clang 22.0.0git
RetainPtrCtorAdoptChecker.cpp
Go to the documentation of this file.
1//=======- RetainPtrCtorAdoptChecker.cpp -------------------------*- C++ -*-==//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "ASTUtils.h"
10#include "PtrTypesSemantics.h"
11#include "clang/AST/RecursiveASTVisitor.h"
12#include "clang/Analysis/DomainSpecific/CocoaConventions.h"
13#include "clang/Analysis/RetainSummaryManager.h"
14#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
15#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
16#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
17#include "clang/StaticAnalyzer/Core/Checker.h"
18#include "llvm/ADT/DenseSet.h"
19#include <optional>
20
21using namespace clang;
22using namespace ento;
23
24namespace {
25
26class RetainPtrCtorAdoptChecker
27 : public Checker<check::ASTDecl<TranslationUnitDecl>> {
28private:
29 BugType Bug;
30 mutable BugReporter *BR = nullptr;
31 mutable std::unique_ptr<RetainSummaryManager> Summaries;
32 mutable llvm::DenseSet<const ValueDecl *> CreateOrCopyOutArguments;
33 mutable llvm::DenseSet<const Expr *> CreateOrCopyFnCall;
34 mutable RetainTypeChecker RTC;
35
36public:
37 RetainPtrCtorAdoptChecker()
38 : Bug(this, "Correct use of RetainPtr, adoptNS, and adoptCF",
39 "WebKit coding guidelines") {}
40
41 void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
42 BugReporter &BRArg) const {
43 BR = &BRArg;
44
45 // The calls to checkAST* from AnalysisConsumer don't
46 // visit template instantiations or lambda classes. We
47 // want to visit those, so we make our own RecursiveASTVisitor.
48 struct LocalVisitor : public RecursiveASTVisitor<LocalVisitor> {
49 const RetainPtrCtorAdoptChecker *Checker;
50 Decl *DeclWithIssue{nullptr};
51
52 using Base = RecursiveASTVisitor<LocalVisitor>;
53
54 explicit LocalVisitor(const RetainPtrCtorAdoptChecker *Checker)
55 : Checker(Checker) {
56 assert(Checker);
57 }
58
59 bool shouldVisitTemplateInstantiations() const { return true; }
60 bool shouldVisitImplicitCode() const { return false; }
61
62 bool TraverseDecl(Decl *D) {
63 llvm::SaveAndRestore SavedDecl(DeclWithIssue);
64 if (D && (isa<FunctionDecl>(D) || isa<ObjCMethodDecl>(D)))
65 DeclWithIssue = D;
66 return Base::TraverseDecl(D);
67 }
68
69 bool TraverseClassTemplateDecl(ClassTemplateDecl *CTD) {
70 if (isRetainPtrOrOSPtr(safeGetName(CTD)))
71 return true; // Skip the contents of RetainPtr.
72 return Base::TraverseClassTemplateDecl(CTD);
73 }
74
75 bool VisitTypedefDecl(TypedefDecl *TD) {
76 Checker->RTC.visitTypedef(TD);
77 return true;
78 }
79
80 bool VisitCallExpr(const CallExpr *CE) {
81 Checker->visitCallExpr(CE, DeclWithIssue);
82 return true;
83 }
84
85 bool VisitCXXConstructExpr(const CXXConstructExpr *CE) {
86 Checker->visitConstructExpr(CE, DeclWithIssue);
87 return true;
88 }
89
90 bool VisitObjCMessageExpr(const ObjCMessageExpr *ObjCMsgExpr) {
91 Checker->visitObjCMessageExpr(ObjCMsgExpr, DeclWithIssue);
92 return true;
93 }
94
95 bool VisitReturnStmt(const ReturnStmt *RS) {
96 Checker->visitReturnStmt(RS, DeclWithIssue);
97 return true;
98 }
99
100 bool VisitVarDecl(const VarDecl *VD) {
101 Checker->visitVarDecl(VD);
102 return true;
103 }
104
105 bool VisitBinaryOperator(const BinaryOperator *BO) {
106 Checker->visitBinaryOperator(BO);
107 return true;
108 }
109 };
110
111 LocalVisitor visitor(this);
112 Summaries = std::make_unique<RetainSummaryManager>(
113 TUD->getASTContext(), true /* trackObjCAndCFObjects */,
114 false /* trackOSObjects */);
115 RTC.visitTranslationUnitDecl(TUD);
116 visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
117 }
118
119 bool isAdoptFn(const Decl *FnDecl) const {
120 return isAdoptFnName(safeGetName(FnDecl));
121 }
122
123 bool isAdoptFnName(const std::string &Name) const {
124 return isAdoptNS(Name) || Name == "adoptCF" || Name == "adoptCFArc" ||
125 Name == "adoptOSObject" || Name == "adoptOSObjectArc";
126 }
127
128 bool isAdoptNS(const std::string &Name) const {
129 return Name == "adoptNS" || Name == "adoptNSArc";
130 }
131
132 void visitCallExpr(const CallExpr *CE, const Decl *DeclWithIssue) const {
133 assert(BR && "expected nonnull BugReporter");
134 if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
135 return;
136
137 std::string FnName;
138 if (auto *F = CE->getDirectCallee()) {
139 FnName = safeGetName(F);
140 if (isAdoptFnName(FnName))
141 checkAdoptCall(CE, FnName, DeclWithIssue);
142 else {
143 checkCreateOrCopyFunction(CE, DeclWithIssue);
144 checkBridgingRelease(CE, F, DeclWithIssue);
145 }
146 return;
147 }
148
149 auto *CalleeExpr = CE->getCallee();
150 if (!CalleeExpr)
151 return;
152 CalleeExpr = CalleeExpr->IgnoreParenCasts();
153 if (auto *UnresolvedExpr = dyn_cast<UnresolvedLookupExpr>(CalleeExpr)) {
154 auto Name = UnresolvedExpr->getName();
155 if (!Name.isIdentifier())
156 return;
157 FnName = Name.getAsString();
158 if (isAdoptFnName(FnName))
159 checkAdoptCall(CE, FnName, DeclWithIssue);
160 }
161 checkCreateOrCopyFunction(CE, DeclWithIssue);
162 }
163
164 void checkAdoptCall(const CallExpr *CE, const std::string &FnName,
165 const Decl *DeclWithIssue) const {
166 if (!CE->getNumArgs())
167 return;
168
169 auto *Arg = CE->getArg(0)->IgnoreParenCasts();
170 auto Result = isOwned(Arg);
171 if (Result == IsOwnedResult::Unknown)
172 Result = IsOwnedResult::NotOwned;
173
174 const Expr *Inner = nullptr;
175 if (isAllocInit(Arg, &Inner) || isCreateOrCopy(Arg)) {
176 if (Inner)
177 CreateOrCopyFnCall.insert(Inner);
178 CreateOrCopyFnCall.insert(Arg); // Avoid double reporting.
179 return;
180 }
181 if (Result == IsOwnedResult::Owned || Result == IsOwnedResult::Skip ||
182 isNullPtr(Arg)) {
183 CreateOrCopyFnCall.insert(Arg);
184 return;
185 }
186
187 if (auto *DRE = dyn_cast<DeclRefExpr>(Arg)) {
188 if (CreateOrCopyOutArguments.contains(DRE->getDecl()))
189 return;
190 }
191 if (RTC.isARCEnabled() && isAdoptFnName(FnName))
192 reportUseAfterFree(FnName, CE, DeclWithIssue, "when ARC is disabled");
193 else
194 reportUseAfterFree(FnName, CE, DeclWithIssue);
195 }
196
197 void visitObjCMessageExpr(const ObjCMessageExpr *ObjCMsgExpr,
198 const Decl *DeclWithIssue) const {
199 if (BR->getSourceManager().isInSystemHeader(ObjCMsgExpr->getExprLoc()))
200 return;
201
202 auto Selector = ObjCMsgExpr->getSelector();
203 if (Selector.getAsString() == "autorelease") {
204 auto *Receiver = ObjCMsgExpr->getInstanceReceiver()->IgnoreParenCasts();
205 if (!Receiver)
206 return;
207 ObjCMsgExpr = dyn_cast<ObjCMessageExpr>(Receiver);
208 if (!ObjCMsgExpr)
209 return;
210 const Expr *Inner = nullptr;
211 if (!isAllocInit(ObjCMsgExpr, &Inner))
212 return;
213 CreateOrCopyFnCall.insert(ObjCMsgExpr);
214 if (Inner)
215 CreateOrCopyFnCall.insert(Inner);
216 return;
217 }
218
219 const Expr *Inner = nullptr;
220 if (!isAllocInit(ObjCMsgExpr, &Inner))
221 return;
222 if (RTC.isARCEnabled())
223 return; // ARC never leaks.
224 if (CreateOrCopyFnCall.contains(ObjCMsgExpr))
225 return;
226 if (Inner)
227 CreateOrCopyFnCall.insert(Inner); // Avoid double reporting.
228 reportLeak(ObjCMsgExpr, DeclWithIssue);
229 }
230
231 void checkCreateOrCopyFunction(const CallExpr *CE,
232 const Decl *DeclWithIssue) const {
233 unsigned ArgCount = CE->getNumArgs();
234 auto *CalleeDecl = CE->getCalleeDecl();
235 auto *FnDecl = CalleeDecl ? CalleeDecl->getAsFunction() : nullptr;
236 for (unsigned ArgIndex = 0; ArgIndex < ArgCount; ++ArgIndex) {
237 auto *Arg = CE->getArg(ArgIndex)->IgnoreParenCasts();
238 auto *Unary = dyn_cast<UnaryOperator>(Arg);
239 if (!Unary)
240 continue;
241 if (Unary->getOpcode() != UO_AddrOf)
242 continue;
243 auto *SubExpr = Unary->getSubExpr();
244 if (!SubExpr)
245 continue;
246 auto *DRE = dyn_cast<DeclRefExpr>(SubExpr->IgnoreParenCasts());
247 if (!DRE)
248 continue;
249 auto *Decl = DRE->getDecl();
250 if (!Decl)
251 continue;
252 if (FnDecl && ArgIndex < FnDecl->getNumParams()) {
253 // Manually check attributes on argumenet since RetainSummaryManager
254 // basically ignores CF_RETRUNS_RETAINED on out arguments.
255 auto *ParamDecl = FnDecl->getParamDecl(ArgIndex);
256 if (ParamDecl->hasAttr<CFReturnsRetainedAttr>())
257 CreateOrCopyOutArguments.insert(Decl);
258 } else {
259 // No callee or a variadic argument.
260 // Conservatively assume it's an out argument.
261 if (RTC.isUnretained(Decl->getType()))
262 CreateOrCopyOutArguments.insert(Decl);
263 }
264 }
265 auto Summary = Summaries->getSummary(AnyCall(CE));
266 switch (Summary->getRetEffect().getKind()) {
267 case RetEffect::OwnedSymbol:
268 case RetEffect::OwnedWhenTrackedReceiver:
269 if (!CreateOrCopyFnCall.contains(CE))
270 reportLeak(CE, DeclWithIssue);
271 break;
272 default:
273 break;
274 }
275 }
276
277 void checkBridgingRelease(const CallExpr *CE, const FunctionDecl *Callee,
278 const Decl *DeclWithIssue) const {
279 if (safeGetName(Callee) != "CFBridgingRelease" || CE->getNumArgs() != 1)
280 return;
281
282 auto *Arg = CE->getArg(0)->IgnoreParenCasts();
283 auto *InnerCE = dyn_cast<CallExpr>(Arg);
284 if (!InnerCE)
285 return;
286
287 auto *InnerF = InnerCE->getDirectCallee();
288 if (!InnerF || !isCreateOrCopyFunction(InnerF))
289 return;
290
291 CreateOrCopyFnCall.insert(InnerCE);
292 }
293
294 void visitConstructExpr(const CXXConstructExpr *CE,
295 const Decl *DeclWithIssue) const {
296 assert(BR && "expected nonnull BugReporter");
297 if (BR->getSourceManager().isInSystemHeader(CE->getExprLoc()))
298 return;
299
300 auto *Ctor = CE->getConstructor();
301 if (!Ctor)
302 return;
303
304 auto *Cls = Ctor->getParent();
305 if (!Cls)
306 return;
307
308 if (!isRetainPtrOrOSPtr(safeGetName(Cls)) || !CE->getNumArgs())
309 return;
310
311 // Ignore RetainPtr construction inside adoptNS, adoptCF, and retainPtr.
312 if (isAdoptFn(DeclWithIssue) || safeGetName(DeclWithIssue) == "retainPtr")
313 return;
314
315 std::string Name = "RetainPtr constructor";
316 auto *Arg = CE->getArg(0)->IgnoreParenCasts();
317 auto Result = isOwned(Arg);
318
319 if (isCreateOrCopy(Arg))
320 CreateOrCopyFnCall.insert(Arg); // Avoid double reporting.
321
322 const Expr *Inner = nullptr;
323 if (isAllocInit(Arg, &Inner)) {
324 CreateOrCopyFnCall.insert(Arg);
325 if (Inner)
326 CreateOrCopyFnCall.insert(Inner);
327 }
328
329 if (Result == IsOwnedResult::Skip)
330 return;
331
332 if (Result == IsOwnedResult::Unknown)
333 Result = IsOwnedResult::NotOwned;
334 if (Result == IsOwnedResult::Owned)
335 reportLeak(Name, CE, DeclWithIssue);
336 else if (RTC.isARCEnabled() && isAllocInit(Arg))
337 reportLeak(Name, CE, DeclWithIssue, "when ARC is disabled");
338 else if (isCreateOrCopy(Arg))
339 reportLeak(Name, CE, DeclWithIssue);
340 }
341
342 void visitVarDecl(const VarDecl *VD) const {
343 auto *Init = VD->getInit();
344 if (!Init || !RTC.isARCEnabled())
345 return;
346 Init = Init->IgnoreParenCasts();
347 const Expr *Inner = nullptr;
348 if (isAllocInit(Init, &Inner)) {
349 CreateOrCopyFnCall.insert(Init);
350 if (Inner)
351 CreateOrCopyFnCall.insert(Inner);
352 }
353 }
354
355 void visitBinaryOperator(const BinaryOperator *BO) const {
356 if (!BO->isAssignmentOp())
357 return;
358 auto *LHS = BO->getLHS();
359 auto *RHS = BO->getRHS()->IgnoreParenCasts();
360 if (isa<ObjCIvarRefExpr>(LHS)) {
361 const Expr *Inner = nullptr;
362 if (isAllocInit(RHS, &Inner)) {
363 CreateOrCopyFnCall.insert(RHS);
364 if (Inner)
365 CreateOrCopyFnCall.insert(Inner);
366 }
367 return;
368 }
369 auto *UO = dyn_cast<UnaryOperator>(LHS);
370 if (!UO)
371 return;
372 auto OpCode = UO->getOpcode();
373 if (OpCode != UO_Deref)
374 return;
375 auto *DerefTarget = UO->getSubExpr();
376 if (!DerefTarget)
377 return;
378 DerefTarget = DerefTarget->IgnoreParenCasts();
379 auto *DRE = dyn_cast<DeclRefExpr>(DerefTarget);
380 if (!DRE)
381 return;
382 auto *Decl = DRE->getDecl();
383 if (!Decl)
384 return;
385 if (!isa<ParmVarDecl>(Decl) || !isCreateOrCopy(RHS))
386 return;
387 if (Decl->hasAttr<CFReturnsRetainedAttr>())
388 CreateOrCopyFnCall.insert(RHS);
389 }
390
391 void visitReturnStmt(const ReturnStmt *RS, const Decl *DeclWithIssue) const {
392 if (!DeclWithIssue)
393 return;
394 auto *RetValue = RS->getRetValue();
395 if (!RetValue)
396 return;
397 RetValue = RetValue->IgnoreParenCasts();
398 std::optional<bool> retainsRet;
399 if (auto *FnDecl = dyn_cast<FunctionDecl>(DeclWithIssue))
400 retainsRet = retainsReturnValue(FnDecl);
401 else if (auto *MethodDecl = dyn_cast<ObjCMethodDecl>(DeclWithIssue))
402 retainsRet = retainsReturnValue(MethodDecl);
403 else
404 return;
405 if (!retainsRet || !*retainsRet) {
406 // Under ARC, returning [[X alloc] init] doesn't leak X.
407 if (RTC.isUnretained(RetValue->getType()))
408 return;
409 }
410 if (retainsRet && *retainsRet) {
411 CreateOrCopyFnCall.insert(RetValue);
412 return;
413 }
414 if (auto *CE = dyn_cast<CallExpr>(RetValue)) {
415 auto *Callee = CE->getDirectCallee();
416 if (!Callee || !isCreateOrCopyFunction(Callee))
417 return;
418 CreateOrCopyFnCall.insert(CE);
419 return;
420 }
421 const Expr *Inner = nullptr;
422 if (isAllocInit(RetValue, &Inner)) {
423 CreateOrCopyFnCall.insert(RetValue);
424 if (Inner)
425 CreateOrCopyFnCall.insert(Inner);
426 }
427 }
428
429 template <typename CallableType>
430 std::optional<bool> retainsReturnValue(const CallableType *FnDecl) const {
431 auto Summary = Summaries->getSummary(AnyCall(FnDecl));
432 auto RetEffect = Summary->getRetEffect();
433 switch (RetEffect.getKind()) {
434 case RetEffect::NoRet:
435 return std::nullopt;
436 case RetEffect::OwnedSymbol:
437 return true;
438 case RetEffect::NotOwnedSymbol:
439 return false;
440 case RetEffect::OwnedWhenTrackedReceiver:
441 return std::nullopt;
442 case RetEffect::NoRetHard:
443 return std::nullopt;
444 }
445 return std::nullopt;
446 }
447
448 bool isCreateOrCopy(const Expr *E) const {
449 auto *CE = dyn_cast<CallExpr>(E);
450 if (!CE)
451 return false;
452 auto *Callee = CE->getDirectCallee();
453 if (!Callee)
454 return false;
455 return isCreateOrCopyFunction(Callee);
456 }
457
458 bool isCreateOrCopyFunction(const FunctionDecl *FnDecl) const {
459 auto CalleeName = safeGetName(FnDecl);
460 return CalleeName.find("Create") != std::string::npos ||
461 CalleeName.find("Copy") != std::string::npos;
462 }
463
464 enum class IsOwnedResult { Unknown, Skip, Owned, NotOwned };
465 IsOwnedResult isOwned(const Expr *E) const {
466 while (1) {
467 if (auto *POE = dyn_cast<PseudoObjectExpr>(E)) {
468 if (unsigned SemanticExprCount = POE->getNumSemanticExprs()) {
469 E = POE->getSemanticExpr(SemanticExprCount - 1);
470 continue;
471 }
472 }
473 if (isNullPtr(E))
474 return IsOwnedResult::NotOwned;
475 if (auto *DRE = dyn_cast<DeclRefExpr>(E)) {
476 auto QT = DRE->getType();
477 if (isRetainPtrOrOSPtrType(QT))
478 return IsOwnedResult::NotOwned;
479 QT = QT.getCanonicalType();
480 if (RTC.isUnretained(QT, true /* ignoreARC */))
481 return IsOwnedResult::NotOwned;
482 auto *PointeeType = QT->getPointeeType().getTypePtrOrNull();
483 if (PointeeType && PointeeType->isVoidType())
484 return IsOwnedResult::NotOwned; // Assume reading void* as +0.
485 }
486 if (auto *TE = dyn_cast<CXXBindTemporaryExpr>(E)) {
487 E = TE->getSubExpr();
488 continue;
489 }
490 if (auto *ObjCMsgExpr = dyn_cast<ObjCMessageExpr>(E)) {
491 auto Summary = Summaries->getSummary(AnyCall(ObjCMsgExpr));
492 auto RetEffect = Summary->getRetEffect();
493 switch (RetEffect.getKind()) {
494 case RetEffect::NoRet:
495 return IsOwnedResult::Unknown;
496 case RetEffect::OwnedSymbol:
497 return IsOwnedResult::Owned;
498 case RetEffect::NotOwnedSymbol:
499 return IsOwnedResult::NotOwned;
500 case RetEffect::OwnedWhenTrackedReceiver:
501 if (auto *Receiver = ObjCMsgExpr->getInstanceReceiver()) {
502 E = Receiver->IgnoreParenCasts();
503 continue;
504 }
505 return IsOwnedResult::Unknown;
506 case RetEffect::NoRetHard:
507 return IsOwnedResult::Unknown;
508 }
509 }
510 if (auto *CXXCE = dyn_cast<CXXMemberCallExpr>(E)) {
511 if (auto *MD = CXXCE->getMethodDecl()) {
512 auto *Cls = MD->getParent();
513 if (auto *CD = dyn_cast<CXXConversionDecl>(MD)) {
514 auto QT = CD->getConversionType().getCanonicalType();
515 auto *ResultType = QT.getTypePtrOrNull();
516 if (isRetainPtrOrOSPtr(safeGetName(Cls)) && ResultType &&
517 (ResultType->isPointerType() || ResultType->isReferenceType() ||
518 ResultType->isObjCObjectPointerType()))
519 return IsOwnedResult::NotOwned;
520 }
521 if (safeGetName(MD) == "leakRef" &&
522 isRetainPtrOrOSPtr(safeGetName(Cls)))
523 return IsOwnedResult::Owned;
524 }
525 }
526 if (auto *CE = dyn_cast<CallExpr>(E)) {
527 if (auto *Callee = CE->getDirectCallee()) {
528 if (isAdoptFn(Callee))
529 return IsOwnedResult::NotOwned;
530 auto Name = safeGetName(Callee);
531 if (Name == "__builtin___CFStringMakeConstantString")
532 return IsOwnedResult::NotOwned;
533 if ((Name == "checked_cf_cast" || Name == "dynamic_cf_cast" ||
534 Name == "checked_objc_cast" || Name == "dynamic_objc_cast") &&
535 CE->getNumArgs() == 1) {
536 E = CE->getArg(0)->IgnoreParenCasts();
537 continue;
538 }
539 auto RetType = Callee->getReturnType();
540 if (isRetainPtrOrOSPtrType(RetType))
541 return IsOwnedResult::NotOwned;
542 if (isCreateOrCopyFunction(Callee)) {
543 CreateOrCopyFnCall.insert(CE);
544 return IsOwnedResult::Owned;
545 }
546 } else if (auto *CalleeExpr = CE->getCallee()) {
547 if (isa<CXXDependentScopeMemberExpr>(CalleeExpr))
548 return IsOwnedResult::Skip; // Wait for instantiation.
549 if (isa<UnresolvedLookupExpr>(CalleeExpr))
550 return IsOwnedResult::Skip; // Wait for instantiation.
551 }
552 auto Summary = Summaries->getSummary(AnyCall(CE));
553 auto RetEffect = Summary->getRetEffect();
554 switch (RetEffect.getKind()) {
555 case RetEffect::NoRet:
556 return IsOwnedResult::Unknown;
557 case RetEffect::OwnedSymbol:
558 return IsOwnedResult::Owned;
559 case RetEffect::NotOwnedSymbol:
560 return IsOwnedResult::NotOwned;
561 case RetEffect::OwnedWhenTrackedReceiver:
562 return IsOwnedResult::Unknown;
563 case RetEffect::NoRetHard:
564 return IsOwnedResult::Unknown;
565 }
566 }
567 break;
568 }
569 return IsOwnedResult::Unknown;
570 }
571
572 void reportUseAfterFree(const std::string &Name, const CallExpr *CE,
573 const Decl *DeclWithIssue,
574 const char *condition = nullptr) const {
575 SmallString<100> Buf;
576 llvm::raw_svector_ostream Os(Buf);
577
578 Os << "Incorrect use of " << Name
579 << ". The argument is +0 and results in an use-after-free";
580 if (condition)
581 Os << " " << condition;
582 Os << ".";
583
584 assert(BR && "expected nonnull BugReporter");
585 PathDiagnosticLocation BSLoc(CE->getSourceRange().getBegin(),
586 BR->getSourceManager());
587 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
588 Report->addRange(CE->getSourceRange());
589 Report->setDeclWithIssue(DeclWithIssue);
590 BR->emitReport(std::move(Report));
591 }
592
593 void reportLeak(std::string &Name, const CXXConstructExpr *CE,
594 const Decl *DeclWithIssue,
595 const char *condition = nullptr) const {
596 SmallString<100> Buf;
597 llvm::raw_svector_ostream Os(Buf);
598
599 Os << "Incorrect use of " << Name
600 << ". The argument is +1 and results in a memory leak";
601 if (condition)
602 Os << " " << condition;
603 Os << ".";
604
605 assert(BR && "expected nonnull BugReporter");
606 PathDiagnosticLocation BSLoc(CE->getSourceRange().getBegin(),
607 BR->getSourceManager());
608 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
609 Report->addRange(CE->getSourceRange());
610 Report->setDeclWithIssue(DeclWithIssue);
611 BR->emitReport(std::move(Report));
612 }
613
614 template <typename ExprType>
615 void reportLeak(const ExprType *E, const Decl *DeclWithIssue) const {
616 SmallString<100> Buf;
617 llvm::raw_svector_ostream Os(Buf);
618
619 Os << "The return value is +1 and results in a memory leak.";
620
621 PathDiagnosticLocation BSLoc(E->getSourceRange().getBegin(),
622 BR->getSourceManager());
623 auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
624 Report->addRange(E->getSourceRange());
625 Report->setDeclWithIssue(DeclWithIssue);
626 BR->emitReport(std::move(Report));
627 }
628};
629} // namespace
630
631void ento::registerRetainPtrCtorAdoptChecker(CheckerManager &Mgr) {
632 Mgr.registerChecker<RetainPtrCtorAdoptChecker>();
633}
634
635bool ento::shouldRegisterRetainPtrCtorAdoptChecker(const CheckerManager &mgr) {
636 return true;
637}
RetValue
static bool RetValue(InterpState &S, CodePtr &Pt)
Definition Interp.cpp:31
clang::BinaryOperator::getLHS
Expr * getLHS() const
Definition Expr.h:4088
clang::BinaryOperator::getRHS
Expr * getRHS() const
Definition Expr.h:4090
clang::BinaryOperator::isAssignmentOp
static bool isAssignmentOp(Opcode Opc)
Definition Expr.h:4174
clang::CXXConstructExpr::getArg
Expr * getArg(unsigned Arg)
Return the specified argument.
Definition ExprCXX.h:1691
clang::CXXConstructExpr::getConstructor
CXXConstructorDecl * getConstructor() const
Get the constructor that this expression will (ultimately) call.
Definition ExprCXX.h:1611
clang::CXXConstructExpr::getNumArgs
unsigned getNumArgs() const
Return the number of arguments to the constructor call.
Definition ExprCXX.h:1688
clang::CXXMethodDecl::getParent
const CXXRecordDecl * getParent() const
Return the parent of this method declaration, which is the class in which this method is defined.
Definition DeclCXX.h:2255
clang::CallExpr::getArg
Expr * getArg(unsigned Arg)
getArg - Return the specified argument.
Definition Expr.h:3147
clang::CallExpr::getDirectCallee
FunctionDecl * getDirectCallee()
If the callee is a FunctionDecl, return it. Otherwise return null.
Definition Expr.h:3126
clang::CallExpr::getCallee
Expr * getCallee()
Definition Expr.h:3090
clang::CallExpr::getNumArgs
unsigned getNumArgs() const
getNumArgs - Return the number of actual arguments to this call.
Definition Expr.h:3134
clang::CallExpr::getCalleeDecl
Decl * getCalleeDecl()
Definition Expr.h:3120
clang::Decl::getAsFunction
FunctionDecl * getAsFunction() LLVM_READONLY
Returns the function itself, or the templated function if this is a function template.
Definition DeclBase.cpp:273
clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition Expr.cpp:3094
clang::Expr::getExprLoc
SourceLocation getExprLoc() const LLVM_READONLY
getExprLoc - Return the preferred location for the arrow when diagnosing a problem with a generic exp...
Definition Expr.cpp:276
clang::ObjCMessageExpr::getInstanceReceiver
Expr * getInstanceReceiver()
Returns the object expression (receiver) for an instance message, or null for a message that is not a...
Definition ExprObjC.h:1265
clang::ObjCMessageExpr::getSelector
Selector getSelector() const
Definition ExprObjC.cpp:289
clang::RetainTypeChecker::visitTypedef
void visitTypedef(const TypedefDecl *)
Definition PtrTypesSemantics.cpp:255
clang::ReturnStmt::getRetValue
Expr * getRetValue()
Definition Stmt.h:3178
clang::SourceRange::getBegin
SourceLocation getBegin() const
Definition SourceLocation.h:224
clang::Stmt::getSourceRange
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Definition Stmt.cpp:338
clang::TranslationUnitDecl::getASTContext
ASTContext & getASTContext() const
Definition Decl.h:141
clang::VarDecl::getInit
const Expr * getInit() const
Definition Decl.h:1368
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&...Args)
Register a single-part checker (derived from Checker): construct its singleton instance,...
Definition CheckerManager.h:218
clang::ento::Checker
Simple checker classes that implement one frontend (i.e.
Definition Checker.h:553
clang::ento::RetEffect::OwnedSymbol
@ OwnedSymbol
Indicates that the returned value is an owned (+1) symbol.
Definition RetainSummaryManager.h:148
clang::ento::RetEffect::OwnedWhenTrackedReceiver
@ OwnedWhenTrackedReceiver
Indicates that the return value is an owned object when the receiver is also a tracked object.
Definition RetainSummaryManager.h:157
clang::ento::RetEffect::NoRet
@ NoRet
Indicates that no retain count information is tracked for the return value.
Definition RetainSummaryManager.h:145
clang::ento::RetEffect::NotOwnedSymbol
@ NotOwnedSymbol
Indicates that the returned value is an object with retain count semantics but that it is not owned (...
Definition RetainSummaryManager.h:153
clang::modulemap::Decl
std::variant< struct RequiresDecl, struct HeaderDecl, struct UmbrellaDirDecl, struct ModuleDecl, struct ExcludeDecl, struct ExportDecl, struct ExportAsDecl, struct ExternModuleDecl, struct UseDecl, struct LinkDecl, struct ConfigMacrosDecl, struct ConflictDecl > Decl
All declarations that can appear in a module declaration.
Definition ModuleMapFile.h:32
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17
clang::isa
bool isa(CodeGen::Address addr)
Definition Address.h:330
clang::isRetainPtrOrOSPtrType
bool isRetainPtrOrOSPtrType(const clang::QualType T)
Definition PtrTypesSemantics.cpp:221
clang::ObjCSubstitutionContext::Result
@ Result
The result type of a method or function.
Definition TypeBase.h:905
clang::isRetainPtrOrOSPtr
bool isRetainPtrOrOSPtr(const std::string &Name)
Definition PtrTypesSemantics.cpp:132
clang::safeGetName
std::string safeGetName(const T *ASTNode)
Definition ASTUtils.h:95
clang::isNullPtr
bool isNullPtr(const clang::Expr *E)
Definition ASTUtils.cpp:270
clang::isAllocInit
bool isAllocInit(const Expr *E, const Expr **InnerExpr)
Definition ASTUtils.cpp:324
Generated on for clang by doxygen 1.14.0