1 //===- Consumed.cpp --------------------------------------------*- C++ --*-===//
2 //
3 //                     The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // A intra-procedural analysis for checking consumed properties.  This is based,
11 // in part, on research on linear types.
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "clang/AST/ASTContext.h"
16 #include "clang/AST/Attr.h"
17 #include "clang/AST/DeclCXX.h"
18 #include "clang/AST/ExprCXX.h"
19 #include "clang/AST/RecursiveASTVisitor.h"
20 #include "clang/AST/StmtCXX.h"
21 #include "clang/AST/StmtVisitor.h"
22 #include "clang/AST/Type.h"
23 #include "clang/Analysis/Analyses/Consumed.h"
24 #include "clang/Analysis/Analyses/PostOrderCFGView.h"
25 #include "clang/Analysis/AnalysisContext.h"
26 #include "clang/Analysis/CFG.h"
27 #include "clang/Basic/OperatorKinds.h"
28 #include "clang/Basic/SourceLocation.h"
29 #include "llvm/ADT/DenseMap.h"
30 #include "llvm/ADT/SmallVector.h"
31 #include "llvm/Support/Compiler.h"
32 #include "llvm/Support/raw_ostream.h"
33 #include <memory>
34 
35 // TODO: Adjust states of args to constructors in the same way that arguments to
36 //       function calls are handled.
37 // TODO: Use information from tests in for- and while-loop conditional.
38 // TODO: Add notes about the actual and expected state for
39 // TODO: Correctly identify unreachable blocks when chaining boolean operators.
40 // TODO: Adjust the parser and AttributesList class to support lists of
41 //       identifiers.
42 // TODO: Warn about unreachable code.
43 // TODO: Switch to using a bitmap to track unreachable blocks.
44 // TODO: Handle variable definitions, e.g. bool valid = x.isValid();
45 //       if (valid) ...; (Deferred)
46 // TODO: Take notes on state transitions to provide better warning messages.
47 //       (Deferred)
48 // TODO: Test nested conditionals: A) Checking the same value multiple times,
49 //       and 2) Checking different values. (Deferred)
50 
51 using namespace clang;
52 using namespace consumed;
53 
54 // Key method definition
~ConsumedWarningsHandlerBase()55 ConsumedWarningsHandlerBase::~ConsumedWarningsHandlerBase() {}
56 
getFirstStmtLoc(const CFGBlock * Block)57 static SourceLocation getFirstStmtLoc(const CFGBlock *Block) {
58   // Find the source location of the first statement in the block, if the block
59   // is not empty.
60   for (const auto &B : *Block)
61     if (Optional<CFGStmt> CS = B.getAs<CFGStmt>())
62       return CS->getStmt()->getLocStart();
63 
64   // Block is empty.
65   // If we have one successor, return the first statement in that block
66   if (Block->succ_size() == 1 && *Block->succ_begin())
67     return getFirstStmtLoc(*Block->succ_begin());
68 
69   return SourceLocation();
70 }
71 
getLastStmtLoc(const CFGBlock * Block)72 static SourceLocation getLastStmtLoc(const CFGBlock *Block) {
73   // Find the source location of the last statement in the block, if the block
74   // is not empty.
75   if (const Stmt *StmtNode = Block->getTerminator()) {
76     return StmtNode->getLocStart();
77   } else {
78     for (CFGBlock::const_reverse_iterator BI = Block->rbegin(),
79          BE = Block->rend(); BI != BE; ++BI) {
80       if (Optional<CFGStmt> CS = BI->getAs<CFGStmt>())
81         return CS->getStmt()->getLocStart();
82     }
83   }
84 
85   // If we have one successor, return the first statement in that block
86   SourceLocation Loc;
87   if (Block->succ_size() == 1 && *Block->succ_begin())
88     Loc = getFirstStmtLoc(*Block->succ_begin());
89   if (Loc.isValid())
90     return Loc;
91 
92   // If we have one predecessor, return the last statement in that block
93   if (Block->pred_size() == 1 && *Block->pred_begin())
94     return getLastStmtLoc(*Block->pred_begin());
95 
96   return Loc;
97 }
98 
invertConsumedUnconsumed(ConsumedState State)99 static ConsumedState invertConsumedUnconsumed(ConsumedState State) {
100   switch (State) {
101   case CS_Unconsumed:
102     return CS_Consumed;
103   case CS_Consumed:
104     return CS_Unconsumed;
105   case CS_None:
106     return CS_None;
107   case CS_Unknown:
108     return CS_Unknown;
109   }
110   llvm_unreachable("invalid enum");
111 }
112 
isCallableInState(const CallableWhenAttr * CWAttr,ConsumedState State)113 static bool isCallableInState(const CallableWhenAttr *CWAttr,
114                               ConsumedState State) {
115 
116   for (const auto &S : CWAttr->callableStates()) {
117     ConsumedState MappedAttrState = CS_None;
118 
119     switch (S) {
120     case CallableWhenAttr::Unknown:
121       MappedAttrState = CS_Unknown;
122       break;
123 
124     case CallableWhenAttr::Unconsumed:
125       MappedAttrState = CS_Unconsumed;
126       break;
127 
128     case CallableWhenAttr::Consumed:
129       MappedAttrState = CS_Consumed;
130       break;
131     }
132 
133     if (MappedAttrState == State)
134       return true;
135   }
136 
137   return false;
138 }
139 
140 
isConsumableType(const QualType & QT)141 static bool isConsumableType(const QualType &QT) {
142   if (QT->isPointerType() || QT->isReferenceType())
143     return false;
144 
145   if (const CXXRecordDecl *RD = QT->getAsCXXRecordDecl())
146     return RD->hasAttr<ConsumableAttr>();
147 
148   return false;
149 }
150 
isAutoCastType(const QualType & QT)151 static bool isAutoCastType(const QualType &QT) {
152   if (QT->isPointerType() || QT->isReferenceType())
153     return false;
154 
155   if (const CXXRecordDecl *RD = QT->getAsCXXRecordDecl())
156     return RD->hasAttr<ConsumableAutoCastAttr>();
157 
158   return false;
159 }
160 
isSetOnReadPtrType(const QualType & QT)161 static bool isSetOnReadPtrType(const QualType &QT) {
162   if (const CXXRecordDecl *RD = QT->getPointeeCXXRecordDecl())
163     return RD->hasAttr<ConsumableSetOnReadAttr>();
164   return false;
165 }
166 
167 
isKnownState(ConsumedState State)168 static bool isKnownState(ConsumedState State) {
169   switch (State) {
170   case CS_Unconsumed:
171   case CS_Consumed:
172     return true;
173   case CS_None:
174   case CS_Unknown:
175     return false;
176   }
177   llvm_unreachable("invalid enum");
178 }
179 
isRValueRef(QualType ParamType)180 static bool isRValueRef(QualType ParamType) {
181   return ParamType->isRValueReferenceType();
182 }
183 
isTestingFunction(const FunctionDecl * FunDecl)184 static bool isTestingFunction(const FunctionDecl *FunDecl) {
185   return FunDecl->hasAttr<TestTypestateAttr>();
186 }
187 
isPointerOrRef(QualType ParamType)188 static bool isPointerOrRef(QualType ParamType) {
189   return ParamType->isPointerType() || ParamType->isReferenceType();
190 }
191 
mapConsumableAttrState(const QualType QT)192 static ConsumedState mapConsumableAttrState(const QualType QT) {
193   assert(isConsumableType(QT));
194 
195   const ConsumableAttr *CAttr =
196       QT->getAsCXXRecordDecl()->getAttr<ConsumableAttr>();
197 
198   switch (CAttr->getDefaultState()) {
199   case ConsumableAttr::Unknown:
200     return CS_Unknown;
201   case ConsumableAttr::Unconsumed:
202     return CS_Unconsumed;
203   case ConsumableAttr::Consumed:
204     return CS_Consumed;
205   }
206   llvm_unreachable("invalid enum");
207 }
208 
209 static ConsumedState
mapParamTypestateAttrState(const ParamTypestateAttr * PTAttr)210 mapParamTypestateAttrState(const ParamTypestateAttr *PTAttr) {
211   switch (PTAttr->getParamState()) {
212   case ParamTypestateAttr::Unknown:
213     return CS_Unknown;
214   case ParamTypestateAttr::Unconsumed:
215     return CS_Unconsumed;
216   case ParamTypestateAttr::Consumed:
217     return CS_Consumed;
218   }
219   llvm_unreachable("invalid_enum");
220 }
221 
222 static ConsumedState
mapReturnTypestateAttrState(const ReturnTypestateAttr * RTSAttr)223 mapReturnTypestateAttrState(const ReturnTypestateAttr *RTSAttr) {
224   switch (RTSAttr->getState()) {
225   case ReturnTypestateAttr::Unknown:
226     return CS_Unknown;
227   case ReturnTypestateAttr::Unconsumed:
228     return CS_Unconsumed;
229   case ReturnTypestateAttr::Consumed:
230     return CS_Consumed;
231   }
232   llvm_unreachable("invalid enum");
233 }
234 
mapSetTypestateAttrState(const SetTypestateAttr * STAttr)235 static ConsumedState mapSetTypestateAttrState(const SetTypestateAttr *STAttr) {
236   switch (STAttr->getNewState()) {
237   case SetTypestateAttr::Unknown:
238     return CS_Unknown;
239   case SetTypestateAttr::Unconsumed:
240     return CS_Unconsumed;
241   case SetTypestateAttr::Consumed:
242     return CS_Consumed;
243   }
244   llvm_unreachable("invalid_enum");
245 }
246 
stateToString(ConsumedState State)247 static StringRef stateToString(ConsumedState State) {
248   switch (State) {
249   case consumed::CS_None:
250     return "none";
251 
252   case consumed::CS_Unknown:
253     return "unknown";
254 
255   case consumed::CS_Unconsumed:
256     return "unconsumed";
257 
258   case consumed::CS_Consumed:
259     return "consumed";
260   }
261   llvm_unreachable("invalid enum");
262 }
263 
testsFor(const FunctionDecl * FunDecl)264 static ConsumedState testsFor(const FunctionDecl *FunDecl) {
265   assert(isTestingFunction(FunDecl));
266   switch (FunDecl->getAttr<TestTypestateAttr>()->getTestState()) {
267   case TestTypestateAttr::Unconsumed:
268     return CS_Unconsumed;
269   case TestTypestateAttr::Consumed:
270     return CS_Consumed;
271   }
272   llvm_unreachable("invalid enum");
273 }
274 
275 namespace {
276 struct VarTestResult {
277   const VarDecl *Var;
278   ConsumedState TestsFor;
279 };
280 } // end anonymous::VarTestResult
281 
282 namespace clang {
283 namespace consumed {
284 
285 enum EffectiveOp {
286   EO_And,
287   EO_Or
288 };
289 
290 class PropagationInfo {
291   enum {
292     IT_None,
293     IT_State,
294     IT_VarTest,
295     IT_BinTest,
296     IT_Var,
297     IT_Tmp
298   } InfoType;
299 
300   struct BinTestTy {
301     const BinaryOperator *Source;
302     EffectiveOp EOp;
303     VarTestResult LTest;
304     VarTestResult RTest;
305   };
306 
307   union {
308     ConsumedState State;
309     VarTestResult VarTest;
310     const VarDecl *Var;
311     const CXXBindTemporaryExpr *Tmp;
312     BinTestTy BinTest;
313   };
314 
315 public:
PropagationInfo()316   PropagationInfo() : InfoType(IT_None) {}
317 
PropagationInfo(const VarTestResult & VarTest)318   PropagationInfo(const VarTestResult &VarTest)
319     : InfoType(IT_VarTest), VarTest(VarTest) {}
320 
PropagationInfo(const VarDecl * Var,ConsumedState TestsFor)321   PropagationInfo(const VarDecl *Var, ConsumedState TestsFor)
322     : InfoType(IT_VarTest) {
323 
324     VarTest.Var      = Var;
325     VarTest.TestsFor = TestsFor;
326   }
327 
PropagationInfo(const BinaryOperator * Source,EffectiveOp EOp,const VarTestResult & LTest,const VarTestResult & RTest)328   PropagationInfo(const BinaryOperator *Source, EffectiveOp EOp,
329                   const VarTestResult &LTest, const VarTestResult &RTest)
330     : InfoType(IT_BinTest) {
331 
332     BinTest.Source  = Source;
333     BinTest.EOp     = EOp;
334     BinTest.LTest   = LTest;
335     BinTest.RTest   = RTest;
336   }
337 
PropagationInfo(const BinaryOperator * Source,EffectiveOp EOp,const VarDecl * LVar,ConsumedState LTestsFor,const VarDecl * RVar,ConsumedState RTestsFor)338   PropagationInfo(const BinaryOperator *Source, EffectiveOp EOp,
339                   const VarDecl *LVar, ConsumedState LTestsFor,
340                   const VarDecl *RVar, ConsumedState RTestsFor)
341     : InfoType(IT_BinTest) {
342 
343     BinTest.Source         = Source;
344     BinTest.EOp            = EOp;
345     BinTest.LTest.Var      = LVar;
346     BinTest.LTest.TestsFor = LTestsFor;
347     BinTest.RTest.Var      = RVar;
348     BinTest.RTest.TestsFor = RTestsFor;
349   }
350 
PropagationInfo(ConsumedState State)351   PropagationInfo(ConsumedState State)
352     : InfoType(IT_State), State(State) {}
353 
PropagationInfo(const VarDecl * Var)354   PropagationInfo(const VarDecl *Var) : InfoType(IT_Var), Var(Var) {}
PropagationInfo(const CXXBindTemporaryExpr * Tmp)355   PropagationInfo(const CXXBindTemporaryExpr *Tmp)
356     : InfoType(IT_Tmp), Tmp(Tmp) {}
357 
getState() const358   const ConsumedState & getState() const {
359     assert(InfoType == IT_State);
360     return State;
361   }
362 
getVarTest() const363   const VarTestResult & getVarTest() const {
364     assert(InfoType == IT_VarTest);
365     return VarTest;
366   }
367 
getLTest() const368   const VarTestResult & getLTest() const {
369     assert(InfoType == IT_BinTest);
370     return BinTest.LTest;
371   }
372 
getRTest() const373   const VarTestResult & getRTest() const {
374     assert(InfoType == IT_BinTest);
375     return BinTest.RTest;
376   }
377 
getVar() const378   const VarDecl * getVar() const {
379     assert(InfoType == IT_Var);
380     return Var;
381   }
382 
getTmp() const383   const CXXBindTemporaryExpr * getTmp() const {
384     assert(InfoType == IT_Tmp);
385     return Tmp;
386   }
387 
getAsState(const ConsumedStateMap * StateMap) const388   ConsumedState getAsState(const ConsumedStateMap *StateMap) const {
389     assert(isVar() || isTmp() || isState());
390 
391     if (isVar())
392       return StateMap->getState(Var);
393     else if (isTmp())
394       return StateMap->getState(Tmp);
395     else if (isState())
396       return State;
397     else
398       return CS_None;
399   }
400 
testEffectiveOp() const401   EffectiveOp testEffectiveOp() const {
402     assert(InfoType == IT_BinTest);
403     return BinTest.EOp;
404   }
405 
testSourceNode() const406   const BinaryOperator * testSourceNode() const {
407     assert(InfoType == IT_BinTest);
408     return BinTest.Source;
409   }
410 
isValid() const411   inline bool isValid()   const { return InfoType != IT_None;    }
isState() const412   inline bool isState()   const { return InfoType == IT_State;   }
isVarTest() const413   inline bool isVarTest() const { return InfoType == IT_VarTest; }
isBinTest() const414   inline bool isBinTest() const { return InfoType == IT_BinTest; }
isVar() const415   inline bool isVar()     const { return InfoType == IT_Var;     }
isTmp() const416   inline bool isTmp()     const { return InfoType == IT_Tmp;     }
417 
isTest() const418   bool isTest() const {
419     return InfoType == IT_VarTest || InfoType == IT_BinTest;
420   }
421 
isPointerToValue() const422   bool isPointerToValue() const {
423     return InfoType == IT_Var || InfoType == IT_Tmp;
424   }
425 
invertTest() const426   PropagationInfo invertTest() const {
427     assert(InfoType == IT_VarTest || InfoType == IT_BinTest);
428 
429     if (InfoType == IT_VarTest) {
430       return PropagationInfo(VarTest.Var,
431                              invertConsumedUnconsumed(VarTest.TestsFor));
432 
433     } else if (InfoType == IT_BinTest) {
434       return PropagationInfo(BinTest.Source,
435         BinTest.EOp == EO_And ? EO_Or : EO_And,
436         BinTest.LTest.Var, invertConsumedUnconsumed(BinTest.LTest.TestsFor),
437         BinTest.RTest.Var, invertConsumedUnconsumed(BinTest.RTest.TestsFor));
438     } else {
439       return PropagationInfo();
440     }
441   }
442 };
443 
444 static inline void
setStateForVarOrTmp(ConsumedStateMap * StateMap,const PropagationInfo & PInfo,ConsumedState State)445 setStateForVarOrTmp(ConsumedStateMap *StateMap, const PropagationInfo &PInfo,
446                     ConsumedState State) {
447 
448   assert(PInfo.isVar() || PInfo.isTmp());
449 
450   if (PInfo.isVar())
451     StateMap->setState(PInfo.getVar(), State);
452   else
453     StateMap->setState(PInfo.getTmp(), State);
454 }
455 
456 class ConsumedStmtVisitor : public ConstStmtVisitor<ConsumedStmtVisitor> {
457 
458   typedef llvm::DenseMap<const Stmt *, PropagationInfo> MapType;
459   typedef std::pair<const Stmt *, PropagationInfo> PairType;
460   typedef MapType::iterator InfoEntry;
461   typedef MapType::const_iterator ConstInfoEntry;
462 
463   AnalysisDeclContext &AC;
464   ConsumedAnalyzer &Analyzer;
465   ConsumedStateMap *StateMap;
466   MapType PropagationMap;
467 
findInfo(const Expr * E)468   InfoEntry findInfo(const Expr *E) {
469     if (auto Cleanups = dyn_cast<ExprWithCleanups>(E))
470       if (!Cleanups->cleanupsHaveSideEffects())
471         E = Cleanups->getSubExpr();
472     return PropagationMap.find(E->IgnoreParens());
473   }
findInfo(const Expr * E) const474   ConstInfoEntry findInfo(const Expr *E) const {
475     if (auto Cleanups = dyn_cast<ExprWithCleanups>(E))
476       if (!Cleanups->cleanupsHaveSideEffects())
477         E = Cleanups->getSubExpr();
478     return PropagationMap.find(E->IgnoreParens());
479   }
insertInfo(const Expr * E,const PropagationInfo & PI)480   void insertInfo(const Expr *E, const PropagationInfo &PI) {
481     PropagationMap.insert(PairType(E->IgnoreParens(), PI));
482   }
483 
484   void forwardInfo(const Expr *From, const Expr *To);
485   void copyInfo(const Expr *From, const Expr *To, ConsumedState CS);
486   ConsumedState getInfo(const Expr *From);
487   void setInfo(const Expr *To, ConsumedState NS);
488   void propagateReturnType(const Expr *Call, const FunctionDecl *Fun);
489 
490 public:
491   void checkCallability(const PropagationInfo &PInfo,
492                         const FunctionDecl *FunDecl,
493                         SourceLocation BlameLoc);
494   bool handleCall(const CallExpr *Call, const Expr *ObjArg,
495                   const FunctionDecl *FunD);
496 
497   void VisitBinaryOperator(const BinaryOperator *BinOp);
498   void VisitCallExpr(const CallExpr *Call);
499   void VisitCastExpr(const CastExpr *Cast);
500   void VisitCXXBindTemporaryExpr(const CXXBindTemporaryExpr *Temp);
501   void VisitCXXConstructExpr(const CXXConstructExpr *Call);
502   void VisitCXXMemberCallExpr(const CXXMemberCallExpr *Call);
503   void VisitCXXOperatorCallExpr(const CXXOperatorCallExpr *Call);
504   void VisitDeclRefExpr(const DeclRefExpr *DeclRef);
505   void VisitDeclStmt(const DeclStmt *DelcS);
506   void VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr *Temp);
507   void VisitMemberExpr(const MemberExpr *MExpr);
508   void VisitParmVarDecl(const ParmVarDecl *Param);
509   void VisitReturnStmt(const ReturnStmt *Ret);
510   void VisitUnaryOperator(const UnaryOperator *UOp);
511   void VisitVarDecl(const VarDecl *Var);
512 
ConsumedStmtVisitor(AnalysisDeclContext & AC,ConsumedAnalyzer & Analyzer,ConsumedStateMap * StateMap)513   ConsumedStmtVisitor(AnalysisDeclContext &AC, ConsumedAnalyzer &Analyzer,
514                       ConsumedStateMap *StateMap)
515       : AC(AC), Analyzer(Analyzer), StateMap(StateMap) {}
516 
getInfo(const Expr * StmtNode) const517   PropagationInfo getInfo(const Expr *StmtNode) const {
518     ConstInfoEntry Entry = findInfo(StmtNode);
519 
520     if (Entry != PropagationMap.end())
521       return Entry->second;
522     else
523       return PropagationInfo();
524   }
525 
reset(ConsumedStateMap * NewStateMap)526   void reset(ConsumedStateMap *NewStateMap) {
527     StateMap = NewStateMap;
528   }
529 };
530 
531 
forwardInfo(const Expr * From,const Expr * To)532 void ConsumedStmtVisitor::forwardInfo(const Expr *From, const Expr *To) {
533   InfoEntry Entry = findInfo(From);
534   if (Entry != PropagationMap.end())
535     insertInfo(To, Entry->second);
536 }
537 
538 
539 // Create a new state for To, which is initialized to the state of From.
540 // If NS is not CS_None, sets the state of From to NS.
copyInfo(const Expr * From,const Expr * To,ConsumedState NS)541 void ConsumedStmtVisitor::copyInfo(const Expr *From, const Expr *To,
542                                    ConsumedState NS) {
543   InfoEntry Entry = findInfo(From);
544   if (Entry != PropagationMap.end()) {
545     PropagationInfo& PInfo = Entry->second;
546     ConsumedState CS = PInfo.getAsState(StateMap);
547     if (CS != CS_None)
548       insertInfo(To, PropagationInfo(CS));
549     if (NS != CS_None && PInfo.isPointerToValue())
550       setStateForVarOrTmp(StateMap, PInfo, NS);
551   }
552 }
553 
554 
555 // Get the ConsumedState for From
getInfo(const Expr * From)556 ConsumedState ConsumedStmtVisitor::getInfo(const Expr *From) {
557   InfoEntry Entry = findInfo(From);
558   if (Entry != PropagationMap.end()) {
559     PropagationInfo& PInfo = Entry->second;
560     return PInfo.getAsState(StateMap);
561   }
562   return CS_None;
563 }
564 
565 
566 // If we already have info for To then update it, otherwise create a new entry.
setInfo(const Expr * To,ConsumedState NS)567 void ConsumedStmtVisitor::setInfo(const Expr *To, ConsumedState NS) {
568   InfoEntry Entry = findInfo(To);
569   if (Entry != PropagationMap.end()) {
570     PropagationInfo& PInfo = Entry->second;
571     if (PInfo.isPointerToValue())
572       setStateForVarOrTmp(StateMap, PInfo, NS);
573   } else if (NS != CS_None) {
574      insertInfo(To, PropagationInfo(NS));
575   }
576 }
577 
578 
579 
checkCallability(const PropagationInfo & PInfo,const FunctionDecl * FunDecl,SourceLocation BlameLoc)580 void ConsumedStmtVisitor::checkCallability(const PropagationInfo &PInfo,
581                                            const FunctionDecl *FunDecl,
582                                            SourceLocation BlameLoc) {
583   assert(!PInfo.isTest());
584 
585   const CallableWhenAttr *CWAttr = FunDecl->getAttr<CallableWhenAttr>();
586   if (!CWAttr)
587     return;
588 
589   if (PInfo.isVar()) {
590     ConsumedState VarState = StateMap->getState(PInfo.getVar());
591 
592     if (VarState == CS_None || isCallableInState(CWAttr, VarState))
593       return;
594 
595     Analyzer.WarningsHandler.warnUseInInvalidState(
596       FunDecl->getNameAsString(), PInfo.getVar()->getNameAsString(),
597       stateToString(VarState), BlameLoc);
598 
599   } else {
600     ConsumedState TmpState = PInfo.getAsState(StateMap);
601 
602     if (TmpState == CS_None || isCallableInState(CWAttr, TmpState))
603       return;
604 
605     Analyzer.WarningsHandler.warnUseOfTempInInvalidState(
606       FunDecl->getNameAsString(), stateToString(TmpState), BlameLoc);
607   }
608 }
609 
610 
611 // Factors out common behavior for function, method, and operator calls.
612 // Check parameters and set parameter state if necessary.
613 // Returns true if the state of ObjArg is set, or false otherwise.
handleCall(const CallExpr * Call,const Expr * ObjArg,const FunctionDecl * FunD)614 bool ConsumedStmtVisitor::handleCall(const CallExpr *Call, const Expr *ObjArg,
615                                      const FunctionDecl *FunD) {
616   unsigned Offset = 0;
617   if (isa<CXXOperatorCallExpr>(Call) && isa<CXXMethodDecl>(FunD))
618     Offset = 1;  // first argument is 'this'
619 
620   // check explicit parameters
621   for (unsigned Index = Offset; Index < Call->getNumArgs(); ++Index) {
622     // Skip variable argument lists.
623     if (Index - Offset >= FunD->getNumParams())
624       break;
625 
626     const ParmVarDecl *Param = FunD->getParamDecl(Index - Offset);
627     QualType ParamType = Param->getType();
628 
629     InfoEntry Entry = findInfo(Call->getArg(Index));
630 
631     if (Entry == PropagationMap.end() || Entry->second.isTest())
632       continue;
633     PropagationInfo PInfo = Entry->second;
634 
635     // Check that the parameter is in the correct state.
636     if (ParamTypestateAttr *PTA = Param->getAttr<ParamTypestateAttr>()) {
637       ConsumedState ParamState = PInfo.getAsState(StateMap);
638       ConsumedState ExpectedState = mapParamTypestateAttrState(PTA);
639 
640       if (ParamState != ExpectedState)
641         Analyzer.WarningsHandler.warnParamTypestateMismatch(
642           Call->getArg(Index)->getExprLoc(),
643           stateToString(ExpectedState), stateToString(ParamState));
644     }
645 
646     if (!(Entry->second.isVar() || Entry->second.isTmp()))
647       continue;
648 
649     // Adjust state on the caller side.
650     if (isRValueRef(ParamType))
651       setStateForVarOrTmp(StateMap, PInfo, consumed::CS_Consumed);
652     else if (ReturnTypestateAttr *RT = Param->getAttr<ReturnTypestateAttr>())
653       setStateForVarOrTmp(StateMap, PInfo, mapReturnTypestateAttrState(RT));
654     else if (isPointerOrRef(ParamType) &&
655              (!ParamType->getPointeeType().isConstQualified() ||
656               isSetOnReadPtrType(ParamType)))
657       setStateForVarOrTmp(StateMap, PInfo, consumed::CS_Unknown);
658   }
659 
660   if (!ObjArg)
661     return false;
662 
663   // check implicit 'self' parameter, if present
664   InfoEntry Entry = findInfo(ObjArg);
665   if (Entry != PropagationMap.end()) {
666     PropagationInfo PInfo = Entry->second;
667     checkCallability(PInfo, FunD, Call->getExprLoc());
668 
669     if (SetTypestateAttr *STA = FunD->getAttr<SetTypestateAttr>()) {
670       if (PInfo.isVar()) {
671         StateMap->setState(PInfo.getVar(), mapSetTypestateAttrState(STA));
672         return true;
673       }
674       else if (PInfo.isTmp()) {
675         StateMap->setState(PInfo.getTmp(), mapSetTypestateAttrState(STA));
676         return true;
677       }
678     }
679     else if (isTestingFunction(FunD) && PInfo.isVar()) {
680       PropagationMap.insert(PairType(Call,
681         PropagationInfo(PInfo.getVar(), testsFor(FunD))));
682     }
683   }
684   return false;
685 }
686 
687 
propagateReturnType(const Expr * Call,const FunctionDecl * Fun)688 void ConsumedStmtVisitor::propagateReturnType(const Expr *Call,
689                                               const FunctionDecl *Fun) {
690   QualType RetType = Fun->getCallResultType();
691   if (RetType->isReferenceType())
692     RetType = RetType->getPointeeType();
693 
694   if (isConsumableType(RetType)) {
695     ConsumedState ReturnState;
696     if (ReturnTypestateAttr *RTA = Fun->getAttr<ReturnTypestateAttr>())
697       ReturnState = mapReturnTypestateAttrState(RTA);
698     else
699       ReturnState = mapConsumableAttrState(RetType);
700 
701     PropagationMap.insert(PairType(Call, PropagationInfo(ReturnState)));
702   }
703 }
704 
705 
VisitBinaryOperator(const BinaryOperator * BinOp)706 void ConsumedStmtVisitor::VisitBinaryOperator(const BinaryOperator *BinOp) {
707   switch (BinOp->getOpcode()) {
708   case BO_LAnd:
709   case BO_LOr : {
710     InfoEntry LEntry = findInfo(BinOp->getLHS()),
711               REntry = findInfo(BinOp->getRHS());
712 
713     VarTestResult LTest, RTest;
714 
715     if (LEntry != PropagationMap.end() && LEntry->second.isVarTest()) {
716       LTest = LEntry->second.getVarTest();
717 
718     } else {
719       LTest.Var      = nullptr;
720       LTest.TestsFor = CS_None;
721     }
722 
723     if (REntry != PropagationMap.end() && REntry->second.isVarTest()) {
724       RTest = REntry->second.getVarTest();
725 
726     } else {
727       RTest.Var      = nullptr;
728       RTest.TestsFor = CS_None;
729     }
730 
731     if (!(LTest.Var == nullptr && RTest.Var == nullptr))
732       PropagationMap.insert(PairType(BinOp, PropagationInfo(BinOp,
733         static_cast<EffectiveOp>(BinOp->getOpcode() == BO_LOr), LTest, RTest)));
734 
735     break;
736   }
737 
738   case BO_PtrMemD:
739   case BO_PtrMemI:
740     forwardInfo(BinOp->getLHS(), BinOp);
741     break;
742 
743   default:
744     break;
745   }
746 }
747 
VisitCallExpr(const CallExpr * Call)748 void ConsumedStmtVisitor::VisitCallExpr(const CallExpr *Call) {
749   const FunctionDecl *FunDecl = Call->getDirectCallee();
750   if (!FunDecl)
751     return;
752 
753   // Special case for the std::move function.
754   // TODO: Make this more specific. (Deferred)
755   if (Call->getNumArgs() == 1 && FunDecl->getNameAsString() == "move" &&
756       FunDecl->isInStdNamespace()) {
757     copyInfo(Call->getArg(0), Call, CS_Consumed);
758     return;
759   }
760 
761   handleCall(Call, nullptr, FunDecl);
762   propagateReturnType(Call, FunDecl);
763 }
764 
VisitCastExpr(const CastExpr * Cast)765 void ConsumedStmtVisitor::VisitCastExpr(const CastExpr *Cast) {
766   forwardInfo(Cast->getSubExpr(), Cast);
767 }
768 
VisitCXXBindTemporaryExpr(const CXXBindTemporaryExpr * Temp)769 void ConsumedStmtVisitor::VisitCXXBindTemporaryExpr(
770   const CXXBindTemporaryExpr *Temp) {
771 
772   InfoEntry Entry = findInfo(Temp->getSubExpr());
773 
774   if (Entry != PropagationMap.end() && !Entry->second.isTest()) {
775     StateMap->setState(Temp, Entry->second.getAsState(StateMap));
776     PropagationMap.insert(PairType(Temp, PropagationInfo(Temp)));
777   }
778 }
779 
VisitCXXConstructExpr(const CXXConstructExpr * Call)780 void ConsumedStmtVisitor::VisitCXXConstructExpr(const CXXConstructExpr *Call) {
781   CXXConstructorDecl *Constructor = Call->getConstructor();
782 
783   ASTContext &CurrContext = AC.getASTContext();
784   QualType ThisType = Constructor->getThisType(CurrContext)->getPointeeType();
785 
786   if (!isConsumableType(ThisType))
787     return;
788 
789   // FIXME: What should happen if someone annotates the move constructor?
790   if (ReturnTypestateAttr *RTA = Constructor->getAttr<ReturnTypestateAttr>()) {
791     // TODO: Adjust state of args appropriately.
792     ConsumedState RetState = mapReturnTypestateAttrState(RTA);
793     PropagationMap.insert(PairType(Call, PropagationInfo(RetState)));
794   } else if (Constructor->isDefaultConstructor()) {
795     PropagationMap.insert(PairType(Call,
796       PropagationInfo(consumed::CS_Consumed)));
797   } else if (Constructor->isMoveConstructor()) {
798     copyInfo(Call->getArg(0), Call, CS_Consumed);
799   } else if (Constructor->isCopyConstructor()) {
800     // Copy state from arg.  If setStateOnRead then set arg to CS_Unknown.
801     ConsumedState NS =
802       isSetOnReadPtrType(Constructor->getThisType(CurrContext)) ?
803       CS_Unknown : CS_None;
804     copyInfo(Call->getArg(0), Call, NS);
805   } else {
806     // TODO: Adjust state of args appropriately.
807     ConsumedState RetState = mapConsumableAttrState(ThisType);
808     PropagationMap.insert(PairType(Call, PropagationInfo(RetState)));
809   }
810 }
811 
812 
VisitCXXMemberCallExpr(const CXXMemberCallExpr * Call)813 void ConsumedStmtVisitor::VisitCXXMemberCallExpr(
814     const CXXMemberCallExpr *Call) {
815   CXXMethodDecl* MD = Call->getMethodDecl();
816   if (!MD)
817     return;
818 
819   handleCall(Call, Call->getImplicitObjectArgument(), MD);
820   propagateReturnType(Call, MD);
821 }
822 
823 
VisitCXXOperatorCallExpr(const CXXOperatorCallExpr * Call)824 void ConsumedStmtVisitor::VisitCXXOperatorCallExpr(
825     const CXXOperatorCallExpr *Call) {
826 
827   const FunctionDecl *FunDecl =
828     dyn_cast_or_null<FunctionDecl>(Call->getDirectCallee());
829   if (!FunDecl) return;
830 
831   if (Call->getOperator() == OO_Equal) {
832     ConsumedState CS = getInfo(Call->getArg(1));
833     if (!handleCall(Call, Call->getArg(0), FunDecl))
834       setInfo(Call->getArg(0), CS);
835     return;
836   }
837 
838   if (const CXXMemberCallExpr *MCall = dyn_cast<CXXMemberCallExpr>(Call))
839     handleCall(MCall, MCall->getImplicitObjectArgument(), FunDecl);
840   else
841     handleCall(Call, Call->getArg(0), FunDecl);
842 
843   propagateReturnType(Call, FunDecl);
844 }
845 
VisitDeclRefExpr(const DeclRefExpr * DeclRef)846 void ConsumedStmtVisitor::VisitDeclRefExpr(const DeclRefExpr *DeclRef) {
847   if (const VarDecl *Var = dyn_cast_or_null<VarDecl>(DeclRef->getDecl()))
848     if (StateMap->getState(Var) != consumed::CS_None)
849       PropagationMap.insert(PairType(DeclRef, PropagationInfo(Var)));
850 }
851 
VisitDeclStmt(const DeclStmt * DeclS)852 void ConsumedStmtVisitor::VisitDeclStmt(const DeclStmt *DeclS) {
853   for (const auto *DI : DeclS->decls())
854     if (isa<VarDecl>(DI))
855       VisitVarDecl(cast<VarDecl>(DI));
856 
857   if (DeclS->isSingleDecl())
858     if (const VarDecl *Var = dyn_cast_or_null<VarDecl>(DeclS->getSingleDecl()))
859       PropagationMap.insert(PairType(DeclS, PropagationInfo(Var)));
860 }
861 
VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr * Temp)862 void ConsumedStmtVisitor::VisitMaterializeTemporaryExpr(
863   const MaterializeTemporaryExpr *Temp) {
864 
865   forwardInfo(Temp->GetTemporaryExpr(), Temp);
866 }
867 
VisitMemberExpr(const MemberExpr * MExpr)868 void ConsumedStmtVisitor::VisitMemberExpr(const MemberExpr *MExpr) {
869   forwardInfo(MExpr->getBase(), MExpr);
870 }
871 
872 
VisitParmVarDecl(const ParmVarDecl * Param)873 void ConsumedStmtVisitor::VisitParmVarDecl(const ParmVarDecl *Param) {
874   QualType ParamType = Param->getType();
875   ConsumedState ParamState = consumed::CS_None;
876 
877   if (const ParamTypestateAttr *PTA = Param->getAttr<ParamTypestateAttr>())
878     ParamState = mapParamTypestateAttrState(PTA);
879   else if (isConsumableType(ParamType))
880     ParamState = mapConsumableAttrState(ParamType);
881   else if (isRValueRef(ParamType) &&
882            isConsumableType(ParamType->getPointeeType()))
883     ParamState = mapConsumableAttrState(ParamType->getPointeeType());
884   else if (ParamType->isReferenceType() &&
885            isConsumableType(ParamType->getPointeeType()))
886     ParamState = consumed::CS_Unknown;
887 
888   if (ParamState != CS_None)
889     StateMap->setState(Param, ParamState);
890 }
891 
VisitReturnStmt(const ReturnStmt * Ret)892 void ConsumedStmtVisitor::VisitReturnStmt(const ReturnStmt *Ret) {
893   ConsumedState ExpectedState = Analyzer.getExpectedReturnState();
894 
895   if (ExpectedState != CS_None) {
896     InfoEntry Entry = findInfo(Ret->getRetValue());
897 
898     if (Entry != PropagationMap.end()) {
899       ConsumedState RetState = Entry->second.getAsState(StateMap);
900 
901       if (RetState != ExpectedState)
902         Analyzer.WarningsHandler.warnReturnTypestateMismatch(
903           Ret->getReturnLoc(), stateToString(ExpectedState),
904           stateToString(RetState));
905     }
906   }
907 
908   StateMap->checkParamsForReturnTypestate(Ret->getLocStart(),
909                                           Analyzer.WarningsHandler);
910 }
911 
VisitUnaryOperator(const UnaryOperator * UOp)912 void ConsumedStmtVisitor::VisitUnaryOperator(const UnaryOperator *UOp) {
913   InfoEntry Entry = findInfo(UOp->getSubExpr());
914   if (Entry == PropagationMap.end()) return;
915 
916   switch (UOp->getOpcode()) {
917   case UO_AddrOf:
918     PropagationMap.insert(PairType(UOp, Entry->second));
919     break;
920 
921   case UO_LNot:
922     if (Entry->second.isTest())
923       PropagationMap.insert(PairType(UOp, Entry->second.invertTest()));
924     break;
925 
926   default:
927     break;
928   }
929 }
930 
931 // TODO: See if I need to check for reference types here.
VisitVarDecl(const VarDecl * Var)932 void ConsumedStmtVisitor::VisitVarDecl(const VarDecl *Var) {
933   if (isConsumableType(Var->getType())) {
934     if (Var->hasInit()) {
935       MapType::iterator VIT = findInfo(Var->getInit()->IgnoreImplicit());
936       if (VIT != PropagationMap.end()) {
937         PropagationInfo PInfo = VIT->second;
938         ConsumedState St = PInfo.getAsState(StateMap);
939 
940         if (St != consumed::CS_None) {
941           StateMap->setState(Var, St);
942           return;
943         }
944       }
945     }
946     // Otherwise
947     StateMap->setState(Var, consumed::CS_Unknown);
948   }
949 }
950 }} // end clang::consumed::ConsumedStmtVisitor
951 
952 namespace clang {
953 namespace consumed {
954 
splitVarStateForIf(const IfStmt * IfNode,const VarTestResult & Test,ConsumedStateMap * ThenStates,ConsumedStateMap * ElseStates)955 static void splitVarStateForIf(const IfStmt *IfNode, const VarTestResult &Test,
956                                ConsumedStateMap *ThenStates,
957                                ConsumedStateMap *ElseStates) {
958   ConsumedState VarState = ThenStates->getState(Test.Var);
959 
960   if (VarState == CS_Unknown) {
961     ThenStates->setState(Test.Var, Test.TestsFor);
962     ElseStates->setState(Test.Var, invertConsumedUnconsumed(Test.TestsFor));
963 
964   } else if (VarState == invertConsumedUnconsumed(Test.TestsFor)) {
965     ThenStates->markUnreachable();
966 
967   } else if (VarState == Test.TestsFor) {
968     ElseStates->markUnreachable();
969   }
970 }
971 
splitVarStateForIfBinOp(const PropagationInfo & PInfo,ConsumedStateMap * ThenStates,ConsumedStateMap * ElseStates)972 static void splitVarStateForIfBinOp(const PropagationInfo &PInfo,
973                                     ConsumedStateMap *ThenStates,
974                                     ConsumedStateMap *ElseStates) {
975   const VarTestResult &LTest = PInfo.getLTest(),
976                       &RTest = PInfo.getRTest();
977 
978   ConsumedState LState = LTest.Var ? ThenStates->getState(LTest.Var) : CS_None,
979                 RState = RTest.Var ? ThenStates->getState(RTest.Var) : CS_None;
980 
981   if (LTest.Var) {
982     if (PInfo.testEffectiveOp() == EO_And) {
983       if (LState == CS_Unknown) {
984         ThenStates->setState(LTest.Var, LTest.TestsFor);
985 
986       } else if (LState == invertConsumedUnconsumed(LTest.TestsFor)) {
987         ThenStates->markUnreachable();
988 
989       } else if (LState == LTest.TestsFor && isKnownState(RState)) {
990         if (RState == RTest.TestsFor)
991           ElseStates->markUnreachable();
992         else
993           ThenStates->markUnreachable();
994       }
995 
996     } else {
997       if (LState == CS_Unknown) {
998         ElseStates->setState(LTest.Var,
999                              invertConsumedUnconsumed(LTest.TestsFor));
1000 
1001       } else if (LState == LTest.TestsFor) {
1002         ElseStates->markUnreachable();
1003 
1004       } else if (LState == invertConsumedUnconsumed(LTest.TestsFor) &&
1005                  isKnownState(RState)) {
1006 
1007         if (RState == RTest.TestsFor)
1008           ElseStates->markUnreachable();
1009         else
1010           ThenStates->markUnreachable();
1011       }
1012     }
1013   }
1014 
1015   if (RTest.Var) {
1016     if (PInfo.testEffectiveOp() == EO_And) {
1017       if (RState == CS_Unknown)
1018         ThenStates->setState(RTest.Var, RTest.TestsFor);
1019       else if (RState == invertConsumedUnconsumed(RTest.TestsFor))
1020         ThenStates->markUnreachable();
1021 
1022     } else {
1023       if (RState == CS_Unknown)
1024         ElseStates->setState(RTest.Var,
1025                              invertConsumedUnconsumed(RTest.TestsFor));
1026       else if (RState == RTest.TestsFor)
1027         ElseStates->markUnreachable();
1028     }
1029   }
1030 }
1031 
allBackEdgesVisited(const CFGBlock * CurrBlock,const CFGBlock * TargetBlock)1032 bool ConsumedBlockInfo::allBackEdgesVisited(const CFGBlock *CurrBlock,
1033                                             const CFGBlock *TargetBlock) {
1034 
1035   assert(CurrBlock && "Block pointer must not be NULL");
1036   assert(TargetBlock && "TargetBlock pointer must not be NULL");
1037 
1038   unsigned int CurrBlockOrder = VisitOrder[CurrBlock->getBlockID()];
1039   for (CFGBlock::const_pred_iterator PI = TargetBlock->pred_begin(),
1040        PE = TargetBlock->pred_end(); PI != PE; ++PI) {
1041     if (*PI && CurrBlockOrder < VisitOrder[(*PI)->getBlockID()] )
1042       return false;
1043   }
1044   return true;
1045 }
1046 
addInfo(const CFGBlock * Block,ConsumedStateMap * StateMap,std::unique_ptr<ConsumedStateMap> & OwnedStateMap)1047 void ConsumedBlockInfo::addInfo(
1048     const CFGBlock *Block, ConsumedStateMap *StateMap,
1049     std::unique_ptr<ConsumedStateMap> &OwnedStateMap) {
1050 
1051   assert(Block && "Block pointer must not be NULL");
1052 
1053   auto &Entry = StateMapsArray[Block->getBlockID()];
1054 
1055   if (Entry) {
1056     Entry->intersect(*StateMap);
1057   } else if (OwnedStateMap)
1058     Entry = std::move(OwnedStateMap);
1059   else
1060     Entry = llvm::make_unique<ConsumedStateMap>(*StateMap);
1061 }
1062 
addInfo(const CFGBlock * Block,std::unique_ptr<ConsumedStateMap> StateMap)1063 void ConsumedBlockInfo::addInfo(const CFGBlock *Block,
1064                                 std::unique_ptr<ConsumedStateMap> StateMap) {
1065 
1066   assert(Block && "Block pointer must not be NULL");
1067 
1068   auto &Entry = StateMapsArray[Block->getBlockID()];
1069 
1070   if (Entry) {
1071     Entry->intersect(*StateMap);
1072   } else {
1073     Entry = std::move(StateMap);
1074   }
1075 }
1076 
borrowInfo(const CFGBlock * Block)1077 ConsumedStateMap* ConsumedBlockInfo::borrowInfo(const CFGBlock *Block) {
1078   assert(Block && "Block pointer must not be NULL");
1079   assert(StateMapsArray[Block->getBlockID()] && "Block has no block info");
1080 
1081   return StateMapsArray[Block->getBlockID()].get();
1082 }
1083 
discardInfo(const CFGBlock * Block)1084 void ConsumedBlockInfo::discardInfo(const CFGBlock *Block) {
1085   StateMapsArray[Block->getBlockID()] = nullptr;
1086 }
1087 
1088 std::unique_ptr<ConsumedStateMap>
getInfo(const CFGBlock * Block)1089 ConsumedBlockInfo::getInfo(const CFGBlock *Block) {
1090   assert(Block && "Block pointer must not be NULL");
1091 
1092   auto &Entry = StateMapsArray[Block->getBlockID()];
1093   return isBackEdgeTarget(Block) ? llvm::make_unique<ConsumedStateMap>(*Entry)
1094                                  : std::move(Entry);
1095 }
1096 
isBackEdge(const CFGBlock * From,const CFGBlock * To)1097 bool ConsumedBlockInfo::isBackEdge(const CFGBlock *From, const CFGBlock *To) {
1098   assert(From && "From block must not be NULL");
1099   assert(To   && "From block must not be NULL");
1100 
1101   return VisitOrder[From->getBlockID()] > VisitOrder[To->getBlockID()];
1102 }
1103 
isBackEdgeTarget(const CFGBlock * Block)1104 bool ConsumedBlockInfo::isBackEdgeTarget(const CFGBlock *Block) {
1105   assert(Block && "Block pointer must not be NULL");
1106 
1107   // Anything with less than two predecessors can't be the target of a back
1108   // edge.
1109   if (Block->pred_size() < 2)
1110     return false;
1111 
1112   unsigned int BlockVisitOrder = VisitOrder[Block->getBlockID()];
1113   for (CFGBlock::const_pred_iterator PI = Block->pred_begin(),
1114        PE = Block->pred_end(); PI != PE; ++PI) {
1115     if (*PI && BlockVisitOrder < VisitOrder[(*PI)->getBlockID()])
1116       return true;
1117   }
1118   return false;
1119 }
1120 
checkParamsForReturnTypestate(SourceLocation BlameLoc,ConsumedWarningsHandlerBase & WarningsHandler) const1121 void ConsumedStateMap::checkParamsForReturnTypestate(SourceLocation BlameLoc,
1122   ConsumedWarningsHandlerBase &WarningsHandler) const {
1123 
1124   for (const auto &DM : VarMap) {
1125     if (isa<ParmVarDecl>(DM.first)) {
1126       const ParmVarDecl *Param = cast<ParmVarDecl>(DM.first);
1127       const ReturnTypestateAttr *RTA = Param->getAttr<ReturnTypestateAttr>();
1128 
1129       if (!RTA)
1130         continue;
1131 
1132       ConsumedState ExpectedState = mapReturnTypestateAttrState(RTA);
1133       if (DM.second != ExpectedState)
1134         WarningsHandler.warnParamReturnTypestateMismatch(BlameLoc,
1135           Param->getNameAsString(), stateToString(ExpectedState),
1136           stateToString(DM.second));
1137     }
1138   }
1139 }
1140 
clearTemporaries()1141 void ConsumedStateMap::clearTemporaries() {
1142   TmpMap.clear();
1143 }
1144 
getState(const VarDecl * Var) const1145 ConsumedState ConsumedStateMap::getState(const VarDecl *Var) const {
1146   VarMapType::const_iterator Entry = VarMap.find(Var);
1147 
1148   if (Entry != VarMap.end())
1149     return Entry->second;
1150 
1151   return CS_None;
1152 }
1153 
1154 ConsumedState
getState(const CXXBindTemporaryExpr * Tmp) const1155 ConsumedStateMap::getState(const CXXBindTemporaryExpr *Tmp) const {
1156   TmpMapType::const_iterator Entry = TmpMap.find(Tmp);
1157 
1158   if (Entry != TmpMap.end())
1159     return Entry->second;
1160 
1161   return CS_None;
1162 }
1163 
intersect(const ConsumedStateMap & Other)1164 void ConsumedStateMap::intersect(const ConsumedStateMap &Other) {
1165   ConsumedState LocalState;
1166 
1167   if (this->From && this->From == Other.From && !Other.Reachable) {
1168     this->markUnreachable();
1169     return;
1170   }
1171 
1172   for (const auto &DM : Other.VarMap) {
1173     LocalState = this->getState(DM.first);
1174 
1175     if (LocalState == CS_None)
1176       continue;
1177 
1178     if (LocalState != DM.second)
1179      VarMap[DM.first] = CS_Unknown;
1180   }
1181 }
1182 
intersectAtLoopHead(const CFGBlock * LoopHead,const CFGBlock * LoopBack,const ConsumedStateMap * LoopBackStates,ConsumedWarningsHandlerBase & WarningsHandler)1183 void ConsumedStateMap::intersectAtLoopHead(const CFGBlock *LoopHead,
1184   const CFGBlock *LoopBack, const ConsumedStateMap *LoopBackStates,
1185   ConsumedWarningsHandlerBase &WarningsHandler) {
1186 
1187   ConsumedState LocalState;
1188   SourceLocation BlameLoc = getLastStmtLoc(LoopBack);
1189 
1190   for (const auto &DM : LoopBackStates->VarMap) {
1191     LocalState = this->getState(DM.first);
1192 
1193     if (LocalState == CS_None)
1194       continue;
1195 
1196     if (LocalState != DM.second) {
1197       VarMap[DM.first] = CS_Unknown;
1198       WarningsHandler.warnLoopStateMismatch(BlameLoc,
1199                                             DM.first->getNameAsString());
1200     }
1201   }
1202 }
1203 
markUnreachable()1204 void ConsumedStateMap::markUnreachable() {
1205   this->Reachable = false;
1206   VarMap.clear();
1207   TmpMap.clear();
1208 }
1209 
setState(const VarDecl * Var,ConsumedState State)1210 void ConsumedStateMap::setState(const VarDecl *Var, ConsumedState State) {
1211   VarMap[Var] = State;
1212 }
1213 
setState(const CXXBindTemporaryExpr * Tmp,ConsumedState State)1214 void ConsumedStateMap::setState(const CXXBindTemporaryExpr *Tmp,
1215                                 ConsumedState State) {
1216   TmpMap[Tmp] = State;
1217 }
1218 
remove(const CXXBindTemporaryExpr * Tmp)1219 void ConsumedStateMap::remove(const CXXBindTemporaryExpr *Tmp) {
1220   TmpMap.erase(Tmp);
1221 }
1222 
operator !=(const ConsumedStateMap * Other) const1223 bool ConsumedStateMap::operator!=(const ConsumedStateMap *Other) const {
1224   for (const auto &DM : Other->VarMap)
1225     if (this->getState(DM.first) != DM.second)
1226       return true;
1227   return false;
1228 }
1229 
determineExpectedReturnState(AnalysisDeclContext & AC,const FunctionDecl * D)1230 void ConsumedAnalyzer::determineExpectedReturnState(AnalysisDeclContext &AC,
1231                                                     const FunctionDecl *D) {
1232   QualType ReturnType;
1233   if (const CXXConstructorDecl *Constructor = dyn_cast<CXXConstructorDecl>(D)) {
1234     ASTContext &CurrContext = AC.getASTContext();
1235     ReturnType = Constructor->getThisType(CurrContext)->getPointeeType();
1236   } else
1237     ReturnType = D->getCallResultType();
1238 
1239   if (const ReturnTypestateAttr *RTSAttr = D->getAttr<ReturnTypestateAttr>()) {
1240     const CXXRecordDecl *RD = ReturnType->getAsCXXRecordDecl();
1241     if (!RD || !RD->hasAttr<ConsumableAttr>()) {
1242       // FIXME: This should be removed when template instantiation propagates
1243       //        attributes at template specialization definition, not
1244       //        declaration. When it is removed the test needs to be enabled
1245       //        in SemaDeclAttr.cpp.
1246       WarningsHandler.warnReturnTypestateForUnconsumableType(
1247           RTSAttr->getLocation(), ReturnType.getAsString());
1248       ExpectedReturnState = CS_None;
1249     } else
1250       ExpectedReturnState = mapReturnTypestateAttrState(RTSAttr);
1251   } else if (isConsumableType(ReturnType)) {
1252     if (isAutoCastType(ReturnType))   // We can auto-cast the state to the
1253       ExpectedReturnState = CS_None;  // expected state.
1254     else
1255       ExpectedReturnState = mapConsumableAttrState(ReturnType);
1256   }
1257   else
1258     ExpectedReturnState = CS_None;
1259 }
1260 
splitState(const CFGBlock * CurrBlock,const ConsumedStmtVisitor & Visitor)1261 bool ConsumedAnalyzer::splitState(const CFGBlock *CurrBlock,
1262                                   const ConsumedStmtVisitor &Visitor) {
1263 
1264   std::unique_ptr<ConsumedStateMap> FalseStates(
1265       new ConsumedStateMap(*CurrStates));
1266   PropagationInfo PInfo;
1267 
1268   if (const IfStmt *IfNode =
1269     dyn_cast_or_null<IfStmt>(CurrBlock->getTerminator().getStmt())) {
1270 
1271     const Expr *Cond = IfNode->getCond();
1272 
1273     PInfo = Visitor.getInfo(Cond);
1274     if (!PInfo.isValid() && isa<BinaryOperator>(Cond))
1275       PInfo = Visitor.getInfo(cast<BinaryOperator>(Cond)->getRHS());
1276 
1277     if (PInfo.isVarTest()) {
1278       CurrStates->setSource(Cond);
1279       FalseStates->setSource(Cond);
1280       splitVarStateForIf(IfNode, PInfo.getVarTest(), CurrStates.get(),
1281                          FalseStates.get());
1282 
1283     } else if (PInfo.isBinTest()) {
1284       CurrStates->setSource(PInfo.testSourceNode());
1285       FalseStates->setSource(PInfo.testSourceNode());
1286       splitVarStateForIfBinOp(PInfo, CurrStates.get(), FalseStates.get());
1287 
1288     } else {
1289       return false;
1290     }
1291 
1292   } else if (const BinaryOperator *BinOp =
1293     dyn_cast_or_null<BinaryOperator>(CurrBlock->getTerminator().getStmt())) {
1294 
1295     PInfo = Visitor.getInfo(BinOp->getLHS());
1296     if (!PInfo.isVarTest()) {
1297       if ((BinOp = dyn_cast_or_null<BinaryOperator>(BinOp->getLHS()))) {
1298         PInfo = Visitor.getInfo(BinOp->getRHS());
1299 
1300         if (!PInfo.isVarTest())
1301           return false;
1302 
1303       } else {
1304         return false;
1305       }
1306     }
1307 
1308     CurrStates->setSource(BinOp);
1309     FalseStates->setSource(BinOp);
1310 
1311     const VarTestResult &Test = PInfo.getVarTest();
1312     ConsumedState VarState = CurrStates->getState(Test.Var);
1313 
1314     if (BinOp->getOpcode() == BO_LAnd) {
1315       if (VarState == CS_Unknown)
1316         CurrStates->setState(Test.Var, Test.TestsFor);
1317       else if (VarState == invertConsumedUnconsumed(Test.TestsFor))
1318         CurrStates->markUnreachable();
1319 
1320     } else if (BinOp->getOpcode() == BO_LOr) {
1321       if (VarState == CS_Unknown)
1322         FalseStates->setState(Test.Var,
1323                               invertConsumedUnconsumed(Test.TestsFor));
1324       else if (VarState == Test.TestsFor)
1325         FalseStates->markUnreachable();
1326     }
1327 
1328   } else {
1329     return false;
1330   }
1331 
1332   CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin();
1333 
1334   if (*SI)
1335     BlockInfo.addInfo(*SI, std::move(CurrStates));
1336   else
1337     CurrStates = nullptr;
1338 
1339   if (*++SI)
1340     BlockInfo.addInfo(*SI, std::move(FalseStates));
1341 
1342   return true;
1343 }
1344 
run(AnalysisDeclContext & AC)1345 void ConsumedAnalyzer::run(AnalysisDeclContext &AC) {
1346   const FunctionDecl *D = dyn_cast_or_null<FunctionDecl>(AC.getDecl());
1347   if (!D)
1348     return;
1349 
1350   CFG *CFGraph = AC.getCFG();
1351   if (!CFGraph)
1352     return;
1353 
1354   determineExpectedReturnState(AC, D);
1355 
1356   PostOrderCFGView *SortedGraph = AC.getAnalysis<PostOrderCFGView>();
1357   // AC.getCFG()->viewCFG(LangOptions());
1358 
1359   BlockInfo = ConsumedBlockInfo(CFGraph->getNumBlockIDs(), SortedGraph);
1360 
1361   CurrStates = llvm::make_unique<ConsumedStateMap>();
1362   ConsumedStmtVisitor Visitor(AC, *this, CurrStates.get());
1363 
1364   // Add all trackable parameters to the state map.
1365   for (const auto *PI : D->parameters())
1366     Visitor.VisitParmVarDecl(PI);
1367 
1368   // Visit all of the function's basic blocks.
1369   for (const auto *CurrBlock : *SortedGraph) {
1370     if (!CurrStates)
1371       CurrStates = BlockInfo.getInfo(CurrBlock);
1372 
1373     if (!CurrStates) {
1374       continue;
1375 
1376     } else if (!CurrStates->isReachable()) {
1377       CurrStates = nullptr;
1378       continue;
1379     }
1380 
1381     Visitor.reset(CurrStates.get());
1382 
1383     // Visit all of the basic block's statements.
1384     for (const auto &B : *CurrBlock) {
1385       switch (B.getKind()) {
1386       case CFGElement::Statement:
1387         Visitor.Visit(B.castAs<CFGStmt>().getStmt());
1388         break;
1389 
1390       case CFGElement::TemporaryDtor: {
1391         const CFGTemporaryDtor &DTor = B.castAs<CFGTemporaryDtor>();
1392         const CXXBindTemporaryExpr *BTE = DTor.getBindTemporaryExpr();
1393 
1394         Visitor.checkCallability(PropagationInfo(BTE),
1395                                  DTor.getDestructorDecl(AC.getASTContext()),
1396                                  BTE->getExprLoc());
1397         CurrStates->remove(BTE);
1398         break;
1399       }
1400 
1401       case CFGElement::AutomaticObjectDtor: {
1402         const CFGAutomaticObjDtor &DTor = B.castAs<CFGAutomaticObjDtor>();
1403         SourceLocation Loc = DTor.getTriggerStmt()->getLocEnd();
1404         const VarDecl *Var = DTor.getVarDecl();
1405 
1406         Visitor.checkCallability(PropagationInfo(Var),
1407                                  DTor.getDestructorDecl(AC.getASTContext()),
1408                                  Loc);
1409         break;
1410       }
1411 
1412       default:
1413         break;
1414       }
1415     }
1416 
1417     // TODO: Handle other forms of branching with precision, including while-
1418     //       and for-loops. (Deferred)
1419     if (!splitState(CurrBlock, Visitor)) {
1420       CurrStates->setSource(nullptr);
1421 
1422       if (CurrBlock->succ_size() > 1 ||
1423           (CurrBlock->succ_size() == 1 &&
1424            (*CurrBlock->succ_begin())->pred_size() > 1)) {
1425 
1426         auto *RawState = CurrStates.get();
1427 
1428         for (CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin(),
1429              SE = CurrBlock->succ_end(); SI != SE; ++SI) {
1430 
1431           if (*SI == nullptr) continue;
1432 
1433           if (BlockInfo.isBackEdge(CurrBlock, *SI)) {
1434             BlockInfo.borrowInfo(*SI)->intersectAtLoopHead(
1435                 *SI, CurrBlock, RawState, WarningsHandler);
1436 
1437             if (BlockInfo.allBackEdgesVisited(CurrBlock, *SI))
1438               BlockInfo.discardInfo(*SI);
1439           } else {
1440             BlockInfo.addInfo(*SI, RawState, CurrStates);
1441           }
1442         }
1443 
1444         CurrStates = nullptr;
1445       }
1446     }
1447 
1448     if (CurrBlock == &AC.getCFG()->getExit() &&
1449         D->getCallResultType()->isVoidType())
1450       CurrStates->checkParamsForReturnTypestate(D->getLocation(),
1451                                                 WarningsHandler);
1452   } // End of block iterator.
1453 
1454   // Delete the last existing state map.
1455   CurrStates = nullptr;
1456 
1457   WarningsHandler.emitDiagnostics();
1458 }
1459 }} // end namespace clang::consumed
1460