1 //===- IvarInvalidationChecker.cpp ------------------------------*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This checker implements annotation driven invalidation checking. If a class
11 // contains a method annotated with 'objc_instance_variable_invalidator',
12 // - (void) foo
13 // __attribute__((annotate("objc_instance_variable_invalidator")));
14 // all the "ivalidatable" instance variables of this class should be
15 // invalidated. We call an instance variable ivalidatable if it is an object of
16 // a class which contains an invalidation method. There could be multiple
17 // methods annotated with such annotations per class, either one can be used
18 // to invalidate the ivar. An ivar or property are considered to be
19 // invalidated if they are being assigned 'nil' or an invalidation method has
20 // been called on them. An invalidation method should either invalidate all
21 // the ivars or call another invalidation method (on self).
22 //
23 // Partial invalidor annotation allows to addess cases when ivars are
24 // invalidated by other methods, which might or might not be called from
25 // the invalidation method. The checker checks that each invalidation
26 // method and all the partial methods cumulatively invalidate all ivars.
27 // __attribute__((annotate("objc_instance_variable_invalidator_partial")));
28 //
29 //===----------------------------------------------------------------------===//
30
31 #include "ClangSACheckers.h"
32 #include "clang/AST/Attr.h"
33 #include "clang/AST/DeclObjC.h"
34 #include "clang/AST/StmtVisitor.h"
35 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
36 #include "clang/StaticAnalyzer/Core/Checker.h"
37 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
38 #include "llvm/ADT/DenseMap.h"
39 #include "llvm/ADT/SetVector.h"
40 #include "llvm/ADT/SmallString.h"
41
42 using namespace clang;
43 using namespace ento;
44
45 namespace {
46 struct ChecksFilter {
47 /// Check for missing invalidation method declarations.
48 DefaultBool check_MissingInvalidationMethod;
49 /// Check that all ivars are invalidated.
50 DefaultBool check_InstanceVariableInvalidation;
51
52 CheckName checkName_MissingInvalidationMethod;
53 CheckName checkName_InstanceVariableInvalidation;
54 };
55
56 class IvarInvalidationCheckerImpl {
57 typedef llvm::SmallSetVector<const ObjCMethodDecl*, 2> MethodSet;
58 typedef llvm::DenseMap<const ObjCMethodDecl*,
59 const ObjCIvarDecl*> MethToIvarMapTy;
60 typedef llvm::DenseMap<const ObjCPropertyDecl*,
61 const ObjCIvarDecl*> PropToIvarMapTy;
62 typedef llvm::DenseMap<const ObjCIvarDecl*,
63 const ObjCPropertyDecl*> IvarToPropMapTy;
64
65 struct InvalidationInfo {
66 /// Has the ivar been invalidated?
67 bool IsInvalidated;
68
69 /// The methods which can be used to invalidate the ivar.
70 MethodSet InvalidationMethods;
71
InvalidationInfo__anon197013990111::IvarInvalidationCheckerImpl::InvalidationInfo72 InvalidationInfo() : IsInvalidated(false) {}
addInvalidationMethod__anon197013990111::IvarInvalidationCheckerImpl::InvalidationInfo73 void addInvalidationMethod(const ObjCMethodDecl *MD) {
74 InvalidationMethods.insert(MD);
75 }
76
needsInvalidation__anon197013990111::IvarInvalidationCheckerImpl::InvalidationInfo77 bool needsInvalidation() const {
78 return !InvalidationMethods.empty();
79 }
80
hasMethod__anon197013990111::IvarInvalidationCheckerImpl::InvalidationInfo81 bool hasMethod(const ObjCMethodDecl *MD) {
82 if (IsInvalidated)
83 return true;
84 for (MethodSet::iterator I = InvalidationMethods.begin(),
85 E = InvalidationMethods.end(); I != E; ++I) {
86 if (*I == MD) {
87 IsInvalidated = true;
88 return true;
89 }
90 }
91 return false;
92 }
93 };
94
95 typedef llvm::DenseMap<const ObjCIvarDecl*, InvalidationInfo> IvarSet;
96
97 /// Statement visitor, which walks the method body and flags the ivars
98 /// referenced in it (either directly or via property).
99 class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
100 /// The set of Ivars which need to be invalidated.
101 IvarSet &IVars;
102
103 /// Flag is set as the result of a message send to another
104 /// invalidation method.
105 bool &CalledAnotherInvalidationMethod;
106
107 /// Property setter to ivar mapping.
108 const MethToIvarMapTy &PropertySetterToIvarMap;
109
110 /// Property getter to ivar mapping.
111 const MethToIvarMapTy &PropertyGetterToIvarMap;
112
113 /// Property to ivar mapping.
114 const PropToIvarMapTy &PropertyToIvarMap;
115
116 /// The invalidation method being currently processed.
117 const ObjCMethodDecl *InvalidationMethod;
118
119 ASTContext &Ctx;
120
121 /// Peel off parens, casts, OpaqueValueExpr, and PseudoObjectExpr.
122 const Expr *peel(const Expr *E) const;
123
124 /// Does this expression represent zero: '0'?
125 bool isZero(const Expr *E) const;
126
127 /// Mark the given ivar as invalidated.
128 void markInvalidated(const ObjCIvarDecl *Iv);
129
130 /// Checks if IvarRef refers to the tracked IVar, if yes, marks it as
131 /// invalidated.
132 void checkObjCIvarRefExpr(const ObjCIvarRefExpr *IvarRef);
133
134 /// Checks if ObjCPropertyRefExpr refers to the tracked IVar, if yes, marks
135 /// it as invalidated.
136 void checkObjCPropertyRefExpr(const ObjCPropertyRefExpr *PA);
137
138 /// Checks if ObjCMessageExpr refers to (is a getter for) the tracked IVar,
139 /// if yes, marks it as invalidated.
140 void checkObjCMessageExpr(const ObjCMessageExpr *ME);
141
142 /// Checks if the Expr refers to an ivar, if yes, marks it as invalidated.
143 void check(const Expr *E);
144
145 public:
MethodCrawler(IvarSet & InIVars,bool & InCalledAnotherInvalidationMethod,const MethToIvarMapTy & InPropertySetterToIvarMap,const MethToIvarMapTy & InPropertyGetterToIvarMap,const PropToIvarMapTy & InPropertyToIvarMap,ASTContext & InCtx)146 MethodCrawler(IvarSet &InIVars,
147 bool &InCalledAnotherInvalidationMethod,
148 const MethToIvarMapTy &InPropertySetterToIvarMap,
149 const MethToIvarMapTy &InPropertyGetterToIvarMap,
150 const PropToIvarMapTy &InPropertyToIvarMap,
151 ASTContext &InCtx)
152 : IVars(InIVars),
153 CalledAnotherInvalidationMethod(InCalledAnotherInvalidationMethod),
154 PropertySetterToIvarMap(InPropertySetterToIvarMap),
155 PropertyGetterToIvarMap(InPropertyGetterToIvarMap),
156 PropertyToIvarMap(InPropertyToIvarMap),
157 InvalidationMethod(nullptr),
158 Ctx(InCtx) {}
159
VisitStmt(const Stmt * S)160 void VisitStmt(const Stmt *S) { VisitChildren(S); }
161
162 void VisitBinaryOperator(const BinaryOperator *BO);
163
164 void VisitObjCMessageExpr(const ObjCMessageExpr *ME);
165
VisitChildren(const Stmt * S)166 void VisitChildren(const Stmt *S) {
167 for (const auto *Child : S->children()) {
168 if (Child)
169 this->Visit(Child);
170 if (CalledAnotherInvalidationMethod)
171 return;
172 }
173 }
174 };
175
176 /// Check if the any of the methods inside the interface are annotated with
177 /// the invalidation annotation, update the IvarInfo accordingly.
178 /// \param LookForPartial is set when we are searching for partial
179 /// invalidators.
180 static void containsInvalidationMethod(const ObjCContainerDecl *D,
181 InvalidationInfo &Out,
182 bool LookForPartial);
183
184 /// Check if ivar should be tracked and add to TrackedIvars if positive.
185 /// Returns true if ivar should be tracked.
186 static bool trackIvar(const ObjCIvarDecl *Iv, IvarSet &TrackedIvars,
187 const ObjCIvarDecl **FirstIvarDecl);
188
189 /// Given the property declaration, and the list of tracked ivars, finds
190 /// the ivar backing the property when possible. Returns '0' when no such
191 /// ivar could be found.
192 static const ObjCIvarDecl *findPropertyBackingIvar(
193 const ObjCPropertyDecl *Prop,
194 const ObjCInterfaceDecl *InterfaceD,
195 IvarSet &TrackedIvars,
196 const ObjCIvarDecl **FirstIvarDecl);
197
198 /// Print ivar name or the property if the given ivar backs a property.
199 static void printIvar(llvm::raw_svector_ostream &os,
200 const ObjCIvarDecl *IvarDecl,
201 const IvarToPropMapTy &IvarToPopertyMap);
202
203 void reportNoInvalidationMethod(CheckName CheckName,
204 const ObjCIvarDecl *FirstIvarDecl,
205 const IvarToPropMapTy &IvarToPopertyMap,
206 const ObjCInterfaceDecl *InterfaceD,
207 bool MissingDeclaration) const;
208
209 void reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
210 const IvarToPropMapTy &IvarToPopertyMap,
211 const ObjCMethodDecl *MethodD) const;
212
213 AnalysisManager& Mgr;
214 BugReporter &BR;
215 /// Filter on the checks performed.
216 const ChecksFilter &Filter;
217
218 public:
IvarInvalidationCheckerImpl(AnalysisManager & InMgr,BugReporter & InBR,const ChecksFilter & InFilter)219 IvarInvalidationCheckerImpl(AnalysisManager& InMgr,
220 BugReporter &InBR,
221 const ChecksFilter &InFilter) :
222 Mgr (InMgr), BR(InBR), Filter(InFilter) {}
223
224 void visit(const ObjCImplementationDecl *D) const;
225 };
226
isInvalidationMethod(const ObjCMethodDecl * M,bool LookForPartial)227 static bool isInvalidationMethod(const ObjCMethodDecl *M, bool LookForPartial) {
228 for (const auto *Ann : M->specific_attrs<AnnotateAttr>()) {
229 if (!LookForPartial &&
230 Ann->getAnnotation() == "objc_instance_variable_invalidator")
231 return true;
232 if (LookForPartial &&
233 Ann->getAnnotation() == "objc_instance_variable_invalidator_partial")
234 return true;
235 }
236 return false;
237 }
238
containsInvalidationMethod(const ObjCContainerDecl * D,InvalidationInfo & OutInfo,bool Partial)239 void IvarInvalidationCheckerImpl::containsInvalidationMethod(
240 const ObjCContainerDecl *D, InvalidationInfo &OutInfo, bool Partial) {
241
242 if (!D)
243 return;
244
245 assert(!isa<ObjCImplementationDecl>(D));
246 // TODO: Cache the results.
247
248 // Check all methods.
249 for (const auto *MDI : D->methods())
250 if (isInvalidationMethod(MDI, Partial))
251 OutInfo.addInvalidationMethod(
252 cast<ObjCMethodDecl>(MDI->getCanonicalDecl()));
253
254 // If interface, check all parent protocols and super.
255 if (const ObjCInterfaceDecl *InterfD = dyn_cast<ObjCInterfaceDecl>(D)) {
256
257 // Visit all protocols.
258 for (const auto *I : InterfD->protocols())
259 containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
260
261 // Visit all categories in case the invalidation method is declared in
262 // a category.
263 for (const auto *Ext : InterfD->visible_extensions())
264 containsInvalidationMethod(Ext, OutInfo, Partial);
265
266 containsInvalidationMethod(InterfD->getSuperClass(), OutInfo, Partial);
267 return;
268 }
269
270 // If protocol, check all parent protocols.
271 if (const ObjCProtocolDecl *ProtD = dyn_cast<ObjCProtocolDecl>(D)) {
272 for (const auto *I : ProtD->protocols()) {
273 containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
274 }
275 return;
276 }
277 }
278
trackIvar(const ObjCIvarDecl * Iv,IvarSet & TrackedIvars,const ObjCIvarDecl ** FirstIvarDecl)279 bool IvarInvalidationCheckerImpl::trackIvar(const ObjCIvarDecl *Iv,
280 IvarSet &TrackedIvars,
281 const ObjCIvarDecl **FirstIvarDecl) {
282 QualType IvQTy = Iv->getType();
283 const ObjCObjectPointerType *IvTy = IvQTy->getAs<ObjCObjectPointerType>();
284 if (!IvTy)
285 return false;
286 const ObjCInterfaceDecl *IvInterf = IvTy->getInterfaceDecl();
287
288 InvalidationInfo Info;
289 containsInvalidationMethod(IvInterf, Info, /*LookForPartial*/ false);
290 if (Info.needsInvalidation()) {
291 const ObjCIvarDecl *I = cast<ObjCIvarDecl>(Iv->getCanonicalDecl());
292 TrackedIvars[I] = Info;
293 if (!*FirstIvarDecl)
294 *FirstIvarDecl = I;
295 return true;
296 }
297 return false;
298 }
299
findPropertyBackingIvar(const ObjCPropertyDecl * Prop,const ObjCInterfaceDecl * InterfaceD,IvarSet & TrackedIvars,const ObjCIvarDecl ** FirstIvarDecl)300 const ObjCIvarDecl *IvarInvalidationCheckerImpl::findPropertyBackingIvar(
301 const ObjCPropertyDecl *Prop,
302 const ObjCInterfaceDecl *InterfaceD,
303 IvarSet &TrackedIvars,
304 const ObjCIvarDecl **FirstIvarDecl) {
305 const ObjCIvarDecl *IvarD = nullptr;
306
307 // Lookup for the synthesized case.
308 IvarD = Prop->getPropertyIvarDecl();
309 // We only track the ivars/properties that are defined in the current
310 // class (not the parent).
311 if (IvarD && IvarD->getContainingInterface() == InterfaceD) {
312 if (TrackedIvars.count(IvarD)) {
313 return IvarD;
314 }
315 // If the ivar is synthesized we still want to track it.
316 if (trackIvar(IvarD, TrackedIvars, FirstIvarDecl))
317 return IvarD;
318 }
319
320 // Lookup IVars named "_PropName"or "PropName" among the tracked Ivars.
321 StringRef PropName = Prop->getIdentifier()->getName();
322 for (IvarSet::const_iterator I = TrackedIvars.begin(),
323 E = TrackedIvars.end(); I != E; ++I) {
324 const ObjCIvarDecl *Iv = I->first;
325 StringRef IvarName = Iv->getName();
326
327 if (IvarName == PropName)
328 return Iv;
329
330 SmallString<128> PropNameWithUnderscore;
331 {
332 llvm::raw_svector_ostream os(PropNameWithUnderscore);
333 os << '_' << PropName;
334 }
335 if (IvarName == PropNameWithUnderscore)
336 return Iv;
337 }
338
339 // Note, this is a possible source of false positives. We could look at the
340 // getter implementation to find the ivar when its name is not derived from
341 // the property name.
342 return nullptr;
343 }
344
printIvar(llvm::raw_svector_ostream & os,const ObjCIvarDecl * IvarDecl,const IvarToPropMapTy & IvarToPopertyMap)345 void IvarInvalidationCheckerImpl::printIvar(llvm::raw_svector_ostream &os,
346 const ObjCIvarDecl *IvarDecl,
347 const IvarToPropMapTy &IvarToPopertyMap) {
348 if (IvarDecl->getSynthesize()) {
349 const ObjCPropertyDecl *PD = IvarToPopertyMap.lookup(IvarDecl);
350 assert(PD &&"Do we synthesize ivars for something other than properties?");
351 os << "Property "<< PD->getName() << " ";
352 } else {
353 os << "Instance variable "<< IvarDecl->getName() << " ";
354 }
355 }
356
357 // Check that the invalidatable interfaces with ivars/properties implement the
358 // invalidation methods.
359 void IvarInvalidationCheckerImpl::
visit(const ObjCImplementationDecl * ImplD) const360 visit(const ObjCImplementationDecl *ImplD) const {
361 // Collect all ivars that need cleanup.
362 IvarSet Ivars;
363 // Record the first Ivar needing invalidation; used in reporting when only
364 // one ivar is sufficient. Cannot grab the first on the Ivars set to ensure
365 // deterministic output.
366 const ObjCIvarDecl *FirstIvarDecl = nullptr;
367 const ObjCInterfaceDecl *InterfaceD = ImplD->getClassInterface();
368
369 // Collect ivars declared in this class, its extensions and its implementation
370 ObjCInterfaceDecl *IDecl = const_cast<ObjCInterfaceDecl *>(InterfaceD);
371 for (const ObjCIvarDecl *Iv = IDecl->all_declared_ivar_begin(); Iv;
372 Iv= Iv->getNextIvar())
373 trackIvar(Iv, Ivars, &FirstIvarDecl);
374
375 // Construct Property/Property Accessor to Ivar maps to assist checking if an
376 // ivar which is backing a property has been reset.
377 MethToIvarMapTy PropSetterToIvarMap;
378 MethToIvarMapTy PropGetterToIvarMap;
379 PropToIvarMapTy PropertyToIvarMap;
380 IvarToPropMapTy IvarToPopertyMap;
381
382 ObjCInterfaceDecl::PropertyMap PropMap;
383 ObjCInterfaceDecl::PropertyDeclOrder PropOrder;
384 InterfaceD->collectPropertiesToImplement(PropMap, PropOrder);
385
386 for (ObjCInterfaceDecl::PropertyMap::iterator
387 I = PropMap.begin(), E = PropMap.end(); I != E; ++I) {
388 const ObjCPropertyDecl *PD = I->second;
389 if (PD->isClassProperty())
390 continue;
391
392 const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterfaceD, Ivars,
393 &FirstIvarDecl);
394 if (!ID)
395 continue;
396
397 // Store the mappings.
398 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
399 PropertyToIvarMap[PD] = ID;
400 IvarToPopertyMap[ID] = PD;
401
402 // Find the setter and the getter.
403 const ObjCMethodDecl *SetterD = PD->getSetterMethodDecl();
404 if (SetterD) {
405 SetterD = cast<ObjCMethodDecl>(SetterD->getCanonicalDecl());
406 PropSetterToIvarMap[SetterD] = ID;
407 }
408
409 const ObjCMethodDecl *GetterD = PD->getGetterMethodDecl();
410 if (GetterD) {
411 GetterD = cast<ObjCMethodDecl>(GetterD->getCanonicalDecl());
412 PropGetterToIvarMap[GetterD] = ID;
413 }
414 }
415
416 // If no ivars need invalidation, there is nothing to check here.
417 if (Ivars.empty())
418 return;
419
420 // Find all partial invalidation methods.
421 InvalidationInfo PartialInfo;
422 containsInvalidationMethod(InterfaceD, PartialInfo, /*LookForPartial*/ true);
423
424 // Remove ivars invalidated by the partial invalidation methods. They do not
425 // need to be invalidated in the regular invalidation methods.
426 bool AtImplementationContainsAtLeastOnePartialInvalidationMethod = false;
427 for (MethodSet::iterator
428 I = PartialInfo.InvalidationMethods.begin(),
429 E = PartialInfo.InvalidationMethods.end(); I != E; ++I) {
430 const ObjCMethodDecl *InterfD = *I;
431
432 // Get the corresponding method in the @implementation.
433 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
434 InterfD->isInstanceMethod());
435 if (D && D->hasBody()) {
436 AtImplementationContainsAtLeastOnePartialInvalidationMethod = true;
437
438 bool CalledAnotherInvalidationMethod = false;
439 // The MethodCrowler is going to remove the invalidated ivars.
440 MethodCrawler(Ivars,
441 CalledAnotherInvalidationMethod,
442 PropSetterToIvarMap,
443 PropGetterToIvarMap,
444 PropertyToIvarMap,
445 BR.getContext()).VisitStmt(D->getBody());
446 // If another invalidation method was called, trust that full invalidation
447 // has occurred.
448 if (CalledAnotherInvalidationMethod)
449 Ivars.clear();
450 }
451 }
452
453 // If all ivars have been invalidated by partial invalidators, there is
454 // nothing to check here.
455 if (Ivars.empty())
456 return;
457
458 // Find all invalidation methods in this @interface declaration and parents.
459 InvalidationInfo Info;
460 containsInvalidationMethod(InterfaceD, Info, /*LookForPartial*/ false);
461
462 // Report an error in case none of the invalidation methods are declared.
463 if (!Info.needsInvalidation() && !PartialInfo.needsInvalidation()) {
464 if (Filter.check_MissingInvalidationMethod)
465 reportNoInvalidationMethod(Filter.checkName_MissingInvalidationMethod,
466 FirstIvarDecl, IvarToPopertyMap, InterfaceD,
467 /*MissingDeclaration*/ true);
468 // If there are no invalidation methods, there is no ivar validation work
469 // to be done.
470 return;
471 }
472
473 // Only check if Ivars are invalidated when InstanceVariableInvalidation
474 // has been requested.
475 if (!Filter.check_InstanceVariableInvalidation)
476 return;
477
478 // Check that all ivars are invalidated by the invalidation methods.
479 bool AtImplementationContainsAtLeastOneInvalidationMethod = false;
480 for (MethodSet::iterator I = Info.InvalidationMethods.begin(),
481 E = Info.InvalidationMethods.end(); I != E; ++I) {
482 const ObjCMethodDecl *InterfD = *I;
483
484 // Get the corresponding method in the @implementation.
485 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
486 InterfD->isInstanceMethod());
487 if (D && D->hasBody()) {
488 AtImplementationContainsAtLeastOneInvalidationMethod = true;
489
490 // Get a copy of ivars needing invalidation.
491 IvarSet IvarsI = Ivars;
492
493 bool CalledAnotherInvalidationMethod = false;
494 MethodCrawler(IvarsI,
495 CalledAnotherInvalidationMethod,
496 PropSetterToIvarMap,
497 PropGetterToIvarMap,
498 PropertyToIvarMap,
499 BR.getContext()).VisitStmt(D->getBody());
500 // If another invalidation method was called, trust that full invalidation
501 // has occurred.
502 if (CalledAnotherInvalidationMethod)
503 continue;
504
505 // Warn on the ivars that were not invalidated by the method.
506 for (IvarSet::const_iterator
507 I = IvarsI.begin(), E = IvarsI.end(); I != E; ++I)
508 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, D);
509 }
510 }
511
512 // Report an error in case none of the invalidation methods are implemented.
513 if (!AtImplementationContainsAtLeastOneInvalidationMethod) {
514 if (AtImplementationContainsAtLeastOnePartialInvalidationMethod) {
515 // Warn on the ivars that were not invalidated by the prrtial
516 // invalidation methods.
517 for (IvarSet::const_iterator
518 I = Ivars.begin(), E = Ivars.end(); I != E; ++I)
519 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, nullptr);
520 } else {
521 // Otherwise, no invalidation methods were implemented.
522 reportNoInvalidationMethod(Filter.checkName_InstanceVariableInvalidation,
523 FirstIvarDecl, IvarToPopertyMap, InterfaceD,
524 /*MissingDeclaration*/ false);
525 }
526 }
527 }
528
reportNoInvalidationMethod(CheckName CheckName,const ObjCIvarDecl * FirstIvarDecl,const IvarToPropMapTy & IvarToPopertyMap,const ObjCInterfaceDecl * InterfaceD,bool MissingDeclaration) const529 void IvarInvalidationCheckerImpl::reportNoInvalidationMethod(
530 CheckName CheckName, const ObjCIvarDecl *FirstIvarDecl,
531 const IvarToPropMapTy &IvarToPopertyMap,
532 const ObjCInterfaceDecl *InterfaceD, bool MissingDeclaration) const {
533 SmallString<128> sbuf;
534 llvm::raw_svector_ostream os(sbuf);
535 assert(FirstIvarDecl);
536 printIvar(os, FirstIvarDecl, IvarToPopertyMap);
537 os << "needs to be invalidated; ";
538 if (MissingDeclaration)
539 os << "no invalidation method is declared for ";
540 else
541 os << "no invalidation method is defined in the @implementation for ";
542 os << InterfaceD->getName();
543
544 PathDiagnosticLocation IvarDecLocation =
545 PathDiagnosticLocation::createBegin(FirstIvarDecl, BR.getSourceManager());
546
547 BR.EmitBasicReport(FirstIvarDecl, CheckName, "Incomplete invalidation",
548 categories::CoreFoundationObjectiveC, os.str(),
549 IvarDecLocation);
550 }
551
552 void IvarInvalidationCheckerImpl::
reportIvarNeedsInvalidation(const ObjCIvarDecl * IvarD,const IvarToPropMapTy & IvarToPopertyMap,const ObjCMethodDecl * MethodD) const553 reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
554 const IvarToPropMapTy &IvarToPopertyMap,
555 const ObjCMethodDecl *MethodD) const {
556 SmallString<128> sbuf;
557 llvm::raw_svector_ostream os(sbuf);
558 printIvar(os, IvarD, IvarToPopertyMap);
559 os << "needs to be invalidated or set to nil";
560 if (MethodD) {
561 PathDiagnosticLocation MethodDecLocation =
562 PathDiagnosticLocation::createEnd(MethodD->getBody(),
563 BR.getSourceManager(),
564 Mgr.getAnalysisDeclContext(MethodD));
565 BR.EmitBasicReport(MethodD, Filter.checkName_InstanceVariableInvalidation,
566 "Incomplete invalidation",
567 categories::CoreFoundationObjectiveC, os.str(),
568 MethodDecLocation);
569 } else {
570 BR.EmitBasicReport(
571 IvarD, Filter.checkName_InstanceVariableInvalidation,
572 "Incomplete invalidation", categories::CoreFoundationObjectiveC,
573 os.str(),
574 PathDiagnosticLocation::createBegin(IvarD, BR.getSourceManager()));
575 }
576 }
577
markInvalidated(const ObjCIvarDecl * Iv)578 void IvarInvalidationCheckerImpl::MethodCrawler::markInvalidated(
579 const ObjCIvarDecl *Iv) {
580 IvarSet::iterator I = IVars.find(Iv);
581 if (I != IVars.end()) {
582 // If InvalidationMethod is present, we are processing the message send and
583 // should ensure we are invalidating with the appropriate method,
584 // otherwise, we are processing setting to 'nil'.
585 if (!InvalidationMethod || I->second.hasMethod(InvalidationMethod))
586 IVars.erase(I);
587 }
588 }
589
peel(const Expr * E) const590 const Expr *IvarInvalidationCheckerImpl::MethodCrawler::peel(const Expr *E) const {
591 E = E->IgnoreParenCasts();
592 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E))
593 E = POE->getSyntacticForm()->IgnoreParenCasts();
594 if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E))
595 E = OVE->getSourceExpr()->IgnoreParenCasts();
596 return E;
597 }
598
checkObjCIvarRefExpr(const ObjCIvarRefExpr * IvarRef)599 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCIvarRefExpr(
600 const ObjCIvarRefExpr *IvarRef) {
601 if (const Decl *D = IvarRef->getDecl())
602 markInvalidated(cast<ObjCIvarDecl>(D->getCanonicalDecl()));
603 }
604
checkObjCMessageExpr(const ObjCMessageExpr * ME)605 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCMessageExpr(
606 const ObjCMessageExpr *ME) {
607 const ObjCMethodDecl *MD = ME->getMethodDecl();
608 if (MD) {
609 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
610 MethToIvarMapTy::const_iterator IvI = PropertyGetterToIvarMap.find(MD);
611 if (IvI != PropertyGetterToIvarMap.end())
612 markInvalidated(IvI->second);
613 }
614 }
615
checkObjCPropertyRefExpr(const ObjCPropertyRefExpr * PA)616 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCPropertyRefExpr(
617 const ObjCPropertyRefExpr *PA) {
618
619 if (PA->isExplicitProperty()) {
620 const ObjCPropertyDecl *PD = PA->getExplicitProperty();
621 if (PD) {
622 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
623 PropToIvarMapTy::const_iterator IvI = PropertyToIvarMap.find(PD);
624 if (IvI != PropertyToIvarMap.end())
625 markInvalidated(IvI->second);
626 return;
627 }
628 }
629
630 if (PA->isImplicitProperty()) {
631 const ObjCMethodDecl *MD = PA->getImplicitPropertySetter();
632 if (MD) {
633 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
634 MethToIvarMapTy::const_iterator IvI =PropertyGetterToIvarMap.find(MD);
635 if (IvI != PropertyGetterToIvarMap.end())
636 markInvalidated(IvI->second);
637 return;
638 }
639 }
640 }
641
isZero(const Expr * E) const642 bool IvarInvalidationCheckerImpl::MethodCrawler::isZero(const Expr *E) const {
643 E = peel(E);
644
645 return (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull)
646 != Expr::NPCK_NotNull);
647 }
648
check(const Expr * E)649 void IvarInvalidationCheckerImpl::MethodCrawler::check(const Expr *E) {
650 E = peel(E);
651
652 if (const ObjCIvarRefExpr *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {
653 checkObjCIvarRefExpr(IvarRef);
654 return;
655 }
656
657 if (const ObjCPropertyRefExpr *PropRef = dyn_cast<ObjCPropertyRefExpr>(E)) {
658 checkObjCPropertyRefExpr(PropRef);
659 return;
660 }
661
662 if (const ObjCMessageExpr *MsgExpr = dyn_cast<ObjCMessageExpr>(E)) {
663 checkObjCMessageExpr(MsgExpr);
664 return;
665 }
666 }
667
VisitBinaryOperator(const BinaryOperator * BO)668 void IvarInvalidationCheckerImpl::MethodCrawler::VisitBinaryOperator(
669 const BinaryOperator *BO) {
670 VisitStmt(BO);
671
672 // Do we assign/compare against zero? If yes, check the variable we are
673 // assigning to.
674 BinaryOperatorKind Opcode = BO->getOpcode();
675 if (Opcode != BO_Assign &&
676 Opcode != BO_EQ &&
677 Opcode != BO_NE)
678 return;
679
680 if (isZero(BO->getRHS())) {
681 check(BO->getLHS());
682 return;
683 }
684
685 if (Opcode != BO_Assign && isZero(BO->getLHS())) {
686 check(BO->getRHS());
687 return;
688 }
689 }
690
VisitObjCMessageExpr(const ObjCMessageExpr * ME)691 void IvarInvalidationCheckerImpl::MethodCrawler::VisitObjCMessageExpr(
692 const ObjCMessageExpr *ME) {
693 const ObjCMethodDecl *MD = ME->getMethodDecl();
694 const Expr *Receiver = ME->getInstanceReceiver();
695
696 // Stop if we are calling '[self invalidate]'.
697 if (Receiver && isInvalidationMethod(MD, /*LookForPartial*/ false))
698 if (Receiver->isObjCSelfExpr()) {
699 CalledAnotherInvalidationMethod = true;
700 return;
701 }
702
703 // Check if we call a setter and set the property to 'nil'.
704 if (MD && (ME->getNumArgs() == 1) && isZero(ME->getArg(0))) {
705 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
706 MethToIvarMapTy::const_iterator IvI = PropertySetterToIvarMap.find(MD);
707 if (IvI != PropertySetterToIvarMap.end()) {
708 markInvalidated(IvI->second);
709 return;
710 }
711 }
712
713 // Check if we call the 'invalidation' routine on the ivar.
714 if (Receiver) {
715 InvalidationMethod = MD;
716 check(Receiver->IgnoreParenCasts());
717 InvalidationMethod = nullptr;
718 }
719
720 VisitStmt(ME);
721 }
722 } // end anonymous namespace
723
724 // Register the checkers.
725 namespace {
726 class IvarInvalidationChecker :
727 public Checker<check::ASTDecl<ObjCImplementationDecl> > {
728 public:
729 ChecksFilter Filter;
730 public:
checkASTDecl(const ObjCImplementationDecl * D,AnalysisManager & Mgr,BugReporter & BR) const731 void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
732 BugReporter &BR) const {
733 IvarInvalidationCheckerImpl Walker(Mgr, BR, Filter);
734 Walker.visit(D);
735 }
736 };
737 } // end anonymous namespace
738
739 #define REGISTER_CHECKER(name) \
740 void ento::register##name(CheckerManager &mgr) { \
741 IvarInvalidationChecker *checker = \
742 mgr.registerChecker<IvarInvalidationChecker>(); \
743 checker->Filter.check_##name = true; \
744 checker->Filter.checkName_##name = mgr.getCurrentCheckName(); \
745 }
746
747 REGISTER_CHECKER(InstanceVariableInvalidation)
748 REGISTER_CHECKER(MissingInvalidationMethod)
749