1fec1a442SValeriy Savchenko //===- CalledOnceCheck.cpp - Check 'called once' parameters ---------------===// 2fec1a442SValeriy Savchenko // 3fec1a442SValeriy Savchenko // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4fec1a442SValeriy Savchenko // See https://llvm.org/LICENSE.txt for license information. 5fec1a442SValeriy Savchenko // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6fec1a442SValeriy Savchenko // 7fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 8fec1a442SValeriy Savchenko 9fec1a442SValeriy Savchenko #include "clang/Analysis/Analyses/CalledOnceCheck.h" 10f1a7d5a7SValeriy Savchenko #include "clang/AST/ASTContext.h" 11fec1a442SValeriy Savchenko #include "clang/AST/Attr.h" 12fec1a442SValeriy Savchenko #include "clang/AST/Decl.h" 13fec1a442SValeriy Savchenko #include "clang/AST/DeclBase.h" 14*dde802b1SSirraide #include "clang/AST/DynamicRecursiveASTVisitor.h" 15fec1a442SValeriy Savchenko #include "clang/AST/Expr.h" 16fec1a442SValeriy Savchenko #include "clang/AST/ExprObjC.h" 17fec1a442SValeriy Savchenko #include "clang/AST/OperationKinds.h" 18fec1a442SValeriy Savchenko #include "clang/AST/ParentMap.h" 19fec1a442SValeriy Savchenko #include "clang/AST/Stmt.h" 20fec1a442SValeriy Savchenko #include "clang/AST/StmtObjC.h" 21fec1a442SValeriy Savchenko #include "clang/AST/StmtVisitor.h" 22fec1a442SValeriy Savchenko #include "clang/AST/Type.h" 23fec1a442SValeriy Savchenko #include "clang/Analysis/AnalysisDeclContext.h" 24fec1a442SValeriy Savchenko #include "clang/Analysis/CFG.h" 25fec1a442SValeriy Savchenko #include "clang/Analysis/FlowSensitive/DataflowWorklist.h" 26d1522d34SValeriy Savchenko #include "clang/Basic/Builtins.h" 27fec1a442SValeriy Savchenko #include "clang/Basic/IdentifierTable.h" 28fec1a442SValeriy Savchenko #include "clang/Basic/LLVM.h" 29fec1a442SValeriy Savchenko #include "llvm/ADT/BitVector.h" 30fec1a442SValeriy Savchenko #include "llvm/ADT/BitmaskEnum.h" 31fec1a442SValeriy Savchenko #include "llvm/ADT/PointerIntPair.h" 32fec1a442SValeriy Savchenko #include "llvm/ADT/STLExtras.h" 33fec1a442SValeriy Savchenko #include "llvm/ADT/Sequence.h" 34fec1a442SValeriy Savchenko #include "llvm/ADT/SmallVector.h" 35fec1a442SValeriy Savchenko #include "llvm/ADT/StringRef.h" 36fec1a442SValeriy Savchenko #include "llvm/Support/Casting.h" 37fec1a442SValeriy Savchenko #include "llvm/Support/Compiler.h" 38fec1a442SValeriy Savchenko #include "llvm/Support/ErrorHandling.h" 39fec1a442SValeriy Savchenko #include <memory> 40a1580d7bSKazu Hirata #include <optional> 41fec1a442SValeriy Savchenko 42fec1a442SValeriy Savchenko using namespace clang; 43fec1a442SValeriy Savchenko 44fec1a442SValeriy Savchenko namespace { 45fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_MAX_NUMBER_OF_PARAMS = 2; 46fec1a442SValeriy Savchenko template <class T> 47fec1a442SValeriy Savchenko using ParamSizedVector = llvm::SmallVector<T, EXPECTED_MAX_NUMBER_OF_PARAMS>; 48fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_NUMBER_OF_BASIC_BLOCKS = 8; 49fec1a442SValeriy Savchenko template <class T> 50fec1a442SValeriy Savchenko using CFGSizedVector = llvm::SmallVector<T, EXPECTED_NUMBER_OF_BASIC_BLOCKS>; 51fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_NAMES[] = { 5259112eacSValeriy Savchenko "completionHandler", "completion", "withCompletionHandler", 5359112eacSValeriy Savchenko "withCompletion", "completionBlock", "withCompletionBlock", 5459112eacSValeriy Savchenko "replyTo", "reply", "withReplyTo"}; 55fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_SUFFIXES[] = { 5659112eacSValeriy Savchenko "WithCompletionHandler", "WithCompletion", "WithCompletionBlock", 5759112eacSValeriy Savchenko "WithReplyTo", "WithReply"}; 58fec1a442SValeriy Savchenko constexpr llvm::StringLiteral CONVENTIONAL_CONDITIONS[] = { 59fec1a442SValeriy Savchenko "error", "cancel", "shouldCall", "done", "OK", "success"}; 60fec1a442SValeriy Savchenko 61f1a7d5a7SValeriy Savchenko struct KnownCalledOnceParameter { 62f1a7d5a7SValeriy Savchenko llvm::StringLiteral FunctionName; 63f1a7d5a7SValeriy Savchenko unsigned ParamIndex; 64f1a7d5a7SValeriy Savchenko }; 65f1a7d5a7SValeriy Savchenko constexpr KnownCalledOnceParameter KNOWN_CALLED_ONCE_PARAMETERS[] = { 668b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_async"}, 1}, 678b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_async_and_wait"}, 1}, 688b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_after"}, 2}, 698b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_sync"}, 1}, 708b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_once"}, 1}, 718b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_async"}, 1}, 728b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_async_and_wait"}, 1}, 738b8b9af8SValeriy Savchenko {llvm::StringLiteral{"dispatch_barrier_sync"}, 1}}; 74f1a7d5a7SValeriy Savchenko 75fec1a442SValeriy Savchenko class ParameterStatus { 76fec1a442SValeriy Savchenko public: 77fec1a442SValeriy Savchenko // Status kind is basically the main part of parameter's status. 78fec1a442SValeriy Savchenko // The kind represents our knowledge (so far) about a tracked parameter 79fec1a442SValeriy Savchenko // in the context of this analysis. 80fec1a442SValeriy Savchenko // 81fec1a442SValeriy Savchenko // Since we want to report on missing and extraneous calls, we need to 82fec1a442SValeriy Savchenko // track the fact whether paramater was called or not. This automatically 83fec1a442SValeriy Savchenko // decides two kinds: `NotCalled` and `Called`. 84fec1a442SValeriy Savchenko // 85fec1a442SValeriy Savchenko // One of the erroneous situations is the case when parameter is called only 86fec1a442SValeriy Savchenko // on some of the paths. We could've considered it `NotCalled`, but we want 87fec1a442SValeriy Savchenko // to report double call warnings even if these two calls are not guaranteed 88fec1a442SValeriy Savchenko // to happen in every execution. We also don't want to have it as `Called` 89fec1a442SValeriy Savchenko // because not calling tracked parameter on all of the paths is an error 90fec1a442SValeriy Savchenko // on its own. For these reasons, we need to have a separate kind, 91fec1a442SValeriy Savchenko // `MaybeCalled`, and change `Called` to `DefinitelyCalled` to avoid 92fec1a442SValeriy Savchenko // confusion. 93fec1a442SValeriy Savchenko // 94fec1a442SValeriy Savchenko // Two violations of calling parameter more than once and not calling it on 95fec1a442SValeriy Savchenko // every path are not, however, mutually exclusive. In situations where both 96fec1a442SValeriy Savchenko // violations take place, we prefer to report ONLY double call. It's always 97fec1a442SValeriy Savchenko // harder to pinpoint a bug that has arisen when a user neglects to take the 98fec1a442SValeriy Savchenko // right action (and therefore, no action is taken), than when a user takes 99fec1a442SValeriy Savchenko // the wrong action. And, in order to remember that we already reported 100fec1a442SValeriy Savchenko // a double call, we need another kind: `Reported`. 101fec1a442SValeriy Savchenko // 102fec1a442SValeriy Savchenko // Our analysis is intra-procedural and, while in the perfect world, 103fec1a442SValeriy Savchenko // developers only use tracked parameters to call them, in the real world, 104fec1a442SValeriy Savchenko // the picture might be different. Parameters can be stored in global 105fec1a442SValeriy Savchenko // variables or leaked into other functions that we know nothing about. 106fec1a442SValeriy Savchenko // We try to be lenient and trust users. Another kind `Escaped` reflects 107fec1a442SValeriy Savchenko // such situations. We don't know if it gets called there or not, but we 108fec1a442SValeriy Savchenko // should always think of `Escaped` as the best possible option. 109fec1a442SValeriy Savchenko // 110fec1a442SValeriy Savchenko // Some of the paths in the analyzed functions might end with a call 111fec1a442SValeriy Savchenko // to noreturn functions. Such paths are not required to have parameter 112fec1a442SValeriy Savchenko // calls and we want to track that. For the purposes of better diagnostics, 113fec1a442SValeriy Savchenko // we don't want to reuse `Escaped` and, thus, have another kind `NoReturn`. 114fec1a442SValeriy Savchenko // 115fec1a442SValeriy Savchenko // Additionally, we have `NotVisited` kind that tells us nothing about 116fec1a442SValeriy Savchenko // a tracked parameter, but is used for tracking analyzed (aka visited) 117fec1a442SValeriy Savchenko // basic blocks. 118fec1a442SValeriy Savchenko // 119fec1a442SValeriy Savchenko // If we consider `|` to be a JOIN operation of two kinds coming from 120fec1a442SValeriy Savchenko // two different paths, the following properties must hold: 121fec1a442SValeriy Savchenko // 122fec1a442SValeriy Savchenko // 1. for any Kind K: K | K == K 123fec1a442SValeriy Savchenko // Joining two identical kinds should result in the same kind. 124fec1a442SValeriy Savchenko // 125fec1a442SValeriy Savchenko // 2. for any Kind K: Reported | K == Reported 126fec1a442SValeriy Savchenko // Doesn't matter on which path it was reported, it still is. 127fec1a442SValeriy Savchenko // 128fec1a442SValeriy Savchenko // 3. for any Kind K: NoReturn | K == K 129fec1a442SValeriy Savchenko // We can totally ignore noreturn paths during merges. 130fec1a442SValeriy Savchenko // 131fec1a442SValeriy Savchenko // 4. DefinitelyCalled | NotCalled == MaybeCalled 132fec1a442SValeriy Savchenko // Called on one path, not called on another - that's simply 133fec1a442SValeriy Savchenko // a definition for MaybeCalled. 134fec1a442SValeriy Savchenko // 135fec1a442SValeriy Savchenko // 5. for any Kind K in [DefinitelyCalled, NotCalled, MaybeCalled]: 136fec1a442SValeriy Savchenko // Escaped | K == K 137fec1a442SValeriy Savchenko // Escaped mirrors other statuses after joins. 138fec1a442SValeriy Savchenko // Every situation, when we join any of the listed kinds K, 139fec1a442SValeriy Savchenko // is a violation. For this reason, in order to assume the 140fec1a442SValeriy Savchenko // best outcome for this escape, we consider it to be the 141fec1a442SValeriy Savchenko // same as the other path. 142fec1a442SValeriy Savchenko // 143fec1a442SValeriy Savchenko // 6. for any Kind K in [DefinitelyCalled, NotCalled]: 144fec1a442SValeriy Savchenko // MaybeCalled | K == MaybeCalled 145fec1a442SValeriy Savchenko // MaybeCalled should basically stay after almost every join. 146fec1a442SValeriy Savchenko enum Kind { 147fec1a442SValeriy Savchenko // No-return paths should be absolutely transparent for the analysis. 148fec1a442SValeriy Savchenko // 0x0 is the identity element for selected join operation (binary or). 149fec1a442SValeriy Savchenko NoReturn = 0x0, /* 0000 */ 150fec1a442SValeriy Savchenko // Escaped marks situations when marked parameter escaped into 151fec1a442SValeriy Savchenko // another function (so we can assume that it was possibly called there). 152fec1a442SValeriy Savchenko Escaped = 0x1, /* 0001 */ 153fec1a442SValeriy Savchenko // Parameter was definitely called once at this point. 154fec1a442SValeriy Savchenko DefinitelyCalled = 0x3, /* 0011 */ 155fec1a442SValeriy Savchenko // Kinds less or equal to NON_ERROR_STATUS are not considered errors. 156fec1a442SValeriy Savchenko NON_ERROR_STATUS = DefinitelyCalled, 157fec1a442SValeriy Savchenko // Parameter was not yet called. 158fec1a442SValeriy Savchenko NotCalled = 0x5, /* 0101 */ 159fec1a442SValeriy Savchenko // Parameter was not called at least on one path leading to this point, 160fec1a442SValeriy Savchenko // while there is also at least one path that it gets called. 161fec1a442SValeriy Savchenko MaybeCalled = 0x7, /* 0111 */ 162fec1a442SValeriy Savchenko // Parameter was not yet analyzed. 163fec1a442SValeriy Savchenko NotVisited = 0x8, /* 1000 */ 164fec1a442SValeriy Savchenko // We already reported a violation and stopped tracking calls for this 165fec1a442SValeriy Savchenko // parameter. 1662a068507SZiqing Luo Reported = 0xF, /* 1111 */ 167fec1a442SValeriy Savchenko LLVM_MARK_AS_BITMASK_ENUM(/* LargestValue = */ Reported) 168fec1a442SValeriy Savchenko }; 169fec1a442SValeriy Savchenko 170fec1a442SValeriy Savchenko constexpr ParameterStatus() = default; 171fec1a442SValeriy Savchenko /* implicit */ ParameterStatus(Kind K) : StatusKind(K) { 172fec1a442SValeriy Savchenko assert(!seenAnyCalls(K) && "Can't initialize status without a call"); 173fec1a442SValeriy Savchenko } 174fec1a442SValeriy Savchenko ParameterStatus(Kind K, const Expr *Call) : StatusKind(K), Call(Call) { 175fec1a442SValeriy Savchenko assert(seenAnyCalls(K) && "This kind is not supposed to have a call"); 176fec1a442SValeriy Savchenko } 177fec1a442SValeriy Savchenko 178fec1a442SValeriy Savchenko const Expr &getCall() const { 179fec1a442SValeriy Savchenko assert(seenAnyCalls(getKind()) && "ParameterStatus doesn't have a call"); 180fec1a442SValeriy Savchenko return *Call; 181fec1a442SValeriy Savchenko } 182fec1a442SValeriy Savchenko static bool seenAnyCalls(Kind K) { 183fec1a442SValeriy Savchenko return (K & DefinitelyCalled) == DefinitelyCalled && K != Reported; 184fec1a442SValeriy Savchenko } 185fec1a442SValeriy Savchenko bool seenAnyCalls() const { return seenAnyCalls(getKind()); } 186fec1a442SValeriy Savchenko 187fec1a442SValeriy Savchenko static bool isErrorStatus(Kind K) { return K > NON_ERROR_STATUS; } 188fec1a442SValeriy Savchenko bool isErrorStatus() const { return isErrorStatus(getKind()); } 189fec1a442SValeriy Savchenko 190fec1a442SValeriy Savchenko Kind getKind() const { return StatusKind; } 191fec1a442SValeriy Savchenko 192fec1a442SValeriy Savchenko void join(const ParameterStatus &Other) { 193fec1a442SValeriy Savchenko // If we have a pointer already, let's keep it. 194fec1a442SValeriy Savchenko // For the purposes of the analysis, it doesn't really matter 195fec1a442SValeriy Savchenko // which call we report. 196fec1a442SValeriy Savchenko // 197fec1a442SValeriy Savchenko // If we don't have a pointer, let's take whatever gets joined. 198fec1a442SValeriy Savchenko if (!Call) { 199fec1a442SValeriy Savchenko Call = Other.Call; 200fec1a442SValeriy Savchenko } 201fec1a442SValeriy Savchenko // Join kinds. 202fec1a442SValeriy Savchenko StatusKind |= Other.getKind(); 203fec1a442SValeriy Savchenko } 204fec1a442SValeriy Savchenko 205fec1a442SValeriy Savchenko bool operator==(const ParameterStatus &Other) const { 206fec1a442SValeriy Savchenko // We compare only kinds, pointers on their own is only additional 207fec1a442SValeriy Savchenko // information. 208fec1a442SValeriy Savchenko return getKind() == Other.getKind(); 209fec1a442SValeriy Savchenko } 210fec1a442SValeriy Savchenko 211fec1a442SValeriy Savchenko private: 212fec1a442SValeriy Savchenko // It would've been a perfect place to use llvm::PointerIntPair, but 213fec1a442SValeriy Savchenko // unfortunately NumLowBitsAvailable for clang::Expr had been reduced to 2. 214fec1a442SValeriy Savchenko Kind StatusKind = NotVisited; 215fec1a442SValeriy Savchenko const Expr *Call = nullptr; 216fec1a442SValeriy Savchenko }; 217fec1a442SValeriy Savchenko 218fec1a442SValeriy Savchenko /// State aggregates statuses of all tracked parameters. 219fec1a442SValeriy Savchenko class State { 220fec1a442SValeriy Savchenko public: 221fec1a442SValeriy Savchenko State(unsigned Size, ParameterStatus::Kind K = ParameterStatus::NotVisited) 222fec1a442SValeriy Savchenko : ParamData(Size, K) {} 223fec1a442SValeriy Savchenko 224fec1a442SValeriy Savchenko /// Return status of a parameter with the given index. 225fec1a442SValeriy Savchenko /// \{ 226fec1a442SValeriy Savchenko ParameterStatus &getStatusFor(unsigned Index) { return ParamData[Index]; } 227fec1a442SValeriy Savchenko const ParameterStatus &getStatusFor(unsigned Index) const { 228fec1a442SValeriy Savchenko return ParamData[Index]; 229fec1a442SValeriy Savchenko } 230fec1a442SValeriy Savchenko /// \} 231fec1a442SValeriy Savchenko 232fec1a442SValeriy Savchenko /// Return true if parameter with the given index can be called. 233fec1a442SValeriy Savchenko bool seenAnyCalls(unsigned Index) const { 234fec1a442SValeriy Savchenko return getStatusFor(Index).seenAnyCalls(); 235fec1a442SValeriy Savchenko } 236fec1a442SValeriy Savchenko /// Return a reference that we consider a call. 237fec1a442SValeriy Savchenko /// 238fec1a442SValeriy Savchenko /// Should only be used for parameters that can be called. 239fec1a442SValeriy Savchenko const Expr &getCallFor(unsigned Index) const { 240fec1a442SValeriy Savchenko return getStatusFor(Index).getCall(); 241fec1a442SValeriy Savchenko } 242fec1a442SValeriy Savchenko /// Return status kind of parameter with the given index. 243fec1a442SValeriy Savchenko ParameterStatus::Kind getKindFor(unsigned Index) const { 244fec1a442SValeriy Savchenko return getStatusFor(Index).getKind(); 245fec1a442SValeriy Savchenko } 246fec1a442SValeriy Savchenko 247fec1a442SValeriy Savchenko bool isVisited() const { 248fec1a442SValeriy Savchenko return llvm::all_of(ParamData, [](const ParameterStatus &S) { 249fec1a442SValeriy Savchenko return S.getKind() != ParameterStatus::NotVisited; 250fec1a442SValeriy Savchenko }); 251fec1a442SValeriy Savchenko } 252fec1a442SValeriy Savchenko 253fec1a442SValeriy Savchenko // Join other state into the current state. 254fec1a442SValeriy Savchenko void join(const State &Other) { 255fec1a442SValeriy Savchenko assert(ParamData.size() == Other.ParamData.size() && 256fec1a442SValeriy Savchenko "Couldn't join statuses with different sizes"); 257fec1a442SValeriy Savchenko for (auto Pair : llvm::zip(ParamData, Other.ParamData)) { 258fec1a442SValeriy Savchenko std::get<0>(Pair).join(std::get<1>(Pair)); 259fec1a442SValeriy Savchenko } 260fec1a442SValeriy Savchenko } 261fec1a442SValeriy Savchenko 262fec1a442SValeriy Savchenko using iterator = ParamSizedVector<ParameterStatus>::iterator; 263fec1a442SValeriy Savchenko using const_iterator = ParamSizedVector<ParameterStatus>::const_iterator; 264fec1a442SValeriy Savchenko 265fec1a442SValeriy Savchenko iterator begin() { return ParamData.begin(); } 266fec1a442SValeriy Savchenko iterator end() { return ParamData.end(); } 267fec1a442SValeriy Savchenko 268fec1a442SValeriy Savchenko const_iterator begin() const { return ParamData.begin(); } 269fec1a442SValeriy Savchenko const_iterator end() const { return ParamData.end(); } 270fec1a442SValeriy Savchenko 271fec1a442SValeriy Savchenko bool operator==(const State &Other) const { 272fec1a442SValeriy Savchenko return ParamData == Other.ParamData; 273fec1a442SValeriy Savchenko } 274fec1a442SValeriy Savchenko 275fec1a442SValeriy Savchenko private: 276fec1a442SValeriy Savchenko ParamSizedVector<ParameterStatus> ParamData; 277fec1a442SValeriy Savchenko }; 278fec1a442SValeriy Savchenko 279fec1a442SValeriy Savchenko /// A simple class that finds DeclRefExpr in the given expression. 280fec1a442SValeriy Savchenko /// 281fec1a442SValeriy Savchenko /// However, we don't want to find ANY nested DeclRefExpr skipping whatever 282fec1a442SValeriy Savchenko /// expressions on our way. Only certain expressions considered "no-op" 283fec1a442SValeriy Savchenko /// for our task are indeed skipped. 284fec1a442SValeriy Savchenko class DeclRefFinder 285fec1a442SValeriy Savchenko : public ConstStmtVisitor<DeclRefFinder, const DeclRefExpr *> { 286fec1a442SValeriy Savchenko public: 287fec1a442SValeriy Savchenko /// Find a DeclRefExpr in the given expression. 288fec1a442SValeriy Savchenko /// 289fec1a442SValeriy Savchenko /// In its most basic form (ShouldRetrieveFromComparisons == false), 290fec1a442SValeriy Savchenko /// this function can be simply reduced to the following question: 291fec1a442SValeriy Savchenko /// 292fec1a442SValeriy Savchenko /// - If expression E is used as a function argument, could we say 293fec1a442SValeriy Savchenko /// that DeclRefExpr nested in E is used as an argument? 294fec1a442SValeriy Savchenko /// 295fec1a442SValeriy Savchenko /// According to this rule, we can say that parens, casts and dereferencing 296fec1a442SValeriy Savchenko /// (dereferencing only applied to function pointers, but this is our case) 297fec1a442SValeriy Savchenko /// can be skipped. 298fec1a442SValeriy Savchenko /// 299fec1a442SValeriy Savchenko /// When we should look into comparisons the question changes to: 300fec1a442SValeriy Savchenko /// 301fec1a442SValeriy Savchenko /// - If expression E is used as a condition, could we say that 302fec1a442SValeriy Savchenko /// DeclRefExpr is being checked? 303fec1a442SValeriy Savchenko /// 304fec1a442SValeriy Savchenko /// And even though, these are two different questions, they have quite a lot 305fec1a442SValeriy Savchenko /// in common. Actually, we can say that whatever expression answers 306fec1a442SValeriy Savchenko /// positively the first question also fits the second question as well. 307fec1a442SValeriy Savchenko /// 308fec1a442SValeriy Savchenko /// In addition, we skip binary operators == and !=, and unary opeartor !. 309fec1a442SValeriy Savchenko static const DeclRefExpr *find(const Expr *E, 310fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) { 311fec1a442SValeriy Savchenko return DeclRefFinder(ShouldRetrieveFromComparisons).Visit(E); 312fec1a442SValeriy Savchenko } 313fec1a442SValeriy Savchenko 314fec1a442SValeriy Savchenko const DeclRefExpr *VisitDeclRefExpr(const DeclRefExpr *DR) { return DR; } 315fec1a442SValeriy Savchenko 316fec1a442SValeriy Savchenko const DeclRefExpr *VisitUnaryOperator(const UnaryOperator *UO) { 317fec1a442SValeriy Savchenko switch (UO->getOpcode()) { 318fec1a442SValeriy Savchenko case UO_LNot: 319fec1a442SValeriy Savchenko // We care about logical not only if we care about comparisons. 320fec1a442SValeriy Savchenko if (!ShouldRetrieveFromComparisons) 321fec1a442SValeriy Savchenko return nullptr; 3223f18f7c0SFangrui Song [[fallthrough]]; 323fec1a442SValeriy Savchenko // Function pointer/references can be dereferenced before a call. 324fec1a442SValeriy Savchenko // That doesn't make it, however, any different from a regular call. 325fec1a442SValeriy Savchenko // For this reason, dereference operation is a "no-op". 326fec1a442SValeriy Savchenko case UO_Deref: 327fec1a442SValeriy Savchenko return Visit(UO->getSubExpr()); 328fec1a442SValeriy Savchenko default: 329fec1a442SValeriy Savchenko return nullptr; 330fec1a442SValeriy Savchenko } 331fec1a442SValeriy Savchenko } 332fec1a442SValeriy Savchenko 333fec1a442SValeriy Savchenko const DeclRefExpr *VisitBinaryOperator(const BinaryOperator *BO) { 334fec1a442SValeriy Savchenko if (!ShouldRetrieveFromComparisons) 335fec1a442SValeriy Savchenko return nullptr; 336fec1a442SValeriy Savchenko 337fec1a442SValeriy Savchenko switch (BO->getOpcode()) { 338fec1a442SValeriy Savchenko case BO_EQ: 339fec1a442SValeriy Savchenko case BO_NE: { 340fec1a442SValeriy Savchenko const DeclRefExpr *LHS = Visit(BO->getLHS()); 341fec1a442SValeriy Savchenko return LHS ? LHS : Visit(BO->getRHS()); 342fec1a442SValeriy Savchenko } 343fec1a442SValeriy Savchenko default: 344fec1a442SValeriy Savchenko return nullptr; 345fec1a442SValeriy Savchenko } 346fec1a442SValeriy Savchenko } 347fec1a442SValeriy Savchenko 348fec1a442SValeriy Savchenko const DeclRefExpr *VisitOpaqueValueExpr(const OpaqueValueExpr *OVE) { 349fec1a442SValeriy Savchenko return Visit(OVE->getSourceExpr()); 350fec1a442SValeriy Savchenko } 351fec1a442SValeriy Savchenko 352d1522d34SValeriy Savchenko const DeclRefExpr *VisitCallExpr(const CallExpr *CE) { 353d1522d34SValeriy Savchenko if (!ShouldRetrieveFromComparisons) 354d1522d34SValeriy Savchenko return nullptr; 355d1522d34SValeriy Savchenko 356d1522d34SValeriy Savchenko // We want to see through some of the boolean builtin functions 357d1522d34SValeriy Savchenko // that we are likely to see in conditions. 358d1522d34SValeriy Savchenko switch (CE->getBuiltinCallee()) { 359d1522d34SValeriy Savchenko case Builtin::BI__builtin_expect: 360d1522d34SValeriy Savchenko case Builtin::BI__builtin_expect_with_probability: { 361d1522d34SValeriy Savchenko assert(CE->getNumArgs() >= 2); 362d1522d34SValeriy Savchenko 363d1522d34SValeriy Savchenko const DeclRefExpr *Candidate = Visit(CE->getArg(0)); 364d1522d34SValeriy Savchenko return Candidate != nullptr ? Candidate : Visit(CE->getArg(1)); 365d1522d34SValeriy Savchenko } 366d1522d34SValeriy Savchenko 367d1522d34SValeriy Savchenko case Builtin::BI__builtin_unpredictable: 368d1522d34SValeriy Savchenko return Visit(CE->getArg(0)); 369d1522d34SValeriy Savchenko 370d1522d34SValeriy Savchenko default: 371d1522d34SValeriy Savchenko return nullptr; 372d1522d34SValeriy Savchenko } 373d1522d34SValeriy Savchenko } 374d1522d34SValeriy Savchenko 375fec1a442SValeriy Savchenko const DeclRefExpr *VisitExpr(const Expr *E) { 376fec1a442SValeriy Savchenko // It is a fallback method that gets called whenever the actual type 377fec1a442SValeriy Savchenko // of the given expression is not covered. 378fec1a442SValeriy Savchenko // 379fec1a442SValeriy Savchenko // We first check if we have anything to skip. And then repeat the whole 380fec1a442SValeriy Savchenko // procedure for a nested expression instead. 381fec1a442SValeriy Savchenko const Expr *DeclutteredExpr = E->IgnoreParenCasts(); 382fec1a442SValeriy Savchenko return E != DeclutteredExpr ? Visit(DeclutteredExpr) : nullptr; 383fec1a442SValeriy Savchenko } 384fec1a442SValeriy Savchenko 385fec1a442SValeriy Savchenko private: 386fec1a442SValeriy Savchenko DeclRefFinder(bool ShouldRetrieveFromComparisons) 387fec1a442SValeriy Savchenko : ShouldRetrieveFromComparisons(ShouldRetrieveFromComparisons) {} 388fec1a442SValeriy Savchenko 389fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons; 390fec1a442SValeriy Savchenko }; 391fec1a442SValeriy Savchenko 392fec1a442SValeriy Savchenko const DeclRefExpr *findDeclRefExpr(const Expr *In, 393fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) { 394fec1a442SValeriy Savchenko return DeclRefFinder::find(In, ShouldRetrieveFromComparisons); 395fec1a442SValeriy Savchenko } 396fec1a442SValeriy Savchenko 397fec1a442SValeriy Savchenko const ParmVarDecl * 398fec1a442SValeriy Savchenko findReferencedParmVarDecl(const Expr *In, 399fec1a442SValeriy Savchenko bool ShouldRetrieveFromComparisons = false) { 400fec1a442SValeriy Savchenko if (const DeclRefExpr *DR = 401fec1a442SValeriy Savchenko findDeclRefExpr(In, ShouldRetrieveFromComparisons)) { 402fec1a442SValeriy Savchenko return dyn_cast<ParmVarDecl>(DR->getDecl()); 403fec1a442SValeriy Savchenko } 404fec1a442SValeriy Savchenko 405fec1a442SValeriy Savchenko return nullptr; 406fec1a442SValeriy Savchenko } 407fec1a442SValeriy Savchenko 408fec1a442SValeriy Savchenko /// Return conditions expression of a statement if it has one. 409fec1a442SValeriy Savchenko const Expr *getCondition(const Stmt *S) { 410fec1a442SValeriy Savchenko if (!S) { 411fec1a442SValeriy Savchenko return nullptr; 412fec1a442SValeriy Savchenko } 413fec1a442SValeriy Savchenko 414fec1a442SValeriy Savchenko if (const auto *If = dyn_cast<IfStmt>(S)) { 415fec1a442SValeriy Savchenko return If->getCond(); 416fec1a442SValeriy Savchenko } 417fec1a442SValeriy Savchenko if (const auto *Ternary = dyn_cast<AbstractConditionalOperator>(S)) { 418fec1a442SValeriy Savchenko return Ternary->getCond(); 419fec1a442SValeriy Savchenko } 420fec1a442SValeriy Savchenko 421fec1a442SValeriy Savchenko return nullptr; 422fec1a442SValeriy Savchenko } 423fec1a442SValeriy Savchenko 424fec1a442SValeriy Savchenko /// A small helper class that collects all named identifiers in the given 425fec1a442SValeriy Savchenko /// expression. It traverses it recursively, so names from deeper levels 426fec1a442SValeriy Savchenko /// of the AST will end up in the results. 427fec1a442SValeriy Savchenko /// Results might have duplicate names, if this is a problem, convert to 428fec1a442SValeriy Savchenko /// string sets afterwards. 429*dde802b1SSirraide class NamesCollector : public DynamicRecursiveASTVisitor { 430fec1a442SValeriy Savchenko public: 431fec1a442SValeriy Savchenko static constexpr unsigned EXPECTED_NUMBER_OF_NAMES = 5; 432fec1a442SValeriy Savchenko using NameCollection = 433fec1a442SValeriy Savchenko llvm::SmallVector<llvm::StringRef, EXPECTED_NUMBER_OF_NAMES>; 434fec1a442SValeriy Savchenko 435fec1a442SValeriy Savchenko static NameCollection collect(const Expr *From) { 436fec1a442SValeriy Savchenko NamesCollector Impl; 437fec1a442SValeriy Savchenko Impl.TraverseStmt(const_cast<Expr *>(From)); 438fec1a442SValeriy Savchenko return Impl.Result; 439fec1a442SValeriy Savchenko } 440fec1a442SValeriy Savchenko 441*dde802b1SSirraide bool VisitDeclRefExpr(DeclRefExpr *E) override { 442fec1a442SValeriy Savchenko Result.push_back(E->getDecl()->getName()); 443fec1a442SValeriy Savchenko return true; 444fec1a442SValeriy Savchenko } 445fec1a442SValeriy Savchenko 446*dde802b1SSirraide bool VisitObjCPropertyRefExpr(ObjCPropertyRefExpr *E) override { 447fec1a442SValeriy Savchenko llvm::StringRef Name; 448fec1a442SValeriy Savchenko 449fec1a442SValeriy Savchenko if (E->isImplicitProperty()) { 450fec1a442SValeriy Savchenko ObjCMethodDecl *PropertyMethodDecl = nullptr; 451fec1a442SValeriy Savchenko if (E->isMessagingGetter()) { 452fec1a442SValeriy Savchenko PropertyMethodDecl = E->getImplicitPropertyGetter(); 453fec1a442SValeriy Savchenko } else { 454fec1a442SValeriy Savchenko PropertyMethodDecl = E->getImplicitPropertySetter(); 455fec1a442SValeriy Savchenko } 456fec1a442SValeriy Savchenko assert(PropertyMethodDecl && 457fec1a442SValeriy Savchenko "Implicit property must have associated declaration"); 458fec1a442SValeriy Savchenko Name = PropertyMethodDecl->getSelector().getNameForSlot(0); 459fec1a442SValeriy Savchenko } else { 460fec1a442SValeriy Savchenko assert(E->isExplicitProperty()); 461fec1a442SValeriy Savchenko Name = E->getExplicitProperty()->getName(); 462fec1a442SValeriy Savchenko } 463fec1a442SValeriy Savchenko 464fec1a442SValeriy Savchenko Result.push_back(Name); 465fec1a442SValeriy Savchenko return true; 466fec1a442SValeriy Savchenko } 467fec1a442SValeriy Savchenko 468fec1a442SValeriy Savchenko private: 469fec1a442SValeriy Savchenko NamesCollector() = default; 470fec1a442SValeriy Savchenko NameCollection Result; 471fec1a442SValeriy Savchenko }; 472fec1a442SValeriy Savchenko 473fec1a442SValeriy Savchenko /// Check whether the given expression mentions any of conventional names. 474fec1a442SValeriy Savchenko bool mentionsAnyOfConventionalNames(const Expr *E) { 475fec1a442SValeriy Savchenko NamesCollector::NameCollection MentionedNames = NamesCollector::collect(E); 476fec1a442SValeriy Savchenko 477fec1a442SValeriy Savchenko return llvm::any_of(MentionedNames, [](llvm::StringRef ConditionName) { 478fec1a442SValeriy Savchenko return llvm::any_of( 479fec1a442SValeriy Savchenko CONVENTIONAL_CONDITIONS, 480fec1a442SValeriy Savchenko [ConditionName](const llvm::StringLiteral &Conventional) { 481e5c7c171SMartin Storsjö return ConditionName.contains_insensitive(Conventional); 482fec1a442SValeriy Savchenko }); 483fec1a442SValeriy Savchenko }); 484fec1a442SValeriy Savchenko } 485fec1a442SValeriy Savchenko 486fec1a442SValeriy Savchenko /// Clarification is a simple pair of a reason why parameter is not called 487fec1a442SValeriy Savchenko /// on every path and a statement to blame. 488fec1a442SValeriy Savchenko struct Clarification { 489fec1a442SValeriy Savchenko NeverCalledReason Reason; 490fec1a442SValeriy Savchenko const Stmt *Location; 491fec1a442SValeriy Savchenko }; 492fec1a442SValeriy Savchenko 493fec1a442SValeriy Savchenko /// A helper class that can produce a clarification based on the given pair 494fec1a442SValeriy Savchenko /// of basic blocks. 495fec1a442SValeriy Savchenko class NotCalledClarifier 496fec1a442SValeriy Savchenko : public ConstStmtVisitor<NotCalledClarifier, 4976ad0788cSKazu Hirata std::optional<Clarification>> { 498fec1a442SValeriy Savchenko public: 499fec1a442SValeriy Savchenko /// The main entrypoint for the class, the function that tries to find the 500fec1a442SValeriy Savchenko /// clarification of how to explain which sub-path starts with a CFG edge 501fec1a442SValeriy Savchenko /// from Conditional to SuccWithoutCall. 502fec1a442SValeriy Savchenko /// 503fec1a442SValeriy Savchenko /// This means that this function has one precondition: 504fec1a442SValeriy Savchenko /// SuccWithoutCall should be a successor block for Conditional. 505fec1a442SValeriy Savchenko /// 506fec1a442SValeriy Savchenko /// Because clarification is not needed for non-trivial pairs of blocks 507fec1a442SValeriy Savchenko /// (i.e. SuccWithoutCall is not the only successor), it returns meaningful 508fec1a442SValeriy Savchenko /// results only for such cases. For this very reason, the parent basic 509fec1a442SValeriy Savchenko /// block, Conditional, is named that way, so it is clear what kind of 510fec1a442SValeriy Savchenko /// block is expected. 5116ad0788cSKazu Hirata static std::optional<Clarification> clarify(const CFGBlock *Conditional, 5126ad0788cSKazu Hirata const CFGBlock *SuccWithoutCall) { 513fec1a442SValeriy Savchenko if (const Stmt *Terminator = Conditional->getTerminatorStmt()) { 514fec1a442SValeriy Savchenko return NotCalledClarifier{Conditional, SuccWithoutCall}.Visit(Terminator); 515fec1a442SValeriy Savchenko } 51634e0d057SKazu Hirata return std::nullopt; 517fec1a442SValeriy Savchenko } 518fec1a442SValeriy Savchenko 5196ad0788cSKazu Hirata std::optional<Clarification> VisitIfStmt(const IfStmt *If) { 520fec1a442SValeriy Savchenko return VisitBranchingBlock(If, NeverCalledReason::IfThen); 521fec1a442SValeriy Savchenko } 522fec1a442SValeriy Savchenko 5236ad0788cSKazu Hirata std::optional<Clarification> 524fec1a442SValeriy Savchenko VisitAbstractConditionalOperator(const AbstractConditionalOperator *Ternary) { 525fec1a442SValeriy Savchenko return VisitBranchingBlock(Ternary, NeverCalledReason::IfThen); 526fec1a442SValeriy Savchenko } 527fec1a442SValeriy Savchenko 5286ad0788cSKazu Hirata std::optional<Clarification> VisitSwitchStmt(const SwitchStmt *Switch) { 529fec1a442SValeriy Savchenko const Stmt *CaseToBlame = SuccInQuestion->getLabel(); 530fec1a442SValeriy Savchenko if (!CaseToBlame) { 531fec1a442SValeriy Savchenko // If interesting basic block is not labeled, it means that this 532fec1a442SValeriy Savchenko // basic block does not represent any of the cases. 533fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::SwitchSkipped, Switch}; 534fec1a442SValeriy Savchenko } 535fec1a442SValeriy Savchenko 536fec1a442SValeriy Savchenko for (const SwitchCase *Case = Switch->getSwitchCaseList(); Case; 537fec1a442SValeriy Savchenko Case = Case->getNextSwitchCase()) { 538fec1a442SValeriy Savchenko if (Case == CaseToBlame) { 539fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::Switch, Case}; 540fec1a442SValeriy Savchenko } 541fec1a442SValeriy Savchenko } 542fec1a442SValeriy Savchenko 543fec1a442SValeriy Savchenko llvm_unreachable("Found unexpected switch structure"); 544fec1a442SValeriy Savchenko } 545fec1a442SValeriy Savchenko 5466ad0788cSKazu Hirata std::optional<Clarification> VisitForStmt(const ForStmt *For) { 547fec1a442SValeriy Savchenko return VisitBranchingBlock(For, NeverCalledReason::LoopEntered); 548fec1a442SValeriy Savchenko } 549fec1a442SValeriy Savchenko 5506ad0788cSKazu Hirata std::optional<Clarification> VisitWhileStmt(const WhileStmt *While) { 551fec1a442SValeriy Savchenko return VisitBranchingBlock(While, NeverCalledReason::LoopEntered); 552fec1a442SValeriy Savchenko } 553fec1a442SValeriy Savchenko 5546ad0788cSKazu Hirata std::optional<Clarification> 555fec1a442SValeriy Savchenko VisitBranchingBlock(const Stmt *Terminator, NeverCalledReason DefaultReason) { 556fec1a442SValeriy Savchenko assert(Parent->succ_size() == 2 && 557fec1a442SValeriy Savchenko "Branching block should have exactly two successors"); 558fec1a442SValeriy Savchenko unsigned SuccessorIndex = getSuccessorIndex(Parent, SuccInQuestion); 559fec1a442SValeriy Savchenko NeverCalledReason ActualReason = 560fec1a442SValeriy Savchenko updateForSuccessor(DefaultReason, SuccessorIndex); 561fec1a442SValeriy Savchenko return Clarification{ActualReason, Terminator}; 562fec1a442SValeriy Savchenko } 563fec1a442SValeriy Savchenko 5646ad0788cSKazu Hirata std::optional<Clarification> VisitBinaryOperator(const BinaryOperator *) { 565fec1a442SValeriy Savchenko // We don't want to report on short-curcuit logical operations. 56634e0d057SKazu Hirata return std::nullopt; 567fec1a442SValeriy Savchenko } 568fec1a442SValeriy Savchenko 5696ad0788cSKazu Hirata std::optional<Clarification> VisitStmt(const Stmt *Terminator) { 570fec1a442SValeriy Savchenko // If we got here, we didn't have a visit function for more derived 571fec1a442SValeriy Savchenko // classes of statement that this terminator actually belongs to. 572fec1a442SValeriy Savchenko // 573fec1a442SValeriy Savchenko // This is not a good scenario and should not happen in practice, but 574fec1a442SValeriy Savchenko // at least we'll warn the user. 575fec1a442SValeriy Savchenko return Clarification{NeverCalledReason::FallbackReason, Terminator}; 576fec1a442SValeriy Savchenko } 577fec1a442SValeriy Savchenko 578fec1a442SValeriy Savchenko static unsigned getSuccessorIndex(const CFGBlock *Parent, 579fec1a442SValeriy Savchenko const CFGBlock *Child) { 580fec1a442SValeriy Savchenko CFGBlock::const_succ_iterator It = llvm::find(Parent->succs(), Child); 581fec1a442SValeriy Savchenko assert(It != Parent->succ_end() && 582fec1a442SValeriy Savchenko "Given blocks should be in parent-child relationship"); 583fec1a442SValeriy Savchenko return It - Parent->succ_begin(); 584fec1a442SValeriy Savchenko } 585fec1a442SValeriy Savchenko 586fec1a442SValeriy Savchenko static NeverCalledReason 587fec1a442SValeriy Savchenko updateForSuccessor(NeverCalledReason ReasonForTrueBranch, 588fec1a442SValeriy Savchenko unsigned SuccessorIndex) { 589fec1a442SValeriy Savchenko assert(SuccessorIndex <= 1); 590fec1a442SValeriy Savchenko unsigned RawReason = 591fec1a442SValeriy Savchenko static_cast<unsigned>(ReasonForTrueBranch) + SuccessorIndex; 592fec1a442SValeriy Savchenko assert(RawReason <= 593fec1a442SValeriy Savchenko static_cast<unsigned>(NeverCalledReason::LARGEST_VALUE)); 594fec1a442SValeriy Savchenko return static_cast<NeverCalledReason>(RawReason); 595fec1a442SValeriy Savchenko } 596fec1a442SValeriy Savchenko 597fec1a442SValeriy Savchenko private: 598fec1a442SValeriy Savchenko NotCalledClarifier(const CFGBlock *Parent, const CFGBlock *SuccInQuestion) 599fec1a442SValeriy Savchenko : Parent(Parent), SuccInQuestion(SuccInQuestion) {} 600fec1a442SValeriy Savchenko 601fec1a442SValeriy Savchenko const CFGBlock *Parent, *SuccInQuestion; 602fec1a442SValeriy Savchenko }; 603fec1a442SValeriy Savchenko 604fec1a442SValeriy Savchenko class CalledOnceChecker : public ConstStmtVisitor<CalledOnceChecker> { 605fec1a442SValeriy Savchenko public: 606fec1a442SValeriy Savchenko static void check(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler, 607fec1a442SValeriy Savchenko bool CheckConventionalParameters) { 608fec1a442SValeriy Savchenko CalledOnceChecker(AC, Handler, CheckConventionalParameters).check(); 609fec1a442SValeriy Savchenko } 610fec1a442SValeriy Savchenko 611fec1a442SValeriy Savchenko private: 612fec1a442SValeriy Savchenko CalledOnceChecker(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler, 613fec1a442SValeriy Savchenko bool CheckConventionalParameters) 614fec1a442SValeriy Savchenko : FunctionCFG(*AC.getCFG()), AC(AC), Handler(Handler), 615fec1a442SValeriy Savchenko CheckConventionalParameters(CheckConventionalParameters), 616fec1a442SValeriy Savchenko CurrentState(0) { 617fec1a442SValeriy Savchenko initDataStructures(); 618a032a4e7SYang Fan assert((size() == 0 || !States.empty()) && 619a032a4e7SYang Fan "Data structures are inconsistent"); 620fec1a442SValeriy Savchenko } 621fec1a442SValeriy Savchenko 622fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 623fec1a442SValeriy Savchenko // Initializing functions 624fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 625fec1a442SValeriy Savchenko 626fec1a442SValeriy Savchenko void initDataStructures() { 627fec1a442SValeriy Savchenko const Decl *AnalyzedDecl = AC.getDecl(); 628fec1a442SValeriy Savchenko 629fec1a442SValeriy Savchenko if (const auto *Function = dyn_cast<FunctionDecl>(AnalyzedDecl)) { 630fec1a442SValeriy Savchenko findParamsToTrack(Function); 631fec1a442SValeriy Savchenko } else if (const auto *Method = dyn_cast<ObjCMethodDecl>(AnalyzedDecl)) { 632fec1a442SValeriy Savchenko findParamsToTrack(Method); 633fec1a442SValeriy Savchenko } else if (const auto *Block = dyn_cast<BlockDecl>(AnalyzedDecl)) { 634fec1a442SValeriy Savchenko findCapturesToTrack(Block); 635fec1a442SValeriy Savchenko findParamsToTrack(Block); 636fec1a442SValeriy Savchenko } 637fec1a442SValeriy Savchenko 638fec1a442SValeriy Savchenko // Have something to track, let's init states for every block from the CFG. 639fec1a442SValeriy Savchenko if (size() != 0) { 640fec1a442SValeriy Savchenko States = 641fec1a442SValeriy Savchenko CFGSizedVector<State>(FunctionCFG.getNumBlockIDs(), State(size())); 642fec1a442SValeriy Savchenko } 643fec1a442SValeriy Savchenko } 644fec1a442SValeriy Savchenko 645fec1a442SValeriy Savchenko void findCapturesToTrack(const BlockDecl *Block) { 646fec1a442SValeriy Savchenko for (const auto &Capture : Block->captures()) { 647fec1a442SValeriy Savchenko if (const auto *P = dyn_cast<ParmVarDecl>(Capture.getVariable())) { 648fec1a442SValeriy Savchenko // Parameter DeclContext is its owning function or method. 649fec1a442SValeriy Savchenko const DeclContext *ParamContext = P->getDeclContext(); 650fec1a442SValeriy Savchenko if (shouldBeCalledOnce(ParamContext, P)) { 651fec1a442SValeriy Savchenko TrackedParams.push_back(P); 652fec1a442SValeriy Savchenko } 653fec1a442SValeriy Savchenko } 654fec1a442SValeriy Savchenko } 655fec1a442SValeriy Savchenko } 656fec1a442SValeriy Savchenko 657fec1a442SValeriy Savchenko template <class FunctionLikeDecl> 658fec1a442SValeriy Savchenko void findParamsToTrack(const FunctionLikeDecl *Function) { 659fec1a442SValeriy Savchenko for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) { 660fec1a442SValeriy Savchenko if (shouldBeCalledOnce(Function, Index)) { 661fec1a442SValeriy Savchenko TrackedParams.push_back(Function->getParamDecl(Index)); 662fec1a442SValeriy Savchenko } 663fec1a442SValeriy Savchenko } 664fec1a442SValeriy Savchenko } 665fec1a442SValeriy Savchenko 666fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 667fec1a442SValeriy Savchenko // Main logic 'check' functions 668fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 669fec1a442SValeriy Savchenko 670fec1a442SValeriy Savchenko void check() { 671fec1a442SValeriy Savchenko // Nothing to check here: we don't have marked parameters. 672fec1a442SValeriy Savchenko if (size() == 0 || isPossiblyEmptyImpl()) 673fec1a442SValeriy Savchenko return; 674fec1a442SValeriy Savchenko 675fec1a442SValeriy Savchenko assert( 676fec1a442SValeriy Savchenko llvm::none_of(States, [](const State &S) { return S.isVisited(); }) && 677fec1a442SValeriy Savchenko "None of the blocks should be 'visited' before the analysis"); 678fec1a442SValeriy Savchenko 679fec1a442SValeriy Savchenko // For our task, both backward and forward approaches suite well. 680fec1a442SValeriy Savchenko // However, in order to report better diagnostics, we decided to go with 681fec1a442SValeriy Savchenko // backward analysis. 682fec1a442SValeriy Savchenko // 683fec1a442SValeriy Savchenko // Let's consider the following CFG and how forward and backward analyses 684fec1a442SValeriy Savchenko // will work for it. 685fec1a442SValeriy Savchenko // 686fec1a442SValeriy Savchenko // FORWARD: | BACKWARD: 687fec1a442SValeriy Savchenko // #1 | #1 688fec1a442SValeriy Savchenko // +---------+ | +-----------+ 689fec1a442SValeriy Savchenko // | if | | |MaybeCalled| 690fec1a442SValeriy Savchenko // +---------+ | +-----------+ 691fec1a442SValeriy Savchenko // |NotCalled| | | if | 692fec1a442SValeriy Savchenko // +---------+ | +-----------+ 693fec1a442SValeriy Savchenko // / \ | / \ 694fec1a442SValeriy Savchenko // #2 / \ #3 | #2 / \ #3 695fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+ 696fec1a442SValeriy Savchenko // | foo() | | ... | | |DefinitelyCalled| |NotCalled| 697fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+ 698fec1a442SValeriy Savchenko // |DefinitelyCalled| |NotCalled| | | foo() | | ... | 699fec1a442SValeriy Savchenko // +----------------+ +---------+ | +----------------+ +---------+ 700fec1a442SValeriy Savchenko // \ / | \ / 701fec1a442SValeriy Savchenko // \ #4 / | \ #4 / 702fec1a442SValeriy Savchenko // +-----------+ | +---------+ 703fec1a442SValeriy Savchenko // | ... | | |NotCalled| 704fec1a442SValeriy Savchenko // +-----------+ | +---------+ 705fec1a442SValeriy Savchenko // |MaybeCalled| | | ... | 706fec1a442SValeriy Savchenko // +-----------+ | +---------+ 707fec1a442SValeriy Savchenko // 708fec1a442SValeriy Savchenko // The most natural way to report lacking call in the block #3 would be to 709fec1a442SValeriy Savchenko // message that the false branch of the if statement in the block #1 doesn't 710fec1a442SValeriy Savchenko // have a call. And while with the forward approach we'll need to find a 711fec1a442SValeriy Savchenko // least common ancestor or something like that to find the 'if' to blame, 712fec1a442SValeriy Savchenko // backward analysis gives it to us out of the box. 713fec1a442SValeriy Savchenko BackwardDataflowWorklist Worklist(FunctionCFG, AC); 714fec1a442SValeriy Savchenko 715fec1a442SValeriy Savchenko // Let's visit EXIT. 716fec1a442SValeriy Savchenko const CFGBlock *Exit = &FunctionCFG.getExit(); 717fec1a442SValeriy Savchenko assignState(Exit, State(size(), ParameterStatus::NotCalled)); 718fec1a442SValeriy Savchenko Worklist.enqueuePredecessors(Exit); 719fec1a442SValeriy Savchenko 720fec1a442SValeriy Savchenko while (const CFGBlock *BB = Worklist.dequeue()) { 721fec1a442SValeriy Savchenko assert(BB && "Worklist should filter out null blocks"); 722fec1a442SValeriy Savchenko check(BB); 723fec1a442SValeriy Savchenko assert(CurrentState.isVisited() && 724fec1a442SValeriy Savchenko "After the check, basic block should be visited"); 725fec1a442SValeriy Savchenko 726fec1a442SValeriy Savchenko // Traverse successor basic blocks if the status of this block 727fec1a442SValeriy Savchenko // has changed. 728fec1a442SValeriy Savchenko if (assignState(BB, CurrentState)) { 729fec1a442SValeriy Savchenko Worklist.enqueuePredecessors(BB); 730fec1a442SValeriy Savchenko } 731fec1a442SValeriy Savchenko } 732fec1a442SValeriy Savchenko 733fec1a442SValeriy Savchenko // Check that we have all tracked parameters at the last block. 734fec1a442SValeriy Savchenko // As we are performing a backward version of the analysis, 735fec1a442SValeriy Savchenko // it should be the ENTRY block. 736fec1a442SValeriy Savchenko checkEntry(&FunctionCFG.getEntry()); 737fec1a442SValeriy Savchenko } 738fec1a442SValeriy Savchenko 739fec1a442SValeriy Savchenko void check(const CFGBlock *BB) { 740fec1a442SValeriy Savchenko // We start with a state 'inherited' from all the successors. 741fec1a442SValeriy Savchenko CurrentState = joinSuccessors(BB); 742fec1a442SValeriy Savchenko assert(CurrentState.isVisited() && 743fec1a442SValeriy Savchenko "Shouldn't start with a 'not visited' state"); 744fec1a442SValeriy Savchenko 745fec1a442SValeriy Savchenko // This is the 'exit' situation, broken promises are probably OK 746fec1a442SValeriy Savchenko // in such scenarios. 747fec1a442SValeriy Savchenko if (BB->hasNoReturnElement()) { 748fec1a442SValeriy Savchenko markNoReturn(); 749fec1a442SValeriy Savchenko // This block still can have calls (even multiple calls) and 750fec1a442SValeriy Savchenko // for this reason there is no early return here. 751fec1a442SValeriy Savchenko } 752fec1a442SValeriy Savchenko 753fec1a442SValeriy Savchenko // We use a backward dataflow propagation and for this reason we 754fec1a442SValeriy Savchenko // should traverse basic blocks bottom-up. 755fec1a442SValeriy Savchenko for (const CFGElement &Element : llvm::reverse(*BB)) { 7566ad0788cSKazu Hirata if (std::optional<CFGStmt> S = Element.getAs<CFGStmt>()) { 757fec1a442SValeriy Savchenko check(S->getStmt()); 758fec1a442SValeriy Savchenko } 759fec1a442SValeriy Savchenko } 760fec1a442SValeriy Savchenko } 761fec1a442SValeriy Savchenko void check(const Stmt *S) { Visit(S); } 762fec1a442SValeriy Savchenko 763fec1a442SValeriy Savchenko void checkEntry(const CFGBlock *Entry) { 764fec1a442SValeriy Savchenko // We finalize this algorithm with the ENTRY block because 765fec1a442SValeriy Savchenko // we use a backward version of the analysis. This is where 766fec1a442SValeriy Savchenko // we can judge that some of the tracked parameters are not called on 767fec1a442SValeriy Savchenko // every path from ENTRY to EXIT. 768fec1a442SValeriy Savchenko 769fec1a442SValeriy Savchenko const State &EntryStatus = getState(Entry); 770fec1a442SValeriy Savchenko llvm::BitVector NotCalledOnEveryPath(size(), false); 771fec1a442SValeriy Savchenko llvm::BitVector NotUsedOnEveryPath(size(), false); 772fec1a442SValeriy Savchenko 773fec1a442SValeriy Savchenko // Check if there are no calls of the marked parameter at all 774fec1a442SValeriy Savchenko for (const auto &IndexedStatus : llvm::enumerate(EntryStatus)) { 775fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(IndexedStatus.index()); 776fec1a442SValeriy Savchenko 777fec1a442SValeriy Savchenko switch (IndexedStatus.value().getKind()) { 778fec1a442SValeriy Savchenko case ParameterStatus::NotCalled: 779fec1a442SValeriy Savchenko // If there were places where this parameter escapes (aka being used), 780fec1a442SValeriy Savchenko // we can provide a more useful diagnostic by pointing at the exact 781fec1a442SValeriy Savchenko // branches where it is not even mentioned. 782fec1a442SValeriy Savchenko if (!hasEverEscaped(IndexedStatus.index())) { 783fec1a442SValeriy Savchenko // This parameter is was not used at all, so we should report the 784fec1a442SValeriy Savchenko // most generic version of the warning. 785fec1a442SValeriy Savchenko if (isCaptured(Parameter)) { 786fec1a442SValeriy Savchenko // We want to specify that it was captured by the block. 787fec1a442SValeriy Savchenko Handler.handleCapturedNeverCalled(Parameter, AC.getDecl(), 788fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter)); 789fec1a442SValeriy Savchenko } else { 790fec1a442SValeriy Savchenko Handler.handleNeverCalled(Parameter, 791fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter)); 792fec1a442SValeriy Savchenko } 793fec1a442SValeriy Savchenko } else { 794fec1a442SValeriy Savchenko // Mark it as 'interesting' to figure out which paths don't even 795fec1a442SValeriy Savchenko // have escapes. 796fec1a442SValeriy Savchenko NotUsedOnEveryPath[IndexedStatus.index()] = true; 797fec1a442SValeriy Savchenko } 798fec1a442SValeriy Savchenko 799fec1a442SValeriy Savchenko break; 800fec1a442SValeriy Savchenko case ParameterStatus::MaybeCalled: 801fec1a442SValeriy Savchenko // If we have 'maybe called' at this point, we have an error 802fec1a442SValeriy Savchenko // that there is at least one path where this parameter 803fec1a442SValeriy Savchenko // is not called. 804fec1a442SValeriy Savchenko // 805fec1a442SValeriy Savchenko // However, reporting the warning with only that information can be 806fec1a442SValeriy Savchenko // too vague for the users. For this reason, we mark such parameters 807fec1a442SValeriy Savchenko // as "interesting" for further analysis. 808fec1a442SValeriy Savchenko NotCalledOnEveryPath[IndexedStatus.index()] = true; 809fec1a442SValeriy Savchenko break; 810fec1a442SValeriy Savchenko default: 811fec1a442SValeriy Savchenko break; 812fec1a442SValeriy Savchenko } 813fec1a442SValeriy Savchenko } 814fec1a442SValeriy Savchenko 8154a7afc9aSValeriy Savchenko // Early exit if we don't have parameters for extra analysis... 8164a7afc9aSValeriy Savchenko if (NotCalledOnEveryPath.none() && NotUsedOnEveryPath.none() && 8174a7afc9aSValeriy Savchenko // ... or if we've seen variables with cleanup functions. 8184a7afc9aSValeriy Savchenko // We can't reason that we've seen every path in this case, 8194a7afc9aSValeriy Savchenko // and thus abandon reporting any warnings that imply that. 8204a7afc9aSValeriy Savchenko !FunctionHasCleanupVars) 821fec1a442SValeriy Savchenko return; 822fec1a442SValeriy Savchenko 823fec1a442SValeriy Savchenko // We are looking for a pair of blocks A, B so that the following is true: 824fec1a442SValeriy Savchenko // * A is a predecessor of B 825fec1a442SValeriy Savchenko // * B is marked as NotCalled 826fec1a442SValeriy Savchenko // * A has at least one successor marked as either 827fec1a442SValeriy Savchenko // Escaped or DefinitelyCalled 828fec1a442SValeriy Savchenko // 829fec1a442SValeriy Savchenko // In that situation, it is guaranteed that B is the first block of the path 830fec1a442SValeriy Savchenko // where the user doesn't call or use parameter in question. 831fec1a442SValeriy Savchenko // 832fec1a442SValeriy Savchenko // For this reason, branch A -> B can be used for reporting. 833fec1a442SValeriy Savchenko // 834fec1a442SValeriy Savchenko // This part of the algorithm is guarded by a condition that the function 835fec1a442SValeriy Savchenko // does indeed have a violation of contract. For this reason, we can 836fec1a442SValeriy Savchenko // spend more time to find a good spot to place the warning. 837fec1a442SValeriy Savchenko // 838fec1a442SValeriy Savchenko // The following algorithm has the worst case complexity of O(V + E), 839fec1a442SValeriy Savchenko // where V is the number of basic blocks in FunctionCFG, 840fec1a442SValeriy Savchenko // E is the number of edges between blocks in FunctionCFG. 841fec1a442SValeriy Savchenko for (const CFGBlock *BB : FunctionCFG) { 842fec1a442SValeriy Savchenko if (!BB) 843fec1a442SValeriy Savchenko continue; 844fec1a442SValeriy Savchenko 845fec1a442SValeriy Savchenko const State &BlockState = getState(BB); 846fec1a442SValeriy Savchenko 847fec1a442SValeriy Savchenko for (unsigned Index : llvm::seq(0u, size())) { 848fec1a442SValeriy Savchenko // We don't want to use 'isLosingCall' here because we want to report 849fec1a442SValeriy Savchenko // the following situation as well: 850fec1a442SValeriy Savchenko // 851fec1a442SValeriy Savchenko // MaybeCalled 852fec1a442SValeriy Savchenko // | ... | 853fec1a442SValeriy Savchenko // MaybeCalled NotCalled 854fec1a442SValeriy Savchenko // 855fec1a442SValeriy Savchenko // Even though successor is not 'DefinitelyCalled', it is still useful 856fec1a442SValeriy Savchenko // to report it, it is still a path without a call. 857fec1a442SValeriy Savchenko if (NotCalledOnEveryPath[Index] && 858fec1a442SValeriy Savchenko BlockState.getKindFor(Index) == ParameterStatus::MaybeCalled) { 859fec1a442SValeriy Savchenko 860fec1a442SValeriy Savchenko findAndReportNotCalledBranches(BB, Index); 861fec1a442SValeriy Savchenko } else if (NotUsedOnEveryPath[Index] && 862fec1a442SValeriy Savchenko isLosingEscape(BlockState, BB, Index)) { 863fec1a442SValeriy Savchenko 864fec1a442SValeriy Savchenko findAndReportNotCalledBranches(BB, Index, /* IsEscape = */ true); 865fec1a442SValeriy Savchenko } 866fec1a442SValeriy Savchenko } 867fec1a442SValeriy Savchenko } 868fec1a442SValeriy Savchenko } 869fec1a442SValeriy Savchenko 870fec1a442SValeriy Savchenko /// Check potential call of a tracked parameter. 871fec1a442SValeriy Savchenko void checkDirectCall(const CallExpr *Call) { 872fec1a442SValeriy Savchenko if (auto Index = getIndexOfCallee(Call)) { 873fec1a442SValeriy Savchenko processCallFor(*Index, Call); 874fec1a442SValeriy Savchenko } 875fec1a442SValeriy Savchenko } 876fec1a442SValeriy Savchenko 877fec1a442SValeriy Savchenko /// Check the call expression for being an indirect call of one of the tracked 878fec1a442SValeriy Savchenko /// parameters. It is indirect in the sense that this particular call is not 879fec1a442SValeriy Savchenko /// calling the parameter itself, but rather uses it as the argument. 880fec1a442SValeriy Savchenko template <class CallLikeExpr> 881fec1a442SValeriy Savchenko void checkIndirectCall(const CallLikeExpr *CallOrMessage) { 882fec1a442SValeriy Savchenko // CallExpr::arguments does not interact nicely with llvm::enumerate. 883a3c248dbSserge-sans-paille llvm::ArrayRef<const Expr *> Arguments = 884a3c248dbSserge-sans-paille llvm::ArrayRef(CallOrMessage->getArgs(), CallOrMessage->getNumArgs()); 885fec1a442SValeriy Savchenko 886fec1a442SValeriy Savchenko // Let's check if any of the call arguments is a point of interest. 887fec1a442SValeriy Savchenko for (const auto &Argument : llvm::enumerate(Arguments)) { 888fec1a442SValeriy Savchenko if (auto Index = getIndexOfExpression(Argument.value())) { 889fec1a442SValeriy Savchenko if (shouldBeCalledOnce(CallOrMessage, Argument.index())) { 890fec1a442SValeriy Savchenko // If the corresponding parameter is marked as 'called_once' we should 891fec1a442SValeriy Savchenko // consider it as a call. 892fec1a442SValeriy Savchenko processCallFor(*Index, CallOrMessage); 893c86dacd1SValeriy Savchenko } else { 894fec1a442SValeriy Savchenko // Otherwise, we mark this parameter as escaped, which can be 895fec1a442SValeriy Savchenko // interpreted both as called or not called depending on the context. 896c86dacd1SValeriy Savchenko processEscapeFor(*Index); 897fec1a442SValeriy Savchenko } 898fec1a442SValeriy Savchenko // Otherwise, let's keep the state as it is. 899fec1a442SValeriy Savchenko } 900fec1a442SValeriy Savchenko } 901fec1a442SValeriy Savchenko } 902fec1a442SValeriy Savchenko 903fec1a442SValeriy Savchenko /// Process call of the parameter with the given index 904fec1a442SValeriy Savchenko void processCallFor(unsigned Index, const Expr *Call) { 905fec1a442SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index); 906fec1a442SValeriy Savchenko 907fec1a442SValeriy Savchenko if (CurrentParamStatus.seenAnyCalls()) { 908fec1a442SValeriy Savchenko 909fec1a442SValeriy Savchenko // At this point, this parameter was called, so this is a second call. 910fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(Index); 911fec1a442SValeriy Savchenko Handler.handleDoubleCall( 912fec1a442SValeriy Savchenko Parameter, &CurrentState.getCallFor(Index), Call, 913fec1a442SValeriy Savchenko !isExplicitlyMarked(Parameter), 914fec1a442SValeriy Savchenko // We are sure that the second call is definitely 915fec1a442SValeriy Savchenko // going to happen if the status is 'DefinitelyCalled'. 916fec1a442SValeriy Savchenko CurrentParamStatus.getKind() == ParameterStatus::DefinitelyCalled); 917fec1a442SValeriy Savchenko 918fec1a442SValeriy Savchenko // Mark this parameter as already reported on, so we don't repeat 919fec1a442SValeriy Savchenko // warnings. 920fec1a442SValeriy Savchenko CurrentParamStatus = ParameterStatus::Reported; 921fec1a442SValeriy Savchenko 922fec1a442SValeriy Savchenko } else if (CurrentParamStatus.getKind() != ParameterStatus::Reported) { 923fec1a442SValeriy Savchenko // If we didn't report anything yet, let's mark this parameter 924fec1a442SValeriy Savchenko // as called. 925fec1a442SValeriy Savchenko ParameterStatus Called(ParameterStatus::DefinitelyCalled, Call); 926fec1a442SValeriy Savchenko CurrentParamStatus = Called; 927fec1a442SValeriy Savchenko } 928fec1a442SValeriy Savchenko } 929fec1a442SValeriy Savchenko 930c86dacd1SValeriy Savchenko /// Process escape of the parameter with the given index 931c86dacd1SValeriy Savchenko void processEscapeFor(unsigned Index) { 932c86dacd1SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index); 933c86dacd1SValeriy Savchenko 934c86dacd1SValeriy Savchenko // Escape overrides whatever error we think happened. 9352a068507SZiqing Luo if (CurrentParamStatus.isErrorStatus() && 9362a068507SZiqing Luo CurrentParamStatus.getKind() != ParameterStatus::Kind::Reported) { 937c86dacd1SValeriy Savchenko CurrentParamStatus = ParameterStatus::Escaped; 938c86dacd1SValeriy Savchenko } 939c86dacd1SValeriy Savchenko } 940c86dacd1SValeriy Savchenko 941fec1a442SValeriy Savchenko void findAndReportNotCalledBranches(const CFGBlock *Parent, unsigned Index, 942fec1a442SValeriy Savchenko bool IsEscape = false) { 943fec1a442SValeriy Savchenko for (const CFGBlock *Succ : Parent->succs()) { 944fec1a442SValeriy Savchenko if (!Succ) 945fec1a442SValeriy Savchenko continue; 946fec1a442SValeriy Savchenko 947fec1a442SValeriy Savchenko if (getState(Succ).getKindFor(Index) == ParameterStatus::NotCalled) { 948fec1a442SValeriy Savchenko assert(Parent->succ_size() >= 2 && 949fec1a442SValeriy Savchenko "Block should have at least two successors at this point"); 950fec1a442SValeriy Savchenko if (auto Clarification = NotCalledClarifier::clarify(Parent, Succ)) { 951fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(Index); 952f1a7d5a7SValeriy Savchenko Handler.handleNeverCalled( 953f1a7d5a7SValeriy Savchenko Parameter, AC.getDecl(), Clarification->Location, 954f1a7d5a7SValeriy Savchenko Clarification->Reason, !IsEscape, !isExplicitlyMarked(Parameter)); 955fec1a442SValeriy Savchenko } 956fec1a442SValeriy Savchenko } 957fec1a442SValeriy Savchenko } 958fec1a442SValeriy Savchenko } 959fec1a442SValeriy Savchenko 960fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 961fec1a442SValeriy Savchenko // Predicate functions to check parameters 962fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 963fec1a442SValeriy Savchenko 964fec1a442SValeriy Savchenko /// Return true if parameter is explicitly marked as 'called_once'. 965fec1a442SValeriy Savchenko static bool isExplicitlyMarked(const ParmVarDecl *Parameter) { 966fec1a442SValeriy Savchenko return Parameter->hasAttr<CalledOnceAttr>(); 967fec1a442SValeriy Savchenko } 968fec1a442SValeriy Savchenko 969fec1a442SValeriy Savchenko /// Return true if the given name matches conventional pattens. 970fec1a442SValeriy Savchenko static bool isConventional(llvm::StringRef Name) { 971fec1a442SValeriy Savchenko return llvm::count(CONVENTIONAL_NAMES, Name) != 0; 972fec1a442SValeriy Savchenko } 973fec1a442SValeriy Savchenko 974fec1a442SValeriy Savchenko /// Return true if the given name has conventional suffixes. 975fec1a442SValeriy Savchenko static bool hasConventionalSuffix(llvm::StringRef Name) { 976fec1a442SValeriy Savchenko return llvm::any_of(CONVENTIONAL_SUFFIXES, [Name](llvm::StringRef Suffix) { 977f3dcc235SKazu Hirata return Name.ends_with(Suffix); 978fec1a442SValeriy Savchenko }); 979fec1a442SValeriy Savchenko } 980fec1a442SValeriy Savchenko 981fec1a442SValeriy Savchenko /// Return true if the given type can be used for conventional parameters. 982fec1a442SValeriy Savchenko static bool isConventional(QualType Ty) { 983fec1a442SValeriy Savchenko if (!Ty->isBlockPointerType()) { 984fec1a442SValeriy Savchenko return false; 985fec1a442SValeriy Savchenko } 986fec1a442SValeriy Savchenko 9872901dc75SSimon Pilgrim QualType BlockType = Ty->castAs<BlockPointerType>()->getPointeeType(); 988fec1a442SValeriy Savchenko // Completion handlers should have a block type with void return type. 9892901dc75SSimon Pilgrim return BlockType->castAs<FunctionType>()->getReturnType()->isVoidType(); 990fec1a442SValeriy Savchenko } 991fec1a442SValeriy Savchenko 992fec1a442SValeriy Savchenko /// Return true if the only parameter of the function is conventional. 993fec1a442SValeriy Savchenko static bool isOnlyParameterConventional(const FunctionDecl *Function) { 994c4355670SErik Pilkington IdentifierInfo *II = Function->getIdentifier(); 995c4355670SErik Pilkington return Function->getNumParams() == 1 && II && 996c4355670SErik Pilkington hasConventionalSuffix(II->getName()); 997fec1a442SValeriy Savchenko } 998fec1a442SValeriy Savchenko 999fec1a442SValeriy Savchenko /// Return true/false if 'swift_async' attribute states that the given 1000fec1a442SValeriy Savchenko /// parameter is conventionally called once. 100135b4fbb5SKazu Hirata /// Return std::nullopt if the given declaration doesn't have 'swift_async' 1002fec1a442SValeriy Savchenko /// attribute. 10036ad0788cSKazu Hirata static std::optional<bool> isConventionalSwiftAsync(const Decl *D, 1004fec1a442SValeriy Savchenko unsigned ParamIndex) { 1005fec1a442SValeriy Savchenko if (const SwiftAsyncAttr *A = D->getAttr<SwiftAsyncAttr>()) { 1006fec1a442SValeriy Savchenko if (A->getKind() == SwiftAsyncAttr::None) { 1007fec1a442SValeriy Savchenko return false; 1008fec1a442SValeriy Savchenko } 1009fec1a442SValeriy Savchenko 1010fec1a442SValeriy Savchenko return A->getCompletionHandlerIndex().getASTIndex() == ParamIndex; 1011fec1a442SValeriy Savchenko } 101234e0d057SKazu Hirata return std::nullopt; 1013fec1a442SValeriy Savchenko } 1014fec1a442SValeriy Savchenko 101577f1e096SValeriy Savchenko /// Return true if the specified selector represents init method. 101677f1e096SValeriy Savchenko static bool isInitMethod(Selector MethodSelector) { 101777f1e096SValeriy Savchenko return MethodSelector.getMethodFamily() == OMF_init; 101877f1e096SValeriy Savchenko } 101977f1e096SValeriy Savchenko 1020fec1a442SValeriy Savchenko /// Return true if the specified selector piece matches conventions. 1021fec1a442SValeriy Savchenko static bool isConventionalSelectorPiece(Selector MethodSelector, 1022fec1a442SValeriy Savchenko unsigned PieceIndex, 1023fec1a442SValeriy Savchenko QualType PieceType) { 102477f1e096SValeriy Savchenko if (!isConventional(PieceType) || isInitMethod(MethodSelector)) { 1025fec1a442SValeriy Savchenko return false; 1026fec1a442SValeriy Savchenko } 1027fec1a442SValeriy Savchenko 1028fec1a442SValeriy Savchenko if (MethodSelector.getNumArgs() == 1) { 1029fec1a442SValeriy Savchenko assert(PieceIndex == 0); 1030fec1a442SValeriy Savchenko return hasConventionalSuffix(MethodSelector.getNameForSlot(0)); 1031fec1a442SValeriy Savchenko } 1032fec1a442SValeriy Savchenko 103359112eacSValeriy Savchenko llvm::StringRef PieceName = MethodSelector.getNameForSlot(PieceIndex); 103459112eacSValeriy Savchenko return isConventional(PieceName) || hasConventionalSuffix(PieceName); 1035fec1a442SValeriy Savchenko } 1036fec1a442SValeriy Savchenko 1037fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ParmVarDecl *Parameter) const { 1038fec1a442SValeriy Savchenko return isExplicitlyMarked(Parameter) || 1039fec1a442SValeriy Savchenko (CheckConventionalParameters && 104059112eacSValeriy Savchenko (isConventional(Parameter->getName()) || 104159112eacSValeriy Savchenko hasConventionalSuffix(Parameter->getName())) && 1042fec1a442SValeriy Savchenko isConventional(Parameter->getType())); 1043fec1a442SValeriy Savchenko } 1044fec1a442SValeriy Savchenko 1045fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const DeclContext *ParamContext, 1046fec1a442SValeriy Savchenko const ParmVarDecl *Param) { 1047fec1a442SValeriy Savchenko unsigned ParamIndex = Param->getFunctionScopeIndex(); 1048fec1a442SValeriy Savchenko if (const auto *Function = dyn_cast<FunctionDecl>(ParamContext)) { 1049fec1a442SValeriy Savchenko return shouldBeCalledOnce(Function, ParamIndex); 1050fec1a442SValeriy Savchenko } 1051fec1a442SValeriy Savchenko if (const auto *Method = dyn_cast<ObjCMethodDecl>(ParamContext)) { 1052fec1a442SValeriy Savchenko return shouldBeCalledOnce(Method, ParamIndex); 1053fec1a442SValeriy Savchenko } 1054fec1a442SValeriy Savchenko return shouldBeCalledOnce(Param); 1055fec1a442SValeriy Savchenko } 1056fec1a442SValeriy Savchenko 1057fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const BlockDecl *Block, unsigned ParamIndex) const { 1058fec1a442SValeriy Savchenko return shouldBeCalledOnce(Block->getParamDecl(ParamIndex)); 1059fec1a442SValeriy Savchenko } 1060fec1a442SValeriy Savchenko 1061fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const FunctionDecl *Function, 1062fec1a442SValeriy Savchenko unsigned ParamIndex) const { 1063fec1a442SValeriy Savchenko if (ParamIndex >= Function->getNumParams()) { 1064fec1a442SValeriy Savchenko return false; 1065fec1a442SValeriy Savchenko } 1066fec1a442SValeriy Savchenko // 'swift_async' goes first and overrides anything else. 1067fec1a442SValeriy Savchenko if (auto ConventionalAsync = 1068fec1a442SValeriy Savchenko isConventionalSwiftAsync(Function, ParamIndex)) { 1069ca4af13eSKazu Hirata return *ConventionalAsync; 1070fec1a442SValeriy Savchenko } 1071fec1a442SValeriy Savchenko 1072fec1a442SValeriy Savchenko return shouldBeCalledOnce(Function->getParamDecl(ParamIndex)) || 1073fec1a442SValeriy Savchenko (CheckConventionalParameters && 1074fec1a442SValeriy Savchenko isOnlyParameterConventional(Function)); 1075fec1a442SValeriy Savchenko } 1076fec1a442SValeriy Savchenko 1077fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ObjCMethodDecl *Method, 1078fec1a442SValeriy Savchenko unsigned ParamIndex) const { 1079fec1a442SValeriy Savchenko Selector MethodSelector = Method->getSelector(); 1080fec1a442SValeriy Savchenko if (ParamIndex >= MethodSelector.getNumArgs()) { 1081fec1a442SValeriy Savchenko return false; 1082fec1a442SValeriy Savchenko } 1083fec1a442SValeriy Savchenko 1084fec1a442SValeriy Savchenko // 'swift_async' goes first and overrides anything else. 1085fec1a442SValeriy Savchenko if (auto ConventionalAsync = isConventionalSwiftAsync(Method, ParamIndex)) { 1086ca4af13eSKazu Hirata return *ConventionalAsync; 1087fec1a442SValeriy Savchenko } 1088fec1a442SValeriy Savchenko 1089fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = Method->getParamDecl(ParamIndex); 1090fec1a442SValeriy Savchenko return shouldBeCalledOnce(Parameter) || 1091fec1a442SValeriy Savchenko (CheckConventionalParameters && 1092fec1a442SValeriy Savchenko isConventionalSelectorPiece(MethodSelector, ParamIndex, 1093fec1a442SValeriy Savchenko Parameter->getType())); 1094fec1a442SValeriy Savchenko } 1095fec1a442SValeriy Savchenko 1096fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const CallExpr *Call, unsigned ParamIndex) const { 1097fec1a442SValeriy Savchenko const FunctionDecl *Function = Call->getDirectCallee(); 1098fec1a442SValeriy Savchenko return Function && shouldBeCalledOnce(Function, ParamIndex); 1099fec1a442SValeriy Savchenko } 1100fec1a442SValeriy Savchenko 1101fec1a442SValeriy Savchenko bool shouldBeCalledOnce(const ObjCMessageExpr *Message, 1102fec1a442SValeriy Savchenko unsigned ParamIndex) const { 1103fec1a442SValeriy Savchenko const ObjCMethodDecl *Method = Message->getMethodDecl(); 1104fec1a442SValeriy Savchenko return Method && ParamIndex < Method->param_size() && 1105fec1a442SValeriy Savchenko shouldBeCalledOnce(Method, ParamIndex); 1106fec1a442SValeriy Savchenko } 1107fec1a442SValeriy Savchenko 1108fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 1109fec1a442SValeriy Savchenko // Utility methods 1110fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 1111fec1a442SValeriy Savchenko 1112fec1a442SValeriy Savchenko bool isCaptured(const ParmVarDecl *Parameter) const { 1113fec1a442SValeriy Savchenko if (const BlockDecl *Block = dyn_cast<BlockDecl>(AC.getDecl())) { 1114fec1a442SValeriy Savchenko return Block->capturesVariable(Parameter); 1115fec1a442SValeriy Savchenko } 1116fec1a442SValeriy Savchenko return false; 1117fec1a442SValeriy Savchenko } 1118fec1a442SValeriy Savchenko 1119f1a7d5a7SValeriy Savchenko // Return a call site where the block is called exactly once or null otherwise 1120f1a7d5a7SValeriy Savchenko const Expr *getBlockGuaraneedCallSite(const BlockExpr *Block) const { 1121f1a7d5a7SValeriy Savchenko ParentMap &PM = AC.getParentMap(); 1122f1a7d5a7SValeriy Savchenko 1123f1a7d5a7SValeriy Savchenko // We don't want to track the block through assignments and so on, instead 1124f1a7d5a7SValeriy Savchenko // we simply see how the block used and if it's used directly in a call, 1125f1a7d5a7SValeriy Savchenko // we decide based on call to what it is. 1126f1a7d5a7SValeriy Savchenko // 1127f1a7d5a7SValeriy Savchenko // In order to do this, we go up the parents of the block looking for 1128f1a7d5a7SValeriy Savchenko // a call or a message expressions. These might not be immediate parents 1129f1a7d5a7SValeriy Savchenko // of the actual block expression due to casts and parens, so we skip them. 1130f1a7d5a7SValeriy Savchenko for (const Stmt *Prev = Block, *Current = PM.getParent(Block); 1131f1a7d5a7SValeriy Savchenko Current != nullptr; Prev = Current, Current = PM.getParent(Current)) { 1132f1a7d5a7SValeriy Savchenko // Skip no-op (for our case) operations. 1133f1a7d5a7SValeriy Savchenko if (isa<CastExpr>(Current) || isa<ParenExpr>(Current)) 1134f1a7d5a7SValeriy Savchenko continue; 1135f1a7d5a7SValeriy Savchenko 1136f1a7d5a7SValeriy Savchenko // At this point, Prev represents our block as an immediate child of the 1137f1a7d5a7SValeriy Savchenko // call. 1138f1a7d5a7SValeriy Savchenko if (const auto *Call = dyn_cast<CallExpr>(Current)) { 1139f1a7d5a7SValeriy Savchenko // It might be the call of the Block itself... 1140f1a7d5a7SValeriy Savchenko if (Call->getCallee() == Prev) 1141f1a7d5a7SValeriy Savchenko return Call; 1142f1a7d5a7SValeriy Savchenko 1143f1a7d5a7SValeriy Savchenko // ...or it can be an indirect call of the block. 1144f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Call, Prev) ? Call : nullptr; 1145f1a7d5a7SValeriy Savchenko } 1146f1a7d5a7SValeriy Savchenko if (const auto *Message = dyn_cast<ObjCMessageExpr>(Current)) { 1147f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Message, Prev) ? Message 1148f1a7d5a7SValeriy Savchenko : nullptr; 1149f1a7d5a7SValeriy Savchenko } 1150f1a7d5a7SValeriy Savchenko 1151f1a7d5a7SValeriy Savchenko break; 1152f1a7d5a7SValeriy Savchenko } 1153f1a7d5a7SValeriy Savchenko 1154f1a7d5a7SValeriy Savchenko return nullptr; 1155f1a7d5a7SValeriy Savchenko } 1156f1a7d5a7SValeriy Savchenko 1157f1a7d5a7SValeriy Savchenko template <class CallLikeExpr> 1158f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const CallLikeExpr *CallOrMessage, 1159f1a7d5a7SValeriy Savchenko const Stmt *BlockArgument) const { 1160f1a7d5a7SValeriy Savchenko // CallExpr::arguments does not interact nicely with llvm::enumerate. 1161a3c248dbSserge-sans-paille llvm::ArrayRef<const Expr *> Arguments = 1162a3c248dbSserge-sans-paille llvm::ArrayRef(CallOrMessage->getArgs(), CallOrMessage->getNumArgs()); 1163f1a7d5a7SValeriy Savchenko 1164f1a7d5a7SValeriy Savchenko for (const auto &Argument : llvm::enumerate(Arguments)) { 1165f1a7d5a7SValeriy Savchenko if (Argument.value() == BlockArgument) { 1166f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(CallOrMessage, Argument.index()); 1167f1a7d5a7SValeriy Savchenko } 1168f1a7d5a7SValeriy Savchenko } 1169f1a7d5a7SValeriy Savchenko 1170f1a7d5a7SValeriy Savchenko return false; 1171f1a7d5a7SValeriy Savchenko } 1172f1a7d5a7SValeriy Savchenko 1173f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const CallExpr *Call, 1174f1a7d5a7SValeriy Savchenko unsigned ParamIndex) const { 1175f1a7d5a7SValeriy Savchenko const FunctionDecl *Function = Call->getDirectCallee(); 1176f1a7d5a7SValeriy Savchenko return shouldBlockArgumentBeCalledOnce(Function, ParamIndex) || 1177f1a7d5a7SValeriy Savchenko shouldBeCalledOnce(Call, ParamIndex); 1178f1a7d5a7SValeriy Savchenko } 1179f1a7d5a7SValeriy Savchenko 1180f1a7d5a7SValeriy Savchenko bool shouldBlockArgumentBeCalledOnce(const ObjCMessageExpr *Message, 1181f1a7d5a7SValeriy Savchenko unsigned ParamIndex) const { 1182f1a7d5a7SValeriy Savchenko // At the moment, we don't have any Obj-C methods we want to specifically 1183f1a7d5a7SValeriy Savchenko // check in here. 1184f1a7d5a7SValeriy Savchenko return shouldBeCalledOnce(Message, ParamIndex); 1185f1a7d5a7SValeriy Savchenko } 1186f1a7d5a7SValeriy Savchenko 1187f1a7d5a7SValeriy Savchenko static bool shouldBlockArgumentBeCalledOnce(const FunctionDecl *Function, 1188f1a7d5a7SValeriy Savchenko unsigned ParamIndex) { 1189f1a7d5a7SValeriy Savchenko // There is a list of important API functions that while not following 1190f1a7d5a7SValeriy Savchenko // conventions nor being directly annotated, still guarantee that the 1191f1a7d5a7SValeriy Savchenko // callback parameter will be called exactly once. 1192f1a7d5a7SValeriy Savchenko // 1193f1a7d5a7SValeriy Savchenko // Here we check if this is the case. 1194f1a7d5a7SValeriy Savchenko return Function && 1195f1a7d5a7SValeriy Savchenko llvm::any_of(KNOWN_CALLED_ONCE_PARAMETERS, 1196f1a7d5a7SValeriy Savchenko [Function, ParamIndex]( 1197f1a7d5a7SValeriy Savchenko const KnownCalledOnceParameter &Reference) { 1198f1a7d5a7SValeriy Savchenko return Reference.FunctionName == 1199f1a7d5a7SValeriy Savchenko Function->getName() && 1200f1a7d5a7SValeriy Savchenko Reference.ParamIndex == ParamIndex; 1201f1a7d5a7SValeriy Savchenko }); 1202f1a7d5a7SValeriy Savchenko } 1203f1a7d5a7SValeriy Savchenko 1204fec1a442SValeriy Savchenko /// Return true if the analyzed function is actually a default implementation 1205fec1a442SValeriy Savchenko /// of the method that has to be overriden. 1206fec1a442SValeriy Savchenko /// 1207fec1a442SValeriy Savchenko /// These functions can have tracked parameters, but wouldn't call them 1208fec1a442SValeriy Savchenko /// because they are not designed to perform any meaningful actions. 1209fec1a442SValeriy Savchenko /// 1210fec1a442SValeriy Savchenko /// There are a couple of flavors of such default implementations: 1211fec1a442SValeriy Savchenko /// 1. Empty methods or methods with a single return statement 1212fec1a442SValeriy Savchenko /// 2. Methods that have one block with a call to no return function 1213fec1a442SValeriy Savchenko /// 3. Methods with only assertion-like operations 1214fec1a442SValeriy Savchenko bool isPossiblyEmptyImpl() const { 1215fec1a442SValeriy Savchenko if (!isa<ObjCMethodDecl>(AC.getDecl())) { 1216fec1a442SValeriy Savchenko // We care only about functions that are not supposed to be called. 1217fec1a442SValeriy Savchenko // Only methods can be overriden. 1218fec1a442SValeriy Savchenko return false; 1219fec1a442SValeriy Savchenko } 1220fec1a442SValeriy Savchenko 1221fec1a442SValeriy Savchenko // Case #1 (without return statements) 1222fec1a442SValeriy Savchenko if (FunctionCFG.size() == 2) { 1223fec1a442SValeriy Savchenko // Method has only two blocks: ENTRY and EXIT. 1224fec1a442SValeriy Savchenko // This is equivalent to empty function. 1225fec1a442SValeriy Savchenko return true; 1226fec1a442SValeriy Savchenko } 1227fec1a442SValeriy Savchenko 1228fec1a442SValeriy Savchenko // Case #2 1229fec1a442SValeriy Savchenko if (FunctionCFG.size() == 3) { 1230fec1a442SValeriy Savchenko const CFGBlock &Entry = FunctionCFG.getEntry(); 1231fec1a442SValeriy Savchenko if (Entry.succ_empty()) { 1232fec1a442SValeriy Savchenko return false; 1233fec1a442SValeriy Savchenko } 1234fec1a442SValeriy Savchenko 1235fec1a442SValeriy Savchenko const CFGBlock *OnlyBlock = *Entry.succ_begin(); 1236fec1a442SValeriy Savchenko // Method has only one block, let's see if it has a no-return 1237fec1a442SValeriy Savchenko // element. 1238fec1a442SValeriy Savchenko if (OnlyBlock && OnlyBlock->hasNoReturnElement()) { 1239fec1a442SValeriy Savchenko return true; 1240fec1a442SValeriy Savchenko } 1241fec1a442SValeriy Savchenko // Fallthrough, CFGs with only one block can fall into #1 and #3 as well. 1242fec1a442SValeriy Savchenko } 1243fec1a442SValeriy Savchenko 1244fec1a442SValeriy Savchenko // Cases #1 (return statements) and #3. 1245fec1a442SValeriy Savchenko // 1246fec1a442SValeriy Savchenko // It is hard to detect that something is an assertion or came 1247fec1a442SValeriy Savchenko // from assertion. Here we use a simple heuristic: 1248fec1a442SValeriy Savchenko // 1249fec1a442SValeriy Savchenko // - If it came from a macro, it can be an assertion. 1250fec1a442SValeriy Savchenko // 1251fec1a442SValeriy Savchenko // Additionally, we can't assume a number of basic blocks or the CFG's 1252fec1a442SValeriy Savchenko // structure because assertions might include loops and conditions. 1253fec1a442SValeriy Savchenko return llvm::all_of(FunctionCFG, [](const CFGBlock *BB) { 1254fec1a442SValeriy Savchenko if (!BB) { 1255fec1a442SValeriy Savchenko // Unreachable blocks are totally fine. 1256fec1a442SValeriy Savchenko return true; 1257fec1a442SValeriy Savchenko } 1258fec1a442SValeriy Savchenko 1259fec1a442SValeriy Savchenko // Return statements can have sub-expressions that are represented as 1260fec1a442SValeriy Savchenko // separate statements of a basic block. We should allow this. 1261fec1a442SValeriy Savchenko // This parent map will be initialized with a parent tree for all 1262fec1a442SValeriy Savchenko // subexpressions of the block's return statement (if it has one). 1263fec1a442SValeriy Savchenko std::unique_ptr<ParentMap> ReturnChildren; 1264fec1a442SValeriy Savchenko 1265fec1a442SValeriy Savchenko return llvm::all_of( 1266fec1a442SValeriy Savchenko llvm::reverse(*BB), // we should start with return statements, if we 1267fec1a442SValeriy Savchenko // have any, i.e. from the bottom of the block 1268fec1a442SValeriy Savchenko [&ReturnChildren](const CFGElement &Element) { 12696ad0788cSKazu Hirata if (std::optional<CFGStmt> S = Element.getAs<CFGStmt>()) { 1270fec1a442SValeriy Savchenko const Stmt *SuspiciousStmt = S->getStmt(); 1271fec1a442SValeriy Savchenko 1272fec1a442SValeriy Savchenko if (isa<ReturnStmt>(SuspiciousStmt)) { 1273fec1a442SValeriy Savchenko // Let's initialize this structure to test whether 1274fec1a442SValeriy Savchenko // some further statement is a part of this return. 1275fec1a442SValeriy Savchenko ReturnChildren = std::make_unique<ParentMap>( 1276fec1a442SValeriy Savchenko const_cast<Stmt *>(SuspiciousStmt)); 1277fec1a442SValeriy Savchenko // Return statements are allowed as part of #1. 1278fec1a442SValeriy Savchenko return true; 1279fec1a442SValeriy Savchenko } 1280fec1a442SValeriy Savchenko 1281fec1a442SValeriy Savchenko return SuspiciousStmt->getBeginLoc().isMacroID() || 1282fec1a442SValeriy Savchenko (ReturnChildren && 1283fec1a442SValeriy Savchenko ReturnChildren->hasParent(SuspiciousStmt)); 1284fec1a442SValeriy Savchenko } 1285fec1a442SValeriy Savchenko return true; 1286fec1a442SValeriy Savchenko }); 1287fec1a442SValeriy Savchenko }); 1288fec1a442SValeriy Savchenko } 1289fec1a442SValeriy Savchenko 1290fec1a442SValeriy Savchenko /// Check if parameter with the given index has ever escaped. 1291fec1a442SValeriy Savchenko bool hasEverEscaped(unsigned Index) const { 1292fec1a442SValeriy Savchenko return llvm::any_of(States, [Index](const State &StateForOneBB) { 1293fec1a442SValeriy Savchenko return StateForOneBB.getKindFor(Index) == ParameterStatus::Escaped; 1294fec1a442SValeriy Savchenko }); 1295fec1a442SValeriy Savchenko } 1296fec1a442SValeriy Savchenko 1297fec1a442SValeriy Savchenko /// Return status stored for the given basic block. 1298fec1a442SValeriy Savchenko /// \{ 1299fec1a442SValeriy Savchenko State &getState(const CFGBlock *BB) { 1300fec1a442SValeriy Savchenko assert(BB); 1301fec1a442SValeriy Savchenko return States[BB->getBlockID()]; 1302fec1a442SValeriy Savchenko } 1303fec1a442SValeriy Savchenko const State &getState(const CFGBlock *BB) const { 1304fec1a442SValeriy Savchenko assert(BB); 1305fec1a442SValeriy Savchenko return States[BB->getBlockID()]; 1306fec1a442SValeriy Savchenko } 1307fec1a442SValeriy Savchenko /// \} 1308fec1a442SValeriy Savchenko 1309fec1a442SValeriy Savchenko /// Assign status to the given basic block. 1310fec1a442SValeriy Savchenko /// 1311fec1a442SValeriy Savchenko /// Returns true when the stored status changed. 1312fec1a442SValeriy Savchenko bool assignState(const CFGBlock *BB, const State &ToAssign) { 1313fec1a442SValeriy Savchenko State &Current = getState(BB); 1314fec1a442SValeriy Savchenko if (Current == ToAssign) { 1315fec1a442SValeriy Savchenko return false; 1316fec1a442SValeriy Savchenko } 1317fec1a442SValeriy Savchenko 1318fec1a442SValeriy Savchenko Current = ToAssign; 1319fec1a442SValeriy Savchenko return true; 1320fec1a442SValeriy Savchenko } 1321fec1a442SValeriy Savchenko 1322fec1a442SValeriy Savchenko /// Join all incoming statuses for the given basic block. 1323fec1a442SValeriy Savchenko State joinSuccessors(const CFGBlock *BB) const { 1324fec1a442SValeriy Savchenko auto Succs = 1325fec1a442SValeriy Savchenko llvm::make_filter_range(BB->succs(), [this](const CFGBlock *Succ) { 1326fec1a442SValeriy Savchenko return Succ && this->getState(Succ).isVisited(); 1327fec1a442SValeriy Savchenko }); 1328fec1a442SValeriy Savchenko // We came to this block from somewhere after all. 1329fec1a442SValeriy Savchenko assert(!Succs.empty() && 1330fec1a442SValeriy Savchenko "Basic block should have at least one visited successor"); 1331fec1a442SValeriy Savchenko 1332fec1a442SValeriy Savchenko State Result = getState(*Succs.begin()); 1333fec1a442SValeriy Savchenko 1334fec1a442SValeriy Savchenko for (const CFGBlock *Succ : llvm::drop_begin(Succs, 1)) { 1335fec1a442SValeriy Savchenko Result.join(getState(Succ)); 1336fec1a442SValeriy Savchenko } 1337fec1a442SValeriy Savchenko 1338fec1a442SValeriy Savchenko if (const Expr *Condition = getCondition(BB->getTerminatorStmt())) { 1339fec1a442SValeriy Savchenko handleConditional(BB, Condition, Result); 1340fec1a442SValeriy Savchenko } 1341fec1a442SValeriy Savchenko 1342fec1a442SValeriy Savchenko return Result; 1343fec1a442SValeriy Savchenko } 1344fec1a442SValeriy Savchenko 1345fec1a442SValeriy Savchenko void handleConditional(const CFGBlock *BB, const Expr *Condition, 1346fec1a442SValeriy Savchenko State &ToAlter) const { 1347fec1a442SValeriy Savchenko handleParameterCheck(BB, Condition, ToAlter); 1348fec1a442SValeriy Savchenko if (SuppressOnConventionalErrorPaths) { 1349fec1a442SValeriy Savchenko handleConventionalCheck(BB, Condition, ToAlter); 1350fec1a442SValeriy Savchenko } 1351fec1a442SValeriy Savchenko } 1352fec1a442SValeriy Savchenko 1353fec1a442SValeriy Savchenko void handleParameterCheck(const CFGBlock *BB, const Expr *Condition, 1354fec1a442SValeriy Savchenko State &ToAlter) const { 1355fec1a442SValeriy Savchenko // In this function, we try to deal with the following pattern: 1356fec1a442SValeriy Savchenko // 1357fec1a442SValeriy Savchenko // if (parameter) 1358fec1a442SValeriy Savchenko // parameter(...); 1359fec1a442SValeriy Savchenko // 1360fec1a442SValeriy Savchenko // It's not good to show a warning here because clearly 'parameter' 1361fec1a442SValeriy Savchenko // couldn't and shouldn't be called on the 'else' path. 1362fec1a442SValeriy Savchenko // 1363fec1a442SValeriy Savchenko // Let's check if this if statement has a check involving one of 1364fec1a442SValeriy Savchenko // the tracked parameters. 1365fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl( 1366fec1a442SValeriy Savchenko Condition, 1367fec1a442SValeriy Savchenko /* ShouldRetrieveFromComparisons = */ true)) { 1368fec1a442SValeriy Savchenko if (const auto Index = getIndex(*Parameter)) { 1369fec1a442SValeriy Savchenko ParameterStatus &CurrentStatus = ToAlter.getStatusFor(*Index); 1370fec1a442SValeriy Savchenko 1371fec1a442SValeriy Savchenko // We don't want to deep dive into semantics of the check and 1372fec1a442SValeriy Savchenko // figure out if that check was for null or something else. 1373fec1a442SValeriy Savchenko // We simply trust the user that they know what they are doing. 1374fec1a442SValeriy Savchenko // 1375fec1a442SValeriy Savchenko // For this reason, in the following loop we look for the 1376fec1a442SValeriy Savchenko // best-looking option. 1377fec1a442SValeriy Savchenko for (const CFGBlock *Succ : BB->succs()) { 1378fec1a442SValeriy Savchenko if (!Succ) 1379fec1a442SValeriy Savchenko continue; 1380fec1a442SValeriy Savchenko 1381fec1a442SValeriy Savchenko const ParameterStatus &StatusInSucc = 1382fec1a442SValeriy Savchenko getState(Succ).getStatusFor(*Index); 1383fec1a442SValeriy Savchenko 1384fec1a442SValeriy Savchenko if (StatusInSucc.isErrorStatus()) { 1385fec1a442SValeriy Savchenko continue; 1386fec1a442SValeriy Savchenko } 1387fec1a442SValeriy Savchenko 1388fec1a442SValeriy Savchenko // Let's use this status instead. 1389fec1a442SValeriy Savchenko CurrentStatus = StatusInSucc; 1390fec1a442SValeriy Savchenko 1391fec1a442SValeriy Savchenko if (StatusInSucc.getKind() == ParameterStatus::DefinitelyCalled) { 1392fec1a442SValeriy Savchenko // This is the best option to have and we already found it. 1393fec1a442SValeriy Savchenko break; 1394fec1a442SValeriy Savchenko } 1395fec1a442SValeriy Savchenko 1396fec1a442SValeriy Savchenko // If we found 'Escaped' first, we still might find 'DefinitelyCalled' 1397fec1a442SValeriy Savchenko // on the other branch. And we prefer the latter. 1398fec1a442SValeriy Savchenko } 1399fec1a442SValeriy Savchenko } 1400fec1a442SValeriy Savchenko } 1401fec1a442SValeriy Savchenko } 1402fec1a442SValeriy Savchenko 1403fec1a442SValeriy Savchenko void handleConventionalCheck(const CFGBlock *BB, const Expr *Condition, 1404fec1a442SValeriy Savchenko State &ToAlter) const { 1405fec1a442SValeriy Savchenko // Even when the analysis is technically correct, it is a widespread pattern 1406fec1a442SValeriy Savchenko // not to call completion handlers in some scenarios. These usually have 1407fec1a442SValeriy Savchenko // typical conditional names, such as 'error' or 'cancel'. 1408fec1a442SValeriy Savchenko if (!mentionsAnyOfConventionalNames(Condition)) { 1409fec1a442SValeriy Savchenko return; 1410fec1a442SValeriy Savchenko } 1411fec1a442SValeriy Savchenko 1412fec1a442SValeriy Savchenko for (const auto &IndexedStatus : llvm::enumerate(ToAlter)) { 1413fec1a442SValeriy Savchenko const ParmVarDecl *Parameter = getParameter(IndexedStatus.index()); 1414fec1a442SValeriy Savchenko // Conventions do not apply to explicitly marked parameters. 1415fec1a442SValeriy Savchenko if (isExplicitlyMarked(Parameter)) { 1416fec1a442SValeriy Savchenko continue; 1417fec1a442SValeriy Savchenko } 1418fec1a442SValeriy Savchenko 1419fec1a442SValeriy Savchenko ParameterStatus &CurrentStatus = IndexedStatus.value(); 1420fec1a442SValeriy Savchenko // If we did find that on one of the branches the user uses the callback 1421fec1a442SValeriy Savchenko // and doesn't on the other path, we believe that they know what they are 1422fec1a442SValeriy Savchenko // doing and trust them. 1423fec1a442SValeriy Savchenko // 1424fec1a442SValeriy Savchenko // There are two possible scenarios for that: 1425fec1a442SValeriy Savchenko // 1. Current status is 'MaybeCalled' and one of the branches is 1426fec1a442SValeriy Savchenko // 'DefinitelyCalled' 1427fec1a442SValeriy Savchenko // 2. Current status is 'NotCalled' and one of the branches is 'Escaped' 1428fec1a442SValeriy Savchenko if (isLosingCall(ToAlter, BB, IndexedStatus.index()) || 1429fec1a442SValeriy Savchenko isLosingEscape(ToAlter, BB, IndexedStatus.index())) { 1430fec1a442SValeriy Savchenko CurrentStatus = ParameterStatus::Escaped; 1431fec1a442SValeriy Savchenko } 1432fec1a442SValeriy Savchenko } 1433fec1a442SValeriy Savchenko } 1434fec1a442SValeriy Savchenko 1435fec1a442SValeriy Savchenko bool isLosingCall(const State &StateAfterJoin, const CFGBlock *JoinBlock, 1436fec1a442SValeriy Savchenko unsigned ParameterIndex) const { 1437fec1a442SValeriy Savchenko // Let's check if the block represents DefinitelyCalled -> MaybeCalled 1438fec1a442SValeriy Savchenko // transition. 1439fec1a442SValeriy Savchenko return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex, 1440fec1a442SValeriy Savchenko ParameterStatus::MaybeCalled, 1441fec1a442SValeriy Savchenko ParameterStatus::DefinitelyCalled); 1442fec1a442SValeriy Savchenko } 1443fec1a442SValeriy Savchenko 1444fec1a442SValeriy Savchenko bool isLosingEscape(const State &StateAfterJoin, const CFGBlock *JoinBlock, 1445fec1a442SValeriy Savchenko unsigned ParameterIndex) const { 1446fec1a442SValeriy Savchenko // Let's check if the block represents Escaped -> NotCalled transition. 1447fec1a442SValeriy Savchenko return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex, 1448fec1a442SValeriy Savchenko ParameterStatus::NotCalled, ParameterStatus::Escaped); 1449fec1a442SValeriy Savchenko } 1450fec1a442SValeriy Savchenko 1451fec1a442SValeriy Savchenko bool isLosingJoin(const State &StateAfterJoin, const CFGBlock *JoinBlock, 1452fec1a442SValeriy Savchenko unsigned ParameterIndex, ParameterStatus::Kind AfterJoin, 1453fec1a442SValeriy Savchenko ParameterStatus::Kind BeforeJoin) const { 1454fec1a442SValeriy Savchenko assert(!ParameterStatus::isErrorStatus(BeforeJoin) && 1455fec1a442SValeriy Savchenko ParameterStatus::isErrorStatus(AfterJoin) && 1456fec1a442SValeriy Savchenko "It's not a losing join if statuses do not represent " 1457fec1a442SValeriy Savchenko "correct-to-error transition"); 1458fec1a442SValeriy Savchenko 1459fec1a442SValeriy Savchenko const ParameterStatus &CurrentStatus = 1460fec1a442SValeriy Savchenko StateAfterJoin.getStatusFor(ParameterIndex); 1461fec1a442SValeriy Savchenko 1462fec1a442SValeriy Savchenko return CurrentStatus.getKind() == AfterJoin && 1463fec1a442SValeriy Savchenko anySuccessorHasStatus(JoinBlock, ParameterIndex, BeforeJoin); 1464fec1a442SValeriy Savchenko } 1465fec1a442SValeriy Savchenko 1466fec1a442SValeriy Savchenko /// Return true if any of the successors of the given basic block has 1467fec1a442SValeriy Savchenko /// a specified status for the given parameter. 1468fec1a442SValeriy Savchenko bool anySuccessorHasStatus(const CFGBlock *Parent, unsigned ParameterIndex, 1469fec1a442SValeriy Savchenko ParameterStatus::Kind ToFind) const { 1470fec1a442SValeriy Savchenko return llvm::any_of( 1471fec1a442SValeriy Savchenko Parent->succs(), [this, ParameterIndex, ToFind](const CFGBlock *Succ) { 1472fec1a442SValeriy Savchenko return Succ && getState(Succ).getKindFor(ParameterIndex) == ToFind; 1473fec1a442SValeriy Savchenko }); 1474fec1a442SValeriy Savchenko } 1475fec1a442SValeriy Savchenko 1476fec1a442SValeriy Savchenko /// Check given expression that was discovered to escape. 1477fec1a442SValeriy Savchenko void checkEscapee(const Expr *E) { 1478fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) { 1479fec1a442SValeriy Savchenko checkEscapee(*Parameter); 1480fec1a442SValeriy Savchenko } 1481fec1a442SValeriy Savchenko } 1482fec1a442SValeriy Savchenko 1483fec1a442SValeriy Savchenko /// Check given parameter that was discovered to escape. 1484fec1a442SValeriy Savchenko void checkEscapee(const ParmVarDecl &Parameter) { 1485fec1a442SValeriy Savchenko if (auto Index = getIndex(Parameter)) { 1486c86dacd1SValeriy Savchenko processEscapeFor(*Index); 1487fec1a442SValeriy Savchenko } 1488fec1a442SValeriy Savchenko } 1489fec1a442SValeriy Savchenko 1490fec1a442SValeriy Savchenko /// Mark all parameters in the current state as 'no-return'. 1491fec1a442SValeriy Savchenko void markNoReturn() { 1492fec1a442SValeriy Savchenko for (ParameterStatus &PS : CurrentState) { 1493fec1a442SValeriy Savchenko PS = ParameterStatus::NoReturn; 1494fec1a442SValeriy Savchenko } 1495fec1a442SValeriy Savchenko } 1496fec1a442SValeriy Savchenko 1497fec1a442SValeriy Savchenko /// Check if the given assignment represents suppression and act on it. 1498fec1a442SValeriy Savchenko void checkSuppression(const BinaryOperator *Assignment) { 1499fec1a442SValeriy Savchenko // Suppression has the following form: 1500fec1a442SValeriy Savchenko // parameter = 0; 1501fec1a442SValeriy Savchenko // 0 can be of any form (NULL, nil, etc.) 1502fec1a442SValeriy Savchenko if (auto Index = getIndexOfExpression(Assignment->getLHS())) { 1503fec1a442SValeriy Savchenko 1504fec1a442SValeriy Savchenko // We don't care what is written in the RHS, it could be whatever 1505fec1a442SValeriy Savchenko // we can interpret as 0. 1506fec1a442SValeriy Savchenko if (auto Constant = 1507fec1a442SValeriy Savchenko Assignment->getRHS()->IgnoreParenCasts()->getIntegerConstantExpr( 1508fec1a442SValeriy Savchenko AC.getASTContext())) { 1509fec1a442SValeriy Savchenko 1510fec1a442SValeriy Savchenko ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index); 1511fec1a442SValeriy Savchenko 1512fec1a442SValeriy Savchenko if (0 == *Constant && CurrentParamStatus.seenAnyCalls()) { 1513fec1a442SValeriy Savchenko // Even though this suppression mechanism is introduced to tackle 1514fec1a442SValeriy Savchenko // false positives for multiple calls, the fact that the user has 1515fec1a442SValeriy Savchenko // to use suppression can also tell us that we couldn't figure out 1516fec1a442SValeriy Savchenko // how different paths cancel each other out. And if that is true, 1517fec1a442SValeriy Savchenko // we will most certainly have false positives about parameters not 1518fec1a442SValeriy Savchenko // being called on certain paths. 1519fec1a442SValeriy Savchenko // 1520fec1a442SValeriy Savchenko // For this reason, we abandon tracking this parameter altogether. 1521fec1a442SValeriy Savchenko CurrentParamStatus = ParameterStatus::Reported; 1522fec1a442SValeriy Savchenko } 1523fec1a442SValeriy Savchenko } 1524fec1a442SValeriy Savchenko } 1525fec1a442SValeriy Savchenko } 1526fec1a442SValeriy Savchenko 1527fec1a442SValeriy Savchenko public: 1528fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 1529fec1a442SValeriy Savchenko // Tree traversal methods 1530fec1a442SValeriy Savchenko //===----------------------------------------------------------------------===// 1531fec1a442SValeriy Savchenko 1532fec1a442SValeriy Savchenko void VisitCallExpr(const CallExpr *Call) { 1533fec1a442SValeriy Savchenko // This call might be a direct call, i.e. a parameter call... 1534fec1a442SValeriy Savchenko checkDirectCall(Call); 1535fec1a442SValeriy Savchenko // ... or an indirect call, i.e. when parameter is an argument. 1536fec1a442SValeriy Savchenko checkIndirectCall(Call); 1537fec1a442SValeriy Savchenko } 1538fec1a442SValeriy Savchenko 1539fec1a442SValeriy Savchenko void VisitObjCMessageExpr(const ObjCMessageExpr *Message) { 1540fec1a442SValeriy Savchenko // The most common situation that we are defending against here is 1541fec1a442SValeriy Savchenko // copying a tracked parameter. 1542fec1a442SValeriy Savchenko if (const Expr *Receiver = Message->getInstanceReceiver()) { 1543fec1a442SValeriy Savchenko checkEscapee(Receiver); 1544fec1a442SValeriy Savchenko } 1545fec1a442SValeriy Savchenko // Message expressions unlike calls, could not be direct. 1546fec1a442SValeriy Savchenko checkIndirectCall(Message); 1547fec1a442SValeriy Savchenko } 1548fec1a442SValeriy Savchenko 1549fec1a442SValeriy Savchenko void VisitBlockExpr(const BlockExpr *Block) { 1550f1a7d5a7SValeriy Savchenko // Block expressions are tricky. It is a very common practice to capture 1551f1a7d5a7SValeriy Savchenko // completion handlers by blocks and use them there. 1552f1a7d5a7SValeriy Savchenko // For this reason, it is important to analyze blocks and report warnings 1553f1a7d5a7SValeriy Savchenko // for completion handler misuse in blocks. 1554fec1a442SValeriy Savchenko // 1555f1a7d5a7SValeriy Savchenko // However, it can be quite difficult to track how the block itself is being 1556f1a7d5a7SValeriy Savchenko // used. The full precise anlysis of that will be similar to alias analysis 1557f1a7d5a7SValeriy Savchenko // for completion handlers and can be too heavyweight for a compile-time 1558f1a7d5a7SValeriy Savchenko // diagnostic. Instead, we judge about the immediate use of the block. 1559f1a7d5a7SValeriy Savchenko // 1560f1a7d5a7SValeriy Savchenko // Here, we try to find a call expression where we know due to conventions, 1561f1a7d5a7SValeriy Savchenko // annotations, or other reasons that the block is called once and only 1562f1a7d5a7SValeriy Savchenko // once. 1563f1a7d5a7SValeriy Savchenko const Expr *CalledOnceCallSite = getBlockGuaraneedCallSite(Block); 1564f1a7d5a7SValeriy Savchenko 1565f1a7d5a7SValeriy Savchenko // We need to report this information to the handler because in the 1566f1a7d5a7SValeriy Savchenko // situation when we know that the block is called exactly once, we can be 1567f1a7d5a7SValeriy Savchenko // stricter in terms of reported diagnostics. 1568f1a7d5a7SValeriy Savchenko if (CalledOnceCallSite) { 1569f1a7d5a7SValeriy Savchenko Handler.handleBlockThatIsGuaranteedToBeCalledOnce(Block->getBlockDecl()); 1570f1a7d5a7SValeriy Savchenko } else { 1571f1a7d5a7SValeriy Savchenko Handler.handleBlockWithNoGuarantees(Block->getBlockDecl()); 1572f1a7d5a7SValeriy Savchenko } 1573f1a7d5a7SValeriy Savchenko 1574f1a7d5a7SValeriy Savchenko for (const auto &Capture : Block->getBlockDecl()->captures()) { 1575fec1a442SValeriy Savchenko if (const auto *Param = dyn_cast<ParmVarDecl>(Capture.getVariable())) { 1576f1a7d5a7SValeriy Savchenko if (auto Index = getIndex(*Param)) { 1577f1a7d5a7SValeriy Savchenko if (CalledOnceCallSite) { 1578f1a7d5a7SValeriy Savchenko // The call site of a block can be considered a call site of the 1579f1a7d5a7SValeriy Savchenko // captured parameter we track. 1580f1a7d5a7SValeriy Savchenko processCallFor(*Index, CalledOnceCallSite); 1581f1a7d5a7SValeriy Savchenko } else { 1582f1a7d5a7SValeriy Savchenko // We still should consider this block as an escape for parameter, 1583f1a7d5a7SValeriy Savchenko // if we don't know about its call site or the number of time it 1584f1a7d5a7SValeriy Savchenko // can be invoked. 1585f1a7d5a7SValeriy Savchenko processEscapeFor(*Index); 1586f1a7d5a7SValeriy Savchenko } 1587f1a7d5a7SValeriy Savchenko } 1588fec1a442SValeriy Savchenko } 1589fec1a442SValeriy Savchenko } 1590fec1a442SValeriy Savchenko } 1591fec1a442SValeriy Savchenko 1592fec1a442SValeriy Savchenko void VisitBinaryOperator(const BinaryOperator *Op) { 1593fec1a442SValeriy Savchenko if (Op->getOpcode() == clang::BO_Assign) { 1594fec1a442SValeriy Savchenko // Let's check if one of the tracked parameters is assigned into 1595fec1a442SValeriy Savchenko // something, and if it is we don't want to track extra variables, so we 1596fec1a442SValeriy Savchenko // consider it as an escapee. 1597fec1a442SValeriy Savchenko checkEscapee(Op->getRHS()); 1598fec1a442SValeriy Savchenko 1599fec1a442SValeriy Savchenko // Let's check whether this assignment is a suppression. 1600fec1a442SValeriy Savchenko checkSuppression(Op); 1601fec1a442SValeriy Savchenko } 1602fec1a442SValeriy Savchenko } 1603fec1a442SValeriy Savchenko 1604fec1a442SValeriy Savchenko void VisitDeclStmt(const DeclStmt *DS) { 1605fec1a442SValeriy Savchenko // Variable initialization is not assignment and should be handled 1606fec1a442SValeriy Savchenko // separately. 1607fec1a442SValeriy Savchenko // 1608fec1a442SValeriy Savchenko // Multiple declarations can be a part of declaration statement. 1609fec1a442SValeriy Savchenko for (const auto *Declaration : DS->getDeclGroup()) { 1610fec1a442SValeriy Savchenko if (const auto *Var = dyn_cast<VarDecl>(Declaration)) { 1611fec1a442SValeriy Savchenko if (Var->getInit()) { 1612fec1a442SValeriy Savchenko checkEscapee(Var->getInit()); 1613fec1a442SValeriy Savchenko } 16144a7afc9aSValeriy Savchenko 16154a7afc9aSValeriy Savchenko if (Var->hasAttr<CleanupAttr>()) { 16164a7afc9aSValeriy Savchenko FunctionHasCleanupVars = true; 16174a7afc9aSValeriy Savchenko } 1618fec1a442SValeriy Savchenko } 1619fec1a442SValeriy Savchenko } 1620fec1a442SValeriy Savchenko } 1621fec1a442SValeriy Savchenko 1622fec1a442SValeriy Savchenko void VisitCStyleCastExpr(const CStyleCastExpr *Cast) { 1623fec1a442SValeriy Savchenko // We consider '(void)parameter' as a manual no-op escape. 1624fec1a442SValeriy Savchenko // It should be used to explicitly tell the analysis that this parameter 1625fec1a442SValeriy Savchenko // is intentionally not called on this path. 1626fec1a442SValeriy Savchenko if (Cast->getType().getCanonicalType()->isVoidType()) { 1627fec1a442SValeriy Savchenko checkEscapee(Cast->getSubExpr()); 1628fec1a442SValeriy Savchenko } 1629fec1a442SValeriy Savchenko } 1630fec1a442SValeriy Savchenko 1631fec1a442SValeriy Savchenko void VisitObjCAtThrowStmt(const ObjCAtThrowStmt *) { 1632fec1a442SValeriy Savchenko // It is OK not to call marked parameters on exceptional paths. 1633fec1a442SValeriy Savchenko markNoReturn(); 1634fec1a442SValeriy Savchenko } 1635fec1a442SValeriy Savchenko 1636fec1a442SValeriy Savchenko private: 1637fec1a442SValeriy Savchenko unsigned size() const { return TrackedParams.size(); } 1638fec1a442SValeriy Savchenko 16396ad0788cSKazu Hirata std::optional<unsigned> getIndexOfCallee(const CallExpr *Call) const { 1640fec1a442SValeriy Savchenko return getIndexOfExpression(Call->getCallee()); 1641fec1a442SValeriy Savchenko } 1642fec1a442SValeriy Savchenko 16436ad0788cSKazu Hirata std::optional<unsigned> getIndexOfExpression(const Expr *E) const { 1644fec1a442SValeriy Savchenko if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) { 1645fec1a442SValeriy Savchenko return getIndex(*Parameter); 1646fec1a442SValeriy Savchenko } 1647fec1a442SValeriy Savchenko 164834e0d057SKazu Hirata return std::nullopt; 1649fec1a442SValeriy Savchenko } 1650fec1a442SValeriy Savchenko 16516ad0788cSKazu Hirata std::optional<unsigned> getIndex(const ParmVarDecl &Parameter) const { 1652fec1a442SValeriy Savchenko // Expected number of parameters that we actually track is 1. 1653fec1a442SValeriy Savchenko // 1654fec1a442SValeriy Savchenko // Also, the maximum number of declared parameters could not be on a scale 1655fec1a442SValeriy Savchenko // of hundreds of thousands. 1656fec1a442SValeriy Savchenko // 1657fec1a442SValeriy Savchenko // In this setting, linear search seems reasonable and even performs better 1658fec1a442SValeriy Savchenko // than bisection. 1659fec1a442SValeriy Savchenko ParamSizedVector<const ParmVarDecl *>::const_iterator It = 1660fec1a442SValeriy Savchenko llvm::find(TrackedParams, &Parameter); 1661fec1a442SValeriy Savchenko 1662fec1a442SValeriy Savchenko if (It != TrackedParams.end()) { 1663fec1a442SValeriy Savchenko return It - TrackedParams.begin(); 1664fec1a442SValeriy Savchenko } 1665fec1a442SValeriy Savchenko 166634e0d057SKazu Hirata return std::nullopt; 1667fec1a442SValeriy Savchenko } 1668fec1a442SValeriy Savchenko 1669fec1a442SValeriy Savchenko const ParmVarDecl *getParameter(unsigned Index) const { 1670fec1a442SValeriy Savchenko assert(Index < TrackedParams.size()); 1671fec1a442SValeriy Savchenko return TrackedParams[Index]; 1672fec1a442SValeriy Savchenko } 1673fec1a442SValeriy Savchenko 1674fec1a442SValeriy Savchenko const CFG &FunctionCFG; 1675fec1a442SValeriy Savchenko AnalysisDeclContext &AC; 1676fec1a442SValeriy Savchenko CalledOnceCheckHandler &Handler; 1677fec1a442SValeriy Savchenko bool CheckConventionalParameters; 1678fec1a442SValeriy Savchenko // As of now, we turn this behavior off. So, we still are going to report 1679fec1a442SValeriy Savchenko // missing calls on paths that look like it was intentional. 1680fec1a442SValeriy Savchenko // Technically such reports are true positives, but they can make some users 1681fec1a442SValeriy Savchenko // grumpy because of the sheer number of warnings. 1682fec1a442SValeriy Savchenko // It can be turned back on if we decide that we want to have the other way 1683fec1a442SValeriy Savchenko // around. 1684fec1a442SValeriy Savchenko bool SuppressOnConventionalErrorPaths = false; 1685fec1a442SValeriy Savchenko 16864a7afc9aSValeriy Savchenko // The user can annotate variable declarations with cleanup functions, which 16874a7afc9aSValeriy Savchenko // essentially imposes a custom destructor logic on that variable. 16884a7afc9aSValeriy Savchenko // It is possible to use it, however, to call tracked parameters on all exits 16894a7afc9aSValeriy Savchenko // from the function. For this reason, we track the fact that the function 16904a7afc9aSValeriy Savchenko // actually has these. 16914a7afc9aSValeriy Savchenko bool FunctionHasCleanupVars = false; 16924a7afc9aSValeriy Savchenko 1693fec1a442SValeriy Savchenko State CurrentState; 1694fec1a442SValeriy Savchenko ParamSizedVector<const ParmVarDecl *> TrackedParams; 1695fec1a442SValeriy Savchenko CFGSizedVector<State> States; 1696fec1a442SValeriy Savchenko }; 1697fec1a442SValeriy Savchenko 1698fec1a442SValeriy Savchenko } // end anonymous namespace 1699fec1a442SValeriy Savchenko 1700fec1a442SValeriy Savchenko namespace clang { 1701fec1a442SValeriy Savchenko void checkCalledOnceParameters(AnalysisDeclContext &AC, 1702fec1a442SValeriy Savchenko CalledOnceCheckHandler &Handler, 1703fec1a442SValeriy Savchenko bool CheckConventionalParameters) { 1704fec1a442SValeriy Savchenko CalledOnceChecker::check(AC, Handler, CheckConventionalParameters); 1705fec1a442SValeriy Savchenko } 1706fec1a442SValeriy Savchenko } // end namespace clang 1707