clang  9.0.0svn
ThreadSafety.cpp
Go to the documentation of this file.
1 //===- ThreadSafety.cpp ---------------------------------------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // A intra-procedural analysis for thread safety (e.g. deadlocks and race
11 // conditions), based off of an annotation system.
12 //
13 // See http://clang.llvm.org/docs/ThreadSafetyAnalysis.html
14 // for more information.
15 //
16 //===----------------------------------------------------------------------===//
17 
19 #include "clang/AST/Attr.h"
20 #include "clang/AST/Decl.h"
21 #include "clang/AST/DeclCXX.h"
22 #include "clang/AST/DeclGroup.h"
23 #include "clang/AST/Expr.h"
24 #include "clang/AST/ExprCXX.h"
26 #include "clang/AST/Stmt.h"
27 #include "clang/AST/StmtVisitor.h"
28 #include "clang/AST/Type.h"
35 #include "clang/Analysis/CFG.h"
36 #include "clang/Basic/Builtins.h"
37 #include "clang/Basic/LLVM.h"
40 #include "clang/Basic/Specifiers.h"
41 #include "llvm/ADT/ArrayRef.h"
42 #include "llvm/ADT/DenseMap.h"
43 #include "llvm/ADT/ImmutableMap.h"
44 #include "llvm/ADT/Optional.h"
45 #include "llvm/ADT/PointerIntPair.h"
46 #include "llvm/ADT/STLExtras.h"
47 #include "llvm/ADT/SmallVector.h"
48 #include "llvm/ADT/StringRef.h"
49 #include "llvm/Support/Allocator.h"
50 #include "llvm/Support/Casting.h"
51 #include "llvm/Support/ErrorHandling.h"
52 #include "llvm/Support/raw_ostream.h"
53 #include <algorithm>
54 #include <cassert>
55 #include <functional>
56 #include <iterator>
57 #include <memory>
58 #include <string>
59 #include <type_traits>
60 #include <utility>
61 #include <vector>
62 
63 using namespace clang;
64 using namespace threadSafety;
65 
66 // Key method definition
68 
69 /// Issue a warning about an invalid lock expression
70 static void warnInvalidLock(ThreadSafetyHandler &Handler,
71  const Expr *MutexExp, const NamedDecl *D,
72  const Expr *DeclExp, StringRef Kind) {
73  SourceLocation Loc;
74  if (DeclExp)
75  Loc = DeclExp->getExprLoc();
76 
77  // FIXME: add a note about the attribute location in MutexExp or D
78  if (Loc.isValid())
79  Handler.handleInvalidLockExp(Kind, Loc);
80 }
81 
82 namespace {
83 
84 /// A set of CapabilityExpr objects, which are compiled from thread safety
85 /// attributes on a function.
86 class CapExprSet : public SmallVector<CapabilityExpr, 4> {
87 public:
88  /// Push M onto list, but discard duplicates.
89  void push_back_nodup(const CapabilityExpr &CapE) {
90  iterator It = std::find_if(begin(), end(),
91  [=](const CapabilityExpr &CapE2) {
92  return CapE.equals(CapE2);
93  });
94  if (It == end())
95  push_back(CapE);
96  }
97 };
98 
99 class FactManager;
100 class FactSet;
101 
102 /// This is a helper class that stores a fact that is known at a
103 /// particular point in program execution. Currently, a fact is a capability,
104 /// along with additional information, such as where it was acquired, whether
105 /// it is exclusive or shared, etc.
106 ///
107 /// FIXME: this analysis does not currently support re-entrant locking.
108 class FactEntry : public CapabilityExpr {
109 private:
110  /// Exclusive or shared.
111  LockKind LKind;
112 
113  /// Where it was acquired.
114  SourceLocation AcquireLoc;
115 
116  /// True if the lock was asserted.
117  bool Asserted;
118 
119  /// True if the lock was declared.
120  bool Declared;
121 
122 public:
123  FactEntry(const CapabilityExpr &CE, LockKind LK, SourceLocation Loc,
124  bool Asrt, bool Declrd = false)
125  : CapabilityExpr(CE), LKind(LK), AcquireLoc(Loc), Asserted(Asrt),
126  Declared(Declrd) {}
127  virtual ~FactEntry() = default;
128 
129  LockKind kind() const { return LKind; }
130  SourceLocation loc() const { return AcquireLoc; }
131  bool asserted() const { return Asserted; }
132  bool declared() const { return Declared; }
133 
134  void setDeclared(bool D) { Declared = D; }
135 
136  virtual void
137  handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
138  SourceLocation JoinLoc, LockErrorKind LEK,
139  ThreadSafetyHandler &Handler) const = 0;
140  virtual void handleLock(FactSet &FSet, FactManager &FactMan,
141  const FactEntry &entry, ThreadSafetyHandler &Handler,
142  StringRef DiagKind) const = 0;
143  virtual void handleUnlock(FactSet &FSet, FactManager &FactMan,
144  const CapabilityExpr &Cp, SourceLocation UnlockLoc,
145  bool FullyRemove, ThreadSafetyHandler &Handler,
146  StringRef DiagKind) const = 0;
147 
148  // Return true if LKind >= LK, where exclusive > shared
149  bool isAtLeast(LockKind LK) const {
150  return (LKind == LK_Exclusive) || (LK == LK_Shared);
151  }
152 };
153 
154 using FactID = unsigned short;
155 
156 /// FactManager manages the memory for all facts that are created during
157 /// the analysis of a single routine.
158 class FactManager {
159 private:
160  std::vector<std::unique_ptr<const FactEntry>> Facts;
161 
162 public:
163  FactID newFact(std::unique_ptr<FactEntry> Entry) {
164  Facts.push_back(std::move(Entry));
165  return static_cast<unsigned short>(Facts.size() - 1);
166  }
167 
168  const FactEntry &operator[](FactID F) const { return *Facts[F]; }
169 };
170 
171 /// A FactSet is the set of facts that are known to be true at a
172 /// particular program point. FactSets must be small, because they are
173 /// frequently copied, and are thus implemented as a set of indices into a
174 /// table maintained by a FactManager. A typical FactSet only holds 1 or 2
175 /// locks, so we can get away with doing a linear search for lookup. Note
176 /// that a hashtable or map is inappropriate in this case, because lookups
177 /// may involve partial pattern matches, rather than exact matches.
178 class FactSet {
179 private:
180  using FactVec = SmallVector<FactID, 4>;
181 
182  FactVec FactIDs;
183 
184 public:
185  using iterator = FactVec::iterator;
186  using const_iterator = FactVec::const_iterator;
187 
188  iterator begin() { return FactIDs.begin(); }
189  const_iterator begin() const { return FactIDs.begin(); }
190 
191  iterator end() { return FactIDs.end(); }
192  const_iterator end() const { return FactIDs.end(); }
193 
194  bool isEmpty() const { return FactIDs.size() == 0; }
195 
196  // Return true if the set contains only negative facts
197  bool isEmpty(FactManager &FactMan) const {
198  for (const auto FID : *this) {
199  if (!FactMan[FID].negative())
200  return false;
201  }
202  return true;
203  }
204 
205  void addLockByID(FactID ID) { FactIDs.push_back(ID); }
206 
207  FactID addLock(FactManager &FM, std::unique_ptr<FactEntry> Entry) {
208  FactID F = FM.newFact(std::move(Entry));
209  FactIDs.push_back(F);
210  return F;
211  }
212 
213  bool removeLock(FactManager& FM, const CapabilityExpr &CapE) {
214  unsigned n = FactIDs.size();
215  if (n == 0)
216  return false;
217 
218  for (unsigned i = 0; i < n-1; ++i) {
219  if (FM[FactIDs[i]].matches(CapE)) {
220  FactIDs[i] = FactIDs[n-1];
221  FactIDs.pop_back();
222  return true;
223  }
224  }
225  if (FM[FactIDs[n-1]].matches(CapE)) {
226  FactIDs.pop_back();
227  return true;
228  }
229  return false;
230  }
231 
232  iterator findLockIter(FactManager &FM, const CapabilityExpr &CapE) {
233  return std::find_if(begin(), end(), [&](FactID ID) {
234  return FM[ID].matches(CapE);
235  });
236  }
237 
238  const FactEntry *findLock(FactManager &FM, const CapabilityExpr &CapE) const {
239  auto I = std::find_if(begin(), end(), [&](FactID ID) {
240  return FM[ID].matches(CapE);
241  });
242  return I != end() ? &FM[*I] : nullptr;
243  }
244 
245  const FactEntry *findLockUniv(FactManager &FM,
246  const CapabilityExpr &CapE) const {
247  auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
248  return FM[ID].matchesUniv(CapE);
249  });
250  return I != end() ? &FM[*I] : nullptr;
251  }
252 
253  const FactEntry *findPartialMatch(FactManager &FM,
254  const CapabilityExpr &CapE) const {
255  auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
256  return FM[ID].partiallyMatches(CapE);
257  });
258  return I != end() ? &FM[*I] : nullptr;
259  }
260 
261  bool containsMutexDecl(FactManager &FM, const ValueDecl* Vd) const {
262  auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
263  return FM[ID].valueDecl() == Vd;
264  });
265  return I != end();
266  }
267 };
268 
269 class ThreadSafetyAnalyzer;
270 
271 } // namespace
272 
273 namespace clang {
274 namespace threadSafety {
275 
276 class BeforeSet {
277 private:
279 
280  struct BeforeInfo {
281  BeforeVect Vect;
282  int Visited = 0;
283 
284  BeforeInfo() = default;
285  BeforeInfo(BeforeInfo &&) = default;
286  };
287 
288  using BeforeMap =
289  llvm::DenseMap<const ValueDecl *, std::unique_ptr<BeforeInfo>>;
290  using CycleMap = llvm::DenseMap<const ValueDecl *, bool>;
291 
292 public:
293  BeforeSet() = default;
294 
295  BeforeInfo* insertAttrExprs(const ValueDecl* Vd,
296  ThreadSafetyAnalyzer& Analyzer);
297 
298  BeforeInfo *getBeforeInfoForDecl(const ValueDecl *Vd,
299  ThreadSafetyAnalyzer &Analyzer);
300 
301  void checkBeforeAfter(const ValueDecl* Vd,
302  const FactSet& FSet,
303  ThreadSafetyAnalyzer& Analyzer,
304  SourceLocation Loc, StringRef CapKind);
305 
306 private:
307  BeforeMap BMap;
308  CycleMap CycMap;
309 };
310 
311 } // namespace threadSafety
312 } // namespace clang
313 
314 namespace {
315 
316 class LocalVariableMap;
317 
318 using LocalVarContext = llvm::ImmutableMap<const NamedDecl *, unsigned>;
319 
320 /// A side (entry or exit) of a CFG node.
321 enum CFGBlockSide { CBS_Entry, CBS_Exit };
322 
323 /// CFGBlockInfo is a struct which contains all the information that is
324 /// maintained for each block in the CFG. See LocalVariableMap for more
325 /// information about the contexts.
326 struct CFGBlockInfo {
327  // Lockset held at entry to block
328  FactSet EntrySet;
329 
330  // Lockset held at exit from block
331  FactSet ExitSet;
332 
333  // Context held at entry to block
334  LocalVarContext EntryContext;
335 
336  // Context held at exit from block
337  LocalVarContext ExitContext;
338 
339  // Location of first statement in block
340  SourceLocation EntryLoc;
341 
342  // Location of last statement in block.
343  SourceLocation ExitLoc;
344 
345  // Used to replay contexts later
346  unsigned EntryIndex;
347 
348  // Is this block reachable?
349  bool Reachable = false;
350 
351  const FactSet &getSet(CFGBlockSide Side) const {
352  return Side == CBS_Entry ? EntrySet : ExitSet;
353  }
354 
355  SourceLocation getLocation(CFGBlockSide Side) const {
356  return Side == CBS_Entry ? EntryLoc : ExitLoc;
357  }
358 
359 private:
360  CFGBlockInfo(LocalVarContext EmptyCtx)
361  : EntryContext(EmptyCtx), ExitContext(EmptyCtx) {}
362 
363 public:
364  static CFGBlockInfo getEmptyBlockInfo(LocalVariableMap &M);
365 };
366 
367 // A LocalVariableMap maintains a map from local variables to their currently
368 // valid definitions. It provides SSA-like functionality when traversing the
369 // CFG. Like SSA, each definition or assignment to a variable is assigned a
370 // unique name (an integer), which acts as the SSA name for that definition.
371 // The total set of names is shared among all CFG basic blocks.
372 // Unlike SSA, we do not rewrite expressions to replace local variables declrefs
373 // with their SSA-names. Instead, we compute a Context for each point in the
374 // code, which maps local variables to the appropriate SSA-name. This map
375 // changes with each assignment.
376 //
377 // The map is computed in a single pass over the CFG. Subsequent analyses can
378 // then query the map to find the appropriate Context for a statement, and use
379 // that Context to look up the definitions of variables.
380 class LocalVariableMap {
381 public:
382  using Context = LocalVarContext;
383 
384  /// A VarDefinition consists of an expression, representing the value of the
385  /// variable, along with the context in which that expression should be
386  /// interpreted. A reference VarDefinition does not itself contain this
387  /// information, but instead contains a pointer to a previous VarDefinition.
388  struct VarDefinition {
389  public:
390  friend class LocalVariableMap;
391 
392  // The original declaration for this variable.
393  const NamedDecl *Dec;
394 
395  // The expression for this variable, OR
396  const Expr *Exp = nullptr;
397 
398  // Reference to another VarDefinition
399  unsigned Ref = 0;
400 
401  // The map with which Exp should be interpreted.
402  Context Ctx;
403 
404  bool isReference() { return !Exp; }
405 
406  private:
407  // Create ordinary variable definition
408  VarDefinition(const NamedDecl *D, const Expr *E, Context C)
409  : Dec(D), Exp(E), Ctx(C) {}
410 
411  // Create reference to previous definition
412  VarDefinition(const NamedDecl *D, unsigned R, Context C)
413  : Dec(D), Ref(R), Ctx(C) {}
414  };
415 
416 private:
417  Context::Factory ContextFactory;
418  std::vector<VarDefinition> VarDefinitions;
419  std::vector<unsigned> CtxIndices;
420  std::vector<std::pair<const Stmt *, Context>> SavedContexts;
421 
422 public:
423  LocalVariableMap() {
424  // index 0 is a placeholder for undefined variables (aka phi-nodes).
425  VarDefinitions.push_back(VarDefinition(nullptr, 0u, getEmptyContext()));
426  }
427 
428  /// Look up a definition, within the given context.
429  const VarDefinition* lookup(const NamedDecl *D, Context Ctx) {
430  const unsigned *i = Ctx.lookup(D);
431  if (!i)
432  return nullptr;
433  assert(*i < VarDefinitions.size());
434  return &VarDefinitions[*i];
435  }
436 
437  /// Look up the definition for D within the given context. Returns
438  /// NULL if the expression is not statically known. If successful, also
439  /// modifies Ctx to hold the context of the return Expr.
440  const Expr* lookupExpr(const NamedDecl *D, Context &Ctx) {
441  const unsigned *P = Ctx.lookup(D);
442  if (!P)
443  return nullptr;
444 
445  unsigned i = *P;
446  while (i > 0) {
447  if (VarDefinitions[i].Exp) {
448  Ctx = VarDefinitions[i].Ctx;
449  return VarDefinitions[i].Exp;
450  }
451  i = VarDefinitions[i].Ref;
452  }
453  return nullptr;
454  }
455 
456  Context getEmptyContext() { return ContextFactory.getEmptyMap(); }
457 
458  /// Return the next context after processing S. This function is used by
459  /// clients of the class to get the appropriate context when traversing the
460  /// CFG. It must be called for every assignment or DeclStmt.
461  Context getNextContext(unsigned &CtxIndex, const Stmt *S, Context C) {
462  if (SavedContexts[CtxIndex+1].first == S) {
463  CtxIndex++;
464  Context Result = SavedContexts[CtxIndex].second;
465  return Result;
466  }
467  return C;
468  }
469 
470  void dumpVarDefinitionName(unsigned i) {
471  if (i == 0) {
472  llvm::errs() << "Undefined";
473  return;
474  }
475  const NamedDecl *Dec = VarDefinitions[i].Dec;
476  if (!Dec) {
477  llvm::errs() << "<<NULL>>";
478  return;
479  }
480  Dec->printName(llvm::errs());
481  llvm::errs() << "." << i << " " << ((const void*) Dec);
482  }
483 
484  /// Dumps an ASCII representation of the variable map to llvm::errs()
485  void dump() {
486  for (unsigned i = 1, e = VarDefinitions.size(); i < e; ++i) {
487  const Expr *Exp = VarDefinitions[i].Exp;
488  unsigned Ref = VarDefinitions[i].Ref;
489 
490  dumpVarDefinitionName(i);
491  llvm::errs() << " = ";
492  if (Exp) Exp->dump();
493  else {
494  dumpVarDefinitionName(Ref);
495  llvm::errs() << "\n";
496  }
497  }
498  }
499 
500  /// Dumps an ASCII representation of a Context to llvm::errs()
501  void dumpContext(Context C) {
502  for (Context::iterator I = C.begin(), E = C.end(); I != E; ++I) {
503  const NamedDecl *D = I.getKey();
504  D->printName(llvm::errs());
505  const unsigned *i = C.lookup(D);
506  llvm::errs() << " -> ";
507  dumpVarDefinitionName(*i);
508  llvm::errs() << "\n";
509  }
510  }
511 
512  /// Builds the variable map.
513  void traverseCFG(CFG *CFGraph, const PostOrderCFGView *SortedGraph,
514  std::vector<CFGBlockInfo> &BlockInfo);
515 
516 protected:
517  friend class VarMapBuilder;
518 
519  // Get the current context index
520  unsigned getContextIndex() { return SavedContexts.size()-1; }
521 
522  // Save the current context for later replay
523  void saveContext(const Stmt *S, Context C) {
524  SavedContexts.push_back(std::make_pair(S, C));
525  }
526 
527  // Adds a new definition to the given context, and returns a new context.
528  // This method should be called when declaring a new variable.
529  Context addDefinition(const NamedDecl *D, const Expr *Exp, Context Ctx) {
530  assert(!Ctx.contains(D));
531  unsigned newID = VarDefinitions.size();
532  Context NewCtx = ContextFactory.add(Ctx, D, newID);
533  VarDefinitions.push_back(VarDefinition(D, Exp, Ctx));
534  return NewCtx;
535  }
536 
537  // Add a new reference to an existing definition.
538  Context addReference(const NamedDecl *D, unsigned i, Context Ctx) {
539  unsigned newID = VarDefinitions.size();
540  Context NewCtx = ContextFactory.add(Ctx, D, newID);
541  VarDefinitions.push_back(VarDefinition(D, i, Ctx));
542  return NewCtx;
543  }
544 
545  // Updates a definition only if that definition is already in the map.
546  // This method should be called when assigning to an existing variable.
547  Context updateDefinition(const NamedDecl *D, Expr *Exp, Context Ctx) {
548  if (Ctx.contains(D)) {
549  unsigned newID = VarDefinitions.size();
550  Context NewCtx = ContextFactory.remove(Ctx, D);
551  NewCtx = ContextFactory.add(NewCtx, D, newID);
552  VarDefinitions.push_back(VarDefinition(D, Exp, Ctx));
553  return NewCtx;
554  }
555  return Ctx;
556  }
557 
558  // Removes a definition from the context, but keeps the variable name
559  // as a valid variable. The index 0 is a placeholder for cleared definitions.
560  Context clearDefinition(const NamedDecl *D, Context Ctx) {
561  Context NewCtx = Ctx;
562  if (NewCtx.contains(D)) {
563  NewCtx = ContextFactory.remove(NewCtx, D);
564  NewCtx = ContextFactory.add(NewCtx, D, 0);
565  }
566  return NewCtx;
567  }
568 
569  // Remove a definition entirely frmo the context.
570  Context removeDefinition(const NamedDecl *D, Context Ctx) {
571  Context NewCtx = Ctx;
572  if (NewCtx.contains(D)) {
573  NewCtx = ContextFactory.remove(NewCtx, D);
574  }
575  return NewCtx;
576  }
577 
578  Context intersectContexts(Context C1, Context C2);
579  Context createReferenceContext(Context C);
580  void intersectBackEdge(Context C1, Context C2);
581 };
582 
583 } // namespace
584 
585 // This has to be defined after LocalVariableMap.
586 CFGBlockInfo CFGBlockInfo::getEmptyBlockInfo(LocalVariableMap &M) {
587  return CFGBlockInfo(M.getEmptyContext());
588 }
589 
590 namespace {
591 
592 /// Visitor which builds a LocalVariableMap
593 class VarMapBuilder : public ConstStmtVisitor<VarMapBuilder> {
594 public:
595  LocalVariableMap* VMap;
596  LocalVariableMap::Context Ctx;
597 
598  VarMapBuilder(LocalVariableMap *VM, LocalVariableMap::Context C)
599  : VMap(VM), Ctx(C) {}
600 
601  void VisitDeclStmt(const DeclStmt *S);
602  void VisitBinaryOperator(const BinaryOperator *BO);
603 };
604 
605 } // namespace
606 
607 // Add new local variables to the variable map
608 void VarMapBuilder::VisitDeclStmt(const DeclStmt *S) {
609  bool modifiedCtx = false;
610  const DeclGroupRef DGrp = S->getDeclGroup();
611  for (const auto *D : DGrp) {
612  if (const auto *VD = dyn_cast_or_null<VarDecl>(D)) {
613  const Expr *E = VD->getInit();
614 
615  // Add local variables with trivial type to the variable map
616  QualType T = VD->getType();
617  if (T.isTrivialType(VD->getASTContext())) {
618  Ctx = VMap->addDefinition(VD, E, Ctx);
619  modifiedCtx = true;
620  }
621  }
622  }
623  if (modifiedCtx)
624  VMap->saveContext(S, Ctx);
625 }
626 
627 // Update local variable definitions in variable map
628 void VarMapBuilder::VisitBinaryOperator(const BinaryOperator *BO) {
629  if (!BO->isAssignmentOp())
630  return;
631 
632  Expr *LHSExp = BO->getLHS()->IgnoreParenCasts();
633 
634  // Update the variable map and current context.
635  if (const auto *DRE = dyn_cast<DeclRefExpr>(LHSExp)) {
636  const ValueDecl *VDec = DRE->getDecl();
637  if (Ctx.lookup(VDec)) {
638  if (BO->getOpcode() == BO_Assign)
639  Ctx = VMap->updateDefinition(VDec, BO->getRHS(), Ctx);
640  else
641  // FIXME -- handle compound assignment operators
642  Ctx = VMap->clearDefinition(VDec, Ctx);
643  VMap->saveContext(BO, Ctx);
644  }
645  }
646 }
647 
648 // Computes the intersection of two contexts. The intersection is the
649 // set of variables which have the same definition in both contexts;
650 // variables with different definitions are discarded.
651 LocalVariableMap::Context
652 LocalVariableMap::intersectContexts(Context C1, Context C2) {
653  Context Result = C1;
654  for (const auto &P : C1) {
655  const NamedDecl *Dec = P.first;
656  const unsigned *i2 = C2.lookup(Dec);
657  if (!i2) // variable doesn't exist on second path
658  Result = removeDefinition(Dec, Result);
659  else if (*i2 != P.second) // variable exists, but has different definition
660  Result = clearDefinition(Dec, Result);
661  }
662  return Result;
663 }
664 
665 // For every variable in C, create a new variable that refers to the
666 // definition in C. Return a new context that contains these new variables.
667 // (We use this for a naive implementation of SSA on loop back-edges.)
668 LocalVariableMap::Context LocalVariableMap::createReferenceContext(Context C) {
669  Context Result = getEmptyContext();
670  for (const auto &P : C)
671  Result = addReference(P.first, P.second, Result);
672  return Result;
673 }
674 
675 // This routine also takes the intersection of C1 and C2, but it does so by
676 // altering the VarDefinitions. C1 must be the result of an earlier call to
677 // createReferenceContext.
678 void LocalVariableMap::intersectBackEdge(Context C1, Context C2) {
679  for (const auto &P : C1) {
680  unsigned i1 = P.second;
681  VarDefinition *VDef = &VarDefinitions[i1];
682  assert(VDef->isReference());
683 
684  const unsigned *i2 = C2.lookup(P.first);
685  if (!i2 || (*i2 != i1))
686  VDef->Ref = 0; // Mark this variable as undefined
687  }
688 }
689 
690 // Traverse the CFG in topological order, so all predecessors of a block
691 // (excluding back-edges) are visited before the block itself. At
692 // each point in the code, we calculate a Context, which holds the set of
693 // variable definitions which are visible at that point in execution.
694 // Visible variables are mapped to their definitions using an array that
695 // contains all definitions.
696 //
697 // At join points in the CFG, the set is computed as the intersection of
698 // the incoming sets along each edge, E.g.
699 //
700 // { Context | VarDefinitions }
701 // int x = 0; { x -> x1 | x1 = 0 }
702 // int y = 0; { x -> x1, y -> y1 | y1 = 0, x1 = 0 }
703 // if (b) x = 1; { x -> x2, y -> y1 | x2 = 1, y1 = 0, ... }
704 // else x = 2; { x -> x3, y -> y1 | x3 = 2, x2 = 1, ... }
705 // ... { y -> y1 (x is unknown) | x3 = 2, x2 = 1, ... }
706 //
707 // This is essentially a simpler and more naive version of the standard SSA
708 // algorithm. Those definitions that remain in the intersection are from blocks
709 // that strictly dominate the current block. We do not bother to insert proper
710 // phi nodes, because they are not used in our analysis; instead, wherever
711 // a phi node would be required, we simply remove that definition from the
712 // context (E.g. x above).
713 //
714 // The initial traversal does not capture back-edges, so those need to be
715 // handled on a separate pass. Whenever the first pass encounters an
716 // incoming back edge, it duplicates the context, creating new definitions
717 // that refer back to the originals. (These correspond to places where SSA
718 // might have to insert a phi node.) On the second pass, these definitions are
719 // set to NULL if the variable has changed on the back-edge (i.e. a phi
720 // node was actually required.) E.g.
721 //
722 // { Context | VarDefinitions }
723 // int x = 0, y = 0; { x -> x1, y -> y1 | y1 = 0, x1 = 0 }
724 // while (b) { x -> x2, y -> y1 | [1st:] x2=x1; [2nd:] x2=NULL; }
725 // x = x+1; { x -> x3, y -> y1 | x3 = x2 + 1, ... }
726 // ... { y -> y1 | x3 = 2, x2 = 1, ... }
727 void LocalVariableMap::traverseCFG(CFG *CFGraph,
728  const PostOrderCFGView *SortedGraph,
729  std::vector<CFGBlockInfo> &BlockInfo) {
730  PostOrderCFGView::CFGBlockSet VisitedBlocks(CFGraph);
731 
732  CtxIndices.resize(CFGraph->getNumBlockIDs());
733 
734  for (const auto *CurrBlock : *SortedGraph) {
735  unsigned CurrBlockID = CurrBlock->getBlockID();
736  CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlockID];
737 
738  VisitedBlocks.insert(CurrBlock);
739 
740  // Calculate the entry context for the current block
741  bool HasBackEdges = false;
742  bool CtxInit = true;
743  for (CFGBlock::const_pred_iterator PI = CurrBlock->pred_begin(),
744  PE = CurrBlock->pred_end(); PI != PE; ++PI) {
745  // if *PI -> CurrBlock is a back edge, so skip it
746  if (*PI == nullptr || !VisitedBlocks.alreadySet(*PI)) {
747  HasBackEdges = true;
748  continue;
749  }
750 
751  unsigned PrevBlockID = (*PI)->getBlockID();
752  CFGBlockInfo *PrevBlockInfo = &BlockInfo[PrevBlockID];
753 
754  if (CtxInit) {
755  CurrBlockInfo->EntryContext = PrevBlockInfo->ExitContext;
756  CtxInit = false;
757  }
758  else {
759  CurrBlockInfo->EntryContext =
760  intersectContexts(CurrBlockInfo->EntryContext,
761  PrevBlockInfo->ExitContext);
762  }
763  }
764 
765  // Duplicate the context if we have back-edges, so we can call
766  // intersectBackEdges later.
767  if (HasBackEdges)
768  CurrBlockInfo->EntryContext =
769  createReferenceContext(CurrBlockInfo->EntryContext);
770 
771  // Create a starting context index for the current block
772  saveContext(nullptr, CurrBlockInfo->EntryContext);
773  CurrBlockInfo->EntryIndex = getContextIndex();
774 
775  // Visit all the statements in the basic block.
776  VarMapBuilder VMapBuilder(this, CurrBlockInfo->EntryContext);
777  for (const auto &BI : *CurrBlock) {
778  switch (BI.getKind()) {
779  case CFGElement::Statement: {
780  CFGStmt CS = BI.castAs<CFGStmt>();
781  VMapBuilder.Visit(CS.getStmt());
782  break;
783  }
784  default:
785  break;
786  }
787  }
788  CurrBlockInfo->ExitContext = VMapBuilder.Ctx;
789 
790  // Mark variables on back edges as "unknown" if they've been changed.
791  for (CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin(),
792  SE = CurrBlock->succ_end(); SI != SE; ++SI) {
793  // if CurrBlock -> *SI is *not* a back edge
794  if (*SI == nullptr || !VisitedBlocks.alreadySet(*SI))
795  continue;
796 
797  CFGBlock *FirstLoopBlock = *SI;
798  Context LoopBegin = BlockInfo[FirstLoopBlock->getBlockID()].EntryContext;
799  Context LoopEnd = CurrBlockInfo->ExitContext;
800  intersectBackEdge(LoopBegin, LoopEnd);
801  }
802  }
803 
804  // Put an extra entry at the end of the indexed context array
805  unsigned exitID = CFGraph->getExit().getBlockID();
806  saveContext(nullptr, BlockInfo[exitID].ExitContext);
807 }
808 
809 /// Find the appropriate source locations to use when producing diagnostics for
810 /// each block in the CFG.
811 static void findBlockLocations(CFG *CFGraph,
812  const PostOrderCFGView *SortedGraph,
813  std::vector<CFGBlockInfo> &BlockInfo) {
814  for (const auto *CurrBlock : *SortedGraph) {
815  CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlock->getBlockID()];
816 
817  // Find the source location of the last statement in the block, if the
818  // block is not empty.
819  if (const Stmt *S = CurrBlock->getTerminator()) {
820  CurrBlockInfo->EntryLoc = CurrBlockInfo->ExitLoc = S->getBeginLoc();
821  } else {
822  for (CFGBlock::const_reverse_iterator BI = CurrBlock->rbegin(),
823  BE = CurrBlock->rend(); BI != BE; ++BI) {
824  // FIXME: Handle other CFGElement kinds.
825  if (Optional<CFGStmt> CS = BI->getAs<CFGStmt>()) {
826  CurrBlockInfo->ExitLoc = CS->getStmt()->getBeginLoc();
827  break;
828  }
829  }
830  }
831 
832  if (CurrBlockInfo->ExitLoc.isValid()) {
833  // This block contains at least one statement. Find the source location
834  // of the first statement in the block.
835  for (const auto &BI : *CurrBlock) {
836  // FIXME: Handle other CFGElement kinds.
837  if (Optional<CFGStmt> CS = BI.getAs<CFGStmt>()) {
838  CurrBlockInfo->EntryLoc = CS->getStmt()->getBeginLoc();
839  break;
840  }
841  }
842  } else if (CurrBlock->pred_size() == 1 && *CurrBlock->pred_begin() &&
843  CurrBlock != &CFGraph->getExit()) {
844  // The block is empty, and has a single predecessor. Use its exit
845  // location.
846  CurrBlockInfo->EntryLoc = CurrBlockInfo->ExitLoc =
847  BlockInfo[(*CurrBlock->pred_begin())->getBlockID()].ExitLoc;
848  }
849  }
850 }
851 
852 namespace {
853 
854 class LockableFactEntry : public FactEntry {
855 private:
856  /// managed by ScopedLockable object
857  bool Managed;
858 
859 public:
860  LockableFactEntry(const CapabilityExpr &CE, LockKind LK, SourceLocation Loc,
861  bool Mng = false, bool Asrt = false)
862  : FactEntry(CE, LK, Loc, Asrt), Managed(Mng) {}
863 
864  void
865  handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
866  SourceLocation JoinLoc, LockErrorKind LEK,
867  ThreadSafetyHandler &Handler) const override {
868  if (!Managed && !asserted() && !negative() && !isUniversal()) {
869  Handler.handleMutexHeldEndOfScope("mutex", toString(), loc(), JoinLoc,
870  LEK);
871  }
872  }
873 
874  void handleLock(FactSet &FSet, FactManager &FactMan, const FactEntry &entry,
875  ThreadSafetyHandler &Handler,
876  StringRef DiagKind) const override {
877  Handler.handleDoubleLock(DiagKind, entry.toString(), entry.loc());
878  }
879 
880  void handleUnlock(FactSet &FSet, FactManager &FactMan,
881  const CapabilityExpr &Cp, SourceLocation UnlockLoc,
882  bool FullyRemove, ThreadSafetyHandler &Handler,
883  StringRef DiagKind) const override {
884  FSet.removeLock(FactMan, Cp);
885  if (!Cp.negative()) {
886  FSet.addLock(FactMan, llvm::make_unique<LockableFactEntry>(
887  !Cp, LK_Exclusive, UnlockLoc));
888  }
889  }
890 };
891 
892 class ScopedLockableFactEntry : public FactEntry {
893 private:
894  enum UnderlyingCapabilityKind {
895  UCK_Acquired, ///< Any kind of acquired capability.
896  UCK_ReleasedShared, ///< Shared capability that was released.
897  UCK_ReleasedExclusive, ///< Exclusive capability that was released.
898  };
899 
900  using UnderlyingCapability =
901  llvm::PointerIntPair<const til::SExpr *, 2, UnderlyingCapabilityKind>;
902 
903  SmallVector<UnderlyingCapability, 4> UnderlyingMutexes;
904 
905 public:
906  ScopedLockableFactEntry(const CapabilityExpr &CE, SourceLocation Loc)
907  : FactEntry(CE, LK_Exclusive, Loc, false) {}
908 
909  void addExclusiveLock(const CapabilityExpr &M) {
910  UnderlyingMutexes.emplace_back(M.sexpr(), UCK_Acquired);
911  }
912 
913  void addSharedLock(const CapabilityExpr &M) {
914  UnderlyingMutexes.emplace_back(M.sexpr(), UCK_Acquired);
915  }
916 
917  void addExclusiveUnlock(const CapabilityExpr &M) {
918  UnderlyingMutexes.emplace_back(M.sexpr(), UCK_ReleasedExclusive);
919  }
920 
921  void addSharedUnlock(const CapabilityExpr &M) {
922  UnderlyingMutexes.emplace_back(M.sexpr(), UCK_ReleasedShared);
923  }
924 
925  void
926  handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
927  SourceLocation JoinLoc, LockErrorKind LEK,
928  ThreadSafetyHandler &Handler) const override {
929  for (const auto &UnderlyingMutex : UnderlyingMutexes) {
930  const auto *Entry = FSet.findLock(
931  FactMan, CapabilityExpr(UnderlyingMutex.getPointer(), false));
932  if ((UnderlyingMutex.getInt() == UCK_Acquired && Entry) ||
933  (UnderlyingMutex.getInt() != UCK_Acquired && !Entry)) {
934  // If this scoped lock manages another mutex, and if the underlying
935  // mutex is still/not held, then warn about the underlying mutex.
937  "mutex", sx::toString(UnderlyingMutex.getPointer()), loc(), JoinLoc,
938  LEK);
939  }
940  }
941  }
942 
943  void handleLock(FactSet &FSet, FactManager &FactMan, const FactEntry &entry,
944  ThreadSafetyHandler &Handler,
945  StringRef DiagKind) const override {
946  for (const auto &UnderlyingMutex : UnderlyingMutexes) {
947  CapabilityExpr UnderCp(UnderlyingMutex.getPointer(), false);
948 
949  if (UnderlyingMutex.getInt() == UCK_Acquired)
950  lock(FSet, FactMan, UnderCp, entry.kind(), entry.loc(), &Handler,
951  DiagKind);
952  else
953  unlock(FSet, FactMan, UnderCp, entry.loc(), &Handler, DiagKind);
954  }
955  }
956 
957  void handleUnlock(FactSet &FSet, FactManager &FactMan,
958  const CapabilityExpr &Cp, SourceLocation UnlockLoc,
959  bool FullyRemove, ThreadSafetyHandler &Handler,
960  StringRef DiagKind) const override {
961  assert(!Cp.negative() && "Managing object cannot be negative.");
962  for (const auto &UnderlyingMutex : UnderlyingMutexes) {
963  CapabilityExpr UnderCp(UnderlyingMutex.getPointer(), false);
964 
965  // Remove/lock the underlying mutex if it exists/is still unlocked; warn
966  // on double unlocking/locking if we're not destroying the scoped object.
967  ThreadSafetyHandler *TSHandler = FullyRemove ? nullptr : &Handler;
968  if (UnderlyingMutex.getInt() == UCK_Acquired) {
969  unlock(FSet, FactMan, UnderCp, UnlockLoc, TSHandler, DiagKind);
970  } else {
971  LockKind kind = UnderlyingMutex.getInt() == UCK_ReleasedShared
972  ? LK_Shared
973  : LK_Exclusive;
974  lock(FSet, FactMan, UnderCp, kind, UnlockLoc, TSHandler, DiagKind);
975  }
976  }
977  if (FullyRemove)
978  FSet.removeLock(FactMan, Cp);
979  }
980 
981 private:
982  void lock(FactSet &FSet, FactManager &FactMan, const CapabilityExpr &Cp,
984  StringRef DiagKind) const {
985  if (!FSet.findLock(FactMan, Cp)) {
986  FSet.removeLock(FactMan, !Cp);
987  FSet.addLock(FactMan,
988  llvm::make_unique<LockableFactEntry>(Cp, kind, loc));
989  } else if (Handler) {
990  Handler->handleDoubleLock(DiagKind, Cp.toString(), loc);
991  }
992  }
993 
994  void unlock(FactSet &FSet, FactManager &FactMan, const CapabilityExpr &Cp,
995  SourceLocation loc, ThreadSafetyHandler *Handler,
996  StringRef DiagKind) const {
997  if (FSet.findLock(FactMan, Cp)) {
998  FSet.removeLock(FactMan, Cp);
999  FSet.addLock(FactMan, llvm::make_unique<LockableFactEntry>(
1000  !Cp, LK_Exclusive, loc));
1001  } else if (Handler) {
1002  Handler->handleUnmatchedUnlock(DiagKind, Cp.toString(), loc);
1003  }
1004  }
1005 };
1006 
1007 /// Class which implements the core thread safety analysis routines.
1008 class ThreadSafetyAnalyzer {
1009  friend class BuildLockset;
1010  friend class threadSafety::BeforeSet;
1011 
1012  llvm::BumpPtrAllocator Bpa;
1014  threadSafety::SExprBuilder SxBuilder;
1015 
1016  ThreadSafetyHandler &Handler;
1017  const CXXMethodDecl *CurrentMethod;
1018  LocalVariableMap LocalVarMap;
1019  FactManager FactMan;
1020  std::vector<CFGBlockInfo> BlockInfo;
1021 
1022  BeforeSet *GlobalBeforeSet;
1023 
1024 public:
1025  ThreadSafetyAnalyzer(ThreadSafetyHandler &H, BeforeSet* Bset)
1026  : Arena(&Bpa), SxBuilder(Arena), Handler(H), GlobalBeforeSet(Bset) {}
1027 
1028  bool inCurrentScope(const CapabilityExpr &CapE);
1029 
1030  void addLock(FactSet &FSet, std::unique_ptr<FactEntry> Entry,
1031  StringRef DiagKind, bool ReqAttr = false);
1032  void removeLock(FactSet &FSet, const CapabilityExpr &CapE,
1033  SourceLocation UnlockLoc, bool FullyRemove, LockKind Kind,
1034  StringRef DiagKind);
1035 
1036  template <typename AttrType>
1037  void getMutexIDs(CapExprSet &Mtxs, AttrType *Attr, const Expr *Exp,
1038  const NamedDecl *D, VarDecl *SelfDecl = nullptr);
1039 
1040  template <class AttrType>
1041  void getMutexIDs(CapExprSet &Mtxs, AttrType *Attr, const Expr *Exp,
1042  const NamedDecl *D,
1043  const CFGBlock *PredBlock, const CFGBlock *CurrBlock,
1044  Expr *BrE, bool Neg);
1045 
1046  const CallExpr* getTrylockCallExpr(const Stmt *Cond, LocalVarContext C,
1047  bool &Negate);
1048 
1049  void getEdgeLockset(FactSet &Result, const FactSet &ExitSet,
1050  const CFGBlock* PredBlock,
1051  const CFGBlock *CurrBlock);
1052 
1053  void intersectAndWarn(FactSet &FSet1, const FactSet &FSet2,
1054  SourceLocation JoinLoc,
1055  LockErrorKind LEK1, LockErrorKind LEK2,
1056  bool Modify=true);
1057 
1058  void intersectAndWarn(FactSet &FSet1, const FactSet &FSet2,
1059  SourceLocation JoinLoc, LockErrorKind LEK1,
1060  bool Modify=true) {
1061  intersectAndWarn(FSet1, FSet2, JoinLoc, LEK1, LEK1, Modify);
1062  }
1063 
1064  void runAnalysis(AnalysisDeclContext &AC);
1065 };
1066 
1067 } // namespace
1068 
1069 /// Process acquired_before and acquired_after attributes on Vd.
1070 BeforeSet::BeforeInfo* BeforeSet::insertAttrExprs(const ValueDecl* Vd,
1071  ThreadSafetyAnalyzer& Analyzer) {
1072  // Create a new entry for Vd.
1073  BeforeInfo *Info = nullptr;
1074  {
1075  // Keep InfoPtr in its own scope in case BMap is modified later and the
1076  // reference becomes invalid.
1077  std::unique_ptr<BeforeInfo> &InfoPtr = BMap[Vd];
1078  if (!InfoPtr)
1079  InfoPtr.reset(new BeforeInfo());
1080  Info = InfoPtr.get();
1081  }
1082 
1083  for (const auto *At : Vd->attrs()) {
1084  switch (At->getKind()) {
1085  case attr::AcquiredBefore: {
1086  const auto *A = cast<AcquiredBeforeAttr>(At);
1087 
1088  // Read exprs from the attribute, and add them to BeforeVect.
1089  for (const auto *Arg : A->args()) {
1090  CapabilityExpr Cp =
1091  Analyzer.SxBuilder.translateAttrExpr(Arg, nullptr);
1092  if (const ValueDecl *Cpvd = Cp.valueDecl()) {
1093  Info->Vect.push_back(Cpvd);
1094  const auto It = BMap.find(Cpvd);
1095  if (It == BMap.end())
1096  insertAttrExprs(Cpvd, Analyzer);
1097  }
1098  }
1099  break;
1100  }
1101  case attr::AcquiredAfter: {
1102  const auto *A = cast<AcquiredAfterAttr>(At);
1103 
1104  // Read exprs from the attribute, and add them to BeforeVect.
1105  for (const auto *Arg : A->args()) {
1106  CapabilityExpr Cp =
1107  Analyzer.SxBuilder.translateAttrExpr(Arg, nullptr);
1108  if (const ValueDecl *ArgVd = Cp.valueDecl()) {
1109  // Get entry for mutex listed in attribute
1110  BeforeInfo *ArgInfo = getBeforeInfoForDecl(ArgVd, Analyzer);
1111  ArgInfo->Vect.push_back(Vd);
1112  }
1113  }
1114  break;
1115  }
1116  default:
1117  break;
1118  }
1119  }
1120 
1121  return Info;
1122 }
1123 
1124 BeforeSet::BeforeInfo *
1126  ThreadSafetyAnalyzer &Analyzer) {
1127  auto It = BMap.find(Vd);
1128  BeforeInfo *Info = nullptr;
1129  if (It == BMap.end())
1130  Info = insertAttrExprs(Vd, Analyzer);
1131  else
1132  Info = It->second.get();
1133  assert(Info && "BMap contained nullptr?");
1134  return Info;
1135 }
1136 
1137 /// Return true if any mutexes in FSet are in the acquired_before set of Vd.
1139  const FactSet& FSet,
1140  ThreadSafetyAnalyzer& Analyzer,
1141  SourceLocation Loc, StringRef CapKind) {
1142  SmallVector<BeforeInfo*, 8> InfoVect;
1143 
1144  // Do a depth-first traversal of Vd.
1145  // Return true if there are cycles.
1146  std::function<bool (const ValueDecl*)> traverse = [&](const ValueDecl* Vd) {
1147  if (!Vd)
1148  return false;
1149 
1150  BeforeSet::BeforeInfo *Info = getBeforeInfoForDecl(Vd, Analyzer);
1151 
1152  if (Info->Visited == 1)
1153  return true;
1154 
1155  if (Info->Visited == 2)
1156  return false;
1157 
1158  if (Info->Vect.empty())
1159  return false;
1160 
1161  InfoVect.push_back(Info);
1162  Info->Visited = 1;
1163  for (const auto *Vdb : Info->Vect) {
1164  // Exclude mutexes in our immediate before set.
1165  if (FSet.containsMutexDecl(Analyzer.FactMan, Vdb)) {
1166  StringRef L1 = StartVd->getName();
1167  StringRef L2 = Vdb->getName();
1168  Analyzer.Handler.handleLockAcquiredBefore(CapKind, L1, L2, Loc);
1169  }
1170  // Transitively search other before sets, and warn on cycles.
1171  if (traverse(Vdb)) {
1172  if (CycMap.find(Vd) == CycMap.end()) {
1173  CycMap.insert(std::make_pair(Vd, true));
1174  StringRef L1 = Vd->getName();
1175  Analyzer.Handler.handleBeforeAfterCycle(L1, Vd->getLocation());
1176  }
1177  }
1178  }
1179  Info->Visited = 2;
1180  return false;
1181  };
1182 
1183  traverse(StartVd);
1184 
1185  for (auto *Info : InfoVect)
1186  Info->Visited = 0;
1187 }
1188 
1189 /// Gets the value decl pointer from DeclRefExprs or MemberExprs.
1190 static const ValueDecl *getValueDecl(const Expr *Exp) {
1191  if (const auto *CE = dyn_cast<ImplicitCastExpr>(Exp))
1192  return getValueDecl(CE->getSubExpr());
1193 
1194  if (const auto *DR = dyn_cast<DeclRefExpr>(Exp))
1195  return DR->getDecl();
1196 
1197  if (const auto *ME = dyn_cast<MemberExpr>(Exp))
1198  return ME->getMemberDecl();
1199 
1200  return nullptr;
1201 }
1202 
1203 namespace {
1204 
1205 template <typename Ty>
1206 class has_arg_iterator_range {
1207  using yes = char[1];
1208  using no = char[2];
1209 
1210  template <typename Inner>
1211  static yes& test(Inner *I, decltype(I->args()) * = nullptr);
1212 
1213  template <typename>
1214  static no& test(...);
1215 
1216 public:
1217  static const bool value = sizeof(test<Ty>(nullptr)) == sizeof(yes);
1218 };
1219 
1220 } // namespace
1221 
1222 static StringRef ClassifyDiagnostic(const CapabilityAttr *A) {
1223  return A->getName();
1224 }
1225 
1226 static StringRef ClassifyDiagnostic(QualType VDT) {
1227  // We need to look at the declaration of the type of the value to determine
1228  // which it is. The type should either be a record or a typedef, or a pointer
1229  // or reference thereof.
1230  if (const auto *RT = VDT->getAs<RecordType>()) {
1231  if (const auto *RD = RT->getDecl())
1232  if (const auto *CA = RD->getAttr<CapabilityAttr>())
1233  return ClassifyDiagnostic(CA);
1234  } else if (const auto *TT = VDT->getAs<TypedefType>()) {
1235  if (const auto *TD = TT->getDecl())
1236  if (const auto *CA = TD->getAttr<CapabilityAttr>())
1237  return ClassifyDiagnostic(CA);
1238  } else if (VDT->isPointerType() || VDT->isReferenceType())
1239  return ClassifyDiagnostic(VDT->getPointeeType());
1240 
1241  return "mutex";
1242 }
1243 
1244 static StringRef ClassifyDiagnostic(const ValueDecl *VD) {
1245  assert(VD && "No ValueDecl passed");
1246 
1247  // The ValueDecl is the declaration of a mutex or role (hopefully).
1248  return ClassifyDiagnostic(VD->getType());
1249 }
1250 
1251 template <typename AttrTy>
1252 static typename std::enable_if<!has_arg_iterator_range<AttrTy>::value,
1253  StringRef>::type
1254 ClassifyDiagnostic(const AttrTy *A) {
1255  if (const ValueDecl *VD = getValueDecl(A->getArg()))
1256  return ClassifyDiagnostic(VD);
1257  return "mutex";
1258 }
1259 
1260 template <typename AttrTy>
1261 static typename std::enable_if<has_arg_iterator_range<AttrTy>::value,
1262  StringRef>::type
1263 ClassifyDiagnostic(const AttrTy *A) {
1264  for (const auto *Arg : A->args()) {
1265  if (const ValueDecl *VD = getValueDecl(Arg))
1266  return ClassifyDiagnostic(VD);
1267  }
1268  return "mutex";
1269 }
1270 
1271 bool ThreadSafetyAnalyzer::inCurrentScope(const CapabilityExpr &CapE) {
1272  if (!CurrentMethod)
1273  return false;
1274  if (const auto *P = dyn_cast_or_null<til::Project>(CapE.sexpr())) {
1275  const auto *VD = P->clangDecl();
1276  if (VD)
1277  return VD->getDeclContext() == CurrentMethod->getDeclContext();
1278  }
1279  return false;
1280 }
1281 
1282 /// Add a new lock to the lockset, warning if the lock is already there.
1283 /// \param ReqAttr -- true if this is part of an initial Requires attribute.
1284 void ThreadSafetyAnalyzer::addLock(FactSet &FSet,
1285  std::unique_ptr<FactEntry> Entry,
1286  StringRef DiagKind, bool ReqAttr) {
1287  if (Entry->shouldIgnore())
1288  return;
1289 
1290  if (!ReqAttr && !Entry->negative()) {
1291  // look for the negative capability, and remove it from the fact set.
1292  CapabilityExpr NegC = !*Entry;
1293  const FactEntry *Nen = FSet.findLock(FactMan, NegC);
1294  if (Nen) {
1295  FSet.removeLock(FactMan, NegC);
1296  }
1297  else {
1298  if (inCurrentScope(*Entry) && !Entry->asserted())
1299  Handler.handleNegativeNotHeld(DiagKind, Entry->toString(),
1300  NegC.toString(), Entry->loc());
1301  }
1302  }
1303 
1304  // Check before/after constraints
1305  if (Handler.issueBetaWarnings() &&
1306  !Entry->asserted() && !Entry->declared()) {
1307  GlobalBeforeSet->checkBeforeAfter(Entry->valueDecl(), FSet, *this,
1308  Entry->loc(), DiagKind);
1309  }
1310 
1311  // FIXME: Don't always warn when we have support for reentrant locks.
1312  if (const FactEntry *Cp = FSet.findLock(FactMan, *Entry)) {
1313  if (!Entry->asserted())
1314  Cp->handleLock(FSet, FactMan, *Entry, Handler, DiagKind);
1315  } else {
1316  FSet.addLock(FactMan, std::move(Entry));
1317  }
1318 }
1319 
1320 /// Remove a lock from the lockset, warning if the lock is not there.
1321 /// \param UnlockLoc The source location of the unlock (only used in error msg)
1322 void ThreadSafetyAnalyzer::removeLock(FactSet &FSet, const CapabilityExpr &Cp,
1323  SourceLocation UnlockLoc,
1324  bool FullyRemove, LockKind ReceivedKind,
1325  StringRef DiagKind) {
1326  if (Cp.shouldIgnore())
1327  return;
1328 
1329  const FactEntry *LDat = FSet.findLock(FactMan, Cp);
1330  if (!LDat) {
1331  Handler.handleUnmatchedUnlock(DiagKind, Cp.toString(), UnlockLoc);
1332  return;
1333  }
1334 
1335  // Generic lock removal doesn't care about lock kind mismatches, but
1336  // otherwise diagnose when the lock kinds are mismatched.
1337  if (ReceivedKind != LK_Generic && LDat->kind() != ReceivedKind) {
1338  Handler.handleIncorrectUnlockKind(DiagKind, Cp.toString(),
1339  LDat->kind(), ReceivedKind, UnlockLoc);
1340  }
1341 
1342  LDat->handleUnlock(FSet, FactMan, Cp, UnlockLoc, FullyRemove, Handler,
1343  DiagKind);
1344 }
1345 
1346 /// Extract the list of mutexIDs from the attribute on an expression,
1347 /// and push them onto Mtxs, discarding any duplicates.
1348 template <typename AttrType>
1349 void ThreadSafetyAnalyzer::getMutexIDs(CapExprSet &Mtxs, AttrType *Attr,
1350  const Expr *Exp, const NamedDecl *D,
1351  VarDecl *SelfDecl) {
1352  if (Attr->args_size() == 0) {
1353  // The mutex held is the "this" object.
1354  CapabilityExpr Cp = SxBuilder.translateAttrExpr(nullptr, D, Exp, SelfDecl);
1355  if (Cp.isInvalid()) {
1356  warnInvalidLock(Handler, nullptr, D, Exp, ClassifyDiagnostic(Attr));
1357  return;
1358  }
1359  //else
1360  if (!Cp.shouldIgnore())
1361  Mtxs.push_back_nodup(Cp);
1362  return;
1363  }
1364 
1365  for (const auto *Arg : Attr->args()) {
1366  CapabilityExpr Cp = SxBuilder.translateAttrExpr(Arg, D, Exp, SelfDecl);
1367  if (Cp.isInvalid()) {
1368  warnInvalidLock(Handler, nullptr, D, Exp, ClassifyDiagnostic(Attr));
1369  continue;
1370  }
1371  //else
1372  if (!Cp.shouldIgnore())
1373  Mtxs.push_back_nodup(Cp);
1374  }
1375 }
1376 
1377 /// Extract the list of mutexIDs from a trylock attribute. If the
1378 /// trylock applies to the given edge, then push them onto Mtxs, discarding
1379 /// any duplicates.
1380 template <class AttrType>
1381 void ThreadSafetyAnalyzer::getMutexIDs(CapExprSet &Mtxs, AttrType *Attr,
1382  const Expr *Exp, const NamedDecl *D,
1383  const CFGBlock *PredBlock,
1384  const CFGBlock *CurrBlock,
1385  Expr *BrE, bool Neg) {
1386  // Find out which branch has the lock
1387  bool branch = false;
1388  if (const auto *BLE = dyn_cast_or_null<CXXBoolLiteralExpr>(BrE))
1389  branch = BLE->getValue();
1390  else if (const auto *ILE = dyn_cast_or_null<IntegerLiteral>(BrE))
1391  branch = ILE->getValue().getBoolValue();
1392 
1393  int branchnum = branch ? 0 : 1;
1394  if (Neg)
1395  branchnum = !branchnum;
1396 
1397  // If we've taken the trylock branch, then add the lock
1398  int i = 0;
1399  for (CFGBlock::const_succ_iterator SI = PredBlock->succ_begin(),
1400  SE = PredBlock->succ_end(); SI != SE && i < 2; ++SI, ++i) {
1401  if (*SI == CurrBlock && i == branchnum)
1402  getMutexIDs(Mtxs, Attr, Exp, D);
1403  }
1404 }
1405 
1406 static bool getStaticBooleanValue(Expr *E, bool &TCond) {
1407  if (isa<CXXNullPtrLiteralExpr>(E) || isa<GNUNullExpr>(E)) {
1408  TCond = false;
1409  return true;
1410  } else if (const auto *BLE = dyn_cast<CXXBoolLiteralExpr>(E)) {
1411  TCond = BLE->getValue();
1412  return true;
1413  } else if (const auto *ILE = dyn_cast<IntegerLiteral>(E)) {
1414  TCond = ILE->getValue().getBoolValue();
1415  return true;
1416  } else if (auto *CE = dyn_cast<ImplicitCastExpr>(E))
1417  return getStaticBooleanValue(CE->getSubExpr(), TCond);
1418  return false;
1419 }
1420 
1421 // If Cond can be traced back to a function call, return the call expression.
1422 // The negate variable should be called with false, and will be set to true
1423 // if the function call is negated, e.g. if (!mu.tryLock(...))
1424 const CallExpr* ThreadSafetyAnalyzer::getTrylockCallExpr(const Stmt *Cond,
1425  LocalVarContext C,
1426  bool &Negate) {
1427  if (!Cond)
1428  return nullptr;
1429 
1430  if (const auto *CallExp = dyn_cast<CallExpr>(Cond)) {
1431  if (CallExp->getBuiltinCallee() == Builtin::BI__builtin_expect)
1432  return getTrylockCallExpr(CallExp->getArg(0), C, Negate);
1433  return CallExp;
1434  }
1435  else if (const auto *PE = dyn_cast<ParenExpr>(Cond))
1436  return getTrylockCallExpr(PE->getSubExpr(), C, Negate);
1437  else if (const auto *CE = dyn_cast<ImplicitCastExpr>(Cond))
1438  return getTrylockCallExpr(CE->getSubExpr(), C, Negate);
1439  else if (const auto *FE = dyn_cast<FullExpr>(Cond))
1440  return getTrylockCallExpr(FE->getSubExpr(), C, Negate);
1441  else if (const auto *DRE = dyn_cast<DeclRefExpr>(Cond)) {
1442  const Expr *E = LocalVarMap.lookupExpr(DRE->getDecl(), C);
1443  return getTrylockCallExpr(E, C, Negate);
1444  }
1445  else if (const auto *UOP = dyn_cast<UnaryOperator>(Cond)) {
1446  if (UOP->getOpcode() == UO_LNot) {
1447  Negate = !Negate;
1448  return getTrylockCallExpr(UOP->getSubExpr(), C, Negate);
1449  }
1450  return nullptr;
1451  }
1452  else if (const auto *BOP = dyn_cast<BinaryOperator>(Cond)) {
1453  if (BOP->getOpcode() == BO_EQ || BOP->getOpcode() == BO_NE) {
1454  if (BOP->getOpcode() == BO_NE)
1455  Negate = !Negate;
1456 
1457  bool TCond = false;
1458  if (getStaticBooleanValue(BOP->getRHS(), TCond)) {
1459  if (!TCond) Negate = !Negate;
1460  return getTrylockCallExpr(BOP->getLHS(), C, Negate);
1461  }
1462  TCond = false;
1463  if (getStaticBooleanValue(BOP->getLHS(), TCond)) {
1464  if (!TCond) Negate = !Negate;
1465  return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1466  }
1467  return nullptr;
1468  }
1469  if (BOP->getOpcode() == BO_LAnd) {
1470  // LHS must have been evaluated in a different block.
1471  return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1472  }
1473  if (BOP->getOpcode() == BO_LOr)
1474  return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1475  return nullptr;
1476  } else if (const auto *COP = dyn_cast<ConditionalOperator>(Cond)) {
1477  bool TCond, FCond;
1478  if (getStaticBooleanValue(COP->getTrueExpr(), TCond) &&
1479  getStaticBooleanValue(COP->getFalseExpr(), FCond)) {
1480  if (TCond && !FCond)
1481  return getTrylockCallExpr(COP->getCond(), C, Negate);
1482  if (!TCond && FCond) {
1483  Negate = !Negate;
1484  return getTrylockCallExpr(COP->getCond(), C, Negate);
1485  }
1486  }
1487  }
1488  return nullptr;
1489 }
1490 
1491 /// Find the lockset that holds on the edge between PredBlock
1492 /// and CurrBlock. The edge set is the exit set of PredBlock (passed
1493 /// as the ExitSet parameter) plus any trylocks, which are conditionally held.
1494 void ThreadSafetyAnalyzer::getEdgeLockset(FactSet& Result,
1495  const FactSet &ExitSet,
1496  const CFGBlock *PredBlock,
1497  const CFGBlock *CurrBlock) {
1498  Result = ExitSet;
1499 
1500  const Stmt *Cond = PredBlock->getTerminatorCondition();
1501  // We don't acquire try-locks on ?: branches, only when its result is used.
1502  if (!Cond || isa<ConditionalOperator>(PredBlock->getTerminator()))
1503  return;
1504 
1505  bool Negate = false;
1506  const CFGBlockInfo *PredBlockInfo = &BlockInfo[PredBlock->getBlockID()];
1507  const LocalVarContext &LVarCtx = PredBlockInfo->ExitContext;
1508  StringRef CapDiagKind = "mutex";
1509 
1510  const auto *Exp = getTrylockCallExpr(Cond, LVarCtx, Negate);
1511  if (!Exp)
1512  return;
1513 
1514  auto *FunDecl = dyn_cast_or_null<NamedDecl>(Exp->getCalleeDecl());
1515  if(!FunDecl || !FunDecl->hasAttrs())
1516  return;
1517 
1518  CapExprSet ExclusiveLocksToAdd;
1519  CapExprSet SharedLocksToAdd;
1520 
1521  // If the condition is a call to a Trylock function, then grab the attributes
1522  for (const auto *Attr : FunDecl->attrs()) {
1523  switch (Attr->getKind()) {
1524  case attr::TryAcquireCapability: {
1525  auto *A = cast<TryAcquireCapabilityAttr>(Attr);
1526  getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
1527  Exp, FunDecl, PredBlock, CurrBlock, A->getSuccessValue(),
1528  Negate);
1529  CapDiagKind = ClassifyDiagnostic(A);
1530  break;
1531  };
1532  case attr::ExclusiveTrylockFunction: {
1533  const auto *A = cast<ExclusiveTrylockFunctionAttr>(Attr);
1534  getMutexIDs(ExclusiveLocksToAdd, A, Exp, FunDecl,
1535  PredBlock, CurrBlock, A->getSuccessValue(), Negate);
1536  CapDiagKind = ClassifyDiagnostic(A);
1537  break;
1538  }
1539  case attr::SharedTrylockFunction: {
1540  const auto *A = cast<SharedTrylockFunctionAttr>(Attr);
1541  getMutexIDs(SharedLocksToAdd, A, Exp, FunDecl,
1542  PredBlock, CurrBlock, A->getSuccessValue(), Negate);
1543  CapDiagKind = ClassifyDiagnostic(A);
1544  break;
1545  }
1546  default:
1547  break;
1548  }
1549  }
1550 
1551  // Add and remove locks.
1552  SourceLocation Loc = Exp->getExprLoc();
1553  for (const auto &ExclusiveLockToAdd : ExclusiveLocksToAdd)
1554  addLock(Result, llvm::make_unique<LockableFactEntry>(ExclusiveLockToAdd,
1555  LK_Exclusive, Loc),
1556  CapDiagKind);
1557  for (const auto &SharedLockToAdd : SharedLocksToAdd)
1558  addLock(Result, llvm::make_unique<LockableFactEntry>(SharedLockToAdd,
1559  LK_Shared, Loc),
1560  CapDiagKind);
1561 }
1562 
1563 namespace {
1564 
1565 /// We use this class to visit different types of expressions in
1566 /// CFGBlocks, and build up the lockset.
1567 /// An expression may cause us to add or remove locks from the lockset, or else
1568 /// output error messages related to missing locks.
1569 /// FIXME: In future, we may be able to not inherit from a visitor.
1570 class BuildLockset : public ConstStmtVisitor<BuildLockset> {
1571  friend class ThreadSafetyAnalyzer;
1572 
1573  ThreadSafetyAnalyzer *Analyzer;
1574  FactSet FSet;
1575  LocalVariableMap::Context LVarCtx;
1576  unsigned CtxIndex;
1577 
1578  // helper functions
1579  void warnIfMutexNotHeld(const NamedDecl *D, const Expr *Exp, AccessKind AK,
1580  Expr *MutexExp, ProtectedOperationKind POK,
1581  StringRef DiagKind, SourceLocation Loc);
1582  void warnIfMutexHeld(const NamedDecl *D, const Expr *Exp, Expr *MutexExp,
1583  StringRef DiagKind);
1584 
1585  void checkAccess(const Expr *Exp, AccessKind AK,
1587  void checkPtAccess(const Expr *Exp, AccessKind AK,
1589 
1590  void handleCall(const Expr *Exp, const NamedDecl *D, VarDecl *VD = nullptr);
1591  void examineArguments(const FunctionDecl *FD,
1594  bool SkipFirstParam = false);
1595 
1596 public:
1597  BuildLockset(ThreadSafetyAnalyzer *Anlzr, CFGBlockInfo &Info)
1598  : ConstStmtVisitor<BuildLockset>(), Analyzer(Anlzr), FSet(Info.EntrySet),
1599  LVarCtx(Info.EntryContext), CtxIndex(Info.EntryIndex) {}
1600 
1601  void VisitUnaryOperator(const UnaryOperator *UO);
1602  void VisitBinaryOperator(const BinaryOperator *BO);
1603  void VisitCastExpr(const CastExpr *CE);
1604  void VisitCallExpr(const CallExpr *Exp);
1605  void VisitCXXConstructExpr(const CXXConstructExpr *Exp);
1606  void VisitDeclStmt(const DeclStmt *S);
1607 };
1608 
1609 } // namespace
1610 
1611 /// Warn if the LSet does not contain a lock sufficient to protect access
1612 /// of at least the passed in AccessKind.
1613 void BuildLockset::warnIfMutexNotHeld(const NamedDecl *D, const Expr *Exp,
1614  AccessKind AK, Expr *MutexExp,
1616  StringRef DiagKind, SourceLocation Loc) {
1618 
1619  CapabilityExpr Cp = Analyzer->SxBuilder.translateAttrExpr(MutexExp, D, Exp);
1620  if (Cp.isInvalid()) {
1621  warnInvalidLock(Analyzer->Handler, MutexExp, D, Exp, DiagKind);
1622  return;
1623  } else if (Cp.shouldIgnore()) {
1624  return;
1625  }
1626 
1627  if (Cp.negative()) {
1628  // Negative capabilities act like locks excluded
1629  const FactEntry *LDat = FSet.findLock(Analyzer->FactMan, !Cp);
1630  if (LDat) {
1631  Analyzer->Handler.handleFunExcludesLock(
1632  DiagKind, D->getNameAsString(), (!Cp).toString(), Loc);
1633  return;
1634  }
1635 
1636  // If this does not refer to a negative capability in the same class,
1637  // then stop here.
1638  if (!Analyzer->inCurrentScope(Cp))
1639  return;
1640 
1641  // Otherwise the negative requirement must be propagated to the caller.
1642  LDat = FSet.findLock(Analyzer->FactMan, Cp);
1643  if (!LDat) {
1644  Analyzer->Handler.handleMutexNotHeld("", D, POK, Cp.toString(),
1645  LK_Shared, Loc);
1646  }
1647  return;
1648  }
1649 
1650  const FactEntry *LDat = FSet.findLockUniv(Analyzer->FactMan, Cp);
1651  bool NoError = true;
1652  if (!LDat) {
1653  // No exact match found. Look for a partial match.
1654  LDat = FSet.findPartialMatch(Analyzer->FactMan, Cp);
1655  if (LDat) {
1656  // Warn that there's no precise match.
1657  std::string PartMatchStr = LDat->toString();
1658  StringRef PartMatchName(PartMatchStr);
1659  Analyzer->Handler.handleMutexNotHeld(DiagKind, D, POK, Cp.toString(),
1660  LK, Loc, &PartMatchName);
1661  } else {
1662  // Warn that there's no match at all.
1663  Analyzer->Handler.handleMutexNotHeld(DiagKind, D, POK, Cp.toString(),
1664  LK, Loc);
1665  }
1666  NoError = false;
1667  }
1668  // Make sure the mutex we found is the right kind.
1669  if (NoError && LDat && !LDat->isAtLeast(LK)) {
1670  Analyzer->Handler.handleMutexNotHeld(DiagKind, D, POK, Cp.toString(),
1671  LK, Loc);
1672  }
1673 }
1674 
1675 /// Warn if the LSet contains the given lock.
1676 void BuildLockset::warnIfMutexHeld(const NamedDecl *D, const Expr *Exp,
1677  Expr *MutexExp, StringRef DiagKind) {
1678  CapabilityExpr Cp = Analyzer->SxBuilder.translateAttrExpr(MutexExp, D, Exp);
1679  if (Cp.isInvalid()) {
1680  warnInvalidLock(Analyzer->Handler, MutexExp, D, Exp, DiagKind);
1681  return;
1682  } else if (Cp.shouldIgnore()) {
1683  return;
1684  }
1685 
1686  const FactEntry *LDat = FSet.findLock(Analyzer->FactMan, Cp);
1687  if (LDat) {
1688  Analyzer->Handler.handleFunExcludesLock(
1689  DiagKind, D->getNameAsString(), Cp.toString(), Exp->getExprLoc());
1690  }
1691 }
1692 
1693 /// Checks guarded_by and pt_guarded_by attributes.
1694 /// Whenever we identify an access (read or write) to a DeclRefExpr that is
1695 /// marked with guarded_by, we must ensure the appropriate mutexes are held.
1696 /// Similarly, we check if the access is to an expression that dereferences
1697 /// a pointer marked with pt_guarded_by.
1698 void BuildLockset::checkAccess(const Expr *Exp, AccessKind AK,
1699  ProtectedOperationKind POK) {
1700  Exp = Exp->IgnoreImplicit()->IgnoreParenCasts();
1701 
1702  SourceLocation Loc = Exp->getExprLoc();
1703 
1704  // Local variables of reference type cannot be re-assigned;
1705  // map them to their initializer.
1706  while (const auto *DRE = dyn_cast<DeclRefExpr>(Exp)) {
1707  const auto *VD = dyn_cast<VarDecl>(DRE->getDecl()->getCanonicalDecl());
1708  if (VD && VD->isLocalVarDecl() && VD->getType()->isReferenceType()) {
1709  if (const auto *E = VD->getInit()) {
1710  // Guard against self-initialization. e.g., int &i = i;
1711  if (E == Exp)
1712  break;
1713  Exp = E;
1714  continue;
1715  }
1716  }
1717  break;
1718  }
1719 
1720  if (const auto *UO = dyn_cast<UnaryOperator>(Exp)) {
1721  // For dereferences
1722  if (UO->getOpcode() == UO_Deref)
1723  checkPtAccess(UO->getSubExpr(), AK, POK);
1724  return;
1725  }
1726 
1727  if (const auto *AE = dyn_cast<ArraySubscriptExpr>(Exp)) {
1728  checkPtAccess(AE->getLHS(), AK, POK);
1729  return;
1730  }
1731 
1732  if (const auto *ME = dyn_cast<MemberExpr>(Exp)) {
1733  if (ME->isArrow())
1734  checkPtAccess(ME->getBase(), AK, POK);
1735  else
1736  checkAccess(ME->getBase(), AK, POK);
1737  }
1738 
1739  const ValueDecl *D = getValueDecl(Exp);
1740  if (!D || !D->hasAttrs())
1741  return;
1742 
1743  if (D->hasAttr<GuardedVarAttr>() && FSet.isEmpty(Analyzer->FactMan)) {
1744  Analyzer->Handler.handleNoMutexHeld("mutex", D, POK, AK, Loc);
1745  }
1746 
1747  for (const auto *I : D->specific_attrs<GuardedByAttr>())
1748  warnIfMutexNotHeld(D, Exp, AK, I->getArg(), POK,
1749  ClassifyDiagnostic(I), Loc);
1750 }
1751 
1752 /// Checks pt_guarded_by and pt_guarded_var attributes.
1753 /// POK is the same operationKind that was passed to checkAccess.
1754 void BuildLockset::checkPtAccess(const Expr *Exp, AccessKind AK,
1755  ProtectedOperationKind POK) {
1756  while (true) {
1757  if (const auto *PE = dyn_cast<ParenExpr>(Exp)) {
1758  Exp = PE->getSubExpr();
1759  continue;
1760  }
1761  if (const auto *CE = dyn_cast<CastExpr>(Exp)) {
1762  if (CE->getCastKind() == CK_ArrayToPointerDecay) {
1763  // If it's an actual array, and not a pointer, then it's elements
1764  // are protected by GUARDED_BY, not PT_GUARDED_BY;
1765  checkAccess(CE->getSubExpr(), AK, POK);
1766  return;
1767  }
1768  Exp = CE->getSubExpr();
1769  continue;
1770  }
1771  break;
1772  }
1773 
1774  // Pass by reference warnings are under a different flag.
1776  if (POK == POK_PassByRef) PtPOK = POK_PtPassByRef;
1777 
1778  const ValueDecl *D = getValueDecl(Exp);
1779  if (!D || !D->hasAttrs())
1780  return;
1781 
1782  if (D->hasAttr<PtGuardedVarAttr>() && FSet.isEmpty(Analyzer->FactMan))
1783  Analyzer->Handler.handleNoMutexHeld("mutex", D, PtPOK, AK,
1784  Exp->getExprLoc());
1785 
1786  for (auto const *I : D->specific_attrs<PtGuardedByAttr>())
1787  warnIfMutexNotHeld(D, Exp, AK, I->getArg(), PtPOK,
1788  ClassifyDiagnostic(I), Exp->getExprLoc());
1789 }
1790 
1791 /// Process a function call, method call, constructor call,
1792 /// or destructor call. This involves looking at the attributes on the
1793 /// corresponding function/method/constructor/destructor, issuing warnings,
1794 /// and updating the locksets accordingly.
1795 ///
1796 /// FIXME: For classes annotated with one of the guarded annotations, we need
1797 /// to treat const method calls as reads and non-const method calls as writes,
1798 /// and check that the appropriate locks are held. Non-const method calls with
1799 /// the same signature as const method calls can be also treated as reads.
1800 ///
1801 void BuildLockset::handleCall(const Expr *Exp, const NamedDecl *D,
1802  VarDecl *VD) {
1803  SourceLocation Loc = Exp->getExprLoc();
1804  CapExprSet ExclusiveLocksToAdd, SharedLocksToAdd;
1805  CapExprSet ExclusiveLocksToRemove, SharedLocksToRemove, GenericLocksToRemove;
1806  CapExprSet ScopedExclusiveReqs, ScopedSharedReqs;
1807  StringRef CapDiagKind = "mutex";
1808 
1809  // Figure out if we're constructing an object of scoped lockable class
1810  bool isScopedVar = false;
1811  if (VD) {
1812  if (const auto *CD = dyn_cast<const CXXConstructorDecl>(D)) {
1813  const CXXRecordDecl* PD = CD->getParent();
1814  if (PD && PD->hasAttr<ScopedLockableAttr>())
1815  isScopedVar = true;
1816  }
1817  }
1818 
1819  for(const Attr *At : D->attrs()) {
1820  switch (At->getKind()) {
1821  // When we encounter a lock function, we need to add the lock to our
1822  // lockset.
1823  case attr::AcquireCapability: {
1824  const auto *A = cast<AcquireCapabilityAttr>(At);
1825  Analyzer->getMutexIDs(A->isShared() ? SharedLocksToAdd
1826  : ExclusiveLocksToAdd,
1827  A, Exp, D, VD);
1828 
1829  CapDiagKind = ClassifyDiagnostic(A);
1830  break;
1831  }
1832 
1833  // An assert will add a lock to the lockset, but will not generate
1834  // a warning if it is already there, and will not generate a warning
1835  // if it is not removed.
1836  case attr::AssertExclusiveLock: {
1837  const auto *A = cast<AssertExclusiveLockAttr>(At);
1838 
1839  CapExprSet AssertLocks;
1840  Analyzer->getMutexIDs(AssertLocks, A, Exp, D, VD);
1841  for (const auto &AssertLock : AssertLocks)
1842  Analyzer->addLock(FSet,
1843  llvm::make_unique<LockableFactEntry>(
1844  AssertLock, LK_Exclusive, Loc, false, true),
1845  ClassifyDiagnostic(A));
1846  break;
1847  }
1848  case attr::AssertSharedLock: {
1849  const auto *A = cast<AssertSharedLockAttr>(At);
1850 
1851  CapExprSet AssertLocks;
1852  Analyzer->getMutexIDs(AssertLocks, A, Exp, D, VD);
1853  for (const auto &AssertLock : AssertLocks)
1854  Analyzer->addLock(FSet,
1855  llvm::make_unique<LockableFactEntry>(
1856  AssertLock, LK_Shared, Loc, false, true),
1857  ClassifyDiagnostic(A));
1858  break;
1859  }
1860 
1861  case attr::AssertCapability: {
1862  const auto *A = cast<AssertCapabilityAttr>(At);
1863  CapExprSet AssertLocks;
1864  Analyzer->getMutexIDs(AssertLocks, A, Exp, D, VD);
1865  for (const auto &AssertLock : AssertLocks)
1866  Analyzer->addLock(FSet,
1867  llvm::make_unique<LockableFactEntry>(
1868  AssertLock,
1869  A->isShared() ? LK_Shared : LK_Exclusive, Loc,
1870  false, true),
1871  ClassifyDiagnostic(A));
1872  break;
1873  }
1874 
1875  // When we encounter an unlock function, we need to remove unlocked
1876  // mutexes from the lockset, and flag a warning if they are not there.
1877  case attr::ReleaseCapability: {
1878  const auto *A = cast<ReleaseCapabilityAttr>(At);
1879  if (A->isGeneric())
1880  Analyzer->getMutexIDs(GenericLocksToRemove, A, Exp, D, VD);
1881  else if (A->isShared())
1882  Analyzer->getMutexIDs(SharedLocksToRemove, A, Exp, D, VD);
1883  else
1884  Analyzer->getMutexIDs(ExclusiveLocksToRemove, A, Exp, D, VD);
1885 
1886  CapDiagKind = ClassifyDiagnostic(A);
1887  break;
1888  }
1889 
1890  case attr::RequiresCapability: {
1891  const auto *A = cast<RequiresCapabilityAttr>(At);
1892  for (auto *Arg : A->args()) {
1893  warnIfMutexNotHeld(D, Exp, A->isShared() ? AK_Read : AK_Written, Arg,
1895  Exp->getExprLoc());
1896  // use for adopting a lock
1897  if (isScopedVar) {
1898  Analyzer->getMutexIDs(A->isShared() ? ScopedSharedReqs
1899  : ScopedExclusiveReqs,
1900  A, Exp, D, VD);
1901  }
1902  }
1903  break;
1904  }
1905 
1906  case attr::LocksExcluded: {
1907  const auto *A = cast<LocksExcludedAttr>(At);
1908  for (auto *Arg : A->args())
1909  warnIfMutexHeld(D, Exp, Arg, ClassifyDiagnostic(A));
1910  break;
1911  }
1912 
1913  // Ignore attributes unrelated to thread-safety
1914  default:
1915  break;
1916  }
1917  }
1918 
1919  // Remove locks first to allow lock upgrading/downgrading.
1920  // FIXME -- should only fully remove if the attribute refers to 'this'.
1921  bool Dtor = isa<CXXDestructorDecl>(D);
1922  for (const auto &M : ExclusiveLocksToRemove)
1923  Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Exclusive, CapDiagKind);
1924  for (const auto &M : SharedLocksToRemove)
1925  Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Shared, CapDiagKind);
1926  for (const auto &M : GenericLocksToRemove)
1927  Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Generic, CapDiagKind);
1928 
1929  // Add locks.
1930  for (const auto &M : ExclusiveLocksToAdd)
1931  Analyzer->addLock(FSet, llvm::make_unique<LockableFactEntry>(
1932  M, LK_Exclusive, Loc, isScopedVar),
1933  CapDiagKind);
1934  for (const auto &M : SharedLocksToAdd)
1935  Analyzer->addLock(FSet, llvm::make_unique<LockableFactEntry>(
1936  M, LK_Shared, Loc, isScopedVar),
1937  CapDiagKind);
1938 
1939  if (isScopedVar) {
1940  // Add the managing object as a dummy mutex, mapped to the underlying mutex.
1941  SourceLocation MLoc = VD->getLocation();
1942  DeclRefExpr DRE(VD->getASTContext(), VD, false, VD->getType(), VK_LValue,
1943  VD->getLocation());
1944  // FIXME: does this store a pointer to DRE?
1945  CapabilityExpr Scp = Analyzer->SxBuilder.translateAttrExpr(&DRE, nullptr);
1946 
1947  auto ScopedEntry = llvm::make_unique<ScopedLockableFactEntry>(Scp, MLoc);
1948  for (const auto &M : ExclusiveLocksToAdd)
1949  ScopedEntry->addExclusiveLock(M);
1950  for (const auto &M : ScopedExclusiveReqs)
1951  ScopedEntry->addExclusiveLock(M);
1952  for (const auto &M : SharedLocksToAdd)
1953  ScopedEntry->addSharedLock(M);
1954  for (const auto &M : ScopedSharedReqs)
1955  ScopedEntry->addSharedLock(M);
1956  for (const auto &M : ExclusiveLocksToRemove)
1957  ScopedEntry->addExclusiveUnlock(M);
1958  for (const auto &M : SharedLocksToRemove)
1959  ScopedEntry->addSharedUnlock(M);
1960  Analyzer->addLock(FSet, std::move(ScopedEntry), CapDiagKind);
1961  }
1962 }
1963 
1964 /// For unary operations which read and write a variable, we need to
1965 /// check whether we hold any required mutexes. Reads are checked in
1966 /// VisitCastExpr.
1967 void BuildLockset::VisitUnaryOperator(const UnaryOperator *UO) {
1968  switch (UO->getOpcode()) {
1969  case UO_PostDec:
1970  case UO_PostInc:
1971  case UO_PreDec:
1972  case UO_PreInc:
1973  checkAccess(UO->getSubExpr(), AK_Written);
1974  break;
1975  default:
1976  break;
1977  }
1978 }
1979 
1980 /// For binary operations which assign to a variable (writes), we need to check
1981 /// whether we hold any required mutexes.
1982 /// FIXME: Deal with non-primitive types.
1983 void BuildLockset::VisitBinaryOperator(const BinaryOperator *BO) {
1984  if (!BO->isAssignmentOp())
1985  return;
1986 
1987  // adjust the context
1988  LVarCtx = Analyzer->LocalVarMap.getNextContext(CtxIndex, BO, LVarCtx);
1989 
1990  checkAccess(BO->getLHS(), AK_Written);
1991 }
1992 
1993 /// Whenever we do an LValue to Rvalue cast, we are reading a variable and
1994 /// need to ensure we hold any required mutexes.
1995 /// FIXME: Deal with non-primitive types.
1996 void BuildLockset::VisitCastExpr(const CastExpr *CE) {
1997  if (CE->getCastKind() != CK_LValueToRValue)
1998  return;
1999  checkAccess(CE->getSubExpr(), AK_Read);
2000 }
2001 
2002 void BuildLockset::examineArguments(const FunctionDecl *FD,
2005  bool SkipFirstParam) {
2006  // Currently we can't do anything if we don't know the function declaration.
2007  if (!FD)
2008  return;
2009 
2010  // NO_THREAD_SAFETY_ANALYSIS does double duty here. Normally it
2011  // only turns off checking within the body of a function, but we also
2012  // use it to turn off checking in arguments to the function. This
2013  // could result in some false negatives, but the alternative is to
2014  // create yet another attribute.
2015  if (FD->hasAttr<NoThreadSafetyAnalysisAttr>())
2016  return;
2017 
2018  const ArrayRef<ParmVarDecl *> Params = FD->parameters();
2019  auto Param = Params.begin();
2020  if (SkipFirstParam)
2021  ++Param;
2022 
2023  // There can be default arguments, so we stop when one iterator is at end().
2024  for (auto Arg = ArgBegin; Param != Params.end() && Arg != ArgEnd;
2025  ++Param, ++Arg) {
2026  QualType Qt = (*Param)->getType();
2027  if (Qt->isReferenceType())
2028  checkAccess(*Arg, AK_Read, POK_PassByRef);
2029  }
2030 }
2031 
2032 void BuildLockset::VisitCallExpr(const CallExpr *Exp) {
2033  if (const auto *CE = dyn_cast<CXXMemberCallExpr>(Exp)) {
2034  const auto *ME = dyn_cast<MemberExpr>(CE->getCallee());
2035  // ME can be null when calling a method pointer
2036  const CXXMethodDecl *MD = CE->getMethodDecl();
2037 
2038  if (ME && MD) {
2039  if (ME->isArrow()) {
2040  if (MD->isConst())
2041  checkPtAccess(CE->getImplicitObjectArgument(), AK_Read);
2042  else // FIXME -- should be AK_Written
2043  checkPtAccess(CE->getImplicitObjectArgument(), AK_Read);
2044  } else {
2045  if (MD->isConst())
2046  checkAccess(CE->getImplicitObjectArgument(), AK_Read);
2047  else // FIXME -- should be AK_Written
2048  checkAccess(CE->getImplicitObjectArgument(), AK_Read);
2049  }
2050  }
2051 
2052  examineArguments(CE->getDirectCallee(), CE->arg_begin(), CE->arg_end());
2053  } else if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(Exp)) {
2054  auto OEop = OE->getOperator();
2055  switch (OEop) {
2056  case OO_Equal: {
2057  const Expr *Target = OE->getArg(0);
2058  const Expr *Source = OE->getArg(1);
2059  checkAccess(Target, AK_Written);
2060  checkAccess(Source, AK_Read);
2061  break;
2062  }
2063  case OO_Star:
2064  case OO_Arrow:
2065  case OO_Subscript:
2066  if (!(OEop == OO_Star && OE->getNumArgs() > 1)) {
2067  // Grrr. operator* can be multiplication...
2068  checkPtAccess(OE->getArg(0), AK_Read);
2069  }
2070  LLVM_FALLTHROUGH;
2071  default: {
2072  // TODO: get rid of this, and rely on pass-by-ref instead.
2073  const Expr *Obj = OE->getArg(0);
2074  checkAccess(Obj, AK_Read);
2075  // Check the remaining arguments. For method operators, the first
2076  // argument is the implicit self argument, and doesn't appear in the
2077  // FunctionDecl, but for non-methods it does.
2078  const FunctionDecl *FD = OE->getDirectCallee();
2079  examineArguments(FD, std::next(OE->arg_begin()), OE->arg_end(),
2080  /*SkipFirstParam*/ !isa<CXXMethodDecl>(FD));
2081  break;
2082  }
2083  }
2084  } else {
2085  examineArguments(Exp->getDirectCallee(), Exp->arg_begin(), Exp->arg_end());
2086  }
2087 
2088  auto *D = dyn_cast_or_null<NamedDecl>(Exp->getCalleeDecl());
2089  if(!D || !D->hasAttrs())
2090  return;
2091  handleCall(Exp, D);
2092 }
2093 
2094 void BuildLockset::VisitCXXConstructExpr(const CXXConstructExpr *Exp) {
2095  const CXXConstructorDecl *D = Exp->getConstructor();
2096  if (D && D->isCopyConstructor()) {
2097  const Expr* Source = Exp->getArg(0);
2098  checkAccess(Source, AK_Read);
2099  } else {
2100  examineArguments(D, Exp->arg_begin(), Exp->arg_end());
2101  }
2102 }
2103 
2104 static CXXConstructorDecl *
2106  // Prefer a move constructor over a copy constructor. If there's more than
2107  // one copy constructor or more than one move constructor, we arbitrarily
2108  // pick the first declared such constructor rather than trying to guess which
2109  // one is more appropriate.
2110  CXXConstructorDecl *CopyCtor = nullptr;
2111  for (auto *Ctor : RD->ctors()) {
2112  if (Ctor->isDeleted())
2113  continue;
2114  if (Ctor->isMoveConstructor())
2115  return Ctor;
2116  if (!CopyCtor && Ctor->isCopyConstructor())
2117  CopyCtor = Ctor;
2118  }
2119  return CopyCtor;
2120 }
2121 
2123  SourceLocation Loc) {
2124  ASTContext &Ctx = CD->getASTContext();
2125  return CXXConstructExpr::Create(Ctx, Ctx.getRecordType(CD->getParent()), Loc,
2126  CD, true, Args, false, false, false, false,
2128  SourceRange(Loc, Loc));
2129 }
2130 
2131 void BuildLockset::VisitDeclStmt(const DeclStmt *S) {
2132  // adjust the context
2133  LVarCtx = Analyzer->LocalVarMap.getNextContext(CtxIndex, S, LVarCtx);
2134 
2135  for (auto *D : S->getDeclGroup()) {
2136  if (auto *VD = dyn_cast_or_null<VarDecl>(D)) {
2137  Expr *E = VD->getInit();
2138  if (!E)
2139  continue;
2140  E = E->IgnoreParens();
2141 
2142  // handle constructors that involve temporaries
2143  if (auto *EWC = dyn_cast<ExprWithCleanups>(E))
2144  E = EWC->getSubExpr();
2145  if (auto *BTE = dyn_cast<CXXBindTemporaryExpr>(E))
2146  E = BTE->getSubExpr();
2147 
2148  if (const auto *CE = dyn_cast<CXXConstructExpr>(E)) {
2149  const auto *CtorD = dyn_cast_or_null<NamedDecl>(CE->getConstructor());
2150  if (!CtorD || !CtorD->hasAttrs())
2151  continue;
2152  handleCall(E, CtorD, VD);
2153  } else if (isa<CallExpr>(E) && E->isRValue()) {
2154  // If the object is initialized by a function call that returns a
2155  // scoped lockable by value, use the attributes on the copy or move
2156  // constructor to figure out what effect that should have on the
2157  // lockset.
2158  // FIXME: Is this really the best way to handle this situation?
2159  auto *RD = E->getType()->getAsCXXRecordDecl();
2160  if (!RD || !RD->hasAttr<ScopedLockableAttr>())
2161  continue;
2163  if (!CtorD || !CtorD->hasAttrs())
2164  continue;
2165  handleCall(buildFakeCtorCall(CtorD, {E}, E->getBeginLoc()), CtorD, VD);
2166  }
2167  }
2168  }
2169 }
2170 
2171 /// Compute the intersection of two locksets and issue warnings for any
2172 /// locks in the symmetric difference.
2173 ///
2174 /// This function is used at a merge point in the CFG when comparing the lockset
2175 /// of each branch being merged. For example, given the following sequence:
2176 /// A; if () then B; else C; D; we need to check that the lockset after B and C
2177 /// are the same. In the event of a difference, we use the intersection of these
2178 /// two locksets at the start of D.
2179 ///
2180 /// \param FSet1 The first lockset.
2181 /// \param FSet2 The second lockset.
2182 /// \param JoinLoc The location of the join point for error reporting
2183 /// \param LEK1 The error message to report if a mutex is missing from LSet1
2184 /// \param LEK2 The error message to report if a mutex is missing from Lset2
2185 void ThreadSafetyAnalyzer::intersectAndWarn(FactSet &FSet1,
2186  const FactSet &FSet2,
2187  SourceLocation JoinLoc,
2188  LockErrorKind LEK1,
2189  LockErrorKind LEK2,
2190  bool Modify) {
2191  FactSet FSet1Orig = FSet1;
2192 
2193  // Find locks in FSet2 that conflict or are not in FSet1, and warn.
2194  for (const auto &Fact : FSet2) {
2195  const FactEntry *LDat1 = nullptr;
2196  const FactEntry *LDat2 = &FactMan[Fact];
2197  FactSet::iterator Iter1 = FSet1.findLockIter(FactMan, *LDat2);
2198  if (Iter1 != FSet1.end()) LDat1 = &FactMan[*Iter1];
2199 
2200  if (LDat1) {
2201  if (LDat1->kind() != LDat2->kind()) {
2202  Handler.handleExclusiveAndShared("mutex", LDat2->toString(),
2203  LDat2->loc(), LDat1->loc());
2204  if (Modify && LDat1->kind() != LK_Exclusive) {
2205  // Take the exclusive lock, which is the one in FSet2.
2206  *Iter1 = Fact;
2207  }
2208  }
2209  else if (Modify && LDat1->asserted() && !LDat2->asserted()) {
2210  // The non-asserted lock in FSet2 is the one we want to track.
2211  *Iter1 = Fact;
2212  }
2213  } else {
2214  LDat2->handleRemovalFromIntersection(FSet2, FactMan, JoinLoc, LEK1,
2215  Handler);
2216  }
2217  }
2218 
2219  // Find locks in FSet1 that are not in FSet2, and remove them.
2220  for (const auto &Fact : FSet1Orig) {
2221  const FactEntry *LDat1 = &FactMan[Fact];
2222  const FactEntry *LDat2 = FSet2.findLock(FactMan, *LDat1);
2223 
2224  if (!LDat2) {
2225  LDat1->handleRemovalFromIntersection(FSet1Orig, FactMan, JoinLoc, LEK2,
2226  Handler);
2227  if (Modify)
2228  FSet1.removeLock(FactMan, *LDat1);
2229  }
2230  }
2231 }
2232 
2233 // Return true if block B never continues to its successors.
2234 static bool neverReturns(const CFGBlock *B) {
2235  if (B->hasNoReturnElement())
2236  return true;
2237  if (B->empty())
2238  return false;
2239 
2240  CFGElement Last = B->back();
2241  if (Optional<CFGStmt> S = Last.getAs<CFGStmt>()) {
2242  if (isa<CXXThrowExpr>(S->getStmt()))
2243  return true;
2244  }
2245  return false;
2246 }
2247 
2248 /// Check a function's CFG for thread-safety violations.
2249 ///
2250 /// We traverse the blocks in the CFG, compute the set of mutexes that are held
2251 /// at the end of each block, and issue warnings for thread safety violations.
2252 /// Each block in the CFG is traversed exactly once.
2253 void ThreadSafetyAnalyzer::runAnalysis(AnalysisDeclContext &AC) {
2254  // TODO: this whole function needs be rewritten as a visitor for CFGWalker.
2255  // For now, we just use the walker to set things up.
2256  threadSafety::CFGWalker walker;
2257  if (!walker.init(AC))
2258  return;
2259 
2260  // AC.dumpCFG(true);
2261  // threadSafety::printSCFG(walker);
2262 
2263  CFG *CFGraph = walker.getGraph();
2264  const NamedDecl *D = walker.getDecl();
2265  const auto *CurrentFunction = dyn_cast<FunctionDecl>(D);
2266  CurrentMethod = dyn_cast<CXXMethodDecl>(D);
2267 
2268  if (D->hasAttr<NoThreadSafetyAnalysisAttr>())
2269  return;
2270 
2271  // FIXME: Do something a bit more intelligent inside constructor and
2272  // destructor code. Constructors and destructors must assume unique access
2273  // to 'this', so checks on member variable access is disabled, but we should
2274  // still enable checks on other objects.
2275  if (isa<CXXConstructorDecl>(D))
2276  return; // Don't check inside constructors.
2277  if (isa<CXXDestructorDecl>(D))
2278  return; // Don't check inside destructors.
2279 
2280  Handler.enterFunction(CurrentFunction);
2281 
2282  BlockInfo.resize(CFGraph->getNumBlockIDs(),
2283  CFGBlockInfo::getEmptyBlockInfo(LocalVarMap));
2284 
2285  // We need to explore the CFG via a "topological" ordering.
2286  // That way, we will be guaranteed to have information about required
2287  // predecessor locksets when exploring a new block.
2288  const PostOrderCFGView *SortedGraph = walker.getSortedGraph();
2289  PostOrderCFGView::CFGBlockSet VisitedBlocks(CFGraph);
2290 
2291  // Mark entry block as reachable
2292  BlockInfo[CFGraph->getEntry().getBlockID()].Reachable = true;
2293 
2294  // Compute SSA names for local variables
2295  LocalVarMap.traverseCFG(CFGraph, SortedGraph, BlockInfo);
2296 
2297  // Fill in source locations for all CFGBlocks.
2298  findBlockLocations(CFGraph, SortedGraph, BlockInfo);
2299 
2300  CapExprSet ExclusiveLocksAcquired;
2301  CapExprSet SharedLocksAcquired;
2302  CapExprSet LocksReleased;
2303 
2304  // Add locks from exclusive_locks_required and shared_locks_required
2305  // to initial lockset. Also turn off checking for lock and unlock functions.
2306  // FIXME: is there a more intelligent way to check lock/unlock functions?
2307  if (!SortedGraph->empty() && D->hasAttrs()) {
2308  const CFGBlock *FirstBlock = *SortedGraph->begin();
2309  FactSet &InitialLockset = BlockInfo[FirstBlock->getBlockID()].EntrySet;
2310 
2311  CapExprSet ExclusiveLocksToAdd;
2312  CapExprSet SharedLocksToAdd;
2313  StringRef CapDiagKind = "mutex";
2314 
2315  SourceLocation Loc = D->getLocation();
2316  for (const auto *Attr : D->attrs()) {
2317  Loc = Attr->getLocation();
2318  if (const auto *A = dyn_cast<RequiresCapabilityAttr>(Attr)) {
2319  getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
2320  nullptr, D);
2321  CapDiagKind = ClassifyDiagnostic(A);
2322  } else if (const auto *A = dyn_cast<ReleaseCapabilityAttr>(Attr)) {
2323  // UNLOCK_FUNCTION() is used to hide the underlying lock implementation.
2324  // We must ignore such methods.
2325  if (A->args_size() == 0)
2326  return;
2327  getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
2328  nullptr, D);
2329  getMutexIDs(LocksReleased, A, nullptr, D);
2330  CapDiagKind = ClassifyDiagnostic(A);
2331  } else if (const auto *A = dyn_cast<AcquireCapabilityAttr>(Attr)) {
2332  if (A->args_size() == 0)
2333  return;
2334  getMutexIDs(A->isShared() ? SharedLocksAcquired
2335  : ExclusiveLocksAcquired,
2336  A, nullptr, D);
2337  CapDiagKind = ClassifyDiagnostic(A);
2338  } else if (isa<ExclusiveTrylockFunctionAttr>(Attr)) {
2339  // Don't try to check trylock functions for now.
2340  return;
2341  } else if (isa<SharedTrylockFunctionAttr>(Attr)) {
2342  // Don't try to check trylock functions for now.
2343  return;
2344  } else if (isa<TryAcquireCapabilityAttr>(Attr)) {
2345  // Don't try to check trylock functions for now.
2346  return;
2347  }
2348  }
2349 
2350  // FIXME -- Loc can be wrong here.
2351  for (const auto &Mu : ExclusiveLocksToAdd) {
2352  auto Entry = llvm::make_unique<LockableFactEntry>(Mu, LK_Exclusive, Loc);
2353  Entry->setDeclared(true);
2354  addLock(InitialLockset, std::move(Entry), CapDiagKind, true);
2355  }
2356  for (const auto &Mu : SharedLocksToAdd) {
2357  auto Entry = llvm::make_unique<LockableFactEntry>(Mu, LK_Shared, Loc);
2358  Entry->setDeclared(true);
2359  addLock(InitialLockset, std::move(Entry), CapDiagKind, true);
2360  }
2361  }
2362 
2363  for (const auto *CurrBlock : *SortedGraph) {
2364  unsigned CurrBlockID = CurrBlock->getBlockID();
2365  CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlockID];
2366 
2367  // Use the default initial lockset in case there are no predecessors.
2368  VisitedBlocks.insert(CurrBlock);
2369 
2370  // Iterate through the predecessor blocks and warn if the lockset for all
2371  // predecessors is not the same. We take the entry lockset of the current
2372  // block to be the intersection of all previous locksets.
2373  // FIXME: By keeping the intersection, we may output more errors in future
2374  // for a lock which is not in the intersection, but was in the union. We
2375  // may want to also keep the union in future. As an example, let's say
2376  // the intersection contains Mutex L, and the union contains L and M.
2377  // Later we unlock M. At this point, we would output an error because we
2378  // never locked M; although the real error is probably that we forgot to
2379  // lock M on all code paths. Conversely, let's say that later we lock M.
2380  // In this case, we should compare against the intersection instead of the
2381  // union because the real error is probably that we forgot to unlock M on
2382  // all code paths.
2383  bool LocksetInitialized = false;
2384  SmallVector<CFGBlock *, 8> SpecialBlocks;
2385  for (CFGBlock::const_pred_iterator PI = CurrBlock->pred_begin(),
2386  PE = CurrBlock->pred_end(); PI != PE; ++PI) {
2387  // if *PI -> CurrBlock is a back edge
2388  if (*PI == nullptr || !VisitedBlocks.alreadySet(*PI))
2389  continue;
2390 
2391  unsigned PrevBlockID = (*PI)->getBlockID();
2392  CFGBlockInfo *PrevBlockInfo = &BlockInfo[PrevBlockID];
2393 
2394  // Ignore edges from blocks that can't return.
2395  if (neverReturns(*PI) || !PrevBlockInfo->Reachable)
2396  continue;
2397 
2398  // Okay, we can reach this block from the entry.
2399  CurrBlockInfo->Reachable = true;
2400 
2401  // If the previous block ended in a 'continue' or 'break' statement, then
2402  // a difference in locksets is probably due to a bug in that block, rather
2403  // than in some other predecessor. In that case, keep the other
2404  // predecessor's lockset.
2405  if (const Stmt *Terminator = (*PI)->getTerminator()) {
2406  if (isa<ContinueStmt>(Terminator) || isa<BreakStmt>(Terminator)) {
2407  SpecialBlocks.push_back(*PI);
2408  continue;
2409  }
2410  }
2411 
2412  FactSet PrevLockset;
2413  getEdgeLockset(PrevLockset, PrevBlockInfo->ExitSet, *PI, CurrBlock);
2414 
2415  if (!LocksetInitialized) {
2416  CurrBlockInfo->EntrySet = PrevLockset;
2417  LocksetInitialized = true;
2418  } else {
2419  intersectAndWarn(CurrBlockInfo->EntrySet, PrevLockset,
2420  CurrBlockInfo->EntryLoc,
2422  }
2423  }
2424 
2425  // Skip rest of block if it's not reachable.
2426  if (!CurrBlockInfo->Reachable)
2427  continue;
2428 
2429  // Process continue and break blocks. Assume that the lockset for the
2430  // resulting block is unaffected by any discrepancies in them.
2431  for (const auto *PrevBlock : SpecialBlocks) {
2432  unsigned PrevBlockID = PrevBlock->getBlockID();
2433  CFGBlockInfo *PrevBlockInfo = &BlockInfo[PrevBlockID];
2434 
2435  if (!LocksetInitialized) {
2436  CurrBlockInfo->EntrySet = PrevBlockInfo->ExitSet;
2437  LocksetInitialized = true;
2438  } else {
2439  // Determine whether this edge is a loop terminator for diagnostic
2440  // purposes. FIXME: A 'break' statement might be a loop terminator, but
2441  // it might also be part of a switch. Also, a subsequent destructor
2442  // might add to the lockset, in which case the real issue might be a
2443  // double lock on the other path.
2444  const Stmt *Terminator = PrevBlock->getTerminator();
2445  bool IsLoop = Terminator && isa<ContinueStmt>(Terminator);
2446 
2447  FactSet PrevLockset;
2448  getEdgeLockset(PrevLockset, PrevBlockInfo->ExitSet,
2449  PrevBlock, CurrBlock);
2450 
2451  // Do not update EntrySet.
2452  intersectAndWarn(CurrBlockInfo->EntrySet, PrevLockset,
2453  PrevBlockInfo->ExitLoc,
2456  false);
2457  }
2458  }
2459 
2460  BuildLockset LocksetBuilder(this, *CurrBlockInfo);
2461 
2462  // Visit all the statements in the basic block.
2463  for (const auto &BI : *CurrBlock) {
2464  switch (BI.getKind()) {
2465  case CFGElement::Statement: {
2466  CFGStmt CS = BI.castAs<CFGStmt>();
2467  LocksetBuilder.Visit(CS.getStmt());
2468  break;
2469  }
2470  // Ignore BaseDtor, MemberDtor, and TemporaryDtor for now.
2473  const auto *DD = AD.getDestructorDecl(AC.getASTContext());
2474  if (!DD->hasAttrs())
2475  break;
2476 
2477  // Create a dummy expression,
2478  auto *VD = const_cast<VarDecl *>(AD.getVarDecl());
2479  DeclRefExpr DRE(VD->getASTContext(), VD, false,
2481  AD.getTriggerStmt()->getEndLoc());
2482  LocksetBuilder.handleCall(&DRE, DD);
2483  break;
2484  }
2485  default:
2486  break;
2487  }
2488  }
2489  CurrBlockInfo->ExitSet = LocksetBuilder.FSet;
2490 
2491  // For every back edge from CurrBlock (the end of the loop) to another block
2492  // (FirstLoopBlock) we need to check that the Lockset of Block is equal to
2493  // the one held at the beginning of FirstLoopBlock. We can look up the
2494  // Lockset held at the beginning of FirstLoopBlock in the EntryLockSets map.
2495  for (CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin(),
2496  SE = CurrBlock->succ_end(); SI != SE; ++SI) {
2497  // if CurrBlock -> *SI is *not* a back edge
2498  if (*SI == nullptr || !VisitedBlocks.alreadySet(*SI))
2499  continue;
2500 
2501  CFGBlock *FirstLoopBlock = *SI;
2502  CFGBlockInfo *PreLoop = &BlockInfo[FirstLoopBlock->getBlockID()];
2503  CFGBlockInfo *LoopEnd = &BlockInfo[CurrBlockID];
2504  intersectAndWarn(LoopEnd->ExitSet, PreLoop->EntrySet,
2505  PreLoop->EntryLoc,
2507  false);
2508  }
2509  }
2510 
2511  CFGBlockInfo *Initial = &BlockInfo[CFGraph->getEntry().getBlockID()];
2512  CFGBlockInfo *Final = &BlockInfo[CFGraph->getExit().getBlockID()];
2513 
2514  // Skip the final check if the exit block is unreachable.
2515  if (!Final->Reachable)
2516  return;
2517 
2518  // By default, we expect all locks held on entry to be held on exit.
2519  FactSet ExpectedExitSet = Initial->EntrySet;
2520 
2521  // Adjust the expected exit set by adding or removing locks, as declared
2522  // by *-LOCK_FUNCTION and UNLOCK_FUNCTION. The intersect below will then
2523  // issue the appropriate warning.
2524  // FIXME: the location here is not quite right.
2525  for (const auto &Lock : ExclusiveLocksAcquired)
2526  ExpectedExitSet.addLock(FactMan, llvm::make_unique<LockableFactEntry>(
2527  Lock, LK_Exclusive, D->getLocation()));
2528  for (const auto &Lock : SharedLocksAcquired)
2529  ExpectedExitSet.addLock(FactMan, llvm::make_unique<LockableFactEntry>(
2530  Lock, LK_Shared, D->getLocation()));
2531  for (const auto &Lock : LocksReleased)
2532  ExpectedExitSet.removeLock(FactMan, Lock);
2533 
2534  // FIXME: Should we call this function for all blocks which exit the function?
2535  intersectAndWarn(ExpectedExitSet, Final->ExitSet,
2536  Final->ExitLoc,
2539  false);
2540 
2541  Handler.leaveFunction(CurrentFunction);
2542 }
2543 
2544 /// Check a function's CFG for thread-safety violations.
2545 ///
2546 /// We traverse the blocks in the CFG, compute the set of mutexes that are held
2547 /// at the end of each block, and issue warnings for thread safety violations.
2548 /// Each block in the CFG is traversed exactly once.
2550  ThreadSafetyHandler &Handler,
2551  BeforeSet **BSet) {
2552  if (!*BSet)
2553  *BSet = new BeforeSet;
2554  ThreadSafetyAnalyzer Analyzer(Handler, *BSet);
2555  Analyzer.runAnalysis(AC);
2556 }
2557 
2559 
2560 /// Helper function that returns a LockKind required for the given level
2561 /// of access.
2563  switch (AK) {
2564  case AK_Read :
2565  return LK_Shared;
2566  case AK_Written :
2567  return LK_Exclusive;
2568  }
2569  llvm_unreachable("Unknown AccessKind");
2570 }
const PostOrderCFGView * getSortedGraph() const
Represents a function declaration or definition.
Definition: Decl.h:1738
Passing a guarded variable by reference.
Definition: ThreadSafety.h:48
bool equals(const CapabilityExpr &other) const
bool empty() const
Definition: CFG.h:714
pred_iterator pred_end()
Definition: CFG.h:734
A (possibly-)qualified type.
Definition: Type.h:638
AdjacentBlocks::const_iterator const_pred_iterator
Definition: CFG.h:720
const Stmt * getStmt() const
Definition: CFG.h:133
ConstStmtVisitor - This class implements a simple visitor for Stmt subclasses.
Definition: StmtVisitor.h:193
succ_iterator succ_begin()
Definition: CFG.h:751
TypePropertyCache< Private > Cache
Definition: Type.cpp:3494
Stmt - This represents one statement.
Definition: Stmt.h:66
CFGBlock & getEntry()
Definition: CFG.h:1093
virtual void handleUnmatchedUnlock(StringRef Kind, Name LockName, SourceLocation Loc)
Warn about unlock function calls that do not have a prior matching lock expression.
Definition: ThreadSafety.h:112
QualType getPointeeType() const
If this is a pointer, ObjC object pointer, or block pointer, this returns the respective pointee...
Definition: Type.cpp:505
C Language Family Type Representation.
static StringRef ClassifyDiagnostic(const CapabilityAttr *A)
unsigned getBlockID() const
Definition: CFG.h:856
arg_iterator arg_begin()
Definition: ExprCXX.h:1399
Opcode getOpcode() const
Definition: Expr.h:3322
StringRef P
QualType getNonReferenceType() const
If Type is a reference type (e.g., const int&), returns the type that the reference refers to ("const...
Definition: Type.h:6248
Represents a call to a C++ constructor.
Definition: ExprCXX.h:1262
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Stmt.h:1169
T castAs() const
Convert to the specified CFGElement type, asserting that this CFGElement is of the desired type...
Definition: CFG.h:99
LockKind getLockKindFromAccessKind(AccessKind AK)
Helper function that returns a LockKind required for the given level of access.
Represents a C++ constructor within a class.
Definition: DeclCXX.h:2484
const CXXDestructorDecl * getDestructorDecl(ASTContext &astContext) const
Definition: CFG.cpp:4672
Writing a variable.
Definition: ThreadSafety.h:75
Exclusive/writer lock of a mutex.
Definition: ThreadSafety.h:62
ProtectedOperationKind
This enum distinguishes between different kinds of operations that may need to be protected by locks...
Definition: ThreadSafety.h:37
bool isTrivialType(const ASTContext &Context) const
Return true if this is a trivial type per (C++0x [basic.types]p9)
Definition: Type.cpp:2157
static CXXConstructExpr * Create(const ASTContext &Ctx, QualType Ty, SourceLocation Loc, CXXConstructorDecl *Ctor, bool Elidable, ArrayRef< Expr *> Args, bool HadMultipleCandidates, bool ListInitialization, bool StdInitListInitialization, bool ZeroInitialization, ConstructionKind ConstructKind, SourceRange ParenOrBraceRange)
Create a C++ construction expression.
Definition: ExprCXX.cpp:984
Represents a variable declaration or definition.
Definition: Decl.h:813
ASTContext & getASTContext() const
const T * getAs() const
Member-template getAs<specific type>&#39;.
Definition: Type.h:6755
Expr * IgnoreImplicit() LLVM_READONLY
IgnoreImplicit - Skip past any implicit AST nodes which might surround this expression.
Definition: Expr.h:747
const Stmt * getTriggerStmt() const
Definition: CFG.h:394
static void warnInvalidLock(ThreadSafetyHandler &Handler, const Expr *MutexExp, const NamedDecl *D, const Expr *DeclExp, StringRef Kind)
Issue a warning about an invalid lock expression.
static bool isAssignmentOp(Opcode Opc)
Definition: Expr.h:3410
Defines the clang::Expr interface and subclasses for C++ expressions.
void threadSafetyCleanup(BeforeSet *Cache)
static const ValueDecl * getValueDecl(const Expr *Exp)
Gets the value decl pointer from DeclRefExprs or MemberExprs.
LockKind
This enum distinguishes between different kinds of lock actions.
Definition: ThreadSafety.h:57
CFGBlockSide
A side (entry or exit) of a CFG node.
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition: ASTContext.h:155
const til::SExpr * sexpr() const
static std::string toString(const clang::SanitizerSet &Sanitizers)
Produce a string containing comma-separated names of sanitizers in Sanitizers set.
SourceLocation getBeginLoc() const LLVM_READONLY
Definition: Stmt.cpp:288
AnalysisDeclContext contains the context data for the function or method under analysis.
Represents C++ object destructor implicitly generated for automatic object or temporary bound to cons...
Definition: CFG.h:384
bool isReferenceType() const
Definition: Type.h:6311
const DeclGroupRef getDeclGroup() const
Definition: Stmt.h:1161
Expr * getSubExpr()
Definition: Expr.h:3050
static bool neverReturns(const CFGBlock *B)
ArrayRef< ParmVarDecl * > parameters() const
Definition: Decl.h:2262
AdjacentBlocks::const_iterator const_succ_iterator
Definition: CFG.h:727
bool alreadySet(const CFGBlock *Block)
Check if the bit for a CFGBlock has been already set.
virtual void handleInvalidLockExp(StringRef Kind, SourceLocation Loc)
Warn about lock expressions which fail to resolve to lockable objects.
Definition: ThreadSafety.h:104
static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified...
Implements a set of CFGBlocks using a BitVector.
A builtin binary operation expression such as "x + y" or "x <= y".
Definition: Expr.h:3287
Expr * IgnoreParenCasts() LLVM_READONLY
IgnoreParenCasts - Ignore parentheses and casts.
Definition: Expr.cpp:2595
const VarDecl * getVarDecl() const
Definition: CFG.h:389
CastExpr - Base class for type casts, including both implicit casts (ImplicitCastExpr) and explicit c...
Definition: Expr.h:2998
Shared/reader lock of a mutex.
Definition: ThreadSafety.h:59
arg_iterator arg_end()
Definition: Expr.h:2593
bool hasAttr() const
Definition: DeclBase.h:531
Passing a pt-guarded variable by reference.
Definition: ThreadSafety.h:51
Const iterator for iterating over Stmt * arrays that contain only Expr *.
Definition: Stmt.h:997
CXXRecordDecl * getAsCXXRecordDecl() const
Retrieves the CXXRecordDecl that this type refers to, either because the type is a RecordType or beca...
Definition: Type.cpp:1613
bool init(AnalysisDeclContext &AC)
CXXConstructorDecl * getConstructor() const
Get the constructor that this expression will (ultimately) call.
Definition: ExprCXX.h:1334
Handler class for thread safety warnings.
Definition: ThreadSafety.h:94
Represents a single basic block in a source-level CFG.
Definition: CFG.h:552
arg_iterator arg_end()
Definition: ExprCXX.h:1400
Dereferencing a variable (e.g. p in *p = 5;)
Definition: ThreadSafety.h:39
Represent the declaration of a variable (in which case it is an lvalue) a function (in which case it ...
Definition: Decl.h:637
This represents one expression.
Definition: Expr.h:106
Stmt * getTerminatorCondition(bool StripParens=true)
Definition: CFG.cpp:5467
Represents a source-level, intra-procedural CFG that represents the control-flow of a Stmt...
Definition: CFG.h:1003
Defines an enumeration for C++ overloaded operators.
FunctionDecl * getDirectCallee()
If the callee is a FunctionDecl, return it. Otherwise return null.
Definition: Expr.h:2532
void checkBeforeAfter(const ValueDecl *Vd, const FactSet &FSet, ThreadSafetyAnalyzer &Analyzer, SourceLocation Loc, StringRef CapKind)
Return true if any mutexes in FSet are in the acquired_before set of Vd.
QualType getType() const
Definition: Expr.h:128
DeclContext * getParent()
getParent - Returns the containing DeclContext.
Definition: DeclBase.h:1752
AccessKind
This enum distinguishes between different ways to access (read or write) a variable.
Definition: ThreadSafety.h:70
QualType getRecordType(const RecordDecl *Decl) const
UnaryOperator - This represents the unary-expression&#39;s (except sizeof and alignof), the postinc/postdec operators from postfix-expression, and various extensions.
Definition: Expr.h:1896
Making a function call (e.g. fool())
Definition: ThreadSafety.h:45
CFGElement back() const
Definition: CFG.h:701
SourceLocation getEndLoc() const LLVM_READONLY
Definition: Stmt.cpp:301
bool hasAttrs() const
Definition: DeclBase.h:473
virtual void printName(raw_ostream &os) const
Definition: Decl.cpp:1516
CFGTerminator getTerminator()
Definition: CFG.h:840
Kind
Reading or writing a variable (e.g. x in x = 5;)
Definition: ThreadSafety.h:42
std::pair< llvm::NoneType, bool > insert(const CFGBlock *Block)
Set the bit associated with a particular CFGBlock.
BeforeInfo * insertAttrExprs(const ValueDecl *Vd, ThreadSafetyAnalyzer &Analyzer)
Process acquired_before and acquired_after attributes on Vd.
Encodes a location in the source.
Expr * getSubExpr() const
Definition: Expr.h:1926
CastKind getCastKind() const
Definition: Expr.h:3044
std::string getNameAsString() const
Get a human-readable name for the declaration, even if it is one of the special kinds of names (C++ c...
Definition: Decl.h:292
ASTContext & getASTContext() const LLVM_READONLY
Definition: DeclBase.cpp:376
DeclStmt - Adaptor class for mixing declarations with statements and expressions. ...
Definition: Stmt.h:1143
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:2041
SourceLocation getLocation() const
Definition: Attr.h:94
unsigned getNumBlockIDs() const
Returns the total number of BlockIDs allocated (which start at 0).
Definition: CFG.h:1169
static bool getStaticBooleanValue(Expr *E, bool &TCond)
succ_iterator succ_end()
Definition: CFG.h:752
SourceLocation getExprLoc() const LLVM_READONLY
getExprLoc - Return the preferred location for the arrow when diagnosing a problem with a generic exp...
Definition: Expr.cpp:215
Optional< T > getAs() const
Convert to the specified CFGElement type, returning None if this CFGElement is not of the desired typ...
Definition: CFG.h:110
Expr * getLHS() const
Definition: Expr.h:3327
Defines various enumerations that describe declaration and type specifiers.
pred_iterator pred_begin()
Definition: CFG.h:733
static CXXConstructorDecl * findConstructorForByValueReturn(const CXXRecordDecl *RD)
Dataflow Directional Tag Classes.
bool isValid() const
Return true if this is a valid SourceLocation object.
BeforeInfo * getBeforeInfoForDecl(const ValueDecl *Vd, ThreadSafetyAnalyzer &Analyzer)
void runThreadSafetyAnalysis(AnalysisDeclContext &AC, ThreadSafetyHandler &Handler, BeforeSet **Bset)
Check a function&#39;s CFG for thread-safety violations.
attr_range attrs() const
Definition: DeclBase.h:490
bool isCopyConstructor(unsigned &TypeQuals) const
Whether this constructor is a copy constructor (C++ [class.copy]p2, which can be used to copy the cla...
Definition: DeclCXX.cpp:2365
const Expr * getInit() const
Definition: Decl.h:1220
const CXXRecordDecl * getParent() const
Returns the parent of this method declaration, which is the class in which this method is defined...
Definition: DeclCXX.h:2166
Reading a variable.
Definition: ThreadSafety.h:72
std::string toString(const til::SExpr *E)
A helper class that allows the use of isa/cast/dyncast to detect TagType objects of structs/unions/cl...
Definition: Type.h:4373
void dump() const
Dumps the specified AST fragment and all subtrees to llvm::errs().
Definition: ASTDumper.cpp:1622
arg_iterator arg_begin()
Definition: Expr.h:2590
static Expr * buildFakeCtorCall(CXXConstructorDecl *CD, ArrayRef< Expr *> Args, SourceLocation Loc)
Opcode getOpcode() const
Definition: Expr.h:1921
Expr * getArg(unsigned Arg)
Return the specified argument.
Definition: ExprCXX.h:1413
const NamedDecl * getDecl() const
The type-property cache.
Definition: Type.cpp:3448
llvm::iterator_range< specific_attr_iterator< T > > specific_attrs() const
Definition: DeclBase.h:513
bool hasNoReturnElement() const
Definition: CFG.h:854
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate.h) and friends (in DeclFriend.h).
MemberExpr - [C99 6.5.2.3] Structure and Union Members.
Definition: Expr.h:2682
virtual void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation Loc)
Warn about lock function calls for locks which are already held.
Definition: ThreadSafety.h:133
Defines the clang::SourceLocation class and associated facilities.
Represents a C++ struct/union/class.
Definition: DeclCXX.h:300
Represents a top-level expression in a basic block.
Definition: CFG.h:56
bool isRValue() const
Definition: Expr.h:250
unsigned kind
All of the diagnostics that can be emitted by the frontend.
Definition: DiagnosticIDs.h:61
virtual void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, SourceLocation LocLocked, SourceLocation LocEndOfScope, LockErrorKind LEK)
Warn about situations where a mutex is sometimes held and sometimes not.
Definition: ThreadSafety.h:149
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2396
StringRef getName() const
Get the name of identifier for this declaration as a StringRef.
Definition: Decl.h:276
A reference to a declared variable, function, enum, etc.
Definition: Expr.h:1041
const ValueDecl * valueDecl() const
Expr * getRHS() const
Definition: Expr.h:3329
bool isPointerType() const
Definition: Type.h:6299
bool matches(const til::SExpr *E1, const til::SExpr *E2)
QualType getType() const
Definition: Decl.h:648
An l-value expression is a reference to an object with independent storage.
Definition: Specifiers.h:114
A trivial tuple used to represent a source range.
This represents a decl that may have a name.
Definition: Decl.h:249
static void findBlockLocations(CFG *CFGraph, const PostOrderCFGView *SortedGraph, std::vector< CFGBlockInfo > &BlockInfo)
Find the appropriate source locations to use when producing diagnostics for each block in the CFG...
attr::Kind getKind() const
Definition: Attr.h:87
Decl * getCalleeDecl()
Definition: Expr.h:2526
ctor_range ctors() const
Definition: DeclCXX.h:885
Defines enum values for all the target-independent builtin functions.
Attr - This represents one attribute.
Definition: Attr.h:44
SourceLocation getLocation() const
Definition: DeclBase.h:418
Expr * IgnoreParens() LLVM_READONLY
IgnoreParens - Ignore parentheses.
Definition: Expr.cpp:2560
CFGBlock & getExit()
Definition: CFG.h:1095
Can be either Shared or Exclusive.
Definition: ThreadSafety.h:65