1 //===--- AnalysisConsumer.cpp - ASTConsumer for running Analyses ----------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // "Meta" ASTConsumer for running different source analyses. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h" 14 #include "ModelInjector.h" 15 #include "clang/Analysis/PathDiagnostic.h" 16 #include "clang/AST/Decl.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/RecursiveASTVisitor.h" 20 #include "clang/Analysis/Analyses/LiveVariables.h" 21 #include "clang/Analysis/CFG.h" 22 #include "clang/Analysis/CallGraph.h" 23 #include "clang/Analysis/CodeInjector.h" 24 #include "clang/Basic/SourceManager.h" 25 #include "clang/CrossTU/CrossTranslationUnit.h" 26 #include "clang/Frontend/CompilerInstance.h" 27 #include "clang/Lex/Preprocessor.h" 28 #include "clang/StaticAnalyzer/Checkers/LocalCheckers.h" 29 #include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" 30 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 31 #include "clang/StaticAnalyzer/Core/CheckerManager.h" 32 #include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" 33 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 34 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" 35 #include "clang/StaticAnalyzer/Frontend/CheckerRegistration.h" 36 #include "llvm/ADT/PostOrderIterator.h" 37 #include "llvm/ADT/Statistic.h" 38 #include "llvm/Support/FileSystem.h" 39 #include "llvm/Support/Path.h" 40 #include "llvm/Support/Program.h" 41 #include "llvm/Support/Timer.h" 42 #include "llvm/Support/raw_ostream.h" 43 #include <memory> 44 #include <queue> 45 #include <utility> 46 47 using namespace clang; 48 using namespace ento; 49 50 #define DEBUG_TYPE "AnalysisConsumer" 51 52 STATISTIC(NumFunctionTopLevel, "The # of functions at top level."); 53 STATISTIC(NumFunctionsAnalyzed, 54 "The # of functions and blocks analyzed (as top level " 55 "with inlining turned on)."); 56 STATISTIC(NumBlocksInAnalyzedFunctions, 57 "The # of basic blocks in the analyzed functions."); 58 STATISTIC(NumVisitedBlocksInAnalyzedFunctions, 59 "The # of visited basic blocks in the analyzed functions."); 60 STATISTIC(PercentReachableBlocks, "The % of reachable basic blocks."); 61 STATISTIC(MaxCFGSize, "The maximum number of basic blocks in a function."); 62 63 //===----------------------------------------------------------------------===// 64 // Special PathDiagnosticConsumers. 65 //===----------------------------------------------------------------------===// 66 67 void ento::createPlistHTMLDiagnosticConsumer( 68 AnalyzerOptions &AnalyzerOpts, PathDiagnosticConsumers &C, 69 const std::string &prefix, const Preprocessor &PP, 70 const cross_tu::CrossTranslationUnitContext &CTU) { 71 createHTMLDiagnosticConsumer( 72 AnalyzerOpts, C, std::string(llvm::sys::path::parent_path(prefix)), PP, 73 CTU); 74 createPlistMultiFileDiagnosticConsumer(AnalyzerOpts, C, prefix, PP, CTU); 75 } 76 77 void ento::createTextPathDiagnosticConsumer( 78 AnalyzerOptions &AnalyzerOpts, PathDiagnosticConsumers &C, 79 const std::string &Prefix, const clang::Preprocessor &PP, 80 const cross_tu::CrossTranslationUnitContext &CTU) { 81 llvm_unreachable("'text' consumer should be enabled on ClangDiags"); 82 } 83 84 namespace { 85 class ClangDiagPathDiagConsumer : public PathDiagnosticConsumer { 86 DiagnosticsEngine &Diag; 87 bool IncludePath = false, ShouldEmitAsError = false, FixitsAsRemarks = false; 88 89 public: 90 ClangDiagPathDiagConsumer(DiagnosticsEngine &Diag) 91 : Diag(Diag) {} 92 ~ClangDiagPathDiagConsumer() override {} 93 StringRef getName() const override { return "ClangDiags"; } 94 95 bool supportsLogicalOpControlFlow() const override { return true; } 96 bool supportsCrossFileDiagnostics() const override { return true; } 97 98 PathGenerationScheme getGenerationScheme() const override { 99 return IncludePath ? Minimal : None; 100 } 101 102 void enablePaths() { IncludePath = true; } 103 void enableWerror() { ShouldEmitAsError = true; } 104 void enableFixitsAsRemarks() { FixitsAsRemarks = true; } 105 106 void FlushDiagnosticsImpl(std::vector<const PathDiagnostic *> &Diags, 107 FilesMade *filesMade) override { 108 unsigned WarnID = 109 ShouldEmitAsError 110 ? Diag.getCustomDiagID(DiagnosticsEngine::Error, "%0") 111 : Diag.getCustomDiagID(DiagnosticsEngine::Warning, "%0"); 112 unsigned NoteID = Diag.getCustomDiagID(DiagnosticsEngine::Note, "%0"); 113 unsigned RemarkID = Diag.getCustomDiagID(DiagnosticsEngine::Remark, "%0"); 114 115 auto reportPiece = 116 [&](unsigned ID, SourceLocation Loc, StringRef String, 117 ArrayRef<SourceRange> Ranges, ArrayRef<FixItHint> Fixits) { 118 if (!FixitsAsRemarks) { 119 Diag.Report(Loc, ID) << String << Ranges << Fixits; 120 } else { 121 Diag.Report(Loc, ID) << String << Ranges; 122 for (const FixItHint &Hint : Fixits) { 123 SourceManager &SM = Diag.getSourceManager(); 124 llvm::SmallString<128> Str; 125 llvm::raw_svector_ostream OS(Str); 126 // FIXME: Add support for InsertFromRange and 127 // BeforePreviousInsertion. 128 assert(!Hint.InsertFromRange.isValid() && "Not implemented yet!"); 129 assert(!Hint.BeforePreviousInsertions && "Not implemented yet!"); 130 OS << SM.getSpellingColumnNumber(Hint.RemoveRange.getBegin()) 131 << "-" << SM.getSpellingColumnNumber(Hint.RemoveRange.getEnd()) 132 << ": '" << Hint.CodeToInsert << "'"; 133 Diag.Report(Loc, RemarkID) << OS.str(); 134 } 135 } 136 }; 137 138 for (std::vector<const PathDiagnostic *>::iterator I = Diags.begin(), 139 E = Diags.end(); 140 I != E; ++I) { 141 const PathDiagnostic *PD = *I; 142 reportPiece(WarnID, PD->getLocation().asLocation(), 143 PD->getShortDescription(), PD->path.back()->getRanges(), 144 PD->path.back()->getFixits()); 145 146 // First, add extra notes, even if paths should not be included. 147 for (const auto &Piece : PD->path) { 148 if (!isa<PathDiagnosticNotePiece>(Piece.get())) 149 continue; 150 151 reportPiece(NoteID, Piece->getLocation().asLocation(), 152 Piece->getString(), Piece->getRanges(), Piece->getFixits()); 153 } 154 155 if (!IncludePath) 156 continue; 157 158 // Then, add the path notes if necessary. 159 PathPieces FlatPath = PD->path.flatten(/*ShouldFlattenMacros=*/true); 160 for (const auto &Piece : FlatPath) { 161 if (isa<PathDiagnosticNotePiece>(Piece.get())) 162 continue; 163 164 reportPiece(NoteID, Piece->getLocation().asLocation(), 165 Piece->getString(), Piece->getRanges(), Piece->getFixits()); 166 } 167 } 168 } 169 }; 170 } // end anonymous namespace 171 172 //===----------------------------------------------------------------------===// 173 // AnalysisConsumer declaration. 174 //===----------------------------------------------------------------------===// 175 176 namespace { 177 178 class AnalysisConsumer : public AnalysisASTConsumer, 179 public RecursiveASTVisitor<AnalysisConsumer> { 180 enum { 181 AM_None = 0, 182 AM_Syntax = 0x1, 183 AM_Path = 0x2 184 }; 185 typedef unsigned AnalysisMode; 186 187 /// Mode of the analyzes while recursively visiting Decls. 188 AnalysisMode RecVisitorMode; 189 /// Bug Reporter to use while recursively visiting Decls. 190 BugReporter *RecVisitorBR; 191 192 std::vector<std::function<void(CheckerRegistry &)>> CheckerRegistrationFns; 193 194 public: 195 ASTContext *Ctx; 196 Preprocessor &PP; 197 const std::string OutDir; 198 AnalyzerOptionsRef Opts; 199 ArrayRef<std::string> Plugins; 200 CodeInjector *Injector; 201 cross_tu::CrossTranslationUnitContext CTU; 202 203 /// Stores the declarations from the local translation unit. 204 /// Note, we pre-compute the local declarations at parse time as an 205 /// optimization to make sure we do not deserialize everything from disk. 206 /// The local declaration to all declarations ratio might be very small when 207 /// working with a PCH file. 208 SetOfDecls LocalTUDecls; 209 210 // Set of PathDiagnosticConsumers. Owned by AnalysisManager. 211 PathDiagnosticConsumers PathConsumers; 212 213 StoreManagerCreator CreateStoreMgr; 214 ConstraintManagerCreator CreateConstraintMgr; 215 216 std::unique_ptr<CheckerManager> checkerMgr; 217 std::unique_ptr<AnalysisManager> Mgr; 218 219 /// Time the analyzes time of each translation unit. 220 std::unique_ptr<llvm::TimerGroup> AnalyzerTimers; 221 std::unique_ptr<llvm::Timer> SyntaxCheckTimer; 222 std::unique_ptr<llvm::Timer> ExprEngineTimer; 223 std::unique_ptr<llvm::Timer> BugReporterTimer; 224 225 /// The information about analyzed functions shared throughout the 226 /// translation unit. 227 FunctionSummariesTy FunctionSummaries; 228 229 AnalysisConsumer(CompilerInstance &CI, const std::string &outdir, 230 AnalyzerOptionsRef opts, ArrayRef<std::string> plugins, 231 CodeInjector *injector) 232 : RecVisitorMode(0), RecVisitorBR(nullptr), Ctx(nullptr), 233 PP(CI.getPreprocessor()), OutDir(outdir), Opts(std::move(opts)), 234 Plugins(plugins), Injector(injector), CTU(CI) { 235 DigestAnalyzerOptions(); 236 if (Opts->PrintStats || Opts->ShouldSerializeStats) { 237 AnalyzerTimers = std::make_unique<llvm::TimerGroup>( 238 "analyzer", "Analyzer timers"); 239 SyntaxCheckTimer = std::make_unique<llvm::Timer>( 240 "syntaxchecks", "Syntax-based analysis time", *AnalyzerTimers); 241 ExprEngineTimer = std::make_unique<llvm::Timer>( 242 "exprengine", "Path exploration time", *AnalyzerTimers); 243 BugReporterTimer = std::make_unique<llvm::Timer>( 244 "bugreporter", "Path-sensitive report post-processing time", 245 *AnalyzerTimers); 246 llvm::EnableStatistics(/* PrintOnExit= */ false); 247 } 248 } 249 250 ~AnalysisConsumer() override { 251 if (Opts->PrintStats) { 252 llvm::PrintStatistics(); 253 } 254 } 255 256 void DigestAnalyzerOptions() { 257 if (Opts->AnalysisDiagOpt != PD_NONE) { 258 // Create the PathDiagnosticConsumer. 259 ClangDiagPathDiagConsumer *clangDiags = 260 new ClangDiagPathDiagConsumer(PP.getDiagnostics()); 261 PathConsumers.push_back(clangDiags); 262 263 if (Opts->AnalyzerWerror) 264 clangDiags->enableWerror(); 265 266 if (Opts->ShouldEmitFixItHintsAsRemarks) 267 clangDiags->enableFixitsAsRemarks(); 268 269 if (Opts->AnalysisDiagOpt == PD_TEXT) { 270 clangDiags->enablePaths(); 271 272 } else if (!OutDir.empty()) { 273 switch (Opts->AnalysisDiagOpt) { 274 default: 275 #define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN) \ 276 case PD_##NAME: \ 277 CREATEFN(*Opts.get(), PathConsumers, OutDir, PP, CTU); \ 278 break; 279 #include "clang/StaticAnalyzer/Core/Analyses.def" 280 } 281 } 282 } 283 284 // Create the analyzer component creators. 285 switch (Opts->AnalysisStoreOpt) { 286 default: 287 llvm_unreachable("Unknown store manager."); 288 #define ANALYSIS_STORE(NAME, CMDFLAG, DESC, CREATEFN) \ 289 case NAME##Model: CreateStoreMgr = CREATEFN; break; 290 #include "clang/StaticAnalyzer/Core/Analyses.def" 291 } 292 293 switch (Opts->AnalysisConstraintsOpt) { 294 default: 295 llvm_unreachable("Unknown constraint manager."); 296 #define ANALYSIS_CONSTRAINTS(NAME, CMDFLAG, DESC, CREATEFN) \ 297 case NAME##Model: CreateConstraintMgr = CREATEFN; break; 298 #include "clang/StaticAnalyzer/Core/Analyses.def" 299 } 300 } 301 302 void DisplayFunction(const Decl *D, AnalysisMode Mode, 303 ExprEngine::InliningModes IMode) { 304 if (!Opts->AnalyzerDisplayProgress) 305 return; 306 307 SourceManager &SM = Mgr->getASTContext().getSourceManager(); 308 PresumedLoc Loc = SM.getPresumedLoc(D->getLocation()); 309 if (Loc.isValid()) { 310 llvm::errs() << "ANALYZE"; 311 312 if (Mode == AM_Syntax) 313 llvm::errs() << " (Syntax)"; 314 else if (Mode == AM_Path) { 315 llvm::errs() << " (Path, "; 316 switch (IMode) { 317 case ExprEngine::Inline_Minimal: 318 llvm::errs() << " Inline_Minimal"; 319 break; 320 case ExprEngine::Inline_Regular: 321 llvm::errs() << " Inline_Regular"; 322 break; 323 } 324 llvm::errs() << ")"; 325 } 326 else 327 assert(Mode == (AM_Syntax | AM_Path) && "Unexpected mode!"); 328 329 llvm::errs() << ": " << Loc.getFilename() << ' ' 330 << getFunctionName(D) << '\n'; 331 } 332 } 333 334 void Initialize(ASTContext &Context) override { 335 Ctx = &Context; 336 checkerMgr = createCheckerManager( 337 *Ctx, *Opts, Plugins, CheckerRegistrationFns, PP.getDiagnostics()); 338 339 Mgr = std::make_unique<AnalysisManager>(*Ctx, PP, PathConsumers, 340 CreateStoreMgr, CreateConstraintMgr, 341 checkerMgr.get(), *Opts, Injector); 342 } 343 344 /// Store the top level decls in the set to be processed later on. 345 /// (Doing this pre-processing avoids deserialization of data from PCH.) 346 bool HandleTopLevelDecl(DeclGroupRef D) override; 347 void HandleTopLevelDeclInObjCContainer(DeclGroupRef D) override; 348 349 void HandleTranslationUnit(ASTContext &C) override; 350 351 /// Determine which inlining mode should be used when this function is 352 /// analyzed. This allows to redefine the default inlining policies when 353 /// analyzing a given function. 354 ExprEngine::InliningModes 355 getInliningModeForFunction(const Decl *D, const SetOfConstDecls &Visited); 356 357 /// Build the call graph for all the top level decls of this TU and 358 /// use it to define the order in which the functions should be visited. 359 void HandleDeclsCallGraph(const unsigned LocalTUDeclsSize); 360 361 /// Run analyzes(syntax or path sensitive) on the given function. 362 /// \param Mode - determines if we are requesting syntax only or path 363 /// sensitive only analysis. 364 /// \param VisitedCallees - The output parameter, which is populated with the 365 /// set of functions which should be considered analyzed after analyzing the 366 /// given root function. 367 void HandleCode(Decl *D, AnalysisMode Mode, 368 ExprEngine::InliningModes IMode = ExprEngine::Inline_Minimal, 369 SetOfConstDecls *VisitedCallees = nullptr); 370 371 void RunPathSensitiveChecks(Decl *D, 372 ExprEngine::InliningModes IMode, 373 SetOfConstDecls *VisitedCallees); 374 375 /// Visitors for the RecursiveASTVisitor. 376 bool shouldWalkTypesOfTypeLocs() const { return false; } 377 378 /// Handle callbacks for arbitrary Decls. 379 bool VisitDecl(Decl *D) { 380 AnalysisMode Mode = getModeForDecl(D, RecVisitorMode); 381 if (Mode & AM_Syntax) { 382 if (SyntaxCheckTimer) 383 SyntaxCheckTimer->startTimer(); 384 checkerMgr->runCheckersOnASTDecl(D, *Mgr, *RecVisitorBR); 385 if (SyntaxCheckTimer) 386 SyntaxCheckTimer->stopTimer(); 387 } 388 return true; 389 } 390 391 bool VisitVarDecl(VarDecl *VD) { 392 if (!Opts->IsNaiveCTUEnabled) 393 return true; 394 395 if (VD->hasExternalStorage() || VD->isStaticDataMember()) { 396 if (!cross_tu::containsConst(VD, *Ctx)) 397 return true; 398 } else { 399 // Cannot be initialized in another TU. 400 return true; 401 } 402 403 if (VD->getAnyInitializer()) 404 return true; 405 406 llvm::Expected<const VarDecl *> CTUDeclOrError = 407 CTU.getCrossTUDefinition(VD, Opts->CTUDir, Opts->CTUIndexName, 408 Opts->DisplayCTUProgress); 409 410 if (!CTUDeclOrError) { 411 handleAllErrors(CTUDeclOrError.takeError(), 412 [&](const cross_tu::IndexError &IE) { 413 CTU.emitCrossTUDiagnostics(IE); 414 }); 415 } 416 417 return true; 418 } 419 420 bool VisitFunctionDecl(FunctionDecl *FD) { 421 IdentifierInfo *II = FD->getIdentifier(); 422 if (II && II->getName().startswith("__inline")) 423 return true; 424 425 // We skip function template definitions, as their semantics is 426 // only determined when they are instantiated. 427 if (FD->isThisDeclarationADefinition() && 428 !FD->isDependentContext()) { 429 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 430 HandleCode(FD, RecVisitorMode); 431 } 432 return true; 433 } 434 435 bool VisitObjCMethodDecl(ObjCMethodDecl *MD) { 436 if (MD->isThisDeclarationADefinition()) { 437 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 438 HandleCode(MD, RecVisitorMode); 439 } 440 return true; 441 } 442 443 bool VisitBlockDecl(BlockDecl *BD) { 444 if (BD->hasBody()) { 445 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 446 // Since we skip function template definitions, we should skip blocks 447 // declared in those functions as well. 448 if (!BD->isDependentContext()) { 449 HandleCode(BD, RecVisitorMode); 450 } 451 } 452 return true; 453 } 454 455 void AddDiagnosticConsumer(PathDiagnosticConsumer *Consumer) override { 456 PathConsumers.push_back(Consumer); 457 } 458 459 void AddCheckerRegistrationFn(std::function<void(CheckerRegistry&)> Fn) override { 460 CheckerRegistrationFns.push_back(std::move(Fn)); 461 } 462 463 private: 464 void storeTopLevelDecls(DeclGroupRef DG); 465 std::string getFunctionName(const Decl *D); 466 467 /// Check if we should skip (not analyze) the given function. 468 AnalysisMode getModeForDecl(Decl *D, AnalysisMode Mode); 469 void runAnalysisOnTranslationUnit(ASTContext &C); 470 471 /// Print \p S to stderr if \c Opts->AnalyzerDisplayProgress is set. 472 void reportAnalyzerProgress(StringRef S); 473 }; 474 } // end anonymous namespace 475 476 477 //===----------------------------------------------------------------------===// 478 // AnalysisConsumer implementation. 479 //===----------------------------------------------------------------------===// 480 bool AnalysisConsumer::HandleTopLevelDecl(DeclGroupRef DG) { 481 storeTopLevelDecls(DG); 482 return true; 483 } 484 485 void AnalysisConsumer::HandleTopLevelDeclInObjCContainer(DeclGroupRef DG) { 486 storeTopLevelDecls(DG); 487 } 488 489 void AnalysisConsumer::storeTopLevelDecls(DeclGroupRef DG) { 490 for (DeclGroupRef::iterator I = DG.begin(), E = DG.end(); I != E; ++I) { 491 492 // Skip ObjCMethodDecl, wait for the objc container to avoid 493 // analyzing twice. 494 if (isa<ObjCMethodDecl>(*I)) 495 continue; 496 497 LocalTUDecls.push_back(*I); 498 } 499 } 500 501 static bool shouldSkipFunction(const Decl *D, 502 const SetOfConstDecls &Visited, 503 const SetOfConstDecls &VisitedAsTopLevel) { 504 if (VisitedAsTopLevel.count(D)) 505 return true; 506 507 // We want to re-analyse the functions as top level in the following cases: 508 // - The 'init' methods should be reanalyzed because 509 // ObjCNonNilReturnValueChecker assumes that '[super init]' never returns 510 // 'nil' and unless we analyze the 'init' functions as top level, we will 511 // not catch errors within defensive code. 512 // - We want to reanalyze all ObjC methods as top level to report Retain 513 // Count naming convention errors more aggressively. 514 if (isa<ObjCMethodDecl>(D)) 515 return false; 516 // We also want to reanalyze all C++ copy and move assignment operators to 517 // separately check the two cases where 'this' aliases with the parameter and 518 // where it may not. (cplusplus.SelfAssignmentChecker) 519 if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) { 520 if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator()) 521 return false; 522 } 523 524 // Otherwise, if we visited the function before, do not reanalyze it. 525 return Visited.count(D); 526 } 527 528 ExprEngine::InliningModes 529 AnalysisConsumer::getInliningModeForFunction(const Decl *D, 530 const SetOfConstDecls &Visited) { 531 // We want to reanalyze all ObjC methods as top level to report Retain 532 // Count naming convention errors more aggressively. But we should tune down 533 // inlining when reanalyzing an already inlined function. 534 if (Visited.count(D) && isa<ObjCMethodDecl>(D)) { 535 const ObjCMethodDecl *ObjCM = cast<ObjCMethodDecl>(D); 536 if (ObjCM->getMethodFamily() != OMF_init) 537 return ExprEngine::Inline_Minimal; 538 } 539 540 return ExprEngine::Inline_Regular; 541 } 542 543 void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { 544 // Build the Call Graph by adding all the top level declarations to the graph. 545 // Note: CallGraph can trigger deserialization of more items from a pch 546 // (though HandleInterestingDecl); triggering additions to LocalTUDecls. 547 // We rely on random access to add the initially processed Decls to CG. 548 CallGraph CG; 549 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 550 CG.addToCallGraph(LocalTUDecls[i]); 551 } 552 553 // Walk over all of the call graph nodes in topological order, so that we 554 // analyze parents before the children. Skip the functions inlined into 555 // the previously processed functions. Use external Visited set to identify 556 // inlined functions. The topological order allows the "do not reanalyze 557 // previously inlined function" performance heuristic to be triggered more 558 // often. 559 SetOfConstDecls Visited; 560 SetOfConstDecls VisitedAsTopLevel; 561 llvm::ReversePostOrderTraversal<clang::CallGraph*> RPOT(&CG); 562 for (llvm::ReversePostOrderTraversal<clang::CallGraph*>::rpo_iterator 563 I = RPOT.begin(), E = RPOT.end(); I != E; ++I) { 564 NumFunctionTopLevel++; 565 566 CallGraphNode *N = *I; 567 Decl *D = N->getDecl(); 568 569 // Skip the abstract root node. 570 if (!D) 571 continue; 572 573 // Skip the functions which have been processed already or previously 574 // inlined. 575 if (shouldSkipFunction(D, Visited, VisitedAsTopLevel)) 576 continue; 577 578 // Analyze the function. 579 SetOfConstDecls VisitedCallees; 580 581 HandleCode(D, AM_Path, getInliningModeForFunction(D, Visited), 582 (Mgr->options.InliningMode == All ? nullptr : &VisitedCallees)); 583 584 // Add the visited callees to the global visited set. 585 for (const Decl *Callee : VisitedCallees) 586 // Decls from CallGraph are already canonical. But Decls coming from 587 // CallExprs may be not. We should canonicalize them manually. 588 Visited.insert(isa<ObjCMethodDecl>(Callee) ? Callee 589 : Callee->getCanonicalDecl()); 590 VisitedAsTopLevel.insert(D); 591 } 592 } 593 594 static bool isBisonFile(ASTContext &C) { 595 const SourceManager &SM = C.getSourceManager(); 596 FileID FID = SM.getMainFileID(); 597 StringRef Buffer = SM.getBuffer(FID)->getBuffer(); 598 if (Buffer.startswith("/* A Bison parser, made by")) 599 return true; 600 return false; 601 } 602 603 void AnalysisConsumer::runAnalysisOnTranslationUnit(ASTContext &C) { 604 BugReporter BR(*Mgr); 605 TranslationUnitDecl *TU = C.getTranslationUnitDecl(); 606 if (SyntaxCheckTimer) 607 SyntaxCheckTimer->startTimer(); 608 checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR); 609 if (SyntaxCheckTimer) 610 SyntaxCheckTimer->stopTimer(); 611 612 // Run the AST-only checks using the order in which functions are defined. 613 // If inlining is not turned on, use the simplest function order for path 614 // sensitive analyzes as well. 615 RecVisitorMode = AM_Syntax; 616 if (!Mgr->shouldInlineCall()) 617 RecVisitorMode |= AM_Path; 618 RecVisitorBR = &BR; 619 620 // Process all the top level declarations. 621 // 622 // Note: TraverseDecl may modify LocalTUDecls, but only by appending more 623 // entries. Thus we don't use an iterator, but rely on LocalTUDecls 624 // random access. By doing so, we automatically compensate for iterators 625 // possibly being invalidated, although this is a bit slower. 626 const unsigned LocalTUDeclsSize = LocalTUDecls.size(); 627 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 628 TraverseDecl(LocalTUDecls[i]); 629 } 630 631 if (Mgr->shouldInlineCall()) 632 HandleDeclsCallGraph(LocalTUDeclsSize); 633 634 // After all decls handled, run checkers on the entire TranslationUnit. 635 checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR); 636 637 BR.FlushReports(); 638 RecVisitorBR = nullptr; 639 } 640 641 void AnalysisConsumer::reportAnalyzerProgress(StringRef S) { 642 if (Opts->AnalyzerDisplayProgress) 643 llvm::errs() << S; 644 } 645 646 void AnalysisConsumer::HandleTranslationUnit(ASTContext &C) { 647 648 // Don't run the actions if an error has occurred with parsing the file. 649 DiagnosticsEngine &Diags = PP.getDiagnostics(); 650 if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred()) 651 return; 652 653 if (isBisonFile(C)) { 654 reportAnalyzerProgress("Skipping bison-generated file\n"); 655 } else if (Opts->DisableAllCheckers) { 656 657 // Don't analyze if the user explicitly asked for no checks to be performed 658 // on this file. 659 reportAnalyzerProgress("All checks are disabled using a supplied option\n"); 660 } else { 661 // Otherwise, just run the analysis. 662 runAnalysisOnTranslationUnit(C); 663 } 664 665 // Count how many basic blocks we have not covered. 666 NumBlocksInAnalyzedFunctions = FunctionSummaries.getTotalNumBasicBlocks(); 667 NumVisitedBlocksInAnalyzedFunctions = 668 FunctionSummaries.getTotalNumVisitedBasicBlocks(); 669 if (NumBlocksInAnalyzedFunctions > 0) 670 PercentReachableBlocks = 671 (FunctionSummaries.getTotalNumVisitedBasicBlocks() * 100) / 672 NumBlocksInAnalyzedFunctions; 673 674 // Explicitly destroy the PathDiagnosticConsumer. This will flush its output. 675 // FIXME: This should be replaced with something that doesn't rely on 676 // side-effects in PathDiagnosticConsumer's destructor. This is required when 677 // used with option -disable-free. 678 Mgr.reset(); 679 } 680 681 std::string AnalysisConsumer::getFunctionName(const Decl *D) { 682 std::string Str; 683 llvm::raw_string_ostream OS(Str); 684 685 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 686 OS << FD->getQualifiedNameAsString(); 687 688 // In C++, there are overloads. 689 if (Ctx->getLangOpts().CPlusPlus) { 690 OS << '('; 691 for (const auto &P : FD->parameters()) { 692 if (P != *FD->param_begin()) 693 OS << ", "; 694 OS << P->getType().getAsString(); 695 } 696 OS << ')'; 697 } 698 699 } else if (isa<BlockDecl>(D)) { 700 PresumedLoc Loc = Ctx->getSourceManager().getPresumedLoc(D->getLocation()); 701 702 if (Loc.isValid()) { 703 OS << "block (line: " << Loc.getLine() << ", col: " << Loc.getColumn() 704 << ')'; 705 } 706 707 } else if (const ObjCMethodDecl *OMD = dyn_cast<ObjCMethodDecl>(D)) { 708 709 // FIXME: copy-pasted from CGDebugInfo.cpp. 710 OS << (OMD->isInstanceMethod() ? '-' : '+') << '['; 711 const DeclContext *DC = OMD->getDeclContext(); 712 if (const auto *OID = dyn_cast<ObjCImplementationDecl>(DC)) { 713 OS << OID->getName(); 714 } else if (const auto *OID = dyn_cast<ObjCInterfaceDecl>(DC)) { 715 OS << OID->getName(); 716 } else if (const auto *OC = dyn_cast<ObjCCategoryDecl>(DC)) { 717 if (OC->IsClassExtension()) { 718 OS << OC->getClassInterface()->getName(); 719 } else { 720 OS << OC->getIdentifier()->getNameStart() << '(' 721 << OC->getIdentifier()->getNameStart() << ')'; 722 } 723 } else if (const auto *OCD = dyn_cast<ObjCCategoryImplDecl>(DC)) { 724 OS << OCD->getClassInterface()->getName() << '(' 725 << OCD->getName() << ')'; 726 } 727 OS << ' ' << OMD->getSelector().getAsString() << ']'; 728 729 } 730 731 return OS.str(); 732 } 733 734 AnalysisConsumer::AnalysisMode 735 AnalysisConsumer::getModeForDecl(Decl *D, AnalysisMode Mode) { 736 if (!Opts->AnalyzeSpecificFunction.empty() && 737 getFunctionName(D) != Opts->AnalyzeSpecificFunction) 738 return AM_None; 739 740 // Unless -analyze-all is specified, treat decls differently depending on 741 // where they came from: 742 // - Main source file: run both path-sensitive and non-path-sensitive checks. 743 // - Header files: run non-path-sensitive checks only. 744 // - System headers: don't run any checks. 745 SourceManager &SM = Ctx->getSourceManager(); 746 const Stmt *Body = D->getBody(); 747 SourceLocation SL = Body ? Body->getBeginLoc() : D->getLocation(); 748 SL = SM.getExpansionLoc(SL); 749 750 if (!Opts->AnalyzeAll && !Mgr->isInCodeFile(SL)) { 751 if (SL.isInvalid() || SM.isInSystemHeader(SL)) 752 return AM_None; 753 return Mode & ~AM_Path; 754 } 755 756 return Mode; 757 } 758 759 void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode, 760 ExprEngine::InliningModes IMode, 761 SetOfConstDecls *VisitedCallees) { 762 if (!D->hasBody()) 763 return; 764 Mode = getModeForDecl(D, Mode); 765 if (Mode == AM_None) 766 return; 767 768 // Clear the AnalysisManager of old AnalysisDeclContexts. 769 Mgr->ClearContexts(); 770 // Ignore autosynthesized code. 771 if (Mgr->getAnalysisDeclContext(D)->isBodyAutosynthesized()) 772 return; 773 774 DisplayFunction(D, Mode, IMode); 775 CFG *DeclCFG = Mgr->getCFG(D); 776 if (DeclCFG) 777 MaxCFGSize.updateMax(DeclCFG->size()); 778 779 BugReporter BR(*Mgr); 780 781 if (Mode & AM_Syntax) { 782 if (SyntaxCheckTimer) 783 SyntaxCheckTimer->startTimer(); 784 checkerMgr->runCheckersOnASTBody(D, *Mgr, BR); 785 if (SyntaxCheckTimer) 786 SyntaxCheckTimer->stopTimer(); 787 } 788 789 BR.FlushReports(); 790 791 if ((Mode & AM_Path) && checkerMgr->hasPathSensitiveCheckers()) { 792 RunPathSensitiveChecks(D, IMode, VisitedCallees); 793 if (IMode != ExprEngine::Inline_Minimal) 794 NumFunctionsAnalyzed++; 795 } 796 } 797 798 //===----------------------------------------------------------------------===// 799 // Path-sensitive checking. 800 //===----------------------------------------------------------------------===// 801 802 void AnalysisConsumer::RunPathSensitiveChecks(Decl *D, 803 ExprEngine::InliningModes IMode, 804 SetOfConstDecls *VisitedCallees) { 805 // Construct the analysis engine. First check if the CFG is valid. 806 // FIXME: Inter-procedural analysis will need to handle invalid CFGs. 807 if (!Mgr->getCFG(D)) 808 return; 809 810 // See if the LiveVariables analysis scales. 811 if (!Mgr->getAnalysisDeclContext(D)->getAnalysis<RelaxedLiveVariables>()) 812 return; 813 814 ExprEngine Eng(CTU, *Mgr, VisitedCallees, &FunctionSummaries, IMode); 815 816 // Execute the worklist algorithm. 817 if (ExprEngineTimer) 818 ExprEngineTimer->startTimer(); 819 Eng.ExecuteWorkList(Mgr->getAnalysisDeclContextManager().getStackFrame(D), 820 Mgr->options.MaxNodesPerTopLevelFunction); 821 if (ExprEngineTimer) 822 ExprEngineTimer->stopTimer(); 823 824 if (!Mgr->options.DumpExplodedGraphTo.empty()) 825 Eng.DumpGraph(Mgr->options.TrimGraph, Mgr->options.DumpExplodedGraphTo); 826 827 // Visualize the exploded graph. 828 if (Mgr->options.visualizeExplodedGraphWithGraphViz) 829 Eng.ViewGraph(Mgr->options.TrimGraph); 830 831 // Display warnings. 832 if (BugReporterTimer) 833 BugReporterTimer->startTimer(); 834 Eng.getBugReporter().FlushReports(); 835 if (BugReporterTimer) 836 BugReporterTimer->stopTimer(); 837 } 838 839 //===----------------------------------------------------------------------===// 840 // AnalysisConsumer creation. 841 //===----------------------------------------------------------------------===// 842 843 std::unique_ptr<AnalysisASTConsumer> 844 ento::CreateAnalysisConsumer(CompilerInstance &CI) { 845 // Disable the effects of '-Werror' when using the AnalysisConsumer. 846 CI.getPreprocessor().getDiagnostics().setWarningsAsErrors(false); 847 848 AnalyzerOptionsRef analyzerOpts = CI.getAnalyzerOpts(); 849 bool hasModelPath = analyzerOpts->Config.count("model-path") > 0; 850 851 return std::make_unique<AnalysisConsumer>( 852 CI, CI.getFrontendOpts().OutputFile, analyzerOpts, 853 CI.getFrontendOpts().Plugins, 854 hasModelPath ? new ModelInjector(CI) : nullptr); 855 } 856