doxygen/ASTUtils_8cpp_source.html

//=======- ASTUtils.cpp ------------------------------------------*- C++ -*-==//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//


#include "ASTUtils.h"

#include "PtrTypesSemantics.h"

#include "clang/AST/Attr.h"

#include "clang/AST/Decl.h"

#include "clang/AST/DeclCXX.h"

#include "clang/AST/ExprCXX.h"

#include "clang/AST/ExprObjC.h"

#include "clang/AST/StmtVisitor.h"

#include <optional>


namespace clang {


bool isSafePtr(clang::CXXRecordDecl *Decl) {

  return isRefCounted(Decl) || isCheckedPtr(Decl);

}


bool tryToFindPtrOrigin(

    const Expr *E, bool StopAtFirstRefCountedObj,

    std::function<bool(const clang::CXXRecordDecl *)> isSafePtr,

    std::function<bool(const clang::QualType)> isSafePtrType,

    std::function<bool(const clang::Expr *, bool)> callback) {

  while (E) {

    if (auto *DRE = dyn_cast<DeclRefExpr>(E)) {

      if (auto *VD = dyn_cast_or_null<VarDecl>(DRE->getDecl())) {

        auto QT = VD->getType();

        auto IsImmortal = safeGetName(VD) == "NSApp";

        if (VD->hasGlobalStorage() && (IsImmortal || QT.isConstQualified()))

          return callback(E, true);

      }

    }

    if (auto *tempExpr = dyn_cast<MaterializeTemporaryExpr>(E)) {

      E = tempExpr->getSubExpr();

      continue;

    }

    if (auto *tempExpr = dyn_cast<CXXBindTemporaryExpr>(E)) {

      E = tempExpr->getSubExpr();

      continue;

    }

    if (auto *tempExpr = dyn_cast<CXXConstructExpr>(E)) {

      if (auto *C = tempExpr->getConstructor()) {

        if (auto *Class = C->getParent(); Class && isSafePtr(Class))

          return callback(E, true);

        break;

      }

    }

    if (auto *TempExpr = dyn_cast<CXXUnresolvedConstructExpr>(E)) {

      if (isSafePtrType(TempExpr->getTypeAsWritten()))

        return callback(TempExpr, true);

    }

    if (auto *POE = dyn_cast<PseudoObjectExpr>(E)) {

      if (auto *RF = POE->getResultExpr()) {

        E = RF;

        continue;

      }

    }

    if (auto *tempExpr = dyn_cast<ParenExpr>(E)) {

      E = tempExpr->getSubExpr();

      continue;

    }

    if (auto *OpaqueValue = dyn_cast<OpaqueValueExpr>(E)) {

      E = OpaqueValue->getSourceExpr();

      continue;

    }

    if (auto *Expr = dyn_cast<ConditionalOperator>(E)) {

      return tryToFindPtrOrigin(Expr->getTrueExpr(), StopAtFirstRefCountedObj,

                                isSafePtr, isSafePtrType, callback) &&

             tryToFindPtrOrigin(Expr->getFalseExpr(), StopAtFirstRefCountedObj,

                                isSafePtr, isSafePtrType, callback);

    }

    if (auto *cast = dyn_cast<CastExpr>(E)) {

      if (StopAtFirstRefCountedObj) {

        if (auto *ConversionFunc =

                dyn_cast_or_null<FunctionDecl>(cast->getConversionFunction())) {

          if (isCtorOfSafePtr(ConversionFunc))

            return callback(E, true);

        }

        if (isa<CXXFunctionalCastExpr>(E) && isSafePtrType(cast->getType()))

          return callback(E, true);

      }

      // FIXME: This can give false "origin" that would lead to false negatives

      // in checkers. See https://reviews.llvm.org/D37023 for reference.

      E = cast->getSubExpr();

      continue;

    }

    if (auto *call = dyn_cast<CallExpr>(E)) {

      if (auto *Callee = call->getCalleeDecl()) {

        if (Callee->hasAttr<CFReturnsRetainedAttr>() ||

            Callee->hasAttr<NSReturnsRetainedAttr>()) {

          return callback(E, true);

        }

      }


      if (auto *memberCall = dyn_cast<CXXMemberCallExpr>(call)) {

        if (auto *decl = memberCall->getMethodDecl()) {

          std::optional<bool> IsGetterOfRefCt = isGetterOfSafePtr(decl);

          if (IsGetterOfRefCt && *IsGetterOfRefCt) {

            E = memberCall->getImplicitObjectArgument();

            if (StopAtFirstRefCountedObj) {

              return callback(E, true);

            }

            continue;

          }

        }

      }


      if (auto *operatorCall = dyn_cast<CXXOperatorCallExpr>(E)) {

        if (auto *Callee = operatorCall->getDirectCallee()) {

          auto ClsName = safeGetName(Callee->getParent());

          if (isRefType(ClsName) || isCheckedPtr(ClsName) ||

              isRetainPtrOrOSPtr(ClsName) || ClsName == "unique_ptr" ||

              ClsName == "UniqueRef" || ClsName == "WeakPtr" ||

              ClsName == "WeakRef") {

            if (operatorCall->getNumArgs() == 1) {

              E = operatorCall->getArg(0);

              continue;

            }

          }

        }

      }


      if (call->isCallToStdMove() && call->getNumArgs() == 1) {

        E = call->getArg(0)->IgnoreParenCasts();

        continue;

      }


      if (auto *callee = call->getDirectCallee()) {

        if (isCtorOfSafePtr(callee)) {

          if (StopAtFirstRefCountedObj)

            return callback(E, true);


          E = call->getArg(0);

          continue;

        }


        if (isSafePtrType(callee->getReturnType()))

          return callback(E, true);


        if (isSingleton(callee))

          return callback(E, true);


        if (callee->isInStdNamespace() && safeGetName(callee) == "forward") {

          E = call->getArg(0);

          continue;

        }


        if (isPtrConversion(callee)) {

          E = call->getArg(0);

          continue;

        }


        auto Name = safeGetName(callee);

        if (Name == "__builtin___CFStringMakeConstantString" ||

            Name == "NSClassFromString")

          return callback(E, true);

      } else if (auto *CalleeE = call->getCallee()) {

        if (auto *E = dyn_cast<DeclRefExpr>(CalleeE->IgnoreParenCasts())) {

          if (isSingleton(E->getFoundDecl()))

            return callback(E, true);

        }

      }


      // Sometimes, canonical type erroneously turns Ref<T> into T.

      // Workaround this problem by checking again if the original type was

      // a SubstTemplateTypeParmType of a safe smart pointer type (e.g. Ref).

      if (auto *CalleeDecl = call->getCalleeDecl()) {

        if (auto *FD = dyn_cast<FunctionDecl>(CalleeDecl)) {

          auto RetType = FD->getReturnType();

          if (auto *Subst = dyn_cast<SubstTemplateTypeParmType>(RetType)) {

            if (auto *SubstType = Subst->desugar().getTypePtr()) {

              if (auto *RD = dyn_cast<RecordType>(SubstType)) {

                if (auto *CXX = dyn_cast<CXXRecordDecl>(RD->getOriginalDecl()))

                  if (isSafePtr(CXX))

                    return callback(E, true);

              }

            }

          }

        }

      }

    }

    if (auto *ObjCMsgExpr = dyn_cast<ObjCMessageExpr>(E)) {

      if (auto *Method = ObjCMsgExpr->getMethodDecl()) {

        if (isSafePtrType(Method->getReturnType()))

          return callback(E, true);

      }

      auto Selector = ObjCMsgExpr->getSelector();

      auto NameForFirstSlot = Selector.getNameForSlot(0);

      if ((NameForFirstSlot == "class" || NameForFirstSlot == "superclass") &&

          !Selector.getNumArgs())

        return callback(E, true);

    }

    if (auto *ObjCDict = dyn_cast<ObjCDictionaryLiteral>(E))

      return callback(ObjCDict, true);

    if (auto *ObjCArray = dyn_cast<ObjCArrayLiteral>(E))

      return callback(ObjCArray, true);

    if (auto *ObjCStr = dyn_cast<ObjCStringLiteral>(E))

      return callback(ObjCStr, true);

    if (auto *unaryOp = dyn_cast<UnaryOperator>(E)) {

      // FIXME: Currently accepts ANY unary operator. Is it OK?

      E = unaryOp->getSubExpr();

      continue;

    }

    if (auto *BoxedExpr = dyn_cast<ObjCBoxedExpr>(E)) {

      if (StopAtFirstRefCountedObj)

        return callback(BoxedExpr, true);

      E = BoxedExpr->getSubExpr();

      continue;

    }

    break;

  }

  // Some other expression.

  return callback(E, false);

}


bool isASafeCallArg(const Expr *E) {

  assert(E);

  if (auto *Ref = dyn_cast<DeclRefExpr>(E)) {

    auto *FoundDecl = Ref->getFoundDecl();

    if (auto *D = dyn_cast_or_null<VarDecl>(FoundDecl)) {

      if (isa<ParmVarDecl>(D) || D->isLocalVarDecl())

        return true;

      if (auto *ImplicitP = dyn_cast<ImplicitParamDecl>(D)) {

        auto Kind = ImplicitP->getParameterKind();

        if (Kind == ImplicitParamKind::ObjCSelf ||

            Kind == ImplicitParamKind::ObjCCmd ||

            Kind == ImplicitParamKind::CXXThis ||

            Kind == ImplicitParamKind::CXXVTT)

          return true;

      }

    } else if (auto *BD = dyn_cast_or_null<BindingDecl>(FoundDecl)) {

      VarDecl *VD = BD->getHoldingVar();

      if (VD && (isa<ParmVarDecl>(VD) || VD->isLocalVarDecl()))

        return true;

    }

  }

  if (isa<CXXTemporaryObjectExpr>(E))

    return true; // A temporary lives until the end of this statement.

  if (isConstOwnerPtrMemberExpr(E))

    return true;


  // TODO: checker for method calls on non-refcounted objects

  return isa<CXXThisExpr>(E);

}


bool isNullPtr(const clang::Expr *E) {

  if (isa<CXXNullPtrLiteralExpr>(E) || isa<GNUNullExpr>(E))

    return true;

  if (auto *Int = dyn_cast_or_null<IntegerLiteral>(E)) {

    if (Int->getValue().isZero())

      return true;

  }

  return false;

}


bool isConstOwnerPtrMemberExpr(const clang::Expr *E) {

  if (auto *MCE = dyn_cast<CXXMemberCallExpr>(E)) {

    if (auto *Callee = MCE->getDirectCallee()) {

      auto Name = safeGetName(Callee);

      if (Name == "get" || Name == "ptr")

        E = MCE->getImplicitObjectArgument();

      if (isa<CXXConversionDecl>(Callee))

        E = MCE->getImplicitObjectArgument();

    }

  } else if (auto *OCE = dyn_cast<CXXOperatorCallExpr>(E)) {

    if (OCE->getOperator() == OO_Star && OCE->getNumArgs() == 1)

      E = OCE->getArg(0);

  }

  const ValueDecl *D = nullptr;

  if (auto *ME = dyn_cast<MemberExpr>(E))

    D = ME->getMemberDecl();

  else if (auto *IVR = dyn_cast<ObjCIvarRefExpr>(E))

    D = IVR->getDecl();

  if (!D)

    return false;

  auto T = D->getType();

  return isOwnerPtrType(T) && T.isConstQualified();

}


bool isExprToGetCheckedPtrCapableMember(const clang::Expr *E) {

  auto *ME = dyn_cast<MemberExpr>(E);

  if (!ME)

    return false;

  auto *Base = ME->getBase();

  if (!Base)

    return false;

  if (!isa<CXXThisExpr>(Base->IgnoreParenCasts()))

    return false;

  auto *D = ME->getMemberDecl();

  if (!D)

    return false;

  auto T = D->getType();

  auto *CXXRD = T->getAsCXXRecordDecl();

  if (!CXXRD)

    return false;

  auto result = isCheckedPtrCapable(CXXRD);

  return result && *result;

}


class EnsureFunctionVisitor

    : public ConstStmtVisitor<EnsureFunctionVisitor, bool> {

public:


  bool VisitStmt(const Stmt *S) {

    for (const Stmt *Child : S->children()) {

      if (Child && !Visit(Child))

        return false;

    }

    return true;

  }


  bool VisitReturnStmt(const ReturnStmt *RS) {

    if (auto *RV = RS->getRetValue()) {

      RV = RV->IgnoreParenCasts();

      if (isNullPtr(RV))

        return true;

      return isConstOwnerPtrMemberExpr(RV);

    }

    return false;

  }


};


bool EnsureFunctionAnalysis::isACallToEnsureFn(const clang::Expr *E) const {

  auto *MCE = dyn_cast<CXXMemberCallExpr>(E);

  if (!MCE)

    return false;

  auto *Callee = MCE->getDirectCallee();

  if (!Callee)

    return false;

  auto *Body = Callee->getBody();

  if (!Body || Callee->isVirtualAsWritten())

    return false;

  auto [CacheIt, IsNew] = Cache.insert(std::make_pair(Callee, false));

  if (IsNew)

    CacheIt->second = EnsureFunctionVisitor().Visit(Body);

  return CacheIt->second;

}


} // namespace clang

ASTUtils.h

Attr.h

DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....

Decl.h

ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.

ExprObjC.h

PtrTypesSemantics.h

StmtVisitor.h

Base

clang::CXXRecordDecl
Represents a C++ struct/union/class.
Definition DeclCXX.h:258

clang::ConstStmtVisitor
ConstStmtVisitor - This class implements a simple visitor for Stmt subclasses.
Definition StmtVisitor.h:196

clang::Decl
Decl - This represents one declaration (or definition), e.g.
Definition DeclBase.h:86

clang::EnsureFunctionAnalysis::isACallToEnsureFn
bool isACallToEnsureFn(const Expr *E) const
Definition ASTUtils.cpp:328

clang::EnsureFunctionVisitor
Definition ASTUtils.cpp:307

clang::EnsureFunctionVisitor::VisitReturnStmt
bool VisitReturnStmt(const ReturnStmt *RS)
Definition ASTUtils.cpp:317

clang::EnsureFunctionVisitor::VisitStmt
bool VisitStmt(const Stmt *S)
Definition ASTUtils.cpp:309

clang::Expr
This represents one expression.
Definition Expr.h:112

clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition Expr.cpp:3090

clang::QualType
A (possibly-)qualified type.
Definition TypeBase.h:937

clang::ReturnStmt
ReturnStmt - This represents a return, optionally of an expression: return; return 4;.
Definition Stmt.h:3160

clang::ReturnStmt::getRetValue
Expr * getRetValue()
Definition Stmt.h:3187

clang::Selector
Smart pointer class that efficiently represents Objective-C method names.
Definition IdentifierTable.h:974

clang::Selector::getNameForSlot
StringRef getNameForSlot(unsigned argIndex) const
Retrieve the name at a given position in the selector.
Definition IdentifierTable.cpp:587

clang::Selector::getNumArgs
unsigned getNumArgs() const
Definition IdentifierTable.cpp:564

clang::StmtVisitorBase< llvm::make_const_ptr, EnsureFunctionVisitor, bool, ParamTys... >::Visit
bool Visit(PTR(Stmt) S, ParamTys... P)
Definition StmtVisitor.h:45

clang::Stmt
Stmt - This represents one statement.
Definition Stmt.h:85

clang::Stmt::children
child_range children()
Definition Stmt.cpp:295

clang::ValueDecl
Represent the declaration of a variable (in which case it is an lvalue) a function (in which case it ...
Definition Decl.h:712

clang::ValueDecl::getType
QualType getType() const
Definition Decl.h:723

clang::VarDecl
Represents a variable declaration or definition.
Definition Decl.h:926

clang::VarDecl::isLocalVarDecl
bool isLocalVarDecl() const
Returns true for local variable declarations other than parameters.
Definition Decl.h:1253

clang::ast_matchers::decl
const internal::VariadicAllOfMatcher< Decl > decl
Matches declarations.
Definition ASTMatchersInternal.cpp:762

clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17

clang::isCtorOfSafePtr
bool isCtorOfSafePtr(const clang::FunctionDecl *F)
Definition PtrTypesSemantics.cpp:178

clang::isa
bool isa(CodeGen::Address addr)
Definition Address.h:330

clang::isExprToGetCheckedPtrCapableMember
bool isExprToGetCheckedPtrCapableMember(const clang::Expr *E)
Definition ASTUtils.cpp:286

clang::VariadicCallType::Method
@ Method
Definition Sema.h:514

clang::isPtrConversion
bool isPtrConversion(const FunctionDecl *F)
Definition PtrTypesSemantics.cpp:445

clang::isCheckedPtrCapable
std::optional< bool > isCheckedPtrCapable(const clang::CXXRecordDecl *R)
Definition PtrTypesSemantics.cpp:122

clang::tryToFindPtrOrigin
bool tryToFindPtrOrigin(const Expr *E, bool StopAtFirstRefCountedObj, std::function< bool(const clang::CXXRecordDecl *)> isSafePtr, std::function< bool(const clang::QualType)> isSafePtrType, std::function< bool(const clang::Expr *, bool)> callback)
This function de-facto defines a set of transformations that we consider safe (in heuristical sense).
Definition ASTUtils.cpp:25

clang::LinkageSpecLanguageIDs::C
@ C
Definition DeclCXX.h:3007

clang::LinkageSpecLanguageIDs::CXX
@ CXX
Definition DeclCXX.h:3007

clang::isASafeCallArg
bool isASafeCallArg(const Expr *E)
For E referring to a ref-countable/-counted pointer/reference we return whether it's a safe call argu...
Definition ASTUtils.cpp:222

clang::T
const FunctionProtoType * T
Definition RecursiveASTVisitor.h:1414

clang::isRefCounted
bool isRefCounted(const CXXRecordDecl *R)
Definition PtrTypesSemantics.cpp:412

clang::isOwnerPtrType
bool isOwnerPtrType(const clang::QualType T)
Definition PtrTypesSemantics.cpp:208

clang::isGetterOfSafePtr
std::optional< bool > isGetterOfSafePtr(const CXXMethodDecl *M)
Definition PtrTypesSemantics.cpp:361

clang::isRetainPtrOrOSPtr
bool isRetainPtrOrOSPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:132

clang::isRefType
bool isRefType(const std::string &Name)
Definition PtrTypesSemantics.cpp:127

clang::isSafePtr
bool isSafePtr(clang::CXXRecordDecl *Decl)
Definition ASTUtils.cpp:21

clang::safeGetName
std::string safeGetName(const T *ASTNode)
Definition ASTUtils.h:90

clang::isSingleton
bool isSingleton(const NamedDecl *F)
Definition PtrTypesSemantics.cpp:485

clang::isNullPtr
bool isNullPtr(const clang::Expr *E)
Definition ASTUtils.cpp:252

clang::isCheckedPtr
bool isCheckedPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:137

clang::cast
U cast(CodeGen::Address addr)
Definition Address.h:327

clang::ElaboratedTypeKeyword::Class
@ Class
The "class" keyword introduces the elaborated-type-specifier.
Definition TypeBase.h:5876

clang::ImplicitParamKind::CXXThis
@ CXXThis
Parameter for C++ 'this' argument.
Definition Decl.h:1734

clang::ImplicitParamKind::CXXVTT
@ CXXVTT
Parameter for C++ virtual table pointers.
Definition Decl.h:1737

clang::ImplicitParamKind::ObjCSelf
@ ObjCSelf
Parameter for Objective-C 'self' argument.
Definition Decl.h:1728

clang::ImplicitParamKind::ObjCCmd
@ ObjCCmd
Parameter for Objective-C '_cmd' argument.
Definition Decl.h:1731

clang::isConstOwnerPtrMemberExpr
bool isConstOwnerPtrMemberExpr(const clang::Expr *E)
Definition ASTUtils.cpp:262

std::function
int const char * function
Definition c++config.h:31