1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines analysis_warnings::[Policy,Executor]. 11 // Together they are used by Sema to issue warnings based on inexpensive 12 // static analysis algorithms in libAnalysis. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #include "clang/Sema/AnalysisBasedWarnings.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/EvaluatedExprVisitor.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/ExprObjC.h" 22 #include "clang/AST/ParentMap.h" 23 #include "clang/AST/RecursiveASTVisitor.h" 24 #include "clang/AST/StmtCXX.h" 25 #include "clang/AST/StmtObjC.h" 26 #include "clang/AST/StmtVisitor.h" 27 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 28 #include "clang/Analysis/Analyses/Consumed.h" 29 #include "clang/Analysis/Analyses/ReachableCode.h" 30 #include "clang/Analysis/Analyses/ThreadSafety.h" 31 #include "clang/Analysis/Analyses/UninitializedValues.h" 32 #include "clang/Analysis/AnalysisDeclContext.h" 33 #include "clang/Analysis/CFG.h" 34 #include "clang/Analysis/CFGStmtMap.h" 35 #include "clang/Basic/SourceLocation.h" 36 #include "clang/Basic/SourceManager.h" 37 #include "clang/Lex/Preprocessor.h" 38 #include "clang/Sema/ScopeInfo.h" 39 #include "clang/Sema/SemaInternal.h" 40 #include "llvm/ADT/BitVector.h" 41 #include "llvm/ADT/MapVector.h" 42 #include "llvm/ADT/SmallString.h" 43 #include "llvm/ADT/SmallVector.h" 44 #include "llvm/ADT/StringRef.h" 45 #include "llvm/Support/Casting.h" 46 #include <algorithm> 47 #include <deque> 48 #include <iterator> 49 50 using namespace clang; 51 52 //===----------------------------------------------------------------------===// 53 // Unreachable code analysis. 54 //===----------------------------------------------------------------------===// 55 56 namespace { 57 class UnreachableCodeHandler : public reachable_code::Callback { 58 Sema &S; 59 SourceRange PreviousSilenceableCondVal; 60 61 public: 62 UnreachableCodeHandler(Sema &s) : S(s) {} 63 64 void HandleUnreachable(reachable_code::UnreachableKind UK, 65 SourceLocation L, 66 SourceRange SilenceableCondVal, 67 SourceRange R1, 68 SourceRange R2) override { 69 // Avoid reporting multiple unreachable code diagnostics that are 70 // triggered by the same conditional value. 71 if (PreviousSilenceableCondVal.isValid() && 72 SilenceableCondVal.isValid() && 73 PreviousSilenceableCondVal == SilenceableCondVal) 74 return; 75 PreviousSilenceableCondVal = SilenceableCondVal; 76 77 unsigned diag = diag::warn_unreachable; 78 switch (UK) { 79 case reachable_code::UK_Break: 80 diag = diag::warn_unreachable_break; 81 break; 82 case reachable_code::UK_Return: 83 diag = diag::warn_unreachable_return; 84 break; 85 case reachable_code::UK_Loop_Increment: 86 diag = diag::warn_unreachable_loop_increment; 87 break; 88 case reachable_code::UK_Other: 89 break; 90 } 91 92 S.Diag(L, diag) << R1 << R2; 93 94 SourceLocation Open = SilenceableCondVal.getBegin(); 95 if (Open.isValid()) { 96 SourceLocation Close = SilenceableCondVal.getEnd(); 97 Close = S.getLocForEndOfToken(Close); 98 if (Close.isValid()) { 99 S.Diag(Open, diag::note_unreachable_silence) 100 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 101 << FixItHint::CreateInsertion(Close, ")"); 102 } 103 } 104 } 105 }; 106 } // anonymous namespace 107 108 /// CheckUnreachable - Check for unreachable code. 109 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 110 // As a heuristic prune all diagnostics not in the main file. Currently 111 // the majority of warnings in headers are false positives. These 112 // are largely caused by configuration state, e.g. preprocessor 113 // defined code, etc. 114 // 115 // Note that this is also a performance optimization. Analyzing 116 // headers many times can be expensive. 117 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getBeginLoc())) 118 return; 119 120 UnreachableCodeHandler UC(S); 121 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 122 } 123 124 namespace { 125 /// Warn on logical operator errors in CFGBuilder 126 class LogicalErrorHandler : public CFGCallback { 127 Sema &S; 128 129 public: 130 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {} 131 132 static bool HasMacroID(const Expr *E) { 133 if (E->getExprLoc().isMacroID()) 134 return true; 135 136 // Recurse to children. 137 for (const Stmt *SubStmt : E->children()) 138 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt)) 139 if (HasMacroID(SubExpr)) 140 return true; 141 142 return false; 143 } 144 145 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 146 if (HasMacroID(B)) 147 return; 148 149 SourceRange DiagRange = B->getSourceRange(); 150 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 151 << DiagRange << isAlwaysTrue; 152 } 153 154 void compareBitwiseEquality(const BinaryOperator *B, 155 bool isAlwaysTrue) override { 156 if (HasMacroID(B)) 157 return; 158 159 SourceRange DiagRange = B->getSourceRange(); 160 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 161 << DiagRange << isAlwaysTrue; 162 } 163 }; 164 } // anonymous namespace 165 166 //===----------------------------------------------------------------------===// 167 // Check for infinite self-recursion in functions 168 //===----------------------------------------------------------------------===// 169 170 // Returns true if the function is called anywhere within the CFGBlock. 171 // For member functions, the additional condition of being call from the 172 // this pointer is required. 173 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) { 174 // Process all the Stmt's in this block to find any calls to FD. 175 for (const auto &B : Block) { 176 if (B.getKind() != CFGElement::Statement) 177 continue; 178 179 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 180 if (!CE || !CE->getCalleeDecl() || 181 CE->getCalleeDecl()->getCanonicalDecl() != FD) 182 continue; 183 184 // Skip function calls which are qualified with a templated class. 185 if (const DeclRefExpr *DRE = 186 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) { 187 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 188 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 189 isa<TemplateSpecializationType>(NNS->getAsType())) { 190 continue; 191 } 192 } 193 } 194 195 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE); 196 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 197 !MCE->getMethodDecl()->isVirtual()) 198 return true; 199 } 200 return false; 201 } 202 203 // Returns true if every path from the entry block passes through a call to FD. 204 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) { 205 llvm::SmallPtrSet<CFGBlock *, 16> Visited; 206 llvm::SmallVector<CFGBlock *, 16> WorkList; 207 // Keep track of whether we found at least one recursive path. 208 bool foundRecursion = false; 209 210 const unsigned ExitID = cfg->getExit().getBlockID(); 211 212 // Seed the work list with the entry block. 213 WorkList.push_back(&cfg->getEntry()); 214 215 while (!WorkList.empty()) { 216 CFGBlock *Block = WorkList.pop_back_val(); 217 218 for (auto I = Block->succ_begin(), E = Block->succ_end(); I != E; ++I) { 219 if (CFGBlock *SuccBlock = *I) { 220 if (!Visited.insert(SuccBlock).second) 221 continue; 222 223 // Found a path to the exit node without a recursive call. 224 if (ExitID == SuccBlock->getBlockID()) 225 return false; 226 227 // If the successor block contains a recursive call, end analysis there. 228 if (hasRecursiveCallInPath(FD, *SuccBlock)) { 229 foundRecursion = true; 230 continue; 231 } 232 233 WorkList.push_back(SuccBlock); 234 } 235 } 236 } 237 return foundRecursion; 238 } 239 240 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 241 const Stmt *Body, AnalysisDeclContext &AC) { 242 FD = FD->getCanonicalDecl(); 243 244 // Only run on non-templated functions and non-templated members of 245 // templated classes. 246 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 247 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 248 return; 249 250 CFG *cfg = AC.getCFG(); 251 if (!cfg) return; 252 253 // Emit diagnostic if a recursive function call is detected for all paths. 254 if (checkForRecursiveFunctionCall(FD, cfg)) 255 S.Diag(Body->getBeginLoc(), diag::warn_infinite_recursive_function); 256 } 257 258 //===----------------------------------------------------------------------===// 259 // Check for throw in a non-throwing function. 260 //===----------------------------------------------------------------------===// 261 262 /// Determine whether an exception thrown by E, unwinding from ThrowBlock, 263 /// can reach ExitBlock. 264 static bool throwEscapes(Sema &S, const CXXThrowExpr *E, CFGBlock &ThrowBlock, 265 CFG *Body) { 266 SmallVector<CFGBlock *, 16> Stack; 267 llvm::BitVector Queued(Body->getNumBlockIDs()); 268 269 Stack.push_back(&ThrowBlock); 270 Queued[ThrowBlock.getBlockID()] = true; 271 272 while (!Stack.empty()) { 273 CFGBlock &UnwindBlock = *Stack.back(); 274 Stack.pop_back(); 275 276 for (auto &Succ : UnwindBlock.succs()) { 277 if (!Succ.isReachable() || Queued[Succ->getBlockID()]) 278 continue; 279 280 if (Succ->getBlockID() == Body->getExit().getBlockID()) 281 return true; 282 283 if (auto *Catch = 284 dyn_cast_or_null<CXXCatchStmt>(Succ->getLabel())) { 285 QualType Caught = Catch->getCaughtType(); 286 if (Caught.isNull() || // catch (...) catches everything 287 !E->getSubExpr() || // throw; is considered cuaght by any handler 288 S.handlerCanCatch(Caught, E->getSubExpr()->getType())) 289 // Exception doesn't escape via this path. 290 break; 291 } else { 292 Stack.push_back(Succ); 293 Queued[Succ->getBlockID()] = true; 294 } 295 } 296 } 297 298 return false; 299 } 300 301 static void visitReachableThrows( 302 CFG *BodyCFG, 303 llvm::function_ref<void(const CXXThrowExpr *, CFGBlock &)> Visit) { 304 llvm::BitVector Reachable(BodyCFG->getNumBlockIDs()); 305 clang::reachable_code::ScanReachableFromBlock(&BodyCFG->getEntry(), Reachable); 306 for (CFGBlock *B : *BodyCFG) { 307 if (!Reachable[B->getBlockID()]) 308 continue; 309 for (CFGElement &E : *B) { 310 Optional<CFGStmt> S = E.getAs<CFGStmt>(); 311 if (!S) 312 continue; 313 if (auto *Throw = dyn_cast<CXXThrowExpr>(S->getStmt())) 314 Visit(Throw, *B); 315 } 316 } 317 } 318 319 static void EmitDiagForCXXThrowInNonThrowingFunc(Sema &S, SourceLocation OpLoc, 320 const FunctionDecl *FD) { 321 if (!S.getSourceManager().isInSystemHeader(OpLoc) && 322 FD->getTypeSourceInfo()) { 323 S.Diag(OpLoc, diag::warn_throw_in_noexcept_func) << FD; 324 if (S.getLangOpts().CPlusPlus11 && 325 (isa<CXXDestructorDecl>(FD) || 326 FD->getDeclName().getCXXOverloadedOperator() == OO_Delete || 327 FD->getDeclName().getCXXOverloadedOperator() == OO_Array_Delete)) { 328 if (const auto *Ty = FD->getTypeSourceInfo()->getType()-> 329 getAs<FunctionProtoType>()) 330 S.Diag(FD->getLocation(), diag::note_throw_in_dtor) 331 << !isa<CXXDestructorDecl>(FD) << !Ty->hasExceptionSpec() 332 << FD->getExceptionSpecSourceRange(); 333 } else 334 S.Diag(FD->getLocation(), diag::note_throw_in_function) 335 << FD->getExceptionSpecSourceRange(); 336 } 337 } 338 339 static void checkThrowInNonThrowingFunc(Sema &S, const FunctionDecl *FD, 340 AnalysisDeclContext &AC) { 341 CFG *BodyCFG = AC.getCFG(); 342 if (!BodyCFG) 343 return; 344 if (BodyCFG->getExit().pred_empty()) 345 return; 346 visitReachableThrows(BodyCFG, [&](const CXXThrowExpr *Throw, CFGBlock &Block) { 347 if (throwEscapes(S, Throw, Block, BodyCFG)) 348 EmitDiagForCXXThrowInNonThrowingFunc(S, Throw->getThrowLoc(), FD); 349 }); 350 } 351 352 static bool isNoexcept(const FunctionDecl *FD) { 353 const auto *FPT = FD->getType()->castAs<FunctionProtoType>(); 354 if (FPT->isNothrow() || FD->hasAttr<NoThrowAttr>()) 355 return true; 356 return false; 357 } 358 359 //===----------------------------------------------------------------------===// 360 // Check for missing return value. 361 //===----------------------------------------------------------------------===// 362 363 enum ControlFlowKind { 364 UnknownFallThrough, 365 NeverFallThrough, 366 MaybeFallThrough, 367 AlwaysFallThrough, 368 NeverFallThroughOrReturn 369 }; 370 371 /// CheckFallThrough - Check that we don't fall off the end of a 372 /// Statement that should return a value. 373 /// 374 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 375 /// MaybeFallThrough iff we might or might not fall off the end, 376 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 377 /// return. We assume NeverFallThrough iff we never fall off the end of the 378 /// statement but we may return. We assume that functions not marked noreturn 379 /// will return. 380 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 381 CFG *cfg = AC.getCFG(); 382 if (!cfg) return UnknownFallThrough; 383 384 // The CFG leaves in dead things, and we don't want the dead code paths to 385 // confuse us, so we mark all live things first. 386 llvm::BitVector live(cfg->getNumBlockIDs()); 387 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 388 live); 389 390 bool AddEHEdges = AC.getAddEHEdges(); 391 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 392 // When there are things remaining dead, and we didn't add EH edges 393 // from CallExprs to the catch clauses, we have to go back and 394 // mark them as live. 395 for (const auto *B : *cfg) { 396 if (!live[B->getBlockID()]) { 397 if (B->pred_begin() == B->pred_end()) { 398 if (B->getTerminator() && isa<CXXTryStmt>(B->getTerminator())) 399 // When not adding EH edges from calls, catch clauses 400 // can otherwise seem dead. Avoid noting them as dead. 401 count += reachable_code::ScanReachableFromBlock(B, live); 402 continue; 403 } 404 } 405 } 406 407 // Now we know what is live, we check the live precessors of the exit block 408 // and look for fall through paths, being careful to ignore normal returns, 409 // and exceptional paths. 410 bool HasLiveReturn = false; 411 bool HasFakeEdge = false; 412 bool HasPlainEdge = false; 413 bool HasAbnormalEdge = false; 414 415 // Ignore default cases that aren't likely to be reachable because all 416 // enums in a switch(X) have explicit case statements. 417 CFGBlock::FilterOptions FO; 418 FO.IgnoreDefaultsWithCoveredEnums = 1; 419 420 for (CFGBlock::filtered_pred_iterator I = 421 cfg->getExit().filtered_pred_start_end(FO); 422 I.hasMore(); ++I) { 423 const CFGBlock &B = **I; 424 if (!live[B.getBlockID()]) 425 continue; 426 427 // Skip blocks which contain an element marked as no-return. They don't 428 // represent actually viable edges into the exit block, so mark them as 429 // abnormal. 430 if (B.hasNoReturnElement()) { 431 HasAbnormalEdge = true; 432 continue; 433 } 434 435 // Destructors can appear after the 'return' in the CFG. This is 436 // normal. We need to look pass the destructors for the return 437 // statement (if it exists). 438 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 439 440 for ( ; ri != re ; ++ri) 441 if (ri->getAs<CFGStmt>()) 442 break; 443 444 // No more CFGElements in the block? 445 if (ri == re) { 446 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) { 447 HasAbnormalEdge = true; 448 continue; 449 } 450 // A labeled empty statement, or the entry block... 451 HasPlainEdge = true; 452 continue; 453 } 454 455 CFGStmt CS = ri->castAs<CFGStmt>(); 456 const Stmt *S = CS.getStmt(); 457 if (isa<ReturnStmt>(S) || isa<CoreturnStmt>(S)) { 458 HasLiveReturn = true; 459 continue; 460 } 461 if (isa<ObjCAtThrowStmt>(S)) { 462 HasFakeEdge = true; 463 continue; 464 } 465 if (isa<CXXThrowExpr>(S)) { 466 HasFakeEdge = true; 467 continue; 468 } 469 if (isa<MSAsmStmt>(S)) { 470 // TODO: Verify this is correct. 471 HasFakeEdge = true; 472 HasLiveReturn = true; 473 continue; 474 } 475 if (isa<CXXTryStmt>(S)) { 476 HasAbnormalEdge = true; 477 continue; 478 } 479 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit()) 480 == B.succ_end()) { 481 HasAbnormalEdge = true; 482 continue; 483 } 484 485 HasPlainEdge = true; 486 } 487 if (!HasPlainEdge) { 488 if (HasLiveReturn) 489 return NeverFallThrough; 490 return NeverFallThroughOrReturn; 491 } 492 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 493 return MaybeFallThrough; 494 // This says AlwaysFallThrough for calls to functions that are not marked 495 // noreturn, that don't return. If people would like this warning to be more 496 // accurate, such functions should be marked as noreturn. 497 return AlwaysFallThrough; 498 } 499 500 namespace { 501 502 struct CheckFallThroughDiagnostics { 503 unsigned diag_MaybeFallThrough_HasNoReturn; 504 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 505 unsigned diag_AlwaysFallThrough_HasNoReturn; 506 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 507 unsigned diag_NeverFallThroughOrReturn; 508 enum { Function, Block, Lambda, Coroutine } funMode; 509 SourceLocation FuncLoc; 510 511 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 512 CheckFallThroughDiagnostics D; 513 D.FuncLoc = Func->getLocation(); 514 D.diag_MaybeFallThrough_HasNoReturn = 515 diag::warn_falloff_noreturn_function; 516 D.diag_MaybeFallThrough_ReturnsNonVoid = 517 diag::warn_maybe_falloff_nonvoid_function; 518 D.diag_AlwaysFallThrough_HasNoReturn = 519 diag::warn_falloff_noreturn_function; 520 D.diag_AlwaysFallThrough_ReturnsNonVoid = 521 diag::warn_falloff_nonvoid_function; 522 523 // Don't suggest that virtual functions be marked "noreturn", since they 524 // might be overridden by non-noreturn functions. 525 bool isVirtualMethod = false; 526 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 527 isVirtualMethod = Method->isVirtual(); 528 529 // Don't suggest that template instantiations be marked "noreturn" 530 bool isTemplateInstantiation = false; 531 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 532 isTemplateInstantiation = Function->isTemplateInstantiation(); 533 534 if (!isVirtualMethod && !isTemplateInstantiation) 535 D.diag_NeverFallThroughOrReturn = 536 diag::warn_suggest_noreturn_function; 537 else 538 D.diag_NeverFallThroughOrReturn = 0; 539 540 D.funMode = Function; 541 return D; 542 } 543 544 static CheckFallThroughDiagnostics MakeForCoroutine(const Decl *Func) { 545 CheckFallThroughDiagnostics D; 546 D.FuncLoc = Func->getLocation(); 547 D.diag_MaybeFallThrough_HasNoReturn = 0; 548 D.diag_MaybeFallThrough_ReturnsNonVoid = 549 diag::warn_maybe_falloff_nonvoid_coroutine; 550 D.diag_AlwaysFallThrough_HasNoReturn = 0; 551 D.diag_AlwaysFallThrough_ReturnsNonVoid = 552 diag::warn_falloff_nonvoid_coroutine; 553 D.funMode = Coroutine; 554 return D; 555 } 556 557 static CheckFallThroughDiagnostics MakeForBlock() { 558 CheckFallThroughDiagnostics D; 559 D.diag_MaybeFallThrough_HasNoReturn = 560 diag::err_noreturn_block_has_return_expr; 561 D.diag_MaybeFallThrough_ReturnsNonVoid = 562 diag::err_maybe_falloff_nonvoid_block; 563 D.diag_AlwaysFallThrough_HasNoReturn = 564 diag::err_noreturn_block_has_return_expr; 565 D.diag_AlwaysFallThrough_ReturnsNonVoid = 566 diag::err_falloff_nonvoid_block; 567 D.diag_NeverFallThroughOrReturn = 0; 568 D.funMode = Block; 569 return D; 570 } 571 572 static CheckFallThroughDiagnostics MakeForLambda() { 573 CheckFallThroughDiagnostics D; 574 D.diag_MaybeFallThrough_HasNoReturn = 575 diag::err_noreturn_lambda_has_return_expr; 576 D.diag_MaybeFallThrough_ReturnsNonVoid = 577 diag::warn_maybe_falloff_nonvoid_lambda; 578 D.diag_AlwaysFallThrough_HasNoReturn = 579 diag::err_noreturn_lambda_has_return_expr; 580 D.diag_AlwaysFallThrough_ReturnsNonVoid = 581 diag::warn_falloff_nonvoid_lambda; 582 D.diag_NeverFallThroughOrReturn = 0; 583 D.funMode = Lambda; 584 return D; 585 } 586 587 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 588 bool HasNoReturn) const { 589 if (funMode == Function) { 590 return (ReturnsVoid || 591 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 592 FuncLoc)) && 593 (!HasNoReturn || 594 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 595 FuncLoc)) && 596 (!ReturnsVoid || 597 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 598 } 599 if (funMode == Coroutine) { 600 return (ReturnsVoid || 601 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, FuncLoc) || 602 D.isIgnored(diag::warn_maybe_falloff_nonvoid_coroutine, 603 FuncLoc)) && 604 (!HasNoReturn); 605 } 606 // For blocks / lambdas. 607 return ReturnsVoid && !HasNoReturn; 608 } 609 }; 610 611 } // anonymous namespace 612 613 /// CheckFallThroughForBody - Check that we don't fall off the end of a 614 /// function that should return a value. Check that we don't fall off the end 615 /// of a noreturn function. We assume that functions and blocks not marked 616 /// noreturn will return. 617 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 618 const BlockExpr *blkExpr, 619 const CheckFallThroughDiagnostics &CD, 620 AnalysisDeclContext &AC, 621 sema::FunctionScopeInfo *FSI) { 622 623 bool ReturnsVoid = false; 624 bool HasNoReturn = false; 625 bool IsCoroutine = FSI->isCoroutine(); 626 627 if (const auto *FD = dyn_cast<FunctionDecl>(D)) { 628 if (const auto *CBody = dyn_cast<CoroutineBodyStmt>(Body)) 629 ReturnsVoid = CBody->getFallthroughHandler() != nullptr; 630 else 631 ReturnsVoid = FD->getReturnType()->isVoidType(); 632 HasNoReturn = FD->isNoReturn(); 633 } 634 else if (const auto *MD = dyn_cast<ObjCMethodDecl>(D)) { 635 ReturnsVoid = MD->getReturnType()->isVoidType(); 636 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 637 } 638 else if (isa<BlockDecl>(D)) { 639 QualType BlockTy = blkExpr->getType(); 640 if (const FunctionType *FT = 641 BlockTy->getPointeeType()->getAs<FunctionType>()) { 642 if (FT->getReturnType()->isVoidType()) 643 ReturnsVoid = true; 644 if (FT->getNoReturnAttr()) 645 HasNoReturn = true; 646 } 647 } 648 649 DiagnosticsEngine &Diags = S.getDiagnostics(); 650 651 // Short circuit for compilation speed. 652 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 653 return; 654 SourceLocation LBrace = Body->getBeginLoc(), RBrace = Body->getEndLoc(); 655 auto EmitDiag = [&](SourceLocation Loc, unsigned DiagID) { 656 if (IsCoroutine) 657 S.Diag(Loc, DiagID) << FSI->CoroutinePromise->getType(); 658 else 659 S.Diag(Loc, DiagID); 660 }; 661 662 // cpu_dispatch functions permit empty function bodies for ICC compatibility. 663 if (D->getAsFunction() && D->getAsFunction()->isCPUDispatchMultiVersion()) 664 return; 665 666 // Either in a function body compound statement, or a function-try-block. 667 switch (CheckFallThrough(AC)) { 668 case UnknownFallThrough: 669 break; 670 671 case MaybeFallThrough: 672 if (HasNoReturn) 673 EmitDiag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn); 674 else if (!ReturnsVoid) 675 EmitDiag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid); 676 break; 677 case AlwaysFallThrough: 678 if (HasNoReturn) 679 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn); 680 else if (!ReturnsVoid) 681 EmitDiag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid); 682 break; 683 case NeverFallThroughOrReturn: 684 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 685 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 686 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD; 687 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 688 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD; 689 } else { 690 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn); 691 } 692 } 693 break; 694 case NeverFallThrough: 695 break; 696 } 697 } 698 699 //===----------------------------------------------------------------------===// 700 // -Wuninitialized 701 //===----------------------------------------------------------------------===// 702 703 namespace { 704 /// ContainsReference - A visitor class to search for references to 705 /// a particular declaration (the needle) within any evaluated component of an 706 /// expression (recursively). 707 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> { 708 bool FoundReference; 709 const DeclRefExpr *Needle; 710 711 public: 712 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited; 713 714 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 715 : Inherited(Context), FoundReference(false), Needle(Needle) {} 716 717 void VisitExpr(const Expr *E) { 718 // Stop evaluating if we already have a reference. 719 if (FoundReference) 720 return; 721 722 Inherited::VisitExpr(E); 723 } 724 725 void VisitDeclRefExpr(const DeclRefExpr *E) { 726 if (E == Needle) 727 FoundReference = true; 728 else 729 Inherited::VisitDeclRefExpr(E); 730 } 731 732 bool doesContainReference() const { return FoundReference; } 733 }; 734 } // anonymous namespace 735 736 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 737 QualType VariableTy = VD->getType().getCanonicalType(); 738 if (VariableTy->isBlockPointerType() && 739 !VD->hasAttr<BlocksAttr>()) { 740 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 741 << VD->getDeclName() 742 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 743 return true; 744 } 745 746 // Don't issue a fixit if there is already an initializer. 747 if (VD->getInit()) 748 return false; 749 750 // Don't suggest a fixit inside macros. 751 if (VD->getEndLoc().isMacroID()) 752 return false; 753 754 SourceLocation Loc = S.getLocForEndOfToken(VD->getEndLoc()); 755 756 // Suggest possible initialization (if any). 757 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 758 if (Init.empty()) 759 return false; 760 761 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 762 << FixItHint::CreateInsertion(Loc, Init); 763 return true; 764 } 765 766 /// Create a fixit to remove an if-like statement, on the assumption that its 767 /// condition is CondVal. 768 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 769 const Stmt *Else, bool CondVal, 770 FixItHint &Fixit1, FixItHint &Fixit2) { 771 if (CondVal) { 772 // If condition is always true, remove all but the 'then'. 773 Fixit1 = FixItHint::CreateRemoval( 774 CharSourceRange::getCharRange(If->getBeginLoc(), Then->getBeginLoc())); 775 if (Else) { 776 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getEndLoc()); 777 Fixit2 = 778 FixItHint::CreateRemoval(SourceRange(ElseKwLoc, Else->getEndLoc())); 779 } 780 } else { 781 // If condition is always false, remove all but the 'else'. 782 if (Else) 783 Fixit1 = FixItHint::CreateRemoval(CharSourceRange::getCharRange( 784 If->getBeginLoc(), Else->getBeginLoc())); 785 else 786 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 787 } 788 } 789 790 /// DiagUninitUse -- Helper function to produce a diagnostic for an 791 /// uninitialized use of a variable. 792 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 793 bool IsCapturedByBlock) { 794 bool Diagnosed = false; 795 796 switch (Use.getKind()) { 797 case UninitUse::Always: 798 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_uninit_var) 799 << VD->getDeclName() << IsCapturedByBlock 800 << Use.getUser()->getSourceRange(); 801 return; 802 803 case UninitUse::AfterDecl: 804 case UninitUse::AfterCall: 805 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 806 << VD->getDeclName() << IsCapturedByBlock 807 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 808 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 809 << VD->getSourceRange(); 810 S.Diag(Use.getUser()->getBeginLoc(), diag::note_uninit_var_use) 811 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 812 return; 813 814 case UninitUse::Maybe: 815 case UninitUse::Sometimes: 816 // Carry on to report sometimes-uninitialized branches, if possible, 817 // or a 'may be used uninitialized' diagnostic otherwise. 818 break; 819 } 820 821 // Diagnose each branch which leads to a sometimes-uninitialized use. 822 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 823 I != E; ++I) { 824 assert(Use.getKind() == UninitUse::Sometimes); 825 826 const Expr *User = Use.getUser(); 827 const Stmt *Term = I->Terminator; 828 829 // Information used when building the diagnostic. 830 unsigned DiagKind; 831 StringRef Str; 832 SourceRange Range; 833 834 // FixIts to suppress the diagnostic by removing the dead condition. 835 // For all binary terminators, branch 0 is taken if the condition is true, 836 // and branch 1 is taken if the condition is false. 837 int RemoveDiagKind = -1; 838 const char *FixitStr = 839 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 840 : (I->Output ? "1" : "0"); 841 FixItHint Fixit1, Fixit2; 842 843 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 844 default: 845 // Don't know how to report this. Just fall back to 'may be used 846 // uninitialized'. FIXME: Can this happen? 847 continue; 848 849 // "condition is true / condition is false". 850 case Stmt::IfStmtClass: { 851 const IfStmt *IS = cast<IfStmt>(Term); 852 DiagKind = 0; 853 Str = "if"; 854 Range = IS->getCond()->getSourceRange(); 855 RemoveDiagKind = 0; 856 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 857 I->Output, Fixit1, Fixit2); 858 break; 859 } 860 case Stmt::ConditionalOperatorClass: { 861 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 862 DiagKind = 0; 863 Str = "?:"; 864 Range = CO->getCond()->getSourceRange(); 865 RemoveDiagKind = 0; 866 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 867 I->Output, Fixit1, Fixit2); 868 break; 869 } 870 case Stmt::BinaryOperatorClass: { 871 const BinaryOperator *BO = cast<BinaryOperator>(Term); 872 if (!BO->isLogicalOp()) 873 continue; 874 DiagKind = 0; 875 Str = BO->getOpcodeStr(); 876 Range = BO->getLHS()->getSourceRange(); 877 RemoveDiagKind = 0; 878 if ((BO->getOpcode() == BO_LAnd && I->Output) || 879 (BO->getOpcode() == BO_LOr && !I->Output)) 880 // true && y -> y, false || y -> y. 881 Fixit1 = FixItHint::CreateRemoval( 882 SourceRange(BO->getBeginLoc(), BO->getOperatorLoc())); 883 else 884 // false && y -> false, true || y -> true. 885 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 886 break; 887 } 888 889 // "loop is entered / loop is exited". 890 case Stmt::WhileStmtClass: 891 DiagKind = 1; 892 Str = "while"; 893 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 894 RemoveDiagKind = 1; 895 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 896 break; 897 case Stmt::ForStmtClass: 898 DiagKind = 1; 899 Str = "for"; 900 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 901 RemoveDiagKind = 1; 902 if (I->Output) 903 Fixit1 = FixItHint::CreateRemoval(Range); 904 else 905 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 906 break; 907 case Stmt::CXXForRangeStmtClass: 908 if (I->Output == 1) { 909 // The use occurs if a range-based for loop's body never executes. 910 // That may be impossible, and there's no syntactic fix for this, 911 // so treat it as a 'may be uninitialized' case. 912 continue; 913 } 914 DiagKind = 1; 915 Str = "for"; 916 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 917 break; 918 919 // "condition is true / loop is exited". 920 case Stmt::DoStmtClass: 921 DiagKind = 2; 922 Str = "do"; 923 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 924 RemoveDiagKind = 1; 925 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 926 break; 927 928 // "switch case is taken". 929 case Stmt::CaseStmtClass: 930 DiagKind = 3; 931 Str = "case"; 932 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 933 break; 934 case Stmt::DefaultStmtClass: 935 DiagKind = 3; 936 Str = "default"; 937 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 938 break; 939 } 940 941 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 942 << VD->getDeclName() << IsCapturedByBlock << DiagKind 943 << Str << I->Output << Range; 944 S.Diag(User->getBeginLoc(), diag::note_uninit_var_use) 945 << IsCapturedByBlock << User->getSourceRange(); 946 if (RemoveDiagKind != -1) 947 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 948 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 949 950 Diagnosed = true; 951 } 952 953 if (!Diagnosed) 954 S.Diag(Use.getUser()->getBeginLoc(), diag::warn_maybe_uninit_var) 955 << VD->getDeclName() << IsCapturedByBlock 956 << Use.getUser()->getSourceRange(); 957 } 958 959 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 960 /// uninitialized variable. This manages the different forms of diagnostic 961 /// emitted for particular types of uses. Returns true if the use was diagnosed 962 /// as a warning. If a particular use is one we omit warnings for, returns 963 /// false. 964 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 965 const UninitUse &Use, 966 bool alwaysReportSelfInit = false) { 967 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 968 // Inspect the initializer of the variable declaration which is 969 // being referenced prior to its initialization. We emit 970 // specialized diagnostics for self-initialization, and we 971 // specifically avoid warning about self references which take the 972 // form of: 973 // 974 // int x = x; 975 // 976 // This is used to indicate to GCC that 'x' is intentionally left 977 // uninitialized. Proven code paths which access 'x' in 978 // an uninitialized state after this will still warn. 979 if (const Expr *Initializer = VD->getInit()) { 980 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 981 return false; 982 983 ContainsReference CR(S.Context, DRE); 984 CR.Visit(Initializer); 985 if (CR.doesContainReference()) { 986 S.Diag(DRE->getBeginLoc(), diag::warn_uninit_self_reference_in_init) 987 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 988 return true; 989 } 990 } 991 992 DiagUninitUse(S, VD, Use, false); 993 } else { 994 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 995 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 996 S.Diag(BE->getBeginLoc(), 997 diag::warn_uninit_byref_blockvar_captured_by_block) 998 << VD->getDeclName(); 999 else 1000 DiagUninitUse(S, VD, Use, true); 1001 } 1002 1003 // Report where the variable was declared when the use wasn't within 1004 // the initializer of that declaration & we didn't already suggest 1005 // an initialization fixit. 1006 if (!SuggestInitializationFixit(S, VD)) 1007 S.Diag(VD->getBeginLoc(), diag::note_var_declared_here) 1008 << VD->getDeclName(); 1009 1010 return true; 1011 } 1012 1013 namespace { 1014 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 1015 public: 1016 FallthroughMapper(Sema &S) 1017 : FoundSwitchStatements(false), 1018 S(S) { 1019 } 1020 1021 bool foundSwitchStatements() const { return FoundSwitchStatements; } 1022 1023 void markFallthroughVisited(const AttributedStmt *Stmt) { 1024 bool Found = FallthroughStmts.erase(Stmt); 1025 assert(Found); 1026 (void)Found; 1027 } 1028 1029 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 1030 1031 const AttrStmts &getFallthroughStmts() const { 1032 return FallthroughStmts; 1033 } 1034 1035 void fillReachableBlocks(CFG *Cfg) { 1036 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 1037 std::deque<const CFGBlock *> BlockQueue; 1038 1039 ReachableBlocks.insert(&Cfg->getEntry()); 1040 BlockQueue.push_back(&Cfg->getEntry()); 1041 // Mark all case blocks reachable to avoid problems with switching on 1042 // constants, covered enums, etc. 1043 // These blocks can contain fall-through annotations, and we don't want to 1044 // issue a warn_fallthrough_attr_unreachable for them. 1045 for (const auto *B : *Cfg) { 1046 const Stmt *L = B->getLabel(); 1047 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second) 1048 BlockQueue.push_back(B); 1049 } 1050 1051 while (!BlockQueue.empty()) { 1052 const CFGBlock *P = BlockQueue.front(); 1053 BlockQueue.pop_front(); 1054 for (CFGBlock::const_succ_iterator I = P->succ_begin(), 1055 E = P->succ_end(); 1056 I != E; ++I) { 1057 if (*I && ReachableBlocks.insert(*I).second) 1058 BlockQueue.push_back(*I); 1059 } 1060 } 1061 } 1062 1063 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt, 1064 bool IsTemplateInstantiation) { 1065 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 1066 1067 int UnannotatedCnt = 0; 1068 AnnotatedCnt = 0; 1069 1070 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 1071 while (!BlockQueue.empty()) { 1072 const CFGBlock *P = BlockQueue.front(); 1073 BlockQueue.pop_front(); 1074 if (!P) continue; 1075 1076 const Stmt *Term = P->getTerminator(); 1077 if (Term && isa<SwitchStmt>(Term)) 1078 continue; // Switch statement, good. 1079 1080 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 1081 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1082 continue; // Previous case label has no statements, good. 1083 1084 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 1085 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 1086 continue; // Case label is preceded with a normal label, good. 1087 1088 if (!ReachableBlocks.count(P)) { 1089 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(), 1090 ElemEnd = P->rend(); 1091 ElemIt != ElemEnd; ++ElemIt) { 1092 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) { 1093 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 1094 // Don't issue a warning for an unreachable fallthrough 1095 // attribute in template instantiations as it may not be 1096 // unreachable in all instantiations of the template. 1097 if (!IsTemplateInstantiation) 1098 S.Diag(AS->getBeginLoc(), 1099 diag::warn_fallthrough_attr_unreachable); 1100 markFallthroughVisited(AS); 1101 ++AnnotatedCnt; 1102 break; 1103 } 1104 // Don't care about other unreachable statements. 1105 } 1106 } 1107 // If there are no unreachable statements, this may be a special 1108 // case in CFG: 1109 // case X: { 1110 // A a; // A has a destructor. 1111 // break; 1112 // } 1113 // // <<<< This place is represented by a 'hanging' CFG block. 1114 // case Y: 1115 continue; 1116 } 1117 1118 const Stmt *LastStmt = getLastStmt(*P); 1119 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 1120 markFallthroughVisited(AS); 1121 ++AnnotatedCnt; 1122 continue; // Fallthrough annotation, good. 1123 } 1124 1125 if (!LastStmt) { // This block contains no executable statements. 1126 // Traverse its predecessors. 1127 std::copy(P->pred_begin(), P->pred_end(), 1128 std::back_inserter(BlockQueue)); 1129 continue; 1130 } 1131 1132 ++UnannotatedCnt; 1133 } 1134 return !!UnannotatedCnt; 1135 } 1136 1137 // RecursiveASTVisitor setup. 1138 bool shouldWalkTypesOfTypeLocs() const { return false; } 1139 1140 bool VisitAttributedStmt(AttributedStmt *S) { 1141 if (asFallThroughAttr(S)) 1142 FallthroughStmts.insert(S); 1143 return true; 1144 } 1145 1146 bool VisitSwitchStmt(SwitchStmt *S) { 1147 FoundSwitchStatements = true; 1148 return true; 1149 } 1150 1151 // We don't want to traverse local type declarations. We analyze their 1152 // methods separately. 1153 bool TraverseDecl(Decl *D) { return true; } 1154 1155 // We analyze lambda bodies separately. Skip them here. 1156 bool TraverseLambdaBody(LambdaExpr *LE) { return true; } 1157 1158 private: 1159 1160 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1161 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1162 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1163 return AS; 1164 } 1165 return nullptr; 1166 } 1167 1168 static const Stmt *getLastStmt(const CFGBlock &B) { 1169 if (const Stmt *Term = B.getTerminator()) 1170 return Term; 1171 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(), 1172 ElemEnd = B.rend(); 1173 ElemIt != ElemEnd; ++ElemIt) { 1174 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) 1175 return CS->getStmt(); 1176 } 1177 // Workaround to detect a statement thrown out by CFGBuilder: 1178 // case X: {} case Y: 1179 // case X: ; case Y: 1180 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1181 if (!isa<SwitchCase>(SW->getSubStmt())) 1182 return SW->getSubStmt(); 1183 1184 return nullptr; 1185 } 1186 1187 bool FoundSwitchStatements; 1188 AttrStmts FallthroughStmts; 1189 Sema &S; 1190 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1191 }; 1192 } // anonymous namespace 1193 1194 static StringRef getFallthroughAttrSpelling(Preprocessor &PP, 1195 SourceLocation Loc) { 1196 TokenValue FallthroughTokens[] = { 1197 tok::l_square, tok::l_square, 1198 PP.getIdentifierInfo("fallthrough"), 1199 tok::r_square, tok::r_square 1200 }; 1201 1202 TokenValue ClangFallthroughTokens[] = { 1203 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1204 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1205 tok::r_square, tok::r_square 1206 }; 1207 1208 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus17; 1209 1210 StringRef MacroName; 1211 if (PreferClangAttr) 1212 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1213 if (MacroName.empty()) 1214 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens); 1215 if (MacroName.empty() && !PreferClangAttr) 1216 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens); 1217 if (MacroName.empty()) 1218 MacroName = PreferClangAttr ? "[[clang::fallthrough]]" : "[[fallthrough]]"; 1219 return MacroName; 1220 } 1221 1222 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1223 bool PerFunction) { 1224 // Only perform this analysis when using [[]] attributes. There is no good 1225 // workflow for this warning when not using C++11. There is no good way to 1226 // silence the warning (no attribute is available) unless we are using 1227 // [[]] attributes. One could use pragmas to silence the warning, but as a 1228 // general solution that is gross and not in the spirit of this warning. 1229 // 1230 // NOTE: This an intermediate solution. There are on-going discussions on 1231 // how to properly support this warning outside of C++11 with an annotation. 1232 if (!AC.getASTContext().getLangOpts().DoubleSquareBracketAttributes) 1233 return; 1234 1235 FallthroughMapper FM(S); 1236 FM.TraverseStmt(AC.getBody()); 1237 1238 if (!FM.foundSwitchStatements()) 1239 return; 1240 1241 if (PerFunction && FM.getFallthroughStmts().empty()) 1242 return; 1243 1244 CFG *Cfg = AC.getCFG(); 1245 1246 if (!Cfg) 1247 return; 1248 1249 FM.fillReachableBlocks(Cfg); 1250 1251 for (const CFGBlock *B : llvm::reverse(*Cfg)) { 1252 const Stmt *Label = B->getLabel(); 1253 1254 if (!Label || !isa<SwitchCase>(Label)) 1255 continue; 1256 1257 int AnnotatedCnt; 1258 1259 bool IsTemplateInstantiation = false; 1260 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(AC.getDecl())) 1261 IsTemplateInstantiation = Function->isTemplateInstantiation(); 1262 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt, 1263 IsTemplateInstantiation)) 1264 continue; 1265 1266 S.Diag(Label->getBeginLoc(), 1267 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1268 : diag::warn_unannotated_fallthrough); 1269 1270 if (!AnnotatedCnt) { 1271 SourceLocation L = Label->getBeginLoc(); 1272 if (L.isMacroID()) 1273 continue; 1274 if (S.getLangOpts().CPlusPlus11) { 1275 const Stmt *Term = B->getTerminator(); 1276 // Skip empty cases. 1277 while (B->empty() && !Term && B->succ_size() == 1) { 1278 B = *B->succ_begin(); 1279 Term = B->getTerminator(); 1280 } 1281 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1282 Preprocessor &PP = S.getPreprocessor(); 1283 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L); 1284 SmallString<64> TextToInsert(AnnotationSpelling); 1285 TextToInsert += "; "; 1286 S.Diag(L, diag::note_insert_fallthrough_fixit) << 1287 AnnotationSpelling << 1288 FixItHint::CreateInsertion(L, TextToInsert); 1289 } 1290 } 1291 S.Diag(L, diag::note_insert_break_fixit) << 1292 FixItHint::CreateInsertion(L, "break; "); 1293 } 1294 } 1295 1296 for (const auto *F : FM.getFallthroughStmts()) 1297 S.Diag(F->getBeginLoc(), diag::err_fallthrough_attr_invalid_placement); 1298 } 1299 1300 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1301 const Stmt *S) { 1302 assert(S); 1303 1304 do { 1305 switch (S->getStmtClass()) { 1306 case Stmt::ForStmtClass: 1307 case Stmt::WhileStmtClass: 1308 case Stmt::CXXForRangeStmtClass: 1309 case Stmt::ObjCForCollectionStmtClass: 1310 return true; 1311 case Stmt::DoStmtClass: { 1312 const Expr *Cond = cast<DoStmt>(S)->getCond(); 1313 llvm::APSInt Val; 1314 if (!Cond->EvaluateAsInt(Val, Ctx)) 1315 return true; 1316 return Val.getBoolValue(); 1317 } 1318 default: 1319 break; 1320 } 1321 } while ((S = PM.getParent(S))); 1322 1323 return false; 1324 } 1325 1326 static void diagnoseRepeatedUseOfWeak(Sema &S, 1327 const sema::FunctionScopeInfo *CurFn, 1328 const Decl *D, 1329 const ParentMap &PM) { 1330 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1331 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1332 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1333 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1334 StmtUsesPair; 1335 1336 ASTContext &Ctx = S.getASTContext(); 1337 1338 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1339 1340 // Extract all weak objects that are referenced more than once. 1341 SmallVector<StmtUsesPair, 8> UsesByStmt; 1342 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1343 I != E; ++I) { 1344 const WeakUseVector &Uses = I->second; 1345 1346 // Find the first read of the weak object. 1347 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1348 for ( ; UI != UE; ++UI) { 1349 if (UI->isUnsafe()) 1350 break; 1351 } 1352 1353 // If there were only writes to this object, don't warn. 1354 if (UI == UE) 1355 continue; 1356 1357 // If there was only one read, followed by any number of writes, and the 1358 // read is not within a loop, don't warn. Additionally, don't warn in a 1359 // loop if the base object is a local variable -- local variables are often 1360 // changed in loops. 1361 if (UI == Uses.begin()) { 1362 WeakUseVector::const_iterator UI2 = UI; 1363 for (++UI2; UI2 != UE; ++UI2) 1364 if (UI2->isUnsafe()) 1365 break; 1366 1367 if (UI2 == UE) { 1368 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1369 continue; 1370 1371 const WeakObjectProfileTy &Profile = I->first; 1372 if (!Profile.isExactProfile()) 1373 continue; 1374 1375 const NamedDecl *Base = Profile.getBase(); 1376 if (!Base) 1377 Base = Profile.getProperty(); 1378 assert(Base && "A profile always has a base or property."); 1379 1380 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1381 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1382 continue; 1383 } 1384 } 1385 1386 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1387 } 1388 1389 if (UsesByStmt.empty()) 1390 return; 1391 1392 // Sort by first use so that we emit the warnings in a deterministic order. 1393 SourceManager &SM = S.getSourceManager(); 1394 llvm::sort(UsesByStmt.begin(), UsesByStmt.end(), 1395 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1396 return SM.isBeforeInTranslationUnit(LHS.first->getBeginLoc(), 1397 RHS.first->getBeginLoc()); 1398 }); 1399 1400 // Classify the current code body for better warning text. 1401 // This enum should stay in sync with the cases in 1402 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1403 // FIXME: Should we use a common classification enum and the same set of 1404 // possibilities all throughout Sema? 1405 enum { 1406 Function, 1407 Method, 1408 Block, 1409 Lambda 1410 } FunctionKind; 1411 1412 if (isa<sema::BlockScopeInfo>(CurFn)) 1413 FunctionKind = Block; 1414 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1415 FunctionKind = Lambda; 1416 else if (isa<ObjCMethodDecl>(D)) 1417 FunctionKind = Method; 1418 else 1419 FunctionKind = Function; 1420 1421 // Iterate through the sorted problems and emit warnings for each. 1422 for (const auto &P : UsesByStmt) { 1423 const Stmt *FirstRead = P.first; 1424 const WeakObjectProfileTy &Key = P.second->first; 1425 const WeakUseVector &Uses = P.second->second; 1426 1427 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1428 // may not contain enough information to determine that these are different 1429 // properties. We can only be 100% sure of a repeated use in certain cases, 1430 // and we adjust the diagnostic kind accordingly so that the less certain 1431 // case can be turned off if it is too noisy. 1432 unsigned DiagKind; 1433 if (Key.isExactProfile()) 1434 DiagKind = diag::warn_arc_repeated_use_of_weak; 1435 else 1436 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1437 1438 // Classify the weak object being accessed for better warning text. 1439 // This enum should stay in sync with the cases in 1440 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1441 enum { 1442 Variable, 1443 Property, 1444 ImplicitProperty, 1445 Ivar 1446 } ObjectKind; 1447 1448 const NamedDecl *KeyProp = Key.getProperty(); 1449 if (isa<VarDecl>(KeyProp)) 1450 ObjectKind = Variable; 1451 else if (isa<ObjCPropertyDecl>(KeyProp)) 1452 ObjectKind = Property; 1453 else if (isa<ObjCMethodDecl>(KeyProp)) 1454 ObjectKind = ImplicitProperty; 1455 else if (isa<ObjCIvarDecl>(KeyProp)) 1456 ObjectKind = Ivar; 1457 else 1458 llvm_unreachable("Unexpected weak object kind!"); 1459 1460 // Do not warn about IBOutlet weak property receivers being set to null 1461 // since they are typically only used from the main thread. 1462 if (const ObjCPropertyDecl *Prop = dyn_cast<ObjCPropertyDecl>(KeyProp)) 1463 if (Prop->hasAttr<IBOutletAttr>()) 1464 continue; 1465 1466 // Show the first time the object was read. 1467 S.Diag(FirstRead->getBeginLoc(), DiagKind) 1468 << int(ObjectKind) << KeyProp << int(FunctionKind) 1469 << FirstRead->getSourceRange(); 1470 1471 // Print all the other accesses as notes. 1472 for (const auto &Use : Uses) { 1473 if (Use.getUseExpr() == FirstRead) 1474 continue; 1475 S.Diag(Use.getUseExpr()->getBeginLoc(), 1476 diag::note_arc_weak_also_accessed_here) 1477 << Use.getUseExpr()->getSourceRange(); 1478 } 1479 } 1480 } 1481 1482 namespace { 1483 class UninitValsDiagReporter : public UninitVariablesHandler { 1484 Sema &S; 1485 typedef SmallVector<UninitUse, 2> UsesVec; 1486 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1487 // Prefer using MapVector to DenseMap, so that iteration order will be 1488 // the same as insertion order. This is needed to obtain a deterministic 1489 // order of diagnostics when calling flushDiagnostics(). 1490 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1491 UsesMap uses; 1492 1493 public: 1494 UninitValsDiagReporter(Sema &S) : S(S) {} 1495 ~UninitValsDiagReporter() override { flushDiagnostics(); } 1496 1497 MappedType &getUses(const VarDecl *vd) { 1498 MappedType &V = uses[vd]; 1499 if (!V.getPointer()) 1500 V.setPointer(new UsesVec()); 1501 return V; 1502 } 1503 1504 void handleUseOfUninitVariable(const VarDecl *vd, 1505 const UninitUse &use) override { 1506 getUses(vd).getPointer()->push_back(use); 1507 } 1508 1509 void handleSelfInit(const VarDecl *vd) override { 1510 getUses(vd).setInt(true); 1511 } 1512 1513 void flushDiagnostics() { 1514 for (const auto &P : uses) { 1515 const VarDecl *vd = P.first; 1516 const MappedType &V = P.second; 1517 1518 UsesVec *vec = V.getPointer(); 1519 bool hasSelfInit = V.getInt(); 1520 1521 // Specially handle the case where we have uses of an uninitialized 1522 // variable, but the root cause is an idiomatic self-init. We want 1523 // to report the diagnostic at the self-init since that is the root cause. 1524 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1525 DiagnoseUninitializedUse(S, vd, 1526 UninitUse(vd->getInit()->IgnoreParenCasts(), 1527 /* isAlwaysUninit */ true), 1528 /* alwaysReportSelfInit */ true); 1529 else { 1530 // Sort the uses by their SourceLocations. While not strictly 1531 // guaranteed to produce them in line/column order, this will provide 1532 // a stable ordering. 1533 llvm::sort(vec->begin(), vec->end(), 1534 [](const UninitUse &a, const UninitUse &b) { 1535 // Prefer a more confident report over a less confident one. 1536 if (a.getKind() != b.getKind()) 1537 return a.getKind() > b.getKind(); 1538 return a.getUser()->getBeginLoc() < b.getUser()->getBeginLoc(); 1539 }); 1540 1541 for (const auto &U : *vec) { 1542 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1543 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1544 1545 if (DiagnoseUninitializedUse(S, vd, Use)) 1546 // Skip further diagnostics for this variable. We try to warn only 1547 // on the first point at which a variable is used uninitialized. 1548 break; 1549 } 1550 } 1551 1552 // Release the uses vector. 1553 delete vec; 1554 } 1555 1556 uses.clear(); 1557 } 1558 1559 private: 1560 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1561 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) { 1562 return U.getKind() == UninitUse::Always || 1563 U.getKind() == UninitUse::AfterCall || 1564 U.getKind() == UninitUse::AfterDecl; 1565 }); 1566 } 1567 }; 1568 } // anonymous namespace 1569 1570 namespace clang { 1571 namespace { 1572 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1573 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1574 typedef std::list<DelayedDiag> DiagList; 1575 1576 struct SortDiagBySourceLocation { 1577 SourceManager &SM; 1578 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1579 1580 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1581 // Although this call will be slow, this is only called when outputting 1582 // multiple warnings. 1583 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1584 } 1585 }; 1586 } // anonymous namespace 1587 } // namespace clang 1588 1589 //===----------------------------------------------------------------------===// 1590 // -Wthread-safety 1591 //===----------------------------------------------------------------------===// 1592 namespace clang { 1593 namespace threadSafety { 1594 namespace { 1595 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1596 Sema &S; 1597 DiagList Warnings; 1598 SourceLocation FunLocation, FunEndLocation; 1599 1600 const FunctionDecl *CurrentFunction; 1601 bool Verbose; 1602 1603 OptionalNotes getNotes() const { 1604 if (Verbose && CurrentFunction) { 1605 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1606 S.PDiag(diag::note_thread_warning_in_fun) 1607 << CurrentFunction); 1608 return OptionalNotes(1, FNote); 1609 } 1610 return OptionalNotes(); 1611 } 1612 1613 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1614 OptionalNotes ONS(1, Note); 1615 if (Verbose && CurrentFunction) { 1616 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1617 S.PDiag(diag::note_thread_warning_in_fun) 1618 << CurrentFunction); 1619 ONS.push_back(std::move(FNote)); 1620 } 1621 return ONS; 1622 } 1623 1624 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1625 const PartialDiagnosticAt &Note2) const { 1626 OptionalNotes ONS; 1627 ONS.push_back(Note1); 1628 ONS.push_back(Note2); 1629 if (Verbose && CurrentFunction) { 1630 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getBeginLoc(), 1631 S.PDiag(diag::note_thread_warning_in_fun) 1632 << CurrentFunction); 1633 ONS.push_back(std::move(FNote)); 1634 } 1635 return ONS; 1636 } 1637 1638 // Helper functions 1639 void warnLockMismatch(unsigned DiagID, StringRef Kind, Name LockName, 1640 SourceLocation Loc) { 1641 // Gracefully handle rare cases when the analysis can't get a more 1642 // precise source location. 1643 if (!Loc.isValid()) 1644 Loc = FunLocation; 1645 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind << LockName); 1646 Warnings.emplace_back(std::move(Warning), getNotes()); 1647 } 1648 1649 public: 1650 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1651 : S(S), FunLocation(FL), FunEndLocation(FEL), 1652 CurrentFunction(nullptr), Verbose(false) {} 1653 1654 void setVerbose(bool b) { Verbose = b; } 1655 1656 /// Emit all buffered diagnostics in order of sourcelocation. 1657 /// We need to output diagnostics produced while iterating through 1658 /// the lockset in deterministic order, so this function orders diagnostics 1659 /// and outputs them. 1660 void emitDiagnostics() { 1661 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1662 for (const auto &Diag : Warnings) { 1663 S.Diag(Diag.first.first, Diag.first.second); 1664 for (const auto &Note : Diag.second) 1665 S.Diag(Note.first, Note.second); 1666 } 1667 } 1668 1669 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override { 1670 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1671 << Loc); 1672 Warnings.emplace_back(std::move(Warning), getNotes()); 1673 } 1674 1675 void handleUnmatchedUnlock(StringRef Kind, Name LockName, 1676 SourceLocation Loc) override { 1677 warnLockMismatch(diag::warn_unlock_but_no_lock, Kind, LockName, Loc); 1678 } 1679 1680 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1681 LockKind Expected, LockKind Received, 1682 SourceLocation Loc) override { 1683 if (Loc.isInvalid()) 1684 Loc = FunLocation; 1685 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_kind_mismatch) 1686 << Kind << LockName << Received 1687 << Expected); 1688 Warnings.emplace_back(std::move(Warning), getNotes()); 1689 } 1690 1691 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc) override { 1692 warnLockMismatch(diag::warn_double_lock, Kind, LockName, Loc); 1693 } 1694 1695 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1696 SourceLocation LocLocked, 1697 SourceLocation LocEndOfScope, 1698 LockErrorKind LEK) override { 1699 unsigned DiagID = 0; 1700 switch (LEK) { 1701 case LEK_LockedSomePredecessors: 1702 DiagID = diag::warn_lock_some_predecessors; 1703 break; 1704 case LEK_LockedSomeLoopIterations: 1705 DiagID = diag::warn_expecting_lock_held_on_loop; 1706 break; 1707 case LEK_LockedAtEndOfFunction: 1708 DiagID = diag::warn_no_unlock; 1709 break; 1710 case LEK_NotLockedAtEndOfFunction: 1711 DiagID = diag::warn_expecting_locked; 1712 break; 1713 } 1714 if (LocEndOfScope.isInvalid()) 1715 LocEndOfScope = FunEndLocation; 1716 1717 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1718 << LockName); 1719 if (LocLocked.isValid()) { 1720 PartialDiagnosticAt Note(LocLocked, S.PDiag(diag::note_locked_here) 1721 << Kind); 1722 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1723 return; 1724 } 1725 Warnings.emplace_back(std::move(Warning), getNotes()); 1726 } 1727 1728 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1729 SourceLocation Loc1, 1730 SourceLocation Loc2) override { 1731 PartialDiagnosticAt Warning(Loc1, 1732 S.PDiag(diag::warn_lock_exclusive_and_shared) 1733 << Kind << LockName); 1734 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1735 << Kind << LockName); 1736 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1737 } 1738 1739 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D, 1740 ProtectedOperationKind POK, AccessKind AK, 1741 SourceLocation Loc) override { 1742 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1743 "Only works for variables"); 1744 unsigned DiagID = POK == POK_VarAccess? 1745 diag::warn_variable_requires_any_lock: 1746 diag::warn_var_deref_requires_any_lock; 1747 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1748 << D << getLockKindFromAccessKind(AK)); 1749 Warnings.emplace_back(std::move(Warning), getNotes()); 1750 } 1751 1752 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1753 ProtectedOperationKind POK, Name LockName, 1754 LockKind LK, SourceLocation Loc, 1755 Name *PossibleMatch) override { 1756 unsigned DiagID = 0; 1757 if (PossibleMatch) { 1758 switch (POK) { 1759 case POK_VarAccess: 1760 DiagID = diag::warn_variable_requires_lock_precise; 1761 break; 1762 case POK_VarDereference: 1763 DiagID = diag::warn_var_deref_requires_lock_precise; 1764 break; 1765 case POK_FunctionCall: 1766 DiagID = diag::warn_fun_requires_lock_precise; 1767 break; 1768 case POK_PassByRef: 1769 DiagID = diag::warn_guarded_pass_by_reference; 1770 break; 1771 case POK_PtPassByRef: 1772 DiagID = diag::warn_pt_guarded_pass_by_reference; 1773 break; 1774 } 1775 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1776 << D 1777 << LockName << LK); 1778 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1779 << *PossibleMatch); 1780 if (Verbose && POK == POK_VarAccess) { 1781 PartialDiagnosticAt VNote(D->getLocation(), 1782 S.PDiag(diag::note_guarded_by_declared_here) 1783 << D->getNameAsString()); 1784 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote)); 1785 } else 1786 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1787 } else { 1788 switch (POK) { 1789 case POK_VarAccess: 1790 DiagID = diag::warn_variable_requires_lock; 1791 break; 1792 case POK_VarDereference: 1793 DiagID = diag::warn_var_deref_requires_lock; 1794 break; 1795 case POK_FunctionCall: 1796 DiagID = diag::warn_fun_requires_lock; 1797 break; 1798 case POK_PassByRef: 1799 DiagID = diag::warn_guarded_pass_by_reference; 1800 break; 1801 case POK_PtPassByRef: 1802 DiagID = diag::warn_pt_guarded_pass_by_reference; 1803 break; 1804 } 1805 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1806 << D 1807 << LockName << LK); 1808 if (Verbose && POK == POK_VarAccess) { 1809 PartialDiagnosticAt Note(D->getLocation(), 1810 S.PDiag(diag::note_guarded_by_declared_here)); 1811 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1812 } else 1813 Warnings.emplace_back(std::move(Warning), getNotes()); 1814 } 1815 } 1816 1817 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 1818 SourceLocation Loc) override { 1819 PartialDiagnosticAt Warning(Loc, 1820 S.PDiag(diag::warn_acquire_requires_negative_cap) 1821 << Kind << LockName << Neg); 1822 Warnings.emplace_back(std::move(Warning), getNotes()); 1823 } 1824 1825 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 1826 SourceLocation Loc) override { 1827 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 1828 << Kind << FunName << LockName); 1829 Warnings.emplace_back(std::move(Warning), getNotes()); 1830 } 1831 1832 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name, 1833 SourceLocation Loc) override { 1834 PartialDiagnosticAt Warning(Loc, 1835 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name); 1836 Warnings.emplace_back(std::move(Warning), getNotes()); 1837 } 1838 1839 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override { 1840 PartialDiagnosticAt Warning(Loc, 1841 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name); 1842 Warnings.emplace_back(std::move(Warning), getNotes()); 1843 } 1844 1845 void enterFunction(const FunctionDecl* FD) override { 1846 CurrentFunction = FD; 1847 } 1848 1849 void leaveFunction(const FunctionDecl* FD) override { 1850 CurrentFunction = nullptr; 1851 } 1852 }; 1853 } // anonymous namespace 1854 } // namespace threadSafety 1855 } // namespace clang 1856 1857 //===----------------------------------------------------------------------===// 1858 // -Wconsumed 1859 //===----------------------------------------------------------------------===// 1860 1861 namespace clang { 1862 namespace consumed { 1863 namespace { 1864 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 1865 1866 Sema &S; 1867 DiagList Warnings; 1868 1869 public: 1870 1871 ConsumedWarningsHandler(Sema &S) : S(S) {} 1872 1873 void emitDiagnostics() override { 1874 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1875 for (const auto &Diag : Warnings) { 1876 S.Diag(Diag.first.first, Diag.first.second); 1877 for (const auto &Note : Diag.second) 1878 S.Diag(Note.first, Note.second); 1879 } 1880 } 1881 1882 void warnLoopStateMismatch(SourceLocation Loc, 1883 StringRef VariableName) override { 1884 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 1885 VariableName); 1886 1887 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1888 } 1889 1890 void warnParamReturnTypestateMismatch(SourceLocation Loc, 1891 StringRef VariableName, 1892 StringRef ExpectedState, 1893 StringRef ObservedState) override { 1894 1895 PartialDiagnosticAt Warning(Loc, S.PDiag( 1896 diag::warn_param_return_typestate_mismatch) << VariableName << 1897 ExpectedState << ObservedState); 1898 1899 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1900 } 1901 1902 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1903 StringRef ObservedState) override { 1904 1905 PartialDiagnosticAt Warning(Loc, S.PDiag( 1906 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 1907 1908 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1909 } 1910 1911 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 1912 StringRef TypeName) override { 1913 PartialDiagnosticAt Warning(Loc, S.PDiag( 1914 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 1915 1916 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1917 } 1918 1919 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1920 StringRef ObservedState) override { 1921 1922 PartialDiagnosticAt Warning(Loc, S.PDiag( 1923 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 1924 1925 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1926 } 1927 1928 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 1929 SourceLocation Loc) override { 1930 1931 PartialDiagnosticAt Warning(Loc, S.PDiag( 1932 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 1933 1934 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1935 } 1936 1937 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 1938 StringRef State, SourceLocation Loc) override { 1939 1940 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 1941 MethodName << VariableName << State); 1942 1943 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1944 } 1945 }; 1946 } // anonymous namespace 1947 } // namespace consumed 1948 } // namespace clang 1949 1950 //===----------------------------------------------------------------------===// 1951 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 1952 // warnings on a function, method, or block. 1953 //===----------------------------------------------------------------------===// 1954 1955 clang::sema::AnalysisBasedWarnings::Policy::Policy() { 1956 enableCheckFallThrough = 1; 1957 enableCheckUnreachable = 0; 1958 enableThreadSafetyAnalysis = 0; 1959 enableConsumedAnalysis = 0; 1960 } 1961 1962 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 1963 return (unsigned)!D.isIgnored(diag, SourceLocation()); 1964 } 1965 1966 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 1967 : S(s), 1968 NumFunctionsAnalyzed(0), 1969 NumFunctionsWithBadCFGs(0), 1970 NumCFGBlocks(0), 1971 MaxCFGBlocksPerFunction(0), 1972 NumUninitAnalysisFunctions(0), 1973 NumUninitAnalysisVariables(0), 1974 MaxUninitAnalysisVariablesPerFunction(0), 1975 NumUninitAnalysisBlockVisits(0), 1976 MaxUninitAnalysisBlockVisitsPerFunction(0) { 1977 1978 using namespace diag; 1979 DiagnosticsEngine &D = S.getDiagnostics(); 1980 1981 DefaultPolicy.enableCheckUnreachable = 1982 isEnabled(D, warn_unreachable) || 1983 isEnabled(D, warn_unreachable_break) || 1984 isEnabled(D, warn_unreachable_return) || 1985 isEnabled(D, warn_unreachable_loop_increment); 1986 1987 DefaultPolicy.enableThreadSafetyAnalysis = 1988 isEnabled(D, warn_double_lock); 1989 1990 DefaultPolicy.enableConsumedAnalysis = 1991 isEnabled(D, warn_use_in_invalid_state); 1992 } 1993 1994 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 1995 for (const auto &D : fscope->PossiblyUnreachableDiags) 1996 S.Diag(D.Loc, D.PD); 1997 } 1998 1999 void clang::sema:: 2000 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P, 2001 sema::FunctionScopeInfo *fscope, 2002 const Decl *D, const BlockExpr *blkExpr) { 2003 2004 // We avoid doing analysis-based warnings when there are errors for 2005 // two reasons: 2006 // (1) The CFGs often can't be constructed (if the body is invalid), so 2007 // don't bother trying. 2008 // (2) The code already has problems; running the analysis just takes more 2009 // time. 2010 DiagnosticsEngine &Diags = S.getDiagnostics(); 2011 2012 // Do not do any analysis if we are going to just ignore them. 2013 if (Diags.getIgnoreAllWarnings() || 2014 (Diags.getSuppressSystemWarnings() && 2015 S.SourceMgr.isInSystemHeader(D->getLocation()))) 2016 return; 2017 2018 // For code in dependent contexts, we'll do this at instantiation time. 2019 if (cast<DeclContext>(D)->isDependentContext()) 2020 return; 2021 2022 if (Diags.hasUncompilableErrorOccurred()) { 2023 // Flush out any possibly unreachable diagnostics. 2024 flushDiagnostics(S, fscope); 2025 return; 2026 } 2027 2028 const Stmt *Body = D->getBody(); 2029 assert(Body); 2030 2031 // Construct the analysis context with the specified CFG build options. 2032 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 2033 2034 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 2035 // explosion for destructors that can result and the compile time hit. 2036 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 2037 AC.getCFGBuildOptions().AddEHEdges = false; 2038 AC.getCFGBuildOptions().AddInitializers = true; 2039 AC.getCFGBuildOptions().AddImplicitDtors = true; 2040 AC.getCFGBuildOptions().AddTemporaryDtors = true; 2041 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 2042 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true; 2043 2044 // Force that certain expressions appear as CFGElements in the CFG. This 2045 // is used to speed up various analyses. 2046 // FIXME: This isn't the right factoring. This is here for initial 2047 // prototyping, but we need a way for analyses to say what expressions they 2048 // expect to always be CFGElements and then fill in the BuildOptions 2049 // appropriately. This is essentially a layering violation. 2050 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 2051 P.enableConsumedAnalysis) { 2052 // Unreachable code analysis and thread safety require a linearized CFG. 2053 AC.getCFGBuildOptions().setAllAlwaysAdd(); 2054 } 2055 else { 2056 AC.getCFGBuildOptions() 2057 .setAlwaysAdd(Stmt::BinaryOperatorClass) 2058 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 2059 .setAlwaysAdd(Stmt::BlockExprClass) 2060 .setAlwaysAdd(Stmt::CStyleCastExprClass) 2061 .setAlwaysAdd(Stmt::DeclRefExprClass) 2062 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 2063 .setAlwaysAdd(Stmt::UnaryOperatorClass) 2064 .setAlwaysAdd(Stmt::AttributedStmtClass); 2065 } 2066 2067 // Install the logical handler for -Wtautological-overlap-compare 2068 llvm::Optional<LogicalErrorHandler> LEH; 2069 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 2070 D->getBeginLoc())) { 2071 LEH.emplace(S); 2072 AC.getCFGBuildOptions().Observer = &*LEH; 2073 } 2074 2075 // Emit delayed diagnostics. 2076 if (!fscope->PossiblyUnreachableDiags.empty()) { 2077 bool analyzed = false; 2078 2079 // Register the expressions with the CFGBuilder. 2080 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2081 if (D.stmt) 2082 AC.registerForcedBlockExpression(D.stmt); 2083 } 2084 2085 if (AC.getCFG()) { 2086 analyzed = true; 2087 for (const auto &D : fscope->PossiblyUnreachableDiags) { 2088 bool processed = false; 2089 if (D.stmt) { 2090 const CFGBlock *block = AC.getBlockForRegisteredExpression(D.stmt); 2091 CFGReverseBlockReachabilityAnalysis *cra = 2092 AC.getCFGReachablityAnalysis(); 2093 // FIXME: We should be able to assert that block is non-null, but 2094 // the CFG analysis can skip potentially-evaluated expressions in 2095 // edge cases; see test/Sema/vla-2.c. 2096 if (block && cra) { 2097 // Can this block be reached from the entrance? 2098 if (cra->isReachable(&AC.getCFG()->getEntry(), block)) 2099 S.Diag(D.Loc, D.PD); 2100 processed = true; 2101 } 2102 } 2103 if (!processed) { 2104 // Emit the warning anyway if we cannot map to a basic block. 2105 S.Diag(D.Loc, D.PD); 2106 } 2107 } 2108 } 2109 2110 if (!analyzed) 2111 flushDiagnostics(S, fscope); 2112 } 2113 2114 // Warning: check missing 'return' 2115 if (P.enableCheckFallThrough) { 2116 const CheckFallThroughDiagnostics &CD = 2117 (isa<BlockDecl>(D) 2118 ? CheckFallThroughDiagnostics::MakeForBlock() 2119 : (isa<CXXMethodDecl>(D) && 2120 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 2121 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 2122 ? CheckFallThroughDiagnostics::MakeForLambda() 2123 : (fscope->isCoroutine() 2124 ? CheckFallThroughDiagnostics::MakeForCoroutine(D) 2125 : CheckFallThroughDiagnostics::MakeForFunction(D))); 2126 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC, fscope); 2127 } 2128 2129 // Warning: check for unreachable code 2130 if (P.enableCheckUnreachable) { 2131 // Only check for unreachable code on non-template instantiations. 2132 // Different template instantiations can effectively change the control-flow 2133 // and it is very difficult to prove that a snippet of code in a template 2134 // is unreachable for all instantiations. 2135 bool isTemplateInstantiation = false; 2136 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 2137 isTemplateInstantiation = Function->isTemplateInstantiation(); 2138 if (!isTemplateInstantiation) 2139 CheckUnreachable(S, AC); 2140 } 2141 2142 // Check for thread safety violations 2143 if (P.enableThreadSafetyAnalysis) { 2144 SourceLocation FL = AC.getDecl()->getLocation(); 2145 SourceLocation FEL = AC.getDecl()->getEndLoc(); 2146 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 2147 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getBeginLoc())) 2148 Reporter.setIssueBetaWarnings(true); 2149 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getBeginLoc())) 2150 Reporter.setVerbose(true); 2151 2152 threadSafety::runThreadSafetyAnalysis(AC, Reporter, 2153 &S.ThreadSafetyDeclCache); 2154 Reporter.emitDiagnostics(); 2155 } 2156 2157 // Check for violations of consumed properties. 2158 if (P.enableConsumedAnalysis) { 2159 consumed::ConsumedWarningsHandler WarningHandler(S); 2160 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 2161 Analyzer.run(AC); 2162 } 2163 2164 if (!Diags.isIgnored(diag::warn_uninit_var, D->getBeginLoc()) || 2165 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getBeginLoc()) || 2166 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getBeginLoc())) { 2167 if (CFG *cfg = AC.getCFG()) { 2168 UninitValsDiagReporter reporter(S); 2169 UninitVariablesAnalysisStats stats; 2170 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2171 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2172 reporter, stats); 2173 2174 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2175 ++NumUninitAnalysisFunctions; 2176 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2177 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2178 MaxUninitAnalysisVariablesPerFunction = 2179 std::max(MaxUninitAnalysisVariablesPerFunction, 2180 stats.NumVariablesAnalyzed); 2181 MaxUninitAnalysisBlockVisitsPerFunction = 2182 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2183 stats.NumBlockVisits); 2184 } 2185 } 2186 } 2187 2188 bool FallThroughDiagFull = 2189 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getBeginLoc()); 2190 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2191 diag::warn_unannotated_fallthrough_per_function, D->getBeginLoc()); 2192 if (FallThroughDiagFull || FallThroughDiagPerFunction || 2193 fscope->HasFallthroughStmt) { 2194 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2195 } 2196 2197 if (S.getLangOpts().ObjCWeak && 2198 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getBeginLoc())) 2199 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2200 2201 2202 // Check for infinite self-recursion in functions 2203 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2204 D->getBeginLoc())) { 2205 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2206 checkRecursiveFunction(S, FD, Body, AC); 2207 } 2208 } 2209 2210 // Check for throw out of non-throwing function. 2211 if (!Diags.isIgnored(diag::warn_throw_in_noexcept_func, D->getBeginLoc())) 2212 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) 2213 if (S.getLangOpts().CPlusPlus && isNoexcept(FD)) 2214 checkThrowInNonThrowingFunc(S, FD, AC); 2215 2216 // If none of the previous checks caused a CFG build, trigger one here 2217 // for -Wtautological-overlap-compare 2218 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 2219 D->getBeginLoc())) { 2220 AC.getCFG(); 2221 } 2222 2223 // Collect statistics about the CFG if it was built. 2224 if (S.CollectStats && AC.isCFGBuilt()) { 2225 ++NumFunctionsAnalyzed; 2226 if (CFG *cfg = AC.getCFG()) { 2227 // If we successfully built a CFG for this context, record some more 2228 // detail information about it. 2229 NumCFGBlocks += cfg->getNumBlockIDs(); 2230 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2231 cfg->getNumBlockIDs()); 2232 } else { 2233 ++NumFunctionsWithBadCFGs; 2234 } 2235 } 2236 } 2237 2238 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2239 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2240 2241 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2242 unsigned AvgCFGBlocksPerFunction = 2243 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2244 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2245 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2246 << " " << NumCFGBlocks << " CFG blocks built.\n" 2247 << " " << AvgCFGBlocksPerFunction 2248 << " average CFG blocks per function.\n" 2249 << " " << MaxCFGBlocksPerFunction 2250 << " max CFG blocks per function.\n"; 2251 2252 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2253 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2254 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2255 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2256 llvm::errs() << NumUninitAnalysisFunctions 2257 << " functions analyzed for uninitialiazed variables\n" 2258 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2259 << " " << AvgUninitVariablesPerFunction 2260 << " average variables per function.\n" 2261 << " " << MaxUninitAnalysisVariablesPerFunction 2262 << " max variables per function.\n" 2263 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2264 << " " << AvgUninitBlockVisitsPerFunction 2265 << " average block visits per function.\n" 2266 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2267 << " max block visits per function.\n"; 2268 } 2269