clang 23.0.0git
ForwardDeclChecker.cpp
Go to the documentation of this file.
1//=======- ForwardDeclChecker.cpp --------------------------------*- C++ -*-==//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "ASTUtils.h"
10#include "DiagOutputUtils.h"
11#include "PtrTypesSemantics.h"
12#include "clang/AST/Decl.h"
13#include "clang/AST/DeclCXX.h"
14#include "clang/AST/RecursiveASTVisitor.h"
15#include "clang/Analysis/DomainSpecific/CocoaConventions.h"
16#include "clang/Basic/SourceLocation.h"
17#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
18#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
19#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
20#include "clang/StaticAnalyzer/Core/Checker.h"
21#include "llvm/ADT/DenseSet.h"
22#include "llvm/Support/SaveAndRestore.h"
23
24using namespace clang;
25using namespace ento;
26
27namespace {
28
29class ForwardDeclChecker : public Checker<check::ASTDecl<TranslationUnitDecl>> {
30 BugType Bug;
31 mutable BugReporter *BR = nullptr;
32 mutable RetainTypeChecker RTC;
33 mutable llvm::DenseSet<const Type *> SystemTypes;
34
35public:
36 ForwardDeclChecker()
37 : Bug(this, "Forward declared member or local variable or parameter",
38 "WebKit coding guidelines") {}
39
40 void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
41 BugReporter &BRArg) const {
42 BR = &BRArg;
43
44 // The calls to checkAST* from AnalysisConsumer don't
45 // visit template instantiations or lambda classes. We
46 // want to visit those, so we make our own RecursiveASTVisitor.
47 struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
48 using Base = RecursiveASTVisitor<LocalVisitor>;
49
50 const ForwardDeclChecker *Checker;
51 Decl *DeclWithIssue{nullptr};
52
53 explicit LocalVisitor(const ForwardDeclChecker *Checker)
54 : Checker(Checker) {
55 assert(Checker);
56 }
57
58 bool shouldVisitTemplateInstantiations() const { return true; }
59 bool shouldVisitImplicitCode() const { return false; }
60
61 bool VisitTypedefDecl(TypedefDecl *TD) {
62 Checker->visitTypedef(TD);
63 return true;
64 }
65
66 bool VisitRecordDecl(const RecordDecl *RD) {
67 Checker->visitRecordDecl(RD, DeclWithIssue);
68 return true;
69 }
70
71 bool TraverseDecl(Decl *D) {
72 llvm::SaveAndRestore SavedDecl(DeclWithIssue);
73 if (D && (isa<FunctionDecl>(D) || isa<ObjCMethodDecl>(D)))
74 DeclWithIssue = D;
75 return Base::TraverseDecl(D);
76 }
77
78 bool VisitVarDecl(VarDecl *V) {
79 if (V->isLocalVarDecl())
80 Checker->visitVarDecl(V, DeclWithIssue);
81 return true;
82 }
83
84 bool VisitCallExpr(const CallExpr *CE) {
85 Checker->visitCallExpr(CE, DeclWithIssue);
86 return true;
87 }
88
89 bool VisitCXXConstructExpr(const CXXConstructExpr *CE) {
90 Checker->visitConstructExpr(CE, DeclWithIssue);
91 return true;
92 }
93
94 bool VisitObjCMessageExpr(const ObjCMessageExpr *ObjCMsgExpr) {
95 Checker->visitObjCMessageExpr(ObjCMsgExpr, DeclWithIssue);
96 return true;
97 }
98 };
99
100 LocalVisitor visitor(this);
101 RTC.visitTranslationUnitDecl(TUD);
102 visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
103 }
104
105 void visitTypedef(const TypedefDecl *TD) const {
106 RTC.visitTypedef(TD);
107 auto QT = TD->getUnderlyingType().getCanonicalType();
108 assert(BR && "expected nonnull BugReporter");
109 if (BR->getSourceManager().isInSystemHeader(TD->getBeginLoc())) {
110 if (auto *Type = QT.getTypePtrOrNull())
111 SystemTypes.insert(Type);
112 }
113 }
114
115 bool isUnknownType(QualType QT) const {
116 auto *CanonicalType = QT.getCanonicalType().getTypePtrOrNull();
117 if (!CanonicalType)
118 return false;
119 auto PointeeQT = CanonicalType->getPointeeType();
120 auto *PointeeType = PointeeQT.getTypePtrOrNull();
121 if (!PointeeType)
122 return false;
123 auto *R = PointeeType->getAsCXXRecordDecl();
124 if (!R) // Forward declaration of a Objective-C interface is safe.
125 return false;
126 auto Name = R->getName();
127 if (R->hasDefinition())
128 return false;
129 // Find a definition amongst template declarations.
130 if (auto *Specialization = dyn_cast<ClassTemplateSpecializationDecl>(R)) {
131 if (auto *S = Specialization->getSpecializedTemplate()) {
132 for (S = S->getMostRecentDecl(); S; S = S->getPreviousDecl()) {
133 if (S->isThisDeclarationADefinition())
134 return false;
135 }
136 }
137 }
138 return !RTC.isUnretained(QT) && !SystemTypes.contains(CanonicalType) &&
139 !SystemTypes.contains(PointeeType) && !Name.starts_with("Opaque") &&
140 Name != "_NSZone";
141 }
142
143 void visitRecordDecl(const RecordDecl *RD, const Decl *DeclWithIssue) const {
144 if (!RD->isThisDeclarationADefinition())
145 return;
146
147 if (RD->isImplicit() || RD->isLambda())
148 return;
149
150 const auto RDLocation = RD->getLocation();
151 if (!RDLocation.isValid())
152 return;
153
154 const auto Kind = RD->getTagKind();
155 if (Kind != TagTypeKind::Struct && Kind != TagTypeKind::Class)
156 return;
157
158 assert(BR && "expected nonnull BugReporter");
159 if (BR->getSourceManager().isInSystemHeader(RDLocation))
160 return;
161
162 // Ref-counted smartpointers actually have raw-pointer to uncounted type as
163 // a member but we trust them to handle it correctly.
164 auto R = llvm::dyn_cast_or_null<CXXRecordDecl>(RD);
165 if (!R || isRefCounted(R) || isCheckedPtr(R) || isRetainPtrOrOSPtr(R))
166 return;
167
168 for (auto *Member : RD->fields()) {
169 auto QT = Member->getType();
170 if (isUnknownType(QT)) {
171 SmallString<100> Buf;
172 llvm::raw_svector_ostream Os(Buf);
173
174 const std::string TypeName = QT.getAsString();
175 Os << "Member variable ";
176 printQuotedName(Os, Member);
177 Os << " uses a forward declared type '" << TypeName << "'";
178
179 const SourceLocation SrcLocToReport = Member->getBeginLoc();
180 PathDiagnosticLocation BSLoc(SrcLocToReport, BR->getSourceManager());
181 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
182 Report->addRange(Member->getSourceRange());
183 Report->setDeclWithIssue(DeclWithIssue);
184 BR->emitReport(std::move(Report));
185 }
186 }
187 }
188
189 void visitVarDecl(const VarDecl *V, const Decl *DeclWithIssue) const {
190 assert(BR && "expected nonnull BugReporter");
191 if (BR->getSourceManager().isInSystemHeader(V->getBeginLoc()))
192 return;
193
194 auto QT = V->getType();
195 if (!isUnknownType(QT))
196 return;
197
198 SmallString<100> Buf;
199 llvm::raw_svector_ostream Os(Buf);
200 Os << "Local variable ";
201 printQuotedQualifiedName(Os, V);
202
203 reportBug(V->getBeginLoc(), V->getSourceRange(), DeclWithIssue, Os.str(),
204 QT);
205 }
206
207 void visitCallExpr(const CallExpr *CE, const Decl *DeclWithIssue) const {
208 assert(BR && "expected nonnull BugReporter");
209 if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
210 return;
211
212 if (auto *F = CE->getDirectCallee()) {
213 // Skip the first argument for overloaded member operators (e. g. lambda
214 // or std::function call operator).
215 unsigned ArgIdx = isa<CXXOperatorCallExpr>(CE) && isa<CXXMethodDecl>(F);
216
217 for (auto P = F->param_begin();
218 P < F->param_end() && ArgIdx < CE->getNumArgs(); ++P, ++ArgIdx)
219 visitCallArg(CE->getArg(ArgIdx), *P, DeclWithIssue);
220 }
221 }
222
223 void visitConstructExpr(const CXXConstructExpr *CE,
224 const Decl *DeclWithIssue) const {
225 assert(BR && "expected nonnull BugReporter");
226 if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
227 return;
228
229 if (const CXXMethodDecl *F = CE->getConstructor()) {
230 unsigned ArgIdx = 0;
231 for (auto P = F->param_begin();
232 P < F->param_end() && ArgIdx < CE->getNumArgs(); ++P, ++ArgIdx)
233 visitCallArg(CE->getArg(ArgIdx), *P, DeclWithIssue);
234 }
235 }
236
237 void visitObjCMessageExpr(const ObjCMessageExpr *E,
238 const Decl *DeclWithIssue) const {
239 assert(BR && "expected nonnull BugReporter");
240 if (BR->getSourceManager().isInSystemHeader(E->getExprLoc()))
241 return;
242
243 if (auto *Receiver = E->getInstanceReceiver()) {
244 Receiver = Receiver->IgnoreParenCasts();
245 if (isUnknownType(E->getReceiverType()))
246 reportUnknownReceiverType(Receiver, DeclWithIssue);
247 }
248
249 auto *MethodDecl = E->getMethodDecl();
250 if (!MethodDecl)
251 return;
252
253 auto ArgCount = E->getNumArgs();
254 for (unsigned i = 0; i < ArgCount && i < MethodDecl->param_size(); ++i)
255 visitCallArg(E->getArg(i), MethodDecl->getParamDecl(i), DeclWithIssue);
256 }
257
258 void visitCallArg(const Expr *Arg, const ParmVarDecl *Param,
259 const Decl *DeclWithIssue) const {
260 auto *ArgExpr = Arg->IgnoreParenCasts();
261 while (ArgExpr) {
262 ArgExpr = ArgExpr->IgnoreParenCasts();
263 if (auto *InnerCE = dyn_cast<CallExpr>(ArgExpr)) {
264 if (auto *InnerCallee = InnerCE->getDirectCallee()) {
265 if (isStdOrWTFMove(InnerCallee) && InnerCE->getNumArgs() == 1) {
266 ArgExpr = InnerCE->getArg(0);
267 continue;
268 }
269 }
270 }
271 if (auto *UO = dyn_cast<UnaryOperator>(ArgExpr)) {
272 auto OpCode = UO->getOpcode();
273 if (OpCode == UO_Deref || OpCode == UO_AddrOf) {
274 ArgExpr = UO->getSubExpr();
275 continue;
276 }
277 }
278 break;
279 }
280
281 if (auto *MemberCallExpr = dyn_cast<CXXMemberCallExpr>(ArgExpr)) {
282 if (isOwnerPtrType(MemberCallExpr->getObjectType()))
283 return;
284 }
285
286 if (auto *OpCE = dyn_cast<CXXOperatorCallExpr>(ArgExpr)) {
287 auto *Method = dyn_cast_or_null<CXXMethodDecl>(OpCE->getDirectCallee());
288 if (Method && isOwnerPtr(safeGetName(Method->getParent()))) {
289 if (OpCE->getOperator() == OO_Star && OpCE->getNumArgs() == 1)
290 return;
291 }
292 }
293
294 if (isNullPtr(ArgExpr) || isa<IntegerLiteral>(ArgExpr) ||
295 isa<CXXDefaultArgExpr>(ArgExpr))
296 return;
297
298 if (auto *DRE = dyn_cast<DeclRefExpr>(ArgExpr)) {
299 if (auto *ValDecl = DRE->getDecl()) {
300 if (isa<ParmVarDecl>(ValDecl))
301 return;
302 }
303 }
304
305 QualType ArgType = Param->getType();
306 if (!isUnknownType(ArgType))
307 return;
308
309 reportUnknownArgType(Arg, Param, DeclWithIssue);
310 }
311
312 void reportUnknownArgType(const Expr *CA, const ParmVarDecl *Param,
313 const Decl *DeclWithIssue) const {
314 assert(CA);
315
316 SmallString<100> Buf;
317 llvm::raw_svector_ostream Os(Buf);
318
319 const std::string paramName = safeGetName(Param);
320 Os << "Call argument";
321 if (!paramName.empty()) {
322 Os << " for parameter ";
323 printQuotedQualifiedName(Os, Param);
324 }
325
326 reportBug(CA->getExprLoc(), CA->getSourceRange(), DeclWithIssue, Os.str(),
327 Param->getType());
328 }
329
330 void reportUnknownReceiverType(const Expr *Receiver,
331 const Decl *DeclWithIssue) const {
332 assert(Receiver);
333 reportBug(Receiver->getExprLoc(), Receiver->getSourceRange(), DeclWithIssue,
334 "Receiver", Receiver->getType());
335 }
336
337 void reportBug(const SourceLocation &SrcLoc, const SourceRange &SrcRange,
338 const Decl *DeclWithIssue, const StringRef &Description,
339 QualType Type) const {
340 SmallString<100> Buf;
341 llvm::raw_svector_ostream Os(Buf);
342
343 const std::string TypeName = Type.getAsString();
344 Os << Description << " uses a forward declared type '" << TypeName << "'";
345
346 assert(BR && "expected nonnull BugReporter");
347 PathDiagnosticLocation BSLoc(SrcLoc, BR->getSourceManager());
348 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
349 Report->addRange(SrcRange);
350 Report->setDeclWithIssue(DeclWithIssue);
351 BR->emitReport(std::move(Report));
352 }
353};
354
355} // namespace
356
357void ento::registerForwardDeclChecker(CheckerManager &Mgr) {
358 Mgr.registerChecker<ForwardDeclChecker>();
359}
360
361bool ento::shouldRegisterForwardDeclChecker(const CheckerManager &) {
362 return true;
363}
V
#define V(N, I)
Definition ASTContext.h:3727
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
SourceLocation.h
Defines the clang::SourceLocation class and associated facilities.
clang::CXXConstructExpr::getArg
Expr * getArg(unsigned Arg)
Return the specified argument.
Definition ExprCXX.h:1695
clang::CXXConstructExpr::getConstructor
CXXConstructorDecl * getConstructor() const
Get the constructor that this expression will (ultimately) call.
Definition ExprCXX.h:1615
clang::CallExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition Expr.h:3150
clang::CallExpr::getDirectCallee
FunctionDecl * getDirectCallee()
If the callee is a FunctionDecl, return it. Otherwise return null.
Definition Expr.h:3129
clang::Decl::isImplicit
bool isImplicit() const
isImplicit - Indicates whether the declaration was implicitly generated by the implementation.
Definition DeclBase.h:601
clang::Decl::getLocation
SourceLocation getLocation() const
Definition DeclBase.h:447
clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition Expr.cpp:3102
clang::Expr::getExprLoc
SourceLocation getExprLoc() const LLVM_READONLY
getExprLoc - Return the preferred location for the arrow when diagnosing a problem with a generic exp...
Definition Expr.cpp:282
clang::Expr::getType
QualType getType() const
Definition Expr.h:144
clang::ObjCMessageExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition ExprObjC.h:1434
clang::ObjCMessageExpr::getInstanceReceiver
Expr * getInstanceReceiver()
Returns the object expression (receiver) for an instance message, or null for a message that is not a...
Definition ExprObjC.h:1299
clang::ObjCMessageExpr::getMethodDecl
const ObjCMethodDecl * getMethodDecl() const
Definition ExprObjC.h:1395
clang::ObjCMessageExpr::getReceiverType
QualType getReceiverType() const
Retrieve the receiver type to which this message is being directed.
Definition ExprObjC.cpp:308
clang::ObjCMessageExpr::getNumArgs
unsigned getNumArgs() const
Return the number of actual arguments in this message, not counting the receiver.
Definition ExprObjC.h:1421
clang::QualType::getCanonicalType
QualType getCanonicalType() const
Definition TypeBase.h:8497
clang::QualType::getTypePtrOrNull
const Type * getTypePtrOrNull() const
Definition TypeBase.h:8449
clang::QualType::getAsString
static std::string getAsString(SplitQualType split, const PrintingPolicy &Policy)
Definition TypeBase.h:1347
clang::RecordDecl::isLambda
bool isLambda() const
Determine whether this record is a class describing a lambda function object.
Definition Decl.cpp:5240
clang::RecordDecl::fields
field_range fields() const
Definition Decl.h:4550
clang::Stmt::getSourceRange
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Definition Stmt.cpp:343
clang::TagDecl::isThisDeclarationADefinition
bool isThisDeclarationADefinition() const
Return true if this declaration is a completion definition of the type.
Definition Decl.h:3835
clang::TagDecl::getTagKind
TagKind getTagKind() const
Definition Decl.h:3939
clang::TypeDecl::getBeginLoc
SourceLocation getBeginLoc() const LLVM_READONLY
Definition Decl.h:3569
clang::Type::getPointeeType
QualType getPointeeType() const
If this is a pointer, ObjC object pointer, or block pointer, this returns the respective pointee.
Definition Type.cpp:789
clang::TypedefNameDecl::getUnderlyingType
QualType getUnderlyingType() const
Definition Decl.h:3639
clang::ValueDecl::getType
QualType getType() const
Definition Decl.h:723
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&...Args)
Register a single-part checker (derived from Checker): construct its singleton instance,...
Definition CheckerManager.h:217
clang::ento::Checker
Simple checker classes that implement one frontend (i.e.
Definition Checker.h:550
clang::modulemap::Decl
std::variant< struct RequiresDecl, struct HeaderDecl, struct UmbrellaDirDecl, struct ModuleDecl, struct ExcludeDecl, struct ExportDecl, struct ExportAsDecl, struct ExternModuleDecl, struct UseDecl, struct LinkDecl, struct ConfigMacrosDecl, struct ConflictDecl > Decl
All declarations that can appear in a module declaration.
Definition ModuleMapFile.h:32
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17
clang::isa
bool isa(CodeGen::Address addr)
Definition Address.h:330
clang::TemplateSubstitutionKind::Specialization
@ Specialization
We are substituting template parameters for template arguments in order to form a template specializa...
Definition Template.h:50
clang::printQuotedQualifiedName
void printQuotedQualifiedName(llvm::raw_ostream &Os, const NamedDeclDerivedT &D)
Definition DiagOutputUtils.h:18
clang::printQuotedName
void printQuotedName(llvm::raw_ostream &Os, const NamedDeclDerivedT &D)
Definition DiagOutputUtils.h:27
clang::isOwnerPtr
bool isOwnerPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:141
clang::isRefCounted
bool isRefCounted(const CXXRecordDecl *R)
Definition PtrTypesSemantics.cpp:386
clang::NameClassificationKind::Type
@ Type
The name was classified as a type.
Definition Sema.h:564
clang::isOwnerPtrType
bool isOwnerPtrType(const clang::QualType T)
Definition PtrTypesSemantics.cpp:237
clang::isRetainPtrOrOSPtr
bool isRetainPtrOrOSPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:132
clang::safeGetName
std::string safeGetName(const T *ASTNode)
Definition ASTUtils.h:95
clang::isNullPtr
bool isNullPtr(const clang::Expr *E)
Definition ASTUtils.cpp:285
clang::isCheckedPtr
bool isCheckedPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:137
clang::isStdOrWTFMove
bool isStdOrWTFMove(const clang::FunctionDecl *F)
Definition PtrTypesSemantics.cpp:200
Generated on for clang by doxygen 1.14.0