clang 23.0.0git
Checker.cpp
Go to the documentation of this file.
1//===- Checker.cpp - C++ Lifetime Safety Checker ----------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file implements the LifetimeChecker, which detects use-after-free
10// errors by checking if live origins hold loans that have expired.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/Analysis/Analyses/LifetimeSafety/Checker.h"
15#include "clang/AST/Decl.h"
16#include "clang/AST/Expr.h"
17#include "clang/Analysis/Analyses/LifetimeSafety/Facts.h"
18#include "clang/Analysis/Analyses/LifetimeSafety/LifetimeAnnotations.h"
19#include "clang/Analysis/Analyses/LifetimeSafety/LiveOrigins.h"
20#include "clang/Analysis/Analyses/LifetimeSafety/LoanPropagation.h"
21#include "clang/Analysis/Analyses/LifetimeSafety/Loans.h"
22#include "clang/Analysis/Analyses/PostOrderCFGView.h"
23#include "clang/Analysis/AnalysisDeclContext.h"
24#include "clang/Basic/SourceLocation.h"
25#include "clang/Basic/SourceManager.h"
26#include "llvm/ADT/DenseMap.h"
27#include "llvm/Support/ErrorHandling.h"
28#include "llvm/Support/TimeProfiler.h"
29
30namespace clang::lifetimes::internal {
31
32static bool causingFactDominatesExpiry(LivenessKind K) {
33 switch (K) {
34 case LivenessKind::Must:
35 return true;
36 case LivenessKind::Maybe:
37 case LivenessKind::Dead:
38 return false;
39 }
40 llvm_unreachable("unknown liveness kind");
41}
42
43namespace {
44
45/// Struct to store the complete context for a potential lifetime violation.
46struct PendingWarning {
47 SourceLocation ExpiryLoc; // Where the loan expired.
48 llvm::PointerUnion<const UseFact *, const OriginEscapesFact *> CausingFact;
49 const Expr *MovedExpr;
50 const Expr *InvalidatedByExpr;
51 bool CausingFactDominatesExpiry;
52};
53
54using AnnotationTarget =
55 llvm::PointerUnion<const ParmVarDecl *, const CXXMethodDecl *>;
56using EscapingTarget = LifetimeSafetySemaHelper::EscapingTarget;
57
58class LifetimeChecker {
59private:
60 llvm::DenseMap<LoanID, PendingWarning> FinalWarningsMap;
61 llvm::DenseMap<AnnotationTarget, EscapingTarget> AnnotationWarningsMap;
62 llvm::DenseMap<const ParmVarDecl *, EscapingTarget> NoescapeWarningsMap;
63 llvm::DenseSet<const Decl *> VerifiedLiftimeboundEscapes;
64 const LoanPropagationAnalysis &LoanPropagation;
65 const MovedLoansAnalysis &MovedLoans;
66 const LiveOriginsAnalysis &LiveOrigins;
67 FactManager &FactMgr;
68 LifetimeSafetySemaHelper *SemaHelper;
69 ASTContext &AST;
70 const Decl *FD;
71 const LifetimeSafetyOpts &LSOpts;
72
73 static SourceLocation
74 GetFactLoc(llvm::PointerUnion<const UseFact *, const OriginEscapesFact *> F) {
75 if (const auto *UF = F.dyn_cast<const UseFact *>())
76 return UF->getUseExpr()->getExprLoc();
77 if (const auto *OEF = F.dyn_cast<const OriginEscapesFact *>()) {
78 if (auto *ReturnEsc = dyn_cast<ReturnEscapeFact>(OEF))
79 return ReturnEsc->getReturnExpr()->getExprLoc();
80 if (auto *FieldEsc = dyn_cast<FieldEscapeFact>(OEF))
81 return FieldEsc->getFieldDecl()->getLocation();
82 }
83 llvm_unreachable("unhandled causing fact in PointerUnion");
84 }
85
86public:
87 LifetimeChecker(const LoanPropagationAnalysis &LoanPropagation,
88 const MovedLoansAnalysis &MovedLoans,
89 const LiveOriginsAnalysis &LiveOrigins, FactManager &FM,
90 AnalysisDeclContext &ADC,
91 LifetimeSafetySemaHelper *SemaHelper,
92 const LifetimeSafetyOpts &LSOpts)
93 : LoanPropagation(LoanPropagation), MovedLoans(MovedLoans),
94 LiveOrigins(LiveOrigins), FactMgr(FM), SemaHelper(SemaHelper),
95 AST(ADC.getASTContext()), FD(ADC.getDecl()), LSOpts(LSOpts) {
96 for (const CFGBlock *B : *ADC.getAnalysis<PostOrderCFGView>())
97 for (const Fact *F : FactMgr.getFacts(B))
98 if (const auto *EF = F->getAs<ExpireFact>())
99 checkExpiry(EF);
100 else if (const auto *IOF = F->getAs<InvalidateOriginFact>())
101 checkInvalidation(IOF);
102 else if (const auto *OEF = F->getAs<OriginEscapesFact>())
103 checkAnnotations(OEF);
104 issuePendingWarnings();
105 suggestAnnotations();
106 reportNoescapeViolations();
107 reportLifetimeboundViolations();
108 reportMisplacedLifetimebound();
109 reportInapplicableLifetimebound();
110 // Annotation inference is currently guarded by a frontend flag. In the
111 // future, this might be replaced by a design that differentiates between
112 // explicit and inferred findings with separate warning groups.
113 if (AST.getLangOpts().EnableLifetimeSafetyInference)
114 inferAnnotations();
115 }
116
117 /// Checks if an escaping origin holds a placeholder loan, indicating a
118 /// missing [[clang::lifetimebound]] annotation or a violation of
119 /// [[clang::noescape]].
120 void checkAnnotations(const OriginEscapesFact *OEF) {
121 OriginID EscapedOID = OEF->getEscapedOriginID();
122 LoanSet EscapedLoans = LoanPropagation.getLoans(EscapedOID, OEF);
123 auto CheckParam = [&](const ParmVarDecl *PVD, bool IsMoved) {
124 // NoEscape param should not escape.
125 if (PVD->hasAttr<NoEscapeAttr>()) {
126 if (auto *ReturnEsc = dyn_cast<ReturnEscapeFact>(OEF))
127 NoescapeWarningsMap.try_emplace(PVD, ReturnEsc->getReturnExpr());
128 if (auto *FieldEsc = dyn_cast<FieldEscapeFact>(OEF))
129 NoescapeWarningsMap.try_emplace(PVD, FieldEsc->getFieldDecl());
130 if (auto *GlobalEsc = dyn_cast<GlobalEscapeFact>(OEF))
131 NoescapeWarningsMap.try_emplace(PVD, GlobalEsc->getGlobal());
132 return;
133 }
134 // Skip annotation suggestion for moved loans, as ownership transfer
135 // obscures the lifetime relationship (e.g., shared_ptr from unique_ptr).
136 if (IsMoved)
137 return;
138 if (PVD->hasAttr<LifetimeBoundAttr>()) {
139 // Track that this lifetimebound parameter correctly escapes
140 // (via return or via field assignment in a constructor).
141 if (isa<ReturnEscapeFact>(OEF) ||
142 (isa<FieldEscapeFact>(OEF) && isa<CXXConstructorDecl>(FD)))
143 VerifiedLiftimeboundEscapes.insert(PVD);
144 } else {
145 // Otherwise, suggest lifetimebound for parameter escaping through
146 // return or a field in constructor.
147 if (auto *ReturnEsc = dyn_cast<ReturnEscapeFact>(OEF))
148 AnnotationWarningsMap.try_emplace(PVD, ReturnEsc->getReturnExpr());
149 else if (auto *FieldEsc = dyn_cast<FieldEscapeFact>(OEF);
150 FieldEsc && isa<CXXConstructorDecl>(FD))
151 AnnotationWarningsMap.try_emplace(PVD, FieldEsc->getFieldDecl());
152 }
153 // TODO: Suggest lifetime_capture_by(this) for parameter escaping to a
154 // field!
155 };
156 auto CheckImplicitThis = [&](const CXXMethodDecl *MD) {
157 if (auto *ReturnEsc = dyn_cast<ReturnEscapeFact>(OEF)) {
158 if (implicitObjectParamIsLifetimeBound(MD))
159 VerifiedLiftimeboundEscapes.insert(MD);
160 else
161 AnnotationWarningsMap.try_emplace(MD, ReturnEsc->getReturnExpr());
162 }
163 };
164 auto MovedAtEscape = MovedLoans.getMovedLoans(OEF);
165 for (LoanID LID : EscapedLoans) {
166 const Loan *L = FactMgr.getLoanMgr().getLoan(LID);
167 const AccessPath &AP = L->getAccessPath();
168 if (const auto *PVD = AP.getAsPlaceholderParam())
169 CheckParam(PVD, /*IsMoved=*/MovedAtEscape.lookup(LID));
170 else if (const auto *MD = AP.getAsPlaceholderThis())
171 CheckImplicitThis(MD);
172 }
173 }
174
175 /// Checks for use-after-free & use-after-return errors when an access path
176 /// expires (e.g., a variable goes out of scope).
177 ///
178 /// When a path expires, all loans having this path expires.
179 /// This method examines all live origins and reports warnings for loans they
180 /// hold that are prefixed by the expired path.
181 void checkExpiry(const ExpireFact *EF) {
182 const AccessPath &ExpiredPath = EF->getAccessPath();
183 LivenessMap Origins = LiveOrigins.getLiveOriginsAt(EF);
184 for (auto &[OID, LiveInfo] : Origins) {
185 LoanSet HeldLoans = LoanPropagation.getLoans(OID, EF);
186 for (LoanID HeldLoanID : HeldLoans) {
187 const Loan *HeldLoan = FactMgr.getLoanMgr().getLoan(HeldLoanID);
188 if (ExpiredPath != HeldLoan->getAccessPath())
189 continue;
190 // HeldLoan is expired because its AccessPath is expired.
191 PendingWarning &CurWarning = FinalWarningsMap[HeldLoan->getID()];
192 const Expr *MovedExpr = nullptr;
193 if (auto *ME = MovedLoans.getMovedLoans(EF).lookup(HeldLoanID))
194 MovedExpr = *ME;
195 // Skip if we already have a dominating causing fact.
196 if (CurWarning.CausingFactDominatesExpiry)
197 continue;
198 if (causingFactDominatesExpiry(LiveInfo.Kind))
199 CurWarning.CausingFactDominatesExpiry = true;
200 CurWarning.CausingFact = LiveInfo.CausingFact;
201 CurWarning.ExpiryLoc = EF->getExpiryLoc();
202 CurWarning.MovedExpr = MovedExpr;
203 CurWarning.InvalidatedByExpr = nullptr;
204 }
205 }
206 }
207
208 /// Checks for use-after-invalidation errors when a container is modified.
209 ///
210 /// This method identifies origins that are live at the point of invalidation
211 /// and checks if they hold loans that are invalidated by the operation
212 /// (e.g., iterators into a vector that is being pushed to).
213 void checkInvalidation(const InvalidateOriginFact *IOF) {
214 OriginID InvalidatedOrigin = IOF->getInvalidatedOrigin();
215 /// Get loans directly pointing to the invalidated container
216 LoanSet DirectlyInvalidatedLoans =
217 LoanPropagation.getLoans(InvalidatedOrigin, IOF);
218 auto IsInvalidated = [&](const Loan *L) {
219 for (LoanID InvalidID : DirectlyInvalidatedLoans) {
220 const Loan *InvalidL = FactMgr.getLoanMgr().getLoan(InvalidID);
221 if (InvalidL->getAccessPath() == L->getAccessPath())
222 return true;
223 }
224 return false;
225 };
226 // For each live origin, check if it holds an invalidated loan and report.
227 LivenessMap Origins = LiveOrigins.getLiveOriginsAt(IOF);
228 for (auto &[OID, LiveInfo] : Origins) {
229 LoanSet HeldLoans = LoanPropagation.getLoans(OID, IOF);
230 for (LoanID LiveLoanID : HeldLoans)
231 if (IsInvalidated(FactMgr.getLoanMgr().getLoan(LiveLoanID))) {
232 bool CurDomination = causingFactDominatesExpiry(LiveInfo.Kind);
233 bool LastDomination =
234 FinalWarningsMap.lookup(LiveLoanID).CausingFactDominatesExpiry;
235 if (!LastDomination) {
236 FinalWarningsMap[LiveLoanID] = {
237 /*ExpiryLoc=*/{},
238 /*CausingFact=*/LiveInfo.CausingFact,
239 /*MovedExpr=*/nullptr,
240 /*InvalidatedByExpr=*/IOF->getInvalidationExpr(),
241 /*CausingFactDominatesExpiry=*/CurDomination};
242 }
243 }
244 }
245 }
246
247 void issuePendingWarnings() {
248 if (!SemaHelper)
249 return;
250 for (const auto &[LID, Warning] : FinalWarningsMap) {
251 const Loan *L = FactMgr.getLoanMgr().getLoan(LID);
252 const Expr *IssueExpr = L->getIssuingExpr();
253 llvm::PointerUnion<const UseFact *, const OriginEscapesFact *>
254 CausingFact = Warning.CausingFact;
255 const ParmVarDecl *InvalidatedPVD =
256 L->getAccessPath().getAsPlaceholderParam();
257 const Expr *MovedExpr = Warning.MovedExpr;
258 SourceLocation ExpiryLoc = Warning.ExpiryLoc;
259
260 if (const auto *UF = CausingFact.dyn_cast<const UseFact *>()) {
261 if (Warning.InvalidatedByExpr) {
262 if (IssueExpr)
263 // Use-after-invalidation of an object on stack.
264 SemaHelper->reportUseAfterInvalidation(IssueExpr, UF->getUseExpr(),
265 Warning.InvalidatedByExpr);
266 else if (InvalidatedPVD)
267 // Use-after-invalidation of a parameter.
268 SemaHelper->reportUseAfterInvalidation(
269 InvalidatedPVD, UF->getUseExpr(), Warning.InvalidatedByExpr);
270
271 } else
272 // Scope-based expiry (use-after-scope).
273 SemaHelper->reportUseAfterScope(
274 IssueExpr, UF->getUseExpr(), MovedExpr, ExpiryLoc,
275 getExprChain(LoanPropagation.buildOriginFlowChain(UF, LID)));
276
277 } else if (const auto *OEF =
278 CausingFact.dyn_cast<const OriginEscapesFact *>()) {
279 if (Warning.InvalidatedByExpr) {
280 if (const auto *FieldEscape = dyn_cast<FieldEscapeFact>(OEF)) {
281 // Invalidated object escapes to a field.
282 if (IssueExpr)
283 // Invalidated object on stack escapes to a field.
284 SemaHelper->reportInvalidatedField(IssueExpr,
285 FieldEscape->getFieldDecl(),
286 Warning.InvalidatedByExpr);
287 else if (InvalidatedPVD)
288 // Invalidated parameter escapes to a field.
289 SemaHelper->reportInvalidatedField(InvalidatedPVD,
290 FieldEscape->getFieldDecl(),
291 Warning.InvalidatedByExpr);
292 } else if (const auto *GlobalEscape =
293 dyn_cast<GlobalEscapeFact>(OEF)) {
294 // Invalidated object escapes to global or static storage.
295 if (IssueExpr)
296 // Invalidated object on stack escapes to global or static
297 // storage.
298 SemaHelper->reportInvalidatedGlobal(IssueExpr,
299 GlobalEscape->getGlobal(),
300 Warning.InvalidatedByExpr);
301 else if (InvalidatedPVD)
302 // Invalidated parameter escapes to global or static storage.
303 SemaHelper->reportInvalidatedGlobal(InvalidatedPVD,
304 GlobalEscape->getGlobal(),
305 Warning.InvalidatedByExpr);
306 } else if (isa<ReturnEscapeFact>(OEF)) {
307 // FIXME: Diagnose invalidated return escapes separately.
308 } else
309 llvm_unreachable("Unhandled OriginEscapesFact type");
310 } else if (const auto *RetEscape = dyn_cast<ReturnEscapeFact>(OEF))
311 // Return stack address.
312 SemaHelper->reportUseAfterReturn(
313 IssueExpr, RetEscape->getReturnExpr(), MovedExpr);
314 else if (const auto *FieldEscape = dyn_cast<FieldEscapeFact>(OEF))
315 // Dangling field.
316 SemaHelper->reportDanglingField(
317 IssueExpr, FieldEscape->getFieldDecl(), MovedExpr, ExpiryLoc);
318 else if (const auto *GlobalEscape = dyn_cast<GlobalEscapeFact>(OEF))
319 // Global escape.
320 SemaHelper->reportDanglingGlobal(IssueExpr, GlobalEscape->getGlobal(),
321 MovedExpr, ExpiryLoc);
322 else
323 llvm_unreachable("Unhandled OriginEscapesFact type");
324 } else
325 llvm_unreachable("Unhandled CausingFact type");
326 }
327 }
328
329 // Returns declarations that should be annotated with lifetime attributes
330 // in order to annotate FDef: the canonical declaration and the earliest
331 // redeclarations in each other file. This defines the placement policy for
332 // lifetime annotations. Each target is paired with its corresponding warning
333 // scope.
334 llvm::SmallVector<std::pair<const FunctionDecl *, WarningScope>, 2>
335 getTargetDeclsForAttr(const FunctionDecl *FDef) {
336 if (!FDef)
337 return {};
338
339 assert(FDef->isThisDeclarationADefinition() &&
340 "Expected FunctionDecl to be a definition");
341
342 const auto &SM = FDef->getASTContext().getSourceManager();
343
344 auto GetFile = [&SM](const FunctionDecl *FD) {
345 return SM.getFileID(SM.getExpansionLoc(FD->getLocation()));
346 };
347
348 const FileID DefFile = GetFile(FDef);
349 const FunctionDecl *CanonicalDecl = FDef->getCanonicalDecl();
350 llvm::SmallVector<std::pair<const FunctionDecl *, WarningScope>, 2> Targets{
351 {CanonicalDecl, GetFile(CanonicalDecl) == DefFile
352 ? WarningScope::IntraTU
353 : WarningScope::CrossTU}};
354
355 // Find the earliest redeclaration in each file other than the definition
356 // file.
357 auto AddCrossTUDecl = [&](const FunctionDecl *FD) {
358 FileID File = GetFile(FD);
359 if (File == DefFile)
360 return;
361 for (auto [SeenFD, _] : Targets)
362 if (GetFile(SeenFD) == File)
363 return;
364 Targets.push_back({FD, WarningScope::CrossTU});
365 };
366
367 // We iterate in reverse order (from most recent to oldest) to find
368 // the first declaration in each file.
369
370 // Store in temporary variable to manually extend lifetime
371 auto redecls = llvm::to_vector(FDef->redecls());
372
373 for (const FunctionDecl *Redecl : llvm::reverse(redecls))
374 AddCrossTUDecl(Redecl);
375
376 return Targets;
377 }
378
379 void suggestWithScopeForParmVar(const ParmVarDecl *PVD,
380 EscapingTarget EscapeTarget) {
381 if (llvm::isa<const VarDecl *>(EscapeTarget))
382 return;
383
384 for (auto [Decl, Scope] : getTargetDeclsForAttr(cast<FunctionDecl>(FD))) {
385 const auto *ParmToAnnotate =
386 Decl->getParamDecl(PVD->getFunctionScopeIndex());
387 SemaHelper->suggestLifetimeboundToParmVar(Scope, ParmToAnnotate,
388 EscapeTarget);
389 }
390 }
391
392 void suggestWithScopeForImplicitThis(const CXXMethodDecl *MD,
393 const Expr *EscapeExpr) {
394 for (auto [Decl, Scope] : getTargetDeclsForAttr(MD)) {
395 SemaHelper->suggestLifetimeboundToImplicitThis(
396 Scope, cast<CXXMethodDecl>(Decl), EscapeExpr);
397 }
398 }
399
400 void suggestAnnotations() {
401 if (!SemaHelper)
402 return;
403 if (!LSOpts.SuggestAnnotations)
404 return;
405 llvm::TimeTraceScope TimeTrace("SuggestAnnotations");
406 for (auto [Target, EscapeTarget] : AnnotationWarningsMap) {
407 if (const auto *PVD = Target.dyn_cast<const ParmVarDecl *>())
408 suggestWithScopeForParmVar(PVD, EscapeTarget);
409 else if (const auto *MD = Target.dyn_cast<const CXXMethodDecl *>()) {
410 if (const auto *EscapeExpr = EscapeTarget.dyn_cast<const Expr *>())
411 suggestWithScopeForImplicitThis(MD, EscapeExpr);
412 else
413 llvm_unreachable("Implicit this can only escape via Expr (return)");
414 }
415 }
416 }
417
418 void reportNoescapeViolations() {
419 for (auto [PVD, EscapeTarget] : NoescapeWarningsMap) {
420 if (const auto *E = EscapeTarget.dyn_cast<const Expr *>())
421 SemaHelper->reportNoescapeViolation(PVD, E);
422 else if (const auto *FD = EscapeTarget.dyn_cast<const FieldDecl *>())
423 SemaHelper->reportNoescapeViolation(PVD, FD);
424 else if (const auto *G = EscapeTarget.dyn_cast<const VarDecl *>())
425 SemaHelper->reportNoescapeViolation(PVD, G);
426 else
427 llvm_unreachable("Unhandled EscapingTarget type");
428 }
429 }
430
431 void reportLifetimeboundViolations() {
432 if (!isa<FunctionDecl>(FD))
433 return;
434 if (const auto *MD = dyn_cast<CXXMethodDecl>(FD);
435 MD && getImplicitObjectParamLifetimeBoundAttr(MD) &&
436 !VerifiedLiftimeboundEscapes.contains(MD))
437 SemaHelper->reportLifetimeboundViolation(MD);
438 for (const ParmVarDecl *PVD : cast<FunctionDecl>(FD)->parameters()) {
439 if (!PVD->hasAttr<LifetimeBoundAttr>())
440 continue;
441 bool isImplicit = PVD->getAttr<LifetimeBoundAttr>()->isImplicit();
442 bool Escapes = VerifiedLiftimeboundEscapes.contains(PVD);
443 assert((!isImplicit || Escapes || isInStlNamespace(FD)) &&
444 "Implicit lifetimebound parameters "
445 "should escape through return");
446 if (!isImplicit && !Escapes)
447 SemaHelper->reportLifetimeboundViolation(PVD);
448 }
449 }
450
451 // Reports lifetimebound attributes that are placed on a function definition
452 // but not on the corresponding declaration.
453 void reportMisplacedLifetimebound() {
454 const FunctionDecl *FDef = dyn_cast<FunctionDecl>(FD);
455 if (!FDef)
456 return;
457
458 auto TargetDecls = getTargetDeclsForAttr(FDef);
459 // Check if implicit 'this' has lifetimebound on definition but not on
460 // declaration.
461 if (const auto *MDef = dyn_cast<CXXMethodDecl>(FDef);
462 MDef && getDirectImplicitObjectLifetimeBoundAttr(MDef))
463 for (auto [Decl, Scope] : TargetDecls) {
464 const auto *MDecl = cast<CXXMethodDecl>(Decl);
465 if (!getDirectImplicitObjectLifetimeBoundAttr(MDecl))
466 SemaHelper->reportMisplacedLifetimebound(Scope, MDef, MDecl);
467 }
468
469 // Check each parameter for explicit lifetimebound on definition but not on
470 // declaration.
471 for (const auto *PDef : FDef->parameters()) {
472 const auto *Attr = PDef->getAttr<LifetimeBoundAttr>();
473 if (!Attr || Attr->isImplicit())
474 continue;
475 for (auto [Decl, Scope] : TargetDecls) {
476 const auto *PDecl = Decl->getParamDecl(PDef->getFunctionScopeIndex());
477 if (!PDecl->hasAttr<LifetimeBoundAttr>())
478 SemaHelper->reportMisplacedLifetimebound(Scope, PDef, PDecl);
479 }
480 }
481 }
482
483 void reportInapplicableLifetimebound() {
484 const auto *FDef = dyn_cast<FunctionDecl>(FD);
485 if (!FDef)
486 return;
487
488 // If analyzed function is a template definition or an implicit
489 // instantiation, skip.
490 if (FDef->getTemplatedKind() == FunctionDecl::TK_FunctionTemplate ||
491 FDef->getTemplateSpecializationKind() == TSK_ImplicitInstantiation)
492 return;
493
494 for (const auto &PVD : FDef->parameters())
495 if (PVD->hasAttr<LifetimeBoundAttr>() &&
496 !FactMgr.getOriginMgr().hasOrigins(PVD->getType(),
497 /*IntrinsicOnly=*/true))
498 SemaHelper->reportInapplicableLifetimebound(PVD);
499 }
500
501 void inferAnnotations() {
502 for (auto [Target, EscapeTarget] : AnnotationWarningsMap) {
503 if (const auto *MD = Target.dyn_cast<const CXXMethodDecl *>()) {
504 if (!implicitObjectParamIsLifetimeBound(MD))
505 SemaHelper->addLifetimeBoundToImplicitThis(cast<CXXMethodDecl>(MD));
506 } else if (const auto *PVD = Target.dyn_cast<const ParmVarDecl *>()) {
507 const auto *FD = dyn_cast<FunctionDecl>(PVD->getDeclContext());
508 if (!FD)
509 continue;
510 // Propagates inferred attributes via the most recent declaration to
511 // ensure visibility for callers in post-order analysis.
512 FD = getDeclWithMergedLifetimeBoundAttrs(FD);
513 ParmVarDecl *InferredPVD = const_cast<ParmVarDecl *>(
514 FD->getParamDecl(PVD->getFunctionScopeIndex()));
515 if (!InferredPVD->hasAttr<LifetimeBoundAttr>())
516 InferredPVD->addAttr(
517 LifetimeBoundAttr::CreateImplicit(AST, PVD->getLocation()));
518 }
519 }
520 }
521
522 /// Extract expressions from the origin flow chain for diagnostic purposes.
523 ///
524 /// Given a chain of origins that shows how a loan propagates, this function
525 /// extracts the corresponding expressions for each origin. Origins that refer
526 /// to declarations (rather than expressions) are skipped.
527 llvm::SmallVector<const Expr *>
528 getExprChain(llvm::ArrayRef<OriginID> OriginFlowChain) {
529 llvm::SmallVector<const Expr *> rs;
530 for (const OriginID CurrOID : OriginFlowChain)
531 if (const Expr *CurrExpr =
532 FactMgr.getOriginMgr().getOrigin(CurrOID).getExpr())
533 rs.push_back(CurrExpr);
534 return rs;
535 }
536};
537} // namespace
538
539void runLifetimeChecker(const LoanPropagationAnalysis &LP,
540 const MovedLoansAnalysis &MovedLoans,
541 const LiveOriginsAnalysis &LO, FactManager &FactMgr,
542 AnalysisDeclContext &ADC,
543 LifetimeSafetySemaHelper *SemaHelper,
544 const LifetimeSafetyOpts &LSOpts) {
545 llvm::TimeTraceScope TimeProfile("LifetimeChecker");
546 LifetimeChecker Checker(LP, MovedLoans, LO, FactMgr, ADC, SemaHelper, LSOpts);
547}
548
549} // namespace clang::lifetimes::internal
AnalysisDeclContext.h
This file defines AnalysisDeclContext, a class that manages the analysis context data for context sen...
SM
#define SM(sm)
Definition OffloadArch.cpp:24
SourceLocation.h
Defines the clang::SourceLocation class and associated facilities.
SourceManager.h
Defines the SourceManager interface.
clang::ASTContext
Holds long-lived AST nodes (such as types and decls) that can be referred to throughout the semantic ...
Definition ASTContext.h:223
clang::AnalysisDeclContext
AnalysisDeclContext contains the context data for the function, method or block under analysis.
Definition AnalysisDeclContext.h:70
clang::Decl
Decl - This represents one declaration (or definition), e.g.
Definition DeclBase.h:86
clang::Expr
This represents one expression.
Definition Expr.h:112
clang::SourceLocation
Encodes a location in the source.
Definition SourceLocation.h:94
clang::lifetimes::LifetimeSafetySemaHelper
Abstract interface for operations requiring Sema access.
Definition LifetimeSafety.h:62
clang::lifetimes::LifetimeSafetySemaHelper::EscapingTarget
llvm::PointerUnion< const Expr *, const FieldDecl *, const VarDecl * > EscapingTarget
Definition LifetimeSafety.h:107
clang::lifetimes::internal::LoanSet
llvm::ImmutableSet< LoanID > LoanSet
Definition LoanPropagation.h:29
clang::lifetimes::internal::LoanID
utils::ID< struct LoanTag > LoanID
Definition Loans.h:25
clang::lifetimes::internal::OriginID
utils::ID< struct OriginTag > OriginID
Definition Origins.h:28
clang::lifetimes::internal::causingFactDominatesExpiry
static bool causingFactDominatesExpiry(LivenessKind K)
Definition Checker.cpp:32
clang::lifetimes::internal::runLifetimeChecker
void runLifetimeChecker(const LoanPropagationAnalysis &LoanPropagation, const MovedLoansAnalysis &MovedLoans, const LiveOriginsAnalysis &LiveOrigins, FactManager &FactMgr, AnalysisDeclContext &ADC, LifetimeSafetySemaHelper *SemaHelper, const LifetimeSafetyOpts &LSOpts)
Runs the lifetime checker, which detects use-after-free errors by examining loan expiration points an...
Definition Checker.cpp:539
clang::lifetimes::internal::LivenessMap
llvm::ImmutableMap< OriginID, LivenessInfo > LivenessMap
Definition LiveOrigins.h:76
clang::lifetimes::getDirectImplicitObjectLifetimeBoundAttr
const LifetimeBoundAttr * getDirectImplicitObjectLifetimeBoundAttr(const FunctionDecl *FD)
Definition LifetimeAnnotations.cpp:76
clang::lifetimes::implicitObjectParamIsLifetimeBound
bool implicitObjectParamIsLifetimeBound(const FunctionDecl *FD)
Definition LifetimeAnnotations.cpp:102
clang::lifetimes::getImplicitObjectParamLifetimeBoundAttr
const LifetimeBoundAttr * getImplicitObjectParamLifetimeBoundAttr(const FunctionDecl *FD)
Definition LifetimeAnnotations.cpp:84
clang::lifetimes::getDeclWithMergedLifetimeBoundAttrs
const FunctionDecl * getDeclWithMergedLifetimeBoundAttrs(const FunctionDecl *FD)
Definition LifetimeAnnotations.cpp:22
clang::lifetimes::isInStlNamespace
bool isInStlNamespace(const Decl *D)
Definition LifetimeAnnotations.cpp:108
clang::modulemap::Decl
std::variant< struct RequiresDecl, struct HeaderDecl, struct UmbrellaDirDecl, struct ModuleDecl, struct ExcludeDecl, struct ExportDecl, struct ExportAsDecl, struct ExternModuleDecl, struct UseDecl, struct LinkDecl, struct ConfigMacrosDecl, struct ConflictDecl > Decl
All declarations that can appear in a module declaration.
Definition ModuleMapFile.h:32
clang::isa
bool isa(CodeGen::Address addr)
Definition Address.h:330
clang::if
if(T->getSizeExpr()) TRY_TO(TraverseStmt(const_cast< Expr * >(T -> getSizeExpr())))
clang::for
for(const auto &A :T->param_types())
Definition RecursiveASTVisitor.h:1099
clang::TSK_ImplicitInstantiation
@ TSK_ImplicitInstantiation
This template specialization was implicitly instantiated from a template.
Definition Specifiers.h:195
clang::cast
U cast(CodeGen::Address addr)
Definition Address.h:327
Generated on for clang by doxygen 1.14.0