1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file defines analysis_warnings::[Policy,Executor].
11 // Together they are used by Sema to issue warnings based on inexpensive
12 // static analysis algorithms in libAnalysis.
13 //
14 //===----------------------------------------------------------------------===//
15
16 #include "clang/Sema/AnalysisBasedWarnings.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/DeclObjC.h"
19 #include "clang/AST/EvaluatedExprVisitor.h"
20 #include "clang/AST/ExprCXX.h"
21 #include "clang/AST/ExprObjC.h"
22 #include "clang/AST/ParentMap.h"
23 #include "clang/AST/RecursiveASTVisitor.h"
24 #include "clang/AST/StmtCXX.h"
25 #include "clang/AST/StmtObjC.h"
26 #include "clang/AST/StmtVisitor.h"
27 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h"
28 #include "clang/Analysis/Analyses/Consumed.h"
29 #include "clang/Analysis/Analyses/ReachableCode.h"
30 #include "clang/Analysis/Analyses/ThreadSafety.h"
31 #include "clang/Analysis/Analyses/UninitializedValues.h"
32 #include "clang/Analysis/AnalysisContext.h"
33 #include "clang/Analysis/CFG.h"
34 #include "clang/Analysis/CFGStmtMap.h"
35 #include "clang/Basic/SourceLocation.h"
36 #include "clang/Basic/SourceManager.h"
37 #include "clang/Lex/Preprocessor.h"
38 #include "clang/Sema/ScopeInfo.h"
39 #include "clang/Sema/SemaInternal.h"
40 #include "llvm/ADT/ArrayRef.h"
41 #include "llvm/ADT/BitVector.h"
42 #include "llvm/ADT/FoldingSet.h"
43 #include "llvm/ADT/ImmutableMap.h"
44 #include "llvm/ADT/MapVector.h"
45 #include "llvm/ADT/PostOrderIterator.h"
46 #include "llvm/ADT/SmallString.h"
47 #include "llvm/ADT/SmallVector.h"
48 #include "llvm/ADT/StringRef.h"
49 #include "llvm/Support/Casting.h"
50 #include <algorithm>
51 #include <deque>
52 #include <iterator>
53 #include <vector>
54
55 using namespace clang;
56
57 //===----------------------------------------------------------------------===//
58 // Unreachable code analysis.
59 //===----------------------------------------------------------------------===//
60
61 namespace {
62 class UnreachableCodeHandler : public reachable_code::Callback {
63 Sema &S;
64 public:
UnreachableCodeHandler(Sema & s)65 UnreachableCodeHandler(Sema &s) : S(s) {}
66
HandleUnreachable(reachable_code::UnreachableKind UK,SourceLocation L,SourceRange SilenceableCondVal,SourceRange R1,SourceRange R2)67 void HandleUnreachable(reachable_code::UnreachableKind UK,
68 SourceLocation L,
69 SourceRange SilenceableCondVal,
70 SourceRange R1,
71 SourceRange R2) override {
72 unsigned diag = diag::warn_unreachable;
73 switch (UK) {
74 case reachable_code::UK_Break:
75 diag = diag::warn_unreachable_break;
76 break;
77 case reachable_code::UK_Return:
78 diag = diag::warn_unreachable_return;
79 break;
80 case reachable_code::UK_Loop_Increment:
81 diag = diag::warn_unreachable_loop_increment;
82 break;
83 case reachable_code::UK_Other:
84 break;
85 }
86
87 S.Diag(L, diag) << R1 << R2;
88
89 SourceLocation Open = SilenceableCondVal.getBegin();
90 if (Open.isValid()) {
91 SourceLocation Close = SilenceableCondVal.getEnd();
92 Close = S.getLocForEndOfToken(Close);
93 if (Close.isValid()) {
94 S.Diag(Open, diag::note_unreachable_silence)
95 << FixItHint::CreateInsertion(Open, "/* DISABLES CODE */ (")
96 << FixItHint::CreateInsertion(Close, ")");
97 }
98 }
99 }
100 };
101 } // anonymous namespace
102
103 /// CheckUnreachable - Check for unreachable code.
CheckUnreachable(Sema & S,AnalysisDeclContext & AC)104 static void CheckUnreachable(Sema &S, AnalysisDeclContext &AC) {
105 // As a heuristic prune all diagnostics not in the main file. Currently
106 // the majority of warnings in headers are false positives. These
107 // are largely caused by configuration state, e.g. preprocessor
108 // defined code, etc.
109 //
110 // Note that this is also a performance optimization. Analyzing
111 // headers many times can be expensive.
112 if (!S.getSourceManager().isInMainFile(AC.getDecl()->getLocStart()))
113 return;
114
115 UnreachableCodeHandler UC(S);
116 reachable_code::FindUnreachableCode(AC, S.getPreprocessor(), UC);
117 }
118
119 namespace {
120 /// \brief Warn on logical operator errors in CFGBuilder
121 class LogicalErrorHandler : public CFGCallback {
122 Sema &S;
123
124 public:
LogicalErrorHandler(Sema & S)125 LogicalErrorHandler(Sema &S) : CFGCallback(), S(S) {}
126
HasMacroID(const Expr * E)127 static bool HasMacroID(const Expr *E) {
128 if (E->getExprLoc().isMacroID())
129 return true;
130
131 // Recurse to children.
132 for (const Stmt *SubStmt : E->children())
133 if (const Expr *SubExpr = dyn_cast_or_null<Expr>(SubStmt))
134 if (HasMacroID(SubExpr))
135 return true;
136
137 return false;
138 }
139
compareAlwaysTrue(const BinaryOperator * B,bool isAlwaysTrue)140 void compareAlwaysTrue(const BinaryOperator *B, bool isAlwaysTrue) override {
141 if (HasMacroID(B))
142 return;
143
144 SourceRange DiagRange = B->getSourceRange();
145 S.Diag(B->getExprLoc(), diag::warn_tautological_overlap_comparison)
146 << DiagRange << isAlwaysTrue;
147 }
148
compareBitwiseEquality(const BinaryOperator * B,bool isAlwaysTrue)149 void compareBitwiseEquality(const BinaryOperator *B,
150 bool isAlwaysTrue) override {
151 if (HasMacroID(B))
152 return;
153
154 SourceRange DiagRange = B->getSourceRange();
155 S.Diag(B->getExprLoc(), diag::warn_comparison_bitwise_always)
156 << DiagRange << isAlwaysTrue;
157 }
158 };
159 } // anonymous namespace
160
161 //===----------------------------------------------------------------------===//
162 // Check for infinite self-recursion in functions
163 //===----------------------------------------------------------------------===//
164
165 // Returns true if the function is called anywhere within the CFGBlock.
166 // For member functions, the additional condition of being call from the
167 // this pointer is required.
hasRecursiveCallInPath(const FunctionDecl * FD,CFGBlock & Block)168 static bool hasRecursiveCallInPath(const FunctionDecl *FD, CFGBlock &Block) {
169 // Process all the Stmt's in this block to find any calls to FD.
170 for (const auto &B : Block) {
171 if (B.getKind() != CFGElement::Statement)
172 continue;
173
174 const CallExpr *CE = dyn_cast<CallExpr>(B.getAs<CFGStmt>()->getStmt());
175 if (!CE || !CE->getCalleeDecl() ||
176 CE->getCalleeDecl()->getCanonicalDecl() != FD)
177 continue;
178
179 // Skip function calls which are qualified with a templated class.
180 if (const DeclRefExpr *DRE =
181 dyn_cast<DeclRefExpr>(CE->getCallee()->IgnoreParenImpCasts())) {
182 if (NestedNameSpecifier *NNS = DRE->getQualifier()) {
183 if (NNS->getKind() == NestedNameSpecifier::TypeSpec &&
184 isa<TemplateSpecializationType>(NNS->getAsType())) {
185 continue;
186 }
187 }
188 }
189
190 const CXXMemberCallExpr *MCE = dyn_cast<CXXMemberCallExpr>(CE);
191 if (!MCE || isa<CXXThisExpr>(MCE->getImplicitObjectArgument()) ||
192 !MCE->getMethodDecl()->isVirtual())
193 return true;
194 }
195 return false;
196 }
197
198 // All blocks are in one of three states. States are ordered so that blocks
199 // can only move to higher states.
200 enum RecursiveState {
201 FoundNoPath,
202 FoundPath,
203 FoundPathWithNoRecursiveCall
204 };
205
206 // Returns true if there exists a path to the exit block and every path
207 // to the exit block passes through a call to FD.
checkForRecursiveFunctionCall(const FunctionDecl * FD,CFG * cfg)208 static bool checkForRecursiveFunctionCall(const FunctionDecl *FD, CFG *cfg) {
209
210 const unsigned ExitID = cfg->getExit().getBlockID();
211
212 // Mark all nodes as FoundNoPath, then set the status of the entry block.
213 SmallVector<RecursiveState, 16> States(cfg->getNumBlockIDs(), FoundNoPath);
214 States[cfg->getEntry().getBlockID()] = FoundPathWithNoRecursiveCall;
215
216 // Make the processing stack and seed it with the entry block.
217 SmallVector<CFGBlock *, 16> Stack;
218 Stack.push_back(&cfg->getEntry());
219
220 while (!Stack.empty()) {
221 CFGBlock *CurBlock = Stack.back();
222 Stack.pop_back();
223
224 unsigned ID = CurBlock->getBlockID();
225 RecursiveState CurState = States[ID];
226
227 if (CurState == FoundPathWithNoRecursiveCall) {
228 // Found a path to the exit node without a recursive call.
229 if (ExitID == ID)
230 return false;
231
232 // Only change state if the block has a recursive call.
233 if (hasRecursiveCallInPath(FD, *CurBlock))
234 CurState = FoundPath;
235 }
236
237 // Loop over successor blocks and add them to the Stack if their state
238 // changes.
239 for (auto I = CurBlock->succ_begin(), E = CurBlock->succ_end(); I != E; ++I)
240 if (*I) {
241 unsigned next_ID = (*I)->getBlockID();
242 if (States[next_ID] < CurState) {
243 States[next_ID] = CurState;
244 Stack.push_back(*I);
245 }
246 }
247 }
248
249 // Return true if the exit node is reachable, and only reachable through
250 // a recursive call.
251 return States[ExitID] == FoundPath;
252 }
253
checkRecursiveFunction(Sema & S,const FunctionDecl * FD,const Stmt * Body,AnalysisDeclContext & AC)254 static void checkRecursiveFunction(Sema &S, const FunctionDecl *FD,
255 const Stmt *Body, AnalysisDeclContext &AC) {
256 FD = FD->getCanonicalDecl();
257
258 // Only run on non-templated functions and non-templated members of
259 // templated classes.
260 if (FD->getTemplatedKind() != FunctionDecl::TK_NonTemplate &&
261 FD->getTemplatedKind() != FunctionDecl::TK_MemberSpecialization)
262 return;
263
264 CFG *cfg = AC.getCFG();
265 if (!cfg) return;
266
267 // If the exit block is unreachable, skip processing the function.
268 if (cfg->getExit().pred_empty())
269 return;
270
271 // Emit diagnostic if a recursive function call is detected for all paths.
272 if (checkForRecursiveFunctionCall(FD, cfg))
273 S.Diag(Body->getLocStart(), diag::warn_infinite_recursive_function);
274 }
275
276 //===----------------------------------------------------------------------===//
277 // Check for missing return value.
278 //===----------------------------------------------------------------------===//
279
280 enum ControlFlowKind {
281 UnknownFallThrough,
282 NeverFallThrough,
283 MaybeFallThrough,
284 AlwaysFallThrough,
285 NeverFallThroughOrReturn
286 };
287
288 /// CheckFallThrough - Check that we don't fall off the end of a
289 /// Statement that should return a value.
290 ///
291 /// \returns AlwaysFallThrough iff we always fall off the end of the statement,
292 /// MaybeFallThrough iff we might or might not fall off the end,
293 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or
294 /// return. We assume NeverFallThrough iff we never fall off the end of the
295 /// statement but we may return. We assume that functions not marked noreturn
296 /// will return.
CheckFallThrough(AnalysisDeclContext & AC)297 static ControlFlowKind CheckFallThrough(AnalysisDeclContext &AC) {
298 CFG *cfg = AC.getCFG();
299 if (!cfg) return UnknownFallThrough;
300
301 // The CFG leaves in dead things, and we don't want the dead code paths to
302 // confuse us, so we mark all live things first.
303 llvm::BitVector live(cfg->getNumBlockIDs());
304 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(),
305 live);
306
307 bool AddEHEdges = AC.getAddEHEdges();
308 if (!AddEHEdges && count != cfg->getNumBlockIDs())
309 // When there are things remaining dead, and we didn't add EH edges
310 // from CallExprs to the catch clauses, we have to go back and
311 // mark them as live.
312 for (const auto *B : *cfg) {
313 if (!live[B->getBlockID()]) {
314 if (B->pred_begin() == B->pred_end()) {
315 if (B->getTerminator() && isa<CXXTryStmt>(B->getTerminator()))
316 // When not adding EH edges from calls, catch clauses
317 // can otherwise seem dead. Avoid noting them as dead.
318 count += reachable_code::ScanReachableFromBlock(B, live);
319 continue;
320 }
321 }
322 }
323
324 // Now we know what is live, we check the live precessors of the exit block
325 // and look for fall through paths, being careful to ignore normal returns,
326 // and exceptional paths.
327 bool HasLiveReturn = false;
328 bool HasFakeEdge = false;
329 bool HasPlainEdge = false;
330 bool HasAbnormalEdge = false;
331
332 // Ignore default cases that aren't likely to be reachable because all
333 // enums in a switch(X) have explicit case statements.
334 CFGBlock::FilterOptions FO;
335 FO.IgnoreDefaultsWithCoveredEnums = 1;
336
337 for (CFGBlock::filtered_pred_iterator
338 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) {
339 const CFGBlock& B = **I;
340 if (!live[B.getBlockID()])
341 continue;
342
343 // Skip blocks which contain an element marked as no-return. They don't
344 // represent actually viable edges into the exit block, so mark them as
345 // abnormal.
346 if (B.hasNoReturnElement()) {
347 HasAbnormalEdge = true;
348 continue;
349 }
350
351 // Destructors can appear after the 'return' in the CFG. This is
352 // normal. We need to look pass the destructors for the return
353 // statement (if it exists).
354 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend();
355
356 for ( ; ri != re ; ++ri)
357 if (ri->getAs<CFGStmt>())
358 break;
359
360 // No more CFGElements in the block?
361 if (ri == re) {
362 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) {
363 HasAbnormalEdge = true;
364 continue;
365 }
366 // A labeled empty statement, or the entry block...
367 HasPlainEdge = true;
368 continue;
369 }
370
371 CFGStmt CS = ri->castAs<CFGStmt>();
372 const Stmt *S = CS.getStmt();
373 if (isa<ReturnStmt>(S)) {
374 HasLiveReturn = true;
375 continue;
376 }
377 if (isa<ObjCAtThrowStmt>(S)) {
378 HasFakeEdge = true;
379 continue;
380 }
381 if (isa<CXXThrowExpr>(S)) {
382 HasFakeEdge = true;
383 continue;
384 }
385 if (isa<MSAsmStmt>(S)) {
386 // TODO: Verify this is correct.
387 HasFakeEdge = true;
388 HasLiveReturn = true;
389 continue;
390 }
391 if (isa<CXXTryStmt>(S)) {
392 HasAbnormalEdge = true;
393 continue;
394 }
395 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit())
396 == B.succ_end()) {
397 HasAbnormalEdge = true;
398 continue;
399 }
400
401 HasPlainEdge = true;
402 }
403 if (!HasPlainEdge) {
404 if (HasLiveReturn)
405 return NeverFallThrough;
406 return NeverFallThroughOrReturn;
407 }
408 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
409 return MaybeFallThrough;
410 // This says AlwaysFallThrough for calls to functions that are not marked
411 // noreturn, that don't return. If people would like this warning to be more
412 // accurate, such functions should be marked as noreturn.
413 return AlwaysFallThrough;
414 }
415
416 namespace {
417
418 struct CheckFallThroughDiagnostics {
419 unsigned diag_MaybeFallThrough_HasNoReturn;
420 unsigned diag_MaybeFallThrough_ReturnsNonVoid;
421 unsigned diag_AlwaysFallThrough_HasNoReturn;
422 unsigned diag_AlwaysFallThrough_ReturnsNonVoid;
423 unsigned diag_NeverFallThroughOrReturn;
424 enum { Function, Block, Lambda } funMode;
425 SourceLocation FuncLoc;
426
MakeForFunction__anon75d552dd0311::CheckFallThroughDiagnostics427 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) {
428 CheckFallThroughDiagnostics D;
429 D.FuncLoc = Func->getLocation();
430 D.diag_MaybeFallThrough_HasNoReturn =
431 diag::warn_falloff_noreturn_function;
432 D.diag_MaybeFallThrough_ReturnsNonVoid =
433 diag::warn_maybe_falloff_nonvoid_function;
434 D.diag_AlwaysFallThrough_HasNoReturn =
435 diag::warn_falloff_noreturn_function;
436 D.diag_AlwaysFallThrough_ReturnsNonVoid =
437 diag::warn_falloff_nonvoid_function;
438
439 // Don't suggest that virtual functions be marked "noreturn", since they
440 // might be overridden by non-noreturn functions.
441 bool isVirtualMethod = false;
442 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func))
443 isVirtualMethod = Method->isVirtual();
444
445 // Don't suggest that template instantiations be marked "noreturn"
446 bool isTemplateInstantiation = false;
447 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func))
448 isTemplateInstantiation = Function->isTemplateInstantiation();
449
450 if (!isVirtualMethod && !isTemplateInstantiation)
451 D.diag_NeverFallThroughOrReturn =
452 diag::warn_suggest_noreturn_function;
453 else
454 D.diag_NeverFallThroughOrReturn = 0;
455
456 D.funMode = Function;
457 return D;
458 }
459
MakeForBlock__anon75d552dd0311::CheckFallThroughDiagnostics460 static CheckFallThroughDiagnostics MakeForBlock() {
461 CheckFallThroughDiagnostics D;
462 D.diag_MaybeFallThrough_HasNoReturn =
463 diag::err_noreturn_block_has_return_expr;
464 D.diag_MaybeFallThrough_ReturnsNonVoid =
465 diag::err_maybe_falloff_nonvoid_block;
466 D.diag_AlwaysFallThrough_HasNoReturn =
467 diag::err_noreturn_block_has_return_expr;
468 D.diag_AlwaysFallThrough_ReturnsNonVoid =
469 diag::err_falloff_nonvoid_block;
470 D.diag_NeverFallThroughOrReturn = 0;
471 D.funMode = Block;
472 return D;
473 }
474
MakeForLambda__anon75d552dd0311::CheckFallThroughDiagnostics475 static CheckFallThroughDiagnostics MakeForLambda() {
476 CheckFallThroughDiagnostics D;
477 D.diag_MaybeFallThrough_HasNoReturn =
478 diag::err_noreturn_lambda_has_return_expr;
479 D.diag_MaybeFallThrough_ReturnsNonVoid =
480 diag::warn_maybe_falloff_nonvoid_lambda;
481 D.diag_AlwaysFallThrough_HasNoReturn =
482 diag::err_noreturn_lambda_has_return_expr;
483 D.diag_AlwaysFallThrough_ReturnsNonVoid =
484 diag::warn_falloff_nonvoid_lambda;
485 D.diag_NeverFallThroughOrReturn = 0;
486 D.funMode = Lambda;
487 return D;
488 }
489
checkDiagnostics__anon75d552dd0311::CheckFallThroughDiagnostics490 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid,
491 bool HasNoReturn) const {
492 if (funMode == Function) {
493 return (ReturnsVoid ||
494 D.isIgnored(diag::warn_maybe_falloff_nonvoid_function,
495 FuncLoc)) &&
496 (!HasNoReturn ||
497 D.isIgnored(diag::warn_noreturn_function_has_return_expr,
498 FuncLoc)) &&
499 (!ReturnsVoid ||
500 D.isIgnored(diag::warn_suggest_noreturn_block, FuncLoc));
501 }
502
503 // For blocks / lambdas.
504 return ReturnsVoid && !HasNoReturn;
505 }
506 };
507
508 } // anonymous namespace
509
510 /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a
511 /// function that should return a value. Check that we don't fall off the end
512 /// of a noreturn function. We assume that functions and blocks not marked
513 /// noreturn will return.
CheckFallThroughForBody(Sema & S,const Decl * D,const Stmt * Body,const BlockExpr * blkExpr,const CheckFallThroughDiagnostics & CD,AnalysisDeclContext & AC)514 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body,
515 const BlockExpr *blkExpr,
516 const CheckFallThroughDiagnostics& CD,
517 AnalysisDeclContext &AC) {
518
519 bool ReturnsVoid = false;
520 bool HasNoReturn = false;
521
522 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
523 ReturnsVoid = FD->getReturnType()->isVoidType();
524 HasNoReturn = FD->isNoReturn();
525 }
526 else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
527 ReturnsVoid = MD->getReturnType()->isVoidType();
528 HasNoReturn = MD->hasAttr<NoReturnAttr>();
529 }
530 else if (isa<BlockDecl>(D)) {
531 QualType BlockTy = blkExpr->getType();
532 if (const FunctionType *FT =
533 BlockTy->getPointeeType()->getAs<FunctionType>()) {
534 if (FT->getReturnType()->isVoidType())
535 ReturnsVoid = true;
536 if (FT->getNoReturnAttr())
537 HasNoReturn = true;
538 }
539 }
540
541 DiagnosticsEngine &Diags = S.getDiagnostics();
542
543 // Short circuit for compilation speed.
544 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn))
545 return;
546
547 SourceLocation LBrace = Body->getLocStart(), RBrace = Body->getLocEnd();
548 // Either in a function body compound statement, or a function-try-block.
549 switch (CheckFallThrough(AC)) {
550 case UnknownFallThrough:
551 break;
552
553 case MaybeFallThrough:
554 if (HasNoReturn)
555 S.Diag(RBrace, CD.diag_MaybeFallThrough_HasNoReturn);
556 else if (!ReturnsVoid)
557 S.Diag(RBrace, CD.diag_MaybeFallThrough_ReturnsNonVoid);
558 break;
559 case AlwaysFallThrough:
560 if (HasNoReturn)
561 S.Diag(RBrace, CD.diag_AlwaysFallThrough_HasNoReturn);
562 else if (!ReturnsVoid)
563 S.Diag(RBrace, CD.diag_AlwaysFallThrough_ReturnsNonVoid);
564 break;
565 case NeverFallThroughOrReturn:
566 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) {
567 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
568 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 0 << FD;
569 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
570 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn) << 1 << MD;
571 } else {
572 S.Diag(LBrace, CD.diag_NeverFallThroughOrReturn);
573 }
574 }
575 break;
576 case NeverFallThrough:
577 break;
578 }
579 }
580
581 //===----------------------------------------------------------------------===//
582 // -Wuninitialized
583 //===----------------------------------------------------------------------===//
584
585 namespace {
586 /// ContainsReference - A visitor class to search for references to
587 /// a particular declaration (the needle) within any evaluated component of an
588 /// expression (recursively).
589 class ContainsReference : public ConstEvaluatedExprVisitor<ContainsReference> {
590 bool FoundReference;
591 const DeclRefExpr *Needle;
592
593 public:
594 typedef ConstEvaluatedExprVisitor<ContainsReference> Inherited;
595
ContainsReference(ASTContext & Context,const DeclRefExpr * Needle)596 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle)
597 : Inherited(Context), FoundReference(false), Needle(Needle) {}
598
VisitExpr(const Expr * E)599 void VisitExpr(const Expr *E) {
600 // Stop evaluating if we already have a reference.
601 if (FoundReference)
602 return;
603
604 Inherited::VisitExpr(E);
605 }
606
VisitDeclRefExpr(const DeclRefExpr * E)607 void VisitDeclRefExpr(const DeclRefExpr *E) {
608 if (E == Needle)
609 FoundReference = true;
610 else
611 Inherited::VisitDeclRefExpr(E);
612 }
613
doesContainReference() const614 bool doesContainReference() const { return FoundReference; }
615 };
616 } // anonymous namespace
617
SuggestInitializationFixit(Sema & S,const VarDecl * VD)618 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) {
619 QualType VariableTy = VD->getType().getCanonicalType();
620 if (VariableTy->isBlockPointerType() &&
621 !VD->hasAttr<BlocksAttr>()) {
622 S.Diag(VD->getLocation(), diag::note_block_var_fixit_add_initialization)
623 << VD->getDeclName()
624 << FixItHint::CreateInsertion(VD->getLocation(), "__block ");
625 return true;
626 }
627
628 // Don't issue a fixit if there is already an initializer.
629 if (VD->getInit())
630 return false;
631
632 // Don't suggest a fixit inside macros.
633 if (VD->getLocEnd().isMacroID())
634 return false;
635
636 SourceLocation Loc = S.getLocForEndOfToken(VD->getLocEnd());
637
638 // Suggest possible initialization (if any).
639 std::string Init = S.getFixItZeroInitializerForType(VariableTy, Loc);
640 if (Init.empty())
641 return false;
642
643 S.Diag(Loc, diag::note_var_fixit_add_initialization) << VD->getDeclName()
644 << FixItHint::CreateInsertion(Loc, Init);
645 return true;
646 }
647
648 /// Create a fixit to remove an if-like statement, on the assumption that its
649 /// condition is CondVal.
CreateIfFixit(Sema & S,const Stmt * If,const Stmt * Then,const Stmt * Else,bool CondVal,FixItHint & Fixit1,FixItHint & Fixit2)650 static void CreateIfFixit(Sema &S, const Stmt *If, const Stmt *Then,
651 const Stmt *Else, bool CondVal,
652 FixItHint &Fixit1, FixItHint &Fixit2) {
653 if (CondVal) {
654 // If condition is always true, remove all but the 'then'.
655 Fixit1 = FixItHint::CreateRemoval(
656 CharSourceRange::getCharRange(If->getLocStart(),
657 Then->getLocStart()));
658 if (Else) {
659 SourceLocation ElseKwLoc = S.getLocForEndOfToken(Then->getLocEnd());
660 Fixit2 = FixItHint::CreateRemoval(
661 SourceRange(ElseKwLoc, Else->getLocEnd()));
662 }
663 } else {
664 // If condition is always false, remove all but the 'else'.
665 if (Else)
666 Fixit1 = FixItHint::CreateRemoval(
667 CharSourceRange::getCharRange(If->getLocStart(),
668 Else->getLocStart()));
669 else
670 Fixit1 = FixItHint::CreateRemoval(If->getSourceRange());
671 }
672 }
673
674 /// DiagUninitUse -- Helper function to produce a diagnostic for an
675 /// uninitialized use of a variable.
DiagUninitUse(Sema & S,const VarDecl * VD,const UninitUse & Use,bool IsCapturedByBlock)676 static void DiagUninitUse(Sema &S, const VarDecl *VD, const UninitUse &Use,
677 bool IsCapturedByBlock) {
678 bool Diagnosed = false;
679
680 switch (Use.getKind()) {
681 case UninitUse::Always:
682 S.Diag(Use.getUser()->getLocStart(), diag::warn_uninit_var)
683 << VD->getDeclName() << IsCapturedByBlock
684 << Use.getUser()->getSourceRange();
685 return;
686
687 case UninitUse::AfterDecl:
688 case UninitUse::AfterCall:
689 S.Diag(VD->getLocation(), diag::warn_sometimes_uninit_var)
690 << VD->getDeclName() << IsCapturedByBlock
691 << (Use.getKind() == UninitUse::AfterDecl ? 4 : 5)
692 << const_cast<DeclContext*>(VD->getLexicalDeclContext())
693 << VD->getSourceRange();
694 S.Diag(Use.getUser()->getLocStart(), diag::note_uninit_var_use)
695 << IsCapturedByBlock << Use.getUser()->getSourceRange();
696 return;
697
698 case UninitUse::Maybe:
699 case UninitUse::Sometimes:
700 // Carry on to report sometimes-uninitialized branches, if possible,
701 // or a 'may be used uninitialized' diagnostic otherwise.
702 break;
703 }
704
705 // Diagnose each branch which leads to a sometimes-uninitialized use.
706 for (UninitUse::branch_iterator I = Use.branch_begin(), E = Use.branch_end();
707 I != E; ++I) {
708 assert(Use.getKind() == UninitUse::Sometimes);
709
710 const Expr *User = Use.getUser();
711 const Stmt *Term = I->Terminator;
712
713 // Information used when building the diagnostic.
714 unsigned DiagKind;
715 StringRef Str;
716 SourceRange Range;
717
718 // FixIts to suppress the diagnostic by removing the dead condition.
719 // For all binary terminators, branch 0 is taken if the condition is true,
720 // and branch 1 is taken if the condition is false.
721 int RemoveDiagKind = -1;
722 const char *FixitStr =
723 S.getLangOpts().CPlusPlus ? (I->Output ? "true" : "false")
724 : (I->Output ? "1" : "0");
725 FixItHint Fixit1, Fixit2;
726
727 switch (Term ? Term->getStmtClass() : Stmt::DeclStmtClass) {
728 default:
729 // Don't know how to report this. Just fall back to 'may be used
730 // uninitialized'. FIXME: Can this happen?
731 continue;
732
733 // "condition is true / condition is false".
734 case Stmt::IfStmtClass: {
735 const IfStmt *IS = cast<IfStmt>(Term);
736 DiagKind = 0;
737 Str = "if";
738 Range = IS->getCond()->getSourceRange();
739 RemoveDiagKind = 0;
740 CreateIfFixit(S, IS, IS->getThen(), IS->getElse(),
741 I->Output, Fixit1, Fixit2);
742 break;
743 }
744 case Stmt::ConditionalOperatorClass: {
745 const ConditionalOperator *CO = cast<ConditionalOperator>(Term);
746 DiagKind = 0;
747 Str = "?:";
748 Range = CO->getCond()->getSourceRange();
749 RemoveDiagKind = 0;
750 CreateIfFixit(S, CO, CO->getTrueExpr(), CO->getFalseExpr(),
751 I->Output, Fixit1, Fixit2);
752 break;
753 }
754 case Stmt::BinaryOperatorClass: {
755 const BinaryOperator *BO = cast<BinaryOperator>(Term);
756 if (!BO->isLogicalOp())
757 continue;
758 DiagKind = 0;
759 Str = BO->getOpcodeStr();
760 Range = BO->getLHS()->getSourceRange();
761 RemoveDiagKind = 0;
762 if ((BO->getOpcode() == BO_LAnd && I->Output) ||
763 (BO->getOpcode() == BO_LOr && !I->Output))
764 // true && y -> y, false || y -> y.
765 Fixit1 = FixItHint::CreateRemoval(SourceRange(BO->getLocStart(),
766 BO->getOperatorLoc()));
767 else
768 // false && y -> false, true || y -> true.
769 Fixit1 = FixItHint::CreateReplacement(BO->getSourceRange(), FixitStr);
770 break;
771 }
772
773 // "loop is entered / loop is exited".
774 case Stmt::WhileStmtClass:
775 DiagKind = 1;
776 Str = "while";
777 Range = cast<WhileStmt>(Term)->getCond()->getSourceRange();
778 RemoveDiagKind = 1;
779 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
780 break;
781 case Stmt::ForStmtClass:
782 DiagKind = 1;
783 Str = "for";
784 Range = cast<ForStmt>(Term)->getCond()->getSourceRange();
785 RemoveDiagKind = 1;
786 if (I->Output)
787 Fixit1 = FixItHint::CreateRemoval(Range);
788 else
789 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
790 break;
791 case Stmt::CXXForRangeStmtClass:
792 if (I->Output == 1) {
793 // The use occurs if a range-based for loop's body never executes.
794 // That may be impossible, and there's no syntactic fix for this,
795 // so treat it as a 'may be uninitialized' case.
796 continue;
797 }
798 DiagKind = 1;
799 Str = "for";
800 Range = cast<CXXForRangeStmt>(Term)->getRangeInit()->getSourceRange();
801 break;
802
803 // "condition is true / loop is exited".
804 case Stmt::DoStmtClass:
805 DiagKind = 2;
806 Str = "do";
807 Range = cast<DoStmt>(Term)->getCond()->getSourceRange();
808 RemoveDiagKind = 1;
809 Fixit1 = FixItHint::CreateReplacement(Range, FixitStr);
810 break;
811
812 // "switch case is taken".
813 case Stmt::CaseStmtClass:
814 DiagKind = 3;
815 Str = "case";
816 Range = cast<CaseStmt>(Term)->getLHS()->getSourceRange();
817 break;
818 case Stmt::DefaultStmtClass:
819 DiagKind = 3;
820 Str = "default";
821 Range = cast<DefaultStmt>(Term)->getDefaultLoc();
822 break;
823 }
824
825 S.Diag(Range.getBegin(), diag::warn_sometimes_uninit_var)
826 << VD->getDeclName() << IsCapturedByBlock << DiagKind
827 << Str << I->Output << Range;
828 S.Diag(User->getLocStart(), diag::note_uninit_var_use)
829 << IsCapturedByBlock << User->getSourceRange();
830 if (RemoveDiagKind != -1)
831 S.Diag(Fixit1.RemoveRange.getBegin(), diag::note_uninit_fixit_remove_cond)
832 << RemoveDiagKind << Str << I->Output << Fixit1 << Fixit2;
833
834 Diagnosed = true;
835 }
836
837 if (!Diagnosed)
838 S.Diag(Use.getUser()->getLocStart(), diag::warn_maybe_uninit_var)
839 << VD->getDeclName() << IsCapturedByBlock
840 << Use.getUser()->getSourceRange();
841 }
842
843 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an
844 /// uninitialized variable. This manages the different forms of diagnostic
845 /// emitted for particular types of uses. Returns true if the use was diagnosed
846 /// as a warning. If a particular use is one we omit warnings for, returns
847 /// false.
DiagnoseUninitializedUse(Sema & S,const VarDecl * VD,const UninitUse & Use,bool alwaysReportSelfInit=false)848 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD,
849 const UninitUse &Use,
850 bool alwaysReportSelfInit = false) {
851 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(Use.getUser())) {
852 // Inspect the initializer of the variable declaration which is
853 // being referenced prior to its initialization. We emit
854 // specialized diagnostics for self-initialization, and we
855 // specifically avoid warning about self references which take the
856 // form of:
857 //
858 // int x = x;
859 //
860 // This is used to indicate to GCC that 'x' is intentionally left
861 // uninitialized. Proven code paths which access 'x' in
862 // an uninitialized state after this will still warn.
863 if (const Expr *Initializer = VD->getInit()) {
864 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts())
865 return false;
866
867 ContainsReference CR(S.Context, DRE);
868 CR.Visit(Initializer);
869 if (CR.doesContainReference()) {
870 S.Diag(DRE->getLocStart(),
871 diag::warn_uninit_self_reference_in_init)
872 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange();
873 return true;
874 }
875 }
876
877 DiagUninitUse(S, VD, Use, false);
878 } else {
879 const BlockExpr *BE = cast<BlockExpr>(Use.getUser());
880 if (VD->getType()->isBlockPointerType() && !VD->hasAttr<BlocksAttr>())
881 S.Diag(BE->getLocStart(),
882 diag::warn_uninit_byref_blockvar_captured_by_block)
883 << VD->getDeclName();
884 else
885 DiagUninitUse(S, VD, Use, true);
886 }
887
888 // Report where the variable was declared when the use wasn't within
889 // the initializer of that declaration & we didn't already suggest
890 // an initialization fixit.
891 if (!SuggestInitializationFixit(S, VD))
892 S.Diag(VD->getLocStart(), diag::note_var_declared_here)
893 << VD->getDeclName();
894
895 return true;
896 }
897
898 namespace {
899 class FallthroughMapper : public RecursiveASTVisitor<FallthroughMapper> {
900 public:
FallthroughMapper(Sema & S)901 FallthroughMapper(Sema &S)
902 : FoundSwitchStatements(false),
903 S(S) {
904 }
905
foundSwitchStatements() const906 bool foundSwitchStatements() const { return FoundSwitchStatements; }
907
markFallthroughVisited(const AttributedStmt * Stmt)908 void markFallthroughVisited(const AttributedStmt *Stmt) {
909 bool Found = FallthroughStmts.erase(Stmt);
910 assert(Found);
911 (void)Found;
912 }
913
914 typedef llvm::SmallPtrSet<const AttributedStmt*, 8> AttrStmts;
915
getFallthroughStmts() const916 const AttrStmts &getFallthroughStmts() const {
917 return FallthroughStmts;
918 }
919
fillReachableBlocks(CFG * Cfg)920 void fillReachableBlocks(CFG *Cfg) {
921 assert(ReachableBlocks.empty() && "ReachableBlocks already filled");
922 std::deque<const CFGBlock *> BlockQueue;
923
924 ReachableBlocks.insert(&Cfg->getEntry());
925 BlockQueue.push_back(&Cfg->getEntry());
926 // Mark all case blocks reachable to avoid problems with switching on
927 // constants, covered enums, etc.
928 // These blocks can contain fall-through annotations, and we don't want to
929 // issue a warn_fallthrough_attr_unreachable for them.
930 for (const auto *B : *Cfg) {
931 const Stmt *L = B->getLabel();
932 if (L && isa<SwitchCase>(L) && ReachableBlocks.insert(B).second)
933 BlockQueue.push_back(B);
934 }
935
936 while (!BlockQueue.empty()) {
937 const CFGBlock *P = BlockQueue.front();
938 BlockQueue.pop_front();
939 for (CFGBlock::const_succ_iterator I = P->succ_begin(),
940 E = P->succ_end();
941 I != E; ++I) {
942 if (*I && ReachableBlocks.insert(*I).second)
943 BlockQueue.push_back(*I);
944 }
945 }
946 }
947
checkFallThroughIntoBlock(const CFGBlock & B,int & AnnotatedCnt)948 bool checkFallThroughIntoBlock(const CFGBlock &B, int &AnnotatedCnt) {
949 assert(!ReachableBlocks.empty() && "ReachableBlocks empty");
950
951 int UnannotatedCnt = 0;
952 AnnotatedCnt = 0;
953
954 std::deque<const CFGBlock*> BlockQueue(B.pred_begin(), B.pred_end());
955 while (!BlockQueue.empty()) {
956 const CFGBlock *P = BlockQueue.front();
957 BlockQueue.pop_front();
958 if (!P) continue;
959
960 const Stmt *Term = P->getTerminator();
961 if (Term && isa<SwitchStmt>(Term))
962 continue; // Switch statement, good.
963
964 const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(P->getLabel());
965 if (SW && SW->getSubStmt() == B.getLabel() && P->begin() == P->end())
966 continue; // Previous case label has no statements, good.
967
968 const LabelStmt *L = dyn_cast_or_null<LabelStmt>(P->getLabel());
969 if (L && L->getSubStmt() == B.getLabel() && P->begin() == P->end())
970 continue; // Case label is preceded with a normal label, good.
971
972 if (!ReachableBlocks.count(P)) {
973 for (CFGBlock::const_reverse_iterator ElemIt = P->rbegin(),
974 ElemEnd = P->rend();
975 ElemIt != ElemEnd; ++ElemIt) {
976 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>()) {
977 if (const AttributedStmt *AS = asFallThroughAttr(CS->getStmt())) {
978 S.Diag(AS->getLocStart(),
979 diag::warn_fallthrough_attr_unreachable);
980 markFallthroughVisited(AS);
981 ++AnnotatedCnt;
982 break;
983 }
984 // Don't care about other unreachable statements.
985 }
986 }
987 // If there are no unreachable statements, this may be a special
988 // case in CFG:
989 // case X: {
990 // A a; // A has a destructor.
991 // break;
992 // }
993 // // <<<< This place is represented by a 'hanging' CFG block.
994 // case Y:
995 continue;
996 }
997
998 const Stmt *LastStmt = getLastStmt(*P);
999 if (const AttributedStmt *AS = asFallThroughAttr(LastStmt)) {
1000 markFallthroughVisited(AS);
1001 ++AnnotatedCnt;
1002 continue; // Fallthrough annotation, good.
1003 }
1004
1005 if (!LastStmt) { // This block contains no executable statements.
1006 // Traverse its predecessors.
1007 std::copy(P->pred_begin(), P->pred_end(),
1008 std::back_inserter(BlockQueue));
1009 continue;
1010 }
1011
1012 ++UnannotatedCnt;
1013 }
1014 return !!UnannotatedCnt;
1015 }
1016
1017 // RecursiveASTVisitor setup.
shouldWalkTypesOfTypeLocs() const1018 bool shouldWalkTypesOfTypeLocs() const { return false; }
1019
VisitAttributedStmt(AttributedStmt * S)1020 bool VisitAttributedStmt(AttributedStmt *S) {
1021 if (asFallThroughAttr(S))
1022 FallthroughStmts.insert(S);
1023 return true;
1024 }
1025
VisitSwitchStmt(SwitchStmt * S)1026 bool VisitSwitchStmt(SwitchStmt *S) {
1027 FoundSwitchStatements = true;
1028 return true;
1029 }
1030
1031 // We don't want to traverse local type declarations. We analyze their
1032 // methods separately.
TraverseDecl(Decl * D)1033 bool TraverseDecl(Decl *D) { return true; }
1034
1035 // We analyze lambda bodies separately. Skip them here.
TraverseLambdaBody(LambdaExpr * LE)1036 bool TraverseLambdaBody(LambdaExpr *LE) { return true; }
1037
1038 private:
1039
asFallThroughAttr(const Stmt * S)1040 static const AttributedStmt *asFallThroughAttr(const Stmt *S) {
1041 if (const AttributedStmt *AS = dyn_cast_or_null<AttributedStmt>(S)) {
1042 if (hasSpecificAttr<FallThroughAttr>(AS->getAttrs()))
1043 return AS;
1044 }
1045 return nullptr;
1046 }
1047
getLastStmt(const CFGBlock & B)1048 static const Stmt *getLastStmt(const CFGBlock &B) {
1049 if (const Stmt *Term = B.getTerminator())
1050 return Term;
1051 for (CFGBlock::const_reverse_iterator ElemIt = B.rbegin(),
1052 ElemEnd = B.rend();
1053 ElemIt != ElemEnd; ++ElemIt) {
1054 if (Optional<CFGStmt> CS = ElemIt->getAs<CFGStmt>())
1055 return CS->getStmt();
1056 }
1057 // Workaround to detect a statement thrown out by CFGBuilder:
1058 // case X: {} case Y:
1059 // case X: ; case Y:
1060 if (const SwitchCase *SW = dyn_cast_or_null<SwitchCase>(B.getLabel()))
1061 if (!isa<SwitchCase>(SW->getSubStmt()))
1062 return SW->getSubStmt();
1063
1064 return nullptr;
1065 }
1066
1067 bool FoundSwitchStatements;
1068 AttrStmts FallthroughStmts;
1069 Sema &S;
1070 llvm::SmallPtrSet<const CFGBlock *, 16> ReachableBlocks;
1071 };
1072 } // anonymous namespace
1073
getFallthroughAttrSpelling(Preprocessor & PP,SourceLocation Loc)1074 static StringRef getFallthroughAttrSpelling(Preprocessor &PP,
1075 SourceLocation Loc) {
1076 TokenValue FallthroughTokens[] = {
1077 tok::l_square, tok::l_square,
1078 PP.getIdentifierInfo("fallthrough"),
1079 tok::r_square, tok::r_square
1080 };
1081
1082 TokenValue ClangFallthroughTokens[] = {
1083 tok::l_square, tok::l_square, PP.getIdentifierInfo("clang"),
1084 tok::coloncolon, PP.getIdentifierInfo("fallthrough"),
1085 tok::r_square, tok::r_square
1086 };
1087
1088 bool PreferClangAttr = !PP.getLangOpts().CPlusPlus1z;
1089
1090 StringRef MacroName;
1091 if (PreferClangAttr)
1092 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens);
1093 if (MacroName.empty())
1094 MacroName = PP.getLastMacroWithSpelling(Loc, FallthroughTokens);
1095 if (MacroName.empty() && !PreferClangAttr)
1096 MacroName = PP.getLastMacroWithSpelling(Loc, ClangFallthroughTokens);
1097 if (MacroName.empty())
1098 MacroName = PreferClangAttr ? "[[clang::fallthrough]]" : "[[fallthrough]]";
1099 return MacroName;
1100 }
1101
DiagnoseSwitchLabelsFallthrough(Sema & S,AnalysisDeclContext & AC,bool PerFunction)1102 static void DiagnoseSwitchLabelsFallthrough(Sema &S, AnalysisDeclContext &AC,
1103 bool PerFunction) {
1104 // Only perform this analysis when using C++11. There is no good workflow
1105 // for this warning when not using C++11. There is no good way to silence
1106 // the warning (no attribute is available) unless we are using C++11's support
1107 // for generalized attributes. Once could use pragmas to silence the warning,
1108 // but as a general solution that is gross and not in the spirit of this
1109 // warning.
1110 //
1111 // NOTE: This an intermediate solution. There are on-going discussions on
1112 // how to properly support this warning outside of C++11 with an annotation.
1113 if (!AC.getASTContext().getLangOpts().CPlusPlus11)
1114 return;
1115
1116 FallthroughMapper FM(S);
1117 FM.TraverseStmt(AC.getBody());
1118
1119 if (!FM.foundSwitchStatements())
1120 return;
1121
1122 if (PerFunction && FM.getFallthroughStmts().empty())
1123 return;
1124
1125 CFG *Cfg = AC.getCFG();
1126
1127 if (!Cfg)
1128 return;
1129
1130 FM.fillReachableBlocks(Cfg);
1131
1132 for (const CFGBlock *B : llvm::reverse(*Cfg)) {
1133 const Stmt *Label = B->getLabel();
1134
1135 if (!Label || !isa<SwitchCase>(Label))
1136 continue;
1137
1138 int AnnotatedCnt;
1139
1140 if (!FM.checkFallThroughIntoBlock(*B, AnnotatedCnt))
1141 continue;
1142
1143 S.Diag(Label->getLocStart(),
1144 PerFunction ? diag::warn_unannotated_fallthrough_per_function
1145 : diag::warn_unannotated_fallthrough);
1146
1147 if (!AnnotatedCnt) {
1148 SourceLocation L = Label->getLocStart();
1149 if (L.isMacroID())
1150 continue;
1151 if (S.getLangOpts().CPlusPlus11) {
1152 const Stmt *Term = B->getTerminator();
1153 // Skip empty cases.
1154 while (B->empty() && !Term && B->succ_size() == 1) {
1155 B = *B->succ_begin();
1156 Term = B->getTerminator();
1157 }
1158 if (!(B->empty() && Term && isa<BreakStmt>(Term))) {
1159 Preprocessor &PP = S.getPreprocessor();
1160 StringRef AnnotationSpelling = getFallthroughAttrSpelling(PP, L);
1161 SmallString<64> TextToInsert(AnnotationSpelling);
1162 TextToInsert += "; ";
1163 S.Diag(L, diag::note_insert_fallthrough_fixit) <<
1164 AnnotationSpelling <<
1165 FixItHint::CreateInsertion(L, TextToInsert);
1166 }
1167 }
1168 S.Diag(L, diag::note_insert_break_fixit) <<
1169 FixItHint::CreateInsertion(L, "break; ");
1170 }
1171 }
1172
1173 for (const auto *F : FM.getFallthroughStmts())
1174 S.Diag(F->getLocStart(), diag::err_fallthrough_attr_invalid_placement);
1175 }
1176
isInLoop(const ASTContext & Ctx,const ParentMap & PM,const Stmt * S)1177 static bool isInLoop(const ASTContext &Ctx, const ParentMap &PM,
1178 const Stmt *S) {
1179 assert(S);
1180
1181 do {
1182 switch (S->getStmtClass()) {
1183 case Stmt::ForStmtClass:
1184 case Stmt::WhileStmtClass:
1185 case Stmt::CXXForRangeStmtClass:
1186 case Stmt::ObjCForCollectionStmtClass:
1187 return true;
1188 case Stmt::DoStmtClass: {
1189 const Expr *Cond = cast<DoStmt>(S)->getCond();
1190 llvm::APSInt Val;
1191 if (!Cond->EvaluateAsInt(Val, Ctx))
1192 return true;
1193 return Val.getBoolValue();
1194 }
1195 default:
1196 break;
1197 }
1198 } while ((S = PM.getParent(S)));
1199
1200 return false;
1201 }
1202
diagnoseRepeatedUseOfWeak(Sema & S,const sema::FunctionScopeInfo * CurFn,const Decl * D,const ParentMap & PM)1203 static void diagnoseRepeatedUseOfWeak(Sema &S,
1204 const sema::FunctionScopeInfo *CurFn,
1205 const Decl *D,
1206 const ParentMap &PM) {
1207 typedef sema::FunctionScopeInfo::WeakObjectProfileTy WeakObjectProfileTy;
1208 typedef sema::FunctionScopeInfo::WeakObjectUseMap WeakObjectUseMap;
1209 typedef sema::FunctionScopeInfo::WeakUseVector WeakUseVector;
1210 typedef std::pair<const Stmt *, WeakObjectUseMap::const_iterator>
1211 StmtUsesPair;
1212
1213 ASTContext &Ctx = S.getASTContext();
1214
1215 const WeakObjectUseMap &WeakMap = CurFn->getWeakObjectUses();
1216
1217 // Extract all weak objects that are referenced more than once.
1218 SmallVector<StmtUsesPair, 8> UsesByStmt;
1219 for (WeakObjectUseMap::const_iterator I = WeakMap.begin(), E = WeakMap.end();
1220 I != E; ++I) {
1221 const WeakUseVector &Uses = I->second;
1222
1223 // Find the first read of the weak object.
1224 WeakUseVector::const_iterator UI = Uses.begin(), UE = Uses.end();
1225 for ( ; UI != UE; ++UI) {
1226 if (UI->isUnsafe())
1227 break;
1228 }
1229
1230 // If there were only writes to this object, don't warn.
1231 if (UI == UE)
1232 continue;
1233
1234 // If there was only one read, followed by any number of writes, and the
1235 // read is not within a loop, don't warn. Additionally, don't warn in a
1236 // loop if the base object is a local variable -- local variables are often
1237 // changed in loops.
1238 if (UI == Uses.begin()) {
1239 WeakUseVector::const_iterator UI2 = UI;
1240 for (++UI2; UI2 != UE; ++UI2)
1241 if (UI2->isUnsafe())
1242 break;
1243
1244 if (UI2 == UE) {
1245 if (!isInLoop(Ctx, PM, UI->getUseExpr()))
1246 continue;
1247
1248 const WeakObjectProfileTy &Profile = I->first;
1249 if (!Profile.isExactProfile())
1250 continue;
1251
1252 const NamedDecl *Base = Profile.getBase();
1253 if (!Base)
1254 Base = Profile.getProperty();
1255 assert(Base && "A profile always has a base or property.");
1256
1257 if (const VarDecl *BaseVar = dyn_cast<VarDecl>(Base))
1258 if (BaseVar->hasLocalStorage() && !isa<ParmVarDecl>(Base))
1259 continue;
1260 }
1261 }
1262
1263 UsesByStmt.push_back(StmtUsesPair(UI->getUseExpr(), I));
1264 }
1265
1266 if (UsesByStmt.empty())
1267 return;
1268
1269 // Sort by first use so that we emit the warnings in a deterministic order.
1270 SourceManager &SM = S.getSourceManager();
1271 std::sort(UsesByStmt.begin(), UsesByStmt.end(),
1272 [&SM](const StmtUsesPair &LHS, const StmtUsesPair &RHS) {
1273 return SM.isBeforeInTranslationUnit(LHS.first->getLocStart(),
1274 RHS.first->getLocStart());
1275 });
1276
1277 // Classify the current code body for better warning text.
1278 // This enum should stay in sync with the cases in
1279 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak.
1280 // FIXME: Should we use a common classification enum and the same set of
1281 // possibilities all throughout Sema?
1282 enum {
1283 Function,
1284 Method,
1285 Block,
1286 Lambda
1287 } FunctionKind;
1288
1289 if (isa<sema::BlockScopeInfo>(CurFn))
1290 FunctionKind = Block;
1291 else if (isa<sema::LambdaScopeInfo>(CurFn))
1292 FunctionKind = Lambda;
1293 else if (isa<ObjCMethodDecl>(D))
1294 FunctionKind = Method;
1295 else
1296 FunctionKind = Function;
1297
1298 // Iterate through the sorted problems and emit warnings for each.
1299 for (const auto &P : UsesByStmt) {
1300 const Stmt *FirstRead = P.first;
1301 const WeakObjectProfileTy &Key = P.second->first;
1302 const WeakUseVector &Uses = P.second->second;
1303
1304 // For complicated expressions like 'a.b.c' and 'x.b.c', WeakObjectProfileTy
1305 // may not contain enough information to determine that these are different
1306 // properties. We can only be 100% sure of a repeated use in certain cases,
1307 // and we adjust the diagnostic kind accordingly so that the less certain
1308 // case can be turned off if it is too noisy.
1309 unsigned DiagKind;
1310 if (Key.isExactProfile())
1311 DiagKind = diag::warn_arc_repeated_use_of_weak;
1312 else
1313 DiagKind = diag::warn_arc_possible_repeated_use_of_weak;
1314
1315 // Classify the weak object being accessed for better warning text.
1316 // This enum should stay in sync with the cases in
1317 // warn_arc_repeated_use_of_weak and warn_arc_possible_repeated_use_of_weak.
1318 enum {
1319 Variable,
1320 Property,
1321 ImplicitProperty,
1322 Ivar
1323 } ObjectKind;
1324
1325 const NamedDecl *KeyProp = Key.getProperty();
1326 if (isa<VarDecl>(KeyProp))
1327 ObjectKind = Variable;
1328 else if (isa<ObjCPropertyDecl>(KeyProp))
1329 ObjectKind = Property;
1330 else if (isa<ObjCMethodDecl>(KeyProp))
1331 ObjectKind = ImplicitProperty;
1332 else if (isa<ObjCIvarDecl>(KeyProp))
1333 ObjectKind = Ivar;
1334 else
1335 llvm_unreachable("Unexpected weak object kind!");
1336
1337 // Do not warn about IBOutlet weak property receivers being set to null
1338 // since they are typically only used from the main thread.
1339 if (const ObjCPropertyDecl *Prop = dyn_cast<ObjCPropertyDecl>(KeyProp))
1340 if (Prop->hasAttr<IBOutletAttr>())
1341 continue;
1342
1343 // Show the first time the object was read.
1344 S.Diag(FirstRead->getLocStart(), DiagKind)
1345 << int(ObjectKind) << KeyProp << int(FunctionKind)
1346 << FirstRead->getSourceRange();
1347
1348 // Print all the other accesses as notes.
1349 for (const auto &Use : Uses) {
1350 if (Use.getUseExpr() == FirstRead)
1351 continue;
1352 S.Diag(Use.getUseExpr()->getLocStart(),
1353 diag::note_arc_weak_also_accessed_here)
1354 << Use.getUseExpr()->getSourceRange();
1355 }
1356 }
1357 }
1358
1359 namespace {
1360 class UninitValsDiagReporter : public UninitVariablesHandler {
1361 Sema &S;
1362 typedef SmallVector<UninitUse, 2> UsesVec;
1363 typedef llvm::PointerIntPair<UsesVec *, 1, bool> MappedType;
1364 // Prefer using MapVector to DenseMap, so that iteration order will be
1365 // the same as insertion order. This is needed to obtain a deterministic
1366 // order of diagnostics when calling flushDiagnostics().
1367 typedef llvm::MapVector<const VarDecl *, MappedType> UsesMap;
1368 UsesMap uses;
1369
1370 public:
UninitValsDiagReporter(Sema & S)1371 UninitValsDiagReporter(Sema &S) : S(S) {}
~UninitValsDiagReporter()1372 ~UninitValsDiagReporter() override { flushDiagnostics(); }
1373
getUses(const VarDecl * vd)1374 MappedType &getUses(const VarDecl *vd) {
1375 MappedType &V = uses[vd];
1376 if (!V.getPointer())
1377 V.setPointer(new UsesVec());
1378 return V;
1379 }
1380
handleUseOfUninitVariable(const VarDecl * vd,const UninitUse & use)1381 void handleUseOfUninitVariable(const VarDecl *vd,
1382 const UninitUse &use) override {
1383 getUses(vd).getPointer()->push_back(use);
1384 }
1385
handleSelfInit(const VarDecl * vd)1386 void handleSelfInit(const VarDecl *vd) override {
1387 getUses(vd).setInt(true);
1388 }
1389
flushDiagnostics()1390 void flushDiagnostics() {
1391 for (const auto &P : uses) {
1392 const VarDecl *vd = P.first;
1393 const MappedType &V = P.second;
1394
1395 UsesVec *vec = V.getPointer();
1396 bool hasSelfInit = V.getInt();
1397
1398 // Specially handle the case where we have uses of an uninitialized
1399 // variable, but the root cause is an idiomatic self-init. We want
1400 // to report the diagnostic at the self-init since that is the root cause.
1401 if (!vec->empty() && hasSelfInit && hasAlwaysUninitializedUse(vec))
1402 DiagnoseUninitializedUse(S, vd,
1403 UninitUse(vd->getInit()->IgnoreParenCasts(),
1404 /* isAlwaysUninit */ true),
1405 /* alwaysReportSelfInit */ true);
1406 else {
1407 // Sort the uses by their SourceLocations. While not strictly
1408 // guaranteed to produce them in line/column order, this will provide
1409 // a stable ordering.
1410 std::sort(vec->begin(), vec->end(),
1411 [](const UninitUse &a, const UninitUse &b) {
1412 // Prefer a more confident report over a less confident one.
1413 if (a.getKind() != b.getKind())
1414 return a.getKind() > b.getKind();
1415 return a.getUser()->getLocStart() < b.getUser()->getLocStart();
1416 });
1417
1418 for (const auto &U : *vec) {
1419 // If we have self-init, downgrade all uses to 'may be uninitialized'.
1420 UninitUse Use = hasSelfInit ? UninitUse(U.getUser(), false) : U;
1421
1422 if (DiagnoseUninitializedUse(S, vd, Use))
1423 // Skip further diagnostics for this variable. We try to warn only
1424 // on the first point at which a variable is used uninitialized.
1425 break;
1426 }
1427 }
1428
1429 // Release the uses vector.
1430 delete vec;
1431 }
1432
1433 uses.clear();
1434 }
1435
1436 private:
hasAlwaysUninitializedUse(const UsesVec * vec)1437 static bool hasAlwaysUninitializedUse(const UsesVec* vec) {
1438 return std::any_of(vec->begin(), vec->end(), [](const UninitUse &U) {
1439 return U.getKind() == UninitUse::Always ||
1440 U.getKind() == UninitUse::AfterCall ||
1441 U.getKind() == UninitUse::AfterDecl;
1442 });
1443 }
1444 };
1445 } // anonymous namespace
1446
1447 namespace clang {
1448 namespace {
1449 typedef SmallVector<PartialDiagnosticAt, 1> OptionalNotes;
1450 typedef std::pair<PartialDiagnosticAt, OptionalNotes> DelayedDiag;
1451 typedef std::list<DelayedDiag> DiagList;
1452
1453 struct SortDiagBySourceLocation {
1454 SourceManager &SM;
SortDiagBySourceLocationclang::__anon75d552dd0d11::SortDiagBySourceLocation1455 SortDiagBySourceLocation(SourceManager &SM) : SM(SM) {}
1456
operator ()clang::__anon75d552dd0d11::SortDiagBySourceLocation1457 bool operator()(const DelayedDiag &left, const DelayedDiag &right) {
1458 // Although this call will be slow, this is only called when outputting
1459 // multiple warnings.
1460 return SM.isBeforeInTranslationUnit(left.first.first, right.first.first);
1461 }
1462 };
1463 } // anonymous namespace
1464 } // namespace clang
1465
1466 //===----------------------------------------------------------------------===//
1467 // -Wthread-safety
1468 //===----------------------------------------------------------------------===//
1469 namespace clang {
1470 namespace threadSafety {
1471 namespace {
1472 class ThreadSafetyReporter : public clang::threadSafety::ThreadSafetyHandler {
1473 Sema &S;
1474 DiagList Warnings;
1475 SourceLocation FunLocation, FunEndLocation;
1476
1477 const FunctionDecl *CurrentFunction;
1478 bool Verbose;
1479
getNotes() const1480 OptionalNotes getNotes() const {
1481 if (Verbose && CurrentFunction) {
1482 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(),
1483 S.PDiag(diag::note_thread_warning_in_fun)
1484 << CurrentFunction->getNameAsString());
1485 return OptionalNotes(1, FNote);
1486 }
1487 return OptionalNotes();
1488 }
1489
getNotes(const PartialDiagnosticAt & Note) const1490 OptionalNotes getNotes(const PartialDiagnosticAt &Note) const {
1491 OptionalNotes ONS(1, Note);
1492 if (Verbose && CurrentFunction) {
1493 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(),
1494 S.PDiag(diag::note_thread_warning_in_fun)
1495 << CurrentFunction->getNameAsString());
1496 ONS.push_back(std::move(FNote));
1497 }
1498 return ONS;
1499 }
1500
getNotes(const PartialDiagnosticAt & Note1,const PartialDiagnosticAt & Note2) const1501 OptionalNotes getNotes(const PartialDiagnosticAt &Note1,
1502 const PartialDiagnosticAt &Note2) const {
1503 OptionalNotes ONS;
1504 ONS.push_back(Note1);
1505 ONS.push_back(Note2);
1506 if (Verbose && CurrentFunction) {
1507 PartialDiagnosticAt FNote(CurrentFunction->getBody()->getLocStart(),
1508 S.PDiag(diag::note_thread_warning_in_fun)
1509 << CurrentFunction->getNameAsString());
1510 ONS.push_back(std::move(FNote));
1511 }
1512 return ONS;
1513 }
1514
1515 // Helper functions
warnLockMismatch(unsigned DiagID,StringRef Kind,Name LockName,SourceLocation Loc)1516 void warnLockMismatch(unsigned DiagID, StringRef Kind, Name LockName,
1517 SourceLocation Loc) {
1518 // Gracefully handle rare cases when the analysis can't get a more
1519 // precise source location.
1520 if (!Loc.isValid())
1521 Loc = FunLocation;
1522 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind << LockName);
1523 Warnings.emplace_back(std::move(Warning), getNotes());
1524 }
1525
1526 public:
ThreadSafetyReporter(Sema & S,SourceLocation FL,SourceLocation FEL)1527 ThreadSafetyReporter(Sema &S, SourceLocation FL, SourceLocation FEL)
1528 : S(S), FunLocation(FL), FunEndLocation(FEL),
1529 CurrentFunction(nullptr), Verbose(false) {}
1530
setVerbose(bool b)1531 void setVerbose(bool b) { Verbose = b; }
1532
1533 /// \brief Emit all buffered diagnostics in order of sourcelocation.
1534 /// We need to output diagnostics produced while iterating through
1535 /// the lockset in deterministic order, so this function orders diagnostics
1536 /// and outputs them.
emitDiagnostics()1537 void emitDiagnostics() {
1538 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager()));
1539 for (const auto &Diag : Warnings) {
1540 S.Diag(Diag.first.first, Diag.first.second);
1541 for (const auto &Note : Diag.second)
1542 S.Diag(Note.first, Note.second);
1543 }
1544 }
1545
handleInvalidLockExp(StringRef Kind,SourceLocation Loc)1546 void handleInvalidLockExp(StringRef Kind, SourceLocation Loc) override {
1547 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_cannot_resolve_lock)
1548 << Loc);
1549 Warnings.emplace_back(std::move(Warning), getNotes());
1550 }
1551
handleUnmatchedUnlock(StringRef Kind,Name LockName,SourceLocation Loc)1552 void handleUnmatchedUnlock(StringRef Kind, Name LockName,
1553 SourceLocation Loc) override {
1554 warnLockMismatch(diag::warn_unlock_but_no_lock, Kind, LockName, Loc);
1555 }
1556
handleIncorrectUnlockKind(StringRef Kind,Name LockName,LockKind Expected,LockKind Received,SourceLocation Loc)1557 void handleIncorrectUnlockKind(StringRef Kind, Name LockName,
1558 LockKind Expected, LockKind Received,
1559 SourceLocation Loc) override {
1560 if (Loc.isInvalid())
1561 Loc = FunLocation;
1562 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_unlock_kind_mismatch)
1563 << Kind << LockName << Received
1564 << Expected);
1565 Warnings.emplace_back(std::move(Warning), getNotes());
1566 }
1567
handleDoubleLock(StringRef Kind,Name LockName,SourceLocation Loc)1568 void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc) override {
1569 warnLockMismatch(diag::warn_double_lock, Kind, LockName, Loc);
1570 }
1571
handleMutexHeldEndOfScope(StringRef Kind,Name LockName,SourceLocation LocLocked,SourceLocation LocEndOfScope,LockErrorKind LEK)1572 void handleMutexHeldEndOfScope(StringRef Kind, Name LockName,
1573 SourceLocation LocLocked,
1574 SourceLocation LocEndOfScope,
1575 LockErrorKind LEK) override {
1576 unsigned DiagID = 0;
1577 switch (LEK) {
1578 case LEK_LockedSomePredecessors:
1579 DiagID = diag::warn_lock_some_predecessors;
1580 break;
1581 case LEK_LockedSomeLoopIterations:
1582 DiagID = diag::warn_expecting_lock_held_on_loop;
1583 break;
1584 case LEK_LockedAtEndOfFunction:
1585 DiagID = diag::warn_no_unlock;
1586 break;
1587 case LEK_NotLockedAtEndOfFunction:
1588 DiagID = diag::warn_expecting_locked;
1589 break;
1590 }
1591 if (LocEndOfScope.isInvalid())
1592 LocEndOfScope = FunEndLocation;
1593
1594 PartialDiagnosticAt Warning(LocEndOfScope, S.PDiag(DiagID) << Kind
1595 << LockName);
1596 if (LocLocked.isValid()) {
1597 PartialDiagnosticAt Note(LocLocked, S.PDiag(diag::note_locked_here)
1598 << Kind);
1599 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1600 return;
1601 }
1602 Warnings.emplace_back(std::move(Warning), getNotes());
1603 }
1604
handleExclusiveAndShared(StringRef Kind,Name LockName,SourceLocation Loc1,SourceLocation Loc2)1605 void handleExclusiveAndShared(StringRef Kind, Name LockName,
1606 SourceLocation Loc1,
1607 SourceLocation Loc2) override {
1608 PartialDiagnosticAt Warning(Loc1,
1609 S.PDiag(diag::warn_lock_exclusive_and_shared)
1610 << Kind << LockName);
1611 PartialDiagnosticAt Note(Loc2, S.PDiag(diag::note_lock_exclusive_and_shared)
1612 << Kind << LockName);
1613 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1614 }
1615
handleNoMutexHeld(StringRef Kind,const NamedDecl * D,ProtectedOperationKind POK,AccessKind AK,SourceLocation Loc)1616 void handleNoMutexHeld(StringRef Kind, const NamedDecl *D,
1617 ProtectedOperationKind POK, AccessKind AK,
1618 SourceLocation Loc) override {
1619 assert((POK == POK_VarAccess || POK == POK_VarDereference) &&
1620 "Only works for variables");
1621 unsigned DiagID = POK == POK_VarAccess?
1622 diag::warn_variable_requires_any_lock:
1623 diag::warn_var_deref_requires_any_lock;
1624 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID)
1625 << D->getNameAsString() << getLockKindFromAccessKind(AK));
1626 Warnings.emplace_back(std::move(Warning), getNotes());
1627 }
1628
handleMutexNotHeld(StringRef Kind,const NamedDecl * D,ProtectedOperationKind POK,Name LockName,LockKind LK,SourceLocation Loc,Name * PossibleMatch)1629 void handleMutexNotHeld(StringRef Kind, const NamedDecl *D,
1630 ProtectedOperationKind POK, Name LockName,
1631 LockKind LK, SourceLocation Loc,
1632 Name *PossibleMatch) override {
1633 unsigned DiagID = 0;
1634 if (PossibleMatch) {
1635 switch (POK) {
1636 case POK_VarAccess:
1637 DiagID = diag::warn_variable_requires_lock_precise;
1638 break;
1639 case POK_VarDereference:
1640 DiagID = diag::warn_var_deref_requires_lock_precise;
1641 break;
1642 case POK_FunctionCall:
1643 DiagID = diag::warn_fun_requires_lock_precise;
1644 break;
1645 case POK_PassByRef:
1646 DiagID = diag::warn_guarded_pass_by_reference;
1647 break;
1648 case POK_PtPassByRef:
1649 DiagID = diag::warn_pt_guarded_pass_by_reference;
1650 break;
1651 }
1652 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind
1653 << D->getNameAsString()
1654 << LockName << LK);
1655 PartialDiagnosticAt Note(Loc, S.PDiag(diag::note_found_mutex_near_match)
1656 << *PossibleMatch);
1657 if (Verbose && POK == POK_VarAccess) {
1658 PartialDiagnosticAt VNote(D->getLocation(),
1659 S.PDiag(diag::note_guarded_by_declared_here)
1660 << D->getNameAsString());
1661 Warnings.emplace_back(std::move(Warning), getNotes(Note, VNote));
1662 } else
1663 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1664 } else {
1665 switch (POK) {
1666 case POK_VarAccess:
1667 DiagID = diag::warn_variable_requires_lock;
1668 break;
1669 case POK_VarDereference:
1670 DiagID = diag::warn_var_deref_requires_lock;
1671 break;
1672 case POK_FunctionCall:
1673 DiagID = diag::warn_fun_requires_lock;
1674 break;
1675 case POK_PassByRef:
1676 DiagID = diag::warn_guarded_pass_by_reference;
1677 break;
1678 case POK_PtPassByRef:
1679 DiagID = diag::warn_pt_guarded_pass_by_reference;
1680 break;
1681 }
1682 PartialDiagnosticAt Warning(Loc, S.PDiag(DiagID) << Kind
1683 << D->getNameAsString()
1684 << LockName << LK);
1685 if (Verbose && POK == POK_VarAccess) {
1686 PartialDiagnosticAt Note(D->getLocation(),
1687 S.PDiag(diag::note_guarded_by_declared_here)
1688 << D->getNameAsString());
1689 Warnings.emplace_back(std::move(Warning), getNotes(Note));
1690 } else
1691 Warnings.emplace_back(std::move(Warning), getNotes());
1692 }
1693 }
1694
handleNegativeNotHeld(StringRef Kind,Name LockName,Name Neg,SourceLocation Loc)1695 void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg,
1696 SourceLocation Loc) override {
1697 PartialDiagnosticAt Warning(Loc,
1698 S.PDiag(diag::warn_acquire_requires_negative_cap)
1699 << Kind << LockName << Neg);
1700 Warnings.emplace_back(std::move(Warning), getNotes());
1701 }
1702
handleFunExcludesLock(StringRef Kind,Name FunName,Name LockName,SourceLocation Loc)1703 void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName,
1704 SourceLocation Loc) override {
1705 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_fun_excludes_mutex)
1706 << Kind << FunName << LockName);
1707 Warnings.emplace_back(std::move(Warning), getNotes());
1708 }
1709
handleLockAcquiredBefore(StringRef Kind,Name L1Name,Name L2Name,SourceLocation Loc)1710 void handleLockAcquiredBefore(StringRef Kind, Name L1Name, Name L2Name,
1711 SourceLocation Loc) override {
1712 PartialDiagnosticAt Warning(Loc,
1713 S.PDiag(diag::warn_acquired_before) << Kind << L1Name << L2Name);
1714 Warnings.emplace_back(std::move(Warning), getNotes());
1715 }
1716
handleBeforeAfterCycle(Name L1Name,SourceLocation Loc)1717 void handleBeforeAfterCycle(Name L1Name, SourceLocation Loc) override {
1718 PartialDiagnosticAt Warning(Loc,
1719 S.PDiag(diag::warn_acquired_before_after_cycle) << L1Name);
1720 Warnings.emplace_back(std::move(Warning), getNotes());
1721 }
1722
enterFunction(const FunctionDecl * FD)1723 void enterFunction(const FunctionDecl* FD) override {
1724 CurrentFunction = FD;
1725 }
1726
leaveFunction(const FunctionDecl * FD)1727 void leaveFunction(const FunctionDecl* FD) override {
1728 CurrentFunction = nullptr;
1729 }
1730 };
1731 } // anonymous namespace
1732 } // namespace threadSafety
1733 } // namespace clang
1734
1735 //===----------------------------------------------------------------------===//
1736 // -Wconsumed
1737 //===----------------------------------------------------------------------===//
1738
1739 namespace clang {
1740 namespace consumed {
1741 namespace {
1742 class ConsumedWarningsHandler : public ConsumedWarningsHandlerBase {
1743
1744 Sema &S;
1745 DiagList Warnings;
1746
1747 public:
1748
ConsumedWarningsHandler(Sema & S)1749 ConsumedWarningsHandler(Sema &S) : S(S) {}
1750
emitDiagnostics()1751 void emitDiagnostics() override {
1752 Warnings.sort(SortDiagBySourceLocation(S.getSourceManager()));
1753 for (const auto &Diag : Warnings) {
1754 S.Diag(Diag.first.first, Diag.first.second);
1755 for (const auto &Note : Diag.second)
1756 S.Diag(Note.first, Note.second);
1757 }
1758 }
1759
warnLoopStateMismatch(SourceLocation Loc,StringRef VariableName)1760 void warnLoopStateMismatch(SourceLocation Loc,
1761 StringRef VariableName) override {
1762 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_loop_state_mismatch) <<
1763 VariableName);
1764
1765 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1766 }
1767
warnParamReturnTypestateMismatch(SourceLocation Loc,StringRef VariableName,StringRef ExpectedState,StringRef ObservedState)1768 void warnParamReturnTypestateMismatch(SourceLocation Loc,
1769 StringRef VariableName,
1770 StringRef ExpectedState,
1771 StringRef ObservedState) override {
1772
1773 PartialDiagnosticAt Warning(Loc, S.PDiag(
1774 diag::warn_param_return_typestate_mismatch) << VariableName <<
1775 ExpectedState << ObservedState);
1776
1777 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1778 }
1779
warnParamTypestateMismatch(SourceLocation Loc,StringRef ExpectedState,StringRef ObservedState)1780 void warnParamTypestateMismatch(SourceLocation Loc, StringRef ExpectedState,
1781 StringRef ObservedState) override {
1782
1783 PartialDiagnosticAt Warning(Loc, S.PDiag(
1784 diag::warn_param_typestate_mismatch) << ExpectedState << ObservedState);
1785
1786 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1787 }
1788
warnReturnTypestateForUnconsumableType(SourceLocation Loc,StringRef TypeName)1789 void warnReturnTypestateForUnconsumableType(SourceLocation Loc,
1790 StringRef TypeName) override {
1791 PartialDiagnosticAt Warning(Loc, S.PDiag(
1792 diag::warn_return_typestate_for_unconsumable_type) << TypeName);
1793
1794 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1795 }
1796
warnReturnTypestateMismatch(SourceLocation Loc,StringRef ExpectedState,StringRef ObservedState)1797 void warnReturnTypestateMismatch(SourceLocation Loc, StringRef ExpectedState,
1798 StringRef ObservedState) override {
1799
1800 PartialDiagnosticAt Warning(Loc, S.PDiag(
1801 diag::warn_return_typestate_mismatch) << ExpectedState << ObservedState);
1802
1803 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1804 }
1805
warnUseOfTempInInvalidState(StringRef MethodName,StringRef State,SourceLocation Loc)1806 void warnUseOfTempInInvalidState(StringRef MethodName, StringRef State,
1807 SourceLocation Loc) override {
1808
1809 PartialDiagnosticAt Warning(Loc, S.PDiag(
1810 diag::warn_use_of_temp_in_invalid_state) << MethodName << State);
1811
1812 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1813 }
1814
warnUseInInvalidState(StringRef MethodName,StringRef VariableName,StringRef State,SourceLocation Loc)1815 void warnUseInInvalidState(StringRef MethodName, StringRef VariableName,
1816 StringRef State, SourceLocation Loc) override {
1817
1818 PartialDiagnosticAt Warning(Loc, S.PDiag(diag::warn_use_in_invalid_state) <<
1819 MethodName << VariableName << State);
1820
1821 Warnings.emplace_back(std::move(Warning), OptionalNotes());
1822 }
1823 };
1824 } // anonymous namespace
1825 } // namespace consumed
1826 } // namespace clang
1827
1828 //===----------------------------------------------------------------------===//
1829 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based
1830 // warnings on a function, method, or block.
1831 //===----------------------------------------------------------------------===//
1832
Policy()1833 clang::sema::AnalysisBasedWarnings::Policy::Policy() {
1834 enableCheckFallThrough = 1;
1835 enableCheckUnreachable = 0;
1836 enableThreadSafetyAnalysis = 0;
1837 enableConsumedAnalysis = 0;
1838 }
1839
isEnabled(DiagnosticsEngine & D,unsigned diag)1840 static unsigned isEnabled(DiagnosticsEngine &D, unsigned diag) {
1841 return (unsigned)!D.isIgnored(diag, SourceLocation());
1842 }
1843
AnalysisBasedWarnings(Sema & s)1844 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s)
1845 : S(s),
1846 NumFunctionsAnalyzed(0),
1847 NumFunctionsWithBadCFGs(0),
1848 NumCFGBlocks(0),
1849 MaxCFGBlocksPerFunction(0),
1850 NumUninitAnalysisFunctions(0),
1851 NumUninitAnalysisVariables(0),
1852 MaxUninitAnalysisVariablesPerFunction(0),
1853 NumUninitAnalysisBlockVisits(0),
1854 MaxUninitAnalysisBlockVisitsPerFunction(0) {
1855
1856 using namespace diag;
1857 DiagnosticsEngine &D = S.getDiagnostics();
1858
1859 DefaultPolicy.enableCheckUnreachable =
1860 isEnabled(D, warn_unreachable) ||
1861 isEnabled(D, warn_unreachable_break) ||
1862 isEnabled(D, warn_unreachable_return) ||
1863 isEnabled(D, warn_unreachable_loop_increment);
1864
1865 DefaultPolicy.enableThreadSafetyAnalysis =
1866 isEnabled(D, warn_double_lock);
1867
1868 DefaultPolicy.enableConsumedAnalysis =
1869 isEnabled(D, warn_use_in_invalid_state);
1870 }
1871
flushDiagnostics(Sema & S,const sema::FunctionScopeInfo * fscope)1872 static void flushDiagnostics(Sema &S, const sema::FunctionScopeInfo *fscope) {
1873 for (const auto &D : fscope->PossiblyUnreachableDiags)
1874 S.Diag(D.Loc, D.PD);
1875 }
1876
1877 void clang::sema::
IssueWarnings(sema::AnalysisBasedWarnings::Policy P,sema::FunctionScopeInfo * fscope,const Decl * D,const BlockExpr * blkExpr)1878 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
1879 sema::FunctionScopeInfo *fscope,
1880 const Decl *D, const BlockExpr *blkExpr) {
1881
1882 // We avoid doing analysis-based warnings when there are errors for
1883 // two reasons:
1884 // (1) The CFGs often can't be constructed (if the body is invalid), so
1885 // don't bother trying.
1886 // (2) The code already has problems; running the analysis just takes more
1887 // time.
1888 DiagnosticsEngine &Diags = S.getDiagnostics();
1889
1890 // Do not do any analysis for declarations in system headers if we are
1891 // going to just ignore them.
1892 if (Diags.getSuppressSystemWarnings() &&
1893 S.SourceMgr.isInSystemHeader(D->getLocation()))
1894 return;
1895
1896 // For code in dependent contexts, we'll do this at instantiation time.
1897 if (cast<DeclContext>(D)->isDependentContext())
1898 return;
1899
1900 if (Diags.hasUncompilableErrorOccurred()) {
1901 // Flush out any possibly unreachable diagnostics.
1902 flushDiagnostics(S, fscope);
1903 return;
1904 }
1905
1906 const Stmt *Body = D->getBody();
1907 assert(Body);
1908
1909 // Construct the analysis context with the specified CFG build options.
1910 AnalysisDeclContext AC(/* AnalysisDeclContextManager */ nullptr, D);
1911
1912 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2
1913 // explosion for destructors that can result and the compile time hit.
1914 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true;
1915 AC.getCFGBuildOptions().AddEHEdges = false;
1916 AC.getCFGBuildOptions().AddInitializers = true;
1917 AC.getCFGBuildOptions().AddImplicitDtors = true;
1918 AC.getCFGBuildOptions().AddTemporaryDtors = true;
1919 AC.getCFGBuildOptions().AddCXXNewAllocator = false;
1920 AC.getCFGBuildOptions().AddCXXDefaultInitExprInCtors = true;
1921
1922 // Force that certain expressions appear as CFGElements in the CFG. This
1923 // is used to speed up various analyses.
1924 // FIXME: This isn't the right factoring. This is here for initial
1925 // prototyping, but we need a way for analyses to say what expressions they
1926 // expect to always be CFGElements and then fill in the BuildOptions
1927 // appropriately. This is essentially a layering violation.
1928 if (P.enableCheckUnreachable || P.enableThreadSafetyAnalysis ||
1929 P.enableConsumedAnalysis) {
1930 // Unreachable code analysis and thread safety require a linearized CFG.
1931 AC.getCFGBuildOptions().setAllAlwaysAdd();
1932 }
1933 else {
1934 AC.getCFGBuildOptions()
1935 .setAlwaysAdd(Stmt::BinaryOperatorClass)
1936 .setAlwaysAdd(Stmt::CompoundAssignOperatorClass)
1937 .setAlwaysAdd(Stmt::BlockExprClass)
1938 .setAlwaysAdd(Stmt::CStyleCastExprClass)
1939 .setAlwaysAdd(Stmt::DeclRefExprClass)
1940 .setAlwaysAdd(Stmt::ImplicitCastExprClass)
1941 .setAlwaysAdd(Stmt::UnaryOperatorClass)
1942 .setAlwaysAdd(Stmt::AttributedStmtClass);
1943 }
1944
1945 // Install the logical handler for -Wtautological-overlap-compare
1946 std::unique_ptr<LogicalErrorHandler> LEH;
1947 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison,
1948 D->getLocStart())) {
1949 LEH.reset(new LogicalErrorHandler(S));
1950 AC.getCFGBuildOptions().Observer = LEH.get();
1951 }
1952
1953 // Emit delayed diagnostics.
1954 if (!fscope->PossiblyUnreachableDiags.empty()) {
1955 bool analyzed = false;
1956
1957 // Register the expressions with the CFGBuilder.
1958 for (const auto &D : fscope->PossiblyUnreachableDiags) {
1959 if (D.stmt)
1960 AC.registerForcedBlockExpression(D.stmt);
1961 }
1962
1963 if (AC.getCFG()) {
1964 analyzed = true;
1965 for (const auto &D : fscope->PossiblyUnreachableDiags) {
1966 bool processed = false;
1967 if (D.stmt) {
1968 const CFGBlock *block = AC.getBlockForRegisteredExpression(D.stmt);
1969 CFGReverseBlockReachabilityAnalysis *cra =
1970 AC.getCFGReachablityAnalysis();
1971 // FIXME: We should be able to assert that block is non-null, but
1972 // the CFG analysis can skip potentially-evaluated expressions in
1973 // edge cases; see test/Sema/vla-2.c.
1974 if (block && cra) {
1975 // Can this block be reached from the entrance?
1976 if (cra->isReachable(&AC.getCFG()->getEntry(), block))
1977 S.Diag(D.Loc, D.PD);
1978 processed = true;
1979 }
1980 }
1981 if (!processed) {
1982 // Emit the warning anyway if we cannot map to a basic block.
1983 S.Diag(D.Loc, D.PD);
1984 }
1985 }
1986 }
1987
1988 if (!analyzed)
1989 flushDiagnostics(S, fscope);
1990 }
1991
1992 // Warning: check missing 'return'
1993 if (P.enableCheckFallThrough) {
1994 const CheckFallThroughDiagnostics &CD =
1995 (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock()
1996 : (isa<CXXMethodDecl>(D) &&
1997 cast<CXXMethodDecl>(D)->getOverloadedOperator() == OO_Call &&
1998 cast<CXXMethodDecl>(D)->getParent()->isLambda())
1999 ? CheckFallThroughDiagnostics::MakeForLambda()
2000 : CheckFallThroughDiagnostics::MakeForFunction(D));
2001 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC);
2002 }
2003
2004 // Warning: check for unreachable code
2005 if (P.enableCheckUnreachable) {
2006 // Only check for unreachable code on non-template instantiations.
2007 // Different template instantiations can effectively change the control-flow
2008 // and it is very difficult to prove that a snippet of code in a template
2009 // is unreachable for all instantiations.
2010 bool isTemplateInstantiation = false;
2011 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(D))
2012 isTemplateInstantiation = Function->isTemplateInstantiation();
2013 if (!isTemplateInstantiation)
2014 CheckUnreachable(S, AC);
2015 }
2016
2017 // Check for thread safety violations
2018 if (P.enableThreadSafetyAnalysis) {
2019 SourceLocation FL = AC.getDecl()->getLocation();
2020 SourceLocation FEL = AC.getDecl()->getLocEnd();
2021 threadSafety::ThreadSafetyReporter Reporter(S, FL, FEL);
2022 if (!Diags.isIgnored(diag::warn_thread_safety_beta, D->getLocStart()))
2023 Reporter.setIssueBetaWarnings(true);
2024 if (!Diags.isIgnored(diag::warn_thread_safety_verbose, D->getLocStart()))
2025 Reporter.setVerbose(true);
2026
2027 threadSafety::runThreadSafetyAnalysis(AC, Reporter,
2028 &S.ThreadSafetyDeclCache);
2029 Reporter.emitDiagnostics();
2030 }
2031
2032 // Check for violations of consumed properties.
2033 if (P.enableConsumedAnalysis) {
2034 consumed::ConsumedWarningsHandler WarningHandler(S);
2035 consumed::ConsumedAnalyzer Analyzer(WarningHandler);
2036 Analyzer.run(AC);
2037 }
2038
2039 if (!Diags.isIgnored(diag::warn_uninit_var, D->getLocStart()) ||
2040 !Diags.isIgnored(diag::warn_sometimes_uninit_var, D->getLocStart()) ||
2041 !Diags.isIgnored(diag::warn_maybe_uninit_var, D->getLocStart())) {
2042 if (CFG *cfg = AC.getCFG()) {
2043 UninitValsDiagReporter reporter(S);
2044 UninitVariablesAnalysisStats stats;
2045 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats));
2046 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC,
2047 reporter, stats);
2048
2049 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) {
2050 ++NumUninitAnalysisFunctions;
2051 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed;
2052 NumUninitAnalysisBlockVisits += stats.NumBlockVisits;
2053 MaxUninitAnalysisVariablesPerFunction =
2054 std::max(MaxUninitAnalysisVariablesPerFunction,
2055 stats.NumVariablesAnalyzed);
2056 MaxUninitAnalysisBlockVisitsPerFunction =
2057 std::max(MaxUninitAnalysisBlockVisitsPerFunction,
2058 stats.NumBlockVisits);
2059 }
2060 }
2061 }
2062
2063 bool FallThroughDiagFull =
2064 !Diags.isIgnored(diag::warn_unannotated_fallthrough, D->getLocStart());
2065 bool FallThroughDiagPerFunction = !Diags.isIgnored(
2066 diag::warn_unannotated_fallthrough_per_function, D->getLocStart());
2067 if (FallThroughDiagFull || FallThroughDiagPerFunction ||
2068 fscope->HasFallthroughStmt) {
2069 DiagnoseSwitchLabelsFallthrough(S, AC, !FallThroughDiagFull);
2070 }
2071
2072 if (S.getLangOpts().ObjCWeak &&
2073 !Diags.isIgnored(diag::warn_arc_repeated_use_of_weak, D->getLocStart()))
2074 diagnoseRepeatedUseOfWeak(S, fscope, D, AC.getParentMap());
2075
2076
2077 // Check for infinite self-recursion in functions
2078 if (!Diags.isIgnored(diag::warn_infinite_recursive_function,
2079 D->getLocStart())) {
2080 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
2081 checkRecursiveFunction(S, FD, Body, AC);
2082 }
2083 }
2084
2085 // If none of the previous checks caused a CFG build, trigger one here
2086 // for -Wtautological-overlap-compare
2087 if (!Diags.isIgnored(diag::warn_tautological_overlap_comparison,
2088 D->getLocStart())) {
2089 AC.getCFG();
2090 }
2091
2092 // Collect statistics about the CFG if it was built.
2093 if (S.CollectStats && AC.isCFGBuilt()) {
2094 ++NumFunctionsAnalyzed;
2095 if (CFG *cfg = AC.getCFG()) {
2096 // If we successfully built a CFG for this context, record some more
2097 // detail information about it.
2098 NumCFGBlocks += cfg->getNumBlockIDs();
2099 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction,
2100 cfg->getNumBlockIDs());
2101 } else {
2102 ++NumFunctionsWithBadCFGs;
2103 }
2104 }
2105 }
2106
PrintStats() const2107 void clang::sema::AnalysisBasedWarnings::PrintStats() const {
2108 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n";
2109
2110 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs;
2111 unsigned AvgCFGBlocksPerFunction =
2112 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt;
2113 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed ("
2114 << NumFunctionsWithBadCFGs << " w/o CFGs).\n"
2115 << " " << NumCFGBlocks << " CFG blocks built.\n"
2116 << " " << AvgCFGBlocksPerFunction
2117 << " average CFG blocks per function.\n"
2118 << " " << MaxCFGBlocksPerFunction
2119 << " max CFG blocks per function.\n";
2120
2121 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0
2122 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions;
2123 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0
2124 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions;
2125 llvm::errs() << NumUninitAnalysisFunctions
2126 << " functions analyzed for uninitialiazed variables\n"
2127 << " " << NumUninitAnalysisVariables << " variables analyzed.\n"
2128 << " " << AvgUninitVariablesPerFunction
2129 << " average variables per function.\n"
2130 << " " << MaxUninitAnalysisVariablesPerFunction
2131 << " max variables per function.\n"
2132 << " " << NumUninitAnalysisBlockVisits << " block visits.\n"
2133 << " " << AvgUninitBlockVisitsPerFunction
2134 << " average block visits per function.\n"
2135 << " " << MaxUninitAnalysisBlockVisitsPerFunction
2136 << " max block visits per function.\n";
2137 }
2138