clang 18.0.0git
ThreadSafety.cpp
Go to the documentation of this file.
1//===- ThreadSafety.cpp ---------------------------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// A intra-procedural analysis for thread safety (e.g. deadlocks and race
10// conditions), based off of an annotation system.
11//
12// See http://clang.llvm.org/docs/ThreadSafetyAnalysis.html
13// for more information.
14//
15//===----------------------------------------------------------------------===//
16
17#include "clang/Analysis/Analyses/ThreadSafety.h"
18#include "clang/AST/Attr.h"
19#include "clang/AST/Decl.h"
20#include "clang/AST/DeclCXX.h"
21#include "clang/AST/DeclGroup.h"
22#include "clang/AST/Expr.h"
23#include "clang/AST/ExprCXX.h"
24#include "clang/AST/OperationKinds.h"
25#include "clang/AST/Stmt.h"
26#include "clang/AST/StmtVisitor.h"
27#include "clang/AST/Type.h"
28#include "clang/Analysis/Analyses/PostOrderCFGView.h"
29#include "clang/Analysis/Analyses/ThreadSafetyCommon.h"
30#include "clang/Analysis/Analyses/ThreadSafetyTIL.h"
31#include "clang/Analysis/Analyses/ThreadSafetyTraverse.h"
32#include "clang/Analysis/Analyses/ThreadSafetyUtil.h"
33#include "clang/Analysis/AnalysisDeclContext.h"
34#include "clang/Analysis/CFG.h"
35#include "clang/Basic/Builtins.h"
36#include "clang/Basic/LLVM.h"
37#include "clang/Basic/OperatorKinds.h"
38#include "clang/Basic/SourceLocation.h"
39#include "clang/Basic/Specifiers.h"
40#include "llvm/ADT/ArrayRef.h"
41#include "llvm/ADT/DenseMap.h"
42#include "llvm/ADT/ImmutableMap.h"
43#include "llvm/ADT/STLExtras.h"
44#include "llvm/ADT/SmallVector.h"
45#include "llvm/ADT/StringRef.h"
46#include "llvm/Support/Allocator.h"
47#include "llvm/Support/Casting.h"
48#include "llvm/Support/ErrorHandling.h"
49#include "llvm/Support/raw_ostream.h"
50#include <algorithm>
51#include <cassert>
52#include <functional>
53#include <iterator>
54#include <memory>
55#include <optional>
56#include <string>
57#include <type_traits>
58#include <utility>
59#include <vector>
60
61using namespace clang;
62using namespace threadSafety;
63
64// Key method definition
65ThreadSafetyHandler::~ThreadSafetyHandler() = default;
66
67/// Issue a warning about an invalid lock expression
68static void warnInvalidLock(ThreadSafetyHandler &Handler,
69 const Expr *MutexExp, const NamedDecl *D,
70 const Expr *DeclExp, StringRef Kind) {
71 SourceLocation Loc;
72 if (DeclExp)
73 Loc = DeclExp->getExprLoc();
74
75 // FIXME: add a note about the attribute location in MutexExp or D
76 if (Loc.isValid())
77 Handler.handleInvalidLockExp(Loc);
78}
79
80namespace {
81
82/// A set of CapabilityExpr objects, which are compiled from thread safety
83/// attributes on a function.
84class CapExprSet : public SmallVector<CapabilityExpr, 4> {
85public:
86 /// Push M onto list, but discard duplicates.
87 void push_back_nodup(const CapabilityExpr &CapE) {
88 if (llvm::none_of(*this, [=](const CapabilityExpr &CapE2) {
89 return CapE.equals(CapE2);
90 }))
91 push_back(CapE);
92 }
93};
94
95class FactManager;
96class FactSet;
97
98/// This is a helper class that stores a fact that is known at a
99/// particular point in program execution. Currently, a fact is a capability,
100/// along with additional information, such as where it was acquired, whether
101/// it is exclusive or shared, etc.
102///
103/// FIXME: this analysis does not currently support re-entrant locking.
104class FactEntry : public CapabilityExpr {
105public:
106 /// Where a fact comes from.
107 enum SourceKind {
108 Acquired, ///< The fact has been directly acquired.
109 Asserted, ///< The fact has been asserted to be held.
110 Declared, ///< The fact is assumed to be held by callers.
111 Managed, ///< The fact has been acquired through a scoped capability.
112 };
113
114private:
115 /// Exclusive or shared.
116 LockKind LKind : 8;
117
118 // How it was acquired.
119 SourceKind Source : 8;
120
121 /// Where it was acquired.
122 SourceLocation AcquireLoc;
123
124public:
125 FactEntry(const CapabilityExpr &CE, LockKind LK, SourceLocation Loc,
126 SourceKind Src)
127 : CapabilityExpr(CE), LKind(LK), Source(Src), AcquireLoc(Loc) {}
128 virtual ~FactEntry() = default;
129
130 LockKind kind() const { return LKind; }
131 SourceLocation loc() const { return AcquireLoc; }
132
133 bool asserted() const { return Source == Asserted; }
134 bool declared() const { return Source == Declared; }
135 bool managed() const { return Source == Managed; }
136
137 virtual void
138 handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
139 SourceLocation JoinLoc, LockErrorKind LEK,
140 ThreadSafetyHandler &Handler) const = 0;
141 virtual void handleLock(FactSet &FSet, FactManager &FactMan,
142 const FactEntry &entry,
143 ThreadSafetyHandler &Handler) const = 0;
144 virtual void handleUnlock(FactSet &FSet, FactManager &FactMan,
145 const CapabilityExpr &Cp, SourceLocation UnlockLoc,
146 bool FullyRemove,
147 ThreadSafetyHandler &Handler) const = 0;
148
149 // Return true if LKind >= LK, where exclusive > shared
150 bool isAtLeast(LockKind LK) const {
151 return (LKind == LK_Exclusive) || (LK == LK_Shared);
152 }
153};
154
155using FactID = unsigned short;
156
157/// FactManager manages the memory for all facts that are created during
158/// the analysis of a single routine.
159class FactManager {
160private:
161 std::vector<std::unique_ptr<const FactEntry>> Facts;
162
163public:
164 FactID newFact(std::unique_ptr<FactEntry> Entry) {
165 Facts.push_back(std::move(Entry));
166 return static_cast<unsigned short>(Facts.size() - 1);
167 }
168
169 const FactEntry &operator[](FactID F) const { return *Facts[F]; }
170};
171
172/// A FactSet is the set of facts that are known to be true at a
173/// particular program point. FactSets must be small, because they are
174/// frequently copied, and are thus implemented as a set of indices into a
175/// table maintained by a FactManager. A typical FactSet only holds 1 or 2
176/// locks, so we can get away with doing a linear search for lookup. Note
177/// that a hashtable or map is inappropriate in this case, because lookups
178/// may involve partial pattern matches, rather than exact matches.
179class FactSet {
180private:
181 using FactVec = SmallVector<FactID, 4>;
182
183 FactVec FactIDs;
184
185public:
186 using iterator = FactVec::iterator;
187 using const_iterator = FactVec::const_iterator;
188
189 iterator begin() { return FactIDs.begin(); }
190 const_iterator begin() const { return FactIDs.begin(); }
191
192 iterator end() { return FactIDs.end(); }
193 const_iterator end() const { return FactIDs.end(); }
194
195 bool isEmpty() const { return FactIDs.size() == 0; }
196
197 // Return true if the set contains only negative facts
198 bool isEmpty(FactManager &FactMan) const {
199 for (const auto FID : *this) {
200 if (!FactMan[FID].negative())
201 return false;
202 }
203 return true;
204 }
205
206 void addLockByID(FactID ID) { FactIDs.push_back(ID); }
207
208 FactID addLock(FactManager &FM, std::unique_ptr<FactEntry> Entry) {
209 FactID F = FM.newFact(std::move(Entry));
210 FactIDs.push_back(F);
211 return F;
212 }
213
214 bool removeLock(FactManager& FM, const CapabilityExpr &CapE) {
215 unsigned n = FactIDs.size();
216 if (n == 0)
217 return false;
218
219 for (unsigned i = 0; i < n-1; ++i) {
220 if (FM[FactIDs[i]].matches(CapE)) {
221 FactIDs[i] = FactIDs[n-1];
222 FactIDs.pop_back();
223 return true;
224 }
225 }
226 if (FM[FactIDs[n-1]].matches(CapE)) {
227 FactIDs.pop_back();
228 return true;
229 }
230 return false;
231 }
232
233 iterator findLockIter(FactManager &FM, const CapabilityExpr &CapE) {
234 return std::find_if(begin(), end(), [&](FactID ID) {
235 return FM[ID].matches(CapE);
236 });
237 }
238
239 const FactEntry *findLock(FactManager &FM, const CapabilityExpr &CapE) const {
240 auto I = std::find_if(begin(), end(), [&](FactID ID) {
241 return FM[ID].matches(CapE);
242 });
243 return I != end() ? &FM[*I] : nullptr;
244 }
245
246 const FactEntry *findLockUniv(FactManager &FM,
247 const CapabilityExpr &CapE) const {
248 auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
249 return FM[ID].matchesUniv(CapE);
250 });
251 return I != end() ? &FM[*I] : nullptr;
252 }
253
254 const FactEntry *findPartialMatch(FactManager &FM,
255 const CapabilityExpr &CapE) const {
256 auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
257 return FM[ID].partiallyMatches(CapE);
258 });
259 return I != end() ? &FM[*I] : nullptr;
260 }
261
262 bool containsMutexDecl(FactManager &FM, const ValueDecl* Vd) const {
263 auto I = std::find_if(begin(), end(), [&](FactID ID) -> bool {
264 return FM[ID].valueDecl() == Vd;
265 });
266 return I != end();
267 }
268};
269
270class ThreadSafetyAnalyzer;
271
272} // namespace
273
274namespace clang {
275namespace threadSafety {
276
277class BeforeSet {
278private:
279 using BeforeVect = SmallVector<const ValueDecl *, 4>;
280
281 struct BeforeInfo {
282 BeforeVect Vect;
283 int Visited = 0;
284
285 BeforeInfo() = default;
286 BeforeInfo(BeforeInfo &&) = default;
287 };
288
289 using BeforeMap =
290 llvm::DenseMap<const ValueDecl *, std::unique_ptr<BeforeInfo>>;
291 using CycleMap = llvm::DenseMap<const ValueDecl *, bool>;
292
293public:
294 BeforeSet() = default;
295
296 BeforeInfo* insertAttrExprs(const ValueDecl* Vd,
297 ThreadSafetyAnalyzer& Analyzer);
298
299 BeforeInfo *getBeforeInfoForDecl(const ValueDecl *Vd,
300 ThreadSafetyAnalyzer &Analyzer);
301
302 void checkBeforeAfter(const ValueDecl* Vd,
303 const FactSet& FSet,
304 ThreadSafetyAnalyzer& Analyzer,
305 SourceLocation Loc, StringRef CapKind);
306
307private:
308 BeforeMap BMap;
309 CycleMap CycMap;
310};
311
312} // namespace threadSafety
313} // namespace clang
314
315namespace {
316
317class LocalVariableMap;
318
319using LocalVarContext = llvm::ImmutableMap<const NamedDecl *, unsigned>;
320
321/// A side (entry or exit) of a CFG node.
322enum CFGBlockSide { CBS_Entry, CBS_Exit };
323
324/// CFGBlockInfo is a struct which contains all the information that is
325/// maintained for each block in the CFG. See LocalVariableMap for more
326/// information about the contexts.
327struct CFGBlockInfo {
328 // Lockset held at entry to block
329 FactSet EntrySet;
330
331 // Lockset held at exit from block
332 FactSet ExitSet;
333
334 // Context held at entry to block
335 LocalVarContext EntryContext;
336
337 // Context held at exit from block
338 LocalVarContext ExitContext;
339
340 // Location of first statement in block
341 SourceLocation EntryLoc;
342
343 // Location of last statement in block.
344 SourceLocation ExitLoc;
345
346 // Used to replay contexts later
347 unsigned EntryIndex;
348
349 // Is this block reachable?
350 bool Reachable = false;
351
352 const FactSet &getSet(CFGBlockSide Side) const {
353 return Side == CBS_Entry ? EntrySet : ExitSet;
354 }
355
356 SourceLocation getLocation(CFGBlockSide Side) const {
357 return Side == CBS_Entry ? EntryLoc : ExitLoc;
358 }
359
360private:
361 CFGBlockInfo(LocalVarContext EmptyCtx)
362 : EntryContext(EmptyCtx), ExitContext(EmptyCtx) {}
363
364public:
365 static CFGBlockInfo getEmptyBlockInfo(LocalVariableMap &M);
366};
367
368// A LocalVariableMap maintains a map from local variables to their currently
369// valid definitions. It provides SSA-like functionality when traversing the
370// CFG. Like SSA, each definition or assignment to a variable is assigned a
371// unique name (an integer), which acts as the SSA name for that definition.
372// The total set of names is shared among all CFG basic blocks.
373// Unlike SSA, we do not rewrite expressions to replace local variables declrefs
374// with their SSA-names. Instead, we compute a Context for each point in the
375// code, which maps local variables to the appropriate SSA-name. This map
376// changes with each assignment.
377//
378// The map is computed in a single pass over the CFG. Subsequent analyses can
379// then query the map to find the appropriate Context for a statement, and use
380// that Context to look up the definitions of variables.
381class LocalVariableMap {
382public:
383 using Context = LocalVarContext;
384
385 /// A VarDefinition consists of an expression, representing the value of the
386 /// variable, along with the context in which that expression should be
387 /// interpreted. A reference VarDefinition does not itself contain this
388 /// information, but instead contains a pointer to a previous VarDefinition.
389 struct VarDefinition {
390 public:
391 friend class LocalVariableMap;
392
393 // The original declaration for this variable.
394 const NamedDecl *Dec;
395
396 // The expression for this variable, OR
397 const Expr *Exp = nullptr;
398
399 // Reference to another VarDefinition
400 unsigned Ref = 0;
401
402 // The map with which Exp should be interpreted.
403 Context Ctx;
404
405 bool isReference() const { return !Exp; }
406
407 private:
408 // Create ordinary variable definition
409 VarDefinition(const NamedDecl *D, const Expr *E, Context C)
410 : Dec(D), Exp(E), Ctx(C) {}
411
412 // Create reference to previous definition
413 VarDefinition(const NamedDecl *D, unsigned R, Context C)
414 : Dec(D), Ref(R), Ctx(C) {}
415 };
416
417private:
418 Context::Factory ContextFactory;
419 std::vector<VarDefinition> VarDefinitions;
420 std::vector<std::pair<const Stmt *, Context>> SavedContexts;
421
422public:
423 LocalVariableMap() {
424 // index 0 is a placeholder for undefined variables (aka phi-nodes).
425 VarDefinitions.push_back(VarDefinition(nullptr, 0u, getEmptyContext()));
426 }
427
428 /// Look up a definition, within the given context.
429 const VarDefinition* lookup(const NamedDecl *D, Context Ctx) {
430 const unsigned *i = Ctx.lookup(D);
431 if (!i)
432 return nullptr;
433 assert(*i < VarDefinitions.size());
434 return &VarDefinitions[*i];
435 }
436
437 /// Look up the definition for D within the given context. Returns
438 /// NULL if the expression is not statically known. If successful, also
439 /// modifies Ctx to hold the context of the return Expr.
440 const Expr* lookupExpr(const NamedDecl *D, Context &Ctx) {
441 const unsigned *P = Ctx.lookup(D);
442 if (!P)
443 return nullptr;
444
445 unsigned i = *P;
446 while (i > 0) {
447 if (VarDefinitions[i].Exp) {
448 Ctx = VarDefinitions[i].Ctx;
449 return VarDefinitions[i].Exp;
450 }
451 i = VarDefinitions[i].Ref;
452 }
453 return nullptr;
454 }
455
456 Context getEmptyContext() { return ContextFactory.getEmptyMap(); }
457
458 /// Return the next context after processing S. This function is used by
459 /// clients of the class to get the appropriate context when traversing the
460 /// CFG. It must be called for every assignment or DeclStmt.
461 Context getNextContext(unsigned &CtxIndex, const Stmt *S, Context C) {
462 if (SavedContexts[CtxIndex+1].first == S) {
463 CtxIndex++;
464 Context Result = SavedContexts[CtxIndex].second;
465 return Result;
466 }
467 return C;
468 }
469
470 void dumpVarDefinitionName(unsigned i) {
471 if (i == 0) {
472 llvm::errs() << "Undefined";
473 return;
474 }
475 const NamedDecl *Dec = VarDefinitions[i].Dec;
476 if (!Dec) {
477 llvm::errs() << "<<NULL>>";
478 return;
479 }
480 Dec->printName(llvm::errs());
481 llvm::errs() << "." << i << " " << ((const void*) Dec);
482 }
483
484 /// Dumps an ASCII representation of the variable map to llvm::errs()
485 void dump() {
486 for (unsigned i = 1, e = VarDefinitions.size(); i < e; ++i) {
487 const Expr *Exp = VarDefinitions[i].Exp;
488 unsigned Ref = VarDefinitions[i].Ref;
489
490 dumpVarDefinitionName(i);
491 llvm::errs() << " = ";
492 if (Exp) Exp->dump();
493 else {
494 dumpVarDefinitionName(Ref);
495 llvm::errs() << "\n";
496 }
497 }
498 }
499
500 /// Dumps an ASCII representation of a Context to llvm::errs()
501 void dumpContext(Context C) {
502 for (Context::iterator I = C.begin(), E = C.end(); I != E; ++I) {
503 const NamedDecl *D = I.getKey();
504 D->printName(llvm::errs());
505 llvm::errs() << " -> ";
506 dumpVarDefinitionName(I.getData());
507 llvm::errs() << "\n";
508 }
509 }
510
511 /// Builds the variable map.
512 void traverseCFG(CFG *CFGraph, const PostOrderCFGView *SortedGraph,
513 std::vector<CFGBlockInfo> &BlockInfo);
514
515protected:
516 friend class VarMapBuilder;
517
518 // Get the current context index
519 unsigned getContextIndex() { return SavedContexts.size()-1; }
520
521 // Save the current context for later replay
522 void saveContext(const Stmt *S, Context C) {
523 SavedContexts.push_back(std::make_pair(S, C));
524 }
525
526 // Adds a new definition to the given context, and returns a new context.
527 // This method should be called when declaring a new variable.
528 Context addDefinition(const NamedDecl *D, const Expr *Exp, Context Ctx) {
529 assert(!Ctx.contains(D));
530 unsigned newID = VarDefinitions.size();
531 Context NewCtx = ContextFactory.add(Ctx, D, newID);
532 VarDefinitions.push_back(VarDefinition(D, Exp, Ctx));
533 return NewCtx;
534 }
535
536 // Add a new reference to an existing definition.
537 Context addReference(const NamedDecl *D, unsigned i, Context Ctx) {
538 unsigned newID = VarDefinitions.size();
539 Context NewCtx = ContextFactory.add(Ctx, D, newID);
540 VarDefinitions.push_back(VarDefinition(D, i, Ctx));
541 return NewCtx;
542 }
543
544 // Updates a definition only if that definition is already in the map.
545 // This method should be called when assigning to an existing variable.
546 Context updateDefinition(const NamedDecl *D, Expr *Exp, Context Ctx) {
547 if (Ctx.contains(D)) {
548 unsigned newID = VarDefinitions.size();
549 Context NewCtx = ContextFactory.remove(Ctx, D);
550 NewCtx = ContextFactory.add(NewCtx, D, newID);
551 VarDefinitions.push_back(VarDefinition(D, Exp, Ctx));
552 return NewCtx;
553 }
554 return Ctx;
555 }
556
557 // Removes a definition from the context, but keeps the variable name
558 // as a valid variable. The index 0 is a placeholder for cleared definitions.
559 Context clearDefinition(const NamedDecl *D, Context Ctx) {
560 Context NewCtx = Ctx;
561 if (NewCtx.contains(D)) {
562 NewCtx = ContextFactory.remove(NewCtx, D);
563 NewCtx = ContextFactory.add(NewCtx, D, 0);
564 }
565 return NewCtx;
566 }
567
568 // Remove a definition entirely frmo the context.
569 Context removeDefinition(const NamedDecl *D, Context Ctx) {
570 Context NewCtx = Ctx;
571 if (NewCtx.contains(D)) {
572 NewCtx = ContextFactory.remove(NewCtx, D);
573 }
574 return NewCtx;
575 }
576
577 Context intersectContexts(Context C1, Context C2);
578 Context createReferenceContext(Context C);
579 void intersectBackEdge(Context C1, Context C2);
580};
581
582} // namespace
583
584// This has to be defined after LocalVariableMap.
585CFGBlockInfo CFGBlockInfo::getEmptyBlockInfo(LocalVariableMap &M) {
586 return CFGBlockInfo(M.getEmptyContext());
587}
588
589namespace {
590
591/// Visitor which builds a LocalVariableMap
592class VarMapBuilder : public ConstStmtVisitor<VarMapBuilder> {
593public:
594 LocalVariableMap* VMap;
595 LocalVariableMap::Context Ctx;
596
597 VarMapBuilder(LocalVariableMap *VM, LocalVariableMap::Context C)
598 : VMap(VM), Ctx(C) {}
599
600 void VisitDeclStmt(const DeclStmt *S);
601 void VisitBinaryOperator(const BinaryOperator *BO);
602};
603
604} // namespace
605
606// Add new local variables to the variable map
607void VarMapBuilder::VisitDeclStmt(const DeclStmt *S) {
608 bool modifiedCtx = false;
609 const DeclGroupRef DGrp = S->getDeclGroup();
610 for (const auto *D : DGrp) {
611 if (const auto *VD = dyn_cast_or_null<VarDecl>(D)) {
612 const Expr *E = VD->getInit();
613
614 // Add local variables with trivial type to the variable map
615 QualType T = VD->getType();
616 if (T.isTrivialType(VD->getASTContext())) {
617 Ctx = VMap->addDefinition(VD, E, Ctx);
618 modifiedCtx = true;
619 }
620 }
621 }
622 if (modifiedCtx)
623 VMap->saveContext(S, Ctx);
624}
625
626// Update local variable definitions in variable map
627void VarMapBuilder::VisitBinaryOperator(const BinaryOperator *BO) {
628 if (!BO->isAssignmentOp())
629 return;
630
631 Expr *LHSExp = BO->getLHS()->IgnoreParenCasts();
632
633 // Update the variable map and current context.
634 if (const auto *DRE = dyn_cast<DeclRefExpr>(LHSExp)) {
635 const ValueDecl *VDec = DRE->getDecl();
636 if (Ctx.lookup(VDec)) {
637 if (BO->getOpcode() == BO_Assign)
638 Ctx = VMap->updateDefinition(VDec, BO->getRHS(), Ctx);
639 else
640 // FIXME -- handle compound assignment operators
641 Ctx = VMap->clearDefinition(VDec, Ctx);
642 VMap->saveContext(BO, Ctx);
643 }
644 }
645}
646
647// Computes the intersection of two contexts. The intersection is the
648// set of variables which have the same definition in both contexts;
649// variables with different definitions are discarded.
650LocalVariableMap::Context
651LocalVariableMap::intersectContexts(Context C1, Context C2) {
652 Context Result = C1;
653 for (const auto &P : C1) {
654 const NamedDecl *Dec = P.first;
655 const unsigned *i2 = C2.lookup(Dec);
656 if (!i2) // variable doesn't exist on second path
657 Result = removeDefinition(Dec, Result);
658 else if (*i2 != P.second) // variable exists, but has different definition
659 Result = clearDefinition(Dec, Result);
660 }
661 return Result;
662}
663
664// For every variable in C, create a new variable that refers to the
665// definition in C. Return a new context that contains these new variables.
666// (We use this for a naive implementation of SSA on loop back-edges.)
667LocalVariableMap::Context LocalVariableMap::createReferenceContext(Context C) {
668 Context Result = getEmptyContext();
669 for (const auto &P : C)
670 Result = addReference(P.first, P.second, Result);
671 return Result;
672}
673
674// This routine also takes the intersection of C1 and C2, but it does so by
675// altering the VarDefinitions. C1 must be the result of an earlier call to
676// createReferenceContext.
677void LocalVariableMap::intersectBackEdge(Context C1, Context C2) {
678 for (const auto &P : C1) {
679 unsigned i1 = P.second;
680 VarDefinition *VDef = &VarDefinitions[i1];
681 assert(VDef->isReference());
682
683 const unsigned *i2 = C2.lookup(P.first);
684 if (!i2 || (*i2 != i1))
685 VDef->Ref = 0; // Mark this variable as undefined
686 }
687}
688
689// Traverse the CFG in topological order, so all predecessors of a block
690// (excluding back-edges) are visited before the block itself. At
691// each point in the code, we calculate a Context, which holds the set of
692// variable definitions which are visible at that point in execution.
693// Visible variables are mapped to their definitions using an array that
694// contains all definitions.
695//
696// At join points in the CFG, the set is computed as the intersection of
697// the incoming sets along each edge, E.g.
698//
699// { Context | VarDefinitions }
700// int x = 0; { x -> x1 | x1 = 0 }
701// int y = 0; { x -> x1, y -> y1 | y1 = 0, x1 = 0 }
702// if (b) x = 1; { x -> x2, y -> y1 | x2 = 1, y1 = 0, ... }
703// else x = 2; { x -> x3, y -> y1 | x3 = 2, x2 = 1, ... }
704// ... { y -> y1 (x is unknown) | x3 = 2, x2 = 1, ... }
705//
706// This is essentially a simpler and more naive version of the standard SSA
707// algorithm. Those definitions that remain in the intersection are from blocks
708// that strictly dominate the current block. We do not bother to insert proper
709// phi nodes, because they are not used in our analysis; instead, wherever
710// a phi node would be required, we simply remove that definition from the
711// context (E.g. x above).
712//
713// The initial traversal does not capture back-edges, so those need to be
714// handled on a separate pass. Whenever the first pass encounters an
715// incoming back edge, it duplicates the context, creating new definitions
716// that refer back to the originals. (These correspond to places where SSA
717// might have to insert a phi node.) On the second pass, these definitions are
718// set to NULL if the variable has changed on the back-edge (i.e. a phi
719// node was actually required.) E.g.
720//
721// { Context | VarDefinitions }
722// int x = 0, y = 0; { x -> x1, y -> y1 | y1 = 0, x1 = 0 }
723// while (b) { x -> x2, y -> y1 | [1st:] x2=x1; [2nd:] x2=NULL; }
724// x = x+1; { x -> x3, y -> y1 | x3 = x2 + 1, ... }
725// ... { y -> y1 | x3 = 2, x2 = 1, ... }
726void LocalVariableMap::traverseCFG(CFG *CFGraph,
727 const PostOrderCFGView *SortedGraph,
728 std::vector<CFGBlockInfo> &BlockInfo) {
729 PostOrderCFGView::CFGBlockSet VisitedBlocks(CFGraph);
730
731 for (const auto *CurrBlock : *SortedGraph) {
732 unsigned CurrBlockID = CurrBlock->getBlockID();
733 CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlockID];
734
735 VisitedBlocks.insert(CurrBlock);
736
737 // Calculate the entry context for the current block
738 bool HasBackEdges = false;
739 bool CtxInit = true;
740 for (CFGBlock::const_pred_iterator PI = CurrBlock->pred_begin(),
741 PE = CurrBlock->pred_end(); PI != PE; ++PI) {
742 // if *PI -> CurrBlock is a back edge, so skip it
743 if (*PI == nullptr || !VisitedBlocks.alreadySet(*PI)) {
744 HasBackEdges = true;
745 continue;
746 }
747
748 unsigned PrevBlockID = (*PI)->getBlockID();
749 CFGBlockInfo *PrevBlockInfo = &BlockInfo[PrevBlockID];
750
751 if (CtxInit) {
752 CurrBlockInfo->EntryContext = PrevBlockInfo->ExitContext;
753 CtxInit = false;
754 }
755 else {
756 CurrBlockInfo->EntryContext =
757 intersectContexts(CurrBlockInfo->EntryContext,
758 PrevBlockInfo->ExitContext);
759 }
760 }
761
762 // Duplicate the context if we have back-edges, so we can call
763 // intersectBackEdges later.
764 if (HasBackEdges)
765 CurrBlockInfo->EntryContext =
766 createReferenceContext(CurrBlockInfo->EntryContext);
767
768 // Create a starting context index for the current block
769 saveContext(nullptr, CurrBlockInfo->EntryContext);
770 CurrBlockInfo->EntryIndex = getContextIndex();
771
772 // Visit all the statements in the basic block.
773 VarMapBuilder VMapBuilder(this, CurrBlockInfo->EntryContext);
774 for (const auto &BI : *CurrBlock) {
775 switch (BI.getKind()) {
776 case CFGElement::Statement: {
777 CFGStmt CS = BI.castAs<CFGStmt>();
778 VMapBuilder.Visit(CS.getStmt());
779 break;
780 }
781 default:
782 break;
783 }
784 }
785 CurrBlockInfo->ExitContext = VMapBuilder.Ctx;
786
787 // Mark variables on back edges as "unknown" if they've been changed.
788 for (CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin(),
789 SE = CurrBlock->succ_end(); SI != SE; ++SI) {
790 // if CurrBlock -> *SI is *not* a back edge
791 if (*SI == nullptr || !VisitedBlocks.alreadySet(*SI))
792 continue;
793
794 CFGBlock *FirstLoopBlock = *SI;
795 Context LoopBegin = BlockInfo[FirstLoopBlock->getBlockID()].EntryContext;
796 Context LoopEnd = CurrBlockInfo->ExitContext;
797 intersectBackEdge(LoopBegin, LoopEnd);
798 }
799 }
800
801 // Put an extra entry at the end of the indexed context array
802 unsigned exitID = CFGraph->getExit().getBlockID();
803 saveContext(nullptr, BlockInfo[exitID].ExitContext);
804}
805
806/// Find the appropriate source locations to use when producing diagnostics for
807/// each block in the CFG.
808static void findBlockLocations(CFG *CFGraph,
809 const PostOrderCFGView *SortedGraph,
810 std::vector<CFGBlockInfo> &BlockInfo) {
811 for (const auto *CurrBlock : *SortedGraph) {
812 CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlock->getBlockID()];
813
814 // Find the source location of the last statement in the block, if the
815 // block is not empty.
816 if (const Stmt *S = CurrBlock->getTerminatorStmt()) {
817 CurrBlockInfo->EntryLoc = CurrBlockInfo->ExitLoc = S->getBeginLoc();
818 } else {
819 for (CFGBlock::const_reverse_iterator BI = CurrBlock->rbegin(),
820 BE = CurrBlock->rend(); BI != BE; ++BI) {
821 // FIXME: Handle other CFGElement kinds.
822 if (std::optional<CFGStmt> CS = BI->getAs<CFGStmt>()) {
823 CurrBlockInfo->ExitLoc = CS->getStmt()->getBeginLoc();
824 break;
825 }
826 }
827 }
828
829 if (CurrBlockInfo->ExitLoc.isValid()) {
830 // This block contains at least one statement. Find the source location
831 // of the first statement in the block.
832 for (const auto &BI : *CurrBlock) {
833 // FIXME: Handle other CFGElement kinds.
834 if (std::optional<CFGStmt> CS = BI.getAs<CFGStmt>()) {
835 CurrBlockInfo->EntryLoc = CS->getStmt()->getBeginLoc();
836 break;
837 }
838 }
839 } else if (CurrBlock->pred_size() == 1 && *CurrBlock->pred_begin() &&
840 CurrBlock != &CFGraph->getExit()) {
841 // The block is empty, and has a single predecessor. Use its exit
842 // location.
843 CurrBlockInfo->EntryLoc = CurrBlockInfo->ExitLoc =
844 BlockInfo[(*CurrBlock->pred_begin())->getBlockID()].ExitLoc;
845 } else if (CurrBlock->succ_size() == 1 && *CurrBlock->succ_begin()) {
846 // The block is empty, and has a single successor. Use its entry
847 // location.
848 CurrBlockInfo->EntryLoc = CurrBlockInfo->ExitLoc =
849 BlockInfo[(*CurrBlock->succ_begin())->getBlockID()].EntryLoc;
850 }
851 }
852}
853
854namespace {
855
856class LockableFactEntry : public FactEntry {
857public:
858 LockableFactEntry(const CapabilityExpr &CE, LockKind LK, SourceLocation Loc,
859 SourceKind Src = Acquired)
860 : FactEntry(CE, LK, Loc, Src) {}
861
862 void
863 handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
864 SourceLocation JoinLoc, LockErrorKind LEK,
865 ThreadSafetyHandler &Handler) const override {
866 if (!asserted() && !negative() && !isUniversal()) {
867 Handler.handleMutexHeldEndOfScope(getKind(), toString(), loc(), JoinLoc,
868 LEK);
869 }
870 }
871
872 void handleLock(FactSet &FSet, FactManager &FactMan, const FactEntry &entry,
873 ThreadSafetyHandler &Handler) const override {
874 Handler.handleDoubleLock(entry.getKind(), entry.toString(), loc(),
875 entry.loc());
876 }
877
878 void handleUnlock(FactSet &FSet, FactManager &FactMan,
879 const CapabilityExpr &Cp, SourceLocation UnlockLoc,
880 bool FullyRemove,
881 ThreadSafetyHandler &Handler) const override {
882 FSet.removeLock(FactMan, Cp);
883 if (!Cp.negative()) {
884 FSet.addLock(FactMan, std::make_unique<LockableFactEntry>(
885 !Cp, LK_Exclusive, UnlockLoc));
886 }
887 }
888};
889
890class ScopedLockableFactEntry : public FactEntry {
891private:
892 enum UnderlyingCapabilityKind {
893 UCK_Acquired, ///< Any kind of acquired capability.
894 UCK_ReleasedShared, ///< Shared capability that was released.
895 UCK_ReleasedExclusive, ///< Exclusive capability that was released.
896 };
897
898 struct UnderlyingCapability {
899 CapabilityExpr Cap;
900 UnderlyingCapabilityKind Kind;
901 };
902
903 SmallVector<UnderlyingCapability, 2> UnderlyingMutexes;
904
905public:
906 ScopedLockableFactEntry(const CapabilityExpr &CE, SourceLocation Loc)
907 : FactEntry(CE, LK_Exclusive, Loc, Acquired) {}
908
909 void addLock(const CapabilityExpr &M) {
910 UnderlyingMutexes.push_back(UnderlyingCapability{M, UCK_Acquired});
911 }
912
913 void addExclusiveUnlock(const CapabilityExpr &M) {
914 UnderlyingMutexes.push_back(UnderlyingCapability{M, UCK_ReleasedExclusive});
915 }
916
917 void addSharedUnlock(const CapabilityExpr &M) {
918 UnderlyingMutexes.push_back(UnderlyingCapability{M, UCK_ReleasedShared});
919 }
920
921 void
922 handleRemovalFromIntersection(const FactSet &FSet, FactManager &FactMan,
923 SourceLocation JoinLoc, LockErrorKind LEK,
924 ThreadSafetyHandler &Handler) const override {
925 for (const auto &UnderlyingMutex : UnderlyingMutexes) {
926 const auto *Entry = FSet.findLock(FactMan, UnderlyingMutex.Cap);
927 if ((UnderlyingMutex.Kind == UCK_Acquired && Entry) ||
928 (UnderlyingMutex.Kind != UCK_Acquired && !Entry)) {
929 // If this scoped lock manages another mutex, and if the underlying
930 // mutex is still/not held, then warn about the underlying mutex.
931 Handler.handleMutexHeldEndOfScope(UnderlyingMutex.Cap.getKind(),
932 UnderlyingMutex.Cap.toString(), loc(),
933 JoinLoc, LEK);
934 }
935 }
936 }
937
938 void handleLock(FactSet &FSet, FactManager &FactMan, const FactEntry &entry,
939 ThreadSafetyHandler &Handler) const override {
940 for (const auto &UnderlyingMutex : UnderlyingMutexes) {
941 if (UnderlyingMutex.Kind == UCK_Acquired)
942 lock(FSet, FactMan, UnderlyingMutex.Cap, entry.kind(), entry.loc(),
943 &Handler);
944 else
945 unlock(FSet, FactMan, UnderlyingMutex.Cap, entry.loc(), &Handler);
946 }
947 }
948
949 void handleUnlock(FactSet &FSet, FactManager &FactMan,
950 const CapabilityExpr &Cp, SourceLocation UnlockLoc,
951 bool FullyRemove,
952 ThreadSafetyHandler &Handler) const override {
953 assert(!Cp.negative() && "Managing object cannot be negative.");
954 for (const auto &UnderlyingMutex : UnderlyingMutexes) {
955 // Remove/lock the underlying mutex if it exists/is still unlocked; warn
956 // on double unlocking/locking if we're not destroying the scoped object.
957 ThreadSafetyHandler *TSHandler = FullyRemove ? nullptr : &Handler;
958 if (UnderlyingMutex.Kind == UCK_Acquired) {
959 unlock(FSet, FactMan, UnderlyingMutex.Cap, UnlockLoc, TSHandler);
960 } else {
961 LockKind kind = UnderlyingMutex.Kind == UCK_ReleasedShared
962 ? LK_Shared
963 : LK_Exclusive;
964 lock(FSet, FactMan, UnderlyingMutex.Cap, kind, UnlockLoc, TSHandler);
965 }
966 }
967 if (FullyRemove)
968 FSet.removeLock(FactMan, Cp);
969 }
970
971private:
972 void lock(FactSet &FSet, FactManager &FactMan, const CapabilityExpr &Cp,
973 LockKind kind, SourceLocation loc,
974 ThreadSafetyHandler *Handler) const {
975 if (const FactEntry *Fact = FSet.findLock(FactMan, Cp)) {
976 if (Handler)
977 Handler->handleDoubleLock(Cp.getKind(), Cp.toString(), Fact->loc(),
978 loc);
979 } else {
980 FSet.removeLock(FactMan, !Cp);
981 FSet.addLock(FactMan,
982 std::make_unique<LockableFactEntry>(Cp, kind, loc, Managed));
983 }
984 }
985
986 void unlock(FactSet &FSet, FactManager &FactMan, const CapabilityExpr &Cp,
987 SourceLocation loc, ThreadSafetyHandler *Handler) const {
988 if (FSet.findLock(FactMan, Cp)) {
989 FSet.removeLock(FactMan, Cp);
990 FSet.addLock(FactMan, std::make_unique<LockableFactEntry>(
991 !Cp, LK_Exclusive, loc));
992 } else if (Handler) {
993 SourceLocation PrevLoc;
994 if (const FactEntry *Neg = FSet.findLock(FactMan, !Cp))
995 PrevLoc = Neg->loc();
996 Handler->handleUnmatchedUnlock(Cp.getKind(), Cp.toString(), loc, PrevLoc);
997 }
998 }
999};
1000
1001/// Class which implements the core thread safety analysis routines.
1002class ThreadSafetyAnalyzer {
1003 friend class BuildLockset;
1004 friend class threadSafety::BeforeSet;
1005
1006 llvm::BumpPtrAllocator Bpa;
1007 threadSafety::til::MemRegionRef Arena;
1008 threadSafety::SExprBuilder SxBuilder;
1009
1010 ThreadSafetyHandler &Handler;
1011 const CXXMethodDecl *CurrentMethod = nullptr;
1012 LocalVariableMap LocalVarMap;
1013 FactManager FactMan;
1014 std::vector<CFGBlockInfo> BlockInfo;
1015
1016 BeforeSet *GlobalBeforeSet;
1017
1018public:
1019 ThreadSafetyAnalyzer(ThreadSafetyHandler &H, BeforeSet* Bset)
1020 : Arena(&Bpa), SxBuilder(Arena), Handler(H), GlobalBeforeSet(Bset) {}
1021
1022 bool inCurrentScope(const CapabilityExpr &CapE);
1023
1024 void addLock(FactSet &FSet, std::unique_ptr<FactEntry> Entry,
1025 bool ReqAttr = false);
1026 void removeLock(FactSet &FSet, const CapabilityExpr &CapE,
1027 SourceLocation UnlockLoc, bool FullyRemove, LockKind Kind);
1028
1029 template <typename AttrType>
1030 void getMutexIDs(CapExprSet &Mtxs, AttrType *Attr, const Expr *Exp,
1031 const NamedDecl *D, til::SExpr *Self = nullptr);
1032
1033 template <class AttrType>
1034 void getMutexIDs(CapExprSet &Mtxs, AttrType *Attr, const Expr *Exp,
1035 const NamedDecl *D,
1036 const CFGBlock *PredBlock, const CFGBlock *CurrBlock,
1037 Expr *BrE, bool Neg);
1038
1039 const CallExpr* getTrylockCallExpr(const Stmt *Cond, LocalVarContext C,
1040 bool &Negate);
1041
1042 void getEdgeLockset(FactSet &Result, const FactSet &ExitSet,
1043 const CFGBlock* PredBlock,
1044 const CFGBlock *CurrBlock);
1045
1046 bool join(const FactEntry &a, const FactEntry &b, bool CanModify);
1047
1048 void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,
1049 SourceLocation JoinLoc, LockErrorKind EntryLEK,
1050 LockErrorKind ExitLEK);
1051
1052 void intersectAndWarn(FactSet &EntrySet, const FactSet &ExitSet,
1053 SourceLocation JoinLoc, LockErrorKind LEK) {
1054 intersectAndWarn(EntrySet, ExitSet, JoinLoc, LEK, LEK);
1055 }
1056
1057 void runAnalysis(AnalysisDeclContext &AC);
1058
1059 void warnIfMutexNotHeld(const FactSet &FSet, const NamedDecl *D,
1060 const Expr *Exp, AccessKind AK, Expr *MutexExp,
1061 ProtectedOperationKind POK, til::LiteralPtr *Self,
1062 SourceLocation Loc);
1063 void warnIfMutexHeld(const FactSet &FSet, const NamedDecl *D, const Expr *Exp,
1064 Expr *MutexExp, til::LiteralPtr *Self,
1065 SourceLocation Loc);
1066
1067 void checkAccess(const FactSet &FSet, const Expr *Exp, AccessKind AK,
1068 ProtectedOperationKind POK);
1069 void checkPtAccess(const FactSet &FSet, const Expr *Exp, AccessKind AK,
1070 ProtectedOperationKind POK);
1071};
1072
1073} // namespace
1074
1075/// Process acquired_before and acquired_after attributes on Vd.
1076BeforeSet::BeforeInfo* BeforeSet::insertAttrExprs(const ValueDecl* Vd,
1077 ThreadSafetyAnalyzer& Analyzer) {
1078 // Create a new entry for Vd.
1079 BeforeInfo *Info = nullptr;
1080 {
1081 // Keep InfoPtr in its own scope in case BMap is modified later and the
1082 // reference becomes invalid.
1083 std::unique_ptr<BeforeInfo> &InfoPtr = BMap[Vd];
1084 if (!InfoPtr)
1085 InfoPtr.reset(new BeforeInfo());
1086 Info = InfoPtr.get();
1087 }
1088
1089 for (const auto *At : Vd->attrs()) {
1090 switch (At->getKind()) {
1091 case attr::AcquiredBefore: {
1092 const auto *A = cast<AcquiredBeforeAttr>(At);
1093
1094 // Read exprs from the attribute, and add them to BeforeVect.
1095 for (const auto *Arg : A->args()) {
1096 CapabilityExpr Cp =
1097 Analyzer.SxBuilder.translateAttrExpr(Arg, nullptr);
1098 if (const ValueDecl *Cpvd = Cp.valueDecl()) {
1099 Info->Vect.push_back(Cpvd);
1100 const auto It = BMap.find(Cpvd);
1101 if (It == BMap.end())
1102 insertAttrExprs(Cpvd, Analyzer);
1103 }
1104 }
1105 break;
1106 }
1107 case attr::AcquiredAfter: {
1108 const auto *A = cast<AcquiredAfterAttr>(At);
1109
1110 // Read exprs from the attribute, and add them to BeforeVect.
1111 for (const auto *Arg : A->args()) {
1112 CapabilityExpr Cp =
1113 Analyzer.SxBuilder.translateAttrExpr(Arg, nullptr);
1114 if (const ValueDecl *ArgVd = Cp.valueDecl()) {
1115 // Get entry for mutex listed in attribute
1116 BeforeInfo *ArgInfo = getBeforeInfoForDecl(ArgVd, Analyzer);
1117 ArgInfo->Vect.push_back(Vd);
1118 }
1119 }
1120 break;
1121 }
1122 default:
1123 break;
1124 }
1125 }
1126
1127 return Info;
1128}
1129
1130BeforeSet::BeforeInfo *
1131BeforeSet::getBeforeInfoForDecl(const ValueDecl *Vd,
1132 ThreadSafetyAnalyzer &Analyzer) {
1133 auto It = BMap.find(Vd);
1134 BeforeInfo *Info = nullptr;
1135 if (It == BMap.end())
1136 Info = insertAttrExprs(Vd, Analyzer);
1137 else
1138 Info = It->second.get();
1139 assert(Info && "BMap contained nullptr?");
1140 return Info;
1141}
1142
1143/// Return true if any mutexes in FSet are in the acquired_before set of Vd.
1144void BeforeSet::checkBeforeAfter(const ValueDecl* StartVd,
1145 const FactSet& FSet,
1146 ThreadSafetyAnalyzer& Analyzer,
1147 SourceLocation Loc, StringRef CapKind) {
1148 SmallVector<BeforeInfo*, 8> InfoVect;
1149
1150 // Do a depth-first traversal of Vd.
1151 // Return true if there are cycles.
1152 std::function<bool (const ValueDecl*)> traverse = [&](const ValueDecl* Vd) {
1153 if (!Vd)
1154 return false;
1155
1156 BeforeSet::BeforeInfo *Info = getBeforeInfoForDecl(Vd, Analyzer);
1157
1158 if (Info->Visited == 1)
1159 return true;
1160
1161 if (Info->Visited == 2)
1162 return false;
1163
1164 if (Info->Vect.empty())
1165 return false;
1166
1167 InfoVect.push_back(Info);
1168 Info->Visited = 1;
1169 for (const auto *Vdb : Info->Vect) {
1170 // Exclude mutexes in our immediate before set.
1171 if (FSet.containsMutexDecl(Analyzer.FactMan, Vdb)) {
1172 StringRef L1 = StartVd->getName();
1173 StringRef L2 = Vdb->getName();
1174 Analyzer.Handler.handleLockAcquiredBefore(CapKind, L1, L2, Loc);
1175 }
1176 // Transitively search other before sets, and warn on cycles.
1177 if (traverse(Vdb)) {
1178 if (!CycMap.contains(Vd)) {
1179 CycMap.insert(std::make_pair(Vd, true));
1180 StringRef L1 = Vd->getName();
1181 Analyzer.Handler.handleBeforeAfterCycle(L1, Vd->getLocation());
1182 }
1183 }
1184 }
1185 Info->Visited = 2;
1186 return false;
1187 };
1188
1189 traverse(StartVd);
1190
1191 for (auto *Info : InfoVect)
1192 Info->Visited = 0;
1193}
1194
1195/// Gets the value decl pointer from DeclRefExprs or MemberExprs.
1196static const ValueDecl *getValueDecl(const Expr *Exp) {
1197 if (const auto *CE = dyn_cast<ImplicitCastExpr>(Exp))
1198 return getValueDecl(CE->getSubExpr());
1199
1200 if (const auto *DR = dyn_cast<DeclRefExpr>(Exp))
1201 return DR->getDecl();
1202
1203 if (const auto *ME = dyn_cast<MemberExpr>(Exp))
1204 return ME->getMemberDecl();
1205
1206 return nullptr;
1207}
1208
1209namespace {
1210
1211template <typename Ty>
1212class has_arg_iterator_range {
1213 using yes = char[1];
1214 using no = char[2];
1215
1216 template <typename Inner>
1217 static yes& test(Inner *I, decltype(I->args()) * = nullptr);
1218
1219 template <typename>
1220 static no& test(...);
1221
1222public:
1223 static const bool value = sizeof(test<Ty>(nullptr)) == sizeof(yes);
1224};
1225
1226} // namespace
1227
1228bool ThreadSafetyAnalyzer::inCurrentScope(const CapabilityExpr &CapE) {
1229 const threadSafety::til::SExpr *SExp = CapE.sexpr();
1230 assert(SExp && "Null expressions should be ignored");
1231
1232 if (const auto *LP = dyn_cast<til::LiteralPtr>(SExp)) {
1233 const ValueDecl *VD = LP->clangDecl();
1234 // Variables defined in a function are always inaccessible.
1235 if (!VD || !VD->isDefinedOutsideFunctionOrMethod())
1236 return false;
1237 // For now we consider static class members to be inaccessible.
1238 if (isa<CXXRecordDecl>(VD->getDeclContext()))
1239 return false;
1240 // Global variables are always in scope.
1241 return true;
1242 }
1243
1244 // Members are in scope from methods of the same class.
1245 if (const auto *P = dyn_cast<til::Project>(SExp)) {
1246 if (!CurrentMethod)
1247 return false;
1248 const ValueDecl *VD = P->clangDecl();
1249 return VD->getDeclContext() == CurrentMethod->getDeclContext();
1250 }
1251
1252 return false;
1253}
1254
1255/// Add a new lock to the lockset, warning if the lock is already there.
1256/// \param ReqAttr -- true if this is part of an initial Requires attribute.
1257void ThreadSafetyAnalyzer::addLock(FactSet &FSet,
1258 std::unique_ptr<FactEntry> Entry,
1259 bool ReqAttr) {
1260 if (Entry->shouldIgnore())
1261 return;
1262
1263 if (!ReqAttr && !Entry->negative()) {
1264 // look for the negative capability, and remove it from the fact set.
1265 CapabilityExpr NegC = !*Entry;
1266 const FactEntry *Nen = FSet.findLock(FactMan, NegC);
1267 if (Nen) {
1268 FSet.removeLock(FactMan, NegC);
1269 }
1270 else {
1271 if (inCurrentScope(*Entry) && !Entry->asserted())
1272 Handler.handleNegativeNotHeld(Entry->getKind(), Entry->toString(),
1273 NegC.toString(), Entry->loc());
1274 }
1275 }
1276
1277 // Check before/after constraints
1278 if (Handler.issueBetaWarnings() &&
1279 !Entry->asserted() && !Entry->declared()) {
1280 GlobalBeforeSet->checkBeforeAfter(Entry->valueDecl(), FSet, *this,
1281 Entry->loc(), Entry->getKind());
1282 }
1283
1284 // FIXME: Don't always warn when we have support for reentrant locks.
1285 if (const FactEntry *Cp = FSet.findLock(FactMan, *Entry)) {
1286 if (!Entry->asserted())
1287 Cp->handleLock(FSet, FactMan, *Entry, Handler);
1288 } else {
1289 FSet.addLock(FactMan, std::move(Entry));
1290 }
1291}
1292
1293/// Remove a lock from the lockset, warning if the lock is not there.
1294/// \param UnlockLoc The source location of the unlock (only used in error msg)
1295void ThreadSafetyAnalyzer::removeLock(FactSet &FSet, const CapabilityExpr &Cp,
1296 SourceLocation UnlockLoc,
1297 bool FullyRemove, LockKind ReceivedKind) {
1298 if (Cp.shouldIgnore())
1299 return;
1300
1301 const FactEntry *LDat = FSet.findLock(FactMan, Cp);
1302 if (!LDat) {
1303 SourceLocation PrevLoc;
1304 if (const FactEntry *Neg = FSet.findLock(FactMan, !Cp))
1305 PrevLoc = Neg->loc();
1306 Handler.handleUnmatchedUnlock(Cp.getKind(), Cp.toString(), UnlockLoc,
1307 PrevLoc);
1308 return;
1309 }
1310
1311 // Generic lock removal doesn't care about lock kind mismatches, but
1312 // otherwise diagnose when the lock kinds are mismatched.
1313 if (ReceivedKind != LK_Generic && LDat->kind() != ReceivedKind) {
1314 Handler.handleIncorrectUnlockKind(Cp.getKind(), Cp.toString(), LDat->kind(),
1315 ReceivedKind, LDat->loc(), UnlockLoc);
1316 }
1317
1318 LDat->handleUnlock(FSet, FactMan, Cp, UnlockLoc, FullyRemove, Handler);
1319}
1320
1321/// Extract the list of mutexIDs from the attribute on an expression,
1322/// and push them onto Mtxs, discarding any duplicates.
1323template <typename AttrType>
1324void ThreadSafetyAnalyzer::getMutexIDs(CapExprSet &Mtxs, AttrType *Attr,
1325 const Expr *Exp, const NamedDecl *D,
1326 til::SExpr *Self) {
1327 if (Attr->args_size() == 0) {
1328 // The mutex held is the "this" object.
1329 CapabilityExpr Cp = SxBuilder.translateAttrExpr(nullptr, D, Exp, Self);
1330 if (Cp.isInvalid()) {
1331 warnInvalidLock(Handler, nullptr, D, Exp, Cp.getKind());
1332 return;
1333 }
1334 //else
1335 if (!Cp.shouldIgnore())
1336 Mtxs.push_back_nodup(Cp);
1337 return;
1338 }
1339
1340 for (const auto *Arg : Attr->args()) {
1341 CapabilityExpr Cp = SxBuilder.translateAttrExpr(Arg, D, Exp, Self);
1342 if (Cp.isInvalid()) {
1343 warnInvalidLock(Handler, nullptr, D, Exp, Cp.getKind());
1344 continue;
1345 }
1346 //else
1347 if (!Cp.shouldIgnore())
1348 Mtxs.push_back_nodup(Cp);
1349 }
1350}
1351
1352/// Extract the list of mutexIDs from a trylock attribute. If the
1353/// trylock applies to the given edge, then push them onto Mtxs, discarding
1354/// any duplicates.
1355template <class AttrType>
1356void ThreadSafetyAnalyzer::getMutexIDs(CapExprSet &Mtxs, AttrType *Attr,
1357 const Expr *Exp, const NamedDecl *D,
1358 const CFGBlock *PredBlock,
1359 const CFGBlock *CurrBlock,
1360 Expr *BrE, bool Neg) {
1361 // Find out which branch has the lock
1362 bool branch = false;
1363 if (const auto *BLE = dyn_cast_or_null<CXXBoolLiteralExpr>(BrE))
1364 branch = BLE->getValue();
1365 else if (const auto *ILE = dyn_cast_or_null<IntegerLiteral>(BrE))
1366 branch = ILE->getValue().getBoolValue();
1367
1368 int branchnum = branch ? 0 : 1;
1369 if (Neg)
1370 branchnum = !branchnum;
1371
1372 // If we've taken the trylock branch, then add the lock
1373 int i = 0;
1374 for (CFGBlock::const_succ_iterator SI = PredBlock->succ_begin(),
1375 SE = PredBlock->succ_end(); SI != SE && i < 2; ++SI, ++i) {
1376 if (*SI == CurrBlock && i == branchnum)
1377 getMutexIDs(Mtxs, Attr, Exp, D);
1378 }
1379}
1380
1381static bool getStaticBooleanValue(Expr *E, bool &TCond) {
1382 if (isa<CXXNullPtrLiteralExpr>(E) || isa<GNUNullExpr>(E)) {
1383 TCond = false;
1384 return true;
1385 } else if (const auto *BLE = dyn_cast<CXXBoolLiteralExpr>(E)) {
1386 TCond = BLE->getValue();
1387 return true;
1388 } else if (const auto *ILE = dyn_cast<IntegerLiteral>(E)) {
1389 TCond = ILE->getValue().getBoolValue();
1390 return true;
1391 } else if (auto *CE = dyn_cast<ImplicitCastExpr>(E))
1392 return getStaticBooleanValue(CE->getSubExpr(), TCond);
1393 return false;
1394}
1395
1396// If Cond can be traced back to a function call, return the call expression.
1397// The negate variable should be called with false, and will be set to true
1398// if the function call is negated, e.g. if (!mu.tryLock(...))
1399const CallExpr* ThreadSafetyAnalyzer::getTrylockCallExpr(const Stmt *Cond,
1400 LocalVarContext C,
1401 bool &Negate) {
1402 if (!Cond)
1403 return nullptr;
1404
1405 if (const auto *CallExp = dyn_cast<CallExpr>(Cond)) {
1406 if (CallExp->getBuiltinCallee() == Builtin::BI__builtin_expect)
1407 return getTrylockCallExpr(CallExp->getArg(0), C, Negate);
1408 return CallExp;
1409 }
1410 else if (const auto *PE = dyn_cast<ParenExpr>(Cond))
1411 return getTrylockCallExpr(PE->getSubExpr(), C, Negate);
1412 else if (const auto *CE = dyn_cast<ImplicitCastExpr>(Cond))
1413 return getTrylockCallExpr(CE->getSubExpr(), C, Negate);
1414 else if (const auto *FE = dyn_cast<FullExpr>(Cond))
1415 return getTrylockCallExpr(FE->getSubExpr(), C, Negate);
1416 else if (const auto *DRE = dyn_cast<DeclRefExpr>(Cond)) {
1417 const Expr *E = LocalVarMap.lookupExpr(DRE->getDecl(), C);
1418 return getTrylockCallExpr(E, C, Negate);
1419 }
1420 else if (const auto *UOP = dyn_cast<UnaryOperator>(Cond)) {
1421 if (UOP->getOpcode() == UO_LNot) {
1422 Negate = !Negate;
1423 return getTrylockCallExpr(UOP->getSubExpr(), C, Negate);
1424 }
1425 return nullptr;
1426 }
1427 else if (const auto *BOP = dyn_cast<BinaryOperator>(Cond)) {
1428 if (BOP->getOpcode() == BO_EQ || BOP->getOpcode() == BO_NE) {
1429 if (BOP->getOpcode() == BO_NE)
1430 Negate = !Negate;
1431
1432 bool TCond = false;
1433 if (getStaticBooleanValue(BOP->getRHS(), TCond)) {
1434 if (!TCond) Negate = !Negate;
1435 return getTrylockCallExpr(BOP->getLHS(), C, Negate);
1436 }
1437 TCond = false;
1438 if (getStaticBooleanValue(BOP->getLHS(), TCond)) {
1439 if (!TCond) Negate = !Negate;
1440 return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1441 }
1442 return nullptr;
1443 }
1444 if (BOP->getOpcode() == BO_LAnd) {
1445 // LHS must have been evaluated in a different block.
1446 return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1447 }
1448 if (BOP->getOpcode() == BO_LOr)
1449 return getTrylockCallExpr(BOP->getRHS(), C, Negate);
1450 return nullptr;
1451 } else if (const auto *COP = dyn_cast<ConditionalOperator>(Cond)) {
1452 bool TCond, FCond;
1453 if (getStaticBooleanValue(COP->getTrueExpr(), TCond) &&
1454 getStaticBooleanValue(COP->getFalseExpr(), FCond)) {
1455 if (TCond && !FCond)
1456 return getTrylockCallExpr(COP->getCond(), C, Negate);
1457 if (!TCond && FCond) {
1458 Negate = !Negate;
1459 return getTrylockCallExpr(COP->getCond(), C, Negate);
1460 }
1461 }
1462 }
1463 return nullptr;
1464}
1465
1466/// Find the lockset that holds on the edge between PredBlock
1467/// and CurrBlock. The edge set is the exit set of PredBlock (passed
1468/// as the ExitSet parameter) plus any trylocks, which are conditionally held.
1469void ThreadSafetyAnalyzer::getEdgeLockset(FactSet& Result,
1470 const FactSet &ExitSet,
1471 const CFGBlock *PredBlock,
1472 const CFGBlock *CurrBlock) {
1473 Result = ExitSet;
1474
1475 const Stmt *Cond = PredBlock->getTerminatorCondition();
1476 // We don't acquire try-locks on ?: branches, only when its result is used.
1477 if (!Cond || isa<ConditionalOperator>(PredBlock->getTerminatorStmt()))
1478 return;
1479
1480 bool Negate = false;
1481 const CFGBlockInfo *PredBlockInfo = &BlockInfo[PredBlock->getBlockID()];
1482 const LocalVarContext &LVarCtx = PredBlockInfo->ExitContext;
1483
1484 const auto *Exp = getTrylockCallExpr(Cond, LVarCtx, Negate);
1485 if (!Exp)
1486 return;
1487
1488 auto *FunDecl = dyn_cast_or_null<NamedDecl>(Exp->getCalleeDecl());
1489 if(!FunDecl || !FunDecl->hasAttrs())
1490 return;
1491
1492 CapExprSet ExclusiveLocksToAdd;
1493 CapExprSet SharedLocksToAdd;
1494
1495 // If the condition is a call to a Trylock function, then grab the attributes
1496 for (const auto *Attr : FunDecl->attrs()) {
1497 switch (Attr->getKind()) {
1498 case attr::TryAcquireCapability: {
1499 auto *A = cast<TryAcquireCapabilityAttr>(Attr);
1500 getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
1501 Exp, FunDecl, PredBlock, CurrBlock, A->getSuccessValue(),
1502 Negate);
1503 break;
1504 };
1505 case attr::ExclusiveTrylockFunction: {
1506 const auto *A = cast<ExclusiveTrylockFunctionAttr>(Attr);
1507 getMutexIDs(ExclusiveLocksToAdd, A, Exp, FunDecl, PredBlock, CurrBlock,
1508 A->getSuccessValue(), Negate);
1509 break;
1510 }
1511 case attr::SharedTrylockFunction: {
1512 const auto *A = cast<SharedTrylockFunctionAttr>(Attr);
1513 getMutexIDs(SharedLocksToAdd, A, Exp, FunDecl, PredBlock, CurrBlock,
1514 A->getSuccessValue(), Negate);
1515 break;
1516 }
1517 default:
1518 break;
1519 }
1520 }
1521
1522 // Add and remove locks.
1523 SourceLocation Loc = Exp->getExprLoc();
1524 for (const auto &ExclusiveLockToAdd : ExclusiveLocksToAdd)
1525 addLock(Result, std::make_unique<LockableFactEntry>(ExclusiveLockToAdd,
1526 LK_Exclusive, Loc));
1527 for (const auto &SharedLockToAdd : SharedLocksToAdd)
1528 addLock(Result, std::make_unique<LockableFactEntry>(SharedLockToAdd,
1529 LK_Shared, Loc));
1530}
1531
1532namespace {
1533
1534/// We use this class to visit different types of expressions in
1535/// CFGBlocks, and build up the lockset.
1536/// An expression may cause us to add or remove locks from the lockset, or else
1537/// output error messages related to missing locks.
1538/// FIXME: In future, we may be able to not inherit from a visitor.
1539class BuildLockset : public ConstStmtVisitor<BuildLockset> {
1540 friend class ThreadSafetyAnalyzer;
1541
1542 ThreadSafetyAnalyzer *Analyzer;
1543 FactSet FSet;
1544 /// Maps constructed objects to `this` placeholder prior to initialization.
1545 llvm::SmallDenseMap<const Expr *, til::LiteralPtr *> ConstructedObjects;
1546 LocalVariableMap::Context LVarCtx;
1547 unsigned CtxIndex;
1548
1549 // helper functions
1550
1551 void checkAccess(const Expr *Exp, AccessKind AK,
1552 ProtectedOperationKind POK = POK_VarAccess) {
1553 Analyzer->checkAccess(FSet, Exp, AK, POK);
1554 }
1555 void checkPtAccess(const Expr *Exp, AccessKind AK,
1556 ProtectedOperationKind POK = POK_VarAccess) {
1557 Analyzer->checkPtAccess(FSet, Exp, AK, POK);
1558 }
1559
1560 void handleCall(const Expr *Exp, const NamedDecl *D,
1561 til::LiteralPtr *Self = nullptr,
1562 SourceLocation Loc = SourceLocation());
1563 void examineArguments(const FunctionDecl *FD,
1564 CallExpr::const_arg_iterator ArgBegin,
1565 CallExpr::const_arg_iterator ArgEnd,
1566 bool SkipFirstParam = false);
1567
1568public:
1569 BuildLockset(ThreadSafetyAnalyzer *Anlzr, CFGBlockInfo &Info)
1570 : ConstStmtVisitor<BuildLockset>(), Analyzer(Anlzr), FSet(Info.EntrySet),
1571 LVarCtx(Info.EntryContext), CtxIndex(Info.EntryIndex) {}
1572
1573 void VisitUnaryOperator(const UnaryOperator *UO);
1574 void VisitBinaryOperator(const BinaryOperator *BO);
1575 void VisitCastExpr(const CastExpr *CE);
1576 void VisitCallExpr(const CallExpr *Exp);
1577 void VisitCXXConstructExpr(const CXXConstructExpr *Exp);
1578 void VisitDeclStmt(const DeclStmt *S);
1579 void VisitMaterializeTemporaryExpr(const MaterializeTemporaryExpr *Exp);
1580};
1581
1582} // namespace
1583
1584/// Warn if the LSet does not contain a lock sufficient to protect access
1585/// of at least the passed in AccessKind.
1586void ThreadSafetyAnalyzer::warnIfMutexNotHeld(
1587 const FactSet &FSet, const NamedDecl *D, const Expr *Exp, AccessKind AK,
1588 Expr *MutexExp, ProtectedOperationKind POK, til::LiteralPtr *Self,
1589 SourceLocation Loc) {
1590 LockKind LK = getLockKindFromAccessKind(AK);
1591 CapabilityExpr Cp = SxBuilder.translateAttrExpr(MutexExp, D, Exp, Self);
1592 if (Cp.isInvalid()) {
1593 warnInvalidLock(Handler, MutexExp, D, Exp, Cp.getKind());
1594 return;
1595 } else if (Cp.shouldIgnore()) {
1596 return;
1597 }
1598
1599 if (Cp.negative()) {
1600 // Negative capabilities act like locks excluded
1601 const FactEntry *LDat = FSet.findLock(FactMan, !Cp);
1602 if (LDat) {
1603 Handler.handleFunExcludesLock(Cp.getKind(), D->getNameAsString(),
1604 (!Cp).toString(), Loc);
1605 return;
1606 }
1607
1608 // If this does not refer to a negative capability in the same class,
1609 // then stop here.
1610 if (!inCurrentScope(Cp))
1611 return;
1612
1613 // Otherwise the negative requirement must be propagated to the caller.
1614 LDat = FSet.findLock(FactMan, Cp);
1615 if (!LDat) {
1616 Handler.handleNegativeNotHeld(D, Cp.toString(), Loc);
1617 }
1618 return;
1619 }
1620
1621 const FactEntry *LDat = FSet.findLockUniv(FactMan, Cp);
1622 bool NoError = true;
1623 if (!LDat) {
1624 // No exact match found. Look for a partial match.
1625 LDat = FSet.findPartialMatch(FactMan, Cp);
1626 if (LDat) {
1627 // Warn that there's no precise match.
1628 std::string PartMatchStr = LDat->toString();
1629 StringRef PartMatchName(PartMatchStr);
1630 Handler.handleMutexNotHeld(Cp.getKind(), D, POK, Cp.toString(), LK, Loc,
1631 &PartMatchName);
1632 } else {
1633 // Warn that there's no match at all.
1634 Handler.handleMutexNotHeld(Cp.getKind(), D, POK, Cp.toString(), LK, Loc);
1635 }
1636 NoError = false;
1637 }
1638 // Make sure the mutex we found is the right kind.
1639 if (NoError && LDat && !LDat->isAtLeast(LK)) {
1640 Handler.handleMutexNotHeld(Cp.getKind(), D, POK, Cp.toString(), LK, Loc);
1641 }
1642}
1643
1644/// Warn if the LSet contains the given lock.
1645void ThreadSafetyAnalyzer::warnIfMutexHeld(const FactSet &FSet,
1646 const NamedDecl *D, const Expr *Exp,
1647 Expr *MutexExp,
1648 til::LiteralPtr *Self,
1649 SourceLocation Loc) {
1650 CapabilityExpr Cp = SxBuilder.translateAttrExpr(MutexExp, D, Exp, Self);
1651 if (Cp.isInvalid()) {
1652 warnInvalidLock(Handler, MutexExp, D, Exp, Cp.getKind());
1653 return;
1654 } else if (Cp.shouldIgnore()) {
1655 return;
1656 }
1657
1658 const FactEntry *LDat = FSet.findLock(FactMan, Cp);
1659 if (LDat) {
1660 Handler.handleFunExcludesLock(Cp.getKind(), D->getNameAsString(),
1661 Cp.toString(), Loc);
1662 }
1663}
1664
1665/// Checks guarded_by and pt_guarded_by attributes.
1666/// Whenever we identify an access (read or write) to a DeclRefExpr that is
1667/// marked with guarded_by, we must ensure the appropriate mutexes are held.
1668/// Similarly, we check if the access is to an expression that dereferences
1669/// a pointer marked with pt_guarded_by.
1670void ThreadSafetyAnalyzer::checkAccess(const FactSet &FSet, const Expr *Exp,
1671 AccessKind AK,
1672 ProtectedOperationKind POK) {
1673 Exp = Exp->IgnoreImplicit()->IgnoreParenCasts();
1674
1675 SourceLocation Loc = Exp->getExprLoc();
1676
1677 // Local variables of reference type cannot be re-assigned;
1678 // map them to their initializer.
1679 while (const auto *DRE = dyn_cast<DeclRefExpr>(Exp)) {
1680 const auto *VD = dyn_cast<VarDecl>(DRE->getDecl()->getCanonicalDecl());
1681 if (VD && VD->isLocalVarDecl() && VD->getType()->isReferenceType()) {
1682 if (const auto *E = VD->getInit()) {
1683 // Guard against self-initialization. e.g., int &i = i;
1684 if (E == Exp)
1685 break;
1686 Exp = E;
1687 continue;
1688 }
1689 }
1690 break;
1691 }
1692
1693 if (const auto *UO = dyn_cast<UnaryOperator>(Exp)) {
1694 // For dereferences
1695 if (UO->getOpcode() == UO_Deref)
1696 checkPtAccess(FSet, UO->getSubExpr(), AK, POK);
1697 return;
1698 }
1699
1700 if (const auto *BO = dyn_cast<BinaryOperator>(Exp)) {
1701 switch (BO->getOpcode()) {
1702 case BO_PtrMemD: // .*
1703 return checkAccess(FSet, BO->getLHS(), AK, POK);
1704 case BO_PtrMemI: // ->*
1705 return checkPtAccess(FSet, BO->getLHS(), AK, POK);
1706 default:
1707 return;
1708 }
1709 }
1710
1711 if (const auto *AE = dyn_cast<ArraySubscriptExpr>(Exp)) {
1712 checkPtAccess(FSet, AE->getLHS(), AK, POK);
1713 return;
1714 }
1715
1716 if (const auto *ME = dyn_cast<MemberExpr>(Exp)) {
1717 if (ME->isArrow())
1718 checkPtAccess(FSet, ME->getBase(), AK, POK);
1719 else
1720 checkAccess(FSet, ME->getBase(), AK, POK);
1721 }
1722
1723 const ValueDecl *D = getValueDecl(Exp);
1724 if (!D || !D->hasAttrs())
1725 return;
1726
1727 if (D->hasAttr<GuardedVarAttr>() && FSet.isEmpty(FactMan)) {
1728 Handler.handleNoMutexHeld(D, POK, AK, Loc);
1729 }
1730
1731 for (const auto *I : D->specific_attrs<GuardedByAttr>())
1732 warnIfMutexNotHeld(FSet, D, Exp, AK, I->getArg(), POK, nullptr, Loc);
1733}
1734
1735/// Checks pt_guarded_by and pt_guarded_var attributes.
1736/// POK is the same operationKind that was passed to checkAccess.
1737void ThreadSafetyAnalyzer::checkPtAccess(const FactSet &FSet, const Expr *Exp,
1738 AccessKind AK,
1739 ProtectedOperationKind POK) {
1740 while (true) {
1741 if (const auto *PE = dyn_cast<ParenExpr>(Exp)) {
1742 Exp = PE->getSubExpr();
1743 continue;
1744 }
1745 if (const auto *CE = dyn_cast<CastExpr>(Exp)) {
1746 if (CE->getCastKind() == CK_ArrayToPointerDecay) {
1747 // If it's an actual array, and not a pointer, then it's elements
1748 // are protected by GUARDED_BY, not PT_GUARDED_BY;
1749 checkAccess(FSet, CE->getSubExpr(), AK, POK);
1750 return;
1751 }
1752 Exp = CE->getSubExpr();
1753 continue;
1754 }
1755 break;
1756 }
1757
1758 // Pass by reference warnings are under a different flag.
1759 ProtectedOperationKind PtPOK = POK_VarDereference;
1760 if (POK == POK_PassByRef) PtPOK = POK_PtPassByRef;
1761
1762 const ValueDecl *D = getValueDecl(Exp);
1763 if (!D || !D->hasAttrs())
1764 return;
1765
1766 if (D->hasAttr<PtGuardedVarAttr>() && FSet.isEmpty(FactMan))
1767 Handler.handleNoMutexHeld(D, PtPOK, AK, Exp->getExprLoc());
1768
1769 for (auto const *I : D->specific_attrs<PtGuardedByAttr>())
1770 warnIfMutexNotHeld(FSet, D, Exp, AK, I->getArg(), PtPOK, nullptr,
1771 Exp->getExprLoc());
1772}
1773
1774/// Process a function call, method call, constructor call,
1775/// or destructor call. This involves looking at the attributes on the
1776/// corresponding function/method/constructor/destructor, issuing warnings,
1777/// and updating the locksets accordingly.
1778///
1779/// FIXME: For classes annotated with one of the guarded annotations, we need
1780/// to treat const method calls as reads and non-const method calls as writes,
1781/// and check that the appropriate locks are held. Non-const method calls with
1782/// the same signature as const method calls can be also treated as reads.
1783///
1784/// \param Exp The call expression.
1785/// \param D The callee declaration.
1786/// \param Self If \p Exp = nullptr, the implicit this argument or the argument
1787/// of an implicitly called cleanup function.
1788/// \param Loc If \p Exp = nullptr, the location.
1789void BuildLockset::handleCall(const Expr *Exp, const NamedDecl *D,
1790 til::LiteralPtr *Self, SourceLocation Loc) {
1791 CapExprSet ExclusiveLocksToAdd, SharedLocksToAdd;
1792 CapExprSet ExclusiveLocksToRemove, SharedLocksToRemove, GenericLocksToRemove;
1793 CapExprSet ScopedReqsAndExcludes;
1794
1795 // Figure out if we're constructing an object of scoped lockable class
1796 CapabilityExpr Scp;
1797 if (Exp) {
1798 assert(!Self);
1799 const auto *TagT = Exp->getType()->getAs<TagType>();
1800 if (TagT && Exp->isPRValue()) {
1801 std::pair<til::LiteralPtr *, StringRef> Placeholder =
1802 Analyzer->SxBuilder.createThisPlaceholder(Exp);
1803 [[maybe_unused]] auto inserted =
1804 ConstructedObjects.insert({Exp, Placeholder.first});
1805 assert(inserted.second && "Are we visiting the same expression again?");
1806 if (isa<CXXConstructExpr>(Exp))
1807 Self = Placeholder.first;
1808 if (TagT->getDecl()->hasAttr<ScopedLockableAttr>())
1809 Scp = CapabilityExpr(Placeholder.first, Placeholder.second, false);
1810 }
1811
1812 assert(Loc.isInvalid());
1813 Loc = Exp->getExprLoc();
1814 }
1815
1816 for(const Attr *At : D->attrs()) {
1817 switch (At->getKind()) {
1818 // When we encounter a lock function, we need to add the lock to our
1819 // lockset.
1820 case attr::AcquireCapability: {
1821 const auto *A = cast<AcquireCapabilityAttr>(At);
1822 Analyzer->getMutexIDs(A->isShared() ? SharedLocksToAdd
1823 : ExclusiveLocksToAdd,
1824 A, Exp, D, Self);
1825 break;
1826 }
1827
1828 // An assert will add a lock to the lockset, but will not generate
1829 // a warning if it is already there, and will not generate a warning
1830 // if it is not removed.
1831 case attr::AssertExclusiveLock: {
1832 const auto *A = cast<AssertExclusiveLockAttr>(At);
1833
1834 CapExprSet AssertLocks;
1835 Analyzer->getMutexIDs(AssertLocks, A, Exp, D, Self);
1836 for (const auto &AssertLock : AssertLocks)
1837 Analyzer->addLock(
1838 FSet, std::make_unique<LockableFactEntry>(
1839 AssertLock, LK_Exclusive, Loc, FactEntry::Asserted));
1840 break;
1841 }
1842 case attr::AssertSharedLock: {
1843 const auto *A = cast<AssertSharedLockAttr>(At);
1844
1845 CapExprSet AssertLocks;
1846 Analyzer->getMutexIDs(AssertLocks, A, Exp, D, Self);
1847 for (const auto &AssertLock : AssertLocks)
1848 Analyzer->addLock(
1849 FSet, std::make_unique<LockableFactEntry>(
1850 AssertLock, LK_Shared, Loc, FactEntry::Asserted));
1851 break;
1852 }
1853
1854 case attr::AssertCapability: {
1855 const auto *A = cast<AssertCapabilityAttr>(At);
1856 CapExprSet AssertLocks;
1857 Analyzer->getMutexIDs(AssertLocks, A, Exp, D, Self);
1858 for (const auto &AssertLock : AssertLocks)
1859 Analyzer->addLock(FSet, std::make_unique<LockableFactEntry>(
1860 AssertLock,
1861 A->isShared() ? LK_Shared : LK_Exclusive,
1862 Loc, FactEntry::Asserted));
1863 break;
1864 }
1865
1866 // When we encounter an unlock function, we need to remove unlocked
1867 // mutexes from the lockset, and flag a warning if they are not there.
1868 case attr::ReleaseCapability: {
1869 const auto *A = cast<ReleaseCapabilityAttr>(At);
1870 if (A->isGeneric())
1871 Analyzer->getMutexIDs(GenericLocksToRemove, A, Exp, D, Self);
1872 else if (A->isShared())
1873 Analyzer->getMutexIDs(SharedLocksToRemove, A, Exp, D, Self);
1874 else
1875 Analyzer->getMutexIDs(ExclusiveLocksToRemove, A, Exp, D, Self);
1876 break;
1877 }
1878
1879 case attr::RequiresCapability: {
1880 const auto *A = cast<RequiresCapabilityAttr>(At);
1881 for (auto *Arg : A->args()) {
1882 Analyzer->warnIfMutexNotHeld(FSet, D, Exp,
1883 A->isShared() ? AK_Read : AK_Written,
1884 Arg, POK_FunctionCall, Self, Loc);
1885 // use for adopting a lock
1886 if (!Scp.shouldIgnore())
1887 Analyzer->getMutexIDs(ScopedReqsAndExcludes, A, Exp, D, Self);
1888 }
1889 break;
1890 }
1891
1892 case attr::LocksExcluded: {
1893 const auto *A = cast<LocksExcludedAttr>(At);
1894 for (auto *Arg : A->args()) {
1895 Analyzer->warnIfMutexHeld(FSet, D, Exp, Arg, Self, Loc);
1896 // use for deferring a lock
1897 if (!Scp.shouldIgnore())
1898 Analyzer->getMutexIDs(ScopedReqsAndExcludes, A, Exp, D, Self);
1899 }
1900 break;
1901 }
1902
1903 // Ignore attributes unrelated to thread-safety
1904 default:
1905 break;
1906 }
1907 }
1908
1909 // Remove locks first to allow lock upgrading/downgrading.
1910 // FIXME -- should only fully remove if the attribute refers to 'this'.
1911 bool Dtor = isa<CXXDestructorDecl>(D);
1912 for (const auto &M : ExclusiveLocksToRemove)
1913 Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Exclusive);
1914 for (const auto &M : SharedLocksToRemove)
1915 Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Shared);
1916 for (const auto &M : GenericLocksToRemove)
1917 Analyzer->removeLock(FSet, M, Loc, Dtor, LK_Generic);
1918
1919 // Add locks.
1920 FactEntry::SourceKind Source =
1921 !Scp.shouldIgnore() ? FactEntry::Managed : FactEntry::Acquired;
1922 for (const auto &M : ExclusiveLocksToAdd)
1923 Analyzer->addLock(FSet, std::make_unique<LockableFactEntry>(M, LK_Exclusive,
1924 Loc, Source));
1925 for (const auto &M : SharedLocksToAdd)
1926 Analyzer->addLock(
1927 FSet, std::make_unique<LockableFactEntry>(M, LK_Shared, Loc, Source));
1928
1929 if (!Scp.shouldIgnore()) {
1930 // Add the managing object as a dummy mutex, mapped to the underlying mutex.
1931 auto ScopedEntry = std::make_unique<ScopedLockableFactEntry>(Scp, Loc);
1932 for (const auto &M : ExclusiveLocksToAdd)
1933 ScopedEntry->addLock(M);
1934 for (const auto &M : SharedLocksToAdd)
1935 ScopedEntry->addLock(M);
1936 for (const auto &M : ScopedReqsAndExcludes)
1937 ScopedEntry->addLock(M);
1938 for (const auto &M : ExclusiveLocksToRemove)
1939 ScopedEntry->addExclusiveUnlock(M);
1940 for (const auto &M : SharedLocksToRemove)
1941 ScopedEntry->addSharedUnlock(M);
1942 Analyzer->addLock(FSet, std::move(ScopedEntry));
1943 }
1944}
1945
1946/// For unary operations which read and write a variable, we need to
1947/// check whether we hold any required mutexes. Reads are checked in
1948/// VisitCastExpr.
1949void BuildLockset::VisitUnaryOperator(const UnaryOperator *UO) {
1950 switch (UO->getOpcode()) {
1951 case UO_PostDec:
1952 case UO_PostInc:
1953 case UO_PreDec:
1954 case UO_PreInc:
1955 checkAccess(UO->getSubExpr(), AK_Written);
1956 break;
1957 default:
1958 break;
1959 }
1960}
1961
1962/// For binary operations which assign to a variable (writes), we need to check
1963/// whether we hold any required mutexes.
1964/// FIXME: Deal with non-primitive types.
1965void BuildLockset::VisitBinaryOperator(const BinaryOperator *BO) {
1966 if (!BO->isAssignmentOp())
1967 return;
1968
1969 // adjust the context
1970 LVarCtx = Analyzer->LocalVarMap.getNextContext(CtxIndex, BO, LVarCtx);
1971
1972 checkAccess(BO->getLHS(), AK_Written);
1973}
1974
1975/// Whenever we do an LValue to Rvalue cast, we are reading a variable and
1976/// need to ensure we hold any required mutexes.
1977/// FIXME: Deal with non-primitive types.
1978void BuildLockset::VisitCastExpr(const CastExpr *CE) {
1979 if (CE->getCastKind() != CK_LValueToRValue)
1980 return;
1981 checkAccess(CE->getSubExpr(), AK_Read);
1982}
1983
1984void BuildLockset::examineArguments(const FunctionDecl *FD,
1985 CallExpr::const_arg_iterator ArgBegin,
1986 CallExpr::const_arg_iterator ArgEnd,
1987 bool SkipFirstParam) {
1988 // Currently we can't do anything if we don't know the function declaration.
1989 if (!FD)
1990 return;
1991
1992 // NO_THREAD_SAFETY_ANALYSIS does double duty here. Normally it
1993 // only turns off checking within the body of a function, but we also
1994 // use it to turn off checking in arguments to the function. This
1995 // could result in some false negatives, but the alternative is to
1996 // create yet another attribute.
1997 if (FD->hasAttr<NoThreadSafetyAnalysisAttr>())
1998 return;
1999
2000 const ArrayRef<ParmVarDecl *> Params = FD->parameters();
2001 auto Param = Params.begin();
2002 if (SkipFirstParam)
2003 ++Param;
2004
2005 // There can be default arguments, so we stop when one iterator is at end().
2006 for (auto Arg = ArgBegin; Param != Params.end() && Arg != ArgEnd;
2007 ++Param, ++Arg) {
2008 QualType Qt = (*Param)->getType();
2009 if (Qt->isReferenceType())
2010 checkAccess(*Arg, AK_Read, POK_PassByRef);
2011 }
2012}
2013
2014void BuildLockset::VisitCallExpr(const CallExpr *Exp) {
2015 if (const auto *CE = dyn_cast<CXXMemberCallExpr>(Exp)) {
2016 const auto *ME = dyn_cast<MemberExpr>(CE->getCallee());
2017 // ME can be null when calling a method pointer
2018 const CXXMethodDecl *MD = CE->getMethodDecl();
2019
2020 if (ME && MD) {
2021 if (ME->isArrow()) {
2022 // Should perhaps be AK_Written if !MD->isConst().
2023 checkPtAccess(CE->getImplicitObjectArgument(), AK_Read);
2024 } else {
2025 // Should perhaps be AK_Written if !MD->isConst().
2026 checkAccess(CE->getImplicitObjectArgument(), AK_Read);
2027 }
2028 }
2029
2030 examineArguments(CE->getDirectCallee(), CE->arg_begin(), CE->arg_end());
2031 } else if (const auto *OE = dyn_cast<CXXOperatorCallExpr>(Exp)) {
2032 OverloadedOperatorKind OEop = OE->getOperator();
2033 switch (OEop) {
2034 case OO_Equal:
2035 case OO_PlusEqual:
2036 case OO_MinusEqual:
2037 case OO_StarEqual:
2038 case OO_SlashEqual:
2039 case OO_PercentEqual:
2040 case OO_CaretEqual:
2041 case OO_AmpEqual:
2042 case OO_PipeEqual:
2043 case OO_LessLessEqual:
2044 case OO_GreaterGreaterEqual:
2045 checkAccess(OE->getArg(1), AK_Read);
2046 [[fallthrough]];
2047 case OO_PlusPlus:
2048 case OO_MinusMinus:
2049 checkAccess(OE->getArg(0), AK_Written);
2050 break;
2051 case OO_Star:
2052 case OO_ArrowStar:
2053 case OO_Arrow:
2054 case OO_Subscript:
2055 if (!(OEop == OO_Star && OE->getNumArgs() > 1)) {
2056 // Grrr. operator* can be multiplication...
2057 checkPtAccess(OE->getArg(0), AK_Read);
2058 }
2059 [[fallthrough]];
2060 default: {
2061 // TODO: get rid of this, and rely on pass-by-ref instead.
2062 const Expr *Obj = OE->getArg(0);
2063 checkAccess(Obj, AK_Read);
2064 // Check the remaining arguments. For method operators, the first
2065 // argument is the implicit self argument, and doesn't appear in the
2066 // FunctionDecl, but for non-methods it does.
2067 const FunctionDecl *FD = OE->getDirectCallee();
2068 examineArguments(FD, std::next(OE->arg_begin()), OE->arg_end(),
2069 /*SkipFirstParam*/ !isa<CXXMethodDecl>(FD));
2070 break;
2071 }
2072 }
2073 } else {
2074 examineArguments(Exp->getDirectCallee(), Exp->arg_begin(), Exp->arg_end());
2075 }
2076
2077 auto *D = dyn_cast_or_null<NamedDecl>(Exp->getCalleeDecl());
2078 if(!D || !D->hasAttrs())
2079 return;
2080 handleCall(Exp, D);
2081}
2082
2083void BuildLockset::VisitCXXConstructExpr(const CXXConstructExpr *Exp) {
2084 const CXXConstructorDecl *D = Exp->getConstructor();
2085 if (D && D->isCopyConstructor()) {
2086 const Expr* Source = Exp->getArg(0);
2087 checkAccess(Source, AK_Read);
2088 } else {
2089 examineArguments(D, Exp->arg_begin(), Exp->arg_end());
2090 }
2091 if (D && D->hasAttrs())
2092 handleCall(Exp, D);
2093}
2094
2095static const Expr *UnpackConstruction(const Expr *E) {
2096 if (auto *CE = dyn_cast<CastExpr>(E))
2097 if (CE->getCastKind() == CK_NoOp)
2098 E = CE->getSubExpr()->IgnoreParens();
2099 if (auto *CE = dyn_cast<CastExpr>(E))
2100 if (CE->getCastKind() == CK_ConstructorConversion ||
2101 CE->getCastKind() == CK_UserDefinedConversion)
2102 E = CE->getSubExpr();
2103 if (auto *BTE = dyn_cast<CXXBindTemporaryExpr>(E))
2104 E = BTE->getSubExpr();
2105 return E;
2106}
2107
2108void BuildLockset::VisitDeclStmt(const DeclStmt *S) {
2109 // adjust the context
2110 LVarCtx = Analyzer->LocalVarMap.getNextContext(CtxIndex, S, LVarCtx);
2111
2112 for (auto *D : S->getDeclGroup()) {
2113 if (auto *VD = dyn_cast_or_null<VarDecl>(D)) {
2114 const Expr *E = VD->getInit();
2115 if (!E)
2116 continue;
2117 E = E->IgnoreParens();
2118
2119 // handle constructors that involve temporaries
2120 if (auto *EWC = dyn_cast<ExprWithCleanups>(E))
2121 E = EWC->getSubExpr()->IgnoreParens();
2122 E = UnpackConstruction(E);
2123
2124 if (auto Object = ConstructedObjects.find(E);
2125 Object != ConstructedObjects.end()) {
2126 Object->second->setClangDecl(VD);
2127 ConstructedObjects.erase(Object);
2128 }
2129 }
2130 }
2131}
2132
2133void BuildLockset::VisitMaterializeTemporaryExpr(
2134 const MaterializeTemporaryExpr *Exp) {
2135 if (const ValueDecl *ExtD = Exp->getExtendingDecl()) {
2136 if (auto Object =
2137 ConstructedObjects.find(UnpackConstruction(Exp->getSubExpr()));
2138 Object != ConstructedObjects.end()) {
2139 Object->second->setClangDecl(ExtD);
2140 ConstructedObjects.erase(Object);
2141 }
2142 }
2143}
2144
2145/// Given two facts merging on a join point, possibly warn and decide whether to
2146/// keep or replace.
2147///
2148/// \param CanModify Whether we can replace \p A by \p B.
2149/// \return false if we should keep \p A, true if we should take \p B.
2150bool ThreadSafetyAnalyzer::join(const FactEntry &A, const FactEntry &B,
2151 bool CanModify) {
2152 if (A.kind() != B.kind()) {
2153 // For managed capabilities, the destructor should unlock in the right mode
2154 // anyway. For asserted capabilities no unlocking is needed.
2155 if ((A.managed() || A.asserted()) && (B.managed() || B.asserted())) {
2156 // The shared capability subsumes the exclusive capability, if possible.
2157 bool ShouldTakeB = B.kind() == LK_Shared;
2158 if (CanModify || !ShouldTakeB)
2159 return ShouldTakeB;
2160 }
2161 Handler.handleExclusiveAndShared(B.getKind(), B.toString(), B.loc(),
2162 A.loc());
2163 // Take the exclusive capability to reduce further warnings.
2164 return CanModify && B.kind() == LK_Exclusive;
2165 } else {
2166 // The non-asserted capability is the one we want to track.
2167 return CanModify && A.asserted() && !B.asserted();
2168 }
2169}
2170
2171/// Compute the intersection of two locksets and issue warnings for any
2172/// locks in the symmetric difference.
2173///
2174/// This function is used at a merge point in the CFG when comparing the lockset
2175/// of each branch being merged. For example, given the following sequence:
2176/// A; if () then B; else C; D; we need to check that the lockset after B and C
2177/// are the same. In the event of a difference, we use the intersection of these
2178/// two locksets at the start of D.
2179///
2180/// \param EntrySet A lockset for entry into a (possibly new) block.
2181/// \param ExitSet The lockset on exiting a preceding block.
2182/// \param JoinLoc The location of the join point for error reporting
2183/// \param EntryLEK The warning if a mutex is missing from \p EntrySet.
2184/// \param ExitLEK The warning if a mutex is missing from \p ExitSet.
2185void ThreadSafetyAnalyzer::intersectAndWarn(FactSet &EntrySet,
2186 const FactSet &ExitSet,
2187 SourceLocation JoinLoc,
2188 LockErrorKind EntryLEK,
2189 LockErrorKind ExitLEK) {
2190 FactSet EntrySetOrig = EntrySet;
2191
2192 // Find locks in ExitSet that conflict or are not in EntrySet, and warn.
2193 for (const auto &Fact : ExitSet) {
2194 const FactEntry &ExitFact = FactMan[Fact];
2195
2196 FactSet::iterator EntryIt = EntrySet.findLockIter(FactMan, ExitFact);
2197 if (EntryIt != EntrySet.end()) {
2198 if (join(FactMan[*EntryIt], ExitFact,
2199 EntryLEK != LEK_LockedSomeLoopIterations))
2200 *EntryIt = Fact;
2201 } else if (!ExitFact.managed()) {
2202 ExitFact.handleRemovalFromIntersection(ExitSet, FactMan, JoinLoc,
2203 EntryLEK, Handler);
2204 }
2205 }
2206
2207 // Find locks in EntrySet that are not in ExitSet, and remove them.
2208 for (const auto &Fact : EntrySetOrig) {
2209 const FactEntry *EntryFact = &FactMan[Fact];
2210 const FactEntry *ExitFact = ExitSet.findLock(FactMan, *EntryFact);
2211
2212 if (!ExitFact) {
2213 if (!EntryFact->managed() || ExitLEK == LEK_LockedSomeLoopIterations)
2214 EntryFact->handleRemovalFromIntersection(EntrySetOrig, FactMan, JoinLoc,
2215 ExitLEK, Handler);
2216 if (ExitLEK == LEK_LockedSomePredecessors)
2217 EntrySet.removeLock(FactMan, *EntryFact);
2218 }
2219 }
2220}
2221
2222// Return true if block B never continues to its successors.
2223static bool neverReturns(const CFGBlock *B) {
2224 if (B->hasNoReturnElement())
2225 return true;
2226 if (B->empty())
2227 return false;
2228
2229 CFGElement Last = B->back();
2230 if (std::optional<CFGStmt> S = Last.getAs<CFGStmt>()) {
2231 if (isa<CXXThrowExpr>(S->getStmt()))
2232 return true;
2233 }
2234 return false;
2235}
2236
2237/// Check a function's CFG for thread-safety violations.
2238///
2239/// We traverse the blocks in the CFG, compute the set of mutexes that are held
2240/// at the end of each block, and issue warnings for thread safety violations.
2241/// Each block in the CFG is traversed exactly once.
2242void ThreadSafetyAnalyzer::runAnalysis(AnalysisDeclContext &AC) {
2243 // TODO: this whole function needs be rewritten as a visitor for CFGWalker.
2244 // For now, we just use the walker to set things up.
2245 threadSafety::CFGWalker walker;
2246 if (!walker.init(AC))
2247 return;
2248
2249 // AC.dumpCFG(true);
2250 // threadSafety::printSCFG(walker);
2251
2252 CFG *CFGraph = walker.getGraph();
2253 const NamedDecl *D = walker.getDecl();
2254 const auto *CurrentFunction = dyn_cast<FunctionDecl>(D);
2255 CurrentMethod = dyn_cast<CXXMethodDecl>(D);
2256
2257 if (D->hasAttr<NoThreadSafetyAnalysisAttr>())
2258 return;
2259
2260 // FIXME: Do something a bit more intelligent inside constructor and
2261 // destructor code. Constructors and destructors must assume unique access
2262 // to 'this', so checks on member variable access is disabled, but we should
2263 // still enable checks on other objects.
2264 if (isa<CXXConstructorDecl>(D))
2265 return; // Don't check inside constructors.
2266 if (isa<CXXDestructorDecl>(D))
2267 return; // Don't check inside destructors.
2268
2269 Handler.enterFunction(CurrentFunction);
2270
2271 BlockInfo.resize(CFGraph->getNumBlockIDs(),
2272 CFGBlockInfo::getEmptyBlockInfo(LocalVarMap));
2273
2274 // We need to explore the CFG via a "topological" ordering.
2275 // That way, we will be guaranteed to have information about required
2276 // predecessor locksets when exploring a new block.
2277 const PostOrderCFGView *SortedGraph = walker.getSortedGraph();
2278 PostOrderCFGView::CFGBlockSet VisitedBlocks(CFGraph);
2279
2280 CFGBlockInfo &Initial = BlockInfo[CFGraph->getEntry().getBlockID()];
2281 CFGBlockInfo &Final = BlockInfo[CFGraph->getExit().getBlockID()];
2282
2283 // Mark entry block as reachable
2284 Initial.Reachable = true;
2285
2286 // Compute SSA names for local variables
2287 LocalVarMap.traverseCFG(CFGraph, SortedGraph, BlockInfo);
2288
2289 // Fill in source locations for all CFGBlocks.
2290 findBlockLocations(CFGraph, SortedGraph, BlockInfo);
2291
2292 CapExprSet ExclusiveLocksAcquired;
2293 CapExprSet SharedLocksAcquired;
2294 CapExprSet LocksReleased;
2295
2296 // Add locks from exclusive_locks_required and shared_locks_required
2297 // to initial lockset. Also turn off checking for lock and unlock functions.
2298 // FIXME: is there a more intelligent way to check lock/unlock functions?
2299 if (!SortedGraph->empty() && D->hasAttrs()) {
2300 assert(*SortedGraph->begin() == &CFGraph->getEntry());
2301 FactSet &InitialLockset = Initial.EntrySet;
2302
2303 CapExprSet ExclusiveLocksToAdd;
2304 CapExprSet SharedLocksToAdd;
2305
2306 SourceLocation Loc = D->getLocation();
2307 for (const auto *Attr : D->attrs()) {
2308 Loc = Attr->getLocation();
2309 if (const auto *A = dyn_cast<RequiresCapabilityAttr>(Attr)) {
2310 getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
2311 nullptr, D);
2312 } else if (const auto *A = dyn_cast<ReleaseCapabilityAttr>(Attr)) {
2313 // UNLOCK_FUNCTION() is used to hide the underlying lock implementation.
2314 // We must ignore such methods.
2315 if (A->args_size() == 0)
2316 return;
2317 getMutexIDs(A->isShared() ? SharedLocksToAdd : ExclusiveLocksToAdd, A,
2318 nullptr, D);
2319 getMutexIDs(LocksReleased, A, nullptr, D);
2320 } else if (const auto *A = dyn_cast<AcquireCapabilityAttr>(Attr)) {
2321 if (A->args_size() == 0)
2322 return;
2323 getMutexIDs(A->isShared() ? SharedLocksAcquired
2324 : ExclusiveLocksAcquired,
2325 A, nullptr, D);
2326 } else if (isa<ExclusiveTrylockFunctionAttr>(Attr)) {
2327 // Don't try to check trylock functions for now.
2328 return;
2329 } else if (isa<SharedTrylockFunctionAttr>(Attr)) {
2330 // Don't try to check trylock functions for now.
2331 return;
2332 } else if (isa<TryAcquireCapabilityAttr>(Attr)) {
2333 // Don't try to check trylock functions for now.
2334 return;
2335 }
2336 }
2337
2338 // FIXME -- Loc can be wrong here.
2339 for (const auto &Mu : ExclusiveLocksToAdd) {
2340 auto Entry = std::make_unique<LockableFactEntry>(Mu, LK_Exclusive, Loc,
2341 FactEntry::Declared);
2342 addLock(InitialLockset, std::move(Entry), true);
2343 }
2344 for (const auto &Mu : SharedLocksToAdd) {
2345 auto Entry = std::make_unique<LockableFactEntry>(Mu, LK_Shared, Loc,
2346 FactEntry::Declared);
2347 addLock(InitialLockset, std::move(Entry), true);
2348 }
2349 }
2350
2351 for (const auto *CurrBlock : *SortedGraph) {
2352 unsigned CurrBlockID = CurrBlock->getBlockID();
2353 CFGBlockInfo *CurrBlockInfo = &BlockInfo[CurrBlockID];
2354
2355 // Use the default initial lockset in case there are no predecessors.
2356 VisitedBlocks.insert(CurrBlock);
2357
2358 // Iterate through the predecessor blocks and warn if the lockset for all
2359 // predecessors is not the same. We take the entry lockset of the current
2360 // block to be the intersection of all previous locksets.
2361 // FIXME: By keeping the intersection, we may output more errors in future
2362 // for a lock which is not in the intersection, but was in the union. We
2363 // may want to also keep the union in future. As an example, let's say
2364 // the intersection contains Mutex L, and the union contains L and M.
2365 // Later we unlock M. At this point, we would output an error because we
2366 // never locked M; although the real error is probably that we forgot to
2367 // lock M on all code paths. Conversely, let's say that later we lock M.
2368 // In this case, we should compare against the intersection instead of the
2369 // union because the real error is probably that we forgot to unlock M on
2370 // all code paths.
2371 bool LocksetInitialized = false;
2372 for (CFGBlock::const_pred_iterator PI = CurrBlock->pred_begin(),
2373 PE = CurrBlock->pred_end(); PI != PE; ++PI) {
2374 // if *PI -> CurrBlock is a back edge
2375 if (*PI == nullptr || !VisitedBlocks.alreadySet(*PI))
2376 continue;
2377
2378 unsigned PrevBlockID = (*PI)->getBlockID();
2379 CFGBlockInfo *PrevBlockInfo = &BlockInfo[PrevBlockID];
2380
2381 // Ignore edges from blocks that can't return.
2382 if (neverReturns(*PI) || !PrevBlockInfo->Reachable)
2383 continue;
2384
2385 // Okay, we can reach this block from the entry.
2386 CurrBlockInfo->Reachable = true;
2387
2388 FactSet PrevLockset;
2389 getEdgeLockset(PrevLockset, PrevBlockInfo->ExitSet, *PI, CurrBlock);
2390
2391 if (!LocksetInitialized) {
2392 CurrBlockInfo->EntrySet = PrevLockset;
2393 LocksetInitialized = true;
2394 } else {
2395 // Surprisingly 'continue' doesn't always produce back edges, because
2396 // the CFG has empty "transition" blocks where they meet with the end
2397 // of the regular loop body. We still want to diagnose them as loop.
2398 intersectAndWarn(
2399 CurrBlockInfo->EntrySet, PrevLockset, CurrBlockInfo->EntryLoc,
2400 isa_and_nonnull<ContinueStmt>((*PI)->getTerminatorStmt())
2401 ? LEK_LockedSomeLoopIterations
2402 : LEK_LockedSomePredecessors);
2403 }
2404 }
2405
2406 // Skip rest of block if it's not reachable.
2407 if (!CurrBlockInfo->Reachable)
2408 continue;
2409
2410 BuildLockset LocksetBuilder(this, *CurrBlockInfo);
2411
2412 // Visit all the statements in the basic block.
2413 for (const auto &BI : *CurrBlock) {
2414 switch (BI.getKind()) {
2415 case CFGElement::Statement: {
2416 CFGStmt CS = BI.castAs<CFGStmt>();
2417 LocksetBuilder.Visit(CS.getStmt());
2418 break;
2419 }
2420 // Ignore BaseDtor and MemberDtor for now.
2421 case CFGElement::AutomaticObjectDtor: {
2422 CFGAutomaticObjDtor AD = BI.castAs<CFGAutomaticObjDtor>();
2423 const auto *DD = AD.getDestructorDecl(AC.getASTContext());
2424 if (!DD->hasAttrs())
2425 break;
2426
2427 LocksetBuilder.handleCall(nullptr, DD,
2428 SxBuilder.createVariable(AD.getVarDecl()),
2429 AD.getTriggerStmt()->getEndLoc());
2430 break;
2431 }
2432
2433 case CFGElement::CleanupFunction: {
2434 const CFGCleanupFunction &CF = BI.castAs<CFGCleanupFunction>();
2435 LocksetBuilder.handleCall(/*Exp=*/nullptr, CF.getFunctionDecl(),
2436 SxBuilder.createVariable(CF.getVarDecl()),
2437 CF.getVarDecl()->getLocation());
2438 break;
2439 }
2440
2441 case CFGElement::TemporaryDtor: {
2442 auto TD = BI.castAs<CFGTemporaryDtor>();
2443
2444 // Clean up constructed object even if there are no attributes to
2445 // keep the number of objects in limbo as small as possible.
2446 if (auto Object = LocksetBuilder.ConstructedObjects.find(
2447 TD.getBindTemporaryExpr()->getSubExpr());
2448 Object != LocksetBuilder.ConstructedObjects.end()) {
2449 const auto *DD = TD.getDestructorDecl(AC.getASTContext());
2450 if (DD->hasAttrs())
2451 // TODO: the location here isn't quite correct.
2452 LocksetBuilder.handleCall(nullptr, DD, Object->second,
2453 TD.getBindTemporaryExpr()->getEndLoc());
2454 LocksetBuilder.ConstructedObjects.erase(Object);
2455 }
2456 break;
2457 }
2458 default:
2459 break;
2460 }
2461 }
2462 CurrBlockInfo->ExitSet = LocksetBuilder.FSet;
2463
2464 // For every back edge from CurrBlock (the end of the loop) to another block
2465 // (FirstLoopBlock) we need to check that the Lockset of Block is equal to
2466 // the one held at the beginning of FirstLoopBlock. We can look up the
2467 // Lockset held at the beginning of FirstLoopBlock in the EntryLockSets map.
2468 for (CFGBlock::const_succ_iterator SI = CurrBlock->succ_begin(),
2469 SE = CurrBlock->succ_end(); SI != SE; ++SI) {
2470 // if CurrBlock -> *SI is *not* a back edge
2471 if (*SI == nullptr || !VisitedBlocks.alreadySet(*SI))
2472 continue;
2473
2474 CFGBlock *FirstLoopBlock = *SI;
2475 CFGBlockInfo *PreLoop = &BlockInfo[FirstLoopBlock->getBlockID()];
2476 CFGBlockInfo *LoopEnd = &BlockInfo[CurrBlockID];
2477 intersectAndWarn(PreLoop->EntrySet, LoopEnd->ExitSet, PreLoop->EntryLoc,
2478 LEK_LockedSomeLoopIterations);
2479 }
2480 }
2481
2482 // Skip the final check if the exit block is unreachable.
2483 if (!Final.Reachable)
2484 return;
2485
2486 // By default, we expect all locks held on entry to be held on exit.
2487 FactSet ExpectedExitSet = Initial.EntrySet;
2488
2489 // Adjust the expected exit set by adding or removing locks, as declared
2490 // by *-LOCK_FUNCTION and UNLOCK_FUNCTION. The intersect below will then
2491 // issue the appropriate warning.
2492 // FIXME: the location here is not quite right.
2493 for (const auto &Lock : ExclusiveLocksAcquired)
2494 ExpectedExitSet.addLock(FactMan, std::make_unique<LockableFactEntry>(
2495 Lock, LK_Exclusive, D->getLocation()));
2496 for (const auto &Lock : SharedLocksAcquired)
2497 ExpectedExitSet.addLock(FactMan, std::make_unique<LockableFactEntry>(
2498 Lock, LK_Shared, D->getLocation()));
2499 for (const auto &Lock : LocksReleased)
2500 ExpectedExitSet.removeLock(FactMan, Lock);
2501
2502 // FIXME: Should we call this function for all blocks which exit the function?
2503 intersectAndWarn(ExpectedExitSet, Final.ExitSet, Final.ExitLoc,
2504 LEK_LockedAtEndOfFunction, LEK_NotLockedAtEndOfFunction);
2505
2506 Handler.leaveFunction(CurrentFunction);
2507}
2508
2509/// Check a function's CFG for thread-safety violations.
2510///
2511/// We traverse the blocks in the CFG, compute the set of mutexes that are held
2512/// at the end of each block, and issue warnings for thread safety violations.
2513/// Each block in the CFG is traversed exactly once.
2514void threadSafety::runThreadSafetyAnalysis(AnalysisDeclContext &AC,
2515 ThreadSafetyHandler &Handler,
2516 BeforeSet **BSet) {
2517 if (!*BSet)
2518 *BSet = new BeforeSet;
2519 ThreadSafetyAnalyzer Analyzer(Handler, *BSet);
2520 Analyzer.runAnalysis(AC);
2521}
2522
2523void threadSafety::threadSafetyCleanup(BeforeSet *Cache) { delete Cache; }
2524
2525/// Helper function that returns a LockKind required for the given level
2526/// of access.
2527LockKind threadSafety::getLockKindFromAccessKind(AccessKind AK) {
2528 switch (AK) {
2529 case AK_Read :
2530 return LK_Shared;
2531 case AK_Written :
2532 return LK_Exclusive;
2533 }
2534 llvm_unreachable("Unknown AccessKind");
2535}
P
StringRef P
Definition: ASTMatchersInternal.cpp:564
AnalysisDeclContext.h
This file defines AnalysisDeclContext, a class that manages the analysis context data for context sen...
Builtins.h
Defines enum values for all the target-independent builtin functions.
dump
static void dump(llvm::raw_ostream &OS, StringRef FunctionName, ArrayRef< CounterExpression > Expressions, ArrayRef< CounterMappingRegion > Regions)
Definition: CoverageMappingGen.cpp:1606
getKind
static Decl::Kind getKind(const Decl *D)
Definition: DeclBase.cpp:1048
DeclCXX.h
Defines the C++ Decl subclasses, other than those for templates (found in DeclTemplate....
ExprCXX.h
Defines the clang::Expr interface and subclasses for C++ expressions.
Visited
llvm::DenseSet< const void * > Visited
Definition: HTMLLogger.cpp:143
LLVM.h
Forward-declares and imports various common LLVM datatypes that clang wants to use unqualified.
OperatorKinds.h
Defines an enumeration for C++ overloaded operators.
toString
static std::string toString(const clang::SanitizerSet &Sanitizers)
Produce a string containing comma-separated names of sanitizers in Sanitizers set.
Definition: SanitizerArgs.cpp:1074
SourceLocation.h
Defines the clang::SourceLocation class and associated facilities.
Specifiers.h
Defines various enumerations that describe declaration and type specifiers.
warnInvalidLock
static void warnInvalidLock(ThreadSafetyHandler &Handler, const Expr *MutexExp, const NamedDecl *D, const Expr *DeclExp, StringRef Kind)
Issue a warning about an invalid lock expression.
Definition: ThreadSafety.cpp:68
getStaticBooleanValue
static bool getStaticBooleanValue(Expr *E, bool &TCond)
Definition: ThreadSafety.cpp:1381
neverReturns
static bool neverReturns(const CFGBlock *B)
Definition: ThreadSafety.cpp:2223
findBlockLocations
static void findBlockLocations(CFG *CFGraph, const PostOrderCFGView *SortedGraph, std::vector< CFGBlockInfo > &BlockInfo)
Find the appropriate source locations to use when producing diagnostics for each block in the CFG.
Definition: ThreadSafety.cpp:808
getValueDecl
static const ValueDecl * getValueDecl(const Expr *Exp)
Gets the value decl pointer from DeclRefExprs or MemberExprs.
Definition: ThreadSafety.cpp:1196
UnpackConstruction
static const Expr * UnpackConstruction(const Expr *E)
Definition: ThreadSafety.cpp:2095
Cache
TypePropertyCache< Private > Cache
Definition: Type.cpp:4166
Type.h
C Language Family Type Representation.
b
__device__ __2f16 b
Definition: __clang_hip_libdevice_declares.h:303
clang::AnalysisDeclContext
AnalysisDeclContext contains the context data for the function, method or block under analysis.
Definition: AnalysisDeclContext.h:72
clang::Attr
Attr - This represents one attribute.
Definition: Attr.h:40
clang::Attr::getKind
attr::Kind getKind() const
Definition: Attr.h:80
clang::Attr::getLocation
SourceLocation getLocation() const
Definition: Attr.h:87
clang::BinaryOperator
A builtin binary operation expression such as "x + y" or "x <= y".
Definition: Expr.h:3847
clang::BinaryOperator::getLHS
Expr * getLHS() const
Definition: Expr.h:3896
clang::BinaryOperator::getRHS
Expr * getRHS() const
Definition: Expr.h:3898
clang::BinaryOperator::isAssignmentOp
static bool isAssignmentOp(Opcode Opc)
Definition: Expr.h:3982
clang::BinaryOperator::getOpcode
Opcode getOpcode() const
Definition: Expr.h:3891
clang::CFGAutomaticObjDtor
Represents C++ object destructor implicitly generated for automatic object or temporary bound to cons...
Definition: CFG.h:417
clang::CFGAutomaticObjDtor::getVarDecl
const VarDecl * getVarDecl() const
Definition: CFG.h:422
clang::CFGAutomaticObjDtor::getTriggerStmt
const Stmt * getTriggerStmt() const
Definition: CFG.h:427
clang::CFGBlock
Represents a single basic block in a source-level CFG.
Definition: CFG.h:604
clang::CFGBlock::pred_end
pred_iterator pred_end()
Definition: CFG.h:966
clang::CFGBlock::succ_end
succ_iterator succ_end()
Definition: CFG.h:984
clang::CFGBlock::hasNoReturnElement
bool hasNoReturnElement() const
Definition: CFG.h:1100
clang::CFGBlock::back
CFGElement back() const
Definition: CFG.h:901
clang::CFGBlock::empty
bool empty() const
Definition: CFG.h:946
clang::CFGBlock::succ_begin
succ_iterator succ_begin()
Definition: CFG.h:983
clang::CFGBlock::getTerminatorStmt
Stmt * getTerminatorStmt()
Definition: CFG.h:1078
clang::CFGBlock::const_pred_iterator
AdjacentBlocks::const_iterator const_pred_iterator
Definition: CFG.h:952
clang::CFGBlock::pred_begin
pred_iterator pred_begin()
Definition: CFG.h:965
clang::CFGBlock::getBlockID
unsigned getBlockID() const
Definition: CFG.h:1102
clang::CFGBlock::getTerminatorCondition
Stmt * getTerminatorCondition(bool StripParens=true)
Definition: CFG.cpp:6266
clang::CFGBlock::const_succ_iterator
AdjacentBlocks::const_iterator const_succ_iterator
Definition: CFG.h:959
clang::CFGElement
Represents a top-level expression in a basic block.
Definition: CFG.h:55
clang::CFGElement::CleanupFunction
@ CleanupFunction
Definition: CFG.h:79
clang::CFGElement::AutomaticObjectDtor
@ AutomaticObjectDtor
Definition: CFG.h:72
clang::CFGElement::TemporaryDtor
@ TemporaryDtor
Definition: CFG.h:76
clang::CFGElement::castAs
T castAs() const
Convert to the specified CFGElement type, asserting that this CFGElement is of the desired type.
Definition: CFG.h:99
clang::CFGImplicitDtor::getDestructorDecl
const CXXDestructorDecl * getDestructorDecl(ASTContext &astContext) const
Definition: CFG.cpp:5291
clang::CFGStmt::getStmt
const Stmt * getStmt() const
Definition: CFG.h:138
clang::CFGTemporaryDtor
Represents C++ object destructor implicitly generated at the end of full expression for temporary obj...
Definition: CFG.h:510
clang::CFG
Represents a source-level, intra-procedural CFG that represents the control-flow of a Stmt.
Definition: CFG.h:1211
clang::CFG::getExit
CFGBlock & getExit()
Definition: CFG.h:1319
clang::CFG::getEntry
CFGBlock & getEntry()
Definition: CFG.h:1317
clang::CFG::getNumBlockIDs
unsigned getNumBlockIDs() const
Returns the total number of BlockIDs allocated (which start at 0).
Definition: CFG.h:1397
clang::CXXConstructExpr
Represents a call to a C++ constructor.
Definition: ExprCXX.h:1523
clang::CXXConstructExpr::arg_begin
arg_iterator arg_begin()
Definition: ExprCXX.h:1660
clang::CXXConstructExpr::getArg
Expr * getArg(unsigned Arg)
Return the specified argument.
Definition: ExprCXX.h:1674
clang::CXXConstructExpr::arg_end
arg_iterator arg_end()
Definition: ExprCXX.h:1661
clang::CXXConstructExpr::getConstructor
CXXConstructorDecl * getConstructor() const
Get the constructor that this expression will (ultimately) call.
Definition: ExprCXX.h:1595
clang::CXXConstructorDecl
Represents a C++ constructor within a class.
Definition: DeclCXX.h:2491
clang::CXXConstructorDecl::isCopyConstructor
bool isCopyConstructor(unsigned &TypeQuals) const
Whether this constructor is a copy constructor (C++ [class.copy]p2, which can be used to copy the cla...
Definition: DeclCXX.cpp:2696
clang::CXXMethodDecl
Represents a static or instance method of a struct/union/class.
Definition: DeclCXX.h:2035
clang::CallExpr
CallExpr - Represents a function call (C99 6.5.2.2, C++ [expr.call]).
Definition: Expr.h:2832
clang::CallExpr::arg_begin
arg_iterator arg_begin()
Definition: Expr.h:3076
clang::CallExpr::arg_end
arg_iterator arg_end()
Definition: Expr.h:3079
clang::CallExpr::getDirectCallee
FunctionDecl * getDirectCallee()
If the callee is a FunctionDecl, return it. Otherwise return null.
Definition: Expr.h:3002
clang::CallExpr::getCalleeDecl
Decl * getCalleeDecl()
Definition: Expr.h:2996
clang::CastExpr
CastExpr - Base class for type casts, including both implicit casts (ImplicitCastExpr) and explicit c...
Definition: Expr.h:3502
clang::CastExpr::getCastKind
CastKind getCastKind() const
Definition: Expr.h:3546
clang::CastExpr::getSubExpr
Expr * getSubExpr()
Definition: Expr.h:3552
clang::ConstStmtVisitor
ConstStmtVisitor - This class implements a simple visitor for Stmt subclasses.
Definition: StmtVisitor.h:194
clang::DeclStmt
DeclStmt - Adaptor class for mixing declarations with statements and expressions.
Definition: Stmt.h:1320
clang::Decl::hasAttrs
bool hasAttrs() const
Definition: DeclBase.h:502
clang::Decl::specific_attrs
llvm::iterator_range< specific_attr_iterator< T > > specific_attrs() const
Definition: DeclBase.h:542
clang::Decl::getLocation
SourceLocation getLocation() const
Definition: DeclBase.h:432
clang::Decl::isDefinedOutsideFunctionOrMethod
bool isDefinedOutsideFunctionOrMethod() const
isDefinedOutsideFunctionOrMethod - This predicate returns true if this scoped decl is defined outside...
Definition: DeclBase.h:917
clang::Decl::getDeclContext
DeclContext * getDeclContext()
Definition: DeclBase.h:441
clang::Decl::attrs
attr_range attrs() const
Definition: DeclBase.h:519
clang::Decl::hasAttr
bool hasAttr() const
Definition: DeclBase.h:560
clang::Expr
This represents one expression.
Definition: Expr.h:110
clang::Expr::IgnoreParenCasts
Expr * IgnoreParenCasts() LLVM_READONLY
Skip past any parentheses and casts which might surround this expression until reaching a fixed point...
Definition: Expr.cpp:3077
clang::Expr::IgnoreImplicit
Expr * IgnoreImplicit() LLVM_READONLY
Skip past any implicit AST nodes which might surround this expression until reaching a fixed point.
Definition: Expr.cpp:3060
clang::Expr::IgnoreParens
Expr * IgnoreParens() LLVM_READONLY
Skip past any parentheses which might surround this expression until reaching a fixed point.
Definition: Expr.cpp:3068
clang::Expr::isPRValue
bool isPRValue() const
Definition: Expr.h:272
clang::Expr::getExprLoc
SourceLocation getExprLoc() const LLVM_READONLY
getExprLoc - Return the preferred location for the arrow when diagnosing a problem with a generic exp...
Definition: Expr.cpp:330
clang::Expr::getType
QualType getType() const
Definition: Expr.h:142
clang::FunctionDecl
Represents a function declaration or definition.
Definition: Decl.h:1919
clang::FunctionDecl::parameters
ArrayRef< ParmVarDecl * > parameters() const
Definition: Decl.h:2603
clang::MaterializeTemporaryExpr
Represents a prvalue temporary that is written into memory so that a reference can bind to it.
Definition: ExprCXX.h:4577
clang::MaterializeTemporaryExpr::getSubExpr
Expr * getSubExpr() const
Retrieve the temporary-generating subexpression whose value will be materialized into a glvalue.
Definition: ExprCXX.h:4594
clang::MaterializeTemporaryExpr::getExtendingDecl
ValueDecl * getExtendingDecl()
Get the declaration which triggered the lifetime-extension of this temporary, if any.
Definition: ExprCXX.h:4627
clang::NamedDecl
This represents a decl that may have a name.
Definition: Decl.h:247
clang::NamedDecl::getName
StringRef getName() const
Get the name of identifier for this declaration as a StringRef.
Definition: Decl.h:274
clang::NamedDecl::getNameAsString
std::string getNameAsString() const
Get a human-readable name for the declaration, even if it is one of the special kinds of names (C++ c...
Definition: Decl.h:290
clang::NamedDecl::printName
virtual void printName(raw_ostream &OS, const PrintingPolicy &Policy) const
Pretty-print the unqualified name of this declaration.
Definition: Decl.cpp:1672
clang::PostOrderCFGView::CFGBlockSet
Implements a set of CFGBlocks using a BitVector.
Definition: PostOrderCFGView.h:37
clang::QualType
A (possibly-)qualified type.
Definition: Type.h:736
clang::QualType::isTrivialType
bool isTrivialType(const ASTContext &Context) const
Return true if this is a trivial type per (C++0x [basic.types]p9)
Definition: Type.cpp:2553
clang::SourceLocation
Encodes a location in the source.
Definition: SourceLocation.h:87
clang::SourceLocation::isValid
bool isValid() const
Return true if this is a valid SourceLocation object.
Definition: SourceLocation.h:111
clang::Stmt
Stmt - This represents one statement.
Definition: Stmt.h:72
clang::Stmt::getEndLoc
SourceLocation getEndLoc() const LLVM_READONLY
Definition: Stmt.cpp:349
clang::Stmt::dump
void dump() const
Dumps the specified AST fragment and all subtrees to llvm::errs().
Definition: ASTDumper.cpp:277
clang::TypePropertyCache
The type-property cache.
Definition: Type.cpp:4120
clang::Type::isReferenceType
bool isReferenceType() const
Definition: Type.h:7011
clang::Type::getAs
const T * getAs() const
Member-template getAs<specific type>'.
Definition: Type.h:7523
clang::UnaryOperator
UnaryOperator - This represents the unary-expression's (except sizeof and alignof),...
Definition: Expr.h:2195
clang::UnaryOperator::getSubExpr
Expr * getSubExpr() const
Definition: Expr.h:2240
clang::UnaryOperator::getOpcode
Opcode getOpcode() const
Definition: Expr.h:2235
clang::ValueDecl
Represent the declaration of a variable (in which case it is an lvalue) a function (in which case it ...
Definition: Decl.h:703
clang::ValueDecl::getType
QualType getType() const
Definition: Decl.h:714
clang::threadSafety::BeforeSet::checkBeforeAfter
void checkBeforeAfter(const ValueDecl *Vd, const FactSet &FSet, ThreadSafetyAnalyzer &Analyzer, SourceLocation Loc, StringRef CapKind)
Return true if any mutexes in FSet are in the acquired_before set of Vd.
Definition: ThreadSafety.cpp:1144
clang::threadSafety::BeforeSet::insertAttrExprs
BeforeInfo * insertAttrExprs(const ValueDecl *Vd, ThreadSafetyAnalyzer &Analyzer)
Process acquired_before and acquired_after attributes on Vd.
Definition: ThreadSafety.cpp:1076
clang::threadSafety::BeforeSet::getBeforeInfoForDecl
BeforeInfo * getBeforeInfoForDecl(const ValueDecl *Vd, ThreadSafetyAnalyzer &Analyzer)
Definition: ThreadSafety.cpp:1131
clang::threadSafety::CFGWalker::getSortedGraph
const PostOrderCFGView * getSortedGraph() const
Definition: ThreadSafetyCommon.h:261
clang::threadSafety::CFGWalker::getDecl
const NamedDecl * getDecl() const
Definition: ThreadSafetyCommon.h:257
clang::threadSafety::CFGWalker::init
bool init(AnalysisDeclContext &AC)
Definition: ThreadSafetyCommon.h:153
clang::threadSafety::CapabilityExpr::equals
bool equals(const CapabilityExpr &other) const
Definition: ThreadSafetyCommon.h:296
clang::threadSafety::CapabilityExpr::sexpr
const til::SExpr * sexpr() const
Definition: ThreadSafetyCommon.h:288
clang::threadSafety::CapabilityExpr::valueDecl
const ValueDecl * valueDecl() const
Definition: ThreadSafetyCommon.h:315
clang::threadSafety::ThreadSafetyHandler
Handler class for thread safety warnings.
Definition: ThreadSafety.h:93
clang::threadSafety::ThreadSafetyHandler::handleInvalidLockExp
virtual void handleInvalidLockExp(SourceLocation Loc)
Warn about lock expressions which fail to resolve to lockable objects.
Definition: ThreadSafety.h:102
clang::threadSafety::ThreadSafetyHandler::enterFunction
virtual void enterFunction(const FunctionDecl *FD)
Called by the analysis when starting analysis of a function.
Definition: ThreadSafety.h:229
clang::threadSafety::ThreadSafetyHandler::handleIncorrectUnlockKind
virtual void handleIncorrectUnlockKind(StringRef Kind, Name LockName, LockKind Expected, LockKind Received, SourceLocation LocLocked, SourceLocation LocUnlock)
Warn about an unlock function call that attempts to unlock a lock with the incorrect lock kind.
Definition: ThreadSafety.h:125
clang::threadSafety::ThreadSafetyHandler::leaveFunction
virtual void leaveFunction(const FunctionDecl *FD)
Called by the analysis when finishing analysis of a function.
Definition: ThreadSafety.h:232
clang::threadSafety::ThreadSafetyHandler::handleExclusiveAndShared
virtual void handleExclusiveAndShared(StringRef Kind, Name LockName, SourceLocation Loc1, SourceLocation Loc2)
Warn when a mutex is held exclusively and shared at the same point.
Definition: ThreadSafety.h:166
clang::threadSafety::ThreadSafetyHandler::handleMutexNotHeld
virtual void handleMutexNotHeld(StringRef Kind, const NamedDecl *D, ProtectedOperationKind POK, Name LockName, LockKind LK, SourceLocation Loc, Name *PossibleMatch=nullptr)
Warn when a protected operation occurs while the specific mutex protecting the operation is not locke...
Definition: ThreadSafety.h:187
clang::threadSafety::ThreadSafetyHandler::handleFunExcludesLock
virtual void handleFunExcludesLock(StringRef Kind, Name FunName, Name LockName, SourceLocation Loc)
Warn when a function is called while an excluded mutex is locked.
Definition: ThreadSafety.h:217
clang::threadSafety::ThreadSafetyHandler::handleNoMutexHeld
virtual void handleNoMutexHeld(const NamedDecl *D, ProtectedOperationKind POK, AccessKind AK, SourceLocation Loc)
Warn when a protected operation occurs while no locks are held.
Definition: ThreadSafety.h:175
clang::threadSafety::ThreadSafetyHandler::handleUnmatchedUnlock
virtual void handleUnmatchedUnlock(StringRef Kind, Name LockName, SourceLocation Loc, SourceLocation LocPreviousUnlock)
Warn about unlock function calls that do not have a prior matching lock expression.
Definition: ThreadSafety.h:111
clang::threadSafety::ThreadSafetyHandler::handleNegativeNotHeld
virtual void handleNegativeNotHeld(StringRef Kind, Name LockName, Name Neg, SourceLocation Loc)
Warn when acquiring a lock that the negative capability is not held.
Definition: ThreadSafety.h:199
clang::threadSafety::ThreadSafetyHandler::handleMutexHeldEndOfScope
virtual void handleMutexHeldEndOfScope(StringRef Kind, Name LockName, SourceLocation LocLocked, SourceLocation LocEndOfScope, LockErrorKind LEK)
Warn about situations where a mutex is sometimes held and sometimes not.
Definition: ThreadSafety.h:153
clang::threadSafety::ThreadSafetyHandler::handleDoubleLock
virtual void handleDoubleLock(StringRef Kind, Name LockName, SourceLocation LocLocked, SourceLocation LocDoubleLock)
Warn about lock function calls for locks which are already held.
Definition: ThreadSafety.h:136
clang::threadSafety::til::LiteralPtr
A Literal pointer to an object allocated in memory.
Definition: ThreadSafetyTIL.h:643
clang::threadSafety::til::SExpr
Base class for AST nodes in the typed intermediate language.
Definition: ThreadSafetyTIL.h:276
clang::ast_matchers::traverse
internal::Matcher< T > traverse(TraversalKind TK, const internal::Matcher< T > &InnerMatcher)
Causes all nested matchers to be matched with the specified traversal kind.
Definition: ASTMatchers.h:817
clang::diag::kind
unsigned kind
All of the diagnostics that can be emitted by the frontend.
Definition: DiagnosticIDs.h:66
clang::ento::ObjKind::CF
@ CF
Indicates that the tracked object is a CF object.
clang::interp::Dec
bool Dec(InterpState &S, CodePtr OpPC)
1) Pops a pointer from the stack 2) Load the value from the pointer 3) Writes the value decreased by ...
Definition: Interp.h:595
clang::interp::Neg
bool Neg(InterpState &S, CodePtr OpPC)
Definition: Interp.h:479
clang::threadSafety::sx::matches
bool matches(const til::SExpr *E1, const til::SExpr *E2)
Definition: ThreadSafetyCommon.h:69
clang::threadSafety::getLockKindFromAccessKind
LockKind getLockKindFromAccessKind(AccessKind AK)
Helper function that returns a LockKind required for the given level of access.
Definition: ThreadSafety.cpp:2527
clang::threadSafety::threadSafetyCleanup
void threadSafetyCleanup(BeforeSet *Cache)
Definition: ThreadSafety.cpp:2523
clang::threadSafety::AccessKind
AccessKind
This enum distinguishes between different ways to access (read or write) a variable.
Definition: ThreadSafety.h:69
clang::threadSafety::AK_Written
@ AK_Written
Writing a variable.
Definition: ThreadSafety.h:74
clang::threadSafety::AK_Read
@ AK_Read
Reading a variable.
Definition: ThreadSafety.h:71
clang::threadSafety::LockKind
LockKind
This enum distinguishes between different kinds of lock actions.
Definition: ThreadSafety.h:56
clang::threadSafety::LK_Shared
@ LK_Shared
Shared/reader lock of a mutex.
Definition: ThreadSafety.h:58
clang::threadSafety::LK_Exclusive
@ LK_Exclusive
Exclusive/writer lock of a mutex.
Definition: ThreadSafety.h:61
clang::threadSafety::LK_Generic
@ LK_Generic
Can be either Shared or Exclusive.
Definition: ThreadSafety.h:64
clang::threadSafety::runThreadSafetyAnalysis
void runThreadSafetyAnalysis(AnalysisDeclContext &AC, ThreadSafetyHandler &Handler, BeforeSet **Bset)
Check a function's CFG for thread-safety violations.
Definition: ThreadSafety.cpp:2514
clang::threadSafety::ProtectedOperationKind
ProtectedOperationKind
This enum distinguishes between different kinds of operations that may need to be protected by locks.
Definition: ThreadSafety.h:36
clang::threadSafety::POK_PtPassByRef
@ POK_PtPassByRef
Passing a pt-guarded variable by reference.
Definition: ThreadSafety.h:50
clang::threadSafety::POK_VarDereference
@ POK_VarDereference
Dereferencing a variable (e.g. p in *p = 5;)
Definition: ThreadSafety.h:38
clang::threadSafety::POK_PassByRef
@ POK_PassByRef
Passing a guarded variable by reference.
Definition: ThreadSafety.h:47
clang::threadSafety::POK_VarAccess
@ POK_VarAccess
Reading or writing a variable (e.g. x in x = 5;)
Definition: ThreadSafety.h:41
clang::threadSafety::POK_FunctionCall
@ POK_FunctionCall
Making a function call (e.g. fool())
Definition: ThreadSafety.h:44
clang::OverloadedOperatorKind
OverloadedOperatorKind
Enumeration specifying the different kinds of C++ overloaded operators.
Definition: OperatorKinds.h:21
clang::Language::C
@ C
Languages that the frontend can parse and compile.
clang::ObjCSubstitutionContext::Result
@ Result
The result type of a method or function.
bool
#define bool
Definition: stdbool.h:20
clang::Stmt::CastIterator
Iterator for iterating over Stmt * arrays that contain only T *.
Definition: Stmt.h:1139
Generated on Fri Sep 29 2023 23:43:04 for clang by doxygen 1.9.6