1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines analysis_warnings::[Policy,Executor]. 11 // Together they are used by Sema to issue warnings based on inexpensive 12 // static analysis algorithms in libAnalysis. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #include "clang/Sema/AnalysisBasedWarnings.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/EvaluatedExprVisitor.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/ExprObjC.h" 22 #include "clang/AST/ParentMap.h" 23 #include "clang/AST/RecursiveASTVisitor.h" 24 #include "clang/AST/StmtCXX.h" 25 #include "clang/AST/StmtObjC.h" 26 #include "clang/AST/StmtVisitor.h" 27 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 28 #include "clang/Analysis/Analyses/Consumed.h" 29 #include "clang/Analysis/Analyses/ReachableCode.h" 30 #include "clang/Analysis/Analyses/ThreadSafety.h" 31 #include "clang/Analysis/Analyses/UninitializedValues.h" 32 #include "clang/Analysis/AnalysisContext.h" 33 #include "clang/Analysis/CFG.h" 34 #include "clang/Analysis/CFGStmtMap.h" 35 #include "clang/Basic/SourceLocation.h" 36 #include "clang/Basic/SourceManager.h" 37 #include "clang/Lex/Preprocessor.h" 38 #include "clang/Sema/ScopeInfo.h" 39 #include "clang/Sema/SemaInternal.h" 40 #include "llvm/ADT/ArrayRef.h" 41 #include "llvm/ADT/BitVector.h" 42 #include "llvm/ADT/FoldingSet.h" 43 #include "llvm/ADT/ImmutableMap.h" 44 #include "llvm/ADT/MapVector.h" 45 #include "llvm/ADT/PostOrderIterator.h" 46 #include "llvm/ADT/SmallString.h" 47 #include "llvm/ADT/SmallVector.h" 48 #include "llvm/ADT/StringRef.h" 49 #include "llvm/Support/Casting.h" 50 #include <algorithm> 51 #include <deque> 52 #include <iterator> 53 #include <vector> 54 55 using namespace clang; 56 57 //===----------------------------------------------------------------------===// 58 // Unreachable code analysis. 59 //===----------------------------------------------------------------------===// 60 61 namespace { 62 class UnreachableCodeHandler : public reachable_code::Callback { 63 Sema &S; 64 public: 65 UnreachableCodeHandler(Sema &s) : S(s) {} 66 67 void HandleUnreachable(reachable_code::UnreachableKind UK, 68 SourceLocation L, 69 SourceRange SilenceableCondVal, 70 SourceRange R1, 71 SourceRange R2) override { 72 unsigned diag = diag::warn_unreachable; 73 switch (UK) { 74 case reachable_code::UK_Break: 75 diag = diag::warn_unreachable_break; 76 break; 77 case reachable_code::UK_Return: 78 diag = diag::warn_unreachable_return; 79 break; 80 case reachable_code::UK_Loop_Increment: 81 diag = diag::warn_unreachable_loop_increment; 82 break; 83 case reachable_code::UK_Other: 84 break; 85 } 86 87 S.Diag(L, diag) << R1 << R2; 88 89 SourceLocation Open = SilenceableCondVal.getBegin(); 90 if (Open.isValid()) { 91 SourceLocation Close = SilenceableCondVal.getEnd(); 92 Close = S.getLocForEndOfToken(Close); 93 if (Close.isValid()) { 94 S.Diag(Open, diag::note_unreachable_silence) 95 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 96 << FixItHint::CreateInsertion(Close, ")"); 97 } 98 } 99 } 100 }; 101 } // anonymous namespace 102 103 /// CheckUnreachable - Check for unreachable code. 104 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 105 // As a heuristic prune all diagnostics not in the main file. Currently 106 // the majority of warnings in headers are false positives. These 107 // are largely caused by configuration state, e.g. preprocessor 108 // defined code, etc. 109 // 110 // Note that this is also a performance optimization. Analyzing 111 // headers many times can be expensive. 112 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getLocStart())) 113 return; 114 115 UnreachableCodeHandler UC(S); 116 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 117 } 118 119 namespace { 120 /// \brief Warn on logical operator errors in CFGBuilder 121 class LogicalErrorHandler : public CFGCallback { 122 Sema &S; 123 124 public: 125 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {} 126 127 static bool HasMacroID(const Expr *E) { 128 if (E->getExprLoc().isMacroID()) 129 return true; 130 131 // Recurse to children. 132 for (const Stmt *SubStmt : E->children()) 133 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt)) 134 if (HasMacroID(SubExpr)) 135 return true; 136 137 return false; 138 } 139 140 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 141 if (HasMacroID(B)) 142 return; 143 144 SourceRange DiagRange = B->getSourceRange(); 145 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 146 << DiagRange << isAlwaysTrue; 147 } 148 149 void compareBitwiseEquality(const BinaryOperator *B, 150 bool isAlwaysTrue) override { 151 if (HasMacroID(B)) 152 return; 153 154 SourceRange DiagRange = B->getSourceRange(); 155 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 156 << DiagRange << isAlwaysTrue; 157 } 158 }; 159 } // anonymous namespace 160 161 //===----------------------------------------------------------------------===// 162 // Check for infinite self-recursion in functions 163 //===----------------------------------------------------------------------===// 164 165 // Returns true if the function is called anywhere within the CFGBlock. 166 // For member functions, the additional condition of being call from the 167 // this pointer is required. 168 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) { 169 // Process all the Stmt's in this block to find any calls to FD. 170 for (const auto &B : Block) { 171 if (B.getKind() != CFGElement::Statement) 172 continue; 173 174 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 175 if (!CE || !CE->getCalleeDecl() || 176 CE->getCalleeDecl()->getCanonicalDecl() != FD) 177 continue; 178 179 // Skip function calls which are qualified with a templated class. 180 if (const DeclRefExpr *DRE = 181 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) { 182 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 183 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 184 isa<TemplateSpecializationType>(NNS->getAsType())) { 185 continue; 186 } 187 } 188 } 189 190 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE); 191 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 192 !MCE->getMethodDecl()->isVirtual()) 193 return true; 194 } 195 return false; 196 } 197 198 // All blocks are in one of three states. States are ordered so that blocks 199 // can only move to higher states. 200 enum RecursiveState { 201 FoundNoPath, 202 FoundPath, 203 FoundPathWithNoRecursiveCall 204 }; 205 206 // Returns true if there exists a path to the exit block and every path 207 // to the exit block passes through a call to FD. 208 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) { 209 210 const unsigned ExitID = cfg->getExit().getBlockID(); 211 212 // Mark all nodes as FoundNoPath, then set the status of the entry block. 213 SmallVector<RecursiveState, 16> States(cfg->getNumBlockIDs(), FoundNoPath); 214 States[cfg->getEntry().getBlockID()] = FoundPathWithNoRecursiveCall; 215 216 // Make the processing stack and seed it with the entry block. 217 SmallVector<CFGBlock *, 16> Stack; 218 Stack.push_back(&cfg->getEntry()); 219 220 while (!Stack.empty()) { 221 CFGBlock *CurBlock = Stack.back(); 222 Stack.pop_back(); 223 224 unsigned ID = CurBlock->getBlockID(); 225 RecursiveState CurState = States[ID]; 226 227 if (CurState == FoundPathWithNoRecursiveCall) { 228 // Found a path to the exit node without a recursive call. 229 if (ExitID == ID) 230 return false; 231 232 // Only change state if the block has a recursive call. 233 if (hasRecursiveCallInPath(FD, *CurBlock)) 234 CurState = FoundPath; 235 } 236 237 // Loop over successor blocks and add them to the Stack if their state 238 // changes. 239 for (auto I = CurBlock->succ_begin(), E = CurBlock->succ_end(); I != E; ++I) 240 if (*I) { 241 unsigned next_ID = (*I)->getBlockID(); 242 if (States[next_ID] < CurState) { 243 States[next_ID] = CurState; 244 Stack.push_back(*I); 245 } 246 } 247 } 248 249 // Return true if the exit node is reachable, and only reachable through 250 // a recursive call. 251 return States[ExitID] == FoundPath; 252 } 253 254 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 255 const Stmt *Body, AnalysisDeclContext &AC) { 256 FD = FD->getCanonicalDecl(); 257 258 // Only run on non-templated functions and non-templated members of 259 // templated classes. 260 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 261 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 262 return; 263 264 CFG *cfg = AC.getCFG(); 265 if (!cfg) return; 266 267 // If the exit block is unreachable, skip processing the function. 268 if (cfg->getExit().pred_empty()) 269 return; 270 271 // Emit diagnostic if a recursive function call is detected for all paths. 272 if (checkForRecursiveFunctionCall(FD, cfg)) 273 S.Diag(Body->getLocStart(), diag::warn_infinite_recursive_function); 274 } 275 276 //===----------------------------------------------------------------------===// 277 // Check for missing return value. 278 //===----------------------------------------------------------------------===// 279 280 enum ControlFlowKind { 281 UnknownFallThrough, 282 NeverFallThrough, 283 MaybeFallThrough, 284 AlwaysFallThrough, 285 NeverFallThroughOrReturn 286 }; 287 288 /// CheckFallThrough - Check that we don't fall off the end of a 289 /// Statement that should return a value. 290 /// 291 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 292 /// MaybeFallThrough iff we might or might not fall off the end, 293 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 294 /// return. We assume NeverFallThrough iff we never fall off the end of the 295 /// statement but we may return. We assume that functions not marked noreturn 296 /// will return. 297 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 298 CFG *cfg = AC.getCFG(); 299 if (!cfg) return UnknownFallThrough; 300 301 // The CFG leaves in dead things, and we don't want the dead code paths to 302 // confuse us, so we mark all live things first. 303 llvm::BitVector live(cfg->getNumBlockIDs()); 304 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 305 live); 306 307 bool AddEHEdges = AC.getAddEHEdges(); 308 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 309 // When there are things remaining dead, and we didn't add EH edges 310 // from CallExprs to the catch clauses, we have to go back and 311 // mark them as live. 312 for (const auto *B : *cfg) { 313 if (!live[B->getBlockID()]) { 314 if (B->pred_begin() == B->pred_end()) { 315 if (B->getTerminator() && isa<CXXTryStmt>(B->getTerminator())) 316 // When not adding EH edges from calls, catch clauses 317 // can otherwise seem dead. Avoid noting them as dead. 318 count += reachable_code::ScanReachableFromBlock(B, live); 319 continue; 320 } 321 } 322 } 323 324 // Now we know what is live, we check the live precessors of the exit block 325 // and look for fall through paths, being careful to ignore normal returns, 326 // and exceptional paths. 327 bool HasLiveReturn = false; 328 bool HasFakeEdge = false; 329 bool HasPlainEdge = false; 330 bool HasAbnormalEdge = false; 331 332 // Ignore default cases that aren't likely to be reachable because all 333 // enums in a switch(X) have explicit case statements. 334 CFGBlock::FilterOptions FO; 335 FO.IgnoreDefaultsWithCoveredEnums = 1; 336 337 for (CFGBlock::filtered_pred_iterator 338 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) { 339 const CFGBlock& B = **I; 340 if (!live[B.getBlockID()]) 341 continue; 342 343 // Skip blocks which contain an element marked as no-return. They don't 344 // represent actually viable edges into the exit block, so mark them as 345 // abnormal. 346 if (B.hasNoReturnElement()) { 347 HasAbnormalEdge = true; 348 continue; 349 } 350 351 // Destructors can appear after the 'return' in the CFG. This is 352 // normal. We need to look pass the destructors for the return 353 // statement (if it exists). 354 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 355 356 for ( ; ri != re ; ++ri) 357 if (ri->getAs<CFGStmt>()) 358 break; 359 360 // No more CFGElements in the block? 361 if (ri == re) { 362 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) { 363 HasAbnormalEdge = true; 364 continue; 365 } 366 // A labeled empty statement, or the entry block... 367 HasPlainEdge = true; 368 continue; 369 } 370 371 CFGStmt CS = ri->castAs<CFGStmt>(); 372 const Stmt *S = CS.getStmt(); 373 if (isa<ReturnStmt>(S)) { 374 HasLiveReturn = true; 375 continue; 376 } 377 if (isa<ObjCAtThrowStmt>(S)) { 378 HasFakeEdge = true; 379 continue; 380 } 381 if (isa<CXXThrowExpr>(S)) { 382 HasFakeEdge = true; 383 continue; 384 } 385 if (isa<MSAsmStmt>(S)) { 386 // TODO: Verify this is correct. 387 HasFakeEdge = true; 388 HasLiveReturn = true; 389 continue; 390 } 391 if (isa<CXXTryStmt>(S)) { 392 HasAbnormalEdge = true; 393 continue; 394 } 395 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit()) 396 == B.succ_end()) { 397 HasAbnormalEdge = true; 398 continue; 399 } 400 401 HasPlainEdge = true; 402 } 403 if (!HasPlainEdge) { 404 if (HasLiveReturn) 405 return NeverFallThrough; 406 return NeverFallThroughOrReturn; 407 } 408 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 409 return MaybeFallThrough; 410 // This says AlwaysFallThrough for calls to functions that are not marked 411 // noreturn, that don't return. If people would like this warning to be more 412 // accurate, such functions should be marked as noreturn. 413 return AlwaysFallThrough; 414 } 415 416 namespace { 417 418 struct CheckFallThroughDiagnostics { 419 unsigned diag_MaybeFallThrough_HasNoReturn; 420 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 421 unsigned diag_AlwaysFallThrough_HasNoReturn; 422 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 423 unsigned diag_NeverFallThroughOrReturn; 424 enum { Function, Block, Lambda } funMode; 425 SourceLocation FuncLoc; 426 427 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 428 CheckFallThroughDiagnostics D; 429 D.FuncLoc = Func->getLocation(); 430 D.diag_MaybeFallThrough_HasNoReturn = 431 diag::warn_falloff_noreturn_function; 432 D.diag_MaybeFallThrough_ReturnsNonVoid = 433 diag::warn_maybe_falloff_nonvoid_function; 434 D.diag_AlwaysFallThrough_HasNoReturn = 435 diag::warn_falloff_noreturn_function; 436 D.diag_AlwaysFallThrough_ReturnsNonVoid = 437 diag::warn_falloff_nonvoid_function; 438 439 // Don't suggest that virtual functions be marked "noreturn", since they 440 // might be overridden by non-noreturn functions. 441 bool isVirtualMethod = false; 442 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 443 isVirtualMethod = Method->isVirtual(); 444 445 // Don't suggest that template instantiations be marked "noreturn" 446 bool isTemplateInstantiation = false; 447 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 448 isTemplateInstantiation = Function->isTemplateInstantiation(); 449 450 if (!isVirtualMethod && !isTemplateInstantiation) 451 D.diag_NeverFallThroughOrReturn = 452 diag::warn_suggest_noreturn_function; 453 else 454 D.diag_NeverFallThroughOrReturn = 0; 455 456 D.funMode = Function; 457 return D; 458 } 459 460 static CheckFallThroughDiagnostics MakeForBlock() { 461 CheckFallThroughDiagnostics D; 462 D.diag_MaybeFallThrough_HasNoReturn = 463 diag::err_noreturn_block_has_return_expr; 464 D.diag_MaybeFallThrough_ReturnsNonVoid = 465 diag::err_maybe_falloff_nonvoid_block; 466 D.diag_AlwaysFallThrough_HasNoReturn = 467 diag::err_noreturn_block_has_return_expr; 468 D.diag_AlwaysFallThrough_ReturnsNonVoid = 469 diag::err_falloff_nonvoid_block; 470 D.diag_NeverFallThroughOrReturn = 0; 471 D.funMode = Block; 472 return D; 473 } 474 475 static CheckFallThroughDiagnostics MakeForLambda() { 476 CheckFallThroughDiagnostics D; 477 D.diag_MaybeFallThrough_HasNoReturn = 478 diag::err_noreturn_lambda_has_return_expr; 479 D.diag_MaybeFallThrough_ReturnsNonVoid = 480 diag::warn_maybe_falloff_nonvoid_lambda; 481 D.diag_AlwaysFallThrough_HasNoReturn = 482 diag::err_noreturn_lambda_has_return_expr; 483 D.diag_AlwaysFallThrough_ReturnsNonVoid = 484 diag::warn_falloff_nonvoid_lambda; 485 D.diag_NeverFallThroughOrReturn = 0; 486 D.funMode = Lambda; 487 return D; 488 } 489 490 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 491 bool HasNoReturn) const { 492 if (funMode == Function) { 493 return (ReturnsVoid || 494 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 495 FuncLoc)) && 496 (!HasNoReturn || 497 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 498 FuncLoc)) && 499 (!ReturnsVoid || 500 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 501 } 502 503 // For blocks / lambdas. 504 return ReturnsVoid && !HasNoReturn; 505 } 506 }; 507 508 } // anonymous namespace 509 510 /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a 511 /// function that should return a value. Check that we don't fall off the end 512 /// of a noreturn function. We assume that functions and blocks not marked 513 /// noreturn will return. 514 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 515 const BlockExpr *blkExpr, 516 const CheckFallThroughDiagnostics& CD, 517 AnalysisDeclContext &AC) { 518 519 bool ReturnsVoid = false; 520 bool HasNoReturn = false; 521 522 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 523 ReturnsVoid = FD->getReturnType()->isVoidType(); 524 HasNoReturn = FD->isNoReturn(); 525 } 526 else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 527 ReturnsVoid = MD->getReturnType()->isVoidType(); 528 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 529 } 530 else if (isa<BlockDecl>(D)) { 531 QualType BlockTy = blkExpr->getType(); 532 if (const FunctionType *FT = 533 BlockTy->getPointeeType()->getAs<FunctionType>()) { 534 if (FT->getReturnType()->isVoidType()) 535 ReturnsVoid = true; 536 if (FT->getNoReturnAttr()) 537 HasNoReturn = true; 538 } 539 } 540 541 DiagnosticsEngine &Diags = S.getDiagnostics(); 542 543 // Short circuit for compilation speed. 544 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 545 return; 546 547 SourceLocation LBrace = Body->getLocStart(), RBrace = Body->getLocEnd(); 548 // Either in a function body compound statement, or a function-try-block. 549 switch (CheckFallThrough(AC)) { 550 case UnknownFallThrough: 551 break; 552 553 case MaybeFallThrough: 554 if (HasNoReturn) 555 S.Diag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn); 556 else if (!ReturnsVoid) 557 S.Diag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid); 558 break; 559 case AlwaysFallThrough: 560 if (HasNoReturn) 561 S.Diag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn); 562 else if (!ReturnsVoid) 563 S.Diag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid); 564 break; 565 case NeverFallThroughOrReturn: 566 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 567 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 568 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD; 569 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 570 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD; 571 } else { 572 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn); 573 } 574 } 575 break; 576 case NeverFallThrough: 577 break; 578 } 579 } 580 581 //===----------------------------------------------------------------------===// 582 // -Wuninitialized 583 //===----------------------------------------------------------------------===// 584 585 namespace { 586 /// ContainsReference - A visitor class to search for references to 587 /// a particular declaration (the needle) within any evaluated component of an 588 /// expression (recursively). 589 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> { 590 bool FoundReference; 591 const DeclRefExpr *Needle; 592 593 public: 594 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited; 595 596 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 597 : Inherited(Context), FoundReference(false), Needle(Needle) {} 598 599 void VisitExpr(const Expr *E) { 600 // Stop evaluating if we already have a reference. 601 if (FoundReference) 602 return; 603 604 Inherited::VisitExpr(E); 605 } 606 607 void VisitDeclRefExpr(const DeclRefExpr *E) { 608 if (E == Needle) 609 FoundReference = true; 610 else 611 Inherited::VisitDeclRefExpr(E); 612 } 613 614 bool doesContainReference() const { return FoundReference; } 615 }; 616 } // anonymous namespace 617 618 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 619 QualType VariableTy = VD->getType().getCanonicalType(); 620 if (VariableTy->isBlockPointerType() && 621 !VD->hasAttr<BlocksAttr>()) { 622 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 623 << VD->getDeclName() 624 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 625 return true; 626 } 627 628 // Don't issue a fixit if there is already an initializer. 629 if (VD->getInit()) 630 return false; 631 632 // Don't suggest a fixit inside macros. 633 if (VD->getLocEnd().isMacroID()) 634 return false; 635 636 SourceLocation Loc = S.getLocForEndOfToken(VD->getLocEnd()); 637 638 // Suggest possible initialization (if any). 639 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 640 if (Init.empty()) 641 return false; 642 643 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 644 << FixItHint::CreateInsertion(Loc, Init); 645 return true; 646 } 647 648 /// Create a fixit to remove an if-like statement, on the assumption that its 649 /// condition is CondVal. 650 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 651 const Stmt *Else, bool CondVal, 652 FixItHint &Fixit1, FixItHint &Fixit2) { 653 if (CondVal) { 654 // If condition is always true, remove all but the 'then'. 655 Fixit1 = FixItHint::CreateRemoval( 656 CharSourceRange::getCharRange(If->getLocStart(), 657 Then->getLocStart())); 658 if (Else) { 659 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getLocEnd()); 660 Fixit2 = FixItHint::CreateRemoval( 661 SourceRange(ElseKwLoc, Else->getLocEnd())); 662 } 663 } else { 664 // If condition is always false, remove all but the 'else'. 665 if (Else) 666 Fixit1 = FixItHint::CreateRemoval( 667 CharSourceRange::getCharRange(If->getLocStart(), 668 Else->getLocStart())); 669 else 670 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 671 } 672 } 673 674 /// DiagUninitUse -- Helper function to produce a diagnostic for an 675 /// uninitialized use of a variable. 676 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 677 bool IsCapturedByBlock) { 678 bool Diagnosed = false; 679 680 switch (Use.getKind()) { 681 case UninitUse::Always: 682 S.Diag(Use.getUser()->getLocStart(), diag::warn_uninit_var) 683 << VD->getDeclName() << IsCapturedByBlock 684 << Use.getUser()->getSourceRange(); 685 return; 686 687 case UninitUse::AfterDecl: 688 case UninitUse::AfterCall: 689 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 690 << VD->getDeclName() << IsCapturedByBlock 691 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 692 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 693 << VD->getSourceRange(); 694 S.Diag(Use.getUser()->getLocStart(), diag::note_uninit_var_use) 695 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 696 return; 697 698 case UninitUse::Maybe: 699 case UninitUse::Sometimes: 700 // Carry on to report sometimes-uninitialized branches, if possible, 701 // or a 'may be used uninitialized' diagnostic otherwise. 702 break; 703 } 704 705 // Diagnose each branch which leads to a sometimes-uninitialized use. 706 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 707 I != E; ++I) { 708 assert(Use.getKind() == UninitUse::Sometimes); 709 710 const Expr *User = Use.getUser(); 711 const Stmt *Term = I->Terminator; 712 713 // Information used when building the diagnostic. 714 unsigned DiagKind; 715 StringRef Str; 716 SourceRange Range; 717 718 // FixIts to suppress the diagnostic by removing the dead condition. 719 // For all binary terminators, branch 0 is taken if the condition is true, 720 // and branch 1 is taken if the condition is false. 721 int RemoveDiagKind = -1; 722 const char *FixitStr = 723 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 724 : (I->Output ? "1" : "0"); 725 FixItHint Fixit1, Fixit2; 726 727 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 728 default: 729 // Don't know how to report this. Just fall back to 'may be used 730 // uninitialized'. FIXME: Can this happen? 731 continue; 732 733 // "condition is true / condition is false". 734 case Stmt::IfStmtClass: { 735 const IfStmt *IS = cast<IfStmt>(Term); 736 DiagKind = 0; 737 Str = "if"; 738 Range = IS->getCond()->getSourceRange(); 739 RemoveDiagKind = 0; 740 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 741 I->Output, Fixit1, Fixit2); 742 break; 743 } 744 case Stmt::ConditionalOperatorClass: { 745 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 746 DiagKind = 0; 747 Str = "?:"; 748 Range = CO->getCond()->getSourceRange(); 749 RemoveDiagKind = 0; 750 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 751 I->Output, Fixit1, Fixit2); 752 break; 753 } 754 case Stmt::BinaryOperatorClass: { 755 const BinaryOperator *BO = cast<BinaryOperator>(Term); 756 if (!BO->isLogicalOp()) 757 continue; 758 DiagKind = 0; 759 Str = BO->getOpcodeStr(); 760 Range = BO->getLHS()->getSourceRange(); 761 RemoveDiagKind = 0; 762 if ((BO->getOpcode() == BO_LAnd && I->Output) || 763 (BO->getOpcode() == BO_LOr && !I->Output)) 764 // true && y -> y, false || y -> y. 765 Fixit1 = FixItHint::CreateRemoval(SourceRange(BO->getLocStart(), 766 BO->getOperatorLoc())); 767 else 768 // false && y -> false, true || y -> true. 769 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 770 break; 771 } 772 773 // "loop is entered / loop is exited". 774 case Stmt::WhileStmtClass: 775 DiagKind = 1; 776 Str = "while"; 777 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 778 RemoveDiagKind = 1; 779 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 780 break; 781 case Stmt::ForStmtClass: 782 DiagKind = 1; 783 Str = "for"; 784 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 785 RemoveDiagKind = 1; 786 if (I->Output) 787 Fixit1 = FixItHint::CreateRemoval(Range); 788 else 789 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 790 break; 791 case Stmt::CXXForRangeStmtClass: 792 if (I->Output == 1) { 793 // The use occurs if a range-based for loop's body never executes. 794 // That may be impossible, and there's no syntactic fix for this, 795 // so treat it as a 'may be uninitialized' case. 796 continue; 797 } 798 DiagKind = 1; 799 Str = "for"; 800 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 801 break; 802 803 // "condition is true / loop is exited". 804 case Stmt::DoStmtClass: 805 DiagKind = 2; 806 Str = "do"; 807 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 808 RemoveDiagKind = 1; 809 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 810 break; 811 812 // "switch case is taken". 813 case Stmt::CaseStmtClass: 814 DiagKind = 3; 815 Str = "case"; 816 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 817 break; 818 case Stmt::DefaultStmtClass: 819 DiagKind = 3; 820 Str = "default"; 821 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 822 break; 823 } 824 825 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 826 << VD->getDeclName() << IsCapturedByBlock << DiagKind 827 << Str << I->Output << Range; 828 S.Diag(User->getLocStart(), diag::note_uninit_var_use) 829 << IsCapturedByBlock << User->getSourceRange(); 830 if (RemoveDiagKind != -1) 831 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 832 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 833 834 Diagnosed = true; 835 } 836 837 if (!Diagnosed) 838 S.Diag(Use.getUser()->getLocStart(), diag::warn_maybe_uninit_var) 839 << VD->getDeclName() << IsCapturedByBlock 840 << Use.getUser()->getSourceRange(); 841 } 842 843 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 844 /// uninitialized variable. This manages the different forms of diagnostic 845 /// emitted for particular types of uses. Returns true if the use was diagnosed 846 /// as a warning. If a particular use is one we omit warnings for, returns 847 /// false. 848 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 849 const UninitUse &Use, 850 bool alwaysReportSelfInit = false) { 851 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 852 // Inspect the initializer of the variable declaration which is 853 // being referenced prior to its initialization. We emit 854 // specialized diagnostics for self-initialization, and we 855 // specifically avoid warning about self references which take the 856 // form of: 857 // 858 // int x = x; 859 // 860 // This is used to indicate to GCC that 'x' is intentionally left 861 // uninitialized. Proven code paths which access 'x' in 862 // an uninitialized state after this will still warn. 863 if (const Expr *Initializer = VD->getInit()) { 864 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 865 return false; 866 867 ContainsReference CR(S.Context, DRE); 868 CR.Visit(Initializer); 869 if (CR.doesContainReference()) { 870 S.Diag(DRE->getLocStart(), 871 diag::warn_uninit_self_reference_in_init) 872 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 873 return true; 874 } 875 } 876 877 DiagUninitUse(S, VD, Use, false); 878 } else { 879 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 880 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 881 S.Diag(BE->getLocStart(), 882 diag::warn_uninit_byref_blockvar_captured_by_block) 883 << VD->getDeclName(); 884 else 885 DiagUninitUse(S, VD, Use, true); 886 } 887 888 // Report where the variable was declared when the use wasn't within 889 // the initializer of that declaration & we didn't already suggest 890 // an initialization fixit. 891 if (!SuggestInitializationFixit(S, VD)) 892 S.Diag(VD->getLocStart(), diag::note_var_declared_here) 893 << VD->getDeclName(); 894 895 return true; 896 } 897 898 namespace { 899 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 900 public: 901 FallthroughMapper(Sema &S) 902 : FoundSwitchStatements(false), 903 S(S) { 904 } 905 906 bool foundSwitchStatements() const { return FoundSwitchStatements; } 907 908 void markFallthroughVisited(const AttributedStmt *Stmt) { 909 bool Found = FallthroughStmts.erase(Stmt); 910 assert(Found); 911 (void)Found; 912 } 913 914 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 915 916 const AttrStmts &getFallthroughStmts() const { 917 return FallthroughStmts; 918 } 919 920 void fillReachableBlocks(CFG *Cfg) { 921 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 922 std::deque<const CFGBlock *> BlockQueue; 923 924 ReachableBlocks.insert(&Cfg->getEntry()); 925 BlockQueue.push_back(&Cfg->getEntry()); 926 // Mark all case blocks reachable to avoid problems with switching on 927 // constants, covered enums, etc. 928 // These blocks can contain fall-through annotations, and we don't want to 929 // issue a warn_fallthrough_attr_unreachable for them. 930 for (const auto *B : *Cfg) { 931 const Stmt *L = B->getLabel(); 932 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second) 933 BlockQueue.push_back(B); 934 } 935 936 while (!BlockQueue.empty()) { 937 const CFGBlock *P = BlockQueue.front(); 938 BlockQueue.pop_front(); 939 for (CFGBlock::const_succ_iterator I = P->succ_begin(), 940 E = P->succ_end(); 941 I != E; ++I) { 942 if (*I && ReachableBlocks.insert(*I).second) 943 BlockQueue.push_back(*I); 944 } 945 } 946 } 947 948 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt) { 949 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 950 951 int UnannotatedCnt = 0; 952 AnnotatedCnt = 0; 953 954 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 955 while (!BlockQueue.empty()) { 956 const CFGBlock *P = BlockQueue.front(); 957 BlockQueue.pop_front(); 958 if (!P) continue; 959 960 const Stmt *Term = P->getTerminator(); 961 if (Term && isa<SwitchStmt>(Term)) 962 continue; // Switch statement, good. 963 964 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 965 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 966 continue; // Previous case label has no statements, good. 967 968 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 969 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 970 continue; // Case label is preceded with a normal label, good. 971 972 if (!ReachableBlocks.count(P)) { 973 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(), 974 ElemEnd = P->rend(); 975 ElemIt != ElemEnd; ++ElemIt) { 976 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) { 977 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 978 S.Diag(AS->getLocStart(), 979 diag::warn_fallthrough_attr_unreachable); 980 markFallthroughVisited(AS); 981 ++AnnotatedCnt; 982 break; 983 } 984 // Don't care about other unreachable statements. 985 } 986 } 987 // If there are no unreachable statements, this may be a special 988 // case in CFG: 989 // case X: { 990 // A a; // A has a destructor. 991 // break; 992 // } 993 // // <<<< This place is represented by a 'hanging' CFG block. 994 // case Y: 995 continue; 996 } 997 998 const Stmt *LastStmt = getLastStmt(*P); 999 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 1000 markFallthroughVisited(AS); 1001 ++AnnotatedCnt; 1002 continue; // Fallthrough annotation, good. 1003 } 1004 1005 if (!LastStmt) { // This block contains no executable statements. 1006 // Traverse its predecessors. 1007 std::copy(P->pred_begin(), P->pred_end(), 1008 std::back_inserter(BlockQueue)); 1009 continue; 1010 } 1011 1012 ++UnannotatedCnt; 1013 } 1014 return !!UnannotatedCnt; 1015 } 1016 1017 // RecursiveASTVisitor setup. 1018 bool shouldWalkTypesOfTypeLocs() const { return false; } 1019 1020 bool VisitAttributedStmt(AttributedStmt *S) { 1021 if (asFallThroughAttr(S)) 1022 FallthroughStmts.insert(S); 1023 return true; 1024 } 1025 1026 bool VisitSwitchStmt(SwitchStmt *S) { 1027 FoundSwitchStatements = true; 1028 return true; 1029 } 1030 1031 // We don't want to traverse local type declarations. We analyze their 1032 // methods separately. 1033 bool TraverseDecl(Decl *D) { return true; } 1034 1035 // We analyze lambda bodies separately. Skip them here. 1036 bool TraverseLambdaBody(LambdaExpr *LE) { return true; } 1037 1038 private: 1039 1040 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1041 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1042 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1043 return AS; 1044 } 1045 return nullptr; 1046 } 1047 1048 static const Stmt *getLastStmt(const CFGBlock &B) { 1049 if (const Stmt *Term = B.getTerminator()) 1050 return Term; 1051 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(), 1052 ElemEnd = B.rend(); 1053 ElemIt != ElemEnd; ++ElemIt) { 1054 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) 1055 return CS->getStmt(); 1056 } 1057 // Workaround to detect a statement thrown out by CFGBuilder: 1058 // case X: {} case Y: 1059 // case X: ; case Y: 1060 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1061 if (!isa<SwitchCase>(SW->getSubStmt())) 1062 return SW->getSubStmt(); 1063 1064 return nullptr; 1065 } 1066 1067 bool FoundSwitchStatements; 1068 AttrStmts FallthroughStmts; 1069 Sema &S; 1070 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1071 }; 1072 } // anonymous namespace 1073 1074 static StringRef getFallthroughAttrSpelling(Preprocessor &PP, 1075 SourceLocation Loc) { 1076 TokenValue FallthroughTokens[] = { 1077 tok::l_square, tok::l_square, 1078 PP.getIdentifierInfo("fallthrough"), 1079 tok::r_square, tok::r_square 1080 }; 1081 1082 TokenValue ClangFallthroughTokens[] = { 1083 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1084 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1085 tok::r_square, tok::r_square 1086 }; 1087 1088 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus1z; 1089 1090 StringRef MacroName; 1091 if (PreferClangAttr) 1092 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1093 if (MacroName.empty()) 1094 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens); 1095 if (MacroName.empty() && !PreferClangAttr) 1096 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1097 if (MacroName.empty()) 1098 MacroName = PreferClangAttr ? "[[clang::fallthrough]]" : "[[fallthrough]]"; 1099 return MacroName; 1100 } 1101 1102 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1103 bool PerFunction) { 1104 // Only perform this analysis when using C++11. There is no good workflow 1105 // for this warning when not using C++11. There is no good way to silence 1106 // the warning (no attribute is available) unless we are using C++11's support 1107 // for generalized attributes. Once could use pragmas to silence the warning, 1108 // but as a general solution that is gross and not in the spirit of this 1109 // warning. 1110 // 1111 // NOTE: This an intermediate solution. There are on-going discussions on 1112 // how to properly support this warning outside of C++11 with an annotation. 1113 if (!AC.getASTContext().getLangOpts().CPlusPlus11) 1114 return; 1115 1116 FallthroughMapper FM(S); 1117 FM.TraverseStmt(AC.getBody()); 1118 1119 if (!FM.foundSwitchStatements()) 1120 return; 1121 1122 if (PerFunction && FM.getFallthroughStmts().empty()) 1123 return; 1124 1125 CFG *Cfg = AC.getCFG(); 1126 1127 if (!Cfg) 1128 return; 1129 1130 FM.fillReachableBlocks(Cfg); 1131 1132 for (const CFGBlock *B : llvm::reverse(*Cfg)) { 1133 const Stmt *Label = B->getLabel(); 1134 1135 if (!Label || !isa<SwitchCase>(Label)) 1136 continue; 1137 1138 int AnnotatedCnt; 1139 1140 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt)) 1141 continue; 1142 1143 S.Diag(Label->getLocStart(), 1144 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1145 : diag::warn_unannotated_fallthrough); 1146 1147 if (!AnnotatedCnt) { 1148 SourceLocation L = Label->getLocStart(); 1149 if (L.isMacroID()) 1150 continue; 1151 if (S.getLangOpts().CPlusPlus11) { 1152 const Stmt *Term = B->getTerminator(); 1153 // Skip empty cases. 1154 while (B->empty() && !Term && B->succ_size() == 1) { 1155 B = *B->succ_begin(); 1156 Term = B->getTerminator(); 1157 } 1158 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1159 Preprocessor &PP = S.getPreprocessor(); 1160 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L); 1161 SmallString<64> TextToInsert(AnnotationSpelling); 1162 TextToInsert += "; "; 1163 S.Diag(L, diag::note_insert_fallthrough_fixit) << 1164 AnnotationSpelling << 1165 FixItHint::CreateInsertion(L, TextToInsert); 1166 } 1167 } 1168 S.Diag(L, diag::note_insert_break_fixit) << 1169 FixItHint::CreateInsertion(L, "break; "); 1170 } 1171 } 1172 1173 for (const auto *F : FM.getFallthroughStmts()) 1174 S.Diag(F->getLocStart(), diag::err_fallthrough_attr_invalid_placement); 1175 } 1176 1177 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1178 const Stmt *S) { 1179 assert(S); 1180 1181 do { 1182 switch (S->getStmtClass()) { 1183 case Stmt::ForStmtClass: 1184 case Stmt::WhileStmtClass: 1185 case Stmt::CXXForRangeStmtClass: 1186 case Stmt::ObjCForCollectionStmtClass: 1187 return true; 1188 case Stmt::DoStmtClass: { 1189 const Expr *Cond = cast<DoStmt>(S)->getCond(); 1190 llvm::APSInt Val; 1191 if (!Cond->EvaluateAsInt(Val, Ctx)) 1192 return true; 1193 return Val.getBoolValue(); 1194 } 1195 default: 1196 break; 1197 } 1198 } while ((S = PM.getParent(S))); 1199 1200 return false; 1201 } 1202 1203 static void diagnoseRepeatedUseOfWeak(Sema &S, 1204 const sema::FunctionScopeInfo *CurFn, 1205 const Decl *D, 1206 const ParentMap &PM) { 1207 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1208 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1209 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1210 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1211 StmtUsesPair; 1212 1213 ASTContext &Ctx = S.getASTContext(); 1214 1215 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1216 1217 // Extract all weak objects that are referenced more than once. 1218 SmallVector<StmtUsesPair, 8> UsesByStmt; 1219 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1220 I != E; ++I) { 1221 const WeakUseVector &Uses = I->second; 1222 1223 // Find the first read of the weak object. 1224 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1225 for ( ; UI != UE; ++UI) { 1226 if (UI->isUnsafe()) 1227 break; 1228 } 1229 1230 // If there were only writes to this object, don't warn. 1231 if (UI == UE) 1232 continue; 1233 1234 // If there was only one read, followed by any number of writes, and the 1235 // read is not within a loop, don't warn. Additionally, don't warn in a 1236 // loop if the base object is a local variable -- local variables are often 1237 // changed in loops. 1238 if (UI == Uses.begin()) { 1239 WeakUseVector::const_iterator UI2 = UI; 1240 for (++UI2; UI2 != UE; ++UI2) 1241 if (UI2->isUnsafe()) 1242 break; 1243 1244 if (UI2 == UE) { 1245 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1246 continue; 1247 1248 const WeakObjectProfileTy &Profile = I->first; 1249 if (!Profile.isExactProfile()) 1250 continue; 1251 1252 const NamedDecl *Base = Profile.getBase(); 1253 if (!Base) 1254 Base = Profile.getProperty(); 1255 assert(Base && "A profile always has a base or property."); 1256 1257 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1258 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1259 continue; 1260 } 1261 } 1262 1263 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1264 } 1265 1266 if (UsesByStmt.empty()) 1267 return; 1268 1269 // Sort by first use so that we emit the warnings in a deterministic order. 1270 SourceManager &SM = S.getSourceManager(); 1271 std::sort(UsesByStmt.begin(), UsesByStmt.end(), 1272 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1273 return SM.isBeforeInTranslationUnit(LHS.first->getLocStart(), 1274 RHS.first->getLocStart()); 1275 }); 1276 1277 // Classify the current code body for better warning text. 1278 // This enum should stay in sync with the cases in 1279 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1280 // FIXME: Should we use a common classification enum and the same set of 1281 // possibilities all throughout Sema? 1282 enum { 1283 Function, 1284 Method, 1285 Block, 1286 Lambda 1287 } FunctionKind; 1288 1289 if (isa<sema::BlockScopeInfo>(CurFn)) 1290 FunctionKind = Block; 1291 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1292 FunctionKind = Lambda; 1293 else if (isa<ObjCMethodDecl>(D)) 1294 FunctionKind = Method; 1295 else 1296 FunctionKind = Function; 1297 1298 // Iterate through the sorted problems and emit warnings for each. 1299 for (const auto &P : UsesByStmt) { 1300 const Stmt *FirstRead = P.first; 1301 const WeakObjectProfileTy &Key = P.second->first; 1302 const WeakUseVector &Uses = P.second->second; 1303 1304 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1305 // may not contain enough information to determine that these are different 1306 // properties. We can only be 100% sure of a repeated use in certain cases, 1307 // and we adjust the diagnostic kind accordingly so that the less certain 1308 // case can be turned off if it is too noisy. 1309 unsigned DiagKind; 1310 if (Key.isExactProfile()) 1311 DiagKind = diag::warn_arc_repeated_use_of_weak; 1312 else 1313 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1314 1315 // Classify the weak object being accessed for better warning text. 1316 // This enum should stay in sync with the cases in 1317 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1318 enum { 1319 Variable, 1320 Property, 1321 ImplicitProperty, 1322 Ivar 1323 } ObjectKind; 1324 1325 const NamedDecl *D = Key.getProperty(); 1326 if (isa<VarDecl>(D)) 1327 ObjectKind = Variable; 1328 else if (isa<ObjCPropertyDecl>(D)) 1329 ObjectKind = Property; 1330 else if (isa<ObjCMethodDecl>(D)) 1331 ObjectKind = ImplicitProperty; 1332 else if (isa<ObjCIvarDecl>(D)) 1333 ObjectKind = Ivar; 1334 else 1335 llvm_unreachable("Unexpected weak object kind!"); 1336 1337 // Show the first time the object was read. 1338 S.Diag(FirstRead->getLocStart(), DiagKind) 1339 << int(ObjectKind) << D << int(FunctionKind) 1340 << FirstRead->getSourceRange(); 1341 1342 // Print all the other accesses as notes. 1343 for (const auto &Use : Uses) { 1344 if (Use.getUseExpr() == FirstRead) 1345 continue; 1346 S.Diag(Use.getUseExpr()->getLocStart(), 1347 diag::note_arc_weak_also_accessed_here) 1348 << Use.getUseExpr()->getSourceRange(); 1349 } 1350 } 1351 } 1352 1353 namespace { 1354 class UninitValsDiagReporter : public UninitVariablesHandler { 1355 Sema &S; 1356 typedef SmallVector<UninitUse, 2> UsesVec; 1357 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1358 // Prefer using MapVector to DenseMap, so that iteration order will be 1359 // the same as insertion order. This is needed to obtain a deterministic 1360 // order of diagnostics when calling flushDiagnostics(). 1361 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1362 UsesMap uses; 1363 1364 public: 1365 UninitValsDiagReporter(Sema &S) : S(S) {} 1366 ~UninitValsDiagReporter() override { flushDiagnostics(); } 1367 1368 MappedType &getUses(const VarDecl *vd) { 1369 MappedType &V = uses[vd]; 1370 if (!V.getPointer()) 1371 V.setPointer(new UsesVec()); 1372 return V; 1373 } 1374 1375 void handleUseOfUninitVariable(const VarDecl *vd, 1376 const UninitUse &use) override { 1377 getUses(vd).getPointer()->push_back(use); 1378 } 1379 1380 void handleSelfInit(const VarDecl *vd) override { 1381 getUses(vd).setInt(true); 1382 } 1383 1384 void flushDiagnostics() { 1385 for (const auto &P : uses) { 1386 const VarDecl *vd = P.first; 1387 const MappedType &V = P.second; 1388 1389 UsesVec *vec = V.getPointer(); 1390 bool hasSelfInit = V.getInt(); 1391 1392 // Specially handle the case where we have uses of an uninitialized 1393 // variable, but the root cause is an idiomatic self-init. We want 1394 // to report the diagnostic at the self-init since that is the root cause. 1395 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1396 DiagnoseUninitializedUse(S, vd, 1397 UninitUse(vd->getInit()->IgnoreParenCasts(), 1398 /* isAlwaysUninit */ true), 1399 /* alwaysReportSelfInit */ true); 1400 else { 1401 // Sort the uses by their SourceLocations. While not strictly 1402 // guaranteed to produce them in line/column order, this will provide 1403 // a stable ordering. 1404 std::sort(vec->begin(), vec->end(), 1405 [](const UninitUse &a, const UninitUse &b) { 1406 // Prefer a more confident report over a less confident one. 1407 if (a.getKind() != b.getKind()) 1408 return a.getKind() > b.getKind(); 1409 return a.getUser()->getLocStart() < b.getUser()->getLocStart(); 1410 }); 1411 1412 for (const auto &U : *vec) { 1413 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1414 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1415 1416 if (DiagnoseUninitializedUse(S, vd, Use)) 1417 // Skip further diagnostics for this variable. We try to warn only 1418 // on the first point at which a variable is used uninitialized. 1419 break; 1420 } 1421 } 1422 1423 // Release the uses vector. 1424 delete vec; 1425 } 1426 1427 uses.clear(); 1428 } 1429 1430 private: 1431 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1432 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) { 1433 return U.getKind() == UninitUse::Always || 1434 U.getKind() == UninitUse::AfterCall || 1435 U.getKind() == UninitUse::AfterDecl; 1436 }); 1437 } 1438 }; 1439 } // anonymous namespace 1440 1441 namespace clang { 1442 namespace { 1443 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1444 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1445 typedef std::list<DelayedDiag> DiagList; 1446 1447 struct SortDiagBySourceLocation { 1448 SourceManager &SM; 1449 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1450 1451 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1452 // Although this call will be slow, this is only called when outputting 1453 // multiple warnings. 1454 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1455 } 1456 }; 1457 } // anonymous namespace 1458 } // namespace clang 1459 1460 //===----------------------------------------------------------------------===// 1461 // -Wthread-safety 1462 //===----------------------------------------------------------------------===// 1463 namespace clang { 1464 namespace threadSafety { 1465 namespace { 1466 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1467 Sema &S; 1468 DiagList Warnings; 1469 SourceLocation FunLocation, FunEndLocation; 1470 1471 const FunctionDecl *CurrentFunction; 1472 bool Verbose; 1473 1474 OptionalNotes getNotes() const { 1475 if (Verbose && CurrentFunction) { 1476 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1477 S.PDiag(diag::note_thread_warning_in_fun) 1478 << CurrentFunction->getNameAsString()); 1479 return OptionalNotes(1, FNote); 1480 } 1481 return OptionalNotes(); 1482 } 1483 1484 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1485 OptionalNotes ONS(1, Note); 1486 if (Verbose && CurrentFunction) { 1487 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1488 S.PDiag(diag::note_thread_warning_in_fun) 1489 << CurrentFunction->getNameAsString()); 1490 ONS.push_back(std::move(FNote)); 1491 } 1492 return ONS; 1493 } 1494 1495 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1496 const PartialDiagnosticAt &Note2) const { 1497 OptionalNotes ONS; 1498 ONS.push_back(Note1); 1499 ONS.push_back(Note2); 1500 if (Verbose && CurrentFunction) { 1501 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1502 S.PDiag(diag::note_thread_warning_in_fun) 1503 << CurrentFunction->getNameAsString()); 1504 ONS.push_back(std::move(FNote)); 1505 } 1506 return ONS; 1507 } 1508 1509 // Helper functions 1510 void warnLockMismatch(unsigned DiagID, StringRef Kind, Name LockName, 1511 SourceLocation Loc) { 1512 // Gracefully handle rare cases when the analysis can't get a more 1513 // precise source location. 1514 if (!Loc.isValid()) 1515 Loc = FunLocation; 1516 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind << LockName); 1517 Warnings.emplace_back(std::move(Warning), getNotes()); 1518 } 1519 1520 public: 1521 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1522 : S(S), FunLocation(FL), FunEndLocation(FEL), 1523 CurrentFunction(nullptr), Verbose(false) {} 1524 1525 void setVerbose(bool b) { Verbose = b; } 1526 1527 /// \brief Emit all buffered diagnostics in order of sourcelocation. 1528 /// We need to output diagnostics produced while iterating through 1529 /// the lockset in deterministic order, so this function orders diagnostics 1530 /// and outputs them. 1531 void emitDiagnostics() { 1532 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1533 for (const auto &Diag : Warnings) { 1534 S.Diag(Diag.first.first, Diag.first.second); 1535 for (const auto &Note : Diag.second) 1536 S.Diag(Note.first, Note.second); 1537 } 1538 } 1539 1540 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override { 1541 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1542 << Loc); 1543 Warnings.emplace_back(std::move(Warning), getNotes()); 1544 } 1545 1546 void handleUnmatchedUnlock(StringRef Kind, Name LockName, 1547 SourceLocation Loc) override { 1548 warnLockMismatch(diag::warn_unlock_but_no_lock, Kind, LockName, Loc); 1549 } 1550 1551 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1552 LockKind Expected, LockKind Received, 1553 SourceLocation Loc) override { 1554 if (Loc.isInvalid()) 1555 Loc = FunLocation; 1556 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_kind_mismatch) 1557 << Kind << LockName << Received 1558 << Expected); 1559 Warnings.emplace_back(std::move(Warning), getNotes()); 1560 } 1561 1562 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc) override { 1563 warnLockMismatch(diag::warn_double_lock, Kind, LockName, Loc); 1564 } 1565 1566 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1567 SourceLocation LocLocked, 1568 SourceLocation LocEndOfScope, 1569 LockErrorKind LEK) override { 1570 unsigned DiagID = 0; 1571 switch (LEK) { 1572 case LEK_LockedSomePredecessors: 1573 DiagID = diag::warn_lock_some_predecessors; 1574 break; 1575 case LEK_LockedSomeLoopIterations: 1576 DiagID = diag::warn_expecting_lock_held_on_loop; 1577 break; 1578 case LEK_LockedAtEndOfFunction: 1579 DiagID = diag::warn_no_unlock; 1580 break; 1581 case LEK_NotLockedAtEndOfFunction: 1582 DiagID = diag::warn_expecting_locked; 1583 break; 1584 } 1585 if (LocEndOfScope.isInvalid()) 1586 LocEndOfScope = FunEndLocation; 1587 1588 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1589 << LockName); 1590 if (LocLocked.isValid()) { 1591 PartialDiagnosticAt Note(LocLocked, S.PDiag(diag::note_locked_here) 1592 << Kind); 1593 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1594 return; 1595 } 1596 Warnings.emplace_back(std::move(Warning), getNotes()); 1597 } 1598 1599 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1600 SourceLocation Loc1, 1601 SourceLocation Loc2) override { 1602 PartialDiagnosticAt Warning(Loc1, 1603 S.PDiag(diag::warn_lock_exclusive_and_shared) 1604 << Kind << LockName); 1605 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1606 << Kind << LockName); 1607 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1608 } 1609 1610 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D, 1611 ProtectedOperationKind POK, AccessKind AK, 1612 SourceLocation Loc) override { 1613 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1614 "Only works for variables"); 1615 unsigned DiagID = POK == POK_VarAccess? 1616 diag::warn_variable_requires_any_lock: 1617 diag::warn_var_deref_requires_any_lock; 1618 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1619 << D->getNameAsString() << getLockKindFromAccessKind(AK)); 1620 Warnings.emplace_back(std::move(Warning), getNotes()); 1621 } 1622 1623 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1624 ProtectedOperationKind POK, Name LockName, 1625 LockKind LK, SourceLocation Loc, 1626 Name *PossibleMatch) override { 1627 unsigned DiagID = 0; 1628 if (PossibleMatch) { 1629 switch (POK) { 1630 case POK_VarAccess: 1631 DiagID = diag::warn_variable_requires_lock_precise; 1632 break; 1633 case POK_VarDereference: 1634 DiagID = diag::warn_var_deref_requires_lock_precise; 1635 break; 1636 case POK_FunctionCall: 1637 DiagID = diag::warn_fun_requires_lock_precise; 1638 break; 1639 case POK_PassByRef: 1640 DiagID = diag::warn_guarded_pass_by_reference; 1641 break; 1642 case POK_PtPassByRef: 1643 DiagID = diag::warn_pt_guarded_pass_by_reference; 1644 break; 1645 } 1646 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1647 << D->getNameAsString() 1648 << LockName << LK); 1649 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1650 << *PossibleMatch); 1651 if (Verbose && POK == POK_VarAccess) { 1652 PartialDiagnosticAt VNote(D->getLocation(), 1653 S.PDiag(diag::note_guarded_by_declared_here) 1654 << D->getNameAsString()); 1655 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote)); 1656 } else 1657 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1658 } else { 1659 switch (POK) { 1660 case POK_VarAccess: 1661 DiagID = diag::warn_variable_requires_lock; 1662 break; 1663 case POK_VarDereference: 1664 DiagID = diag::warn_var_deref_requires_lock; 1665 break; 1666 case POK_FunctionCall: 1667 DiagID = diag::warn_fun_requires_lock; 1668 break; 1669 case POK_PassByRef: 1670 DiagID = diag::warn_guarded_pass_by_reference; 1671 break; 1672 case POK_PtPassByRef: 1673 DiagID = diag::warn_pt_guarded_pass_by_reference; 1674 break; 1675 } 1676 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1677 << D->getNameAsString() 1678 << LockName << LK); 1679 if (Verbose && POK == POK_VarAccess) { 1680 PartialDiagnosticAt Note(D->getLocation(), 1681 S.PDiag(diag::note_guarded_by_declared_here) 1682 << D->getNameAsString()); 1683 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1684 } else 1685 Warnings.emplace_back(std::move(Warning), getNotes()); 1686 } 1687 } 1688 1689 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 1690 SourceLocation Loc) override { 1691 PartialDiagnosticAt Warning(Loc, 1692 S.PDiag(diag::warn_acquire_requires_negative_cap) 1693 << Kind << LockName << Neg); 1694 Warnings.emplace_back(std::move(Warning), getNotes()); 1695 } 1696 1697 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 1698 SourceLocation Loc) override { 1699 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 1700 << Kind << FunName << LockName); 1701 Warnings.emplace_back(std::move(Warning), getNotes()); 1702 } 1703 1704 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name, 1705 SourceLocation Loc) override { 1706 PartialDiagnosticAt Warning(Loc, 1707 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name); 1708 Warnings.emplace_back(std::move(Warning), getNotes()); 1709 } 1710 1711 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override { 1712 PartialDiagnosticAt Warning(Loc, 1713 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name); 1714 Warnings.emplace_back(std::move(Warning), getNotes()); 1715 } 1716 1717 void enterFunction(const FunctionDecl* FD) override { 1718 CurrentFunction = FD; 1719 } 1720 1721 void leaveFunction(const FunctionDecl* FD) override { 1722 CurrentFunction = nullptr; 1723 } 1724 }; 1725 } // anonymous namespace 1726 } // namespace threadSafety 1727 } // namespace clang 1728 1729 //===----------------------------------------------------------------------===// 1730 // -Wconsumed 1731 //===----------------------------------------------------------------------===// 1732 1733 namespace clang { 1734 namespace consumed { 1735 namespace { 1736 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 1737 1738 Sema &S; 1739 DiagList Warnings; 1740 1741 public: 1742 1743 ConsumedWarningsHandler(Sema &S) : S(S) {} 1744 1745 void emitDiagnostics() override { 1746 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1747 for (const auto &Diag : Warnings) { 1748 S.Diag(Diag.first.first, Diag.first.second); 1749 for (const auto &Note : Diag.second) 1750 S.Diag(Note.first, Note.second); 1751 } 1752 } 1753 1754 void warnLoopStateMismatch(SourceLocation Loc, 1755 StringRef VariableName) override { 1756 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 1757 VariableName); 1758 1759 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1760 } 1761 1762 void warnParamReturnTypestateMismatch(SourceLocation Loc, 1763 StringRef VariableName, 1764 StringRef ExpectedState, 1765 StringRef ObservedState) override { 1766 1767 PartialDiagnosticAt Warning(Loc, S.PDiag( 1768 diag::warn_param_return_typestate_mismatch) << VariableName << 1769 ExpectedState << ObservedState); 1770 1771 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1772 } 1773 1774 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1775 StringRef ObservedState) override { 1776 1777 PartialDiagnosticAt Warning(Loc, S.PDiag( 1778 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 1779 1780 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1781 } 1782 1783 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 1784 StringRef TypeName) override { 1785 PartialDiagnosticAt Warning(Loc, S.PDiag( 1786 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 1787 1788 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1789 } 1790 1791 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1792 StringRef ObservedState) override { 1793 1794 PartialDiagnosticAt Warning(Loc, S.PDiag( 1795 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 1796 1797 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1798 } 1799 1800 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 1801 SourceLocation Loc) override { 1802 1803 PartialDiagnosticAt Warning(Loc, S.PDiag( 1804 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 1805 1806 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1807 } 1808 1809 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 1810 StringRef State, SourceLocation Loc) override { 1811 1812 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 1813 MethodName << VariableName << State); 1814 1815 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1816 } 1817 }; 1818 } // anonymous namespace 1819 } // namespace consumed 1820 } // namespace clang 1821 1822 //===----------------------------------------------------------------------===// 1823 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 1824 // warnings on a function, method, or block. 1825 //===----------------------------------------------------------------------===// 1826 1827 clang::sema::AnalysisBasedWarnings::Policy::Policy() { 1828 enableCheckFallThrough = 1; 1829 enableCheckUnreachable = 0; 1830 enableThreadSafetyAnalysis = 0; 1831 enableConsumedAnalysis = 0; 1832 } 1833 1834 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 1835 return (unsigned)!D.isIgnored(diag, SourceLocation()); 1836 } 1837 1838 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 1839 : S(s), 1840 NumFunctionsAnalyzed(0), 1841 NumFunctionsWithBadCFGs(0), 1842 NumCFGBlocks(0), 1843 MaxCFGBlocksPerFunction(0), 1844 NumUninitAnalysisFunctions(0), 1845 NumUninitAnalysisVariables(0), 1846 MaxUninitAnalysisVariablesPerFunction(0), 1847 NumUninitAnalysisBlockVisits(0), 1848 MaxUninitAnalysisBlockVisitsPerFunction(0) { 1849 1850 using namespace diag; 1851 DiagnosticsEngine &D = S.getDiagnostics(); 1852 1853 DefaultPolicy.enableCheckUnreachable = 1854 isEnabled(D, warn_unreachable) || 1855 isEnabled(D, warn_unreachable_break) || 1856 isEnabled(D, warn_unreachable_return) || 1857 isEnabled(D, warn_unreachable_loop_increment); 1858 1859 DefaultPolicy.enableThreadSafetyAnalysis = 1860 isEnabled(D, warn_double_lock); 1861 1862 DefaultPolicy.enableConsumedAnalysis = 1863 isEnabled(D, warn_use_in_invalid_state); 1864 } 1865 1866 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 1867 for (const auto &D : fscope->PossiblyUnreachableDiags) 1868 S.Diag(D.Loc, D.PD); 1869 } 1870 1871 void clang::sema:: 1872 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P, 1873 sema::FunctionScopeInfo *fscope, 1874 const Decl *D, const BlockExpr *blkExpr) { 1875 1876 // We avoid doing analysis-based warnings when there are errors for 1877 // two reasons: 1878 // (1) The CFGs often can't be constructed (if the body is invalid), so 1879 // don't bother trying. 1880 // (2) The code already has problems; running the analysis just takes more 1881 // time. 1882 DiagnosticsEngine &Diags = S.getDiagnostics(); 1883 1884 // Do not do any analysis for declarations in system headers if we are 1885 // going to just ignore them. 1886 if (Diags.getSuppressSystemWarnings() && 1887 S.SourceMgr.isInSystemHeader(D->getLocation())) 1888 return; 1889 1890 // For code in dependent contexts, we'll do this at instantiation time. 1891 if (cast<DeclContext>(D)->isDependentContext()) 1892 return; 1893 1894 if (Diags.hasUncompilableErrorOccurred() || Diags.hasFatalErrorOccurred()) { 1895 // Flush out any possibly unreachable diagnostics. 1896 flushDiagnostics(S, fscope); 1897 return; 1898 } 1899 1900 const Stmt *Body = D->getBody(); 1901 assert(Body); 1902 1903 // Construct the analysis context with the specified CFG build options. 1904 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 1905 1906 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 1907 // explosion for destructors that can result and the compile time hit. 1908 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 1909 AC.getCFGBuildOptions().AddEHEdges = false; 1910 AC.getCFGBuildOptions().AddInitializers = true; 1911 AC.getCFGBuildOptions().AddImplicitDtors = true; 1912 AC.getCFGBuildOptions().AddTemporaryDtors = true; 1913 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 1914 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true; 1915 1916 // Force that certain expressions appear as CFGElements in the CFG. This 1917 // is used to speed up various analyses. 1918 // FIXME: This isn't the right factoring. This is here for initial 1919 // prototyping, but we need a way for analyses to say what expressions they 1920 // expect to always be CFGElements and then fill in the BuildOptions 1921 // appropriately. This is essentially a layering violation. 1922 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 1923 P.enableConsumedAnalysis) { 1924 // Unreachable code analysis and thread safety require a linearized CFG. 1925 AC.getCFGBuildOptions().setAllAlwaysAdd(); 1926 } 1927 else { 1928 AC.getCFGBuildOptions() 1929 .setAlwaysAdd(Stmt::BinaryOperatorClass) 1930 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 1931 .setAlwaysAdd(Stmt::BlockExprClass) 1932 .setAlwaysAdd(Stmt::CStyleCastExprClass) 1933 .setAlwaysAdd(Stmt::DeclRefExprClass) 1934 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 1935 .setAlwaysAdd(Stmt::UnaryOperatorClass) 1936 .setAlwaysAdd(Stmt::AttributedStmtClass); 1937 } 1938 1939 // Install the logical handler for -Wtautological-overlap-compare 1940 std::unique_ptr<LogicalErrorHandler> LEH; 1941 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 1942 D->getLocStart())) { 1943 LEH.reset(new LogicalErrorHandler(S)); 1944 AC.getCFGBuildOptions().Observer = LEH.get(); 1945 } 1946 1947 // Emit delayed diagnostics. 1948 if (!fscope->PossiblyUnreachableDiags.empty()) { 1949 bool analyzed = false; 1950 1951 // Register the expressions with the CFGBuilder. 1952 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1953 if (D.stmt) 1954 AC.registerForcedBlockExpression(D.stmt); 1955 } 1956 1957 if (AC.getCFG()) { 1958 analyzed = true; 1959 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1960 bool processed = false; 1961 if (D.stmt) { 1962 const CFGBlock *block = AC.getBlockForRegisteredExpression(D.stmt); 1963 CFGReverseBlockReachabilityAnalysis *cra = 1964 AC.getCFGReachablityAnalysis(); 1965 // FIXME: We should be able to assert that block is non-null, but 1966 // the CFG analysis can skip potentially-evaluated expressions in 1967 // edge cases; see test/Sema/vla-2.c. 1968 if (block && cra) { 1969 // Can this block be reached from the entrance? 1970 if (cra->isReachable(&AC.getCFG()->getEntry(), block)) 1971 S.Diag(D.Loc, D.PD); 1972 processed = true; 1973 } 1974 } 1975 if (!processed) { 1976 // Emit the warning anyway if we cannot map to a basic block. 1977 S.Diag(D.Loc, D.PD); 1978 } 1979 } 1980 } 1981 1982 if (!analyzed) 1983 flushDiagnostics(S, fscope); 1984 } 1985 1986 // Warning: check missing 'return' 1987 if (P.enableCheckFallThrough) { 1988 const CheckFallThroughDiagnostics &CD = 1989 (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock() 1990 : (isa<CXXMethodDecl>(D) && 1991 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 1992 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 1993 ? CheckFallThroughDiagnostics::MakeForLambda() 1994 : CheckFallThroughDiagnostics::MakeForFunction(D)); 1995 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC); 1996 } 1997 1998 // Warning: check for unreachable code 1999 if (P.enableCheckUnreachable) { 2000 // Only check for unreachable code on non-template instantiations. 2001 // Different template instantiations can effectively change the control-flow 2002 // and it is very difficult to prove that a snippet of code in a template 2003 // is unreachable for all instantiations. 2004 bool isTemplateInstantiation = false; 2005 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 2006 isTemplateInstantiation = Function->isTemplateInstantiation(); 2007 if (!isTemplateInstantiation) 2008 CheckUnreachable(S, AC); 2009 } 2010 2011 // Check for thread safety violations 2012 if (P.enableThreadSafetyAnalysis) { 2013 SourceLocation FL = AC.getDecl()->getLocation(); 2014 SourceLocation FEL = AC.getDecl()->getLocEnd(); 2015 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 2016 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getLocStart())) 2017 Reporter.setIssueBetaWarnings(true); 2018 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getLocStart())) 2019 Reporter.setVerbose(true); 2020 2021 threadSafety::runThreadSafetyAnalysis(AC, Reporter, 2022 &S.ThreadSafetyDeclCache); 2023 Reporter.emitDiagnostics(); 2024 } 2025 2026 // Check for violations of consumed properties. 2027 if (P.enableConsumedAnalysis) { 2028 consumed::ConsumedWarningsHandler WarningHandler(S); 2029 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 2030 Analyzer.run(AC); 2031 } 2032 2033 if (!Diags.isIgnored(diag::warn_uninit_var, D->getLocStart()) || 2034 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getLocStart()) || 2035 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getLocStart())) { 2036 if (CFG *cfg = AC.getCFG()) { 2037 UninitValsDiagReporter reporter(S); 2038 UninitVariablesAnalysisStats stats; 2039 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2040 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2041 reporter, stats); 2042 2043 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2044 ++NumUninitAnalysisFunctions; 2045 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2046 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2047 MaxUninitAnalysisVariablesPerFunction = 2048 std::max(MaxUninitAnalysisVariablesPerFunction, 2049 stats.NumVariablesAnalyzed); 2050 MaxUninitAnalysisBlockVisitsPerFunction = 2051 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2052 stats.NumBlockVisits); 2053 } 2054 } 2055 } 2056 2057 bool FallThroughDiagFull = 2058 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getLocStart()); 2059 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2060 diag::warn_unannotated_fallthrough_per_function, D->getLocStart()); 2061 if (FallThroughDiagFull || FallThroughDiagPerFunction || 2062 fscope->HasFallthroughStmt) { 2063 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2064 } 2065 2066 if (S.getLangOpts().ObjCWeak && 2067 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getLocStart())) 2068 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2069 2070 2071 // Check for infinite self-recursion in functions 2072 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2073 D->getLocStart())) { 2074 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2075 checkRecursiveFunction(S, FD, Body, AC); 2076 } 2077 } 2078 2079 // If none of the previous checks caused a CFG build, trigger one here 2080 // for -Wtautological-overlap-compare 2081 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 2082 D->getLocStart())) { 2083 AC.getCFG(); 2084 } 2085 2086 // Collect statistics about the CFG if it was built. 2087 if (S.CollectStats && AC.isCFGBuilt()) { 2088 ++NumFunctionsAnalyzed; 2089 if (CFG *cfg = AC.getCFG()) { 2090 // If we successfully built a CFG for this context, record some more 2091 // detail information about it. 2092 NumCFGBlocks += cfg->getNumBlockIDs(); 2093 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2094 cfg->getNumBlockIDs()); 2095 } else { 2096 ++NumFunctionsWithBadCFGs; 2097 } 2098 } 2099 } 2100 2101 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2102 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2103 2104 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2105 unsigned AvgCFGBlocksPerFunction = 2106 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2107 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2108 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2109 << " " << NumCFGBlocks << " CFG blocks built.\n" 2110 << " " << AvgCFGBlocksPerFunction 2111 << " average CFG blocks per function.\n" 2112 << " " << MaxCFGBlocksPerFunction 2113 << " max CFG blocks per function.\n"; 2114 2115 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2116 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2117 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2118 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2119 llvm::errs() << NumUninitAnalysisFunctions 2120 << " functions analyzed for uninitialiazed variables\n" 2121 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2122 << " " << AvgUninitVariablesPerFunction 2123 << " average variables per function.\n" 2124 << " " << MaxUninitAnalysisVariablesPerFunction 2125 << " max variables per function.\n" 2126 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2127 << " " << AvgUninitBlockVisitsPerFunction 2128 << " average block visits per function.\n" 2129 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2130 << " max block visits per function.\n"; 2131 } 2132