1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file defines analysis_warnings::[Policy,Executor]. 11 // Together they are used by Sema to issue warnings based on inexpensive 12 // static analysis algorithms in libAnalysis. 13 // 14 //===----------------------------------------------------------------------===// 15 16 #include "clang/Sema/AnalysisBasedWarnings.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclObjC.h" 19 #include "clang/AST/EvaluatedExprVisitor.h" 20 #include "clang/AST/ExprCXX.h" 21 #include "clang/AST/ExprObjC.h" 22 #include "clang/AST/ParentMap.h" 23 #include "clang/AST/RecursiveASTVisitor.h" 24 #include "clang/AST/StmtCXX.h" 25 #include "clang/AST/StmtObjC.h" 26 #include "clang/AST/StmtVisitor.h" 27 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h" 28 #include "clang/Analysis/Analyses/Consumed.h" 29 #include "clang/Analysis/Analyses/ReachableCode.h" 30 #include "clang/Analysis/Analyses/ThreadSafety.h" 31 #include "clang/Analysis/Analyses/UninitializedValues.h" 32 #include "clang/Analysis/AnalysisContext.h" 33 #include "clang/Analysis/CFG.h" 34 #include "clang/Analysis/CFGStmtMap.h" 35 #include "clang/Basic/SourceLocation.h" 36 #include "clang/Basic/SourceManager.h" 37 #include "clang/Lex/Preprocessor.h" 38 #include "clang/Sema/ScopeInfo.h" 39 #include "clang/Sema/SemaInternal.h" 40 #include "llvm/ADT/ArrayRef.h" 41 #include "llvm/ADT/BitVector.h" 42 #include "llvm/ADT/FoldingSet.h" 43 #include "llvm/ADT/ImmutableMap.h" 44 #include "llvm/ADT/MapVector.h" 45 #include "llvm/ADT/PostOrderIterator.h" 46 #include "llvm/ADT/SmallString.h" 47 #include "llvm/ADT/SmallVector.h" 48 #include "llvm/ADT/StringRef.h" 49 #include "llvm/Support/Casting.h" 50 #include <algorithm> 51 #include <deque> 52 #include <iterator> 53 #include <vector> 54 55 using namespace clang; 56 57 //===----------------------------------------------------------------------===// 58 // Unreachable code analysis. 59 //===----------------------------------------------------------------------===// 60 61 namespace { 62 class UnreachableCodeHandler : public reachable_code::Callback { 63 Sema &S; 64 public: 65 UnreachableCodeHandler(Sema &s) : S(s) {} 66 67 void HandleUnreachable(reachable_code::UnreachableKind UK, 68 SourceLocation L, 69 SourceRange SilenceableCondVal, 70 SourceRange R1, 71 SourceRange R2) override { 72 unsigned diag = diag::warn_unreachable; 73 switch (UK) { 74 case reachable_code::UK_Break: 75 diag = diag::warn_unreachable_break; 76 break; 77 case reachable_code::UK_Return: 78 diag = diag::warn_unreachable_return; 79 break; 80 case reachable_code::UK_Loop_Increment: 81 diag = diag::warn_unreachable_loop_increment; 82 break; 83 case reachable_code::UK_Other: 84 break; 85 } 86 87 S.Diag(L, diag) << R1 << R2; 88 89 SourceLocation Open = SilenceableCondVal.getBegin(); 90 if (Open.isValid()) { 91 SourceLocation Close = SilenceableCondVal.getEnd(); 92 Close = S.getLocForEndOfToken(Close); 93 if (Close.isValid()) { 94 S.Diag(Open, diag::note_unreachable_silence) 95 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (") 96 << FixItHint::CreateInsertion(Close, ")"); 97 } 98 } 99 } 100 }; 101 } // anonymous namespace 102 103 /// CheckUnreachable - Check for unreachable code. 104 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) { 105 // As a heuristic prune all diagnostics not in the main file. Currently 106 // the majority of warnings in headers are false positives. These 107 // are largely caused by configuration state, e.g. preprocessor 108 // defined code, etc. 109 // 110 // Note that this is also a performance optimization. Analyzing 111 // headers many times can be expensive. 112 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getLocStart())) 113 return; 114 115 UnreachableCodeHandler UC(S); 116 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC); 117 } 118 119 namespace { 120 /// \brief Warn on logical operator errors in CFGBuilder 121 class LogicalErrorHandler : public CFGCallback { 122 Sema &S; 123 124 public: 125 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {} 126 127 static bool HasMacroID(const Expr *E) { 128 if (E->getExprLoc().isMacroID()) 129 return true; 130 131 // Recurse to children. 132 for (const Stmt *SubStmt : E->children()) 133 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt)) 134 if (HasMacroID(SubExpr)) 135 return true; 136 137 return false; 138 } 139 140 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override { 141 if (HasMacroID(B)) 142 return; 143 144 SourceRange DiagRange = B->getSourceRange(); 145 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison) 146 << DiagRange << isAlwaysTrue; 147 } 148 149 void compareBitwiseEquality(const BinaryOperator *B, 150 bool isAlwaysTrue) override { 151 if (HasMacroID(B)) 152 return; 153 154 SourceRange DiagRange = B->getSourceRange(); 155 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always) 156 << DiagRange << isAlwaysTrue; 157 } 158 }; 159 } // anonymous namespace 160 161 //===----------------------------------------------------------------------===// 162 // Check for infinite self-recursion in functions 163 //===----------------------------------------------------------------------===// 164 165 // Returns true if the function is called anywhere within the CFGBlock. 166 // For member functions, the additional condition of being call from the 167 // this pointer is required. 168 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) { 169 // Process all the Stmt's in this block to find any calls to FD. 170 for (const auto &B : Block) { 171 if (B.getKind() != CFGElement::Statement) 172 continue; 173 174 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt()); 175 if (!CE || !CE->getCalleeDecl() || 176 CE->getCalleeDecl()->getCanonicalDecl() != FD) 177 continue; 178 179 // Skip function calls which are qualified with a templated class. 180 if (const DeclRefExpr *DRE = 181 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) { 182 if (NestedNameSpecifier *NNS = DRE->getQualifier()) { 183 if (NNS->getKind() == NestedNameSpecifier::TypeSpec && 184 isa<TemplateSpecializationType>(NNS->getAsType())) { 185 continue; 186 } 187 } 188 } 189 190 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE); 191 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) || 192 !MCE->getMethodDecl()->isVirtual()) 193 return true; 194 } 195 return false; 196 } 197 198 // All blocks are in one of three states. States are ordered so that blocks 199 // can only move to higher states. 200 enum RecursiveState { 201 FoundNoPath, 202 FoundPath, 203 FoundPathWithNoRecursiveCall 204 }; 205 206 // Returns true if there exists a path to the exit block and every path 207 // to the exit block passes through a call to FD. 208 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) { 209 210 const unsigned ExitID = cfg->getExit().getBlockID(); 211 212 // Mark all nodes as FoundNoPath, then set the status of the entry block. 213 SmallVector<RecursiveState, 16> States(cfg->getNumBlockIDs(), FoundNoPath); 214 States[cfg->getEntry().getBlockID()] = FoundPathWithNoRecursiveCall; 215 216 // Make the processing stack and seed it with the entry block. 217 SmallVector<CFGBlock *, 16> Stack; 218 Stack.push_back(&cfg->getEntry()); 219 220 while (!Stack.empty()) { 221 CFGBlock *CurBlock = Stack.back(); 222 Stack.pop_back(); 223 224 unsigned ID = CurBlock->getBlockID(); 225 RecursiveState CurState = States[ID]; 226 227 if (CurState == FoundPathWithNoRecursiveCall) { 228 // Found a path to the exit node without a recursive call. 229 if (ExitID == ID) 230 return false; 231 232 // Only change state if the block has a recursive call. 233 if (hasRecursiveCallInPath(FD, *CurBlock)) 234 CurState = FoundPath; 235 } 236 237 // Loop over successor blocks and add them to the Stack if their state 238 // changes. 239 for (auto I = CurBlock->succ_begin(), E = CurBlock->succ_end(); I != E; ++I) 240 if (*I) { 241 unsigned next_ID = (*I)->getBlockID(); 242 if (States[next_ID] < CurState) { 243 States[next_ID] = CurState; 244 Stack.push_back(*I); 245 } 246 } 247 } 248 249 // Return true if the exit node is reachable, and only reachable through 250 // a recursive call. 251 return States[ExitID] == FoundPath; 252 } 253 254 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD, 255 const Stmt *Body, AnalysisDeclContext &AC) { 256 FD = FD->getCanonicalDecl(); 257 258 // Only run on non-templated functions and non-templated members of 259 // templated classes. 260 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate && 261 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization) 262 return; 263 264 CFG *cfg = AC.getCFG(); 265 if (!cfg) return; 266 267 // If the exit block is unreachable, skip processing the function. 268 if (cfg->getExit().pred_empty()) 269 return; 270 271 // Emit diagnostic if a recursive function call is detected for all paths. 272 if (checkForRecursiveFunctionCall(FD, cfg)) 273 S.Diag(Body->getLocStart(), diag::warn_infinite_recursive_function); 274 } 275 276 //===----------------------------------------------------------------------===// 277 // Check for missing return value. 278 //===----------------------------------------------------------------------===// 279 280 enum ControlFlowKind { 281 UnknownFallThrough, 282 NeverFallThrough, 283 MaybeFallThrough, 284 AlwaysFallThrough, 285 NeverFallThroughOrReturn 286 }; 287 288 /// CheckFallThrough - Check that we don't fall off the end of a 289 /// Statement that should return a value. 290 /// 291 /// \returns AlwaysFallThrough iff we always fall off the end of the statement, 292 /// MaybeFallThrough iff we might or might not fall off the end, 293 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or 294 /// return. We assume NeverFallThrough iff we never fall off the end of the 295 /// statement but we may return. We assume that functions not marked noreturn 296 /// will return. 297 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) { 298 CFG *cfg = AC.getCFG(); 299 if (!cfg) return UnknownFallThrough; 300 301 // The CFG leaves in dead things, and we don't want the dead code paths to 302 // confuse us, so we mark all live things first. 303 llvm::BitVector live(cfg->getNumBlockIDs()); 304 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(), 305 live); 306 307 bool AddEHEdges = AC.getAddEHEdges(); 308 if (!AddEHEdges && count != cfg->getNumBlockIDs()) 309 // When there are things remaining dead, and we didn't add EH edges 310 // from CallExprs to the catch clauses, we have to go back and 311 // mark them as live. 312 for (const auto *B : *cfg) { 313 if (!live[B->getBlockID()]) { 314 if (B->pred_begin() == B->pred_end()) { 315 if (B->getTerminator() && isa<CXXTryStmt>(B->getTerminator())) 316 // When not adding EH edges from calls, catch clauses 317 // can otherwise seem dead. Avoid noting them as dead. 318 count += reachable_code::ScanReachableFromBlock(B, live); 319 continue; 320 } 321 } 322 } 323 324 // Now we know what is live, we check the live precessors of the exit block 325 // and look for fall through paths, being careful to ignore normal returns, 326 // and exceptional paths. 327 bool HasLiveReturn = false; 328 bool HasFakeEdge = false; 329 bool HasPlainEdge = false; 330 bool HasAbnormalEdge = false; 331 332 // Ignore default cases that aren't likely to be reachable because all 333 // enums in a switch(X) have explicit case statements. 334 CFGBlock::FilterOptions FO; 335 FO.IgnoreDefaultsWithCoveredEnums = 1; 336 337 for (CFGBlock::filtered_pred_iterator 338 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) { 339 const CFGBlock& B = **I; 340 if (!live[B.getBlockID()]) 341 continue; 342 343 // Skip blocks which contain an element marked as no-return. They don't 344 // represent actually viable edges into the exit block, so mark them as 345 // abnormal. 346 if (B.hasNoReturnElement()) { 347 HasAbnormalEdge = true; 348 continue; 349 } 350 351 // Destructors can appear after the 'return' in the CFG. This is 352 // normal. We need to look pass the destructors for the return 353 // statement (if it exists). 354 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend(); 355 356 for ( ; ri != re ; ++ri) 357 if (ri->getAs<CFGStmt>()) 358 break; 359 360 // No more CFGElements in the block? 361 if (ri == re) { 362 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) { 363 HasAbnormalEdge = true; 364 continue; 365 } 366 // A labeled empty statement, or the entry block... 367 HasPlainEdge = true; 368 continue; 369 } 370 371 CFGStmt CS = ri->castAs<CFGStmt>(); 372 const Stmt *S = CS.getStmt(); 373 if (isa<ReturnStmt>(S)) { 374 HasLiveReturn = true; 375 continue; 376 } 377 if (isa<ObjCAtThrowStmt>(S)) { 378 HasFakeEdge = true; 379 continue; 380 } 381 if (isa<CXXThrowExpr>(S)) { 382 HasFakeEdge = true; 383 continue; 384 } 385 if (isa<MSAsmStmt>(S)) { 386 // TODO: Verify this is correct. 387 HasFakeEdge = true; 388 HasLiveReturn = true; 389 continue; 390 } 391 if (isa<CXXTryStmt>(S)) { 392 HasAbnormalEdge = true; 393 continue; 394 } 395 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit()) 396 == B.succ_end()) { 397 HasAbnormalEdge = true; 398 continue; 399 } 400 401 HasPlainEdge = true; 402 } 403 if (!HasPlainEdge) { 404 if (HasLiveReturn) 405 return NeverFallThrough; 406 return NeverFallThroughOrReturn; 407 } 408 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn) 409 return MaybeFallThrough; 410 // This says AlwaysFallThrough for calls to functions that are not marked 411 // noreturn, that don't return. If people would like this warning to be more 412 // accurate, such functions should be marked as noreturn. 413 return AlwaysFallThrough; 414 } 415 416 namespace { 417 418 struct CheckFallThroughDiagnostics { 419 unsigned diag_MaybeFallThrough_HasNoReturn; 420 unsigned diag_MaybeFallThrough_ReturnsNonVoid; 421 unsigned diag_AlwaysFallThrough_HasNoReturn; 422 unsigned diag_AlwaysFallThrough_ReturnsNonVoid; 423 unsigned diag_NeverFallThroughOrReturn; 424 enum { Function, Block, Lambda } funMode; 425 SourceLocation FuncLoc; 426 427 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) { 428 CheckFallThroughDiagnostics D; 429 D.FuncLoc = Func->getLocation(); 430 D.diag_MaybeFallThrough_HasNoReturn = 431 diag::warn_falloff_noreturn_function; 432 D.diag_MaybeFallThrough_ReturnsNonVoid = 433 diag::warn_maybe_falloff_nonvoid_function; 434 D.diag_AlwaysFallThrough_HasNoReturn = 435 diag::warn_falloff_noreturn_function; 436 D.diag_AlwaysFallThrough_ReturnsNonVoid = 437 diag::warn_falloff_nonvoid_function; 438 439 // Don't suggest that virtual functions be marked "noreturn", since they 440 // might be overridden by non-noreturn functions. 441 bool isVirtualMethod = false; 442 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func)) 443 isVirtualMethod = Method->isVirtual(); 444 445 // Don't suggest that template instantiations be marked "noreturn" 446 bool isTemplateInstantiation = false; 447 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) 448 isTemplateInstantiation = Function->isTemplateInstantiation(); 449 450 if (!isVirtualMethod && !isTemplateInstantiation) 451 D.diag_NeverFallThroughOrReturn = 452 diag::warn_suggest_noreturn_function; 453 else 454 D.diag_NeverFallThroughOrReturn = 0; 455 456 D.funMode = Function; 457 return D; 458 } 459 460 static CheckFallThroughDiagnostics MakeForBlock() { 461 CheckFallThroughDiagnostics D; 462 D.diag_MaybeFallThrough_HasNoReturn = 463 diag::err_noreturn_block_has_return_expr; 464 D.diag_MaybeFallThrough_ReturnsNonVoid = 465 diag::err_maybe_falloff_nonvoid_block; 466 D.diag_AlwaysFallThrough_HasNoReturn = 467 diag::err_noreturn_block_has_return_expr; 468 D.diag_AlwaysFallThrough_ReturnsNonVoid = 469 diag::err_falloff_nonvoid_block; 470 D.diag_NeverFallThroughOrReturn = 0; 471 D.funMode = Block; 472 return D; 473 } 474 475 static CheckFallThroughDiagnostics MakeForLambda() { 476 CheckFallThroughDiagnostics D; 477 D.diag_MaybeFallThrough_HasNoReturn = 478 diag::err_noreturn_lambda_has_return_expr; 479 D.diag_MaybeFallThrough_ReturnsNonVoid = 480 diag::warn_maybe_falloff_nonvoid_lambda; 481 D.diag_AlwaysFallThrough_HasNoReturn = 482 diag::err_noreturn_lambda_has_return_expr; 483 D.diag_AlwaysFallThrough_ReturnsNonVoid = 484 diag::warn_falloff_nonvoid_lambda; 485 D.diag_NeverFallThroughOrReturn = 0; 486 D.funMode = Lambda; 487 return D; 488 } 489 490 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid, 491 bool HasNoReturn) const { 492 if (funMode == Function) { 493 return (ReturnsVoid || 494 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function, 495 FuncLoc)) && 496 (!HasNoReturn || 497 D.isIgnored(diag::warn_noreturn_function_has_return_expr, 498 FuncLoc)) && 499 (!ReturnsVoid || 500 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc)); 501 } 502 503 // For blocks / lambdas. 504 return ReturnsVoid && !HasNoReturn; 505 } 506 }; 507 508 } // anonymous namespace 509 510 /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a 511 /// function that should return a value. Check that we don't fall off the end 512 /// of a noreturn function. We assume that functions and blocks not marked 513 /// noreturn will return. 514 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body, 515 const BlockExpr *blkExpr, 516 const CheckFallThroughDiagnostics& CD, 517 AnalysisDeclContext &AC) { 518 519 bool ReturnsVoid = false; 520 bool HasNoReturn = false; 521 522 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 523 ReturnsVoid = FD->getReturnType()->isVoidType(); 524 HasNoReturn = FD->isNoReturn(); 525 } 526 else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 527 ReturnsVoid = MD->getReturnType()->isVoidType(); 528 HasNoReturn = MD->hasAttr<NoReturnAttr>(); 529 } 530 else if (isa<BlockDecl>(D)) { 531 QualType BlockTy = blkExpr->getType(); 532 if (const FunctionType *FT = 533 BlockTy->getPointeeType()->getAs<FunctionType>()) { 534 if (FT->getReturnType()->isVoidType()) 535 ReturnsVoid = true; 536 if (FT->getNoReturnAttr()) 537 HasNoReturn = true; 538 } 539 } 540 541 DiagnosticsEngine &Diags = S.getDiagnostics(); 542 543 // Short circuit for compilation speed. 544 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn)) 545 return; 546 547 SourceLocation LBrace = Body->getLocStart(), RBrace = Body->getLocEnd(); 548 // Either in a function body compound statement, or a function-try-block. 549 switch (CheckFallThrough(AC)) { 550 case UnknownFallThrough: 551 break; 552 553 case MaybeFallThrough: 554 if (HasNoReturn) 555 S.Diag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn); 556 else if (!ReturnsVoid) 557 S.Diag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid); 558 break; 559 case AlwaysFallThrough: 560 if (HasNoReturn) 561 S.Diag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn); 562 else if (!ReturnsVoid) 563 S.Diag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid); 564 break; 565 case NeverFallThroughOrReturn: 566 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) { 567 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 568 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD; 569 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) { 570 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD; 571 } else { 572 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn); 573 } 574 } 575 break; 576 case NeverFallThrough: 577 break; 578 } 579 } 580 581 //===----------------------------------------------------------------------===// 582 // -Wuninitialized 583 //===----------------------------------------------------------------------===// 584 585 namespace { 586 /// ContainsReference - A visitor class to search for references to 587 /// a particular declaration (the needle) within any evaluated component of an 588 /// expression (recursively). 589 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> { 590 bool FoundReference; 591 const DeclRefExpr *Needle; 592 593 public: 594 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited; 595 596 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle) 597 : Inherited(Context), FoundReference(false), Needle(Needle) {} 598 599 void VisitExpr(const Expr *E) { 600 // Stop evaluating if we already have a reference. 601 if (FoundReference) 602 return; 603 604 Inherited::VisitExpr(E); 605 } 606 607 void VisitDeclRefExpr(const DeclRefExpr *E) { 608 if (E == Needle) 609 FoundReference = true; 610 else 611 Inherited::VisitDeclRefExpr(E); 612 } 613 614 bool doesContainReference() const { return FoundReference; } 615 }; 616 } // anonymous namespace 617 618 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) { 619 QualType VariableTy = VD->getType().getCanonicalType(); 620 if (VariableTy->isBlockPointerType() && 621 !VD->hasAttr<BlocksAttr>()) { 622 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization) 623 << VD->getDeclName() 624 << FixItHint::CreateInsertion(VD->getLocation(), "__block "); 625 return true; 626 } 627 628 // Don't issue a fixit if there is already an initializer. 629 if (VD->getInit()) 630 return false; 631 632 // Don't suggest a fixit inside macros. 633 if (VD->getLocEnd().isMacroID()) 634 return false; 635 636 SourceLocation Loc = S.getLocForEndOfToken(VD->getLocEnd()); 637 638 // Suggest possible initialization (if any). 639 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc); 640 if (Init.empty()) 641 return false; 642 643 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName() 644 << FixItHint::CreateInsertion(Loc, Init); 645 return true; 646 } 647 648 /// Create a fixit to remove an if-like statement, on the assumption that its 649 /// condition is CondVal. 650 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then, 651 const Stmt *Else, bool CondVal, 652 FixItHint &Fixit1, FixItHint &Fixit2) { 653 if (CondVal) { 654 // If condition is always true, remove all but the 'then'. 655 Fixit1 = FixItHint::CreateRemoval( 656 CharSourceRange::getCharRange(If->getLocStart(), 657 Then->getLocStart())); 658 if (Else) { 659 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getLocEnd()); 660 Fixit2 = FixItHint::CreateRemoval( 661 SourceRange(ElseKwLoc, Else->getLocEnd())); 662 } 663 } else { 664 // If condition is always false, remove all but the 'else'. 665 if (Else) 666 Fixit1 = FixItHint::CreateRemoval( 667 CharSourceRange::getCharRange(If->getLocStart(), 668 Else->getLocStart())); 669 else 670 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange()); 671 } 672 } 673 674 /// DiagUninitUse -- Helper function to produce a diagnostic for an 675 /// uninitialized use of a variable. 676 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use, 677 bool IsCapturedByBlock) { 678 bool Diagnosed = false; 679 680 switch (Use.getKind()) { 681 case UninitUse::Always: 682 S.Diag(Use.getUser()->getLocStart(), diag::warn_uninit_var) 683 << VD->getDeclName() << IsCapturedByBlock 684 << Use.getUser()->getSourceRange(); 685 return; 686 687 case UninitUse::AfterDecl: 688 case UninitUse::AfterCall: 689 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var) 690 << VD->getDeclName() << IsCapturedByBlock 691 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5) 692 << const_cast<DeclContext*>(VD->getLexicalDeclContext()) 693 << VD->getSourceRange(); 694 S.Diag(Use.getUser()->getLocStart(), diag::note_uninit_var_use) 695 << IsCapturedByBlock << Use.getUser()->getSourceRange(); 696 return; 697 698 case UninitUse::Maybe: 699 case UninitUse::Sometimes: 700 // Carry on to report sometimes-uninitialized branches, if possible, 701 // or a 'may be used uninitialized' diagnostic otherwise. 702 break; 703 } 704 705 // Diagnose each branch which leads to a sometimes-uninitialized use. 706 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end(); 707 I != E; ++I) { 708 assert(Use.getKind() == UninitUse::Sometimes); 709 710 const Expr *User = Use.getUser(); 711 const Stmt *Term = I->Terminator; 712 713 // Information used when building the diagnostic. 714 unsigned DiagKind; 715 StringRef Str; 716 SourceRange Range; 717 718 // FixIts to suppress the diagnostic by removing the dead condition. 719 // For all binary terminators, branch 0 is taken if the condition is true, 720 // and branch 1 is taken if the condition is false. 721 int RemoveDiagKind = -1; 722 const char *FixitStr = 723 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false") 724 : (I->Output ? "1" : "0"); 725 FixItHint Fixit1, Fixit2; 726 727 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) { 728 default: 729 // Don't know how to report this. Just fall back to 'may be used 730 // uninitialized'. FIXME: Can this happen? 731 continue; 732 733 // "condition is true / condition is false". 734 case Stmt::IfStmtClass: { 735 const IfStmt *IS = cast<IfStmt>(Term); 736 DiagKind = 0; 737 Str = "if"; 738 Range = IS->getCond()->getSourceRange(); 739 RemoveDiagKind = 0; 740 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(), 741 I->Output, Fixit1, Fixit2); 742 break; 743 } 744 case Stmt::ConditionalOperatorClass: { 745 const ConditionalOperator *CO = cast<ConditionalOperator>(Term); 746 DiagKind = 0; 747 Str = "?:"; 748 Range = CO->getCond()->getSourceRange(); 749 RemoveDiagKind = 0; 750 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(), 751 I->Output, Fixit1, Fixit2); 752 break; 753 } 754 case Stmt::BinaryOperatorClass: { 755 const BinaryOperator *BO = cast<BinaryOperator>(Term); 756 if (!BO->isLogicalOp()) 757 continue; 758 DiagKind = 0; 759 Str = BO->getOpcodeStr(); 760 Range = BO->getLHS()->getSourceRange(); 761 RemoveDiagKind = 0; 762 if ((BO->getOpcode() == BO_LAnd && I->Output) || 763 (BO->getOpcode() == BO_LOr && !I->Output)) 764 // true && y -> y, false || y -> y. 765 Fixit1 = FixItHint::CreateRemoval(SourceRange(BO->getLocStart(), 766 BO->getOperatorLoc())); 767 else 768 // false && y -> false, true || y -> true. 769 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr); 770 break; 771 } 772 773 // "loop is entered / loop is exited". 774 case Stmt::WhileStmtClass: 775 DiagKind = 1; 776 Str = "while"; 777 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange(); 778 RemoveDiagKind = 1; 779 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 780 break; 781 case Stmt::ForStmtClass: 782 DiagKind = 1; 783 Str = "for"; 784 Range = cast<ForStmt>(Term)->getCond()->getSourceRange(); 785 RemoveDiagKind = 1; 786 if (I->Output) 787 Fixit1 = FixItHint::CreateRemoval(Range); 788 else 789 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 790 break; 791 case Stmt::CXXForRangeStmtClass: 792 if (I->Output == 1) { 793 // The use occurs if a range-based for loop's body never executes. 794 // That may be impossible, and there's no syntactic fix for this, 795 // so treat it as a 'may be uninitialized' case. 796 continue; 797 } 798 DiagKind = 1; 799 Str = "for"; 800 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange(); 801 break; 802 803 // "condition is true / loop is exited". 804 case Stmt::DoStmtClass: 805 DiagKind = 2; 806 Str = "do"; 807 Range = cast<DoStmt>(Term)->getCond()->getSourceRange(); 808 RemoveDiagKind = 1; 809 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr); 810 break; 811 812 // "switch case is taken". 813 case Stmt::CaseStmtClass: 814 DiagKind = 3; 815 Str = "case"; 816 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange(); 817 break; 818 case Stmt::DefaultStmtClass: 819 DiagKind = 3; 820 Str = "default"; 821 Range = cast<DefaultStmt>(Term)->getDefaultLoc(); 822 break; 823 } 824 825 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var) 826 << VD->getDeclName() << IsCapturedByBlock << DiagKind 827 << Str << I->Output << Range; 828 S.Diag(User->getLocStart(), diag::note_uninit_var_use) 829 << IsCapturedByBlock << User->getSourceRange(); 830 if (RemoveDiagKind != -1) 831 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond) 832 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2; 833 834 Diagnosed = true; 835 } 836 837 if (!Diagnosed) 838 S.Diag(Use.getUser()->getLocStart(), diag::warn_maybe_uninit_var) 839 << VD->getDeclName() << IsCapturedByBlock 840 << Use.getUser()->getSourceRange(); 841 } 842 843 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an 844 /// uninitialized variable. This manages the different forms of diagnostic 845 /// emitted for particular types of uses. Returns true if the use was diagnosed 846 /// as a warning. If a particular use is one we omit warnings for, returns 847 /// false. 848 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD, 849 const UninitUse &Use, 850 bool alwaysReportSelfInit = false) { 851 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) { 852 // Inspect the initializer of the variable declaration which is 853 // being referenced prior to its initialization. We emit 854 // specialized diagnostics for self-initialization, and we 855 // specifically avoid warning about self references which take the 856 // form of: 857 // 858 // int x = x; 859 // 860 // This is used to indicate to GCC that 'x' is intentionally left 861 // uninitialized. Proven code paths which access 'x' in 862 // an uninitialized state after this will still warn. 863 if (const Expr *Initializer = VD->getInit()) { 864 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts()) 865 return false; 866 867 ContainsReference CR(S.Context, DRE); 868 CR.Visit(Initializer); 869 if (CR.doesContainReference()) { 870 S.Diag(DRE->getLocStart(), 871 diag::warn_uninit_self_reference_in_init) 872 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange(); 873 return true; 874 } 875 } 876 877 DiagUninitUse(S, VD, Use, false); 878 } else { 879 const BlockExpr *BE = cast<BlockExpr>(Use.getUser()); 880 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>()) 881 S.Diag(BE->getLocStart(), 882 diag::warn_uninit_byref_blockvar_captured_by_block) 883 << VD->getDeclName(); 884 else 885 DiagUninitUse(S, VD, Use, true); 886 } 887 888 // Report where the variable was declared when the use wasn't within 889 // the initializer of that declaration & we didn't already suggest 890 // an initialization fixit. 891 if (!SuggestInitializationFixit(S, VD)) 892 S.Diag(VD->getLocStart(), diag::note_uninit_var_def) 893 << VD->getDeclName(); 894 895 return true; 896 } 897 898 namespace { 899 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> { 900 public: 901 FallthroughMapper(Sema &S) 902 : FoundSwitchStatements(false), 903 S(S) { 904 } 905 906 bool foundSwitchStatements() const { return FoundSwitchStatements; } 907 908 void markFallthroughVisited(const AttributedStmt *Stmt) { 909 bool Found = FallthroughStmts.erase(Stmt); 910 assert(Found); 911 (void)Found; 912 } 913 914 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts; 915 916 const AttrStmts &getFallthroughStmts() const { 917 return FallthroughStmts; 918 } 919 920 void fillReachableBlocks(CFG *Cfg) { 921 assert(ReachableBlocks.empty() && "ReachableBlocks already filled"); 922 std::deque<const CFGBlock *> BlockQueue; 923 924 ReachableBlocks.insert(&Cfg->getEntry()); 925 BlockQueue.push_back(&Cfg->getEntry()); 926 // Mark all case blocks reachable to avoid problems with switching on 927 // constants, covered enums, etc. 928 // These blocks can contain fall-through annotations, and we don't want to 929 // issue a warn_fallthrough_attr_unreachable for them. 930 for (const auto *B : *Cfg) { 931 const Stmt *L = B->getLabel(); 932 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second) 933 BlockQueue.push_back(B); 934 } 935 936 while (!BlockQueue.empty()) { 937 const CFGBlock *P = BlockQueue.front(); 938 BlockQueue.pop_front(); 939 for (CFGBlock::const_succ_iterator I = P->succ_begin(), 940 E = P->succ_end(); 941 I != E; ++I) { 942 if (*I && ReachableBlocks.insert(*I).second) 943 BlockQueue.push_back(*I); 944 } 945 } 946 } 947 948 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt) { 949 assert(!ReachableBlocks.empty() && "ReachableBlocks empty"); 950 951 int UnannotatedCnt = 0; 952 AnnotatedCnt = 0; 953 954 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end()); 955 while (!BlockQueue.empty()) { 956 const CFGBlock *P = BlockQueue.front(); 957 BlockQueue.pop_front(); 958 if (!P) continue; 959 960 const Stmt *Term = P->getTerminator(); 961 if (Term && isa<SwitchStmt>(Term)) 962 continue; // Switch statement, good. 963 964 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel()); 965 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end()) 966 continue; // Previous case label has no statements, good. 967 968 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel()); 969 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end()) 970 continue; // Case label is preceded with a normal label, good. 971 972 if (!ReachableBlocks.count(P)) { 973 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(), 974 ElemEnd = P->rend(); 975 ElemIt != ElemEnd; ++ElemIt) { 976 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) { 977 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) { 978 S.Diag(AS->getLocStart(), 979 diag::warn_fallthrough_attr_unreachable); 980 markFallthroughVisited(AS); 981 ++AnnotatedCnt; 982 break; 983 } 984 // Don't care about other unreachable statements. 985 } 986 } 987 // If there are no unreachable statements, this may be a special 988 // case in CFG: 989 // case X: { 990 // A a; // A has a destructor. 991 // break; 992 // } 993 // // <<<< This place is represented by a 'hanging' CFG block. 994 // case Y: 995 continue; 996 } 997 998 const Stmt *LastStmt = getLastStmt(*P); 999 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) { 1000 markFallthroughVisited(AS); 1001 ++AnnotatedCnt; 1002 continue; // Fallthrough annotation, good. 1003 } 1004 1005 if (!LastStmt) { // This block contains no executable statements. 1006 // Traverse its predecessors. 1007 std::copy(P->pred_begin(), P->pred_end(), 1008 std::back_inserter(BlockQueue)); 1009 continue; 1010 } 1011 1012 ++UnannotatedCnt; 1013 } 1014 return !!UnannotatedCnt; 1015 } 1016 1017 // RecursiveASTVisitor setup. 1018 bool shouldWalkTypesOfTypeLocs() const { return false; } 1019 1020 bool VisitAttributedStmt(AttributedStmt *S) { 1021 if (asFallThroughAttr(S)) 1022 FallthroughStmts.insert(S); 1023 return true; 1024 } 1025 1026 bool VisitSwitchStmt(SwitchStmt *S) { 1027 FoundSwitchStatements = true; 1028 return true; 1029 } 1030 1031 // We don't want to traverse local type declarations. We analyze their 1032 // methods separately. 1033 bool TraverseDecl(Decl *D) { return true; } 1034 1035 // We analyze lambda bodies separately. Skip them here. 1036 bool TraverseLambdaBody(LambdaExpr *LE) { return true; } 1037 1038 private: 1039 1040 static const AttributedStmt *asFallThroughAttr(const Stmt *S) { 1041 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) { 1042 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs())) 1043 return AS; 1044 } 1045 return nullptr; 1046 } 1047 1048 static const Stmt *getLastStmt(const CFGBlock &B) { 1049 if (const Stmt *Term = B.getTerminator()) 1050 return Term; 1051 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(), 1052 ElemEnd = B.rend(); 1053 ElemIt != ElemEnd; ++ElemIt) { 1054 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) 1055 return CS->getStmt(); 1056 } 1057 // Workaround to detect a statement thrown out by CFGBuilder: 1058 // case X: {} case Y: 1059 // case X: ; case Y: 1060 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel())) 1061 if (!isa<SwitchCase>(SW->getSubStmt())) 1062 return SW->getSubStmt(); 1063 1064 return nullptr; 1065 } 1066 1067 bool FoundSwitchStatements; 1068 AttrStmts FallthroughStmts; 1069 Sema &S; 1070 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks; 1071 }; 1072 } // anonymous namespace 1073 1074 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC, 1075 bool PerFunction) { 1076 // Only perform this analysis when using C++11. There is no good workflow 1077 // for this warning when not using C++11. There is no good way to silence 1078 // the warning (no attribute is available) unless we are using C++11's support 1079 // for generalized attributes. Once could use pragmas to silence the warning, 1080 // but as a general solution that is gross and not in the spirit of this 1081 // warning. 1082 // 1083 // NOTE: This an intermediate solution. There are on-going discussions on 1084 // how to properly support this warning outside of C++11 with an annotation. 1085 if (!AC.getASTContext().getLangOpts().CPlusPlus11) 1086 return; 1087 1088 FallthroughMapper FM(S); 1089 FM.TraverseStmt(AC.getBody()); 1090 1091 if (!FM.foundSwitchStatements()) 1092 return; 1093 1094 if (PerFunction && FM.getFallthroughStmts().empty()) 1095 return; 1096 1097 CFG *Cfg = AC.getCFG(); 1098 1099 if (!Cfg) 1100 return; 1101 1102 FM.fillReachableBlocks(Cfg); 1103 1104 for (const CFGBlock *B : llvm::reverse(*Cfg)) { 1105 const Stmt *Label = B->getLabel(); 1106 1107 if (!Label || !isa<SwitchCase>(Label)) 1108 continue; 1109 1110 int AnnotatedCnt; 1111 1112 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt)) 1113 continue; 1114 1115 S.Diag(Label->getLocStart(), 1116 PerFunction ? diag::warn_unannotated_fallthrough_per_function 1117 : diag::warn_unannotated_fallthrough); 1118 1119 if (!AnnotatedCnt) { 1120 SourceLocation L = Label->getLocStart(); 1121 if (L.isMacroID()) 1122 continue; 1123 if (S.getLangOpts().CPlusPlus11) { 1124 const Stmt *Term = B->getTerminator(); 1125 // Skip empty cases. 1126 while (B->empty() && !Term && B->succ_size() == 1) { 1127 B = *B->succ_begin(); 1128 Term = B->getTerminator(); 1129 } 1130 if (!(B->empty() && Term && isa<BreakStmt>(Term))) { 1131 Preprocessor &PP = S.getPreprocessor(); 1132 TokenValue Tokens[] = { 1133 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"), 1134 tok::coloncolon, PP.getIdentifierInfo("fallthrough"), 1135 tok::r_square, tok::r_square 1136 }; 1137 StringRef AnnotationSpelling = "[[clang::fallthrough]]"; 1138 StringRef MacroName = PP.getLastMacroWithSpelling(L, Tokens); 1139 if (!MacroName.empty()) 1140 AnnotationSpelling = MacroName; 1141 SmallString<64> TextToInsert(AnnotationSpelling); 1142 TextToInsert += "; "; 1143 S.Diag(L, diag::note_insert_fallthrough_fixit) << 1144 AnnotationSpelling << 1145 FixItHint::CreateInsertion(L, TextToInsert); 1146 } 1147 } 1148 S.Diag(L, diag::note_insert_break_fixit) << 1149 FixItHint::CreateInsertion(L, "break; "); 1150 } 1151 } 1152 1153 for (const auto *F : FM.getFallthroughStmts()) 1154 S.Diag(F->getLocStart(), diag::warn_fallthrough_attr_invalid_placement); 1155 } 1156 1157 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM, 1158 const Stmt *S) { 1159 assert(S); 1160 1161 do { 1162 switch (S->getStmtClass()) { 1163 case Stmt::ForStmtClass: 1164 case Stmt::WhileStmtClass: 1165 case Stmt::CXXForRangeStmtClass: 1166 case Stmt::ObjCForCollectionStmtClass: 1167 return true; 1168 case Stmt::DoStmtClass: { 1169 const Expr *Cond = cast<DoStmt>(S)->getCond(); 1170 llvm::APSInt Val; 1171 if (!Cond->EvaluateAsInt(Val, Ctx)) 1172 return true; 1173 return Val.getBoolValue(); 1174 } 1175 default: 1176 break; 1177 } 1178 } while ((S = PM.getParent(S))); 1179 1180 return false; 1181 } 1182 1183 static void diagnoseRepeatedUseOfWeak(Sema &S, 1184 const sema::FunctionScopeInfo *CurFn, 1185 const Decl *D, 1186 const ParentMap &PM) { 1187 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy; 1188 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap; 1189 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector; 1190 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator> 1191 StmtUsesPair; 1192 1193 ASTContext &Ctx = S.getASTContext(); 1194 1195 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses(); 1196 1197 // Extract all weak objects that are referenced more than once. 1198 SmallVector<StmtUsesPair, 8> UsesByStmt; 1199 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end(); 1200 I != E; ++I) { 1201 const WeakUseVector &Uses = I->second; 1202 1203 // Find the first read of the weak object. 1204 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end(); 1205 for ( ; UI != UE; ++UI) { 1206 if (UI->isUnsafe()) 1207 break; 1208 } 1209 1210 // If there were only writes to this object, don't warn. 1211 if (UI == UE) 1212 continue; 1213 1214 // If there was only one read, followed by any number of writes, and the 1215 // read is not within a loop, don't warn. Additionally, don't warn in a 1216 // loop if the base object is a local variable -- local variables are often 1217 // changed in loops. 1218 if (UI == Uses.begin()) { 1219 WeakUseVector::const_iterator UI2 = UI; 1220 for (++UI2; UI2 != UE; ++UI2) 1221 if (UI2->isUnsafe()) 1222 break; 1223 1224 if (UI2 == UE) { 1225 if (!isInLoop(Ctx, PM, UI->getUseExpr())) 1226 continue; 1227 1228 const WeakObjectProfileTy &Profile = I->first; 1229 if (!Profile.isExactProfile()) 1230 continue; 1231 1232 const NamedDecl *Base = Profile.getBase(); 1233 if (!Base) 1234 Base = Profile.getProperty(); 1235 assert(Base && "A profile always has a base or property."); 1236 1237 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base)) 1238 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base)) 1239 continue; 1240 } 1241 } 1242 1243 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I)); 1244 } 1245 1246 if (UsesByStmt.empty()) 1247 return; 1248 1249 // Sort by first use so that we emit the warnings in a deterministic order. 1250 SourceManager &SM = S.getSourceManager(); 1251 std::sort(UsesByStmt.begin(), UsesByStmt.end(), 1252 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) { 1253 return SM.isBeforeInTranslationUnit(LHS.first->getLocStart(), 1254 RHS.first->getLocStart()); 1255 }); 1256 1257 // Classify the current code body for better warning text. 1258 // This enum should stay in sync with the cases in 1259 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1260 // FIXME: Should we use a common classification enum and the same set of 1261 // possibilities all throughout Sema? 1262 enum { 1263 Function, 1264 Method, 1265 Block, 1266 Lambda 1267 } FunctionKind; 1268 1269 if (isa<sema::BlockScopeInfo>(CurFn)) 1270 FunctionKind = Block; 1271 else if (isa<sema::LambdaScopeInfo>(CurFn)) 1272 FunctionKind = Lambda; 1273 else if (isa<ObjCMethodDecl>(D)) 1274 FunctionKind = Method; 1275 else 1276 FunctionKind = Function; 1277 1278 // Iterate through the sorted problems and emit warnings for each. 1279 for (const auto &P : UsesByStmt) { 1280 const Stmt *FirstRead = P.first; 1281 const WeakObjectProfileTy &Key = P.second->first; 1282 const WeakUseVector &Uses = P.second->second; 1283 1284 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy 1285 // may not contain enough information to determine that these are different 1286 // properties. We can only be 100% sure of a repeated use in certain cases, 1287 // and we adjust the diagnostic kind accordingly so that the less certain 1288 // case can be turned off if it is too noisy. 1289 unsigned DiagKind; 1290 if (Key.isExactProfile()) 1291 DiagKind = diag::warn_arc_repeated_use_of_weak; 1292 else 1293 DiagKind = diag::warn_arc_possible_repeated_use_of_weak; 1294 1295 // Classify the weak object being accessed for better warning text. 1296 // This enum should stay in sync with the cases in 1297 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak. 1298 enum { 1299 Variable, 1300 Property, 1301 ImplicitProperty, 1302 Ivar 1303 } ObjectKind; 1304 1305 const NamedDecl *D = Key.getProperty(); 1306 if (isa<VarDecl>(D)) 1307 ObjectKind = Variable; 1308 else if (isa<ObjCPropertyDecl>(D)) 1309 ObjectKind = Property; 1310 else if (isa<ObjCMethodDecl>(D)) 1311 ObjectKind = ImplicitProperty; 1312 else if (isa<ObjCIvarDecl>(D)) 1313 ObjectKind = Ivar; 1314 else 1315 llvm_unreachable("Unexpected weak object kind!"); 1316 1317 // Show the first time the object was read. 1318 S.Diag(FirstRead->getLocStart(), DiagKind) 1319 << int(ObjectKind) << D << int(FunctionKind) 1320 << FirstRead->getSourceRange(); 1321 1322 // Print all the other accesses as notes. 1323 for (const auto &Use : Uses) { 1324 if (Use.getUseExpr() == FirstRead) 1325 continue; 1326 S.Diag(Use.getUseExpr()->getLocStart(), 1327 diag::note_arc_weak_also_accessed_here) 1328 << Use.getUseExpr()->getSourceRange(); 1329 } 1330 } 1331 } 1332 1333 namespace { 1334 class UninitValsDiagReporter : public UninitVariablesHandler { 1335 Sema &S; 1336 typedef SmallVector<UninitUse, 2> UsesVec; 1337 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType; 1338 // Prefer using MapVector to DenseMap, so that iteration order will be 1339 // the same as insertion order. This is needed to obtain a deterministic 1340 // order of diagnostics when calling flushDiagnostics(). 1341 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap; 1342 UsesMap uses; 1343 1344 public: 1345 UninitValsDiagReporter(Sema &S) : S(S) {} 1346 ~UninitValsDiagReporter() override { flushDiagnostics(); } 1347 1348 MappedType &getUses(const VarDecl *vd) { 1349 MappedType &V = uses[vd]; 1350 if (!V.getPointer()) 1351 V.setPointer(new UsesVec()); 1352 return V; 1353 } 1354 1355 void handleUseOfUninitVariable(const VarDecl *vd, 1356 const UninitUse &use) override { 1357 getUses(vd).getPointer()->push_back(use); 1358 } 1359 1360 void handleSelfInit(const VarDecl *vd) override { 1361 getUses(vd).setInt(true); 1362 } 1363 1364 void flushDiagnostics() { 1365 for (const auto &P : uses) { 1366 const VarDecl *vd = P.first; 1367 const MappedType &V = P.second; 1368 1369 UsesVec *vec = V.getPointer(); 1370 bool hasSelfInit = V.getInt(); 1371 1372 // Specially handle the case where we have uses of an uninitialized 1373 // variable, but the root cause is an idiomatic self-init. We want 1374 // to report the diagnostic at the self-init since that is the root cause. 1375 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec)) 1376 DiagnoseUninitializedUse(S, vd, 1377 UninitUse(vd->getInit()->IgnoreParenCasts(), 1378 /* isAlwaysUninit */ true), 1379 /* alwaysReportSelfInit */ true); 1380 else { 1381 // Sort the uses by their SourceLocations. While not strictly 1382 // guaranteed to produce them in line/column order, this will provide 1383 // a stable ordering. 1384 std::sort(vec->begin(), vec->end(), 1385 [](const UninitUse &a, const UninitUse &b) { 1386 // Prefer a more confident report over a less confident one. 1387 if (a.getKind() != b.getKind()) 1388 return a.getKind() > b.getKind(); 1389 return a.getUser()->getLocStart() < b.getUser()->getLocStart(); 1390 }); 1391 1392 for (const auto &U : *vec) { 1393 // If we have self-init, downgrade all uses to 'may be uninitialized'. 1394 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U; 1395 1396 if (DiagnoseUninitializedUse(S, vd, Use)) 1397 // Skip further diagnostics for this variable. We try to warn only 1398 // on the first point at which a variable is used uninitialized. 1399 break; 1400 } 1401 } 1402 1403 // Release the uses vector. 1404 delete vec; 1405 } 1406 1407 uses.clear(); 1408 } 1409 1410 private: 1411 static bool hasAlwaysUninitializedUse(const UsesVec* vec) { 1412 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) { 1413 return U.getKind() == UninitUse::Always || 1414 U.getKind() == UninitUse::AfterCall || 1415 U.getKind() == UninitUse::AfterDecl; 1416 }); 1417 } 1418 }; 1419 } // anonymous namespace 1420 1421 namespace clang { 1422 namespace { 1423 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes; 1424 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag; 1425 typedef std::list<DelayedDiag> DiagList; 1426 1427 struct SortDiagBySourceLocation { 1428 SourceManager &SM; 1429 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {} 1430 1431 bool operator()(const DelayedDiag &left, const DelayedDiag &right) { 1432 // Although this call will be slow, this is only called when outputting 1433 // multiple warnings. 1434 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first); 1435 } 1436 }; 1437 } // anonymous namespace 1438 } // namespace clang 1439 1440 //===----------------------------------------------------------------------===// 1441 // -Wthread-safety 1442 //===----------------------------------------------------------------------===// 1443 namespace clang { 1444 namespace threadSafety { 1445 namespace { 1446 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler { 1447 Sema &S; 1448 DiagList Warnings; 1449 SourceLocation FunLocation, FunEndLocation; 1450 1451 const FunctionDecl *CurrentFunction; 1452 bool Verbose; 1453 1454 OptionalNotes getNotes() const { 1455 if (Verbose && CurrentFunction) { 1456 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1457 S.PDiag(diag::note_thread_warning_in_fun) 1458 << CurrentFunction->getNameAsString()); 1459 return OptionalNotes(1, FNote); 1460 } 1461 return OptionalNotes(); 1462 } 1463 1464 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const { 1465 OptionalNotes ONS(1, Note); 1466 if (Verbose && CurrentFunction) { 1467 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1468 S.PDiag(diag::note_thread_warning_in_fun) 1469 << CurrentFunction->getNameAsString()); 1470 ONS.push_back(std::move(FNote)); 1471 } 1472 return ONS; 1473 } 1474 1475 OptionalNotes getNotes(const PartialDiagnosticAt &Note1, 1476 const PartialDiagnosticAt &Note2) const { 1477 OptionalNotes ONS; 1478 ONS.push_back(Note1); 1479 ONS.push_back(Note2); 1480 if (Verbose && CurrentFunction) { 1481 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(), 1482 S.PDiag(diag::note_thread_warning_in_fun) 1483 << CurrentFunction->getNameAsString()); 1484 ONS.push_back(std::move(FNote)); 1485 } 1486 return ONS; 1487 } 1488 1489 // Helper functions 1490 void warnLockMismatch(unsigned DiagID, StringRef Kind, Name LockName, 1491 SourceLocation Loc) { 1492 // Gracefully handle rare cases when the analysis can't get a more 1493 // precise source location. 1494 if (!Loc.isValid()) 1495 Loc = FunLocation; 1496 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind << LockName); 1497 Warnings.emplace_back(std::move(Warning), getNotes()); 1498 } 1499 1500 public: 1501 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL) 1502 : S(S), FunLocation(FL), FunEndLocation(FEL), 1503 CurrentFunction(nullptr), Verbose(false) {} 1504 1505 void setVerbose(bool b) { Verbose = b; } 1506 1507 /// \brief Emit all buffered diagnostics in order of sourcelocation. 1508 /// We need to output diagnostics produced while iterating through 1509 /// the lockset in deterministic order, so this function orders diagnostics 1510 /// and outputs them. 1511 void emitDiagnostics() { 1512 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1513 for (const auto &Diag : Warnings) { 1514 S.Diag(Diag.first.first, Diag.first.second); 1515 for (const auto &Note : Diag.second) 1516 S.Diag(Note.first, Note.second); 1517 } 1518 } 1519 1520 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override { 1521 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock) 1522 << Loc); 1523 Warnings.emplace_back(std::move(Warning), getNotes()); 1524 } 1525 1526 void handleUnmatchedUnlock(StringRef Kind, Name LockName, 1527 SourceLocation Loc) override { 1528 warnLockMismatch(diag::warn_unlock_but_no_lock, Kind, LockName, Loc); 1529 } 1530 1531 void handleIncorrectUnlockKind(StringRef Kind, Name LockName, 1532 LockKind Expected, LockKind Received, 1533 SourceLocation Loc) override { 1534 if (Loc.isInvalid()) 1535 Loc = FunLocation; 1536 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_kind_mismatch) 1537 << Kind << LockName << Received 1538 << Expected); 1539 Warnings.emplace_back(std::move(Warning), getNotes()); 1540 } 1541 1542 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc) override { 1543 warnLockMismatch(diag::warn_double_lock, Kind, LockName, Loc); 1544 } 1545 1546 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, 1547 SourceLocation LocLocked, 1548 SourceLocation LocEndOfScope, 1549 LockErrorKind LEK) override { 1550 unsigned DiagID = 0; 1551 switch (LEK) { 1552 case LEK_LockedSomePredecessors: 1553 DiagID = diag::warn_lock_some_predecessors; 1554 break; 1555 case LEK_LockedSomeLoopIterations: 1556 DiagID = diag::warn_expecting_lock_held_on_loop; 1557 break; 1558 case LEK_LockedAtEndOfFunction: 1559 DiagID = diag::warn_no_unlock; 1560 break; 1561 case LEK_NotLockedAtEndOfFunction: 1562 DiagID = diag::warn_expecting_locked; 1563 break; 1564 } 1565 if (LocEndOfScope.isInvalid()) 1566 LocEndOfScope = FunEndLocation; 1567 1568 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind 1569 << LockName); 1570 if (LocLocked.isValid()) { 1571 PartialDiagnosticAt Note(LocLocked, S.PDiag(diag::note_locked_here) 1572 << Kind); 1573 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1574 return; 1575 } 1576 Warnings.emplace_back(std::move(Warning), getNotes()); 1577 } 1578 1579 void handleExclusiveAndShared(StringRef Kind, Name LockName, 1580 SourceLocation Loc1, 1581 SourceLocation Loc2) override { 1582 PartialDiagnosticAt Warning(Loc1, 1583 S.PDiag(diag::warn_lock_exclusive_and_shared) 1584 << Kind << LockName); 1585 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared) 1586 << Kind << LockName); 1587 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1588 } 1589 1590 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D, 1591 ProtectedOperationKind POK, AccessKind AK, 1592 SourceLocation Loc) override { 1593 assert((POK == POK_VarAccess || POK == POK_VarDereference) && 1594 "Only works for variables"); 1595 unsigned DiagID = POK == POK_VarAccess? 1596 diag::warn_variable_requires_any_lock: 1597 diag::warn_var_deref_requires_any_lock; 1598 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) 1599 << D->getNameAsString() << getLockKindFromAccessKind(AK)); 1600 Warnings.emplace_back(std::move(Warning), getNotes()); 1601 } 1602 1603 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, 1604 ProtectedOperationKind POK, Name LockName, 1605 LockKind LK, SourceLocation Loc, 1606 Name *PossibleMatch) override { 1607 unsigned DiagID = 0; 1608 if (PossibleMatch) { 1609 switch (POK) { 1610 case POK_VarAccess: 1611 DiagID = diag::warn_variable_requires_lock_precise; 1612 break; 1613 case POK_VarDereference: 1614 DiagID = diag::warn_var_deref_requires_lock_precise; 1615 break; 1616 case POK_FunctionCall: 1617 DiagID = diag::warn_fun_requires_lock_precise; 1618 break; 1619 case POK_PassByRef: 1620 DiagID = diag::warn_guarded_pass_by_reference; 1621 break; 1622 case POK_PtPassByRef: 1623 DiagID = diag::warn_pt_guarded_pass_by_reference; 1624 break; 1625 } 1626 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1627 << D->getNameAsString() 1628 << LockName << LK); 1629 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match) 1630 << *PossibleMatch); 1631 if (Verbose && POK == POK_VarAccess) { 1632 PartialDiagnosticAt VNote(D->getLocation(), 1633 S.PDiag(diag::note_guarded_by_declared_here) 1634 << D->getNameAsString()); 1635 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote)); 1636 } else 1637 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1638 } else { 1639 switch (POK) { 1640 case POK_VarAccess: 1641 DiagID = diag::warn_variable_requires_lock; 1642 break; 1643 case POK_VarDereference: 1644 DiagID = diag::warn_var_deref_requires_lock; 1645 break; 1646 case POK_FunctionCall: 1647 DiagID = diag::warn_fun_requires_lock; 1648 break; 1649 case POK_PassByRef: 1650 DiagID = diag::warn_guarded_pass_by_reference; 1651 break; 1652 case POK_PtPassByRef: 1653 DiagID = diag::warn_pt_guarded_pass_by_reference; 1654 break; 1655 } 1656 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind 1657 << D->getNameAsString() 1658 << LockName << LK); 1659 if (Verbose && POK == POK_VarAccess) { 1660 PartialDiagnosticAt Note(D->getLocation(), 1661 S.PDiag(diag::note_guarded_by_declared_here) 1662 << D->getNameAsString()); 1663 Warnings.emplace_back(std::move(Warning), getNotes(Note)); 1664 } else 1665 Warnings.emplace_back(std::move(Warning), getNotes()); 1666 } 1667 } 1668 1669 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, 1670 SourceLocation Loc) override { 1671 PartialDiagnosticAt Warning(Loc, 1672 S.PDiag(diag::warn_acquire_requires_negative_cap) 1673 << Kind << LockName << Neg); 1674 Warnings.emplace_back(std::move(Warning), getNotes()); 1675 } 1676 1677 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, 1678 SourceLocation Loc) override { 1679 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex) 1680 << Kind << FunName << LockName); 1681 Warnings.emplace_back(std::move(Warning), getNotes()); 1682 } 1683 1684 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name, 1685 SourceLocation Loc) override { 1686 PartialDiagnosticAt Warning(Loc, 1687 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name); 1688 Warnings.emplace_back(std::move(Warning), getNotes()); 1689 } 1690 1691 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override { 1692 PartialDiagnosticAt Warning(Loc, 1693 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name); 1694 Warnings.emplace_back(std::move(Warning), getNotes()); 1695 } 1696 1697 void enterFunction(const FunctionDecl* FD) override { 1698 CurrentFunction = FD; 1699 } 1700 1701 void leaveFunction(const FunctionDecl* FD) override { 1702 CurrentFunction = nullptr; 1703 } 1704 }; 1705 } // anonymous namespace 1706 } // namespace threadSafety 1707 } // namespace clang 1708 1709 //===----------------------------------------------------------------------===// 1710 // -Wconsumed 1711 //===----------------------------------------------------------------------===// 1712 1713 namespace clang { 1714 namespace consumed { 1715 namespace { 1716 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase { 1717 1718 Sema &S; 1719 DiagList Warnings; 1720 1721 public: 1722 1723 ConsumedWarningsHandler(Sema &S) : S(S) {} 1724 1725 void emitDiagnostics() override { 1726 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager())); 1727 for (const auto &Diag : Warnings) { 1728 S.Diag(Diag.first.first, Diag.first.second); 1729 for (const auto &Note : Diag.second) 1730 S.Diag(Note.first, Note.second); 1731 } 1732 } 1733 1734 void warnLoopStateMismatch(SourceLocation Loc, 1735 StringRef VariableName) override { 1736 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) << 1737 VariableName); 1738 1739 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1740 } 1741 1742 void warnParamReturnTypestateMismatch(SourceLocation Loc, 1743 StringRef VariableName, 1744 StringRef ExpectedState, 1745 StringRef ObservedState) override { 1746 1747 PartialDiagnosticAt Warning(Loc, S.PDiag( 1748 diag::warn_param_return_typestate_mismatch) << VariableName << 1749 ExpectedState << ObservedState); 1750 1751 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1752 } 1753 1754 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1755 StringRef ObservedState) override { 1756 1757 PartialDiagnosticAt Warning(Loc, S.PDiag( 1758 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState); 1759 1760 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1761 } 1762 1763 void warnReturnTypestateForUnconsumableType(SourceLocation Loc, 1764 StringRef TypeName) override { 1765 PartialDiagnosticAt Warning(Loc, S.PDiag( 1766 diag::warn_return_typestate_for_unconsumable_type) << TypeName); 1767 1768 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1769 } 1770 1771 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState, 1772 StringRef ObservedState) override { 1773 1774 PartialDiagnosticAt Warning(Loc, S.PDiag( 1775 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState); 1776 1777 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1778 } 1779 1780 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State, 1781 SourceLocation Loc) override { 1782 1783 PartialDiagnosticAt Warning(Loc, S.PDiag( 1784 diag::warn_use_of_temp_in_invalid_state) << MethodName << State); 1785 1786 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1787 } 1788 1789 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName, 1790 StringRef State, SourceLocation Loc) override { 1791 1792 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) << 1793 MethodName << VariableName << State); 1794 1795 Warnings.emplace_back(std::move(Warning), OptionalNotes()); 1796 } 1797 }; 1798 } // anonymous namespace 1799 } // namespace consumed 1800 } // namespace clang 1801 1802 //===----------------------------------------------------------------------===// 1803 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based 1804 // warnings on a function, method, or block. 1805 //===----------------------------------------------------------------------===// 1806 1807 clang::sema::AnalysisBasedWarnings::Policy::Policy() { 1808 enableCheckFallThrough = 1; 1809 enableCheckUnreachable = 0; 1810 enableThreadSafetyAnalysis = 0; 1811 enableConsumedAnalysis = 0; 1812 } 1813 1814 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) { 1815 return (unsigned)!D.isIgnored(diag, SourceLocation()); 1816 } 1817 1818 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s) 1819 : S(s), 1820 NumFunctionsAnalyzed(0), 1821 NumFunctionsWithBadCFGs(0), 1822 NumCFGBlocks(0), 1823 MaxCFGBlocksPerFunction(0), 1824 NumUninitAnalysisFunctions(0), 1825 NumUninitAnalysisVariables(0), 1826 MaxUninitAnalysisVariablesPerFunction(0), 1827 NumUninitAnalysisBlockVisits(0), 1828 MaxUninitAnalysisBlockVisitsPerFunction(0) { 1829 1830 using namespace diag; 1831 DiagnosticsEngine &D = S.getDiagnostics(); 1832 1833 DefaultPolicy.enableCheckUnreachable = 1834 isEnabled(D, warn_unreachable) || 1835 isEnabled(D, warn_unreachable_break) || 1836 isEnabled(D, warn_unreachable_return) || 1837 isEnabled(D, warn_unreachable_loop_increment); 1838 1839 DefaultPolicy.enableThreadSafetyAnalysis = 1840 isEnabled(D, warn_double_lock); 1841 1842 DefaultPolicy.enableConsumedAnalysis = 1843 isEnabled(D, warn_use_in_invalid_state); 1844 } 1845 1846 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) { 1847 for (const auto &D : fscope->PossiblyUnreachableDiags) 1848 S.Diag(D.Loc, D.PD); 1849 } 1850 1851 void clang::sema:: 1852 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P, 1853 sema::FunctionScopeInfo *fscope, 1854 const Decl *D, const BlockExpr *blkExpr) { 1855 1856 // We avoid doing analysis-based warnings when there are errors for 1857 // two reasons: 1858 // (1) The CFGs often can't be constructed (if the body is invalid), so 1859 // don't bother trying. 1860 // (2) The code already has problems; running the analysis just takes more 1861 // time. 1862 DiagnosticsEngine &Diags = S.getDiagnostics(); 1863 1864 // Do not do any analysis for declarations in system headers if we are 1865 // going to just ignore them. 1866 if (Diags.getSuppressSystemWarnings() && 1867 S.SourceMgr.isInSystemHeader(D->getLocation())) 1868 return; 1869 1870 // For code in dependent contexts, we'll do this at instantiation time. 1871 if (cast<DeclContext>(D)->isDependentContext()) 1872 return; 1873 1874 if (Diags.hasUncompilableErrorOccurred() || Diags.hasFatalErrorOccurred()) { 1875 // Flush out any possibly unreachable diagnostics. 1876 flushDiagnostics(S, fscope); 1877 return; 1878 } 1879 1880 const Stmt *Body = D->getBody(); 1881 assert(Body); 1882 1883 // Construct the analysis context with the specified CFG build options. 1884 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D); 1885 1886 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2 1887 // explosion for destructors that can result and the compile time hit. 1888 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true; 1889 AC.getCFGBuildOptions().AddEHEdges = false; 1890 AC.getCFGBuildOptions().AddInitializers = true; 1891 AC.getCFGBuildOptions().AddImplicitDtors = true; 1892 AC.getCFGBuildOptions().AddTemporaryDtors = true; 1893 AC.getCFGBuildOptions().AddCXXNewAllocator = false; 1894 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true; 1895 1896 // Force that certain expressions appear as CFGElements in the CFG. This 1897 // is used to speed up various analyses. 1898 // FIXME: This isn't the right factoring. This is here for initial 1899 // prototyping, but we need a way for analyses to say what expressions they 1900 // expect to always be CFGElements and then fill in the BuildOptions 1901 // appropriately. This is essentially a layering violation. 1902 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis || 1903 P.enableConsumedAnalysis) { 1904 // Unreachable code analysis and thread safety require a linearized CFG. 1905 AC.getCFGBuildOptions().setAllAlwaysAdd(); 1906 } 1907 else { 1908 AC.getCFGBuildOptions() 1909 .setAlwaysAdd(Stmt::BinaryOperatorClass) 1910 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass) 1911 .setAlwaysAdd(Stmt::BlockExprClass) 1912 .setAlwaysAdd(Stmt::CStyleCastExprClass) 1913 .setAlwaysAdd(Stmt::DeclRefExprClass) 1914 .setAlwaysAdd(Stmt::ImplicitCastExprClass) 1915 .setAlwaysAdd(Stmt::UnaryOperatorClass) 1916 .setAlwaysAdd(Stmt::AttributedStmtClass); 1917 } 1918 1919 // Install the logical handler for -Wtautological-overlap-compare 1920 std::unique_ptr<LogicalErrorHandler> LEH; 1921 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 1922 D->getLocStart())) { 1923 LEH.reset(new LogicalErrorHandler(S)); 1924 AC.getCFGBuildOptions().Observer = LEH.get(); 1925 } 1926 1927 // Emit delayed diagnostics. 1928 if (!fscope->PossiblyUnreachableDiags.empty()) { 1929 bool analyzed = false; 1930 1931 // Register the expressions with the CFGBuilder. 1932 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1933 if (D.stmt) 1934 AC.registerForcedBlockExpression(D.stmt); 1935 } 1936 1937 if (AC.getCFG()) { 1938 analyzed = true; 1939 for (const auto &D : fscope->PossiblyUnreachableDiags) { 1940 bool processed = false; 1941 if (D.stmt) { 1942 const CFGBlock *block = AC.getBlockForRegisteredExpression(D.stmt); 1943 CFGReverseBlockReachabilityAnalysis *cra = 1944 AC.getCFGReachablityAnalysis(); 1945 // FIXME: We should be able to assert that block is non-null, but 1946 // the CFG analysis can skip potentially-evaluated expressions in 1947 // edge cases; see test/Sema/vla-2.c. 1948 if (block && cra) { 1949 // Can this block be reached from the entrance? 1950 if (cra->isReachable(&AC.getCFG()->getEntry(), block)) 1951 S.Diag(D.Loc, D.PD); 1952 processed = true; 1953 } 1954 } 1955 if (!processed) { 1956 // Emit the warning anyway if we cannot map to a basic block. 1957 S.Diag(D.Loc, D.PD); 1958 } 1959 } 1960 } 1961 1962 if (!analyzed) 1963 flushDiagnostics(S, fscope); 1964 } 1965 1966 // Warning: check missing 'return' 1967 if (P.enableCheckFallThrough) { 1968 const CheckFallThroughDiagnostics &CD = 1969 (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock() 1970 : (isa<CXXMethodDecl>(D) && 1971 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call && 1972 cast<CXXMethodDecl>(D)->getParent()->isLambda()) 1973 ? CheckFallThroughDiagnostics::MakeForLambda() 1974 : CheckFallThroughDiagnostics::MakeForFunction(D)); 1975 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC); 1976 } 1977 1978 // Warning: check for unreachable code 1979 if (P.enableCheckUnreachable) { 1980 // Only check for unreachable code on non-template instantiations. 1981 // Different template instantiations can effectively change the control-flow 1982 // and it is very difficult to prove that a snippet of code in a template 1983 // is unreachable for all instantiations. 1984 bool isTemplateInstantiation = false; 1985 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D)) 1986 isTemplateInstantiation = Function->isTemplateInstantiation(); 1987 if (!isTemplateInstantiation) 1988 CheckUnreachable(S, AC); 1989 } 1990 1991 // Check for thread safety violations 1992 if (P.enableThreadSafetyAnalysis) { 1993 SourceLocation FL = AC.getDecl()->getLocation(); 1994 SourceLocation FEL = AC.getDecl()->getLocEnd(); 1995 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL); 1996 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getLocStart())) 1997 Reporter.setIssueBetaWarnings(true); 1998 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getLocStart())) 1999 Reporter.setVerbose(true); 2000 2001 threadSafety::runThreadSafetyAnalysis(AC, Reporter, 2002 &S.ThreadSafetyDeclCache); 2003 Reporter.emitDiagnostics(); 2004 } 2005 2006 // Check for violations of consumed properties. 2007 if (P.enableConsumedAnalysis) { 2008 consumed::ConsumedWarningsHandler WarningHandler(S); 2009 consumed::ConsumedAnalyzer Analyzer(WarningHandler); 2010 Analyzer.run(AC); 2011 } 2012 2013 if (!Diags.isIgnored(diag::warn_uninit_var, D->getLocStart()) || 2014 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getLocStart()) || 2015 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getLocStart())) { 2016 if (CFG *cfg = AC.getCFG()) { 2017 UninitValsDiagReporter reporter(S); 2018 UninitVariablesAnalysisStats stats; 2019 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats)); 2020 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC, 2021 reporter, stats); 2022 2023 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) { 2024 ++NumUninitAnalysisFunctions; 2025 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed; 2026 NumUninitAnalysisBlockVisits += stats.NumBlockVisits; 2027 MaxUninitAnalysisVariablesPerFunction = 2028 std::max(MaxUninitAnalysisVariablesPerFunction, 2029 stats.NumVariablesAnalyzed); 2030 MaxUninitAnalysisBlockVisitsPerFunction = 2031 std::max(MaxUninitAnalysisBlockVisitsPerFunction, 2032 stats.NumBlockVisits); 2033 } 2034 } 2035 } 2036 2037 bool FallThroughDiagFull = 2038 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getLocStart()); 2039 bool FallThroughDiagPerFunction = !Diags.isIgnored( 2040 diag::warn_unannotated_fallthrough_per_function, D->getLocStart()); 2041 if (FallThroughDiagFull || FallThroughDiagPerFunction) { 2042 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull); 2043 } 2044 2045 if (S.getLangOpts().ObjCWeak && 2046 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getLocStart())) 2047 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap()); 2048 2049 2050 // Check for infinite self-recursion in functions 2051 if (!Diags.isIgnored(diag::warn_infinite_recursive_function, 2052 D->getLocStart())) { 2053 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 2054 checkRecursiveFunction(S, FD, Body, AC); 2055 } 2056 } 2057 2058 // If none of the previous checks caused a CFG build, trigger one here 2059 // for -Wtautological-overlap-compare 2060 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison, 2061 D->getLocStart())) { 2062 AC.getCFG(); 2063 } 2064 2065 // Collect statistics about the CFG if it was built. 2066 if (S.CollectStats && AC.isCFGBuilt()) { 2067 ++NumFunctionsAnalyzed; 2068 if (CFG *cfg = AC.getCFG()) { 2069 // If we successfully built a CFG for this context, record some more 2070 // detail information about it. 2071 NumCFGBlocks += cfg->getNumBlockIDs(); 2072 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction, 2073 cfg->getNumBlockIDs()); 2074 } else { 2075 ++NumFunctionsWithBadCFGs; 2076 } 2077 } 2078 } 2079 2080 void clang::sema::AnalysisBasedWarnings::PrintStats() const { 2081 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n"; 2082 2083 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs; 2084 unsigned AvgCFGBlocksPerFunction = 2085 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt; 2086 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed (" 2087 << NumFunctionsWithBadCFGs << " w/o CFGs).\n" 2088 << " " << NumCFGBlocks << " CFG blocks built.\n" 2089 << " " << AvgCFGBlocksPerFunction 2090 << " average CFG blocks per function.\n" 2091 << " " << MaxCFGBlocksPerFunction 2092 << " max CFG blocks per function.\n"; 2093 2094 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0 2095 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions; 2096 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0 2097 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions; 2098 llvm::errs() << NumUninitAnalysisFunctions 2099 << " functions analyzed for uninitialiazed variables\n" 2100 << " " << NumUninitAnalysisVariables << " variables analyzed.\n" 2101 << " " << AvgUninitVariablesPerFunction 2102 << " average variables per function.\n" 2103 << " " << MaxUninitAnalysisVariablesPerFunction 2104 << " max variables per function.\n" 2105 << " " << NumUninitAnalysisBlockVisits << " block visits.\n" 2106 << " " << AvgUninitBlockVisitsPerFunction 2107 << " average block visits per function.\n" 2108 << " " << MaxUninitAnalysisBlockVisitsPerFunction 2109 << " max block visits per function.\n"; 2110 } 2111