getParameter(unsigned Index) const1668fec1a442SValeriy Savchenko const ParmVarDecl *getParameter(unsigned Index) const {
1669fec1a442SValeriy Savchenko assert(Index < TrackedParams.size());
1670fec1a442SValeriy Savchenko return TrackedParams[Index];
1671fec1a442SValeriy Savchenko }
1672fec1a442SValeriy Savchenko
1673fec1a442SValeriy Savchenko const CFG &FunctionCFG;
1674fec1a442SValeriy Savchenko AnalysisDeclContext &AC;
1675fec1a442SValeriy Savchenko CalledOnceCheckHandler &Handler;
1676fec1a442SValeriy Savchenko bool CheckConventionalParameters;
1677fec1a442SValeriy Savchenko // As of now, we turn this behavior off. So, we still are going to report
1678fec1a442SValeriy Savchenko // missing calls on paths that look like it was intentional.
1679fec1a442SValeriy Savchenko // Technically such reports are true positives, but they can make some users
1680fec1a442SValeriy Savchenko // grumpy because of the sheer number of warnings.
1681fec1a442SValeriy Savchenko // It can be turned back on if we decide that we want to have the other way
1682fec1a442SValeriy Savchenko // around.
1683fec1a442SValeriy Savchenko bool SuppressOnConventionalErrorPaths = false;
1684fec1a442SValeriy Savchenko
16854a7afc9aSValeriy Savchenko // The user can annotate variable declarations with cleanup functions, which
16864a7afc9aSValeriy Savchenko // essentially imposes a custom destructor logic on that variable.
16874a7afc9aSValeriy Savchenko // It is possible to use it, however, to call tracked parameters on all exits
16884a7afc9aSValeriy Savchenko // from the function. For this reason, we track the fact that the function
16894a7afc9aSValeriy Savchenko // actually has these.
16904a7afc9aSValeriy Savchenko bool FunctionHasCleanupVars = false;
16914a7afc9aSValeriy Savchenko
1692fec1a442SValeriy Savchenko State CurrentState;
1693fec1a442SValeriy Savchenko ParamSizedVector<const ParmVarDecl *> TrackedParams;
1694fec1a442SValeriy Savchenko CFGSizedVector<State> States;
1695fec1a442SValeriy Savchenko };
1696fec1a442SValeriy Savchenko
1697fec1a442SValeriy Savchenko } // end anonymous namespace
1698fec1a442SValeriy Savchenko
1699fec1a442SValeriy Savchenko namespace clang {
checkCalledOnceParameters(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)1700fec1a442SValeriy Savchenko void checkCalledOnceParameters(AnalysisDeclContext &AC,
1701fec1a442SValeriy Savchenko CalledOnceCheckHandler &Handler,
1702fec1a442SValeriy Savchenko bool CheckConventionalParameters) {
1703fec1a442SValeriy Savchenko CalledOnceChecker::check(AC, Handler, CheckConventionalParameters);
1704fec1a442SValeriy Savchenko }
1705fec1a442SValeriy Savchenko } // end namespace clang
1706