1 //===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file provides Sema routines for C++ access control semantics.
11 //
12 //===----------------------------------------------------------------------===//
13 
14 #include "clang/Sema/SemaInternal.h"
15 #include "clang/AST/ASTContext.h"
16 #include "clang/AST/CXXInheritance.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/DeclFriend.h"
19 #include "clang/AST/DeclObjC.h"
20 #include "clang/AST/DependentDiagnostic.h"
21 #include "clang/AST/ExprCXX.h"
22 #include "clang/Sema/DelayedDiagnostic.h"
23 #include "clang/Sema/Initialization.h"
24 #include "clang/Sema/Lookup.h"
25 
26 using namespace clang;
27 using namespace sema;
28 
29 /// A copy of Sema's enum without AR_delayed.
30 enum AccessResult {
31   AR_accessible,
32   AR_inaccessible,
33   AR_dependent
34 };
35 
36 /// SetMemberAccessSpecifier - Set the access specifier of a member.
37 /// Returns true on error (when the previous member decl access specifier
38 /// is different from the new member decl access specifier).
39 bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
40                                     NamedDecl *PrevMemberDecl,
41                                     AccessSpecifier LexicalAS) {
42   if (!PrevMemberDecl) {
43     // Use the lexical access specifier.
44     MemberDecl->setAccess(LexicalAS);
45     return false;
46   }
47 
48   // C++ [class.access.spec]p3: When a member is redeclared its access
49   // specifier must be same as its initial declaration.
50   if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) {
51     Diag(MemberDecl->getLocation(),
52          diag::err_class_redeclared_with_different_access)
53       << MemberDecl << LexicalAS;
54     Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
55       << PrevMemberDecl << PrevMemberDecl->getAccess();
56 
57     MemberDecl->setAccess(LexicalAS);
58     return true;
59   }
60 
61   MemberDecl->setAccess(PrevMemberDecl->getAccess());
62   return false;
63 }
64 
65 static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) {
66   DeclContext *DC = D->getDeclContext();
67 
68   // This can only happen at top: enum decls only "publish" their
69   // immediate members.
70   if (isa<EnumDecl>(DC))
71     DC = cast<EnumDecl>(DC)->getDeclContext();
72 
73   CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC);
74   while (DeclaringClass->isAnonymousStructOrUnion())
75     DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext());
76   return DeclaringClass;
77 }
78 
79 namespace {
80 struct EffectiveContext {
81   EffectiveContext() : Inner(0), Dependent(false) {}
82 
83   explicit EffectiveContext(DeclContext *DC)
84     : Inner(DC),
85       Dependent(DC->isDependentContext()) {
86 
87     // C++11 [class.access.nest]p1:
88     //   A nested class is a member and as such has the same access
89     //   rights as any other member.
90     // C++11 [class.access]p2:
91     //   A member of a class can also access all the names to which
92     //   the class has access.  A local class of a member function
93     //   may access the same names that the member function itself
94     //   may access.
95     // This almost implies that the privileges of nesting are transitive.
96     // Technically it says nothing about the local classes of non-member
97     // functions (which can gain privileges through friendship), but we
98     // take that as an oversight.
99     while (true) {
100       // We want to add canonical declarations to the EC lists for
101       // simplicity of checking, but we need to walk up through the
102       // actual current DC chain.  Otherwise, something like a local
103       // extern or friend which happens to be the canonical
104       // declaration will really mess us up.
105 
106       if (isa<CXXRecordDecl>(DC)) {
107         CXXRecordDecl *Record = cast<CXXRecordDecl>(DC);
108         Records.push_back(Record->getCanonicalDecl());
109         DC = Record->getDeclContext();
110       } else if (isa<FunctionDecl>(DC)) {
111         FunctionDecl *Function = cast<FunctionDecl>(DC);
112         Functions.push_back(Function->getCanonicalDecl());
113         if (Function->getFriendObjectKind())
114           DC = Function->getLexicalDeclContext();
115         else
116           DC = Function->getDeclContext();
117       } else if (DC->isFileContext()) {
118         break;
119       } else {
120         DC = DC->getParent();
121       }
122     }
123   }
124 
125   bool isDependent() const { return Dependent; }
126 
127   bool includesClass(const CXXRecordDecl *R) const {
128     R = R->getCanonicalDecl();
129     return std::find(Records.begin(), Records.end(), R)
130              != Records.end();
131   }
132 
133   /// Retrieves the innermost "useful" context.  Can be null if we're
134   /// doing access-control without privileges.
135   DeclContext *getInnerContext() const {
136     return Inner;
137   }
138 
139   typedef SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator;
140 
141   DeclContext *Inner;
142   SmallVector<FunctionDecl*, 4> Functions;
143   SmallVector<CXXRecordDecl*, 4> Records;
144   bool Dependent;
145 };
146 
147 /// Like sema::AccessedEntity, but kindly lets us scribble all over
148 /// it.
149 struct AccessTarget : public AccessedEntity {
150   AccessTarget(const AccessedEntity &Entity)
151     : AccessedEntity(Entity) {
152     initialize();
153   }
154 
155   AccessTarget(ASTContext &Context,
156                MemberNonce _,
157                CXXRecordDecl *NamingClass,
158                DeclAccessPair FoundDecl,
159                QualType BaseObjectType)
160     : AccessedEntity(Context.getDiagAllocator(), Member, NamingClass,
161                      FoundDecl, BaseObjectType) {
162     initialize();
163   }
164 
165   AccessTarget(ASTContext &Context,
166                BaseNonce _,
167                CXXRecordDecl *BaseClass,
168                CXXRecordDecl *DerivedClass,
169                AccessSpecifier Access)
170     : AccessedEntity(Context.getDiagAllocator(), Base, BaseClass, DerivedClass,
171                      Access) {
172     initialize();
173   }
174 
175   bool isInstanceMember() const {
176     return (isMemberAccess() && getTargetDecl()->isCXXInstanceMember());
177   }
178 
179   bool hasInstanceContext() const {
180     return HasInstanceContext;
181   }
182 
183   class SavedInstanceContext {
184   public:
185     ~SavedInstanceContext() {
186       Target.HasInstanceContext = Has;
187     }
188 
189   private:
190     friend struct AccessTarget;
191     explicit SavedInstanceContext(AccessTarget &Target)
192       : Target(Target), Has(Target.HasInstanceContext) {}
193     AccessTarget &Target;
194     bool Has;
195   };
196 
197   SavedInstanceContext saveInstanceContext() {
198     return SavedInstanceContext(*this);
199   }
200 
201   void suppressInstanceContext() {
202     HasInstanceContext = false;
203   }
204 
205   const CXXRecordDecl *resolveInstanceContext(Sema &S) const {
206     assert(HasInstanceContext);
207     if (CalculatedInstanceContext)
208       return InstanceContext;
209 
210     CalculatedInstanceContext = true;
211     DeclContext *IC = S.computeDeclContext(getBaseObjectType());
212     InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl() : 0);
213     return InstanceContext;
214   }
215 
216   const CXXRecordDecl *getDeclaringClass() const {
217     return DeclaringClass;
218   }
219 
220   /// The "effective" naming class is the canonical non-anonymous
221   /// class containing the actual naming class.
222   const CXXRecordDecl *getEffectiveNamingClass() const {
223     const CXXRecordDecl *namingClass = getNamingClass();
224     while (namingClass->isAnonymousStructOrUnion())
225       namingClass = cast<CXXRecordDecl>(namingClass->getParent());
226     return namingClass->getCanonicalDecl();
227   }
228 
229 private:
230   void initialize() {
231     HasInstanceContext = (isMemberAccess() &&
232                           !getBaseObjectType().isNull() &&
233                           getTargetDecl()->isCXXInstanceMember());
234     CalculatedInstanceContext = false;
235     InstanceContext = 0;
236 
237     if (isMemberAccess())
238       DeclaringClass = FindDeclaringClass(getTargetDecl());
239     else
240       DeclaringClass = getBaseClass();
241     DeclaringClass = DeclaringClass->getCanonicalDecl();
242   }
243 
244   bool HasInstanceContext : 1;
245   mutable bool CalculatedInstanceContext : 1;
246   mutable const CXXRecordDecl *InstanceContext;
247   const CXXRecordDecl *DeclaringClass;
248 };
249 
250 }
251 
252 /// Checks whether one class might instantiate to the other.
253 static bool MightInstantiateTo(const CXXRecordDecl *From,
254                                const CXXRecordDecl *To) {
255   // Declaration names are always preserved by instantiation.
256   if (From->getDeclName() != To->getDeclName())
257     return false;
258 
259   const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext();
260   const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext();
261   if (FromDC == ToDC) return true;
262   if (FromDC->isFileContext() || ToDC->isFileContext()) return false;
263 
264   // Be conservative.
265   return true;
266 }
267 
268 /// Checks whether one class is derived from another, inclusively.
269 /// Properly indicates when it couldn't be determined due to
270 /// dependence.
271 ///
272 /// This should probably be donated to AST or at least Sema.
273 static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived,
274                                            const CXXRecordDecl *Target) {
275   assert(Derived->getCanonicalDecl() == Derived);
276   assert(Target->getCanonicalDecl() == Target);
277 
278   if (Derived == Target) return AR_accessible;
279 
280   bool CheckDependent = Derived->isDependentContext();
281   if (CheckDependent && MightInstantiateTo(Derived, Target))
282     return AR_dependent;
283 
284   AccessResult OnFailure = AR_inaccessible;
285   SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack
286 
287   while (true) {
288     if (Derived->isDependentContext() && !Derived->hasDefinition())
289       return AR_dependent;
290 
291     for (const auto &I : Derived->bases()) {
292       const CXXRecordDecl *RD;
293 
294       QualType T = I.getType();
295       if (const RecordType *RT = T->getAs<RecordType>()) {
296         RD = cast<CXXRecordDecl>(RT->getDecl());
297       } else if (const InjectedClassNameType *IT
298                    = T->getAs<InjectedClassNameType>()) {
299         RD = IT->getDecl();
300       } else {
301         assert(T->isDependentType() && "non-dependent base wasn't a record?");
302         OnFailure = AR_dependent;
303         continue;
304       }
305 
306       RD = RD->getCanonicalDecl();
307       if (RD == Target) return AR_accessible;
308       if (CheckDependent && MightInstantiateTo(RD, Target))
309         OnFailure = AR_dependent;
310 
311       Queue.push_back(RD);
312     }
313 
314     if (Queue.empty()) break;
315 
316     Derived = Queue.pop_back_val();
317   }
318 
319   return OnFailure;
320 }
321 
322 
323 static bool MightInstantiateTo(Sema &S, DeclContext *Context,
324                                DeclContext *Friend) {
325   if (Friend == Context)
326     return true;
327 
328   assert(!Friend->isDependentContext() &&
329          "can't handle friends with dependent contexts here");
330 
331   if (!Context->isDependentContext())
332     return false;
333 
334   if (Friend->isFileContext())
335     return false;
336 
337   // TODO: this is very conservative
338   return true;
339 }
340 
341 // Asks whether the type in 'context' can ever instantiate to the type
342 // in 'friend'.
343 static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) {
344   if (Friend == Context)
345     return true;
346 
347   if (!Friend->isDependentType() && !Context->isDependentType())
348     return false;
349 
350   // TODO: this is very conservative.
351   return true;
352 }
353 
354 static bool MightInstantiateTo(Sema &S,
355                                FunctionDecl *Context,
356                                FunctionDecl *Friend) {
357   if (Context->getDeclName() != Friend->getDeclName())
358     return false;
359 
360   if (!MightInstantiateTo(S,
361                           Context->getDeclContext(),
362                           Friend->getDeclContext()))
363     return false;
364 
365   CanQual<FunctionProtoType> FriendTy
366     = S.Context.getCanonicalType(Friend->getType())
367          ->getAs<FunctionProtoType>();
368   CanQual<FunctionProtoType> ContextTy
369     = S.Context.getCanonicalType(Context->getType())
370          ->getAs<FunctionProtoType>();
371 
372   // There isn't any way that I know of to add qualifiers
373   // during instantiation.
374   if (FriendTy.getQualifiers() != ContextTy.getQualifiers())
375     return false;
376 
377   if (FriendTy->getNumParams() != ContextTy->getNumParams())
378     return false;
379 
380   if (!MightInstantiateTo(S, ContextTy->getReturnType(),
381                           FriendTy->getReturnType()))
382     return false;
383 
384   for (unsigned I = 0, E = FriendTy->getNumParams(); I != E; ++I)
385     if (!MightInstantiateTo(S, ContextTy->getParamType(I),
386                             FriendTy->getParamType(I)))
387       return false;
388 
389   return true;
390 }
391 
392 static bool MightInstantiateTo(Sema &S,
393                                FunctionTemplateDecl *Context,
394                                FunctionTemplateDecl *Friend) {
395   return MightInstantiateTo(S,
396                             Context->getTemplatedDecl(),
397                             Friend->getTemplatedDecl());
398 }
399 
400 static AccessResult MatchesFriend(Sema &S,
401                                   const EffectiveContext &EC,
402                                   const CXXRecordDecl *Friend) {
403   if (EC.includesClass(Friend))
404     return AR_accessible;
405 
406   if (EC.isDependent()) {
407     CanQualType FriendTy
408       = S.Context.getCanonicalType(S.Context.getTypeDeclType(Friend));
409 
410     for (EffectiveContext::record_iterator
411            I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
412       CanQualType ContextTy
413         = S.Context.getCanonicalType(S.Context.getTypeDeclType(*I));
414       if (MightInstantiateTo(S, ContextTy, FriendTy))
415         return AR_dependent;
416     }
417   }
418 
419   return AR_inaccessible;
420 }
421 
422 static AccessResult MatchesFriend(Sema &S,
423                                   const EffectiveContext &EC,
424                                   CanQualType Friend) {
425   if (const RecordType *RT = Friend->getAs<RecordType>())
426     return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl()));
427 
428   // TODO: we can do better than this
429   if (Friend->isDependentType())
430     return AR_dependent;
431 
432   return AR_inaccessible;
433 }
434 
435 /// Determines whether the given friend class template matches
436 /// anything in the effective context.
437 static AccessResult MatchesFriend(Sema &S,
438                                   const EffectiveContext &EC,
439                                   ClassTemplateDecl *Friend) {
440   AccessResult OnFailure = AR_inaccessible;
441 
442   // Check whether the friend is the template of a class in the
443   // context chain.
444   for (SmallVectorImpl<CXXRecordDecl*>::const_iterator
445          I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
446     CXXRecordDecl *Record = *I;
447 
448     // Figure out whether the current class has a template:
449     ClassTemplateDecl *CTD;
450 
451     // A specialization of the template...
452     if (isa<ClassTemplateSpecializationDecl>(Record)) {
453       CTD = cast<ClassTemplateSpecializationDecl>(Record)
454         ->getSpecializedTemplate();
455 
456     // ... or the template pattern itself.
457     } else {
458       CTD = Record->getDescribedClassTemplate();
459       if (!CTD) continue;
460     }
461 
462     // It's a match.
463     if (Friend == CTD->getCanonicalDecl())
464       return AR_accessible;
465 
466     // If the context isn't dependent, it can't be a dependent match.
467     if (!EC.isDependent())
468       continue;
469 
470     // If the template names don't match, it can't be a dependent
471     // match.
472     if (CTD->getDeclName() != Friend->getDeclName())
473       continue;
474 
475     // If the class's context can't instantiate to the friend's
476     // context, it can't be a dependent match.
477     if (!MightInstantiateTo(S, CTD->getDeclContext(),
478                             Friend->getDeclContext()))
479       continue;
480 
481     // Otherwise, it's a dependent match.
482     OnFailure = AR_dependent;
483   }
484 
485   return OnFailure;
486 }
487 
488 /// Determines whether the given friend function matches anything in
489 /// the effective context.
490 static AccessResult MatchesFriend(Sema &S,
491                                   const EffectiveContext &EC,
492                                   FunctionDecl *Friend) {
493   AccessResult OnFailure = AR_inaccessible;
494 
495   for (SmallVectorImpl<FunctionDecl*>::const_iterator
496          I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
497     if (Friend == *I)
498       return AR_accessible;
499 
500     if (EC.isDependent() && MightInstantiateTo(S, *I, Friend))
501       OnFailure = AR_dependent;
502   }
503 
504   return OnFailure;
505 }
506 
507 /// Determines whether the given friend function template matches
508 /// anything in the effective context.
509 static AccessResult MatchesFriend(Sema &S,
510                                   const EffectiveContext &EC,
511                                   FunctionTemplateDecl *Friend) {
512   if (EC.Functions.empty()) return AR_inaccessible;
513 
514   AccessResult OnFailure = AR_inaccessible;
515 
516   for (SmallVectorImpl<FunctionDecl*>::const_iterator
517          I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
518 
519     FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate();
520     if (!FTD)
521       FTD = (*I)->getDescribedFunctionTemplate();
522     if (!FTD)
523       continue;
524 
525     FTD = FTD->getCanonicalDecl();
526 
527     if (Friend == FTD)
528       return AR_accessible;
529 
530     if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend))
531       OnFailure = AR_dependent;
532   }
533 
534   return OnFailure;
535 }
536 
537 /// Determines whether the given friend declaration matches anything
538 /// in the effective context.
539 static AccessResult MatchesFriend(Sema &S,
540                                   const EffectiveContext &EC,
541                                   FriendDecl *FriendD) {
542   // Whitelist accesses if there's an invalid or unsupported friend
543   // declaration.
544   if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend())
545     return AR_accessible;
546 
547   if (TypeSourceInfo *T = FriendD->getFriendType())
548     return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified());
549 
550   NamedDecl *Friend
551     = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl());
552 
553   // FIXME: declarations with dependent or templated scope.
554 
555   if (isa<ClassTemplateDecl>(Friend))
556     return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend));
557 
558   if (isa<FunctionTemplateDecl>(Friend))
559     return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend));
560 
561   if (isa<CXXRecordDecl>(Friend))
562     return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend));
563 
564   assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind");
565   return MatchesFriend(S, EC, cast<FunctionDecl>(Friend));
566 }
567 
568 static AccessResult GetFriendKind(Sema &S,
569                                   const EffectiveContext &EC,
570                                   const CXXRecordDecl *Class) {
571   AccessResult OnFailure = AR_inaccessible;
572 
573   // Okay, check friends.
574   for (auto *Friend : Class->friends()) {
575     switch (MatchesFriend(S, EC, Friend)) {
576     case AR_accessible:
577       return AR_accessible;
578 
579     case AR_inaccessible:
580       continue;
581 
582     case AR_dependent:
583       OnFailure = AR_dependent;
584       break;
585     }
586   }
587 
588   // That's it, give up.
589   return OnFailure;
590 }
591 
592 namespace {
593 
594 /// A helper class for checking for a friend which will grant access
595 /// to a protected instance member.
596 struct ProtectedFriendContext {
597   Sema &S;
598   const EffectiveContext &EC;
599   const CXXRecordDecl *NamingClass;
600   bool CheckDependent;
601   bool EverDependent;
602 
603   /// The path down to the current base class.
604   SmallVector<const CXXRecordDecl*, 20> CurPath;
605 
606   ProtectedFriendContext(Sema &S, const EffectiveContext &EC,
607                          const CXXRecordDecl *InstanceContext,
608                          const CXXRecordDecl *NamingClass)
609     : S(S), EC(EC), NamingClass(NamingClass),
610       CheckDependent(InstanceContext->isDependentContext() ||
611                      NamingClass->isDependentContext()),
612       EverDependent(false) {}
613 
614   /// Check classes in the current path for friendship, starting at
615   /// the given index.
616   bool checkFriendshipAlongPath(unsigned I) {
617     assert(I < CurPath.size());
618     for (unsigned E = CurPath.size(); I != E; ++I) {
619       switch (GetFriendKind(S, EC, CurPath[I])) {
620       case AR_accessible:   return true;
621       case AR_inaccessible: continue;
622       case AR_dependent:    EverDependent = true; continue;
623       }
624     }
625     return false;
626   }
627 
628   /// Perform a search starting at the given class.
629   ///
630   /// PrivateDepth is the index of the last (least derived) class
631   /// along the current path such that a notional public member of
632   /// the final class in the path would have access in that class.
633   bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) {
634     // If we ever reach the naming class, check the current path for
635     // friendship.  We can also stop recursing because we obviously
636     // won't find the naming class there again.
637     if (Cur == NamingClass)
638       return checkFriendshipAlongPath(PrivateDepth);
639 
640     if (CheckDependent && MightInstantiateTo(Cur, NamingClass))
641       EverDependent = true;
642 
643     // Recurse into the base classes.
644     for (const auto &I : Cur->bases()) {
645       // If this is private inheritance, then a public member of the
646       // base will not have any access in classes derived from Cur.
647       unsigned BasePrivateDepth = PrivateDepth;
648       if (I.getAccessSpecifier() == AS_private)
649         BasePrivateDepth = CurPath.size() - 1;
650 
651       const CXXRecordDecl *RD;
652 
653       QualType T = I.getType();
654       if (const RecordType *RT = T->getAs<RecordType>()) {
655         RD = cast<CXXRecordDecl>(RT->getDecl());
656       } else if (const InjectedClassNameType *IT
657                    = T->getAs<InjectedClassNameType>()) {
658         RD = IT->getDecl();
659       } else {
660         assert(T->isDependentType() && "non-dependent base wasn't a record?");
661         EverDependent = true;
662         continue;
663       }
664 
665       // Recurse.  We don't need to clean up if this returns true.
666       CurPath.push_back(RD);
667       if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth))
668         return true;
669       CurPath.pop_back();
670     }
671 
672     return false;
673   }
674 
675   bool findFriendship(const CXXRecordDecl *Cur) {
676     assert(CurPath.empty());
677     CurPath.push_back(Cur);
678     return findFriendship(Cur, 0);
679   }
680 };
681 }
682 
683 /// Search for a class P that EC is a friend of, under the constraint
684 ///   InstanceContext <= P
685 /// if InstanceContext exists, or else
686 ///   NamingClass <= P
687 /// and with the additional restriction that a protected member of
688 /// NamingClass would have some natural access in P, which implicitly
689 /// imposes the constraint that P <= NamingClass.
690 ///
691 /// This isn't quite the condition laid out in the standard.
692 /// Instead of saying that a notional protected member of NamingClass
693 /// would have to have some natural access in P, it says the actual
694 /// target has to have some natural access in P, which opens up the
695 /// possibility that the target (which is not necessarily a member
696 /// of NamingClass) might be more accessible along some path not
697 /// passing through it.  That's really a bad idea, though, because it
698 /// introduces two problems:
699 ///   - Most importantly, it breaks encapsulation because you can
700 ///     access a forbidden base class's members by directly subclassing
701 ///     it elsewhere.
702 ///   - It also makes access substantially harder to compute because it
703 ///     breaks the hill-climbing algorithm: knowing that the target is
704 ///     accessible in some base class would no longer let you change
705 ///     the question solely to whether the base class is accessible,
706 ///     because the original target might have been more accessible
707 ///     because of crazy subclassing.
708 /// So we don't implement that.
709 static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC,
710                                            const CXXRecordDecl *InstanceContext,
711                                            const CXXRecordDecl *NamingClass) {
712   assert(InstanceContext == 0 ||
713          InstanceContext->getCanonicalDecl() == InstanceContext);
714   assert(NamingClass->getCanonicalDecl() == NamingClass);
715 
716   // If we don't have an instance context, our constraints give us
717   // that NamingClass <= P <= NamingClass, i.e. P == NamingClass.
718   // This is just the usual friendship check.
719   if (!InstanceContext) return GetFriendKind(S, EC, NamingClass);
720 
721   ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass);
722   if (PRC.findFriendship(InstanceContext)) return AR_accessible;
723   if (PRC.EverDependent) return AR_dependent;
724   return AR_inaccessible;
725 }
726 
727 static AccessResult HasAccess(Sema &S,
728                               const EffectiveContext &EC,
729                               const CXXRecordDecl *NamingClass,
730                               AccessSpecifier Access,
731                               const AccessTarget &Target) {
732   assert(NamingClass->getCanonicalDecl() == NamingClass &&
733          "declaration should be canonicalized before being passed here");
734 
735   if (Access == AS_public) return AR_accessible;
736   assert(Access == AS_private || Access == AS_protected);
737 
738   AccessResult OnFailure = AR_inaccessible;
739 
740   for (EffectiveContext::record_iterator
741          I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
742     // All the declarations in EC have been canonicalized, so pointer
743     // equality from this point on will work fine.
744     const CXXRecordDecl *ECRecord = *I;
745 
746     // [B2] and [M2]
747     if (Access == AS_private) {
748       if (ECRecord == NamingClass)
749         return AR_accessible;
750 
751       if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass))
752         OnFailure = AR_dependent;
753 
754     // [B3] and [M3]
755     } else {
756       assert(Access == AS_protected);
757       switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
758       case AR_accessible: break;
759       case AR_inaccessible: continue;
760       case AR_dependent: OnFailure = AR_dependent; continue;
761       }
762 
763       // C++ [class.protected]p1:
764       //   An additional access check beyond those described earlier in
765       //   [class.access] is applied when a non-static data member or
766       //   non-static member function is a protected member of its naming
767       //   class.  As described earlier, access to a protected member is
768       //   granted because the reference occurs in a friend or member of
769       //   some class C.  If the access is to form a pointer to member,
770       //   the nested-name-specifier shall name C or a class derived from
771       //   C. All other accesses involve a (possibly implicit) object
772       //   expression. In this case, the class of the object expression
773       //   shall be C or a class derived from C.
774       //
775       // We interpret this as a restriction on [M3].
776 
777       // In this part of the code, 'C' is just our context class ECRecord.
778 
779       // These rules are different if we don't have an instance context.
780       if (!Target.hasInstanceContext()) {
781         // If it's not an instance member, these restrictions don't apply.
782         if (!Target.isInstanceMember()) return AR_accessible;
783 
784         // If it's an instance member, use the pointer-to-member rule
785         // that the naming class has to be derived from the effective
786         // context.
787 
788         // Emulate a MSVC bug where the creation of pointer-to-member
789         // to protected member of base class is allowed but only from
790         // static member functions.
791         if (S.getLangOpts().MSVCCompat && !EC.Functions.empty())
792           if (CXXMethodDecl* MD = dyn_cast<CXXMethodDecl>(EC.Functions.front()))
793             if (MD->isStatic()) return AR_accessible;
794 
795         // Despite the standard's confident wording, there is a case
796         // where you can have an instance member that's neither in a
797         // pointer-to-member expression nor in a member access:  when
798         // it names a field in an unevaluated context that can't be an
799         // implicit member.  Pending clarification, we just apply the
800         // same naming-class restriction here.
801         //   FIXME: we're probably not correctly adding the
802         //   protected-member restriction when we retroactively convert
803         //   an expression to being evaluated.
804 
805         // We know that ECRecord derives from NamingClass.  The
806         // restriction says to check whether NamingClass derives from
807         // ECRecord, but that's not really necessary: two distinct
808         // classes can't be recursively derived from each other.  So
809         // along this path, we just need to check whether the classes
810         // are equal.
811         if (NamingClass == ECRecord) return AR_accessible;
812 
813         // Otherwise, this context class tells us nothing;  on to the next.
814         continue;
815       }
816 
817       assert(Target.isInstanceMember());
818 
819       const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
820       if (!InstanceContext) {
821         OnFailure = AR_dependent;
822         continue;
823       }
824 
825       switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
826       case AR_accessible: return AR_accessible;
827       case AR_inaccessible: continue;
828       case AR_dependent: OnFailure = AR_dependent; continue;
829       }
830     }
831   }
832 
833   // [M3] and [B3] say that, if the target is protected in N, we grant
834   // access if the access occurs in a friend or member of some class P
835   // that's a subclass of N and where the target has some natural
836   // access in P.  The 'member' aspect is easy to handle because P
837   // would necessarily be one of the effective-context records, and we
838   // address that above.  The 'friend' aspect is completely ridiculous
839   // to implement because there are no restrictions at all on P
840   // *unless* the [class.protected] restriction applies.  If it does,
841   // however, we should ignore whether the naming class is a friend,
842   // and instead rely on whether any potential P is a friend.
843   if (Access == AS_protected && Target.isInstanceMember()) {
844     // Compute the instance context if possible.
845     const CXXRecordDecl *InstanceContext = 0;
846     if (Target.hasInstanceContext()) {
847       InstanceContext = Target.resolveInstanceContext(S);
848       if (!InstanceContext) return AR_dependent;
849     }
850 
851     switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) {
852     case AR_accessible: return AR_accessible;
853     case AR_inaccessible: return OnFailure;
854     case AR_dependent: return AR_dependent;
855     }
856     llvm_unreachable("impossible friendship kind");
857   }
858 
859   switch (GetFriendKind(S, EC, NamingClass)) {
860   case AR_accessible: return AR_accessible;
861   case AR_inaccessible: return OnFailure;
862   case AR_dependent: return AR_dependent;
863   }
864 
865   // Silence bogus warnings
866   llvm_unreachable("impossible friendship kind");
867 }
868 
869 /// Finds the best path from the naming class to the declaring class,
870 /// taking friend declarations into account.
871 ///
872 /// C++0x [class.access.base]p5:
873 ///   A member m is accessible at the point R when named in class N if
874 ///   [M1] m as a member of N is public, or
875 ///   [M2] m as a member of N is private, and R occurs in a member or
876 ///        friend of class N, or
877 ///   [M3] m as a member of N is protected, and R occurs in a member or
878 ///        friend of class N, or in a member or friend of a class P
879 ///        derived from N, where m as a member of P is public, private,
880 ///        or protected, or
881 ///   [M4] there exists a base class B of N that is accessible at R, and
882 ///        m is accessible at R when named in class B.
883 ///
884 /// C++0x [class.access.base]p4:
885 ///   A base class B of N is accessible at R, if
886 ///   [B1] an invented public member of B would be a public member of N, or
887 ///   [B2] R occurs in a member or friend of class N, and an invented public
888 ///        member of B would be a private or protected member of N, or
889 ///   [B3] R occurs in a member or friend of a class P derived from N, and an
890 ///        invented public member of B would be a private or protected member
891 ///        of P, or
892 ///   [B4] there exists a class S such that B is a base class of S accessible
893 ///        at R and S is a base class of N accessible at R.
894 ///
895 /// Along a single inheritance path we can restate both of these
896 /// iteratively:
897 ///
898 /// First, we note that M1-4 are equivalent to B1-4 if the member is
899 /// treated as a notional base of its declaring class with inheritance
900 /// access equivalent to the member's access.  Therefore we need only
901 /// ask whether a class B is accessible from a class N in context R.
902 ///
903 /// Let B_1 .. B_n be the inheritance path in question (i.e. where
904 /// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of
905 /// B_i).  For i in 1..n, we will calculate ACAB(i), the access to the
906 /// closest accessible base in the path:
907 ///   Access(a, b) = (* access on the base specifier from a to b *)
908 ///   Merge(a, forbidden) = forbidden
909 ///   Merge(a, private) = forbidden
910 ///   Merge(a, b) = min(a,b)
911 ///   Accessible(c, forbidden) = false
912 ///   Accessible(c, private) = (R is c) || IsFriend(c, R)
913 ///   Accessible(c, protected) = (R derived from c) || IsFriend(c, R)
914 ///   Accessible(c, public) = true
915 ///   ACAB(n) = public
916 ///   ACAB(i) =
917 ///     let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in
918 ///     if Accessible(B_i, AccessToBase) then public else AccessToBase
919 ///
920 /// B is an accessible base of N at R iff ACAB(1) = public.
921 ///
922 /// \param FinalAccess the access of the "final step", or AS_public if
923 ///   there is no final step.
924 /// \return null if friendship is dependent
925 static CXXBasePath *FindBestPath(Sema &S,
926                                  const EffectiveContext &EC,
927                                  AccessTarget &Target,
928                                  AccessSpecifier FinalAccess,
929                                  CXXBasePaths &Paths) {
930   // Derive the paths to the desired base.
931   const CXXRecordDecl *Derived = Target.getNamingClass();
932   const CXXRecordDecl *Base = Target.getDeclaringClass();
933 
934   // FIXME: fail correctly when there are dependent paths.
935   bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base),
936                                           Paths);
937   assert(isDerived && "derived class not actually derived from base");
938   (void) isDerived;
939 
940   CXXBasePath *BestPath = 0;
941 
942   assert(FinalAccess != AS_none && "forbidden access after declaring class");
943 
944   bool AnyDependent = false;
945 
946   // Derive the friend-modified access along each path.
947   for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end();
948          PI != PE; ++PI) {
949     AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext();
950 
951     // Walk through the path backwards.
952     AccessSpecifier PathAccess = FinalAccess;
953     CXXBasePath::iterator I = PI->end(), E = PI->begin();
954     while (I != E) {
955       --I;
956 
957       assert(PathAccess != AS_none);
958 
959       // If the declaration is a private member of a base class, there
960       // is no level of friendship in derived classes that can make it
961       // accessible.
962       if (PathAccess == AS_private) {
963         PathAccess = AS_none;
964         break;
965       }
966 
967       const CXXRecordDecl *NC = I->Class->getCanonicalDecl();
968 
969       AccessSpecifier BaseAccess = I->Base->getAccessSpecifier();
970       PathAccess = std::max(PathAccess, BaseAccess);
971 
972       switch (HasAccess(S, EC, NC, PathAccess, Target)) {
973       case AR_inaccessible: break;
974       case AR_accessible:
975         PathAccess = AS_public;
976 
977         // Future tests are not against members and so do not have
978         // instance context.
979         Target.suppressInstanceContext();
980         break;
981       case AR_dependent:
982         AnyDependent = true;
983         goto Next;
984       }
985     }
986 
987     // Note that we modify the path's Access field to the
988     // friend-modified access.
989     if (BestPath == 0 || PathAccess < BestPath->Access) {
990       BestPath = &*PI;
991       BestPath->Access = PathAccess;
992 
993       // Short-circuit if we found a public path.
994       if (BestPath->Access == AS_public)
995         return BestPath;
996     }
997 
998   Next: ;
999   }
1000 
1001   assert((!BestPath || BestPath->Access != AS_public) &&
1002          "fell out of loop with public path");
1003 
1004   // We didn't find a public path, but at least one path was subject
1005   // to dependent friendship, so delay the check.
1006   if (AnyDependent)
1007     return 0;
1008 
1009   return BestPath;
1010 }
1011 
1012 /// Given that an entity has protected natural access, check whether
1013 /// access might be denied because of the protected member access
1014 /// restriction.
1015 ///
1016 /// \return true if a note was emitted
1017 static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC,
1018                                        AccessTarget &Target) {
1019   // Only applies to instance accesses.
1020   if (!Target.isInstanceMember())
1021     return false;
1022 
1023   assert(Target.isMemberAccess());
1024 
1025   const CXXRecordDecl *NamingClass = Target.getEffectiveNamingClass();
1026 
1027   for (EffectiveContext::record_iterator
1028          I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
1029     const CXXRecordDecl *ECRecord = *I;
1030     switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
1031     case AR_accessible: break;
1032     case AR_inaccessible: continue;
1033     case AR_dependent: continue;
1034     }
1035 
1036     // The effective context is a subclass of the declaring class.
1037     // Check whether the [class.protected] restriction is limiting
1038     // access.
1039 
1040     // To get this exactly right, this might need to be checked more
1041     // holistically;  it's not necessarily the case that gaining
1042     // access here would grant us access overall.
1043 
1044     NamedDecl *D = Target.getTargetDecl();
1045 
1046     // If we don't have an instance context, [class.protected] says the
1047     // naming class has to equal the context class.
1048     if (!Target.hasInstanceContext()) {
1049       // If it does, the restriction doesn't apply.
1050       if (NamingClass == ECRecord) continue;
1051 
1052       // TODO: it would be great to have a fixit here, since this is
1053       // such an obvious error.
1054       S.Diag(D->getLocation(), diag::note_access_protected_restricted_noobject)
1055         << S.Context.getTypeDeclType(ECRecord);
1056       return true;
1057     }
1058 
1059     const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
1060     assert(InstanceContext && "diagnosing dependent access");
1061 
1062     switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
1063     case AR_accessible: continue;
1064     case AR_dependent: continue;
1065     case AR_inaccessible:
1066       break;
1067     }
1068 
1069     // Okay, the restriction seems to be what's limiting us.
1070 
1071     // Use a special diagnostic for constructors and destructors.
1072     if (isa<CXXConstructorDecl>(D) || isa<CXXDestructorDecl>(D) ||
1073         (isa<FunctionTemplateDecl>(D) &&
1074          isa<CXXConstructorDecl>(
1075                 cast<FunctionTemplateDecl>(D)->getTemplatedDecl()))) {
1076       return S.Diag(D->getLocation(),
1077                     diag::note_access_protected_restricted_ctordtor)
1078              << isa<CXXDestructorDecl>(D->getAsFunction());
1079     }
1080 
1081     // Otherwise, use the generic diagnostic.
1082     return S.Diag(D->getLocation(),
1083                   diag::note_access_protected_restricted_object)
1084            << S.Context.getTypeDeclType(ECRecord);
1085   }
1086 
1087   return false;
1088 }
1089 
1090 /// We are unable to access a given declaration due to its direct
1091 /// access control;  diagnose that.
1092 static void diagnoseBadDirectAccess(Sema &S,
1093                                     const EffectiveContext &EC,
1094                                     AccessTarget &entity) {
1095   assert(entity.isMemberAccess());
1096   NamedDecl *D = entity.getTargetDecl();
1097 
1098   if (D->getAccess() == AS_protected &&
1099       TryDiagnoseProtectedAccess(S, EC, entity))
1100     return;
1101 
1102   // Find an original declaration.
1103   while (D->isOutOfLine()) {
1104     NamedDecl *PrevDecl = 0;
1105     if (VarDecl *VD = dyn_cast<VarDecl>(D))
1106       PrevDecl = VD->getPreviousDecl();
1107     else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
1108       PrevDecl = FD->getPreviousDecl();
1109     else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D))
1110       PrevDecl = TND->getPreviousDecl();
1111     else if (TagDecl *TD = dyn_cast<TagDecl>(D)) {
1112       if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName())
1113         break;
1114       PrevDecl = TD->getPreviousDecl();
1115     }
1116     if (!PrevDecl) break;
1117     D = PrevDecl;
1118   }
1119 
1120   CXXRecordDecl *DeclaringClass = FindDeclaringClass(D);
1121   Decl *ImmediateChild;
1122   if (D->getDeclContext() == DeclaringClass)
1123     ImmediateChild = D;
1124   else {
1125     DeclContext *DC = D->getDeclContext();
1126     while (DC->getParent() != DeclaringClass)
1127       DC = DC->getParent();
1128     ImmediateChild = cast<Decl>(DC);
1129   }
1130 
1131   // Check whether there's an AccessSpecDecl preceding this in the
1132   // chain of the DeclContext.
1133   bool isImplicit = true;
1134   for (const auto *I : DeclaringClass->decls()) {
1135     if (I == ImmediateChild) break;
1136     if (isa<AccessSpecDecl>(I)) {
1137       isImplicit = false;
1138       break;
1139     }
1140   }
1141 
1142   S.Diag(D->getLocation(), diag::note_access_natural)
1143     << (unsigned) (D->getAccess() == AS_protected)
1144     << isImplicit;
1145 }
1146 
1147 /// Diagnose the path which caused the given declaration or base class
1148 /// to become inaccessible.
1149 static void DiagnoseAccessPath(Sema &S,
1150                                const EffectiveContext &EC,
1151                                AccessTarget &entity) {
1152   // Save the instance context to preserve invariants.
1153   AccessTarget::SavedInstanceContext _ = entity.saveInstanceContext();
1154 
1155   // This basically repeats the main algorithm but keeps some more
1156   // information.
1157 
1158   // The natural access so far.
1159   AccessSpecifier accessSoFar = AS_public;
1160 
1161   // Check whether we have special rights to the declaring class.
1162   if (entity.isMemberAccess()) {
1163     NamedDecl *D = entity.getTargetDecl();
1164     accessSoFar = D->getAccess();
1165     const CXXRecordDecl *declaringClass = entity.getDeclaringClass();
1166 
1167     switch (HasAccess(S, EC, declaringClass, accessSoFar, entity)) {
1168     // If the declaration is accessible when named in its declaring
1169     // class, then we must be constrained by the path.
1170     case AR_accessible:
1171       accessSoFar = AS_public;
1172       entity.suppressInstanceContext();
1173       break;
1174 
1175     case AR_inaccessible:
1176       if (accessSoFar == AS_private ||
1177           declaringClass == entity.getEffectiveNamingClass())
1178         return diagnoseBadDirectAccess(S, EC, entity);
1179       break;
1180 
1181     case AR_dependent:
1182       llvm_unreachable("cannot diagnose dependent access");
1183     }
1184   }
1185 
1186   CXXBasePaths paths;
1187   CXXBasePath &path = *FindBestPath(S, EC, entity, accessSoFar, paths);
1188   assert(path.Access != AS_public);
1189 
1190   CXXBasePath::iterator i = path.end(), e = path.begin();
1191   CXXBasePath::iterator constrainingBase = i;
1192   while (i != e) {
1193     --i;
1194 
1195     assert(accessSoFar != AS_none && accessSoFar != AS_private);
1196 
1197     // Is the entity accessible when named in the deriving class, as
1198     // modified by the base specifier?
1199     const CXXRecordDecl *derivingClass = i->Class->getCanonicalDecl();
1200     const CXXBaseSpecifier *base = i->Base;
1201 
1202     // If the access to this base is worse than the access we have to
1203     // the declaration, remember it.
1204     AccessSpecifier baseAccess = base->getAccessSpecifier();
1205     if (baseAccess > accessSoFar) {
1206       constrainingBase = i;
1207       accessSoFar = baseAccess;
1208     }
1209 
1210     switch (HasAccess(S, EC, derivingClass, accessSoFar, entity)) {
1211     case AR_inaccessible: break;
1212     case AR_accessible:
1213       accessSoFar = AS_public;
1214       entity.suppressInstanceContext();
1215       constrainingBase = 0;
1216       break;
1217     case AR_dependent:
1218       llvm_unreachable("cannot diagnose dependent access");
1219     }
1220 
1221     // If this was private inheritance, but we don't have access to
1222     // the deriving class, we're done.
1223     if (accessSoFar == AS_private) {
1224       assert(baseAccess == AS_private);
1225       assert(constrainingBase == i);
1226       break;
1227     }
1228   }
1229 
1230   // If we don't have a constraining base, the access failure must be
1231   // due to the original declaration.
1232   if (constrainingBase == path.end())
1233     return diagnoseBadDirectAccess(S, EC, entity);
1234 
1235   // We're constrained by inheritance, but we want to say
1236   // "declared private here" if we're diagnosing a hierarchy
1237   // conversion and this is the final step.
1238   unsigned diagnostic;
1239   if (entity.isMemberAccess() ||
1240       constrainingBase + 1 != path.end()) {
1241     diagnostic = diag::note_access_constrained_by_path;
1242   } else {
1243     diagnostic = diag::note_access_natural;
1244   }
1245 
1246   const CXXBaseSpecifier *base = constrainingBase->Base;
1247 
1248   S.Diag(base->getSourceRange().getBegin(), diagnostic)
1249     << base->getSourceRange()
1250     << (base->getAccessSpecifier() == AS_protected)
1251     << (base->getAccessSpecifierAsWritten() == AS_none);
1252 
1253   if (entity.isMemberAccess())
1254     S.Diag(entity.getTargetDecl()->getLocation(), diag::note_field_decl);
1255 }
1256 
1257 static void DiagnoseBadAccess(Sema &S, SourceLocation Loc,
1258                               const EffectiveContext &EC,
1259                               AccessTarget &Entity) {
1260   const CXXRecordDecl *NamingClass = Entity.getNamingClass();
1261   const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1262   NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0);
1263 
1264   S.Diag(Loc, Entity.getDiag())
1265     << (Entity.getAccess() == AS_protected)
1266     << (D ? D->getDeclName() : DeclarationName())
1267     << S.Context.getTypeDeclType(NamingClass)
1268     << S.Context.getTypeDeclType(DeclaringClass);
1269   DiagnoseAccessPath(S, EC, Entity);
1270 }
1271 
1272 /// MSVC has a bug where if during an using declaration name lookup,
1273 /// the declaration found is unaccessible (private) and that declaration
1274 /// was bring into scope via another using declaration whose target
1275 /// declaration is accessible (public) then no error is generated.
1276 /// Example:
1277 ///   class A {
1278 ///   public:
1279 ///     int f();
1280 ///   };
1281 ///   class B : public A {
1282 ///   private:
1283 ///     using A::f;
1284 ///   };
1285 ///   class C : public B {
1286 ///   private:
1287 ///     using B::f;
1288 ///   };
1289 ///
1290 /// Here, B::f is private so this should fail in Standard C++, but
1291 /// because B::f refers to A::f which is public MSVC accepts it.
1292 static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S,
1293                                                  SourceLocation AccessLoc,
1294                                                  AccessTarget &Entity) {
1295   if (UsingShadowDecl *Shadow =
1296                          dyn_cast<UsingShadowDecl>(Entity.getTargetDecl())) {
1297     const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl();
1298     if (Entity.getTargetDecl()->getAccess() == AS_private &&
1299         (OrigDecl->getAccess() == AS_public ||
1300          OrigDecl->getAccess() == AS_protected)) {
1301       S.Diag(AccessLoc, diag::ext_ms_using_declaration_inaccessible)
1302         << Shadow->getUsingDecl()->getQualifiedNameAsString()
1303         << OrigDecl->getQualifiedNameAsString();
1304       return true;
1305     }
1306   }
1307   return false;
1308 }
1309 
1310 /// Determines whether the accessed entity is accessible.  Public members
1311 /// have been weeded out by this point.
1312 static AccessResult IsAccessible(Sema &S,
1313                                  const EffectiveContext &EC,
1314                                  AccessTarget &Entity) {
1315   // Determine the actual naming class.
1316   const CXXRecordDecl *NamingClass = Entity.getEffectiveNamingClass();
1317 
1318   AccessSpecifier UnprivilegedAccess = Entity.getAccess();
1319   assert(UnprivilegedAccess != AS_public && "public access not weeded out");
1320 
1321   // Before we try to recalculate access paths, try to white-list
1322   // accesses which just trade in on the final step, i.e. accesses
1323   // which don't require [M4] or [B4]. These are by far the most
1324   // common forms of privileged access.
1325   if (UnprivilegedAccess != AS_none) {
1326     switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) {
1327     case AR_dependent:
1328       // This is actually an interesting policy decision.  We don't
1329       // *have* to delay immediately here: we can do the full access
1330       // calculation in the hope that friendship on some intermediate
1331       // class will make the declaration accessible non-dependently.
1332       // But that's not cheap, and odds are very good (note: assertion
1333       // made without data) that the friend declaration will determine
1334       // access.
1335       return AR_dependent;
1336 
1337     case AR_accessible: return AR_accessible;
1338     case AR_inaccessible: break;
1339     }
1340   }
1341 
1342   AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext();
1343 
1344   // We lower member accesses to base accesses by pretending that the
1345   // member is a base class of its declaring class.
1346   AccessSpecifier FinalAccess;
1347 
1348   if (Entity.isMemberAccess()) {
1349     // Determine if the declaration is accessible from EC when named
1350     // in its declaring class.
1351     NamedDecl *Target = Entity.getTargetDecl();
1352     const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1353 
1354     FinalAccess = Target->getAccess();
1355     switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) {
1356     case AR_accessible:
1357       // Target is accessible at EC when named in its declaring class.
1358       // We can now hill-climb and simply check whether the declaring
1359       // class is accessible as a base of the naming class.  This is
1360       // equivalent to checking the access of a notional public
1361       // member with no instance context.
1362       FinalAccess = AS_public;
1363       Entity.suppressInstanceContext();
1364       break;
1365     case AR_inaccessible: break;
1366     case AR_dependent: return AR_dependent; // see above
1367     }
1368 
1369     if (DeclaringClass == NamingClass)
1370       return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible);
1371   } else {
1372     FinalAccess = AS_public;
1373   }
1374 
1375   assert(Entity.getDeclaringClass() != NamingClass);
1376 
1377   // Append the declaration's access if applicable.
1378   CXXBasePaths Paths;
1379   CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths);
1380   if (!Path)
1381     return AR_dependent;
1382 
1383   assert(Path->Access <= UnprivilegedAccess &&
1384          "access along best path worse than direct?");
1385   if (Path->Access == AS_public)
1386     return AR_accessible;
1387   return AR_inaccessible;
1388 }
1389 
1390 static void DelayDependentAccess(Sema &S,
1391                                  const EffectiveContext &EC,
1392                                  SourceLocation Loc,
1393                                  const AccessTarget &Entity) {
1394   assert(EC.isDependent() && "delaying non-dependent access");
1395   DeclContext *DC = EC.getInnerContext();
1396   assert(DC->isDependentContext() && "delaying non-dependent access");
1397   DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access,
1398                               Loc,
1399                               Entity.isMemberAccess(),
1400                               Entity.getAccess(),
1401                               Entity.getTargetDecl(),
1402                               Entity.getNamingClass(),
1403                               Entity.getBaseObjectType(),
1404                               Entity.getDiag());
1405 }
1406 
1407 /// Checks access to an entity from the given effective context.
1408 static AccessResult CheckEffectiveAccess(Sema &S,
1409                                          const EffectiveContext &EC,
1410                                          SourceLocation Loc,
1411                                          AccessTarget &Entity) {
1412   assert(Entity.getAccess() != AS_public && "called for public access!");
1413 
1414   switch (IsAccessible(S, EC, Entity)) {
1415   case AR_dependent:
1416     DelayDependentAccess(S, EC, Loc, Entity);
1417     return AR_dependent;
1418 
1419   case AR_inaccessible:
1420     if (S.getLangOpts().MSVCCompat &&
1421         IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity))
1422       return AR_accessible;
1423     if (!Entity.isQuiet())
1424       DiagnoseBadAccess(S, Loc, EC, Entity);
1425     return AR_inaccessible;
1426 
1427   case AR_accessible:
1428     return AR_accessible;
1429   }
1430 
1431   // silence unnecessary warning
1432   llvm_unreachable("invalid access result");
1433 }
1434 
1435 static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc,
1436                                       AccessTarget &Entity) {
1437   // If the access path is public, it's accessible everywhere.
1438   if (Entity.getAccess() == AS_public)
1439     return Sema::AR_accessible;
1440 
1441   // If we're currently parsing a declaration, we may need to delay
1442   // access control checking, because our effective context might be
1443   // different based on what the declaration comes out as.
1444   //
1445   // For example, we might be parsing a declaration with a scope
1446   // specifier, like this:
1447   //   A::private_type A::foo() { ... }
1448   //
1449   // Or we might be parsing something that will turn out to be a friend:
1450   //   void foo(A::private_type);
1451   //   void B::foo(A::private_type);
1452   if (S.DelayedDiagnostics.shouldDelayDiagnostics()) {
1453     S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity));
1454     return Sema::AR_delayed;
1455   }
1456 
1457   EffectiveContext EC(S.CurContext);
1458   switch (CheckEffectiveAccess(S, EC, Loc, Entity)) {
1459   case AR_accessible: return Sema::AR_accessible;
1460   case AR_inaccessible: return Sema::AR_inaccessible;
1461   case AR_dependent: return Sema::AR_dependent;
1462   }
1463   llvm_unreachable("falling off end");
1464 }
1465 
1466 void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *D) {
1467   // Access control for names used in the declarations of functions
1468   // and function templates should normally be evaluated in the context
1469   // of the declaration, just in case it's a friend of something.
1470   // However, this does not apply to local extern declarations.
1471 
1472   DeclContext *DC = D->getDeclContext();
1473   if (D->isLocalExternDecl()) {
1474     DC = D->getLexicalDeclContext();
1475   } else if (FunctionDecl *FN = dyn_cast<FunctionDecl>(D)) {
1476     DC = FN;
1477   } else if (TemplateDecl *TD = dyn_cast<TemplateDecl>(D)) {
1478     DC = cast<DeclContext>(TD->getTemplatedDecl());
1479   }
1480 
1481   EffectiveContext EC(DC);
1482 
1483   AccessTarget Target(DD.getAccessData());
1484 
1485   if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible)
1486     DD.Triggered = true;
1487 }
1488 
1489 void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD,
1490                         const MultiLevelTemplateArgumentList &TemplateArgs) {
1491   SourceLocation Loc = DD.getAccessLoc();
1492   AccessSpecifier Access = DD.getAccess();
1493 
1494   Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(),
1495                                        TemplateArgs);
1496   if (!NamingD) return;
1497   Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(),
1498                                        TemplateArgs);
1499   if (!TargetD) return;
1500 
1501   if (DD.isAccessToMember()) {
1502     CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD);
1503     NamedDecl *TargetDecl = cast<NamedDecl>(TargetD);
1504     QualType BaseObjectType = DD.getAccessBaseObjectType();
1505     if (!BaseObjectType.isNull()) {
1506       BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc,
1507                                  DeclarationName());
1508       if (BaseObjectType.isNull()) return;
1509     }
1510 
1511     AccessTarget Entity(Context,
1512                         AccessTarget::Member,
1513                         NamingClass,
1514                         DeclAccessPair::make(TargetDecl, Access),
1515                         BaseObjectType);
1516     Entity.setDiag(DD.getDiagnostic());
1517     CheckAccess(*this, Loc, Entity);
1518   } else {
1519     AccessTarget Entity(Context,
1520                         AccessTarget::Base,
1521                         cast<CXXRecordDecl>(TargetD),
1522                         cast<CXXRecordDecl>(NamingD),
1523                         Access);
1524     Entity.setDiag(DD.getDiagnostic());
1525     CheckAccess(*this, Loc, Entity);
1526   }
1527 }
1528 
1529 Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
1530                                                      DeclAccessPair Found) {
1531   if (!getLangOpts().AccessControl ||
1532       !E->getNamingClass() ||
1533       Found.getAccess() == AS_public)
1534     return AR_accessible;
1535 
1536   AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1537                       Found, QualType());
1538   Entity.setDiag(diag::err_access) << E->getSourceRange();
1539 
1540   return CheckAccess(*this, E->getNameLoc(), Entity);
1541 }
1542 
1543 /// Perform access-control checking on a previously-unresolved member
1544 /// access which has now been resolved to a member.
1545 Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
1546                                                      DeclAccessPair Found) {
1547   if (!getLangOpts().AccessControl ||
1548       Found.getAccess() == AS_public)
1549     return AR_accessible;
1550 
1551   QualType BaseType = E->getBaseType();
1552   if (E->isArrow())
1553     BaseType = BaseType->getAs<PointerType>()->getPointeeType();
1554 
1555   AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1556                       Found, BaseType);
1557   Entity.setDiag(diag::err_access) << E->getSourceRange();
1558 
1559   return CheckAccess(*this, E->getMemberLoc(), Entity);
1560 }
1561 
1562 /// Is the given special member function accessible for the purposes of
1563 /// deciding whether to define a special member function as deleted?
1564 bool Sema::isSpecialMemberAccessibleForDeletion(CXXMethodDecl *decl,
1565                                                 AccessSpecifier access,
1566                                                 QualType objectType) {
1567   // Fast path.
1568   if (access == AS_public || !getLangOpts().AccessControl) return true;
1569 
1570   AccessTarget entity(Context, AccessTarget::Member, decl->getParent(),
1571                       DeclAccessPair::make(decl, access), objectType);
1572 
1573   // Suppress diagnostics.
1574   entity.setDiag(PDiag());
1575 
1576   switch (CheckAccess(*this, SourceLocation(), entity)) {
1577   case AR_accessible: return true;
1578   case AR_inaccessible: return false;
1579   case AR_dependent: llvm_unreachable("dependent for =delete computation");
1580   case AR_delayed: llvm_unreachable("cannot delay =delete computation");
1581   }
1582   llvm_unreachable("bad access result");
1583 }
1584 
1585 Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc,
1586                                                CXXDestructorDecl *Dtor,
1587                                                const PartialDiagnostic &PDiag,
1588                                                QualType ObjectTy) {
1589   if (!getLangOpts().AccessControl)
1590     return AR_accessible;
1591 
1592   // There's never a path involved when checking implicit destructor access.
1593   AccessSpecifier Access = Dtor->getAccess();
1594   if (Access == AS_public)
1595     return AR_accessible;
1596 
1597   CXXRecordDecl *NamingClass = Dtor->getParent();
1598   if (ObjectTy.isNull()) ObjectTy = Context.getTypeDeclType(NamingClass);
1599 
1600   AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1601                       DeclAccessPair::make(Dtor, Access),
1602                       ObjectTy);
1603   Entity.setDiag(PDiag); // TODO: avoid copy
1604 
1605   return CheckAccess(*this, Loc, Entity);
1606 }
1607 
1608 /// Checks access to a constructor.
1609 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1610                                                 CXXConstructorDecl *Constructor,
1611                                                 const InitializedEntity &Entity,
1612                                                 AccessSpecifier Access,
1613                                                 bool IsCopyBindingRefToTemp) {
1614   if (!getLangOpts().AccessControl || Access == AS_public)
1615     return AR_accessible;
1616 
1617   PartialDiagnostic PD(PDiag());
1618   switch (Entity.getKind()) {
1619   default:
1620     PD = PDiag(IsCopyBindingRefToTemp
1621                  ? diag::ext_rvalue_to_reference_access_ctor
1622                  : diag::err_access_ctor);
1623 
1624     break;
1625 
1626   case InitializedEntity::EK_Base:
1627     PD = PDiag(diag::err_access_base_ctor);
1628     PD << Entity.isInheritedVirtualBase()
1629        << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor);
1630     break;
1631 
1632   case InitializedEntity::EK_Member: {
1633     const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl());
1634     PD = PDiag(diag::err_access_field_ctor);
1635     PD << Field->getType() << getSpecialMember(Constructor);
1636     break;
1637   }
1638 
1639   case InitializedEntity::EK_LambdaCapture: {
1640     StringRef VarName = Entity.getCapturedVarName();
1641     PD = PDiag(diag::err_access_lambda_capture);
1642     PD << VarName << Entity.getType() << getSpecialMember(Constructor);
1643     break;
1644   }
1645 
1646   }
1647 
1648   return CheckConstructorAccess(UseLoc, Constructor, Entity, Access, PD);
1649 }
1650 
1651 /// Checks access to a constructor.
1652 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1653                                                 CXXConstructorDecl *Constructor,
1654                                                 const InitializedEntity &Entity,
1655                                                 AccessSpecifier Access,
1656                                                 const PartialDiagnostic &PD) {
1657   if (!getLangOpts().AccessControl ||
1658       Access == AS_public)
1659     return AR_accessible;
1660 
1661   CXXRecordDecl *NamingClass = Constructor->getParent();
1662 
1663   // Initializing a base sub-object is an instance method call on an
1664   // object of the derived class.  Otherwise, we have an instance method
1665   // call on an object of the constructed type.
1666   CXXRecordDecl *ObjectClass;
1667   if (Entity.getKind() == InitializedEntity::EK_Base) {
1668     ObjectClass = cast<CXXConstructorDecl>(CurContext)->getParent();
1669   } else {
1670     ObjectClass = NamingClass;
1671   }
1672 
1673   AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass,
1674                             DeclAccessPair::make(Constructor, Access),
1675                             Context.getTypeDeclType(ObjectClass));
1676   AccessEntity.setDiag(PD);
1677 
1678   return CheckAccess(*this, UseLoc, AccessEntity);
1679 }
1680 
1681 /// Checks access to an overloaded operator new or delete.
1682 Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc,
1683                                                SourceRange PlacementRange,
1684                                                CXXRecordDecl *NamingClass,
1685                                                DeclAccessPair Found,
1686                                                bool Diagnose) {
1687   if (!getLangOpts().AccessControl ||
1688       !NamingClass ||
1689       Found.getAccess() == AS_public)
1690     return AR_accessible;
1691 
1692   AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1693                       QualType());
1694   if (Diagnose)
1695     Entity.setDiag(diag::err_access)
1696       << PlacementRange;
1697 
1698   return CheckAccess(*this, OpLoc, Entity);
1699 }
1700 
1701 /// \brief Checks access to a member.
1702 Sema::AccessResult Sema::CheckMemberAccess(SourceLocation UseLoc,
1703                                            CXXRecordDecl *NamingClass,
1704                                            DeclAccessPair Found) {
1705   if (!getLangOpts().AccessControl ||
1706       !NamingClass ||
1707       Found.getAccess() == AS_public)
1708     return AR_accessible;
1709 
1710   AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1711                       Found, QualType());
1712 
1713   return CheckAccess(*this, UseLoc, Entity);
1714 }
1715 
1716 /// Checks access to an overloaded member operator, including
1717 /// conversion operators.
1718 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1719                                                    Expr *ObjectExpr,
1720                                                    Expr *ArgExpr,
1721                                                    DeclAccessPair Found) {
1722   if (!getLangOpts().AccessControl ||
1723       Found.getAccess() == AS_public)
1724     return AR_accessible;
1725 
1726   const RecordType *RT = ObjectExpr->getType()->castAs<RecordType>();
1727   CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl());
1728 
1729   AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1730                       ObjectExpr->getType());
1731   Entity.setDiag(diag::err_access)
1732     << ObjectExpr->getSourceRange()
1733     << (ArgExpr ? ArgExpr->getSourceRange() : SourceRange());
1734 
1735   return CheckAccess(*this, OpLoc, Entity);
1736 }
1737 
1738 /// Checks access to the target of a friend declaration.
1739 Sema::AccessResult Sema::CheckFriendAccess(NamedDecl *target) {
1740   assert(isa<CXXMethodDecl>(target->getAsFunction()));
1741 
1742   // Friendship lookup is a redeclaration lookup, so there's never an
1743   // inheritance path modifying access.
1744   AccessSpecifier access = target->getAccess();
1745 
1746   if (!getLangOpts().AccessControl || access == AS_public)
1747     return AR_accessible;
1748 
1749   CXXMethodDecl *method = cast<CXXMethodDecl>(target->getAsFunction());
1750   assert(method->getQualifier());
1751 
1752   AccessTarget entity(Context, AccessTarget::Member,
1753                       cast<CXXRecordDecl>(target->getDeclContext()),
1754                       DeclAccessPair::make(target, access),
1755                       /*no instance context*/ QualType());
1756   entity.setDiag(diag::err_access_friend_function)
1757     << method->getQualifierLoc().getSourceRange();
1758 
1759   // We need to bypass delayed-diagnostics because we might be called
1760   // while the ParsingDeclarator is active.
1761   EffectiveContext EC(CurContext);
1762   switch (CheckEffectiveAccess(*this, EC, target->getLocation(), entity)) {
1763   case AR_accessible: return Sema::AR_accessible;
1764   case AR_inaccessible: return Sema::AR_inaccessible;
1765   case AR_dependent: return Sema::AR_dependent;
1766   }
1767   llvm_unreachable("falling off end");
1768 }
1769 
1770 Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr,
1771                                                     DeclAccessPair Found) {
1772   if (!getLangOpts().AccessControl ||
1773       Found.getAccess() == AS_none ||
1774       Found.getAccess() == AS_public)
1775     return AR_accessible;
1776 
1777   OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression;
1778   CXXRecordDecl *NamingClass = Ovl->getNamingClass();
1779 
1780   AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1781                       /*no instance context*/ QualType());
1782   Entity.setDiag(diag::err_access)
1783     << Ovl->getSourceRange();
1784 
1785   return CheckAccess(*this, Ovl->getNameLoc(), Entity);
1786 }
1787 
1788 /// Checks access for a hierarchy conversion.
1789 ///
1790 /// \param ForceCheck true if this check should be performed even if access
1791 ///     control is disabled;  some things rely on this for semantics
1792 /// \param ForceUnprivileged true if this check should proceed as if the
1793 ///     context had no special privileges
1794 Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc,
1795                                               QualType Base,
1796                                               QualType Derived,
1797                                               const CXXBasePath &Path,
1798                                               unsigned DiagID,
1799                                               bool ForceCheck,
1800                                               bool ForceUnprivileged) {
1801   if (!ForceCheck && !getLangOpts().AccessControl)
1802     return AR_accessible;
1803 
1804   if (Path.Access == AS_public)
1805     return AR_accessible;
1806 
1807   CXXRecordDecl *BaseD, *DerivedD;
1808   BaseD = cast<CXXRecordDecl>(Base->getAs<RecordType>()->getDecl());
1809   DerivedD = cast<CXXRecordDecl>(Derived->getAs<RecordType>()->getDecl());
1810 
1811   AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD,
1812                       Path.Access);
1813   if (DiagID)
1814     Entity.setDiag(DiagID) << Derived << Base;
1815 
1816   if (ForceUnprivileged) {
1817     switch (CheckEffectiveAccess(*this, EffectiveContext(),
1818                                  AccessLoc, Entity)) {
1819     case ::AR_accessible: return Sema::AR_accessible;
1820     case ::AR_inaccessible: return Sema::AR_inaccessible;
1821     case ::AR_dependent: return Sema::AR_dependent;
1822     }
1823     llvm_unreachable("unexpected result from CheckEffectiveAccess");
1824   }
1825   return CheckAccess(*this, AccessLoc, Entity);
1826 }
1827 
1828 /// Checks access to all the declarations in the given result set.
1829 void Sema::CheckLookupAccess(const LookupResult &R) {
1830   assert(getLangOpts().AccessControl
1831          && "performing access check without access control");
1832   assert(R.getNamingClass() && "performing access check without naming class");
1833 
1834   for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) {
1835     if (I.getAccess() != AS_public) {
1836       AccessTarget Entity(Context, AccessedEntity::Member,
1837                           R.getNamingClass(), I.getPair(),
1838                           R.getBaseObjectType());
1839       Entity.setDiag(diag::err_access);
1840       CheckAccess(*this, R.getNameLoc(), Entity);
1841     }
1842   }
1843 }
1844 
1845 /// Checks access to Decl from the given class. The check will take access
1846 /// specifiers into account, but no member access expressions and such.
1847 ///
1848 /// \param Decl the declaration to check if it can be accessed
1849 /// \param Ctx the class/context from which to start the search
1850 /// \return true if the Decl is accessible from the Class, false otherwise.
1851 bool Sema::IsSimplyAccessible(NamedDecl *Decl, DeclContext *Ctx) {
1852   if (CXXRecordDecl *Class = dyn_cast<CXXRecordDecl>(Ctx)) {
1853     if (!Decl->isCXXClassMember())
1854       return true;
1855 
1856     QualType qType = Class->getTypeForDecl()->getCanonicalTypeInternal();
1857     AccessTarget Entity(Context, AccessedEntity::Member, Class,
1858                         DeclAccessPair::make(Decl, Decl->getAccess()),
1859                         qType);
1860     if (Entity.getAccess() == AS_public)
1861       return true;
1862 
1863     EffectiveContext EC(CurContext);
1864     return ::IsAccessible(*this, EC, Entity) != ::AR_inaccessible;
1865   }
1866 
1867   if (ObjCIvarDecl *Ivar = dyn_cast<ObjCIvarDecl>(Decl)) {
1868     // @public and @package ivars are always accessible.
1869     if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Public ||
1870         Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Package)
1871       return true;
1872 
1873     // If we are inside a class or category implementation, determine the
1874     // interface we're in.
1875     ObjCInterfaceDecl *ClassOfMethodDecl = 0;
1876     if (ObjCMethodDecl *MD = getCurMethodDecl())
1877       ClassOfMethodDecl =  MD->getClassInterface();
1878     else if (FunctionDecl *FD = getCurFunctionDecl()) {
1879       if (ObjCImplDecl *Impl
1880             = dyn_cast<ObjCImplDecl>(FD->getLexicalDeclContext())) {
1881         if (ObjCImplementationDecl *IMPD
1882               = dyn_cast<ObjCImplementationDecl>(Impl))
1883           ClassOfMethodDecl = IMPD->getClassInterface();
1884         else if (ObjCCategoryImplDecl* CatImplClass
1885                    = dyn_cast<ObjCCategoryImplDecl>(Impl))
1886           ClassOfMethodDecl = CatImplClass->getClassInterface();
1887       }
1888     }
1889 
1890     // If we're not in an interface, this ivar is inaccessible.
1891     if (!ClassOfMethodDecl)
1892       return false;
1893 
1894     // If we're inside the same interface that owns the ivar, we're fine.
1895     if (declaresSameEntity(ClassOfMethodDecl, Ivar->getContainingInterface()))
1896       return true;
1897 
1898     // If the ivar is private, it's inaccessible.
1899     if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Private)
1900       return false;
1901 
1902     return Ivar->getContainingInterface()->isSuperClassOf(ClassOfMethodDecl);
1903   }
1904 
1905   return true;
1906 }
1907