1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines analysis_warnings::[Policy,Executor]. 11 // Together they are used by Sema to issue warnings based on inexpensive 12 // static analysis algorithms in libAnalysis. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #include "clang/Sema/AnalysisBasedWarnings.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/EvaluatedExprVisitor.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/ExprObjC.h" 22 #include "clang/AST/ParentMap.h" 23 #include "clang/AST/RecursiveASTVisitor.h" 24 #include "clang/AST/StmtCXX.h" 25 #include "clang/AST/StmtObjC.h" 26 #include "clang/AST/StmtVisitor.h" 27 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 28 #include "clang/Analysis/Analyses/Consumed.h" 29 #include "clang/Analysis/Analyses/ReachableCode.h" 30 #include "clang/Analysis/Analyses/ThreadSafety.h" 31 #include "clang/Analysis/Analyses/UninitializedValues.h" 32 #include "clang/Analysis/AnalysisContext.h" 33 #include "clang/Analysis/CFG.h" 34 #include "clang/Analysis/CFGStmtMap.h" 35 #include "clang/Basic/SourceLocation.h" 36 #include "clang/Basic/SourceManager.h" 37 #include "clang/Lex/Lexer.h" 38 #include "clang/Lex/Preprocessor.h" 39 #include "clang/Sema/ScopeInfo.h" 40 #include "clang/Sema/SemaInternal.h" 41 #include "llvm/ADT/ArrayRef.h" 42 #include "llvm/ADT/BitVector.h" 43 #include "llvm/ADT/FoldingSet.h" 44 #include "llvm/ADT/ImmutableMap.h" 45 #include "llvm/ADT/MapVector.h" 46 #include "llvm/ADT/PostOrderIterator.h" 47 #include "llvm/ADT/SmallString.h" 48 #include "llvm/ADT/SmallVector.h" 49 #include "llvm/ADT/StringRef.h" 50 #include "llvm/Support/Casting.h" 51 #include <algorithm> 52 #include <deque> 53 #include <iterator> 54 #include <vector> 55 56 using namespace clang; 57 58 //===----------------------------------------------------------------------===// 59 // Unreachable code analysis. 60 //===----------------------------------------------------------------------===// 61 62 namespace { 63 class UnreachableCodeHandler : public reachable_code::Callback { 64 Sema &S; 65 public: 66 UnreachableCodeHandler(Sema &s) : S(s) {} 67 68 void HandleUnreachable(reachable_code::UnreachableKind UK, 69 SourceLocation L, 70 SourceRange SilenceableCondVal, 71 SourceRange R1, 72 SourceRange R2) override { 73 unsigned diag = diag::warn_unreachable; 74 switch (UK) { 75 case reachable_code::UK_Break: 76 diag = diag::warn_unreachable_break; 77 break; 78 case reachable_code::UK_Return: 79 diag = diag::warn_unreachable_return; 80 break; 81 case reachable_code::UK_Loop_Increment: 82 diag = diag::warn_unreachable_loop_increment; 83 break; 84 case reachable_code::UK_Other: 85 break; 86 } 87 88 S.Diag(L, diag) << R1 << R2; 89 90 SourceLocation Open = SilenceableCondVal.getBegin(); 91 if (Open.isValid()) { 92 SourceLocation Close = SilenceableCondVal.getEnd(); 93 Close = S.getLocForEndOfToken(Close); 94 if (Close.isValid()) { 95 S.Diag(Open, diag::note_unreachable_silence) 96 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 97 << FixItHint::CreateInsertion(Close, ")"); 98 } 99 } 100 } 101 }; 102 } 103 104 /// CheckUnreachable - Check for unreachable code. 105 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 106 // As a heuristic prune all diagnostics not in the main file. Currently 107 // the majority of warnings in headers are false positives. These 108 // are largely caused by configuration state, e.g. preprocessor 109 // defined code, etc. 110 // 111 // Note that this is also a performance optimization. Analyzing 112 // headers many times can be expensive. 113 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getLocStart())) 114 return; 115 116 UnreachableCodeHandler UC(S); 117 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 118 } 119 120 /// \brief Warn on logical operator errors in CFGBuilder 121 class LogicalErrorHandler : public CFGCallback { 122 Sema &S; 123 124 public: 125 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {} 126 127 static bool HasMacroID(const Expr *E) { 128 if (E->getExprLoc().isMacroID()) 129 return true; 130 131 // Recurse to children. 132 for (ConstStmtRange SubStmts = E->children(); SubStmts; ++SubStmts) 133 if (*SubStmts) 134 if (const Expr *SubExpr = dyn_cast<Expr>(*SubStmts)) 135 if (HasMacroID(SubExpr)) 136 return true; 137 138 return false; 139 } 140 141 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) { 142 if (HasMacroID(B)) 143 return; 144 145 SourceRange DiagRange = B->getSourceRange(); 146 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 147 << DiagRange << isAlwaysTrue; 148 } 149 150 void compareBitwiseEquality(const BinaryOperator *B, bool isAlwaysTrue) { 151 if (HasMacroID(B)) 152 return; 153 154 SourceRange DiagRange = B->getSourceRange(); 155 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 156 << DiagRange << isAlwaysTrue; 157 } 158 }; 159 160 161 //===----------------------------------------------------------------------===// 162 // Check for infinite self-recursion in functions 163 //===----------------------------------------------------------------------===// 164 165 // All blocks are in one of three states. States are ordered so that blocks 166 // can only move to higher states. 167 enum RecursiveState { 168 FoundNoPath, 169 FoundPath, 170 FoundPathWithNoRecursiveCall 171 }; 172 173 static void checkForFunctionCall(Sema &S, const FunctionDecl *FD, 174 CFGBlock &Block, unsigned ExitID, 175 llvm::SmallVectorImpl<RecursiveState> &States, 176 RecursiveState State) { 177 unsigned ID = Block.getBlockID(); 178 179 // A block's state can only move to a higher state. 180 if (States[ID] >= State) 181 return; 182 183 States[ID] = State; 184 185 // Found a path to the exit node without a recursive call. 186 if (ID == ExitID && State == FoundPathWithNoRecursiveCall) 187 return; 188 189 if (State == FoundPathWithNoRecursiveCall) { 190 // If the current state is FoundPathWithNoRecursiveCall, the successors 191 // will be either FoundPathWithNoRecursiveCall or FoundPath. To determine 192 // which, process all the Stmt's in this block to find any recursive calls. 193 for (const auto &B : Block) { 194 if (B.getKind() != CFGElement::Statement) 195 continue; 196 197 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 198 if (CE && CE->getCalleeDecl() && 199 CE->getCalleeDecl()->getCanonicalDecl() == FD) { 200 201 // Skip function calls which are qualified with a templated class. 202 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>( 203 CE->getCallee()->IgnoreParenImpCasts())) { 204 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 205 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 206 isa<TemplateSpecializationType>(NNS->getAsType())) { 207 continue; 208 } 209 } 210 } 211 212 if (const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE)) { 213 if (isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 214 !MCE->getMethodDecl()->isVirtual()) { 215 State = FoundPath; 216 break; 217 } 218 } else { 219 State = FoundPath; 220 break; 221 } 222 } 223 } 224 } 225 226 for (CFGBlock::succ_iterator I = Block.succ_begin(), E = Block.succ_end(); 227 I != E; ++I) 228 if (*I) 229 checkForFunctionCall(S, FD, **I, ExitID, States, State); 230 } 231 232 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 233 const Stmt *Body, 234 AnalysisDeclContext &AC) { 235 FD = FD->getCanonicalDecl(); 236 237 // Only run on non-templated functions and non-templated members of 238 // templated classes. 239 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 240 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 241 return; 242 243 CFG *cfg = AC.getCFG(); 244 if (!cfg) return; 245 246 // If the exit block is unreachable, skip processing the function. 247 if (cfg->getExit().pred_empty()) 248 return; 249 250 // Mark all nodes as FoundNoPath, then begin processing the entry block. 251 llvm::SmallVector<RecursiveState, 16> states(cfg->getNumBlockIDs(), 252 FoundNoPath); 253 checkForFunctionCall(S, FD, cfg->getEntry(), cfg->getExit().getBlockID(), 254 states, FoundPathWithNoRecursiveCall); 255 256 // Check that the exit block is reachable. This prevents triggering the 257 // warning on functions that do not terminate. 258 if (states[cfg->getExit().getBlockID()] == FoundPath) 259 S.Diag(Body->getLocStart(), diag::warn_infinite_recursive_function); 260 } 261 262 //===----------------------------------------------------------------------===// 263 // Check for missing return value. 264 //===----------------------------------------------------------------------===// 265 266 enum ControlFlowKind { 267 UnknownFallThrough, 268 NeverFallThrough, 269 MaybeFallThrough, 270 AlwaysFallThrough, 271 NeverFallThroughOrReturn 272 }; 273 274 /// CheckFallThrough - Check that we don't fall off the end of a 275 /// Statement that should return a value. 276 /// 277 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 278 /// MaybeFallThrough iff we might or might not fall off the end, 279 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 280 /// return. We assume NeverFallThrough iff we never fall off the end of the 281 /// statement but we may return. We assume that functions not marked noreturn 282 /// will return. 283 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 284 CFG *cfg = AC.getCFG(); 285 if (!cfg) return UnknownFallThrough; 286 287 // The CFG leaves in dead things, and we don't want the dead code paths to 288 // confuse us, so we mark all live things first. 289 llvm::BitVector live(cfg->getNumBlockIDs()); 290 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 291 live); 292 293 bool AddEHEdges = AC.getAddEHEdges(); 294 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 295 // When there are things remaining dead, and we didn't add EH edges 296 // from CallExprs to the catch clauses, we have to go back and 297 // mark them as live. 298 for (const auto *B : *cfg) { 299 if (!live[B->getBlockID()]) { 300 if (B->pred_begin() == B->pred_end()) { 301 if (B->getTerminator() && isa<CXXTryStmt>(B->getTerminator())) 302 // When not adding EH edges from calls, catch clauses 303 // can otherwise seem dead. Avoid noting them as dead. 304 count += reachable_code::ScanReachableFromBlock(B, live); 305 continue; 306 } 307 } 308 } 309 310 // Now we know what is live, we check the live precessors of the exit block 311 // and look for fall through paths, being careful to ignore normal returns, 312 // and exceptional paths. 313 bool HasLiveReturn = false; 314 bool HasFakeEdge = false; 315 bool HasPlainEdge = false; 316 bool HasAbnormalEdge = false; 317 318 // Ignore default cases that aren't likely to be reachable because all 319 // enums in a switch(X) have explicit case statements. 320 CFGBlock::FilterOptions FO; 321 FO.IgnoreDefaultsWithCoveredEnums = 1; 322 323 for (CFGBlock::filtered_pred_iterator 324 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) { 325 const CFGBlock& B = **I; 326 if (!live[B.getBlockID()]) 327 continue; 328 329 // Skip blocks which contain an element marked as no-return. They don't 330 // represent actually viable edges into the exit block, so mark them as 331 // abnormal. 332 if (B.hasNoReturnElement()) { 333 HasAbnormalEdge = true; 334 continue; 335 } 336 337 // Destructors can appear after the 'return' in the CFG. This is 338 // normal. We need to look pass the destructors for the return 339 // statement (if it exists). 340 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 341 342 for ( ; ri != re ; ++ri) 343 if (ri->getAs<CFGStmt>()) 344 break; 345 346 // No more CFGElements in the block? 347 if (ri == re) { 348 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) { 349 HasAbnormalEdge = true; 350 continue; 351 } 352 // A labeled empty statement, or the entry block... 353 HasPlainEdge = true; 354 continue; 355 } 356 357 CFGStmt CS = ri->castAs<CFGStmt>(); 358 const Stmt *S = CS.getStmt(); 359 if (isa<ReturnStmt>(S)) { 360 HasLiveReturn = true; 361 continue; 362 } 363 if (isa<ObjCAtThrowStmt>(S)) { 364 HasFakeEdge = true; 365 continue; 366 } 367 if (isa<CXXThrowExpr>(S)) { 368 HasFakeEdge = true; 369 continue; 370 } 371 if (isa<MSAsmStmt>(S)) { 372 // TODO: Verify this is correct. 373 HasFakeEdge = true; 374 HasLiveReturn = true; 375 continue; 376 } 377 if (isa<CXXTryStmt>(S)) { 378 HasAbnormalEdge = true; 379 continue; 380 } 381 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit()) 382 == B.succ_end()) { 383 HasAbnormalEdge = true; 384 continue; 385 } 386 387 HasPlainEdge = true; 388 } 389 if (!HasPlainEdge) { 390 if (HasLiveReturn) 391 return NeverFallThrough; 392 return NeverFallThroughOrReturn; 393 } 394 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 395 return MaybeFallThrough; 396 // This says AlwaysFallThrough for calls to functions that are not marked 397 // noreturn, that don't return. If people would like this warning to be more 398 // accurate, such functions should be marked as noreturn. 399 return AlwaysFallThrough; 400 } 401 402 namespace { 403 404 struct CheckFallThroughDiagnostics { 405 unsigned diag_MaybeFallThrough_HasNoReturn; 406 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 407 unsigned diag_AlwaysFallThrough_HasNoReturn; 408 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 409 unsigned diag_NeverFallThroughOrReturn; 410 enum { Function, Block, Lambda } funMode; 411 SourceLocation FuncLoc; 412 413 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 414 CheckFallThroughDiagnostics D; 415 D.FuncLoc = Func->getLocation(); 416 D.diag_MaybeFallThrough_HasNoReturn = 417 diag::warn_falloff_noreturn_function; 418 D.diag_MaybeFallThrough_ReturnsNonVoid = 419 diag::warn_maybe_falloff_nonvoid_function; 420 D.diag_AlwaysFallThrough_HasNoReturn = 421 diag::warn_falloff_noreturn_function; 422 D.diag_AlwaysFallThrough_ReturnsNonVoid = 423 diag::warn_falloff_nonvoid_function; 424 425 // Don't suggest that virtual functions be marked "noreturn", since they 426 // might be overridden by non-noreturn functions. 427 bool isVirtualMethod = false; 428 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 429 isVirtualMethod = Method->isVirtual(); 430 431 // Don't suggest that template instantiations be marked "noreturn" 432 bool isTemplateInstantiation = false; 433 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 434 isTemplateInstantiation = Function->isTemplateInstantiation(); 435 436 if (!isVirtualMethod && !isTemplateInstantiation) 437 D.diag_NeverFallThroughOrReturn = 438 diag::warn_suggest_noreturn_function; 439 else 440 D.diag_NeverFallThroughOrReturn = 0; 441 442 D.funMode = Function; 443 return D; 444 } 445 446 static CheckFallThroughDiagnostics MakeForBlock() { 447 CheckFallThroughDiagnostics D; 448 D.diag_MaybeFallThrough_HasNoReturn = 449 diag::err_noreturn_block_has_return_expr; 450 D.diag_MaybeFallThrough_ReturnsNonVoid = 451 diag::err_maybe_falloff_nonvoid_block; 452 D.diag_AlwaysFallThrough_HasNoReturn = 453 diag::err_noreturn_block_has_return_expr; 454 D.diag_AlwaysFallThrough_ReturnsNonVoid = 455 diag::err_falloff_nonvoid_block; 456 D.diag_NeverFallThroughOrReturn = 0; 457 D.funMode = Block; 458 return D; 459 } 460 461 static CheckFallThroughDiagnostics MakeForLambda() { 462 CheckFallThroughDiagnostics D; 463 D.diag_MaybeFallThrough_HasNoReturn = 464 diag::err_noreturn_lambda_has_return_expr; 465 D.diag_MaybeFallThrough_ReturnsNonVoid = 466 diag::warn_maybe_falloff_nonvoid_lambda; 467 D.diag_AlwaysFallThrough_HasNoReturn = 468 diag::err_noreturn_lambda_has_return_expr; 469 D.diag_AlwaysFallThrough_ReturnsNonVoid = 470 diag::warn_falloff_nonvoid_lambda; 471 D.diag_NeverFallThroughOrReturn = 0; 472 D.funMode = Lambda; 473 return D; 474 } 475 476 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 477 bool HasNoReturn) const { 478 if (funMode == Function) { 479 return (ReturnsVoid || 480 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 481 FuncLoc)) && 482 (!HasNoReturn || 483 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 484 FuncLoc)) && 485 (!ReturnsVoid || 486 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 487 } 488 489 // For blocks / lambdas. 490 return ReturnsVoid && !HasNoReturn; 491 } 492 }; 493 494 } 495 496 /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a 497 /// function that should return a value. Check that we don't fall off the end 498 /// of a noreturn function. We assume that functions and blocks not marked 499 /// noreturn will return. 500 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 501 const BlockExpr *blkExpr, 502 const CheckFallThroughDiagnostics& CD, 503 AnalysisDeclContext &AC) { 504 505 bool ReturnsVoid = false; 506 bool HasNoReturn = false; 507 508 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 509 ReturnsVoid = FD->getReturnType()->isVoidType(); 510 HasNoReturn = FD->isNoReturn(); 511 } 512 else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 513 ReturnsVoid = MD->getReturnType()->isVoidType(); 514 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 515 } 516 else if (isa<BlockDecl>(D)) { 517 QualType BlockTy = blkExpr->getType(); 518 if (const FunctionType *FT = 519 BlockTy->getPointeeType()->getAs<FunctionType>()) { 520 if (FT->getReturnType()->isVoidType()) 521 ReturnsVoid = true; 522 if (FT->getNoReturnAttr()) 523 HasNoReturn = true; 524 } 525 } 526 527 DiagnosticsEngine &Diags = S.getDiagnostics(); 528 529 // Short circuit for compilation speed. 530 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 531 return; 532 533 // FIXME: Function try block 534 if (const CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) { 535 switch (CheckFallThrough(AC)) { 536 case UnknownFallThrough: 537 break; 538 539 case MaybeFallThrough: 540 if (HasNoReturn) 541 S.Diag(Compound->getRBracLoc(), 542 CD.diag_MaybeFallThrough_HasNoReturn); 543 else if (!ReturnsVoid) 544 S.Diag(Compound->getRBracLoc(), 545 CD.diag_MaybeFallThrough_ReturnsNonVoid); 546 break; 547 case AlwaysFallThrough: 548 if (HasNoReturn) 549 S.Diag(Compound->getRBracLoc(), 550 CD.diag_AlwaysFallThrough_HasNoReturn); 551 else if (!ReturnsVoid) 552 S.Diag(Compound->getRBracLoc(), 553 CD.diag_AlwaysFallThrough_ReturnsNonVoid); 554 break; 555 case NeverFallThroughOrReturn: 556 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 557 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 558 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn) 559 << 0 << FD; 560 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 561 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn) 562 << 1 << MD; 563 } else { 564 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn); 565 } 566 } 567 break; 568 case NeverFallThrough: 569 break; 570 } 571 } 572 } 573 574 //===----------------------------------------------------------------------===// 575 // -Wuninitialized 576 //===----------------------------------------------------------------------===// 577 578 namespace { 579 /// ContainsReference - A visitor class to search for references to 580 /// a particular declaration (the needle) within any evaluated component of an 581 /// expression (recursively). 582 class ContainsReference : public EvaluatedExprVisitor<ContainsReference> { 583 bool FoundReference; 584 const DeclRefExpr *Needle; 585 586 public: 587 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 588 : EvaluatedExprVisitor<ContainsReference>(Context), 589 FoundReference(false), Needle(Needle) {} 590 591 void VisitExpr(Expr *E) { 592 // Stop evaluating if we already have a reference. 593 if (FoundReference) 594 return; 595 596 EvaluatedExprVisitor<ContainsReference>::VisitExpr(E); 597 } 598 599 void VisitDeclRefExpr(DeclRefExpr *E) { 600 if (E == Needle) 601 FoundReference = true; 602 else 603 EvaluatedExprVisitor<ContainsReference>::VisitDeclRefExpr(E); 604 } 605 606 bool doesContainReference() const { return FoundReference; } 607 }; 608 } 609 610 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 611 QualType VariableTy = VD->getType().getCanonicalType(); 612 if (VariableTy->isBlockPointerType() && 613 !VD->hasAttr<BlocksAttr>()) { 614 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 615 << VD->getDeclName() 616 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 617 return true; 618 } 619 620 // Don't issue a fixit if there is already an initializer. 621 if (VD->getInit()) 622 return false; 623 624 // Don't suggest a fixit inside macros. 625 if (VD->getLocEnd().isMacroID()) 626 return false; 627 628 SourceLocation Loc = S.getLocForEndOfToken(VD->getLocEnd()); 629 630 // Suggest possible initialization (if any). 631 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 632 if (Init.empty()) 633 return false; 634 635 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 636 << FixItHint::CreateInsertion(Loc, Init); 637 return true; 638 } 639 640 /// Create a fixit to remove an if-like statement, on the assumption that its 641 /// condition is CondVal. 642 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 643 const Stmt *Else, bool CondVal, 644 FixItHint &Fixit1, FixItHint &Fixit2) { 645 if (CondVal) { 646 // If condition is always true, remove all but the 'then'. 647 Fixit1 = FixItHint::CreateRemoval( 648 CharSourceRange::getCharRange(If->getLocStart(), 649 Then->getLocStart())); 650 if (Else) { 651 SourceLocation ElseKwLoc = Lexer::getLocForEndOfToken( 652 Then->getLocEnd(), 0, S.getSourceManager(), S.getLangOpts()); 653 Fixit2 = FixItHint::CreateRemoval( 654 SourceRange(ElseKwLoc, Else->getLocEnd())); 655 } 656 } else { 657 // If condition is always false, remove all but the 'else'. 658 if (Else) 659 Fixit1 = FixItHint::CreateRemoval( 660 CharSourceRange::getCharRange(If->getLocStart(), 661 Else->getLocStart())); 662 else 663 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 664 } 665 } 666 667 /// DiagUninitUse -- Helper function to produce a diagnostic for an 668 /// uninitialized use of a variable. 669 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 670 bool IsCapturedByBlock) { 671 bool Diagnosed = false; 672 673 switch (Use.getKind()) { 674 case UninitUse::Always: 675 S.Diag(Use.getUser()->getLocStart(), diag::warn_uninit_var) 676 << VD->getDeclName() << IsCapturedByBlock 677 << Use.getUser()->getSourceRange(); 678 return; 679 680 case UninitUse::AfterDecl: 681 case UninitUse::AfterCall: 682 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 683 << VD->getDeclName() << IsCapturedByBlock 684 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 685 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 686 << VD->getSourceRange(); 687 S.Diag(Use.getUser()->getLocStart(), diag::note_uninit_var_use) 688 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 689 return; 690 691 case UninitUse::Maybe: 692 case UninitUse::Sometimes: 693 // Carry on to report sometimes-uninitialized branches, if possible, 694 // or a 'may be used uninitialized' diagnostic otherwise. 695 break; 696 } 697 698 // Diagnose each branch which leads to a sometimes-uninitialized use. 699 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 700 I != E; ++I) { 701 assert(Use.getKind() == UninitUse::Sometimes); 702 703 const Expr *User = Use.getUser(); 704 const Stmt *Term = I->Terminator; 705 706 // Information used when building the diagnostic. 707 unsigned DiagKind; 708 StringRef Str; 709 SourceRange Range; 710 711 // FixIts to suppress the diagnostic by removing the dead condition. 712 // For all binary terminators, branch 0 is taken if the condition is true, 713 // and branch 1 is taken if the condition is false. 714 int RemoveDiagKind = -1; 715 const char *FixitStr = 716 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 717 : (I->Output ? "1" : "0"); 718 FixItHint Fixit1, Fixit2; 719 720 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 721 default: 722 // Don't know how to report this. Just fall back to 'may be used 723 // uninitialized'. FIXME: Can this happen? 724 continue; 725 726 // "condition is true / condition is false". 727 case Stmt::IfStmtClass: { 728 const IfStmt *IS = cast<IfStmt>(Term); 729 DiagKind = 0; 730 Str = "if"; 731 Range = IS->getCond()->getSourceRange(); 732 RemoveDiagKind = 0; 733 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 734 I->Output, Fixit1, Fixit2); 735 break; 736 } 737 case Stmt::ConditionalOperatorClass: { 738 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 739 DiagKind = 0; 740 Str = "?:"; 741 Range = CO->getCond()->getSourceRange(); 742 RemoveDiagKind = 0; 743 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 744 I->Output, Fixit1, Fixit2); 745 break; 746 } 747 case Stmt::BinaryOperatorClass: { 748 const BinaryOperator *BO = cast<BinaryOperator>(Term); 749 if (!BO->isLogicalOp()) 750 continue; 751 DiagKind = 0; 752 Str = BO->getOpcodeStr(); 753 Range = BO->getLHS()->getSourceRange(); 754 RemoveDiagKind = 0; 755 if ((BO->getOpcode() == BO_LAnd && I->Output) || 756 (BO->getOpcode() == BO_LOr && !I->Output)) 757 // true && y -> y, false || y -> y. 758 Fixit1 = FixItHint::CreateRemoval(SourceRange(BO->getLocStart(), 759 BO->getOperatorLoc())); 760 else 761 // false && y -> false, true || y -> true. 762 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 763 break; 764 } 765 766 // "loop is entered / loop is exited". 767 case Stmt::WhileStmtClass: 768 DiagKind = 1; 769 Str = "while"; 770 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 771 RemoveDiagKind = 1; 772 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 773 break; 774 case Stmt::ForStmtClass: 775 DiagKind = 1; 776 Str = "for"; 777 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 778 RemoveDiagKind = 1; 779 if (I->Output) 780 Fixit1 = FixItHint::CreateRemoval(Range); 781 else 782 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 783 break; 784 case Stmt::CXXForRangeStmtClass: 785 if (I->Output == 1) { 786 // The use occurs if a range-based for loop's body never executes. 787 // That may be impossible, and there's no syntactic fix for this, 788 // so treat it as a 'may be uninitialized' case. 789 continue; 790 } 791 DiagKind = 1; 792 Str = "for"; 793 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 794 break; 795 796 // "condition is true / loop is exited". 797 case Stmt::DoStmtClass: 798 DiagKind = 2; 799 Str = "do"; 800 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 801 RemoveDiagKind = 1; 802 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 803 break; 804 805 // "switch case is taken". 806 case Stmt::CaseStmtClass: 807 DiagKind = 3; 808 Str = "case"; 809 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 810 break; 811 case Stmt::DefaultStmtClass: 812 DiagKind = 3; 813 Str = "default"; 814 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 815 break; 816 } 817 818 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 819 << VD->getDeclName() << IsCapturedByBlock << DiagKind 820 << Str << I->Output << Range; 821 S.Diag(User->getLocStart(), diag::note_uninit_var_use) 822 << IsCapturedByBlock << User->getSourceRange(); 823 if (RemoveDiagKind != -1) 824 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 825 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 826 827 Diagnosed = true; 828 } 829 830 if (!Diagnosed) 831 S.Diag(Use.getUser()->getLocStart(), diag::warn_maybe_uninit_var) 832 << VD->getDeclName() << IsCapturedByBlock 833 << Use.getUser()->getSourceRange(); 834 } 835 836 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 837 /// uninitialized variable. This manages the different forms of diagnostic 838 /// emitted for particular types of uses. Returns true if the use was diagnosed 839 /// as a warning. If a particular use is one we omit warnings for, returns 840 /// false. 841 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 842 const UninitUse &Use, 843 bool alwaysReportSelfInit = false) { 844 845 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 846 // Inspect the initializer of the variable declaration which is 847 // being referenced prior to its initialization. We emit 848 // specialized diagnostics for self-initialization, and we 849 // specifically avoid warning about self references which take the 850 // form of: 851 // 852 // int x = x; 853 // 854 // This is used to indicate to GCC that 'x' is intentionally left 855 // uninitialized. Proven code paths which access 'x' in 856 // an uninitialized state after this will still warn. 857 if (const Expr *Initializer = VD->getInit()) { 858 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 859 return false; 860 861 ContainsReference CR(S.Context, DRE); 862 CR.Visit(const_cast<Expr*>(Initializer)); 863 if (CR.doesContainReference()) { 864 S.Diag(DRE->getLocStart(), 865 diag::warn_uninit_self_reference_in_init) 866 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 867 return true; 868 } 869 } 870 871 DiagUninitUse(S, VD, Use, false); 872 } else { 873 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 874 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 875 S.Diag(BE->getLocStart(), 876 diag::warn_uninit_byref_blockvar_captured_by_block) 877 << VD->getDeclName(); 878 else 879 DiagUninitUse(S, VD, Use, true); 880 } 881 882 // Report where the variable was declared when the use wasn't within 883 // the initializer of that declaration & we didn't already suggest 884 // an initialization fixit. 885 if (!SuggestInitializationFixit(S, VD)) 886 S.Diag(VD->getLocStart(), diag::note_uninit_var_def) 887 << VD->getDeclName(); 888 889 return true; 890 } 891 892 namespace { 893 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 894 public: 895 FallthroughMapper(Sema &S) 896 : FoundSwitchStatements(false), 897 S(S) { 898 } 899 900 bool foundSwitchStatements() const { return FoundSwitchStatements; } 901 902 void markFallthroughVisited(const AttributedStmt *Stmt) { 903 bool Found = FallthroughStmts.erase(Stmt); 904 assert(Found); 905 (void)Found; 906 } 907 908 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 909 910 const AttrStmts &getFallthroughStmts() const { 911 return FallthroughStmts; 912 } 913 914 void fillReachableBlocks(CFG *Cfg) { 915 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 916 std::deque<const CFGBlock *> BlockQueue; 917 918 ReachableBlocks.insert(&Cfg->getEntry()); 919 BlockQueue.push_back(&Cfg->getEntry()); 920 // Mark all case blocks reachable to avoid problems with switching on 921 // constants, covered enums, etc. 922 // These blocks can contain fall-through annotations, and we don't want to 923 // issue a warn_fallthrough_attr_unreachable for them. 924 for (const auto *B : *Cfg) { 925 const Stmt *L = B->getLabel(); 926 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B)) 927 BlockQueue.push_back(B); 928 } 929 930 while (!BlockQueue.empty()) { 931 const CFGBlock *P = BlockQueue.front(); 932 BlockQueue.pop_front(); 933 for (CFGBlock::const_succ_iterator I = P->succ_begin(), 934 E = P->succ_end(); 935 I != E; ++I) { 936 if (*I && ReachableBlocks.insert(*I)) 937 BlockQueue.push_back(*I); 938 } 939 } 940 } 941 942 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt) { 943 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 944 945 int UnannotatedCnt = 0; 946 AnnotatedCnt = 0; 947 948 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 949 while (!BlockQueue.empty()) { 950 const CFGBlock *P = BlockQueue.front(); 951 BlockQueue.pop_front(); 952 if (!P) continue; 953 954 const Stmt *Term = P->getTerminator(); 955 if (Term && isa<SwitchStmt>(Term)) 956 continue; // Switch statement, good. 957 958 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 959 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 960 continue; // Previous case label has no statements, good. 961 962 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 963 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 964 continue; // Case label is preceded with a normal label, good. 965 966 if (!ReachableBlocks.count(P)) { 967 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(), 968 ElemEnd = P->rend(); 969 ElemIt != ElemEnd; ++ElemIt) { 970 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) { 971 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 972 S.Diag(AS->getLocStart(), 973 diag::warn_fallthrough_attr_unreachable); 974 markFallthroughVisited(AS); 975 ++AnnotatedCnt; 976 break; 977 } 978 // Don't care about other unreachable statements. 979 } 980 } 981 // If there are no unreachable statements, this may be a special 982 // case in CFG: 983 // case X: { 984 // A a; // A has a destructor. 985 // break; 986 // } 987 // // <<<< This place is represented by a 'hanging' CFG block. 988 // case Y: 989 continue; 990 } 991 992 const Stmt *LastStmt = getLastStmt(*P); 993 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 994 markFallthroughVisited(AS); 995 ++AnnotatedCnt; 996 continue; // Fallthrough annotation, good. 997 } 998 999 if (!LastStmt) { // This block contains no executable statements. 1000 // Traverse its predecessors. 1001 std::copy(P->pred_begin(), P->pred_end(), 1002 std::back_inserter(BlockQueue)); 1003 continue; 1004 } 1005 1006 ++UnannotatedCnt; 1007 } 1008 return !!UnannotatedCnt; 1009 } 1010 1011 // RecursiveASTVisitor setup. 1012 bool shouldWalkTypesOfTypeLocs() const { return false; } 1013 1014 bool VisitAttributedStmt(AttributedStmt *S) { 1015 if (asFallThroughAttr(S)) 1016 FallthroughStmts.insert(S); 1017 return true; 1018 } 1019 1020 bool VisitSwitchStmt(SwitchStmt *S) { 1021 FoundSwitchStatements = true; 1022 return true; 1023 } 1024 1025 // We don't want to traverse local type declarations. We analyze their 1026 // methods separately. 1027 bool TraverseDecl(Decl *D) { return true; } 1028 1029 // We analyze lambda bodies separately. Skip them here. 1030 bool TraverseLambdaBody(LambdaExpr *LE) { return true; } 1031 1032 private: 1033 1034 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1035 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1036 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1037 return AS; 1038 } 1039 return nullptr; 1040 } 1041 1042 static const Stmt *getLastStmt(const CFGBlock &B) { 1043 if (const Stmt *Term = B.getTerminator()) 1044 return Term; 1045 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(), 1046 ElemEnd = B.rend(); 1047 ElemIt != ElemEnd; ++ElemIt) { 1048 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) 1049 return CS->getStmt(); 1050 } 1051 // Workaround to detect a statement thrown out by CFGBuilder: 1052 // case X: {} case Y: 1053 // case X: ; case Y: 1054 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1055 if (!isa<SwitchCase>(SW->getSubStmt())) 1056 return SW->getSubStmt(); 1057 1058 return nullptr; 1059 } 1060 1061 bool FoundSwitchStatements; 1062 AttrStmts FallthroughStmts; 1063 Sema &S; 1064 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1065 }; 1066 } 1067 1068 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1069 bool PerFunction) { 1070 // Only perform this analysis when using C++11. There is no good workflow 1071 // for this warning when not using C++11. There is no good way to silence 1072 // the warning (no attribute is available) unless we are using C++11's support 1073 // for generalized attributes. Once could use pragmas to silence the warning, 1074 // but as a general solution that is gross and not in the spirit of this 1075 // warning. 1076 // 1077 // NOTE: This an intermediate solution. There are on-going discussions on 1078 // how to properly support this warning outside of C++11 with an annotation. 1079 if (!AC.getASTContext().getLangOpts().CPlusPlus11) 1080 return; 1081 1082 FallthroughMapper FM(S); 1083 FM.TraverseStmt(AC.getBody()); 1084 1085 if (!FM.foundSwitchStatements()) 1086 return; 1087 1088 if (PerFunction && FM.getFallthroughStmts().empty()) 1089 return; 1090 1091 CFG *Cfg = AC.getCFG(); 1092 1093 if (!Cfg) 1094 return; 1095 1096 FM.fillReachableBlocks(Cfg); 1097 1098 for (CFG::reverse_iterator I = Cfg->rbegin(), E = Cfg->rend(); I != E; ++I) { 1099 const CFGBlock *B = *I; 1100 const Stmt *Label = B->getLabel(); 1101 1102 if (!Label || !isa<SwitchCase>(Label)) 1103 continue; 1104 1105 int AnnotatedCnt; 1106 1107 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt)) 1108 continue; 1109 1110 S.Diag(Label->getLocStart(), 1111 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1112 : diag::warn_unannotated_fallthrough); 1113 1114 if (!AnnotatedCnt) { 1115 SourceLocation L = Label->getLocStart(); 1116 if (L.isMacroID()) 1117 continue; 1118 if (S.getLangOpts().CPlusPlus11) { 1119 const Stmt *Term = B->getTerminator(); 1120 // Skip empty cases. 1121 while (B->empty() && !Term && B->succ_size() == 1) { 1122 B = *B->succ_begin(); 1123 Term = B->getTerminator(); 1124 } 1125 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1126 Preprocessor &PP = S.getPreprocessor(); 1127 TokenValue Tokens[] = { 1128 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1129 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1130 tok::r_square, tok::r_square 1131 }; 1132 StringRef AnnotationSpelling = "[[clang::fallthrough]]"; 1133 StringRef MacroName = PP.getLastMacroWithSpelling(L, Tokens); 1134 if (!MacroName.empty()) 1135 AnnotationSpelling = MacroName; 1136 SmallString<64> TextToInsert(AnnotationSpelling); 1137 TextToInsert += "; "; 1138 S.Diag(L, diag::note_insert_fallthrough_fixit) << 1139 AnnotationSpelling << 1140 FixItHint::CreateInsertion(L, TextToInsert); 1141 } 1142 } 1143 S.Diag(L, diag::note_insert_break_fixit) << 1144 FixItHint::CreateInsertion(L, "break; "); 1145 } 1146 } 1147 1148 for (const auto *F : FM.getFallthroughStmts()) 1149 S.Diag(F->getLocStart(), diag::warn_fallthrough_attr_invalid_placement); 1150 } 1151 1152 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1153 const Stmt *S) { 1154 assert(S); 1155 1156 do { 1157 switch (S->getStmtClass()) { 1158 case Stmt::ForStmtClass: 1159 case Stmt::WhileStmtClass: 1160 case Stmt::CXXForRangeStmtClass: 1161 case Stmt::ObjCForCollectionStmtClass: 1162 return true; 1163 case Stmt::DoStmtClass: { 1164 const Expr *Cond = cast<DoStmt>(S)->getCond(); 1165 llvm::APSInt Val; 1166 if (!Cond->EvaluateAsInt(Val, Ctx)) 1167 return true; 1168 return Val.getBoolValue(); 1169 } 1170 default: 1171 break; 1172 } 1173 } while ((S = PM.getParent(S))); 1174 1175 return false; 1176 } 1177 1178 1179 static void diagnoseRepeatedUseOfWeak(Sema &S, 1180 const sema::FunctionScopeInfo *CurFn, 1181 const Decl *D, 1182 const ParentMap &PM) { 1183 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1184 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1185 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1186 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1187 StmtUsesPair; 1188 1189 ASTContext &Ctx = S.getASTContext(); 1190 1191 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1192 1193 // Extract all weak objects that are referenced more than once. 1194 SmallVector<StmtUsesPair, 8> UsesByStmt; 1195 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1196 I != E; ++I) { 1197 const WeakUseVector &Uses = I->second; 1198 1199 // Find the first read of the weak object. 1200 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1201 for ( ; UI != UE; ++UI) { 1202 if (UI->isUnsafe()) 1203 break; 1204 } 1205 1206 // If there were only writes to this object, don't warn. 1207 if (UI == UE) 1208 continue; 1209 1210 // If there was only one read, followed by any number of writes, and the 1211 // read is not within a loop, don't warn. Additionally, don't warn in a 1212 // loop if the base object is a local variable -- local variables are often 1213 // changed in loops. 1214 if (UI == Uses.begin()) { 1215 WeakUseVector::const_iterator UI2 = UI; 1216 for (++UI2; UI2 != UE; ++UI2) 1217 if (UI2->isUnsafe()) 1218 break; 1219 1220 if (UI2 == UE) { 1221 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1222 continue; 1223 1224 const WeakObjectProfileTy &Profile = I->first; 1225 if (!Profile.isExactProfile()) 1226 continue; 1227 1228 const NamedDecl *Base = Profile.getBase(); 1229 if (!Base) 1230 Base = Profile.getProperty(); 1231 assert(Base && "A profile always has a base or property."); 1232 1233 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1234 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1235 continue; 1236 } 1237 } 1238 1239 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1240 } 1241 1242 if (UsesByStmt.empty()) 1243 return; 1244 1245 // Sort by first use so that we emit the warnings in a deterministic order. 1246 SourceManager &SM = S.getSourceManager(); 1247 std::sort(UsesByStmt.begin(), UsesByStmt.end(), 1248 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1249 return SM.isBeforeInTranslationUnit(LHS.first->getLocStart(), 1250 RHS.first->getLocStart()); 1251 }); 1252 1253 // Classify the current code body for better warning text. 1254 // This enum should stay in sync with the cases in 1255 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1256 // FIXME: Should we use a common classification enum and the same set of 1257 // possibilities all throughout Sema? 1258 enum { 1259 Function, 1260 Method, 1261 Block, 1262 Lambda 1263 } FunctionKind; 1264 1265 if (isa<sema::BlockScopeInfo>(CurFn)) 1266 FunctionKind = Block; 1267 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1268 FunctionKind = Lambda; 1269 else if (isa<ObjCMethodDecl>(D)) 1270 FunctionKind = Method; 1271 else 1272 FunctionKind = Function; 1273 1274 // Iterate through the sorted problems and emit warnings for each. 1275 for (const auto &P : UsesByStmt) { 1276 const Stmt *FirstRead = P.first; 1277 const WeakObjectProfileTy &Key = P.second->first; 1278 const WeakUseVector &Uses = P.second->second; 1279 1280 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1281 // may not contain enough information to determine that these are different 1282 // properties. We can only be 100% sure of a repeated use in certain cases, 1283 // and we adjust the diagnostic kind accordingly so that the less certain 1284 // case can be turned off if it is too noisy. 1285 unsigned DiagKind; 1286 if (Key.isExactProfile()) 1287 DiagKind = diag::warn_arc_repeated_use_of_weak; 1288 else 1289 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1290 1291 // Classify the weak object being accessed for better warning text. 1292 // This enum should stay in sync with the cases in 1293 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1294 enum { 1295 Variable, 1296 Property, 1297 ImplicitProperty, 1298 Ivar 1299 } ObjectKind; 1300 1301 const NamedDecl *D = Key.getProperty(); 1302 if (isa<VarDecl>(D)) 1303 ObjectKind = Variable; 1304 else if (isa<ObjCPropertyDecl>(D)) 1305 ObjectKind = Property; 1306 else if (isa<ObjCMethodDecl>(D)) 1307 ObjectKind = ImplicitProperty; 1308 else if (isa<ObjCIvarDecl>(D)) 1309 ObjectKind = Ivar; 1310 else 1311 llvm_unreachable("Unexpected weak object kind!"); 1312 1313 // Show the first time the object was read. 1314 S.Diag(FirstRead->getLocStart(), DiagKind) 1315 << int(ObjectKind) << D << int(FunctionKind) 1316 << FirstRead->getSourceRange(); 1317 1318 // Print all the other accesses as notes. 1319 for (const auto &Use : Uses) { 1320 if (Use.getUseExpr() == FirstRead) 1321 continue; 1322 S.Diag(Use.getUseExpr()->getLocStart(), 1323 diag::note_arc_weak_also_accessed_here) 1324 << Use.getUseExpr()->getSourceRange(); 1325 } 1326 } 1327 } 1328 1329 namespace { 1330 class UninitValsDiagReporter : public UninitVariablesHandler { 1331 Sema &S; 1332 typedef SmallVector<UninitUse, 2> UsesVec; 1333 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1334 // Prefer using MapVector to DenseMap, so that iteration order will be 1335 // the same as insertion order. This is needed to obtain a deterministic 1336 // order of diagnostics when calling flushDiagnostics(). 1337 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1338 UsesMap *uses; 1339 1340 public: 1341 UninitValsDiagReporter(Sema &S) : S(S), uses(nullptr) {} 1342 ~UninitValsDiagReporter() { 1343 flushDiagnostics(); 1344 } 1345 1346 MappedType &getUses(const VarDecl *vd) { 1347 if (!uses) 1348 uses = new UsesMap(); 1349 1350 MappedType &V = (*uses)[vd]; 1351 if (!V.getPointer()) 1352 V.setPointer(new UsesVec()); 1353 1354 return V; 1355 } 1356 1357 void handleUseOfUninitVariable(const VarDecl *vd, 1358 const UninitUse &use) override { 1359 getUses(vd).getPointer()->push_back(use); 1360 } 1361 1362 void handleSelfInit(const VarDecl *vd) override { 1363 getUses(vd).setInt(true); 1364 } 1365 1366 void flushDiagnostics() { 1367 if (!uses) 1368 return; 1369 1370 for (const auto &P : *uses) { 1371 const VarDecl *vd = P.first; 1372 const MappedType &V = P.second; 1373 1374 UsesVec *vec = V.getPointer(); 1375 bool hasSelfInit = V.getInt(); 1376 1377 // Specially handle the case where we have uses of an uninitialized 1378 // variable, but the root cause is an idiomatic self-init. We want 1379 // to report the diagnostic at the self-init since that is the root cause. 1380 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1381 DiagnoseUninitializedUse(S, vd, 1382 UninitUse(vd->getInit()->IgnoreParenCasts(), 1383 /* isAlwaysUninit */ true), 1384 /* alwaysReportSelfInit */ true); 1385 else { 1386 // Sort the uses by their SourceLocations. While not strictly 1387 // guaranteed to produce them in line/column order, this will provide 1388 // a stable ordering. 1389 std::sort(vec->begin(), vec->end(), 1390 [](const UninitUse &a, const UninitUse &b) { 1391 // Prefer a more confident report over a less confident one. 1392 if (a.getKind() != b.getKind()) 1393 return a.getKind() > b.getKind(); 1394 return a.getUser()->getLocStart() < b.getUser()->getLocStart(); 1395 }); 1396 1397 for (const auto &U : *vec) { 1398 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1399 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1400 1401 if (DiagnoseUninitializedUse(S, vd, Use)) 1402 // Skip further diagnostics for this variable. We try to warn only 1403 // on the first point at which a variable is used uninitialized. 1404 break; 1405 } 1406 } 1407 1408 // Release the uses vector. 1409 delete vec; 1410 } 1411 delete uses; 1412 } 1413 1414 private: 1415 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1416 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) { 1417 return U.getKind() == UninitUse::Always || 1418 U.getKind() == UninitUse::AfterCall || 1419 U.getKind() == UninitUse::AfterDecl; 1420 }); 1421 } 1422 }; 1423 } 1424 1425 namespace clang { 1426 namespace { 1427 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1428 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1429 typedef std::list<DelayedDiag> DiagList; 1430 1431 struct SortDiagBySourceLocation { 1432 SourceManager &SM; 1433 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1434 1435 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1436 // Although this call will be slow, this is only called when outputting 1437 // multiple warnings. 1438 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1439 } 1440 }; 1441 }} 1442 1443 //===----------------------------------------------------------------------===// 1444 // -Wthread-safety 1445 //===----------------------------------------------------------------------===// 1446 namespace clang { 1447 namespace threadSafety { 1448 1449 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1450 Sema &S; 1451 DiagList Warnings; 1452 SourceLocation FunLocation, FunEndLocation; 1453 1454 const FunctionDecl *CurrentFunction; 1455 bool Verbose; 1456 1457 OptionalNotes getNotes() const { 1458 if (Verbose && CurrentFunction) { 1459 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1460 S.PDiag(diag::note_thread_warning_in_fun) 1461 << CurrentFunction->getNameAsString()); 1462 return OptionalNotes(1, FNote); 1463 } 1464 return OptionalNotes(); 1465 } 1466 1467 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1468 OptionalNotes ONS(1, Note); 1469 if (Verbose && CurrentFunction) { 1470 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1471 S.PDiag(diag::note_thread_warning_in_fun) 1472 << CurrentFunction->getNameAsString()); 1473 ONS.push_back(FNote); 1474 } 1475 return ONS; 1476 } 1477 1478 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1479 const PartialDiagnosticAt &Note2) const { 1480 OptionalNotes ONS; 1481 ONS.push_back(Note1); 1482 ONS.push_back(Note2); 1483 if (Verbose && CurrentFunction) { 1484 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1485 S.PDiag(diag::note_thread_warning_in_fun) 1486 << CurrentFunction->getNameAsString()); 1487 ONS.push_back(FNote); 1488 } 1489 return ONS; 1490 } 1491 1492 // Helper functions 1493 void warnLockMismatch(unsigned DiagID, StringRef Kind, Name LockName, 1494 SourceLocation Loc) { 1495 // Gracefully handle rare cases when the analysis can't get a more 1496 // precise source location. 1497 if (!Loc.isValid()) 1498 Loc = FunLocation; 1499 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind << LockName); 1500 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1501 } 1502 1503 public: 1504 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1505 : S(S), FunLocation(FL), FunEndLocation(FEL), 1506 CurrentFunction(nullptr), Verbose(false) {} 1507 1508 void setVerbose(bool b) { Verbose = b; } 1509 1510 /// \brief Emit all buffered diagnostics in order of sourcelocation. 1511 /// We need to output diagnostics produced while iterating through 1512 /// the lockset in deterministic order, so this function orders diagnostics 1513 /// and outputs them. 1514 void emitDiagnostics() { 1515 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1516 for (const auto &Diag : Warnings) { 1517 S.Diag(Diag.first.first, Diag.first.second); 1518 for (const auto &Note : Diag.second) 1519 S.Diag(Note.first, Note.second); 1520 } 1521 } 1522 1523 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override { 1524 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1525 << Loc); 1526 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1527 } 1528 1529 void handleUnmatchedUnlock(StringRef Kind, Name LockName, 1530 SourceLocation Loc) override { 1531 warnLockMismatch(diag::warn_unlock_but_no_lock, Kind, LockName, Loc); 1532 } 1533 1534 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1535 LockKind Expected, LockKind Received, 1536 SourceLocation Loc) override { 1537 if (Loc.isInvalid()) 1538 Loc = FunLocation; 1539 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_kind_mismatch) 1540 << Kind << LockName << Received 1541 << Expected); 1542 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1543 } 1544 1545 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc) override { 1546 warnLockMismatch(diag::warn_double_lock, Kind, LockName, Loc); 1547 } 1548 1549 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1550 SourceLocation LocLocked, 1551 SourceLocation LocEndOfScope, 1552 LockErrorKind LEK) override { 1553 unsigned DiagID = 0; 1554 switch (LEK) { 1555 case LEK_LockedSomePredecessors: 1556 DiagID = diag::warn_lock_some_predecessors; 1557 break; 1558 case LEK_LockedSomeLoopIterations: 1559 DiagID = diag::warn_expecting_lock_held_on_loop; 1560 break; 1561 case LEK_LockedAtEndOfFunction: 1562 DiagID = diag::warn_no_unlock; 1563 break; 1564 case LEK_NotLockedAtEndOfFunction: 1565 DiagID = diag::warn_expecting_locked; 1566 break; 1567 } 1568 if (LocEndOfScope.isInvalid()) 1569 LocEndOfScope = FunEndLocation; 1570 1571 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1572 << LockName); 1573 if (LocLocked.isValid()) { 1574 PartialDiagnosticAt Note(LocLocked, S.PDiag(diag::note_locked_here) 1575 << Kind); 1576 Warnings.push_back(DelayedDiag(Warning, getNotes(Note))); 1577 return; 1578 } 1579 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1580 } 1581 1582 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1583 SourceLocation Loc1, 1584 SourceLocation Loc2) override { 1585 PartialDiagnosticAt Warning(Loc1, 1586 S.PDiag(diag::warn_lock_exclusive_and_shared) 1587 << Kind << LockName); 1588 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1589 << Kind << LockName); 1590 Warnings.push_back(DelayedDiag(Warning, getNotes(Note))); 1591 } 1592 1593 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D, 1594 ProtectedOperationKind POK, AccessKind AK, 1595 SourceLocation Loc) override { 1596 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1597 "Only works for variables"); 1598 unsigned DiagID = POK == POK_VarAccess? 1599 diag::warn_variable_requires_any_lock: 1600 diag::warn_var_deref_requires_any_lock; 1601 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1602 << D->getNameAsString() << getLockKindFromAccessKind(AK)); 1603 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1604 } 1605 1606 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1607 ProtectedOperationKind POK, Name LockName, 1608 LockKind LK, SourceLocation Loc, 1609 Name *PossibleMatch) override { 1610 unsigned DiagID = 0; 1611 if (PossibleMatch) { 1612 switch (POK) { 1613 case POK_VarAccess: 1614 DiagID = diag::warn_variable_requires_lock_precise; 1615 break; 1616 case POK_VarDereference: 1617 DiagID = diag::warn_var_deref_requires_lock_precise; 1618 break; 1619 case POK_FunctionCall: 1620 DiagID = diag::warn_fun_requires_lock_precise; 1621 break; 1622 case POK_PassByRef: 1623 DiagID = diag::warn_guarded_pass_by_reference; 1624 break; 1625 case POK_PtPassByRef: 1626 DiagID = diag::warn_pt_guarded_pass_by_reference; 1627 break; 1628 } 1629 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1630 << D->getNameAsString() 1631 << LockName << LK); 1632 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1633 << *PossibleMatch); 1634 if (Verbose && POK == POK_VarAccess) { 1635 PartialDiagnosticAt VNote(D->getLocation(), 1636 S.PDiag(diag::note_guarded_by_declared_here) 1637 << D->getNameAsString()); 1638 Warnings.push_back(DelayedDiag(Warning, getNotes(Note, VNote))); 1639 } else 1640 Warnings.push_back(DelayedDiag(Warning, getNotes(Note))); 1641 } else { 1642 switch (POK) { 1643 case POK_VarAccess: 1644 DiagID = diag::warn_variable_requires_lock; 1645 break; 1646 case POK_VarDereference: 1647 DiagID = diag::warn_var_deref_requires_lock; 1648 break; 1649 case POK_FunctionCall: 1650 DiagID = diag::warn_fun_requires_lock; 1651 break; 1652 case POK_PassByRef: 1653 DiagID = diag::warn_guarded_pass_by_reference; 1654 break; 1655 case POK_PtPassByRef: 1656 DiagID = diag::warn_pt_guarded_pass_by_reference; 1657 break; 1658 } 1659 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1660 << D->getNameAsString() 1661 << LockName << LK); 1662 if (Verbose && POK == POK_VarAccess) { 1663 PartialDiagnosticAt Note(D->getLocation(), 1664 S.PDiag(diag::note_guarded_by_declared_here) 1665 << D->getNameAsString()); 1666 Warnings.push_back(DelayedDiag(Warning, getNotes(Note))); 1667 } else 1668 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1669 } 1670 } 1671 1672 1673 virtual void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 1674 SourceLocation Loc) override { 1675 PartialDiagnosticAt Warning(Loc, 1676 S.PDiag(diag::warn_acquire_requires_negative_cap) 1677 << Kind << LockName << Neg); 1678 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1679 } 1680 1681 1682 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 1683 SourceLocation Loc) override { 1684 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 1685 << Kind << FunName << LockName); 1686 Warnings.push_back(DelayedDiag(Warning, getNotes())); 1687 } 1688 1689 void enterFunction(const FunctionDecl* FD) override { 1690 CurrentFunction = FD; 1691 } 1692 1693 void leaveFunction(const FunctionDecl* FD) override { 1694 CurrentFunction = 0; 1695 } 1696 }; 1697 1698 } 1699 } 1700 1701 //===----------------------------------------------------------------------===// 1702 // -Wconsumed 1703 //===----------------------------------------------------------------------===// 1704 1705 namespace clang { 1706 namespace consumed { 1707 namespace { 1708 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 1709 1710 Sema &S; 1711 DiagList Warnings; 1712 1713 public: 1714 1715 ConsumedWarningsHandler(Sema &S) : S(S) {} 1716 1717 void emitDiagnostics() override { 1718 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1719 for (const auto &Diag : Warnings) { 1720 S.Diag(Diag.first.first, Diag.first.second); 1721 for (const auto &Note : Diag.second) 1722 S.Diag(Note.first, Note.second); 1723 } 1724 } 1725 1726 void warnLoopStateMismatch(SourceLocation Loc, 1727 StringRef VariableName) override { 1728 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 1729 VariableName); 1730 1731 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1732 } 1733 1734 void warnParamReturnTypestateMismatch(SourceLocation Loc, 1735 StringRef VariableName, 1736 StringRef ExpectedState, 1737 StringRef ObservedState) override { 1738 1739 PartialDiagnosticAt Warning(Loc, S.PDiag( 1740 diag::warn_param_return_typestate_mismatch) << VariableName << 1741 ExpectedState << ObservedState); 1742 1743 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1744 } 1745 1746 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1747 StringRef ObservedState) override { 1748 1749 PartialDiagnosticAt Warning(Loc, S.PDiag( 1750 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 1751 1752 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1753 } 1754 1755 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 1756 StringRef TypeName) override { 1757 PartialDiagnosticAt Warning(Loc, S.PDiag( 1758 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 1759 1760 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1761 } 1762 1763 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1764 StringRef ObservedState) override { 1765 1766 PartialDiagnosticAt Warning(Loc, S.PDiag( 1767 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 1768 1769 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1770 } 1771 1772 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 1773 SourceLocation Loc) override { 1774 1775 PartialDiagnosticAt Warning(Loc, S.PDiag( 1776 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 1777 1778 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1779 } 1780 1781 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 1782 StringRef State, SourceLocation Loc) override { 1783 1784 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 1785 MethodName << VariableName << State); 1786 1787 Warnings.push_back(DelayedDiag(Warning, OptionalNotes())); 1788 } 1789 }; 1790 }}} 1791 1792 //===----------------------------------------------------------------------===// 1793 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 1794 // warnings on a function, method, or block. 1795 //===----------------------------------------------------------------------===// 1796 1797 clang::sema::AnalysisBasedWarnings::Policy::Policy() { 1798 enableCheckFallThrough = 1; 1799 enableCheckUnreachable = 0; 1800 enableThreadSafetyAnalysis = 0; 1801 enableConsumedAnalysis = 0; 1802 } 1803 1804 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 1805 return (unsigned)!D.isIgnored(diag, SourceLocation()); 1806 } 1807 1808 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 1809 : S(s), 1810 NumFunctionsAnalyzed(0), 1811 NumFunctionsWithBadCFGs(0), 1812 NumCFGBlocks(0), 1813 MaxCFGBlocksPerFunction(0), 1814 NumUninitAnalysisFunctions(0), 1815 NumUninitAnalysisVariables(0), 1816 MaxUninitAnalysisVariablesPerFunction(0), 1817 NumUninitAnalysisBlockVisits(0), 1818 MaxUninitAnalysisBlockVisitsPerFunction(0) { 1819 1820 using namespace diag; 1821 DiagnosticsEngine &D = S.getDiagnostics(); 1822 1823 DefaultPolicy.enableCheckUnreachable = 1824 isEnabled(D, warn_unreachable) || 1825 isEnabled(D, warn_unreachable_break) || 1826 isEnabled(D, warn_unreachable_return) || 1827 isEnabled(D, warn_unreachable_loop_increment); 1828 1829 DefaultPolicy.enableThreadSafetyAnalysis = 1830 isEnabled(D, warn_double_lock); 1831 1832 DefaultPolicy.enableConsumedAnalysis = 1833 isEnabled(D, warn_use_in_invalid_state); 1834 } 1835 1836 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 1837 for (const auto &D : fscope->PossiblyUnreachableDiags) 1838 S.Diag(D.Loc, D.PD); 1839 } 1840 1841 void clang::sema:: 1842 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P, 1843 sema::FunctionScopeInfo *fscope, 1844 const Decl *D, const BlockExpr *blkExpr) { 1845 1846 // We avoid doing analysis-based warnings when there are errors for 1847 // two reasons: 1848 // (1) The CFGs often can't be constructed (if the body is invalid), so 1849 // don't bother trying. 1850 // (2) The code already has problems; running the analysis just takes more 1851 // time. 1852 DiagnosticsEngine &Diags = S.getDiagnostics(); 1853 1854 // Do not do any analysis for declarations in system headers if we are 1855 // going to just ignore them. 1856 if (Diags.getSuppressSystemWarnings() && 1857 S.SourceMgr.isInSystemHeader(D->getLocation())) 1858 return; 1859 1860 // For code in dependent contexts, we'll do this at instantiation time. 1861 if (cast<DeclContext>(D)->isDependentContext()) 1862 return; 1863 1864 if (Diags.hasUncompilableErrorOccurred() || Diags.hasFatalErrorOccurred()) { 1865 // Flush out any possibly unreachable diagnostics. 1866 flushDiagnostics(S, fscope); 1867 return; 1868 } 1869 1870 const Stmt *Body = D->getBody(); 1871 assert(Body); 1872 1873 // Construct the analysis context with the specified CFG build options. 1874 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 1875 1876 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 1877 // explosion for destructors that can result and the compile time hit. 1878 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 1879 AC.getCFGBuildOptions().AddEHEdges = false; 1880 AC.getCFGBuildOptions().AddInitializers = true; 1881 AC.getCFGBuildOptions().AddImplicitDtors = true; 1882 AC.getCFGBuildOptions().AddTemporaryDtors = true; 1883 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 1884 1885 // Force that certain expressions appear as CFGElements in the CFG. This 1886 // is used to speed up various analyses. 1887 // FIXME: This isn't the right factoring. This is here for initial 1888 // prototyping, but we need a way for analyses to say what expressions they 1889 // expect to always be CFGElements and then fill in the BuildOptions 1890 // appropriately. This is essentially a layering violation. 1891 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 1892 P.enableConsumedAnalysis) { 1893 // Unreachable code analysis and thread safety require a linearized CFG. 1894 AC.getCFGBuildOptions().setAllAlwaysAdd(); 1895 } 1896 else { 1897 AC.getCFGBuildOptions() 1898 .setAlwaysAdd(Stmt::BinaryOperatorClass) 1899 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 1900 .setAlwaysAdd(Stmt::BlockExprClass) 1901 .setAlwaysAdd(Stmt::CStyleCastExprClass) 1902 .setAlwaysAdd(Stmt::DeclRefExprClass) 1903 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 1904 .setAlwaysAdd(Stmt::UnaryOperatorClass) 1905 .setAlwaysAdd(Stmt::AttributedStmtClass); 1906 } 1907 1908 // Install the logical handler for -Wtautological-overlap-compare 1909 std::unique_ptr<LogicalErrorHandler> LEH; 1910 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 1911 D->getLocStart())) { 1912 LEH.reset(new LogicalErrorHandler(S)); 1913 AC.getCFGBuildOptions().Observer = LEH.get(); 1914 } 1915 1916 // Emit delayed diagnostics. 1917 if (!fscope->PossiblyUnreachableDiags.empty()) { 1918 bool analyzed = false; 1919 1920 // Register the expressions with the CFGBuilder. 1921 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1922 if (D.stmt) 1923 AC.registerForcedBlockExpression(D.stmt); 1924 } 1925 1926 if (AC.getCFG()) { 1927 analyzed = true; 1928 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1929 bool processed = false; 1930 if (D.stmt) { 1931 const CFGBlock *block = AC.getBlockForRegisteredExpression(D.stmt); 1932 CFGReverseBlockReachabilityAnalysis *cra = 1933 AC.getCFGReachablityAnalysis(); 1934 // FIXME: We should be able to assert that block is non-null, but 1935 // the CFG analysis can skip potentially-evaluated expressions in 1936 // edge cases; see test/Sema/vla-2.c. 1937 if (block && cra) { 1938 // Can this block be reached from the entrance? 1939 if (cra->isReachable(&AC.getCFG()->getEntry(), block)) 1940 S.Diag(D.Loc, D.PD); 1941 processed = true; 1942 } 1943 } 1944 if (!processed) { 1945 // Emit the warning anyway if we cannot map to a basic block. 1946 S.Diag(D.Loc, D.PD); 1947 } 1948 } 1949 } 1950 1951 if (!analyzed) 1952 flushDiagnostics(S, fscope); 1953 } 1954 1955 1956 // Warning: check missing 'return' 1957 if (P.enableCheckFallThrough) { 1958 const CheckFallThroughDiagnostics &CD = 1959 (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock() 1960 : (isa<CXXMethodDecl>(D) && 1961 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 1962 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 1963 ? CheckFallThroughDiagnostics::MakeForLambda() 1964 : CheckFallThroughDiagnostics::MakeForFunction(D)); 1965 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC); 1966 } 1967 1968 // Warning: check for unreachable code 1969 if (P.enableCheckUnreachable) { 1970 // Only check for unreachable code on non-template instantiations. 1971 // Different template instantiations can effectively change the control-flow 1972 // and it is very difficult to prove that a snippet of code in a template 1973 // is unreachable for all instantiations. 1974 bool isTemplateInstantiation = false; 1975 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 1976 isTemplateInstantiation = Function->isTemplateInstantiation(); 1977 if (!isTemplateInstantiation) 1978 CheckUnreachable(S, AC); 1979 } 1980 1981 // Check for thread safety violations 1982 if (P.enableThreadSafetyAnalysis) { 1983 SourceLocation FL = AC.getDecl()->getLocation(); 1984 SourceLocation FEL = AC.getDecl()->getLocEnd(); 1985 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 1986 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getLocStart())) 1987 Reporter.setIssueBetaWarnings(true); 1988 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getLocStart())) 1989 Reporter.setVerbose(true); 1990 1991 threadSafety::runThreadSafetyAnalysis(AC, Reporter); 1992 Reporter.emitDiagnostics(); 1993 } 1994 1995 // Check for violations of consumed properties. 1996 if (P.enableConsumedAnalysis) { 1997 consumed::ConsumedWarningsHandler WarningHandler(S); 1998 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 1999 Analyzer.run(AC); 2000 } 2001 2002 if (!Diags.isIgnored(diag::warn_uninit_var, D->getLocStart()) || 2003 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getLocStart()) || 2004 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getLocStart())) { 2005 if (CFG *cfg = AC.getCFG()) { 2006 UninitValsDiagReporter reporter(S); 2007 UninitVariablesAnalysisStats stats; 2008 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2009 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2010 reporter, stats); 2011 2012 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2013 ++NumUninitAnalysisFunctions; 2014 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2015 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2016 MaxUninitAnalysisVariablesPerFunction = 2017 std::max(MaxUninitAnalysisVariablesPerFunction, 2018 stats.NumVariablesAnalyzed); 2019 MaxUninitAnalysisBlockVisitsPerFunction = 2020 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2021 stats.NumBlockVisits); 2022 } 2023 } 2024 } 2025 2026 bool FallThroughDiagFull = 2027 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getLocStart()); 2028 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2029 diag::warn_unannotated_fallthrough_per_function, D->getLocStart()); 2030 if (FallThroughDiagFull || FallThroughDiagPerFunction) { 2031 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2032 } 2033 2034 if (S.getLangOpts().ObjCARCWeak && 2035 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getLocStart())) 2036 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2037 2038 2039 // Check for infinite self-recursion in functions 2040 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2041 D->getLocStart())) { 2042 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2043 checkRecursiveFunction(S, FD, Body, AC); 2044 } 2045 } 2046 2047 // If none of the previous checks caused a CFG build, trigger one here 2048 // for -Wtautological-overlap-compare 2049 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 2050 D->getLocStart())) { 2051 AC.getCFG(); 2052 } 2053 2054 // Collect statistics about the CFG if it was built. 2055 if (S.CollectStats && AC.isCFGBuilt()) { 2056 ++NumFunctionsAnalyzed; 2057 if (CFG *cfg = AC.getCFG()) { 2058 // If we successfully built a CFG for this context, record some more 2059 // detail information about it. 2060 NumCFGBlocks += cfg->getNumBlockIDs(); 2061 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2062 cfg->getNumBlockIDs()); 2063 } else { 2064 ++NumFunctionsWithBadCFGs; 2065 } 2066 } 2067 } 2068 2069 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2070 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2071 2072 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2073 unsigned AvgCFGBlocksPerFunction = 2074 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2075 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2076 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2077 << " " << NumCFGBlocks << " CFG blocks built.\n" 2078 << " " << AvgCFGBlocksPerFunction 2079 << " average CFG blocks per function.\n" 2080 << " " << MaxCFGBlocksPerFunction 2081 << " max CFG blocks per function.\n"; 2082 2083 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2084 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2085 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2086 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2087 llvm::errs() << NumUninitAnalysisFunctions 2088 << " functions analyzed for uninitialiazed variables\n" 2089 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2090 << " " << AvgUninitVariablesPerFunction 2091 << " average variables per function.\n" 2092 << " " << MaxUninitAnalysisVariablesPerFunction 2093 << " max variables per function.\n" 2094 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2095 << " " << AvgUninitBlockVisitsPerFunction 2096 << " average block visits per function.\n" 2097 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2098 << " max block visits per function.\n"; 2099 } 2100