1 //===--- AnalysisConsumer.cpp - ASTConsumer for running Analyses ----------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // "Meta" ASTConsumer for running different source analyses. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "clang/StaticAnalyzer/Frontend/AnalysisConsumer.h" 14 #include "ModelInjector.h" 15 #include "clang/AST/Decl.h" 16 #include "clang/AST/DeclCXX.h" 17 #include "clang/AST/DeclObjC.h" 18 #include "clang/AST/RecursiveASTVisitor.h" 19 #include "clang/Analysis/Analyses/LiveVariables.h" 20 #include "clang/Analysis/CFG.h" 21 #include "clang/Analysis/CallGraph.h" 22 #include "clang/Analysis/CodeInjector.h" 23 #include "clang/Analysis/MacroExpansionContext.h" 24 #include "clang/Analysis/PathDiagnostic.h" 25 #include "clang/Basic/SourceManager.h" 26 #include "clang/CrossTU/CrossTranslationUnit.h" 27 #include "clang/Frontend/CompilerInstance.h" 28 #include "clang/Lex/Preprocessor.h" 29 #include "clang/Rewrite/Core/Rewriter.h" 30 #include "clang/StaticAnalyzer/Checkers/LocalCheckers.h" 31 #include "clang/StaticAnalyzer/Core/AnalyzerOptions.h" 32 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 33 #include "clang/StaticAnalyzer/Core/CheckerManager.h" 34 #include "clang/StaticAnalyzer/Core/PathDiagnosticConsumers.h" 35 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 36 #include "clang/StaticAnalyzer/Core/PathSensitive/ExprEngine.h" 37 #include "llvm/ADT/PostOrderIterator.h" 38 #include "llvm/ADT/Statistic.h" 39 #include "llvm/Support/FileSystem.h" 40 #include "llvm/Support/Path.h" 41 #include "llvm/Support/Program.h" 42 #include "llvm/Support/Timer.h" 43 #include "llvm/Support/raw_ostream.h" 44 #include <memory> 45 #include <queue> 46 #include <utility> 47 48 using namespace clang; 49 using namespace ento; 50 51 #define DEBUG_TYPE "AnalysisConsumer" 52 53 STATISTIC(NumFunctionTopLevel, "The # of functions at top level."); 54 STATISTIC(NumFunctionsAnalyzed, 55 "The # of functions and blocks analyzed (as top level " 56 "with inlining turned on)."); 57 STATISTIC(NumBlocksInAnalyzedFunctions, 58 "The # of basic blocks in the analyzed functions."); 59 STATISTIC(NumVisitedBlocksInAnalyzedFunctions, 60 "The # of visited basic blocks in the analyzed functions."); 61 STATISTIC(PercentReachableBlocks, "The % of reachable basic blocks."); 62 STATISTIC(MaxCFGSize, "The maximum number of basic blocks in a function."); 63 64 //===----------------------------------------------------------------------===// 65 // AnalysisConsumer declaration. 66 //===----------------------------------------------------------------------===// 67 68 namespace { 69 70 class AnalysisConsumer : public AnalysisASTConsumer, 71 public RecursiveASTVisitor<AnalysisConsumer> { 72 enum { 73 AM_None = 0, 74 AM_Syntax = 0x1, 75 AM_Path = 0x2 76 }; 77 typedef unsigned AnalysisMode; 78 79 /// Mode of the analyzes while recursively visiting Decls. 80 AnalysisMode RecVisitorMode; 81 /// Bug Reporter to use while recursively visiting Decls. 82 BugReporter *RecVisitorBR; 83 84 std::vector<std::function<void(CheckerRegistry &)>> CheckerRegistrationFns; 85 86 public: 87 ASTContext *Ctx; 88 Preprocessor &PP; 89 const std::string OutDir; 90 AnalyzerOptionsRef Opts; 91 ArrayRef<std::string> Plugins; 92 CodeInjector *Injector; 93 cross_tu::CrossTranslationUnitContext CTU; 94 95 /// Stores the declarations from the local translation unit. 96 /// Note, we pre-compute the local declarations at parse time as an 97 /// optimization to make sure we do not deserialize everything from disk. 98 /// The local declaration to all declarations ratio might be very small when 99 /// working with a PCH file. 100 SetOfDecls LocalTUDecls; 101 102 MacroExpansionContext MacroExpansions; 103 104 // Set of PathDiagnosticConsumers. Owned by AnalysisManager. 105 PathDiagnosticConsumers PathConsumers; 106 107 StoreManagerCreator CreateStoreMgr; 108 ConstraintManagerCreator CreateConstraintMgr; 109 110 std::unique_ptr<CheckerManager> checkerMgr; 111 std::unique_ptr<AnalysisManager> Mgr; 112 113 /// Time the analyzes time of each translation unit. 114 std::unique_ptr<llvm::TimerGroup> AnalyzerTimers; 115 std::unique_ptr<llvm::Timer> SyntaxCheckTimer; 116 std::unique_ptr<llvm::Timer> ExprEngineTimer; 117 std::unique_ptr<llvm::Timer> BugReporterTimer; 118 119 /// The information about analyzed functions shared throughout the 120 /// translation unit. 121 FunctionSummariesTy FunctionSummaries; 122 123 AnalysisConsumer(CompilerInstance &CI, const std::string &outdir, 124 AnalyzerOptionsRef opts, ArrayRef<std::string> plugins, 125 CodeInjector *injector) 126 : RecVisitorMode(0), RecVisitorBR(nullptr), Ctx(nullptr), 127 PP(CI.getPreprocessor()), OutDir(outdir), Opts(std::move(opts)), 128 Plugins(plugins), Injector(injector), CTU(CI), 129 MacroExpansions(CI.getLangOpts()) { 130 DigestAnalyzerOptions(); 131 if (Opts->PrintStats || Opts->ShouldSerializeStats) { 132 AnalyzerTimers = std::make_unique<llvm::TimerGroup>( 133 "analyzer", "Analyzer timers"); 134 SyntaxCheckTimer = std::make_unique<llvm::Timer>( 135 "syntaxchecks", "Syntax-based analysis time", *AnalyzerTimers); 136 ExprEngineTimer = std::make_unique<llvm::Timer>( 137 "exprengine", "Path exploration time", *AnalyzerTimers); 138 BugReporterTimer = std::make_unique<llvm::Timer>( 139 "bugreporter", "Path-sensitive report post-processing time", 140 *AnalyzerTimers); 141 llvm::EnableStatistics(/* PrintOnExit= */ false); 142 } 143 144 if (Opts->ShouldDisplayMacroExpansions) 145 MacroExpansions.registerForPreprocessor(PP); 146 } 147 148 ~AnalysisConsumer() override { 149 if (Opts->PrintStats) { 150 llvm::PrintStatistics(); 151 } 152 } 153 154 void DigestAnalyzerOptions() { 155 switch (Opts->AnalysisDiagOpt) { 156 case PD_NONE: 157 break; 158 #define ANALYSIS_DIAGNOSTICS(NAME, CMDFLAG, DESC, CREATEFN) \ 159 case PD_##NAME: \ 160 CREATEFN(Opts->getDiagOpts(), PathConsumers, OutDir, PP, CTU, \ 161 MacroExpansions); \ 162 break; 163 #include "clang/StaticAnalyzer/Core/Analyses.def" 164 default: 165 llvm_unreachable("Unknown analyzer output type!"); 166 } 167 168 // Create the analyzer component creators. 169 switch (Opts->AnalysisStoreOpt) { 170 default: 171 llvm_unreachable("Unknown store manager."); 172 #define ANALYSIS_STORE(NAME, CMDFLAG, DESC, CREATEFN) \ 173 case NAME##Model: CreateStoreMgr = CREATEFN; break; 174 #include "clang/StaticAnalyzer/Core/Analyses.def" 175 } 176 177 switch (Opts->AnalysisConstraintsOpt) { 178 default: 179 llvm_unreachable("Unknown constraint manager."); 180 #define ANALYSIS_CONSTRAINTS(NAME, CMDFLAG, DESC, CREATEFN) \ 181 case NAME##Model: CreateConstraintMgr = CREATEFN; break; 182 #include "clang/StaticAnalyzer/Core/Analyses.def" 183 } 184 } 185 186 void DisplayFunction(const Decl *D, AnalysisMode Mode, 187 ExprEngine::InliningModes IMode) { 188 if (!Opts->AnalyzerDisplayProgress) 189 return; 190 191 SourceManager &SM = Mgr->getASTContext().getSourceManager(); 192 PresumedLoc Loc = SM.getPresumedLoc(D->getLocation()); 193 if (Loc.isValid()) { 194 llvm::errs() << "ANALYZE"; 195 196 if (Mode == AM_Syntax) 197 llvm::errs() << " (Syntax)"; 198 else if (Mode == AM_Path) { 199 llvm::errs() << " (Path, "; 200 switch (IMode) { 201 case ExprEngine::Inline_Minimal: 202 llvm::errs() << " Inline_Minimal"; 203 break; 204 case ExprEngine::Inline_Regular: 205 llvm::errs() << " Inline_Regular"; 206 break; 207 } 208 llvm::errs() << ")"; 209 } else 210 assert(Mode == (AM_Syntax | AM_Path) && "Unexpected mode!"); 211 212 llvm::errs() << ": " << Loc.getFilename() << ' ' << getFunctionName(D) 213 << '\n'; 214 } 215 } 216 217 void Initialize(ASTContext &Context) override { 218 Ctx = &Context; 219 checkerMgr = std::make_unique<CheckerManager>(*Ctx, *Opts, PP, Plugins, 220 CheckerRegistrationFns); 221 222 Mgr = std::make_unique<AnalysisManager>(*Ctx, PP, PathConsumers, 223 CreateStoreMgr, CreateConstraintMgr, 224 checkerMgr.get(), *Opts, Injector); 225 } 226 227 /// Store the top level decls in the set to be processed later on. 228 /// (Doing this pre-processing avoids deserialization of data from PCH.) 229 bool HandleTopLevelDecl(DeclGroupRef D) override; 230 void HandleTopLevelDeclInObjCContainer(DeclGroupRef D) override; 231 232 void HandleTranslationUnit(ASTContext &C) override; 233 234 /// Determine which inlining mode should be used when this function is 235 /// analyzed. This allows to redefine the default inlining policies when 236 /// analyzing a given function. 237 ExprEngine::InliningModes 238 getInliningModeForFunction(const Decl *D, const SetOfConstDecls &Visited); 239 240 /// Build the call graph for all the top level decls of this TU and 241 /// use it to define the order in which the functions should be visited. 242 void HandleDeclsCallGraph(const unsigned LocalTUDeclsSize); 243 244 /// Run analyzes(syntax or path sensitive) on the given function. 245 /// \param Mode - determines if we are requesting syntax only or path 246 /// sensitive only analysis. 247 /// \param VisitedCallees - The output parameter, which is populated with the 248 /// set of functions which should be considered analyzed after analyzing the 249 /// given root function. 250 void HandleCode(Decl *D, AnalysisMode Mode, 251 ExprEngine::InliningModes IMode = ExprEngine::Inline_Minimal, 252 SetOfConstDecls *VisitedCallees = nullptr); 253 254 void RunPathSensitiveChecks(Decl *D, 255 ExprEngine::InliningModes IMode, 256 SetOfConstDecls *VisitedCallees); 257 258 /// Visitors for the RecursiveASTVisitor. 259 bool shouldWalkTypesOfTypeLocs() const { return false; } 260 261 /// Handle callbacks for arbitrary Decls. 262 bool VisitDecl(Decl *D) { 263 AnalysisMode Mode = getModeForDecl(D, RecVisitorMode); 264 if (Mode & AM_Syntax) { 265 if (SyntaxCheckTimer) 266 SyntaxCheckTimer->startTimer(); 267 checkerMgr->runCheckersOnASTDecl(D, *Mgr, *RecVisitorBR); 268 if (SyntaxCheckTimer) 269 SyntaxCheckTimer->stopTimer(); 270 } 271 return true; 272 } 273 274 bool VisitVarDecl(VarDecl *VD) { 275 if (!Opts->IsNaiveCTUEnabled) 276 return true; 277 278 if (VD->hasExternalStorage() || VD->isStaticDataMember()) { 279 if (!cross_tu::containsConst(VD, *Ctx)) 280 return true; 281 } else { 282 // Cannot be initialized in another TU. 283 return true; 284 } 285 286 if (VD->getAnyInitializer()) 287 return true; 288 289 llvm::Expected<const VarDecl *> CTUDeclOrError = 290 CTU.getCrossTUDefinition(VD, Opts->CTUDir, Opts->CTUIndexName, 291 Opts->DisplayCTUProgress); 292 293 if (!CTUDeclOrError) { 294 handleAllErrors(CTUDeclOrError.takeError(), 295 [&](const cross_tu::IndexError &IE) { 296 CTU.emitCrossTUDiagnostics(IE); 297 }); 298 } 299 300 return true; 301 } 302 303 bool VisitFunctionDecl(FunctionDecl *FD) { 304 IdentifierInfo *II = FD->getIdentifier(); 305 if (II && II->getName().startswith("__inline")) 306 return true; 307 308 // We skip function template definitions, as their semantics is 309 // only determined when they are instantiated. 310 if (FD->isThisDeclarationADefinition() && 311 !FD->isDependentContext()) { 312 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 313 HandleCode(FD, RecVisitorMode); 314 } 315 return true; 316 } 317 318 bool VisitObjCMethodDecl(ObjCMethodDecl *MD) { 319 if (MD->isThisDeclarationADefinition()) { 320 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 321 HandleCode(MD, RecVisitorMode); 322 } 323 return true; 324 } 325 326 bool VisitBlockDecl(BlockDecl *BD) { 327 if (BD->hasBody()) { 328 assert(RecVisitorMode == AM_Syntax || Mgr->shouldInlineCall() == false); 329 // Since we skip function template definitions, we should skip blocks 330 // declared in those functions as well. 331 if (!BD->isDependentContext()) { 332 HandleCode(BD, RecVisitorMode); 333 } 334 } 335 return true; 336 } 337 338 void AddDiagnosticConsumer(PathDiagnosticConsumer *Consumer) override { 339 PathConsumers.push_back(Consumer); 340 } 341 342 void AddCheckerRegistrationFn(std::function<void(CheckerRegistry&)> Fn) override { 343 CheckerRegistrationFns.push_back(std::move(Fn)); 344 } 345 346 private: 347 void storeTopLevelDecls(DeclGroupRef DG); 348 std::string getFunctionName(const Decl *D); 349 350 /// Check if we should skip (not analyze) the given function. 351 AnalysisMode getModeForDecl(Decl *D, AnalysisMode Mode); 352 void runAnalysisOnTranslationUnit(ASTContext &C); 353 354 /// Print \p S to stderr if \c Opts->AnalyzerDisplayProgress is set. 355 void reportAnalyzerProgress(StringRef S); 356 }; // namespace 357 } // end anonymous namespace 358 359 360 //===----------------------------------------------------------------------===// 361 // AnalysisConsumer implementation. 362 //===----------------------------------------------------------------------===// 363 bool AnalysisConsumer::HandleTopLevelDecl(DeclGroupRef DG) { 364 storeTopLevelDecls(DG); 365 return true; 366 } 367 368 void AnalysisConsumer::HandleTopLevelDeclInObjCContainer(DeclGroupRef DG) { 369 storeTopLevelDecls(DG); 370 } 371 372 void AnalysisConsumer::storeTopLevelDecls(DeclGroupRef DG) { 373 for (DeclGroupRef::iterator I = DG.begin(), E = DG.end(); I != E; ++I) { 374 375 // Skip ObjCMethodDecl, wait for the objc container to avoid 376 // analyzing twice. 377 if (isa<ObjCMethodDecl>(*I)) 378 continue; 379 380 LocalTUDecls.push_back(*I); 381 } 382 } 383 384 static bool shouldSkipFunction(const Decl *D, 385 const SetOfConstDecls &Visited, 386 const SetOfConstDecls &VisitedAsTopLevel) { 387 if (VisitedAsTopLevel.count(D)) 388 return true; 389 390 // Skip analysis of inheriting constructors as top-level functions. These 391 // constructors don't even have a body written down in the code, so even if 392 // we find a bug, we won't be able to display it. 393 if (const auto *CD = dyn_cast<CXXConstructorDecl>(D)) 394 if (CD->isInheritingConstructor()) 395 return true; 396 397 // We want to re-analyse the functions as top level in the following cases: 398 // - The 'init' methods should be reanalyzed because 399 // ObjCNonNilReturnValueChecker assumes that '[super init]' never returns 400 // 'nil' and unless we analyze the 'init' functions as top level, we will 401 // not catch errors within defensive code. 402 // - We want to reanalyze all ObjC methods as top level to report Retain 403 // Count naming convention errors more aggressively. 404 if (isa<ObjCMethodDecl>(D)) 405 return false; 406 // We also want to reanalyze all C++ copy and move assignment operators to 407 // separately check the two cases where 'this' aliases with the parameter and 408 // where it may not. (cplusplus.SelfAssignmentChecker) 409 if (const auto *MD = dyn_cast<CXXMethodDecl>(D)) { 410 if (MD->isCopyAssignmentOperator() || MD->isMoveAssignmentOperator()) 411 return false; 412 } 413 414 // Otherwise, if we visited the function before, do not reanalyze it. 415 return Visited.count(D); 416 } 417 418 ExprEngine::InliningModes 419 AnalysisConsumer::getInliningModeForFunction(const Decl *D, 420 const SetOfConstDecls &Visited) { 421 // We want to reanalyze all ObjC methods as top level to report Retain 422 // Count naming convention errors more aggressively. But we should tune down 423 // inlining when reanalyzing an already inlined function. 424 if (Visited.count(D) && isa<ObjCMethodDecl>(D)) { 425 const ObjCMethodDecl *ObjCM = cast<ObjCMethodDecl>(D); 426 if (ObjCM->getMethodFamily() != OMF_init) 427 return ExprEngine::Inline_Minimal; 428 } 429 430 return ExprEngine::Inline_Regular; 431 } 432 433 void AnalysisConsumer::HandleDeclsCallGraph(const unsigned LocalTUDeclsSize) { 434 // Build the Call Graph by adding all the top level declarations to the graph. 435 // Note: CallGraph can trigger deserialization of more items from a pch 436 // (though HandleInterestingDecl); triggering additions to LocalTUDecls. 437 // We rely on random access to add the initially processed Decls to CG. 438 CallGraph CG; 439 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 440 CG.addToCallGraph(LocalTUDecls[i]); 441 } 442 443 // Walk over all of the call graph nodes in topological order, so that we 444 // analyze parents before the children. Skip the functions inlined into 445 // the previously processed functions. Use external Visited set to identify 446 // inlined functions. The topological order allows the "do not reanalyze 447 // previously inlined function" performance heuristic to be triggered more 448 // often. 449 SetOfConstDecls Visited; 450 SetOfConstDecls VisitedAsTopLevel; 451 llvm::ReversePostOrderTraversal<clang::CallGraph*> RPOT(&CG); 452 for (llvm::ReversePostOrderTraversal<clang::CallGraph*>::rpo_iterator 453 I = RPOT.begin(), E = RPOT.end(); I != E; ++I) { 454 NumFunctionTopLevel++; 455 456 CallGraphNode *N = *I; 457 Decl *D = N->getDecl(); 458 459 // Skip the abstract root node. 460 if (!D) 461 continue; 462 463 // Skip the functions which have been processed already or previously 464 // inlined. 465 if (shouldSkipFunction(D, Visited, VisitedAsTopLevel)) 466 continue; 467 468 // Analyze the function. 469 SetOfConstDecls VisitedCallees; 470 471 HandleCode(D, AM_Path, getInliningModeForFunction(D, Visited), 472 (Mgr->options.InliningMode == All ? nullptr : &VisitedCallees)); 473 474 // Add the visited callees to the global visited set. 475 for (const Decl *Callee : VisitedCallees) 476 // Decls from CallGraph are already canonical. But Decls coming from 477 // CallExprs may be not. We should canonicalize them manually. 478 Visited.insert(isa<ObjCMethodDecl>(Callee) ? Callee 479 : Callee->getCanonicalDecl()); 480 VisitedAsTopLevel.insert(D); 481 } 482 } 483 484 static bool isBisonFile(ASTContext &C) { 485 const SourceManager &SM = C.getSourceManager(); 486 FileID FID = SM.getMainFileID(); 487 StringRef Buffer = SM.getBufferOrFake(FID).getBuffer(); 488 if (Buffer.startswith("/* A Bison parser, made by")) 489 return true; 490 return false; 491 } 492 493 void AnalysisConsumer::runAnalysisOnTranslationUnit(ASTContext &C) { 494 BugReporter BR(*Mgr); 495 TranslationUnitDecl *TU = C.getTranslationUnitDecl(); 496 if (SyntaxCheckTimer) 497 SyntaxCheckTimer->startTimer(); 498 checkerMgr->runCheckersOnASTDecl(TU, *Mgr, BR); 499 if (SyntaxCheckTimer) 500 SyntaxCheckTimer->stopTimer(); 501 502 // Run the AST-only checks using the order in which functions are defined. 503 // If inlining is not turned on, use the simplest function order for path 504 // sensitive analyzes as well. 505 RecVisitorMode = AM_Syntax; 506 if (!Mgr->shouldInlineCall()) 507 RecVisitorMode |= AM_Path; 508 RecVisitorBR = &BR; 509 510 // Process all the top level declarations. 511 // 512 // Note: TraverseDecl may modify LocalTUDecls, but only by appending more 513 // entries. Thus we don't use an iterator, but rely on LocalTUDecls 514 // random access. By doing so, we automatically compensate for iterators 515 // possibly being invalidated, although this is a bit slower. 516 const unsigned LocalTUDeclsSize = LocalTUDecls.size(); 517 for (unsigned i = 0 ; i < LocalTUDeclsSize ; ++i) { 518 TraverseDecl(LocalTUDecls[i]); 519 } 520 521 if (Mgr->shouldInlineCall()) 522 HandleDeclsCallGraph(LocalTUDeclsSize); 523 524 // After all decls handled, run checkers on the entire TranslationUnit. 525 checkerMgr->runCheckersOnEndOfTranslationUnit(TU, *Mgr, BR); 526 527 BR.FlushReports(); 528 RecVisitorBR = nullptr; 529 } 530 531 void AnalysisConsumer::reportAnalyzerProgress(StringRef S) { 532 if (Opts->AnalyzerDisplayProgress) 533 llvm::errs() << S; 534 } 535 536 void AnalysisConsumer::HandleTranslationUnit(ASTContext &C) { 537 538 // Don't run the actions if an error has occurred with parsing the file. 539 DiagnosticsEngine &Diags = PP.getDiagnostics(); 540 if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred()) 541 return; 542 543 if (isBisonFile(C)) { 544 reportAnalyzerProgress("Skipping bison-generated file\n"); 545 } else if (Opts->DisableAllCheckers) { 546 547 // Don't analyze if the user explicitly asked for no checks to be performed 548 // on this file. 549 reportAnalyzerProgress("All checks are disabled using a supplied option\n"); 550 } else { 551 // Otherwise, just run the analysis. 552 runAnalysisOnTranslationUnit(C); 553 } 554 555 // Count how many basic blocks we have not covered. 556 NumBlocksInAnalyzedFunctions = FunctionSummaries.getTotalNumBasicBlocks(); 557 NumVisitedBlocksInAnalyzedFunctions = 558 FunctionSummaries.getTotalNumVisitedBasicBlocks(); 559 if (NumBlocksInAnalyzedFunctions > 0) 560 PercentReachableBlocks = 561 (FunctionSummaries.getTotalNumVisitedBasicBlocks() * 100) / 562 NumBlocksInAnalyzedFunctions; 563 564 // Explicitly destroy the PathDiagnosticConsumer. This will flush its output. 565 // FIXME: This should be replaced with something that doesn't rely on 566 // side-effects in PathDiagnosticConsumer's destructor. This is required when 567 // used with option -disable-free. 568 Mgr.reset(); 569 } 570 571 std::string AnalysisConsumer::getFunctionName(const Decl *D) { 572 std::string Str; 573 llvm::raw_string_ostream OS(Str); 574 575 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) { 576 OS << FD->getQualifiedNameAsString(); 577 578 // In C++, there are overloads. 579 if (Ctx->getLangOpts().CPlusPlus) { 580 OS << '('; 581 for (const auto &P : FD->parameters()) { 582 if (P != *FD->param_begin()) 583 OS << ", "; 584 OS << P->getType().getAsString(); 585 } 586 OS << ')'; 587 } 588 589 } else if (isa<BlockDecl>(D)) { 590 PresumedLoc Loc = Ctx->getSourceManager().getPresumedLoc(D->getLocation()); 591 592 if (Loc.isValid()) { 593 OS << "block (line: " << Loc.getLine() << ", col: " << Loc.getColumn() 594 << ')'; 595 } 596 597 } else if (const ObjCMethodDecl *OMD = dyn_cast<ObjCMethodDecl>(D)) { 598 599 // FIXME: copy-pasted from CGDebugInfo.cpp. 600 OS << (OMD->isInstanceMethod() ? '-' : '+') << '['; 601 const DeclContext *DC = OMD->getDeclContext(); 602 if (const auto *OID = dyn_cast<ObjCImplementationDecl>(DC)) { 603 OS << OID->getName(); 604 } else if (const auto *OID = dyn_cast<ObjCInterfaceDecl>(DC)) { 605 OS << OID->getName(); 606 } else if (const auto *OC = dyn_cast<ObjCCategoryDecl>(DC)) { 607 if (OC->IsClassExtension()) { 608 OS << OC->getClassInterface()->getName(); 609 } else { 610 OS << OC->getIdentifier()->getNameStart() << '(' 611 << OC->getIdentifier()->getNameStart() << ')'; 612 } 613 } else if (const auto *OCD = dyn_cast<ObjCCategoryImplDecl>(DC)) { 614 OS << OCD->getClassInterface()->getName() << '(' 615 << OCD->getName() << ')'; 616 } 617 OS << ' ' << OMD->getSelector().getAsString() << ']'; 618 619 } 620 621 return OS.str(); 622 } 623 624 AnalysisConsumer::AnalysisMode 625 AnalysisConsumer::getModeForDecl(Decl *D, AnalysisMode Mode) { 626 if (!Opts->AnalyzeSpecificFunction.empty() && 627 getFunctionName(D) != Opts->AnalyzeSpecificFunction) 628 return AM_None; 629 630 // Unless -analyze-all is specified, treat decls differently depending on 631 // where they came from: 632 // - Main source file: run both path-sensitive and non-path-sensitive checks. 633 // - Header files: run non-path-sensitive checks only. 634 // - System headers: don't run any checks. 635 SourceManager &SM = Ctx->getSourceManager(); 636 const Stmt *Body = D->getBody(); 637 SourceLocation SL = Body ? Body->getBeginLoc() : D->getLocation(); 638 SL = SM.getExpansionLoc(SL); 639 640 if (!Opts->AnalyzeAll && !Mgr->isInCodeFile(SL)) { 641 if (SL.isInvalid() || SM.isInSystemHeader(SL)) 642 return AM_None; 643 return Mode & ~AM_Path; 644 } 645 646 return Mode; 647 } 648 649 void AnalysisConsumer::HandleCode(Decl *D, AnalysisMode Mode, 650 ExprEngine::InliningModes IMode, 651 SetOfConstDecls *VisitedCallees) { 652 if (!D->hasBody()) 653 return; 654 Mode = getModeForDecl(D, Mode); 655 if (Mode == AM_None) 656 return; 657 658 // Clear the AnalysisManager of old AnalysisDeclContexts. 659 Mgr->ClearContexts(); 660 // Ignore autosynthesized code. 661 if (Mgr->getAnalysisDeclContext(D)->isBodyAutosynthesized()) 662 return; 663 664 DisplayFunction(D, Mode, IMode); 665 CFG *DeclCFG = Mgr->getCFG(D); 666 if (DeclCFG) 667 MaxCFGSize.updateMax(DeclCFG->size()); 668 669 BugReporter BR(*Mgr); 670 671 if (Mode & AM_Syntax) { 672 if (SyntaxCheckTimer) 673 SyntaxCheckTimer->startTimer(); 674 checkerMgr->runCheckersOnASTBody(D, *Mgr, BR); 675 if (SyntaxCheckTimer) 676 SyntaxCheckTimer->stopTimer(); 677 } 678 679 BR.FlushReports(); 680 681 if ((Mode & AM_Path) && checkerMgr->hasPathSensitiveCheckers()) { 682 RunPathSensitiveChecks(D, IMode, VisitedCallees); 683 if (IMode != ExprEngine::Inline_Minimal) 684 NumFunctionsAnalyzed++; 685 } 686 } 687 688 //===----------------------------------------------------------------------===// 689 // Path-sensitive checking. 690 //===----------------------------------------------------------------------===// 691 692 void AnalysisConsumer::RunPathSensitiveChecks(Decl *D, 693 ExprEngine::InliningModes IMode, 694 SetOfConstDecls *VisitedCallees) { 695 // Construct the analysis engine. First check if the CFG is valid. 696 // FIXME: Inter-procedural analysis will need to handle invalid CFGs. 697 if (!Mgr->getCFG(D)) 698 return; 699 700 // See if the LiveVariables analysis scales. 701 if (!Mgr->getAnalysisDeclContext(D)->getAnalysis<RelaxedLiveVariables>()) 702 return; 703 704 ExprEngine Eng(CTU, *Mgr, VisitedCallees, &FunctionSummaries, IMode); 705 706 // Execute the worklist algorithm. 707 if (ExprEngineTimer) 708 ExprEngineTimer->startTimer(); 709 Eng.ExecuteWorkList(Mgr->getAnalysisDeclContextManager().getStackFrame(D), 710 Mgr->options.MaxNodesPerTopLevelFunction); 711 if (ExprEngineTimer) 712 ExprEngineTimer->stopTimer(); 713 714 if (!Mgr->options.DumpExplodedGraphTo.empty()) 715 Eng.DumpGraph(Mgr->options.TrimGraph, Mgr->options.DumpExplodedGraphTo); 716 717 // Visualize the exploded graph. 718 if (Mgr->options.visualizeExplodedGraphWithGraphViz) 719 Eng.ViewGraph(Mgr->options.TrimGraph); 720 721 // Display warnings. 722 if (BugReporterTimer) 723 BugReporterTimer->startTimer(); 724 Eng.getBugReporter().FlushReports(); 725 if (BugReporterTimer) 726 BugReporterTimer->stopTimer(); 727 } 728 729 //===----------------------------------------------------------------------===// 730 // AnalysisConsumer creation. 731 //===----------------------------------------------------------------------===// 732 733 std::unique_ptr<AnalysisASTConsumer> 734 ento::CreateAnalysisConsumer(CompilerInstance &CI) { 735 // Disable the effects of '-Werror' when using the AnalysisConsumer. 736 CI.getPreprocessor().getDiagnostics().setWarningsAsErrors(false); 737 738 AnalyzerOptionsRef analyzerOpts = CI.getAnalyzerOpts(); 739 bool hasModelPath = analyzerOpts->Config.count("model-path") > 0; 740 741 return std::make_unique<AnalysisConsumer>( 742 CI, CI.getFrontendOpts().OutputFile, analyzerOpts, 743 CI.getFrontendOpts().Plugins, 744 hasModelPath ? new ModelInjector(CI) : nullptr); 745 } 746