mirrors/llvm-project
0
0
Fork 0
mirror of https://github.com/llvm/llvm-project.git synced 2025-04-28 16:36:09 +00:00
Code Issues Projects Releases Wiki Activity
llvm-project/clang/lib/StaticAnalyzer/Checkers/WebKit/RefCntblBaseVirtualDtorChecker.cpp
Sirraide dde802b153
[Clang] [NFC] Refactor AST visitors in Sema and the static analyser to use DynamicRecursiveASTVisitor (#115144) 
This pr refactors all recursive AST visitors in `Sema`, `Analyze`, and
`StaticAnalysis` to inherit from DRAV instead. This is over half of the
visitors that inherit from RAV directly.

See also #115132, #110040, #93462

LLVM Compile-Time Tracker link for this branch:
https://llvm-compile-time-tracker.com/compare.php?from=5adb5c05a2e9f31385fbba8b0436cbc07d91a44d&to=b58e589a86c06ba28d4d90613864d10be29aa5ba&stat=instructions%3Au
2024-11-15 08:04:08 +01:00

423 lines
14 KiB
C++
Raw Blame History

//=======- RefCntblBaseVirtualDtor.cpp ---------------------------*- C++ -*-==//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
#include "ASTUtils.h"
#include "DiagOutputUtils.h"
#include "PtrTypesSemantics.h"
#include "clang/AST/CXXInheritance.h"
#include "clang/AST/DynamicRecursiveASTVisitor.h"
#include "clang/AST/StmtVisitor.h"
#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "llvm/ADT/DenseSet.h"
#include "llvm/ADT/SetVector.h"
#include <optional>
using namespace clang;
using namespace ento;
namespace {
class DerefFuncDeleteExprVisitor
: public ConstStmtVisitor<DerefFuncDeleteExprVisitor, bool> {
// Returns true if any of child statements return true.
bool VisitChildren(const Stmt *S) {
for (const Stmt *Child : S->children()) {
if (Child && Visit(Child))
return true;
}
return false;
}
bool VisitBody(const Stmt *Body) {
if (!Body)
return false;
auto [It, IsNew] = VisitedBody.insert(Body);
if (!IsNew) // This body is recursive
return false;
return Visit(Body);
}
public:
DerefFuncDeleteExprVisitor(const TemplateArgumentList &ArgList,
const CXXRecordDecl *ClassDecl)
: ArgList(&ArgList), ClassDecl(ClassDecl) {}
DerefFuncDeleteExprVisitor(const CXXRecordDecl *ClassDecl)
: ClassDecl(ClassDecl) {}
std::optional<bool> HasSpecializedDelete(CXXMethodDecl *Decl) {
if (auto *Body = Decl->getBody())
return VisitBody(Body);
if (Decl->getTemplateInstantiationPattern())
return std::nullopt; // Indeterminate. There was no concrete instance.
return false;
}
bool VisitCallExpr(const CallExpr *CE) {
const Decl *D = CE->getCalleeDecl();
if (D && D->hasBody())
return VisitBody(D->getBody());
else {
auto name = safeGetName(D);
if (name == "ensureOnMainThread" || name == "ensureOnMainRunLoop") {
for (unsigned i = 0; i < CE->getNumArgs(); ++i) {
auto *Arg = CE->getArg(i);
if (VisitLambdaArgument(Arg))
return true;
}
}
}
return false;
}
bool VisitLambdaArgument(const Expr *E) {
E = E->IgnoreParenCasts();
if (auto *TempE = dyn_cast<CXXBindTemporaryExpr>(E))
E = TempE->getSubExpr();
E = E->IgnoreParenCasts();
if (auto *Ref = dyn_cast<DeclRefExpr>(E)) {
if (auto *VD = dyn_cast_or_null<VarDecl>(Ref->getDecl()))
return VisitLambdaArgument(VD->getInit());
return false;
}
if (auto *Lambda = dyn_cast<LambdaExpr>(E)) {
if (VisitBody(Lambda->getBody()))
return true;
}
if (auto *ConstructE = dyn_cast<CXXConstructExpr>(E)) {
for (unsigned i = 0; i < ConstructE->getNumArgs(); ++i) {
if (VisitLambdaArgument(ConstructE->getArg(i)))
return true;
}
}
return false;
}
bool VisitCXXDeleteExpr(const CXXDeleteExpr *E) {
auto *Arg = E->getArgument();
while (Arg) {
if (auto *Paren = dyn_cast<ParenExpr>(Arg))
Arg = Paren->getSubExpr();
else if (auto *Cast = dyn_cast<CastExpr>(Arg)) {
Arg = Cast->getSubExpr();
auto CastType = Cast->getType();
if (auto *PtrType = dyn_cast<PointerType>(CastType)) {
auto PointeeType = PtrType->getPointeeType();
while (auto *ET = dyn_cast<ElaboratedType>(PointeeType)) {
if (ET->isSugared())
PointeeType = ET->desugar();
}
if (auto *ParmType = dyn_cast<TemplateTypeParmType>(PointeeType)) {
if (ArgList) {
auto ParmIndex = ParmType->getIndex();
auto Type = ArgList->get(ParmIndex).getAsType();
if (Type->getAsCXXRecordDecl() == ClassDecl)
return true;
}
} else if (auto *RD = dyn_cast<RecordType>(PointeeType)) {
if (RD->getDecl() == ClassDecl)
return true;
} else if (auto *ST =
dyn_cast<SubstTemplateTypeParmType>(PointeeType)) {
auto Type = ST->getReplacementType();
if (auto *RD = dyn_cast<RecordType>(Type)) {
if (RD->getDecl() == ClassDecl)
return true;
}
}
}
} else
break;
}
return false;
}
bool VisitStmt(const Stmt *S) { return VisitChildren(S); }
// Return false since the contents of lambda isn't necessarily executed.
// If it is executed, VisitCallExpr above will visit its body.
bool VisitLambdaExpr(const LambdaExpr *) { return false; }
private:
const TemplateArgumentList *ArgList{nullptr};
const CXXRecordDecl *ClassDecl;
llvm::DenseSet<const Stmt *> VisitedBody;
};
class RefCntblBaseVirtualDtorChecker
: public Checker<check::ASTDecl<TranslationUnitDecl>> {
private:
BugType Bug;
mutable BugReporter *BR;
public:
RefCntblBaseVirtualDtorChecker()
: Bug(this,
"Reference-countable base class doesn't have virtual destructor",
"WebKit coding guidelines") {}
void checkASTDecl(const TranslationUnitDecl *TUD, AnalysisManager &MGR,
BugReporter &BRArg) const {
BR = &BRArg;
// The calls to checkAST* from AnalysisConsumer don't
// visit template instantiations or lambda classes. We
// want to visit those, so we make our own RecursiveASTVisitor.
struct LocalVisitor : DynamicRecursiveASTVisitor {
const RefCntblBaseVirtualDtorChecker *Checker;
explicit LocalVisitor(const RefCntblBaseVirtualDtorChecker *Checker)
: Checker(Checker) {
assert(Checker);
ShouldVisitTemplateInstantiations = true;
ShouldVisitImplicitCode = false;
}
bool VisitCXXRecordDecl(CXXRecordDecl *RD) override {
if (!RD->hasDefinition())
return true;
Decls.insert(RD);
for (auto &Base : RD->bases()) {
const auto AccSpec = Base.getAccessSpecifier();
if (AccSpec == AS_protected || AccSpec == AS_private ||
(AccSpec == AS_none && RD->isClass()))
continue;
QualType T = Base.getType();
if (T.isNull())
continue;
const CXXRecordDecl *C = T->getAsCXXRecordDecl();
if (!C)
continue;
if (auto *CTSD = dyn_cast<ClassTemplateSpecializationDecl>(C)) {
for (auto &Arg : CTSD->getTemplateArgs().asArray()) {
if (Arg.getKind() != TemplateArgument::Type)
continue;
auto TemplT = Arg.getAsType();
if (TemplT.isNull())
continue;
bool IsCRTP = TemplT->getAsCXXRecordDecl() == RD;
if (!IsCRTP)
continue;
CRTPs.insert(C);
}
}
}
return true;
}
llvm::SetVector<const CXXRecordDecl *> Decls;
llvm::DenseSet<const CXXRecordDecl *> CRTPs;
};
LocalVisitor visitor(this);
visitor.TraverseDecl(const_cast<TranslationUnitDecl *>(TUD));
for (auto *RD : visitor.Decls) {
if (visitor.CRTPs.contains(RD))
continue;
visitCXXRecordDecl(RD);
}
}
void visitCXXRecordDecl(const CXXRecordDecl *RD) const {
if (shouldSkipDecl(RD))
return;
for (auto &Base : RD->bases()) {
const auto AccSpec = Base.getAccessSpecifier();
if (AccSpec == AS_protected || AccSpec == AS_private ||
(AccSpec == AS_none && RD->isClass()))
continue;
auto hasRefInBase = clang::hasPublicMethodInBase(&Base, "ref");
auto hasDerefInBase = clang::hasPublicMethodInBase(&Base, "deref");
bool hasRef = hasRefInBase && *hasRefInBase != nullptr;
bool hasDeref = hasDerefInBase && *hasDerefInBase != nullptr;
QualType T = Base.getType();
if (T.isNull())
continue;
const CXXRecordDecl *C = T->getAsCXXRecordDecl();
if (!C)
continue;
bool AnyInconclusiveBase = false;
const auto hasPublicRefInBase =
[&AnyInconclusiveBase](const CXXBaseSpecifier *Base, CXXBasePath &) {
auto hasRefInBase = clang::hasPublicMethodInBase(Base, "ref");
if (!hasRefInBase) {
AnyInconclusiveBase = true;
return false;
}
return (*hasRefInBase) != nullptr;
};
const auto hasPublicDerefInBase =
[&AnyInconclusiveBase](const CXXBaseSpecifier *Base, CXXBasePath &) {
auto hasDerefInBase = clang::hasPublicMethodInBase(Base, "deref");
if (!hasDerefInBase) {
AnyInconclusiveBase = true;
return false;
}
return (*hasDerefInBase) != nullptr;
};
CXXBasePaths Paths;
Paths.setOrigin(C);
hasRef = hasRef || C->lookupInBases(hasPublicRefInBase, Paths,
/*LookupInDependent =*/true);
hasDeref = hasDeref || C->lookupInBases(hasPublicDerefInBase, Paths,
/*LookupInDependent =*/true);
if (AnyInconclusiveBase || !hasRef || !hasDeref)
continue;
auto HasSpecializedDelete = isClassWithSpecializedDelete(C, RD);
if (!HasSpecializedDelete || *HasSpecializedDelete)
continue;
if (C->lookupInBases(
[&](const CXXBaseSpecifier *Base, CXXBasePath &) {
auto *T = Base->getType().getTypePtrOrNull();
if (!T)
return false;
auto *R = T->getAsCXXRecordDecl();
if (!R)
return false;
auto Result = isClassWithSpecializedDelete(R, RD);
if (!Result)
AnyInconclusiveBase = true;
return Result && *Result;
},
Paths, /*LookupInDependent =*/true))
continue;
if (AnyInconclusiveBase)
continue;
const auto *Dtor = C->getDestructor();
if (!Dtor || !Dtor->isVirtual()) {
auto *ProblematicBaseSpecifier = &Base;
auto *ProblematicBaseClass = C;
reportBug(RD, ProblematicBaseSpecifier, ProblematicBaseClass);
}
}
}
bool shouldSkipDecl(const CXXRecordDecl *RD) const {
if (!RD->isThisDeclarationADefinition())
return true;
if (RD->isImplicit())
return true;
if (RD->isLambda())
return true;
// If the construct doesn't have a source file, then it's not something
// we want to diagnose.
const auto RDLocation = RD->getLocation();
if (!RDLocation.isValid())
return true;
const auto Kind = RD->getTagKind();
if (Kind != TagTypeKind::Struct && Kind != TagTypeKind::Class)
return true;
// Ignore CXXRecords that come from system headers.
if (BR->getSourceManager().getFileCharacteristic(RDLocation) !=
SrcMgr::C_User)
return true;
return false;
}
static bool isRefCountedClass(const CXXRecordDecl *D) {
if (!D->getTemplateInstantiationPattern())
return false;
auto *NsDecl = D->getParent();
if (!NsDecl || !isa<NamespaceDecl>(NsDecl))
return false;
auto NamespaceName = safeGetName(NsDecl);
auto ClsNameStr = safeGetName(D);
StringRef ClsName = ClsNameStr; // FIXME: Make safeGetName return StringRef.
return NamespaceName == "WTF" &&
(ClsName.ends_with("RefCounted") ||
ClsName == "ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr");
}
static std::optional<bool>
isClassWithSpecializedDelete(const CXXRecordDecl *C,
const CXXRecordDecl *DerivedClass) {
if (auto *ClsTmplSpDecl = dyn_cast<ClassTemplateSpecializationDecl>(C)) {
for (auto *MethodDecl : C->methods()) {
if (safeGetName(MethodDecl) == "deref") {
DerefFuncDeleteExprVisitor Visitor(ClsTmplSpDecl->getTemplateArgs(),
DerivedClass);
auto Result = Visitor.HasSpecializedDelete(MethodDecl);
if (!Result || *Result)
return Result;
}
}
return false;
}
for (auto *MethodDecl : C->methods()) {
if (safeGetName(MethodDecl) == "deref") {
DerefFuncDeleteExprVisitor Visitor(DerivedClass);
auto Result = Visitor.HasSpecializedDelete(MethodDecl);
if (!Result || *Result)
return Result;
}
}
return false;
}
void reportBug(const CXXRecordDecl *DerivedClass,
const CXXBaseSpecifier *BaseSpec,
const CXXRecordDecl *ProblematicBaseClass) const {
assert(DerivedClass);
assert(BaseSpec);
assert(ProblematicBaseClass);
SmallString<100> Buf;
llvm::raw_svector_ostream Os(Buf);
Os << (ProblematicBaseClass->isClass() ? "Class" : "Struct") << " ";
printQuotedQualifiedName(Os, ProblematicBaseClass);
Os << " is used as a base of "
<< (DerivedClass->isClass() ? "class" : "struct") << " ";
printQuotedQualifiedName(Os, DerivedClass);
Os << " but doesn't have virtual destructor";
PathDiagnosticLocation BSLoc(BaseSpec->getSourceRange().getBegin(),
BR->getSourceManager());
auto Report = std::make_unique<BasicBugReport>(Bug, Os.str(), BSLoc);
Report->addRange(BaseSpec->getSourceRange());
BR->emitReport(std::move(Report));
}
};
} // namespace
void ento::registerRefCntblBaseVirtualDtorChecker(CheckerManager &Mgr) {
Mgr.registerChecker<RefCntblBaseVirtualDtorChecker>();
}
bool ento::shouldRegisterRefCntblBaseVirtualDtorChecker(
const CheckerManager &mgr) {
return true;
}
Reference in New Issue View Git Blame Copy Permalink