1a9ac8606Spatrick //===- CalledOnceCheck.cpp - Check 'called once' parameters ---------------===//
2a9ac8606Spatrick //
3a9ac8606Spatrick // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4a9ac8606Spatrick // See https://llvm.org/LICENSE.txt for license information.
5a9ac8606Spatrick // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6a9ac8606Spatrick //
7a9ac8606Spatrick //===----------------------------------------------------------------------===//
8a9ac8606Spatrick
9a9ac8606Spatrick #include "clang/Analysis/Analyses/CalledOnceCheck.h"
10a9ac8606Spatrick #include "clang/AST/ASTContext.h"
11a9ac8606Spatrick #include "clang/AST/Attr.h"
12a9ac8606Spatrick #include "clang/AST/Decl.h"
13a9ac8606Spatrick #include "clang/AST/DeclBase.h"
14a9ac8606Spatrick #include "clang/AST/Expr.h"
15a9ac8606Spatrick #include "clang/AST/ExprObjC.h"
16a9ac8606Spatrick #include "clang/AST/OperationKinds.h"
17a9ac8606Spatrick #include "clang/AST/ParentMap.h"
18a9ac8606Spatrick #include "clang/AST/RecursiveASTVisitor.h"
19a9ac8606Spatrick #include "clang/AST/Stmt.h"
20a9ac8606Spatrick #include "clang/AST/StmtObjC.h"
21a9ac8606Spatrick #include "clang/AST/StmtVisitor.h"
22a9ac8606Spatrick #include "clang/AST/Type.h"
23a9ac8606Spatrick #include "clang/Analysis/AnalysisDeclContext.h"
24a9ac8606Spatrick #include "clang/Analysis/CFG.h"
25a9ac8606Spatrick #include "clang/Analysis/FlowSensitive/DataflowWorklist.h"
26a9ac8606Spatrick #include "clang/Basic/Builtins.h"
27a9ac8606Spatrick #include "clang/Basic/IdentifierTable.h"
28a9ac8606Spatrick #include "clang/Basic/LLVM.h"
29a9ac8606Spatrick #include "llvm/ADT/BitVector.h"
30a9ac8606Spatrick #include "llvm/ADT/BitmaskEnum.h"
31a9ac8606Spatrick #include "llvm/ADT/PointerIntPair.h"
32a9ac8606Spatrick #include "llvm/ADT/STLExtras.h"
33a9ac8606Spatrick #include "llvm/ADT/Sequence.h"
34a9ac8606Spatrick #include "llvm/ADT/SmallVector.h"
35a9ac8606Spatrick #include "llvm/ADT/StringRef.h"
36a9ac8606Spatrick #include "llvm/Support/Casting.h"
37a9ac8606Spatrick #include "llvm/Support/Compiler.h"
38a9ac8606Spatrick #include "llvm/Support/ErrorHandling.h"
39a9ac8606Spatrick #include <memory>
40*12c85518Srobert #include <optional>
41a9ac8606Spatrick
42a9ac8606Spatrick using namespace clang;
43a9ac8606Spatrick
44a9ac8606Spatrick namespace {
45a9ac8606Spatrick static constexpr unsigned EXPECTED_MAX_NUMBER_OF_PARAMS = 2;
46a9ac8606Spatrick template <class T>
47a9ac8606Spatrick using ParamSizedVector = llvm::SmallVector<T, EXPECTED_MAX_NUMBER_OF_PARAMS>;
48a9ac8606Spatrick static constexpr unsigned EXPECTED_NUMBER_OF_BASIC_BLOCKS = 8;
49a9ac8606Spatrick template <class T>
50a9ac8606Spatrick using CFGSizedVector = llvm::SmallVector<T, EXPECTED_NUMBER_OF_BASIC_BLOCKS>;
51a9ac8606Spatrick constexpr llvm::StringLiteral CONVENTIONAL_NAMES[] = {
52a9ac8606Spatrick "completionHandler", "completion", "withCompletionHandler",
53a9ac8606Spatrick "withCompletion", "completionBlock", "withCompletionBlock",
54a9ac8606Spatrick "replyTo", "reply", "withReplyTo"};
55a9ac8606Spatrick constexpr llvm::StringLiteral CONVENTIONAL_SUFFIXES[] = {
56a9ac8606Spatrick "WithCompletionHandler", "WithCompletion", "WithCompletionBlock",
57a9ac8606Spatrick "WithReplyTo", "WithReply"};
58a9ac8606Spatrick constexpr llvm::StringLiteral CONVENTIONAL_CONDITIONS[] = {
59a9ac8606Spatrick "error", "cancel", "shouldCall", "done", "OK", "success"};
60a9ac8606Spatrick
61a9ac8606Spatrick struct KnownCalledOnceParameter {
62a9ac8606Spatrick llvm::StringLiteral FunctionName;
63a9ac8606Spatrick unsigned ParamIndex;
64a9ac8606Spatrick };
65a9ac8606Spatrick constexpr KnownCalledOnceParameter KNOWN_CALLED_ONCE_PARAMETERS[] = {
66a9ac8606Spatrick {llvm::StringLiteral{"dispatch_async"}, 1},
67a9ac8606Spatrick {llvm::StringLiteral{"dispatch_async_and_wait"}, 1},
68a9ac8606Spatrick {llvm::StringLiteral{"dispatch_after"}, 2},
69a9ac8606Spatrick {llvm::StringLiteral{"dispatch_sync"}, 1},
70a9ac8606Spatrick {llvm::StringLiteral{"dispatch_once"}, 1},
71a9ac8606Spatrick {llvm::StringLiteral{"dispatch_barrier_async"}, 1},
72a9ac8606Spatrick {llvm::StringLiteral{"dispatch_barrier_async_and_wait"}, 1},
73a9ac8606Spatrick {llvm::StringLiteral{"dispatch_barrier_sync"}, 1}};
74a9ac8606Spatrick
75a9ac8606Spatrick class ParameterStatus {
76a9ac8606Spatrick public:
77a9ac8606Spatrick // Status kind is basically the main part of parameter's status.
78a9ac8606Spatrick // The kind represents our knowledge (so far) about a tracked parameter
79a9ac8606Spatrick // in the context of this analysis.
80a9ac8606Spatrick //
81a9ac8606Spatrick // Since we want to report on missing and extraneous calls, we need to
82a9ac8606Spatrick // track the fact whether paramater was called or not. This automatically
83a9ac8606Spatrick // decides two kinds: `NotCalled` and `Called`.
84a9ac8606Spatrick //
85a9ac8606Spatrick // One of the erroneous situations is the case when parameter is called only
86a9ac8606Spatrick // on some of the paths. We could've considered it `NotCalled`, but we want
87a9ac8606Spatrick // to report double call warnings even if these two calls are not guaranteed
88a9ac8606Spatrick // to happen in every execution. We also don't want to have it as `Called`
89a9ac8606Spatrick // because not calling tracked parameter on all of the paths is an error
90a9ac8606Spatrick // on its own. For these reasons, we need to have a separate kind,
91a9ac8606Spatrick // `MaybeCalled`, and change `Called` to `DefinitelyCalled` to avoid
92a9ac8606Spatrick // confusion.
93a9ac8606Spatrick //
94a9ac8606Spatrick // Two violations of calling parameter more than once and not calling it on
95a9ac8606Spatrick // every path are not, however, mutually exclusive. In situations where both
96a9ac8606Spatrick // violations take place, we prefer to report ONLY double call. It's always
97a9ac8606Spatrick // harder to pinpoint a bug that has arisen when a user neglects to take the
98a9ac8606Spatrick // right action (and therefore, no action is taken), than when a user takes
99a9ac8606Spatrick // the wrong action. And, in order to remember that we already reported
100a9ac8606Spatrick // a double call, we need another kind: `Reported`.
101a9ac8606Spatrick //
102a9ac8606Spatrick // Our analysis is intra-procedural and, while in the perfect world,
103a9ac8606Spatrick // developers only use tracked parameters to call them, in the real world,
104a9ac8606Spatrick // the picture might be different. Parameters can be stored in global
105a9ac8606Spatrick // variables or leaked into other functions that we know nothing about.
106a9ac8606Spatrick // We try to be lenient and trust users. Another kind `Escaped` reflects
107a9ac8606Spatrick // such situations. We don't know if it gets called there or not, but we
108a9ac8606Spatrick // should always think of `Escaped` as the best possible option.
109a9ac8606Spatrick //
110a9ac8606Spatrick // Some of the paths in the analyzed functions might end with a call
111a9ac8606Spatrick // to noreturn functions. Such paths are not required to have parameter
112a9ac8606Spatrick // calls and we want to track that. For the purposes of better diagnostics,
113a9ac8606Spatrick // we don't want to reuse `Escaped` and, thus, have another kind `NoReturn`.
114a9ac8606Spatrick //
115a9ac8606Spatrick // Additionally, we have `NotVisited` kind that tells us nothing about
116a9ac8606Spatrick // a tracked parameter, but is used for tracking analyzed (aka visited)
117a9ac8606Spatrick // basic blocks.
118a9ac8606Spatrick //
119a9ac8606Spatrick // If we consider `|` to be a JOIN operation of two kinds coming from
120a9ac8606Spatrick // two different paths, the following properties must hold:
121a9ac8606Spatrick //
122a9ac8606Spatrick // 1. for any Kind K: K | K == K
123a9ac8606Spatrick // Joining two identical kinds should result in the same kind.
124a9ac8606Spatrick //
125a9ac8606Spatrick // 2. for any Kind K: Reported | K == Reported
126a9ac8606Spatrick // Doesn't matter on which path it was reported, it still is.
127a9ac8606Spatrick //
128a9ac8606Spatrick // 3. for any Kind K: NoReturn | K == K
129a9ac8606Spatrick // We can totally ignore noreturn paths during merges.
130a9ac8606Spatrick //
131a9ac8606Spatrick // 4. DefinitelyCalled | NotCalled == MaybeCalled
132a9ac8606Spatrick // Called on one path, not called on another - that's simply
133a9ac8606Spatrick // a definition for MaybeCalled.
134a9ac8606Spatrick //
135a9ac8606Spatrick // 5. for any Kind K in [DefinitelyCalled, NotCalled, MaybeCalled]:
136a9ac8606Spatrick // Escaped | K == K
137a9ac8606Spatrick // Escaped mirrors other statuses after joins.
138a9ac8606Spatrick // Every situation, when we join any of the listed kinds K,
139a9ac8606Spatrick // is a violation. For this reason, in order to assume the
140a9ac8606Spatrick // best outcome for this escape, we consider it to be the
141a9ac8606Spatrick // same as the other path.
142a9ac8606Spatrick //
143a9ac8606Spatrick // 6. for any Kind K in [DefinitelyCalled, NotCalled]:
144a9ac8606Spatrick // MaybeCalled | K == MaybeCalled
145a9ac8606Spatrick // MaybeCalled should basically stay after almost every join.
146a9ac8606Spatrick enum Kind {
147a9ac8606Spatrick // No-return paths should be absolutely transparent for the analysis.
148a9ac8606Spatrick // 0x0 is the identity element for selected join operation (binary or).
149a9ac8606Spatrick NoReturn = 0x0, /* 0000 */
150a9ac8606Spatrick // Escaped marks situations when marked parameter escaped into
151a9ac8606Spatrick // another function (so we can assume that it was possibly called there).
152a9ac8606Spatrick Escaped = 0x1, /* 0001 */
153a9ac8606Spatrick // Parameter was definitely called once at this point.
154a9ac8606Spatrick DefinitelyCalled = 0x3, /* 0011 */
155a9ac8606Spatrick // Kinds less or equal to NON_ERROR_STATUS are not considered errors.
156a9ac8606Spatrick NON_ERROR_STATUS = DefinitelyCalled,
157a9ac8606Spatrick // Parameter was not yet called.
158a9ac8606Spatrick NotCalled = 0x5, /* 0101 */
159a9ac8606Spatrick // Parameter was not called at least on one path leading to this point,
160a9ac8606Spatrick // while there is also at least one path that it gets called.
161a9ac8606Spatrick MaybeCalled = 0x7, /* 0111 */
162a9ac8606Spatrick // Parameter was not yet analyzed.
163a9ac8606Spatrick NotVisited = 0x8, /* 1000 */
164a9ac8606Spatrick // We already reported a violation and stopped tracking calls for this
165a9ac8606Spatrick // parameter.
166a9ac8606Spatrick Reported = 0x15, /* 1111 */
167a9ac8606Spatrick LLVM_MARK_AS_BITMASK_ENUM(/* LargestValue = */ Reported)
168a9ac8606Spatrick };
169a9ac8606Spatrick
170a9ac8606Spatrick constexpr ParameterStatus() = default;
ParameterStatus(Kind K)171a9ac8606Spatrick /* implicit */ ParameterStatus(Kind K) : StatusKind(K) {
172a9ac8606Spatrick assert(!seenAnyCalls(K) && "Can't initialize status without a call");
173a9ac8606Spatrick }
ParameterStatus(Kind K,const Expr * Call)174a9ac8606Spatrick ParameterStatus(Kind K, const Expr *Call) : StatusKind(K), Call(Call) {
175a9ac8606Spatrick assert(seenAnyCalls(K) && "This kind is not supposed to have a call");
176a9ac8606Spatrick }
177a9ac8606Spatrick
getCall() const178a9ac8606Spatrick const Expr &getCall() const {
179a9ac8606Spatrick assert(seenAnyCalls(getKind()) && "ParameterStatus doesn't have a call");
180a9ac8606Spatrick return *Call;
181a9ac8606Spatrick }
seenAnyCalls(Kind K)182a9ac8606Spatrick static bool seenAnyCalls(Kind K) {
183a9ac8606Spatrick return (K & DefinitelyCalled) == DefinitelyCalled && K != Reported;
184a9ac8606Spatrick }
seenAnyCalls() const185a9ac8606Spatrick bool seenAnyCalls() const { return seenAnyCalls(getKind()); }
186a9ac8606Spatrick
isErrorStatus(Kind K)187a9ac8606Spatrick static bool isErrorStatus(Kind K) { return K > NON_ERROR_STATUS; }
isErrorStatus() const188a9ac8606Spatrick bool isErrorStatus() const { return isErrorStatus(getKind()); }
189a9ac8606Spatrick
getKind() const190a9ac8606Spatrick Kind getKind() const { return StatusKind; }
191a9ac8606Spatrick
join(const ParameterStatus & Other)192a9ac8606Spatrick void join(const ParameterStatus &Other) {
193a9ac8606Spatrick // If we have a pointer already, let's keep it.
194a9ac8606Spatrick // For the purposes of the analysis, it doesn't really matter
195a9ac8606Spatrick // which call we report.
196a9ac8606Spatrick //
197a9ac8606Spatrick // If we don't have a pointer, let's take whatever gets joined.
198a9ac8606Spatrick if (!Call) {
199a9ac8606Spatrick Call = Other.Call;
200a9ac8606Spatrick }
201a9ac8606Spatrick // Join kinds.
202a9ac8606Spatrick StatusKind |= Other.getKind();
203a9ac8606Spatrick }
204a9ac8606Spatrick
operator ==(const ParameterStatus & Other) const205a9ac8606Spatrick bool operator==(const ParameterStatus &Other) const {
206a9ac8606Spatrick // We compare only kinds, pointers on their own is only additional
207a9ac8606Spatrick // information.
208a9ac8606Spatrick return getKind() == Other.getKind();
209a9ac8606Spatrick }
210a9ac8606Spatrick
211a9ac8606Spatrick private:
212a9ac8606Spatrick // It would've been a perfect place to use llvm::PointerIntPair, but
213a9ac8606Spatrick // unfortunately NumLowBitsAvailable for clang::Expr had been reduced to 2.
214a9ac8606Spatrick Kind StatusKind = NotVisited;
215a9ac8606Spatrick const Expr *Call = nullptr;
216a9ac8606Spatrick };
217a9ac8606Spatrick
218a9ac8606Spatrick /// State aggregates statuses of all tracked parameters.
219a9ac8606Spatrick class State {
220a9ac8606Spatrick public:
State(unsigned Size,ParameterStatus::Kind K=ParameterStatus::NotVisited)221a9ac8606Spatrick State(unsigned Size, ParameterStatus::Kind K = ParameterStatus::NotVisited)
222a9ac8606Spatrick : ParamData(Size, K) {}
223a9ac8606Spatrick
224a9ac8606Spatrick /// Return status of a parameter with the given index.
225a9ac8606Spatrick /// \{
getStatusFor(unsigned Index)226a9ac8606Spatrick ParameterStatus &getStatusFor(unsigned Index) { return ParamData[Index]; }
getStatusFor(unsigned Index) const227a9ac8606Spatrick const ParameterStatus &getStatusFor(unsigned Index) const {
228a9ac8606Spatrick return ParamData[Index];
229a9ac8606Spatrick }
230a9ac8606Spatrick /// \}
231a9ac8606Spatrick
232a9ac8606Spatrick /// Return true if parameter with the given index can be called.
seenAnyCalls(unsigned Index) const233a9ac8606Spatrick bool seenAnyCalls(unsigned Index) const {
234a9ac8606Spatrick return getStatusFor(Index).seenAnyCalls();
235a9ac8606Spatrick }
236a9ac8606Spatrick /// Return a reference that we consider a call.
237a9ac8606Spatrick ///
238a9ac8606Spatrick /// Should only be used for parameters that can be called.
getCallFor(unsigned Index) const239a9ac8606Spatrick const Expr &getCallFor(unsigned Index) const {
240a9ac8606Spatrick return getStatusFor(Index).getCall();
241a9ac8606Spatrick }
242a9ac8606Spatrick /// Return status kind of parameter with the given index.
getKindFor(unsigned Index) const243a9ac8606Spatrick ParameterStatus::Kind getKindFor(unsigned Index) const {
244a9ac8606Spatrick return getStatusFor(Index).getKind();
245a9ac8606Spatrick }
246a9ac8606Spatrick
isVisited() const247a9ac8606Spatrick bool isVisited() const {
248a9ac8606Spatrick return llvm::all_of(ParamData, [](const ParameterStatus &S) {
249a9ac8606Spatrick return S.getKind() != ParameterStatus::NotVisited;
250a9ac8606Spatrick });
251a9ac8606Spatrick }
252a9ac8606Spatrick
253a9ac8606Spatrick // Join other state into the current state.
join(const State & Other)254a9ac8606Spatrick void join(const State &Other) {
255a9ac8606Spatrick assert(ParamData.size() == Other.ParamData.size() &&
256a9ac8606Spatrick "Couldn't join statuses with different sizes");
257a9ac8606Spatrick for (auto Pair : llvm::zip(ParamData, Other.ParamData)) {
258a9ac8606Spatrick std::get<0>(Pair).join(std::get<1>(Pair));
259a9ac8606Spatrick }
260a9ac8606Spatrick }
261a9ac8606Spatrick
262a9ac8606Spatrick using iterator = ParamSizedVector<ParameterStatus>::iterator;
263a9ac8606Spatrick using const_iterator = ParamSizedVector<ParameterStatus>::const_iterator;
264a9ac8606Spatrick
begin()265a9ac8606Spatrick iterator begin() { return ParamData.begin(); }
end()266a9ac8606Spatrick iterator end() { return ParamData.end(); }
267a9ac8606Spatrick
begin() const268a9ac8606Spatrick const_iterator begin() const { return ParamData.begin(); }
end() const269a9ac8606Spatrick const_iterator end() const { return ParamData.end(); }
270a9ac8606Spatrick
operator ==(const State & Other) const271a9ac8606Spatrick bool operator==(const State &Other) const {
272a9ac8606Spatrick return ParamData == Other.ParamData;
273a9ac8606Spatrick }
274a9ac8606Spatrick
275a9ac8606Spatrick private:
276a9ac8606Spatrick ParamSizedVector<ParameterStatus> ParamData;
277a9ac8606Spatrick };
278a9ac8606Spatrick
279a9ac8606Spatrick /// A simple class that finds DeclRefExpr in the given expression.
280a9ac8606Spatrick ///
281a9ac8606Spatrick /// However, we don't want to find ANY nested DeclRefExpr skipping whatever
282a9ac8606Spatrick /// expressions on our way. Only certain expressions considered "no-op"
283a9ac8606Spatrick /// for our task are indeed skipped.
284a9ac8606Spatrick class DeclRefFinder
285a9ac8606Spatrick : public ConstStmtVisitor<DeclRefFinder, const DeclRefExpr *> {
286a9ac8606Spatrick public:
287a9ac8606Spatrick /// Find a DeclRefExpr in the given expression.
288a9ac8606Spatrick ///
289a9ac8606Spatrick /// In its most basic form (ShouldRetrieveFromComparisons == false),
290a9ac8606Spatrick /// this function can be simply reduced to the following question:
291a9ac8606Spatrick ///
292a9ac8606Spatrick /// - If expression E is used as a function argument, could we say
293a9ac8606Spatrick /// that DeclRefExpr nested in E is used as an argument?
294a9ac8606Spatrick ///
295a9ac8606Spatrick /// According to this rule, we can say that parens, casts and dereferencing
296a9ac8606Spatrick /// (dereferencing only applied to function pointers, but this is our case)
297a9ac8606Spatrick /// can be skipped.
298a9ac8606Spatrick ///
299a9ac8606Spatrick /// When we should look into comparisons the question changes to:
300a9ac8606Spatrick ///
301a9ac8606Spatrick /// - If expression E is used as a condition, could we say that
302a9ac8606Spatrick /// DeclRefExpr is being checked?
303a9ac8606Spatrick ///
304a9ac8606Spatrick /// And even though, these are two different questions, they have quite a lot
305a9ac8606Spatrick /// in common. Actually, we can say that whatever expression answers
306a9ac8606Spatrick /// positively the first question also fits the second question as well.
307a9ac8606Spatrick ///
308a9ac8606Spatrick /// In addition, we skip binary operators == and !=, and unary opeartor !.
find(const Expr * E,bool ShouldRetrieveFromComparisons=false)309a9ac8606Spatrick static const DeclRefExpr *find(const Expr *E,
310a9ac8606Spatrick bool ShouldRetrieveFromComparisons = false) {
311a9ac8606Spatrick return DeclRefFinder(ShouldRetrieveFromComparisons).Visit(E);
312a9ac8606Spatrick }
313a9ac8606Spatrick
VisitDeclRefExpr(const DeclRefExpr * DR)314a9ac8606Spatrick const DeclRefExpr *VisitDeclRefExpr(const DeclRefExpr *DR) { return DR; }
315a9ac8606Spatrick
VisitUnaryOperator(const UnaryOperator * UO)316a9ac8606Spatrick const DeclRefExpr *VisitUnaryOperator(const UnaryOperator *UO) {
317a9ac8606Spatrick switch (UO->getOpcode()) {
318a9ac8606Spatrick case UO_LNot:
319a9ac8606Spatrick // We care about logical not only if we care about comparisons.
320a9ac8606Spatrick if (!ShouldRetrieveFromComparisons)
321a9ac8606Spatrick return nullptr;
322*12c85518Srobert [[fallthrough]];
323a9ac8606Spatrick // Function pointer/references can be dereferenced before a call.
324a9ac8606Spatrick // That doesn't make it, however, any different from a regular call.
325a9ac8606Spatrick // For this reason, dereference operation is a "no-op".
326a9ac8606Spatrick case UO_Deref:
327a9ac8606Spatrick return Visit(UO->getSubExpr());
328a9ac8606Spatrick default:
329a9ac8606Spatrick return nullptr;
330a9ac8606Spatrick }
331a9ac8606Spatrick }
332a9ac8606Spatrick
VisitBinaryOperator(const BinaryOperator * BO)333a9ac8606Spatrick const DeclRefExpr *VisitBinaryOperator(const BinaryOperator *BO) {
334a9ac8606Spatrick if (!ShouldRetrieveFromComparisons)
335a9ac8606Spatrick return nullptr;
336a9ac8606Spatrick
337a9ac8606Spatrick switch (BO->getOpcode()) {
338a9ac8606Spatrick case BO_EQ:
339a9ac8606Spatrick case BO_NE: {
340a9ac8606Spatrick const DeclRefExpr *LHS = Visit(BO->getLHS());
341a9ac8606Spatrick return LHS ? LHS : Visit(BO->getRHS());
342a9ac8606Spatrick }
343a9ac8606Spatrick default:
344a9ac8606Spatrick return nullptr;
345a9ac8606Spatrick }
346a9ac8606Spatrick }
347a9ac8606Spatrick
VisitOpaqueValueExpr(const OpaqueValueExpr * OVE)348a9ac8606Spatrick const DeclRefExpr *VisitOpaqueValueExpr(const OpaqueValueExpr *OVE) {
349a9ac8606Spatrick return Visit(OVE->getSourceExpr());
350a9ac8606Spatrick }
351a9ac8606Spatrick
VisitCallExpr(const CallExpr * CE)352a9ac8606Spatrick const DeclRefExpr *VisitCallExpr(const CallExpr *CE) {
353a9ac8606Spatrick if (!ShouldRetrieveFromComparisons)
354a9ac8606Spatrick return nullptr;
355a9ac8606Spatrick
356a9ac8606Spatrick // We want to see through some of the boolean builtin functions
357a9ac8606Spatrick // that we are likely to see in conditions.
358a9ac8606Spatrick switch (CE->getBuiltinCallee()) {
359a9ac8606Spatrick case Builtin::BI__builtin_expect:
360a9ac8606Spatrick case Builtin::BI__builtin_expect_with_probability: {
361a9ac8606Spatrick assert(CE->getNumArgs() >= 2);
362a9ac8606Spatrick
363a9ac8606Spatrick const DeclRefExpr *Candidate = Visit(CE->getArg(0));
364a9ac8606Spatrick return Candidate != nullptr ? Candidate : Visit(CE->getArg(1));
365a9ac8606Spatrick }
366a9ac8606Spatrick
367a9ac8606Spatrick case Builtin::BI__builtin_unpredictable:
368a9ac8606Spatrick return Visit(CE->getArg(0));
369a9ac8606Spatrick
370a9ac8606Spatrick default:
371a9ac8606Spatrick return nullptr;
372a9ac8606Spatrick }
373a9ac8606Spatrick }
374a9ac8606Spatrick
VisitExpr(const Expr * E)375a9ac8606Spatrick const DeclRefExpr *VisitExpr(const Expr *E) {
376a9ac8606Spatrick // It is a fallback method that gets called whenever the actual type
377a9ac8606Spatrick // of the given expression is not covered.
378a9ac8606Spatrick //
379a9ac8606Spatrick // We first check if we have anything to skip. And then repeat the whole
380a9ac8606Spatrick // procedure for a nested expression instead.
381a9ac8606Spatrick const Expr *DeclutteredExpr = E->IgnoreParenCasts();
382a9ac8606Spatrick return E != DeclutteredExpr ? Visit(DeclutteredExpr) : nullptr;
383a9ac8606Spatrick }
384a9ac8606Spatrick
385a9ac8606Spatrick private:
DeclRefFinder(bool ShouldRetrieveFromComparisons)386a9ac8606Spatrick DeclRefFinder(bool ShouldRetrieveFromComparisons)
387a9ac8606Spatrick : ShouldRetrieveFromComparisons(ShouldRetrieveFromComparisons) {}
388a9ac8606Spatrick
389a9ac8606Spatrick bool ShouldRetrieveFromComparisons;
390a9ac8606Spatrick };
391a9ac8606Spatrick
findDeclRefExpr(const Expr * In,bool ShouldRetrieveFromComparisons=false)392a9ac8606Spatrick const DeclRefExpr *findDeclRefExpr(const Expr *In,
393a9ac8606Spatrick bool ShouldRetrieveFromComparisons = false) {
394a9ac8606Spatrick return DeclRefFinder::find(In, ShouldRetrieveFromComparisons);
395a9ac8606Spatrick }
396a9ac8606Spatrick
397a9ac8606Spatrick const ParmVarDecl *
findReferencedParmVarDecl(const Expr * In,bool ShouldRetrieveFromComparisons=false)398a9ac8606Spatrick findReferencedParmVarDecl(const Expr *In,
399a9ac8606Spatrick bool ShouldRetrieveFromComparisons = false) {
400a9ac8606Spatrick if (const DeclRefExpr *DR =
401a9ac8606Spatrick findDeclRefExpr(In, ShouldRetrieveFromComparisons)) {
402a9ac8606Spatrick return dyn_cast<ParmVarDecl>(DR->getDecl());
403a9ac8606Spatrick }
404a9ac8606Spatrick
405a9ac8606Spatrick return nullptr;
406a9ac8606Spatrick }
407a9ac8606Spatrick
408a9ac8606Spatrick /// Return conditions expression of a statement if it has one.
getCondition(const Stmt * S)409a9ac8606Spatrick const Expr *getCondition(const Stmt *S) {
410a9ac8606Spatrick if (!S) {
411a9ac8606Spatrick return nullptr;
412a9ac8606Spatrick }
413a9ac8606Spatrick
414a9ac8606Spatrick if (const auto *If = dyn_cast<IfStmt>(S)) {
415a9ac8606Spatrick return If->getCond();
416a9ac8606Spatrick }
417a9ac8606Spatrick if (const auto *Ternary = dyn_cast<AbstractConditionalOperator>(S)) {
418a9ac8606Spatrick return Ternary->getCond();
419a9ac8606Spatrick }
420a9ac8606Spatrick
421a9ac8606Spatrick return nullptr;
422a9ac8606Spatrick }
423a9ac8606Spatrick
424a9ac8606Spatrick /// A small helper class that collects all named identifiers in the given
425a9ac8606Spatrick /// expression. It traverses it recursively, so names from deeper levels
426a9ac8606Spatrick /// of the AST will end up in the results.
427a9ac8606Spatrick /// Results might have duplicate names, if this is a problem, convert to
428a9ac8606Spatrick /// string sets afterwards.
429a9ac8606Spatrick class NamesCollector : public RecursiveASTVisitor<NamesCollector> {
430a9ac8606Spatrick public:
431a9ac8606Spatrick static constexpr unsigned EXPECTED_NUMBER_OF_NAMES = 5;
432a9ac8606Spatrick using NameCollection =
433a9ac8606Spatrick llvm::SmallVector<llvm::StringRef, EXPECTED_NUMBER_OF_NAMES>;
434a9ac8606Spatrick
collect(const Expr * From)435a9ac8606Spatrick static NameCollection collect(const Expr *From) {
436a9ac8606Spatrick NamesCollector Impl;
437a9ac8606Spatrick Impl.TraverseStmt(const_cast<Expr *>(From));
438a9ac8606Spatrick return Impl.Result;
439a9ac8606Spatrick }
440a9ac8606Spatrick
VisitDeclRefExpr(const DeclRefExpr * E)441a9ac8606Spatrick bool VisitDeclRefExpr(const DeclRefExpr *E) {
442a9ac8606Spatrick Result.push_back(E->getDecl()->getName());
443a9ac8606Spatrick return true;
444a9ac8606Spatrick }
445a9ac8606Spatrick
VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr * E)446a9ac8606Spatrick bool VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr *E) {
447a9ac8606Spatrick llvm::StringRef Name;
448a9ac8606Spatrick
449a9ac8606Spatrick if (E->isImplicitProperty()) {
450a9ac8606Spatrick ObjCMethodDecl *PropertyMethodDecl = nullptr;
451a9ac8606Spatrick if (E->isMessagingGetter()) {
452a9ac8606Spatrick PropertyMethodDecl = E->getImplicitPropertyGetter();
453a9ac8606Spatrick } else {
454a9ac8606Spatrick PropertyMethodDecl = E->getImplicitPropertySetter();
455a9ac8606Spatrick }
456a9ac8606Spatrick assert(PropertyMethodDecl &&
457a9ac8606Spatrick "Implicit property must have associated declaration");
458a9ac8606Spatrick Name = PropertyMethodDecl->getSelector().getNameForSlot(0);
459a9ac8606Spatrick } else {
460a9ac8606Spatrick assert(E->isExplicitProperty());
461a9ac8606Spatrick Name = E->getExplicitProperty()->getName();
462a9ac8606Spatrick }
463a9ac8606Spatrick
464a9ac8606Spatrick Result.push_back(Name);
465a9ac8606Spatrick return true;
466a9ac8606Spatrick }
467a9ac8606Spatrick
468a9ac8606Spatrick private:
469a9ac8606Spatrick NamesCollector() = default;
470a9ac8606Spatrick NameCollection Result;
471a9ac8606Spatrick };
472a9ac8606Spatrick
473a9ac8606Spatrick /// Check whether the given expression mentions any of conventional names.
mentionsAnyOfConventionalNames(const Expr * E)474a9ac8606Spatrick bool mentionsAnyOfConventionalNames(const Expr *E) {
475a9ac8606Spatrick NamesCollector::NameCollection MentionedNames = NamesCollector::collect(E);
476a9ac8606Spatrick
477a9ac8606Spatrick return llvm::any_of(MentionedNames, [](llvm::StringRef ConditionName) {
478a9ac8606Spatrick return llvm::any_of(
479a9ac8606Spatrick CONVENTIONAL_CONDITIONS,
480a9ac8606Spatrick [ConditionName](const llvm::StringLiteral &Conventional) {
481a9ac8606Spatrick return ConditionName.contains_insensitive(Conventional);
482a9ac8606Spatrick });
483a9ac8606Spatrick });
484a9ac8606Spatrick }
485a9ac8606Spatrick
486a9ac8606Spatrick /// Clarification is a simple pair of a reason why parameter is not called
487a9ac8606Spatrick /// on every path and a statement to blame.
488a9ac8606Spatrick struct Clarification {
489a9ac8606Spatrick NeverCalledReason Reason;
490a9ac8606Spatrick const Stmt *Location;
491a9ac8606Spatrick };
492a9ac8606Spatrick
493a9ac8606Spatrick /// A helper class that can produce a clarification based on the given pair
494a9ac8606Spatrick /// of basic blocks.
495a9ac8606Spatrick class NotCalledClarifier
496a9ac8606Spatrick : public ConstStmtVisitor<NotCalledClarifier,
497*12c85518Srobert std::optional<Clarification>> {
498a9ac8606Spatrick public:
499a9ac8606Spatrick /// The main entrypoint for the class, the function that tries to find the
500a9ac8606Spatrick /// clarification of how to explain which sub-path starts with a CFG edge
501a9ac8606Spatrick /// from Conditional to SuccWithoutCall.
502a9ac8606Spatrick ///
503a9ac8606Spatrick /// This means that this function has one precondition:
504a9ac8606Spatrick /// SuccWithoutCall should be a successor block for Conditional.
505a9ac8606Spatrick ///
506a9ac8606Spatrick /// Because clarification is not needed for non-trivial pairs of blocks
507a9ac8606Spatrick /// (i.e. SuccWithoutCall is not the only successor), it returns meaningful
508a9ac8606Spatrick /// results only for such cases. For this very reason, the parent basic
509a9ac8606Spatrick /// block, Conditional, is named that way, so it is clear what kind of
510a9ac8606Spatrick /// block is expected.
clarify(const CFGBlock * Conditional,const CFGBlock * SuccWithoutCall)511*12c85518Srobert static std::optional<Clarification> clarify(const CFGBlock *Conditional,
512*12c85518Srobert const CFGBlock *SuccWithoutCall) {
513a9ac8606Spatrick if (const Stmt *Terminator = Conditional->getTerminatorStmt()) {
514a9ac8606Spatrick return NotCalledClarifier{Conditional, SuccWithoutCall}.Visit(Terminator);
515a9ac8606Spatrick }
516*12c85518Srobert return std::nullopt;
517a9ac8606Spatrick }
518a9ac8606Spatrick
VisitIfStmt(const IfStmt * If)519*12c85518Srobert std::optional<Clarification> VisitIfStmt(const IfStmt *If) {
520a9ac8606Spatrick return VisitBranchingBlock(If, NeverCalledReason::IfThen);
521a9ac8606Spatrick }
522a9ac8606Spatrick
523*12c85518Srobert std::optional<Clarification>
VisitAbstractConditionalOperator(const AbstractConditionalOperator * Ternary)524a9ac8606Spatrick VisitAbstractConditionalOperator(const AbstractConditionalOperator *Ternary) {
525a9ac8606Spatrick return VisitBranchingBlock(Ternary, NeverCalledReason::IfThen);
526a9ac8606Spatrick }
527a9ac8606Spatrick
VisitSwitchStmt(const SwitchStmt * Switch)528*12c85518Srobert std::optional<Clarification> VisitSwitchStmt(const SwitchStmt *Switch) {
529a9ac8606Spatrick const Stmt *CaseToBlame = SuccInQuestion->getLabel();
530a9ac8606Spatrick if (!CaseToBlame) {
531a9ac8606Spatrick // If interesting basic block is not labeled, it means that this
532a9ac8606Spatrick // basic block does not represent any of the cases.
533a9ac8606Spatrick return Clarification{NeverCalledReason::SwitchSkipped, Switch};
534a9ac8606Spatrick }
535a9ac8606Spatrick
536a9ac8606Spatrick for (const SwitchCase *Case = Switch->getSwitchCaseList(); Case;
537a9ac8606Spatrick Case = Case->getNextSwitchCase()) {
538a9ac8606Spatrick if (Case == CaseToBlame) {
539a9ac8606Spatrick return Clarification{NeverCalledReason::Switch, Case};
540a9ac8606Spatrick }
541a9ac8606Spatrick }
542a9ac8606Spatrick
543a9ac8606Spatrick llvm_unreachable("Found unexpected switch structure");
544a9ac8606Spatrick }
545a9ac8606Spatrick
VisitForStmt(const ForStmt * For)546*12c85518Srobert std::optional<Clarification> VisitForStmt(const ForStmt *For) {
547a9ac8606Spatrick return VisitBranchingBlock(For, NeverCalledReason::LoopEntered);
548a9ac8606Spatrick }
549a9ac8606Spatrick
VisitWhileStmt(const WhileStmt * While)550*12c85518Srobert std::optional<Clarification> VisitWhileStmt(const WhileStmt *While) {
551a9ac8606Spatrick return VisitBranchingBlock(While, NeverCalledReason::LoopEntered);
552a9ac8606Spatrick }
553a9ac8606Spatrick
554*12c85518Srobert std::optional<Clarification>
VisitBranchingBlock(const Stmt * Terminator,NeverCalledReason DefaultReason)555a9ac8606Spatrick VisitBranchingBlock(const Stmt *Terminator, NeverCalledReason DefaultReason) {
556a9ac8606Spatrick assert(Parent->succ_size() == 2 &&
557a9ac8606Spatrick "Branching block should have exactly two successors");
558a9ac8606Spatrick unsigned SuccessorIndex = getSuccessorIndex(Parent, SuccInQuestion);
559a9ac8606Spatrick NeverCalledReason ActualReason =
560a9ac8606Spatrick updateForSuccessor(DefaultReason, SuccessorIndex);
561a9ac8606Spatrick return Clarification{ActualReason, Terminator};
562a9ac8606Spatrick }
563a9ac8606Spatrick
VisitBinaryOperator(const BinaryOperator *)564*12c85518Srobert std::optional<Clarification> VisitBinaryOperator(const BinaryOperator *) {
565a9ac8606Spatrick // We don't want to report on short-curcuit logical operations.
566*12c85518Srobert return std::nullopt;
567a9ac8606Spatrick }
568a9ac8606Spatrick
VisitStmt(const Stmt * Terminator)569*12c85518Srobert std::optional<Clarification> VisitStmt(const Stmt *Terminator) {
570a9ac8606Spatrick // If we got here, we didn't have a visit function for more derived
571a9ac8606Spatrick // classes of statement that this terminator actually belongs to.
572a9ac8606Spatrick //
573a9ac8606Spatrick // This is not a good scenario and should not happen in practice, but
574a9ac8606Spatrick // at least we'll warn the user.
575a9ac8606Spatrick return Clarification{NeverCalledReason::FallbackReason, Terminator};
576a9ac8606Spatrick }
577a9ac8606Spatrick
getSuccessorIndex(const CFGBlock * Parent,const CFGBlock * Child)578a9ac8606Spatrick static unsigned getSuccessorIndex(const CFGBlock *Parent,
579a9ac8606Spatrick const CFGBlock *Child) {
580a9ac8606Spatrick CFGBlock::const_succ_iterator It = llvm::find(Parent->succs(), Child);
581a9ac8606Spatrick assert(It != Parent->succ_end() &&
582a9ac8606Spatrick "Given blocks should be in parent-child relationship");
583a9ac8606Spatrick return It - Parent->succ_begin();
584a9ac8606Spatrick }
585a9ac8606Spatrick
586a9ac8606Spatrick static NeverCalledReason
updateForSuccessor(NeverCalledReason ReasonForTrueBranch,unsigned SuccessorIndex)587a9ac8606Spatrick updateForSuccessor(NeverCalledReason ReasonForTrueBranch,
588a9ac8606Spatrick unsigned SuccessorIndex) {
589a9ac8606Spatrick assert(SuccessorIndex <= 1);
590a9ac8606Spatrick unsigned RawReason =
591a9ac8606Spatrick static_cast<unsigned>(ReasonForTrueBranch) + SuccessorIndex;
592a9ac8606Spatrick assert(RawReason <=
593a9ac8606Spatrick static_cast<unsigned>(NeverCalledReason::LARGEST_VALUE));
594a9ac8606Spatrick return static_cast<NeverCalledReason>(RawReason);
595a9ac8606Spatrick }
596a9ac8606Spatrick
597a9ac8606Spatrick private:
NotCalledClarifier(const CFGBlock * Parent,const CFGBlock * SuccInQuestion)598a9ac8606Spatrick NotCalledClarifier(const CFGBlock *Parent, const CFGBlock *SuccInQuestion)
599a9ac8606Spatrick : Parent(Parent), SuccInQuestion(SuccInQuestion) {}
600a9ac8606Spatrick
601a9ac8606Spatrick const CFGBlock *Parent, *SuccInQuestion;
602a9ac8606Spatrick };
603a9ac8606Spatrick
604a9ac8606Spatrick class CalledOnceChecker : public ConstStmtVisitor<CalledOnceChecker> {
605a9ac8606Spatrick public:
check(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)606a9ac8606Spatrick static void check(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
607a9ac8606Spatrick bool CheckConventionalParameters) {
608a9ac8606Spatrick CalledOnceChecker(AC, Handler, CheckConventionalParameters).check();
609a9ac8606Spatrick }
610a9ac8606Spatrick
611a9ac8606Spatrick private:
CalledOnceChecker(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)612a9ac8606Spatrick CalledOnceChecker(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
613a9ac8606Spatrick bool CheckConventionalParameters)
614a9ac8606Spatrick : FunctionCFG(*AC.getCFG()), AC(AC), Handler(Handler),
615a9ac8606Spatrick CheckConventionalParameters(CheckConventionalParameters),
616a9ac8606Spatrick CurrentState(0) {
617a9ac8606Spatrick initDataStructures();
618a9ac8606Spatrick assert((size() == 0 || !States.empty()) &&
619a9ac8606Spatrick "Data structures are inconsistent");
620a9ac8606Spatrick }
621a9ac8606Spatrick
622a9ac8606Spatrick //===----------------------------------------------------------------------===//
623a9ac8606Spatrick // Initializing functions
624a9ac8606Spatrick //===----------------------------------------------------------------------===//
625a9ac8606Spatrick
initDataStructures()626a9ac8606Spatrick void initDataStructures() {
627a9ac8606Spatrick const Decl *AnalyzedDecl = AC.getDecl();
628a9ac8606Spatrick
629a9ac8606Spatrick if (const auto *Function = dyn_cast<FunctionDecl>(AnalyzedDecl)) {
630a9ac8606Spatrick findParamsToTrack(Function);
631a9ac8606Spatrick } else if (const auto *Method = dyn_cast<ObjCMethodDecl>(AnalyzedDecl)) {
632a9ac8606Spatrick findParamsToTrack(Method);
633a9ac8606Spatrick } else if (const auto *Block = dyn_cast<BlockDecl>(AnalyzedDecl)) {
634a9ac8606Spatrick findCapturesToTrack(Block);
635a9ac8606Spatrick findParamsToTrack(Block);
636a9ac8606Spatrick }
637a9ac8606Spatrick
638a9ac8606Spatrick // Have something to track, let's init states for every block from the CFG.
639a9ac8606Spatrick if (size() != 0) {
640a9ac8606Spatrick States =
641a9ac8606Spatrick CFGSizedVector<State>(FunctionCFG.getNumBlockIDs(), State(size()));
642a9ac8606Spatrick }
643a9ac8606Spatrick }
644a9ac8606Spatrick
findCapturesToTrack(const BlockDecl * Block)645a9ac8606Spatrick void findCapturesToTrack(const BlockDecl *Block) {
646a9ac8606Spatrick for (const auto &Capture : Block->captures()) {
647a9ac8606Spatrick if (const auto *P = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
648a9ac8606Spatrick // Parameter DeclContext is its owning function or method.
649a9ac8606Spatrick const DeclContext *ParamContext = P->getDeclContext();
650a9ac8606Spatrick if (shouldBeCalledOnce(ParamContext, P)) {
651a9ac8606Spatrick TrackedParams.push_back(P);
652a9ac8606Spatrick }
653a9ac8606Spatrick }
654a9ac8606Spatrick }
655a9ac8606Spatrick }
656a9ac8606Spatrick
657a9ac8606Spatrick template <class FunctionLikeDecl>
findParamsToTrack(const FunctionLikeDecl * Function)658a9ac8606Spatrick void findParamsToTrack(const FunctionLikeDecl *Function) {
659a9ac8606Spatrick for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
660a9ac8606Spatrick if (shouldBeCalledOnce(Function, Index)) {
661a9ac8606Spatrick TrackedParams.push_back(Function->getParamDecl(Index));
662a9ac8606Spatrick }
663a9ac8606Spatrick }
664a9ac8606Spatrick }
665a9ac8606Spatrick
666a9ac8606Spatrick //===----------------------------------------------------------------------===//
667a9ac8606Spatrick // Main logic 'check' functions
668a9ac8606Spatrick //===----------------------------------------------------------------------===//
669a9ac8606Spatrick
check()670a9ac8606Spatrick void check() {
671a9ac8606Spatrick // Nothing to check here: we don't have marked parameters.
672a9ac8606Spatrick if (size() == 0 || isPossiblyEmptyImpl())
673a9ac8606Spatrick return;
674a9ac8606Spatrick
675a9ac8606Spatrick assert(
676a9ac8606Spatrick llvm::none_of(States, [](const State &S) { return S.isVisited(); }) &&
677a9ac8606Spatrick "None of the blocks should be 'visited' before the analysis");
678a9ac8606Spatrick
679a9ac8606Spatrick // For our task, both backward and forward approaches suite well.
680a9ac8606Spatrick // However, in order to report better diagnostics, we decided to go with
681a9ac8606Spatrick // backward analysis.
682a9ac8606Spatrick //
683a9ac8606Spatrick // Let's consider the following CFG and how forward and backward analyses
684a9ac8606Spatrick // will work for it.
685a9ac8606Spatrick //
686a9ac8606Spatrick // FORWARD: | BACKWARD:
687a9ac8606Spatrick // #1 | #1
688a9ac8606Spatrick // +---------+ | +-----------+
689a9ac8606Spatrick // | if | | |MaybeCalled|
690a9ac8606Spatrick // +---------+ | +-----------+
691a9ac8606Spatrick // |NotCalled| | | if |
692a9ac8606Spatrick // +---------+ | +-----------+
693a9ac8606Spatrick // / \ | / \
694a9ac8606Spatrick // #2 / \ #3 | #2 / \ #3
695a9ac8606Spatrick // +----------------+ +---------+ | +----------------+ +---------+
696a9ac8606Spatrick // | foo() | | ... | | |DefinitelyCalled| |NotCalled|
697a9ac8606Spatrick // +----------------+ +---------+ | +----------------+ +---------+
698a9ac8606Spatrick // |DefinitelyCalled| |NotCalled| | | foo() | | ... |
699a9ac8606Spatrick // +----------------+ +---------+ | +----------------+ +---------+
700a9ac8606Spatrick // \ / | \ /
701a9ac8606Spatrick // \ #4 / | \ #4 /
702a9ac8606Spatrick // +-----------+ | +---------+
703a9ac8606Spatrick // | ... | | |NotCalled|
704a9ac8606Spatrick // +-----------+ | +---------+
705a9ac8606Spatrick // |MaybeCalled| | | ... |
706a9ac8606Spatrick // +-----------+ | +---------+
707a9ac8606Spatrick //
708a9ac8606Spatrick // The most natural way to report lacking call in the block #3 would be to
709a9ac8606Spatrick // message that the false branch of the if statement in the block #1 doesn't
710a9ac8606Spatrick // have a call. And while with the forward approach we'll need to find a
711a9ac8606Spatrick // least common ancestor or something like that to find the 'if' to blame,
712a9ac8606Spatrick // backward analysis gives it to us out of the box.
713a9ac8606Spatrick BackwardDataflowWorklist Worklist(FunctionCFG, AC);
714a9ac8606Spatrick
715a9ac8606Spatrick // Let's visit EXIT.
716a9ac8606Spatrick const CFGBlock *Exit = &FunctionCFG.getExit();
717a9ac8606Spatrick assignState(Exit, State(size(), ParameterStatus::NotCalled));
718a9ac8606Spatrick Worklist.enqueuePredecessors(Exit);
719a9ac8606Spatrick
720a9ac8606Spatrick while (const CFGBlock *BB = Worklist.dequeue()) {
721a9ac8606Spatrick assert(BB && "Worklist should filter out null blocks");
722a9ac8606Spatrick check(BB);
723a9ac8606Spatrick assert(CurrentState.isVisited() &&
724a9ac8606Spatrick "After the check, basic block should be visited");
725a9ac8606Spatrick
726a9ac8606Spatrick // Traverse successor basic blocks if the status of this block
727a9ac8606Spatrick // has changed.
728a9ac8606Spatrick if (assignState(BB, CurrentState)) {
729a9ac8606Spatrick Worklist.enqueuePredecessors(BB);
730a9ac8606Spatrick }
731a9ac8606Spatrick }
732a9ac8606Spatrick
733a9ac8606Spatrick // Check that we have all tracked parameters at the last block.
734a9ac8606Spatrick // As we are performing a backward version of the analysis,
735a9ac8606Spatrick // it should be the ENTRY block.
736a9ac8606Spatrick checkEntry(&FunctionCFG.getEntry());
737a9ac8606Spatrick }
738a9ac8606Spatrick
check(const CFGBlock * BB)739a9ac8606Spatrick void check(const CFGBlock *BB) {
740a9ac8606Spatrick // We start with a state 'inherited' from all the successors.
741a9ac8606Spatrick CurrentState = joinSuccessors(BB);
742a9ac8606Spatrick assert(CurrentState.isVisited() &&
743a9ac8606Spatrick "Shouldn't start with a 'not visited' state");
744a9ac8606Spatrick
745a9ac8606Spatrick // This is the 'exit' situation, broken promises are probably OK
746a9ac8606Spatrick // in such scenarios.
747a9ac8606Spatrick if (BB->hasNoReturnElement()) {
748a9ac8606Spatrick markNoReturn();
749a9ac8606Spatrick // This block still can have calls (even multiple calls) and
750a9ac8606Spatrick // for this reason there is no early return here.
751a9ac8606Spatrick }
752a9ac8606Spatrick
753a9ac8606Spatrick // We use a backward dataflow propagation and for this reason we
754a9ac8606Spatrick // should traverse basic blocks bottom-up.
755a9ac8606Spatrick for (const CFGElement &Element : llvm::reverse(*BB)) {
756*12c85518Srobert if (std::optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
757a9ac8606Spatrick check(S->getStmt());
758a9ac8606Spatrick }
759a9ac8606Spatrick }
760a9ac8606Spatrick }
check(const Stmt * S)761a9ac8606Spatrick void check(const Stmt *S) { Visit(S); }
762a9ac8606Spatrick
checkEntry(const CFGBlock * Entry)763a9ac8606Spatrick void checkEntry(const CFGBlock *Entry) {
764a9ac8606Spatrick // We finalize this algorithm with the ENTRY block because
765a9ac8606Spatrick // we use a backward version of the analysis. This is where
766a9ac8606Spatrick // we can judge that some of the tracked parameters are not called on
767a9ac8606Spatrick // every path from ENTRY to EXIT.
768a9ac8606Spatrick
769a9ac8606Spatrick const State &EntryStatus = getState(Entry);
770a9ac8606Spatrick llvm::BitVector NotCalledOnEveryPath(size(), false);
771a9ac8606Spatrick llvm::BitVector NotUsedOnEveryPath(size(), false);
772a9ac8606Spatrick
773a9ac8606Spatrick // Check if there are no calls of the marked parameter at all
774a9ac8606Spatrick for (const auto &IndexedStatus : llvm::enumerate(EntryStatus)) {
775a9ac8606Spatrick const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
776a9ac8606Spatrick
777a9ac8606Spatrick switch (IndexedStatus.value().getKind()) {
778a9ac8606Spatrick case ParameterStatus::NotCalled:
779a9ac8606Spatrick // If there were places where this parameter escapes (aka being used),
780a9ac8606Spatrick // we can provide a more useful diagnostic by pointing at the exact
781a9ac8606Spatrick // branches where it is not even mentioned.
782a9ac8606Spatrick if (!hasEverEscaped(IndexedStatus.index())) {
783a9ac8606Spatrick // This parameter is was not used at all, so we should report the
784a9ac8606Spatrick // most generic version of the warning.
785a9ac8606Spatrick if (isCaptured(Parameter)) {
786a9ac8606Spatrick // We want to specify that it was captured by the block.
787a9ac8606Spatrick Handler.handleCapturedNeverCalled(Parameter, AC.getDecl(),
788a9ac8606Spatrick !isExplicitlyMarked(Parameter));
789a9ac8606Spatrick } else {
790a9ac8606Spatrick Handler.handleNeverCalled(Parameter,
791a9ac8606Spatrick !isExplicitlyMarked(Parameter));
792a9ac8606Spatrick }
793a9ac8606Spatrick } else {
794a9ac8606Spatrick // Mark it as 'interesting' to figure out which paths don't even
795a9ac8606Spatrick // have escapes.
796a9ac8606Spatrick NotUsedOnEveryPath[IndexedStatus.index()] = true;
797a9ac8606Spatrick }
798a9ac8606Spatrick
799a9ac8606Spatrick break;
800a9ac8606Spatrick case ParameterStatus::MaybeCalled:
801a9ac8606Spatrick // If we have 'maybe called' at this point, we have an error
802a9ac8606Spatrick // that there is at least one path where this parameter
803a9ac8606Spatrick // is not called.
804a9ac8606Spatrick //
805a9ac8606Spatrick // However, reporting the warning with only that information can be
806a9ac8606Spatrick // too vague for the users. For this reason, we mark such parameters
807a9ac8606Spatrick // as "interesting" for further analysis.
808a9ac8606Spatrick NotCalledOnEveryPath[IndexedStatus.index()] = true;
809a9ac8606Spatrick break;
810a9ac8606Spatrick default:
811a9ac8606Spatrick break;
812a9ac8606Spatrick }
813a9ac8606Spatrick }
814a9ac8606Spatrick
815a9ac8606Spatrick // Early exit if we don't have parameters for extra analysis...
816a9ac8606Spatrick if (NotCalledOnEveryPath.none() && NotUsedOnEveryPath.none() &&
817a9ac8606Spatrick // ... or if we've seen variables with cleanup functions.
818a9ac8606Spatrick // We can't reason that we've seen every path in this case,
819a9ac8606Spatrick // and thus abandon reporting any warnings that imply that.
820a9ac8606Spatrick !FunctionHasCleanupVars)
821a9ac8606Spatrick return;
822a9ac8606Spatrick
823a9ac8606Spatrick // We are looking for a pair of blocks A, B so that the following is true:
824a9ac8606Spatrick // * A is a predecessor of B
825a9ac8606Spatrick // * B is marked as NotCalled
826a9ac8606Spatrick // * A has at least one successor marked as either
827a9ac8606Spatrick // Escaped or DefinitelyCalled
828a9ac8606Spatrick //
829a9ac8606Spatrick // In that situation, it is guaranteed that B is the first block of the path
830a9ac8606Spatrick // where the user doesn't call or use parameter in question.
831a9ac8606Spatrick //
832a9ac8606Spatrick // For this reason, branch A -> B can be used for reporting.
833a9ac8606Spatrick //
834a9ac8606Spatrick // This part of the algorithm is guarded by a condition that the function
835a9ac8606Spatrick // does indeed have a violation of contract. For this reason, we can
836a9ac8606Spatrick // spend more time to find a good spot to place the warning.
837a9ac8606Spatrick //
838a9ac8606Spatrick // The following algorithm has the worst case complexity of O(V + E),
839a9ac8606Spatrick // where V is the number of basic blocks in FunctionCFG,
840a9ac8606Spatrick // E is the number of edges between blocks in FunctionCFG.
841a9ac8606Spatrick for (const CFGBlock *BB : FunctionCFG) {
842a9ac8606Spatrick if (!BB)
843a9ac8606Spatrick continue;
844a9ac8606Spatrick
845a9ac8606Spatrick const State &BlockState = getState(BB);
846a9ac8606Spatrick
847a9ac8606Spatrick for (unsigned Index : llvm::seq(0u, size())) {
848a9ac8606Spatrick // We don't want to use 'isLosingCall' here because we want to report
849a9ac8606Spatrick // the following situation as well:
850a9ac8606Spatrick //
851a9ac8606Spatrick // MaybeCalled
852a9ac8606Spatrick // | ... |
853a9ac8606Spatrick // MaybeCalled NotCalled
854a9ac8606Spatrick //
855a9ac8606Spatrick // Even though successor is not 'DefinitelyCalled', it is still useful
856a9ac8606Spatrick // to report it, it is still a path without a call.
857a9ac8606Spatrick if (NotCalledOnEveryPath[Index] &&
858a9ac8606Spatrick BlockState.getKindFor(Index) == ParameterStatus::MaybeCalled) {
859a9ac8606Spatrick
860a9ac8606Spatrick findAndReportNotCalledBranches(BB, Index);
861a9ac8606Spatrick } else if (NotUsedOnEveryPath[Index] &&
862a9ac8606Spatrick isLosingEscape(BlockState, BB, Index)) {
863a9ac8606Spatrick
864a9ac8606Spatrick findAndReportNotCalledBranches(BB, Index, /* IsEscape = */ true);
865a9ac8606Spatrick }
866a9ac8606Spatrick }
867a9ac8606Spatrick }
868a9ac8606Spatrick }
869a9ac8606Spatrick
870a9ac8606Spatrick /// Check potential call of a tracked parameter.
checkDirectCall(const CallExpr * Call)871a9ac8606Spatrick void checkDirectCall(const CallExpr *Call) {
872a9ac8606Spatrick if (auto Index = getIndexOfCallee(Call)) {
873a9ac8606Spatrick processCallFor(*Index, Call);
874a9ac8606Spatrick }
875a9ac8606Spatrick }
876a9ac8606Spatrick
877a9ac8606Spatrick /// Check the call expression for being an indirect call of one of the tracked
878a9ac8606Spatrick /// parameters. It is indirect in the sense that this particular call is not
879a9ac8606Spatrick /// calling the parameter itself, but rather uses it as the argument.
880a9ac8606Spatrick template <class CallLikeExpr>
checkIndirectCall(const CallLikeExpr * CallOrMessage)881a9ac8606Spatrick void checkIndirectCall(const CallLikeExpr *CallOrMessage) {
882a9ac8606Spatrick // CallExpr::arguments does not interact nicely with llvm::enumerate.
883*12c85518Srobert llvm::ArrayRef<const Expr *> Arguments =
884*12c85518Srobert llvm::ArrayRef(CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
885a9ac8606Spatrick
886a9ac8606Spatrick // Let's check if any of the call arguments is a point of interest.
887a9ac8606Spatrick for (const auto &Argument : llvm::enumerate(Arguments)) {
888a9ac8606Spatrick if (auto Index = getIndexOfExpression(Argument.value())) {
889a9ac8606Spatrick if (shouldBeCalledOnce(CallOrMessage, Argument.index())) {
890a9ac8606Spatrick // If the corresponding parameter is marked as 'called_once' we should
891a9ac8606Spatrick // consider it as a call.
892a9ac8606Spatrick processCallFor(*Index, CallOrMessage);
893a9ac8606Spatrick } else {
894a9ac8606Spatrick // Otherwise, we mark this parameter as escaped, which can be
895a9ac8606Spatrick // interpreted both as called or not called depending on the context.
896a9ac8606Spatrick processEscapeFor(*Index);
897a9ac8606Spatrick }
898a9ac8606Spatrick // Otherwise, let's keep the state as it is.
899a9ac8606Spatrick }
900a9ac8606Spatrick }
901a9ac8606Spatrick }
902a9ac8606Spatrick
903a9ac8606Spatrick /// Process call of the parameter with the given index
processCallFor(unsigned Index,const Expr * Call)904a9ac8606Spatrick void processCallFor(unsigned Index, const Expr *Call) {
905a9ac8606Spatrick ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index);
906a9ac8606Spatrick
907a9ac8606Spatrick if (CurrentParamStatus.seenAnyCalls()) {
908a9ac8606Spatrick
909a9ac8606Spatrick // At this point, this parameter was called, so this is a second call.
910a9ac8606Spatrick const ParmVarDecl *Parameter = getParameter(Index);
911a9ac8606Spatrick Handler.handleDoubleCall(
912a9ac8606Spatrick Parameter, &CurrentState.getCallFor(Index), Call,
913a9ac8606Spatrick !isExplicitlyMarked(Parameter),
914a9ac8606Spatrick // We are sure that the second call is definitely
915a9ac8606Spatrick // going to happen if the status is 'DefinitelyCalled'.
916a9ac8606Spatrick CurrentParamStatus.getKind() == ParameterStatus::DefinitelyCalled);
917a9ac8606Spatrick
918a9ac8606Spatrick // Mark this parameter as already reported on, so we don't repeat
919a9ac8606Spatrick // warnings.
920a9ac8606Spatrick CurrentParamStatus = ParameterStatus::Reported;
921a9ac8606Spatrick
922a9ac8606Spatrick } else if (CurrentParamStatus.getKind() != ParameterStatus::Reported) {
923a9ac8606Spatrick // If we didn't report anything yet, let's mark this parameter
924a9ac8606Spatrick // as called.
925a9ac8606Spatrick ParameterStatus Called(ParameterStatus::DefinitelyCalled, Call);
926a9ac8606Spatrick CurrentParamStatus = Called;
927a9ac8606Spatrick }
928a9ac8606Spatrick }
929a9ac8606Spatrick
930a9ac8606Spatrick /// Process escape of the parameter with the given index
processEscapeFor(unsigned Index)931a9ac8606Spatrick void processEscapeFor(unsigned Index) {
932a9ac8606Spatrick ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index);
933a9ac8606Spatrick
934a9ac8606Spatrick // Escape overrides whatever error we think happened.
935a9ac8606Spatrick if (CurrentParamStatus.isErrorStatus()) {
936a9ac8606Spatrick CurrentParamStatus = ParameterStatus::Escaped;
937a9ac8606Spatrick }
938a9ac8606Spatrick }
939a9ac8606Spatrick
findAndReportNotCalledBranches(const CFGBlock * Parent,unsigned Index,bool IsEscape=false)940a9ac8606Spatrick void findAndReportNotCalledBranches(const CFGBlock *Parent, unsigned Index,
941a9ac8606Spatrick bool IsEscape = false) {
942a9ac8606Spatrick for (const CFGBlock *Succ : Parent->succs()) {
943a9ac8606Spatrick if (!Succ)
944a9ac8606Spatrick continue;
945a9ac8606Spatrick
946a9ac8606Spatrick if (getState(Succ).getKindFor(Index) == ParameterStatus::NotCalled) {
947a9ac8606Spatrick assert(Parent->succ_size() >= 2 &&
948a9ac8606Spatrick "Block should have at least two successors at this point");
949a9ac8606Spatrick if (auto Clarification = NotCalledClarifier::clarify(Parent, Succ)) {
950a9ac8606Spatrick const ParmVarDecl *Parameter = getParameter(Index);
951a9ac8606Spatrick Handler.handleNeverCalled(
952a9ac8606Spatrick Parameter, AC.getDecl(), Clarification->Location,
953a9ac8606Spatrick Clarification->Reason, !IsEscape, !isExplicitlyMarked(Parameter));
954a9ac8606Spatrick }
955a9ac8606Spatrick }
956a9ac8606Spatrick }
957a9ac8606Spatrick }
958a9ac8606Spatrick
959a9ac8606Spatrick //===----------------------------------------------------------------------===//
960a9ac8606Spatrick // Predicate functions to check parameters
961a9ac8606Spatrick //===----------------------------------------------------------------------===//
962a9ac8606Spatrick
963a9ac8606Spatrick /// Return true if parameter is explicitly marked as 'called_once'.
isExplicitlyMarked(const ParmVarDecl * Parameter)964a9ac8606Spatrick static bool isExplicitlyMarked(const ParmVarDecl *Parameter) {
965a9ac8606Spatrick return Parameter->hasAttr<CalledOnceAttr>();
966a9ac8606Spatrick }
967a9ac8606Spatrick
968a9ac8606Spatrick /// Return true if the given name matches conventional pattens.
isConventional(llvm::StringRef Name)969a9ac8606Spatrick static bool isConventional(llvm::StringRef Name) {
970a9ac8606Spatrick return llvm::count(CONVENTIONAL_NAMES, Name) != 0;
971a9ac8606Spatrick }
972a9ac8606Spatrick
973a9ac8606Spatrick /// Return true if the given name has conventional suffixes.
hasConventionalSuffix(llvm::StringRef Name)974a9ac8606Spatrick static bool hasConventionalSuffix(llvm::StringRef Name) {
975a9ac8606Spatrick return llvm::any_of(CONVENTIONAL_SUFFIXES, [Name](llvm::StringRef Suffix) {
976a9ac8606Spatrick return Name.endswith(Suffix);
977a9ac8606Spatrick });
978a9ac8606Spatrick }
979a9ac8606Spatrick
980a9ac8606Spatrick /// Return true if the given type can be used for conventional parameters.
isConventional(QualType Ty)981a9ac8606Spatrick static bool isConventional(QualType Ty) {
982a9ac8606Spatrick if (!Ty->isBlockPointerType()) {
983a9ac8606Spatrick return false;
984a9ac8606Spatrick }
985a9ac8606Spatrick
986a9ac8606Spatrick QualType BlockType = Ty->castAs<BlockPointerType>()->getPointeeType();
987a9ac8606Spatrick // Completion handlers should have a block type with void return type.
988a9ac8606Spatrick return BlockType->castAs<FunctionType>()->getReturnType()->isVoidType();
989a9ac8606Spatrick }
990a9ac8606Spatrick
991a9ac8606Spatrick /// Return true if the only parameter of the function is conventional.
isOnlyParameterConventional(const FunctionDecl * Function)992a9ac8606Spatrick static bool isOnlyParameterConventional(const FunctionDecl *Function) {
993a9ac8606Spatrick IdentifierInfo *II = Function->getIdentifier();
994a9ac8606Spatrick return Function->getNumParams() == 1 && II &&
995a9ac8606Spatrick hasConventionalSuffix(II->getName());
996a9ac8606Spatrick }
997a9ac8606Spatrick
998a9ac8606Spatrick /// Return true/false if 'swift_async' attribute states that the given
999a9ac8606Spatrick /// parameter is conventionally called once.
1000*12c85518Srobert /// Return std::nullopt if the given declaration doesn't have 'swift_async'
1001a9ac8606Spatrick /// attribute.
isConventionalSwiftAsync(const Decl * D,unsigned ParamIndex)1002*12c85518Srobert static std::optional<bool> isConventionalSwiftAsync(const Decl *D,
1003a9ac8606Spatrick unsigned ParamIndex) {
1004a9ac8606Spatrick if (const SwiftAsyncAttr *A = D->getAttr<SwiftAsyncAttr>()) {
1005a9ac8606Spatrick if (A->getKind() == SwiftAsyncAttr::None) {
1006a9ac8606Spatrick return false;
1007a9ac8606Spatrick }
1008a9ac8606Spatrick
1009a9ac8606Spatrick return A->getCompletionHandlerIndex().getASTIndex() == ParamIndex;
1010a9ac8606Spatrick }
1011*12c85518Srobert return std::nullopt;
1012a9ac8606Spatrick }
1013a9ac8606Spatrick
1014a9ac8606Spatrick /// Return true if the specified selector represents init method.
isInitMethod(Selector MethodSelector)1015a9ac8606Spatrick static bool isInitMethod(Selector MethodSelector) {
1016a9ac8606Spatrick return MethodSelector.getMethodFamily() == OMF_init;
1017a9ac8606Spatrick }
1018a9ac8606Spatrick
1019a9ac8606Spatrick /// Return true if the specified selector piece matches conventions.
isConventionalSelectorPiece(Selector MethodSelector,unsigned PieceIndex,QualType PieceType)1020a9ac8606Spatrick static bool isConventionalSelectorPiece(Selector MethodSelector,
1021a9ac8606Spatrick unsigned PieceIndex,
1022a9ac8606Spatrick QualType PieceType) {
1023a9ac8606Spatrick if (!isConventional(PieceType) || isInitMethod(MethodSelector)) {
1024a9ac8606Spatrick return false;
1025a9ac8606Spatrick }
1026a9ac8606Spatrick
1027a9ac8606Spatrick if (MethodSelector.getNumArgs() == 1) {
1028a9ac8606Spatrick assert(PieceIndex == 0);
1029a9ac8606Spatrick return hasConventionalSuffix(MethodSelector.getNameForSlot(0));
1030a9ac8606Spatrick }
1031a9ac8606Spatrick
1032a9ac8606Spatrick llvm::StringRef PieceName = MethodSelector.getNameForSlot(PieceIndex);
1033a9ac8606Spatrick return isConventional(PieceName) || hasConventionalSuffix(PieceName);
1034a9ac8606Spatrick }
1035a9ac8606Spatrick
shouldBeCalledOnce(const ParmVarDecl * Parameter) const1036a9ac8606Spatrick bool shouldBeCalledOnce(const ParmVarDecl *Parameter) const {
1037a9ac8606Spatrick return isExplicitlyMarked(Parameter) ||
1038a9ac8606Spatrick (CheckConventionalParameters &&
1039a9ac8606Spatrick (isConventional(Parameter->getName()) ||
1040a9ac8606Spatrick hasConventionalSuffix(Parameter->getName())) &&
1041a9ac8606Spatrick isConventional(Parameter->getType()));
1042a9ac8606Spatrick }
1043a9ac8606Spatrick
shouldBeCalledOnce(const DeclContext * ParamContext,const ParmVarDecl * Param)1044a9ac8606Spatrick bool shouldBeCalledOnce(const DeclContext *ParamContext,
1045a9ac8606Spatrick const ParmVarDecl *Param) {
1046a9ac8606Spatrick unsigned ParamIndex = Param->getFunctionScopeIndex();
1047a9ac8606Spatrick if (const auto *Function = dyn_cast<FunctionDecl>(ParamContext)) {
1048a9ac8606Spatrick return shouldBeCalledOnce(Function, ParamIndex);
1049a9ac8606Spatrick }
1050a9ac8606Spatrick if (const auto *Method = dyn_cast<ObjCMethodDecl>(ParamContext)) {
1051a9ac8606Spatrick return shouldBeCalledOnce(Method, ParamIndex);
1052a9ac8606Spatrick }
1053a9ac8606Spatrick return shouldBeCalledOnce(Param);
1054a9ac8606Spatrick }
1055a9ac8606Spatrick
shouldBeCalledOnce(const BlockDecl * Block,unsigned ParamIndex) const1056a9ac8606Spatrick bool shouldBeCalledOnce(const BlockDecl *Block, unsigned ParamIndex) const {
1057a9ac8606Spatrick return shouldBeCalledOnce(Block->getParamDecl(ParamIndex));
1058a9ac8606Spatrick }
1059a9ac8606Spatrick
shouldBeCalledOnce(const FunctionDecl * Function,unsigned ParamIndex) const1060a9ac8606Spatrick bool shouldBeCalledOnce(const FunctionDecl *Function,
1061a9ac8606Spatrick unsigned ParamIndex) const {
1062a9ac8606Spatrick if (ParamIndex >= Function->getNumParams()) {
1063a9ac8606Spatrick return false;
1064a9ac8606Spatrick }
1065a9ac8606Spatrick // 'swift_async' goes first and overrides anything else.
1066a9ac8606Spatrick if (auto ConventionalAsync =
1067a9ac8606Spatrick isConventionalSwiftAsync(Function, ParamIndex)) {
1068*12c85518Srobert return *ConventionalAsync;
1069a9ac8606Spatrick }
1070a9ac8606Spatrick
1071a9ac8606Spatrick return shouldBeCalledOnce(Function->getParamDecl(ParamIndex)) ||
1072a9ac8606Spatrick (CheckConventionalParameters &&
1073a9ac8606Spatrick isOnlyParameterConventional(Function));
1074a9ac8606Spatrick }
1075a9ac8606Spatrick
shouldBeCalledOnce(const ObjCMethodDecl * Method,unsigned ParamIndex) const1076a9ac8606Spatrick bool shouldBeCalledOnce(const ObjCMethodDecl *Method,
1077a9ac8606Spatrick unsigned ParamIndex) const {
1078a9ac8606Spatrick Selector MethodSelector = Method->getSelector();
1079a9ac8606Spatrick if (ParamIndex >= MethodSelector.getNumArgs()) {
1080a9ac8606Spatrick return false;
1081a9ac8606Spatrick }
1082a9ac8606Spatrick
1083a9ac8606Spatrick // 'swift_async' goes first and overrides anything else.
1084a9ac8606Spatrick if (auto ConventionalAsync = isConventionalSwiftAsync(Method, ParamIndex)) {
1085*12c85518Srobert return *ConventionalAsync;
1086a9ac8606Spatrick }
1087a9ac8606Spatrick
1088a9ac8606Spatrick const ParmVarDecl *Parameter = Method->getParamDecl(ParamIndex);
1089a9ac8606Spatrick return shouldBeCalledOnce(Parameter) ||
1090a9ac8606Spatrick (CheckConventionalParameters &&
1091a9ac8606Spatrick isConventionalSelectorPiece(MethodSelector, ParamIndex,
1092a9ac8606Spatrick Parameter->getType()));
1093a9ac8606Spatrick }
1094a9ac8606Spatrick
shouldBeCalledOnce(const CallExpr * Call,unsigned ParamIndex) const1095a9ac8606Spatrick bool shouldBeCalledOnce(const CallExpr *Call, unsigned ParamIndex) const {
1096a9ac8606Spatrick const FunctionDecl *Function = Call->getDirectCallee();
1097a9ac8606Spatrick return Function && shouldBeCalledOnce(Function, ParamIndex);
1098a9ac8606Spatrick }
1099a9ac8606Spatrick
shouldBeCalledOnce(const ObjCMessageExpr * Message,unsigned ParamIndex) const1100a9ac8606Spatrick bool shouldBeCalledOnce(const ObjCMessageExpr *Message,
1101a9ac8606Spatrick unsigned ParamIndex) const {
1102a9ac8606Spatrick const ObjCMethodDecl *Method = Message->getMethodDecl();
1103a9ac8606Spatrick return Method && ParamIndex < Method->param_size() &&
1104a9ac8606Spatrick shouldBeCalledOnce(Method, ParamIndex);
1105a9ac8606Spatrick }
1106a9ac8606Spatrick
1107a9ac8606Spatrick //===----------------------------------------------------------------------===//
1108a9ac8606Spatrick // Utility methods
1109a9ac8606Spatrick //===----------------------------------------------------------------------===//
1110a9ac8606Spatrick
isCaptured(const ParmVarDecl * Parameter) const1111a9ac8606Spatrick bool isCaptured(const ParmVarDecl *Parameter) const {
1112a9ac8606Spatrick if (const BlockDecl *Block = dyn_cast<BlockDecl>(AC.getDecl())) {
1113a9ac8606Spatrick return Block->capturesVariable(Parameter);
1114a9ac8606Spatrick }
1115a9ac8606Spatrick return false;
1116a9ac8606Spatrick }
1117a9ac8606Spatrick
1118a9ac8606Spatrick // Return a call site where the block is called exactly once or null otherwise
getBlockGuaraneedCallSite(const BlockExpr * Block) const1119a9ac8606Spatrick const Expr *getBlockGuaraneedCallSite(const BlockExpr *Block) const {
1120a9ac8606Spatrick ParentMap &PM = AC.getParentMap();
1121a9ac8606Spatrick
1122a9ac8606Spatrick // We don't want to track the block through assignments and so on, instead
1123a9ac8606Spatrick // we simply see how the block used and if it's used directly in a call,
1124a9ac8606Spatrick // we decide based on call to what it is.
1125a9ac8606Spatrick //
1126a9ac8606Spatrick // In order to do this, we go up the parents of the block looking for
1127a9ac8606Spatrick // a call or a message expressions. These might not be immediate parents
1128a9ac8606Spatrick // of the actual block expression due to casts and parens, so we skip them.
1129a9ac8606Spatrick for (const Stmt *Prev = Block, *Current = PM.getParent(Block);
1130a9ac8606Spatrick Current != nullptr; Prev = Current, Current = PM.getParent(Current)) {
1131a9ac8606Spatrick // Skip no-op (for our case) operations.
1132a9ac8606Spatrick if (isa<CastExpr>(Current) || isa<ParenExpr>(Current))
1133a9ac8606Spatrick continue;
1134a9ac8606Spatrick
1135a9ac8606Spatrick // At this point, Prev represents our block as an immediate child of the
1136a9ac8606Spatrick // call.
1137a9ac8606Spatrick if (const auto *Call = dyn_cast<CallExpr>(Current)) {
1138a9ac8606Spatrick // It might be the call of the Block itself...
1139a9ac8606Spatrick if (Call->getCallee() == Prev)
1140a9ac8606Spatrick return Call;
1141a9ac8606Spatrick
1142a9ac8606Spatrick // ...or it can be an indirect call of the block.
1143a9ac8606Spatrick return shouldBlockArgumentBeCalledOnce(Call, Prev) ? Call : nullptr;
1144a9ac8606Spatrick }
1145a9ac8606Spatrick if (const auto *Message = dyn_cast<ObjCMessageExpr>(Current)) {
1146a9ac8606Spatrick return shouldBlockArgumentBeCalledOnce(Message, Prev) ? Message
1147a9ac8606Spatrick : nullptr;
1148a9ac8606Spatrick }
1149a9ac8606Spatrick
1150a9ac8606Spatrick break;
1151a9ac8606Spatrick }
1152a9ac8606Spatrick
1153a9ac8606Spatrick return nullptr;
1154a9ac8606Spatrick }
1155a9ac8606Spatrick
1156a9ac8606Spatrick template <class CallLikeExpr>
shouldBlockArgumentBeCalledOnce(const CallLikeExpr * CallOrMessage,const Stmt * BlockArgument) const1157a9ac8606Spatrick bool shouldBlockArgumentBeCalledOnce(const CallLikeExpr *CallOrMessage,
1158a9ac8606Spatrick const Stmt *BlockArgument) const {
1159a9ac8606Spatrick // CallExpr::arguments does not interact nicely with llvm::enumerate.
1160*12c85518Srobert llvm::ArrayRef<const Expr *> Arguments =
1161*12c85518Srobert llvm::ArrayRef(CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
1162a9ac8606Spatrick
1163a9ac8606Spatrick for (const auto &Argument : llvm::enumerate(Arguments)) {
1164a9ac8606Spatrick if (Argument.value() == BlockArgument) {
1165a9ac8606Spatrick return shouldBlockArgumentBeCalledOnce(CallOrMessage, Argument.index());
1166a9ac8606Spatrick }
1167a9ac8606Spatrick }
1168a9ac8606Spatrick
1169a9ac8606Spatrick return false;
1170a9ac8606Spatrick }
1171a9ac8606Spatrick
shouldBlockArgumentBeCalledOnce(const CallExpr * Call,unsigned ParamIndex) const1172a9ac8606Spatrick bool shouldBlockArgumentBeCalledOnce(const CallExpr *Call,
1173a9ac8606Spatrick unsigned ParamIndex) const {
1174a9ac8606Spatrick const FunctionDecl *Function = Call->getDirectCallee();
1175a9ac8606Spatrick return shouldBlockArgumentBeCalledOnce(Function, ParamIndex) ||
1176a9ac8606Spatrick shouldBeCalledOnce(Call, ParamIndex);
1177a9ac8606Spatrick }
1178a9ac8606Spatrick
shouldBlockArgumentBeCalledOnce(const ObjCMessageExpr * Message,unsigned ParamIndex) const1179a9ac8606Spatrick bool shouldBlockArgumentBeCalledOnce(const ObjCMessageExpr *Message,
1180a9ac8606Spatrick unsigned ParamIndex) const {
1181a9ac8606Spatrick // At the moment, we don't have any Obj-C methods we want to specifically
1182a9ac8606Spatrick // check in here.
1183a9ac8606Spatrick return shouldBeCalledOnce(Message, ParamIndex);
1184a9ac8606Spatrick }
1185a9ac8606Spatrick
shouldBlockArgumentBeCalledOnce(const FunctionDecl * Function,unsigned ParamIndex)1186a9ac8606Spatrick static bool shouldBlockArgumentBeCalledOnce(const FunctionDecl *Function,
1187a9ac8606Spatrick unsigned ParamIndex) {
1188a9ac8606Spatrick // There is a list of important API functions that while not following
1189a9ac8606Spatrick // conventions nor being directly annotated, still guarantee that the
1190a9ac8606Spatrick // callback parameter will be called exactly once.
1191a9ac8606Spatrick //
1192a9ac8606Spatrick // Here we check if this is the case.
1193a9ac8606Spatrick return Function &&
1194a9ac8606Spatrick llvm::any_of(KNOWN_CALLED_ONCE_PARAMETERS,
1195a9ac8606Spatrick [Function, ParamIndex](
1196a9ac8606Spatrick const KnownCalledOnceParameter &Reference) {
1197a9ac8606Spatrick return Reference.FunctionName ==
1198a9ac8606Spatrick Function->getName() &&
1199a9ac8606Spatrick Reference.ParamIndex == ParamIndex;
1200a9ac8606Spatrick });
1201a9ac8606Spatrick }
1202a9ac8606Spatrick
1203a9ac8606Spatrick /// Return true if the analyzed function is actually a default implementation
1204a9ac8606Spatrick /// of the method that has to be overriden.
1205a9ac8606Spatrick ///
1206a9ac8606Spatrick /// These functions can have tracked parameters, but wouldn't call them
1207a9ac8606Spatrick /// because they are not designed to perform any meaningful actions.
1208a9ac8606Spatrick ///
1209a9ac8606Spatrick /// There are a couple of flavors of such default implementations:
1210a9ac8606Spatrick /// 1. Empty methods or methods with a single return statement
1211a9ac8606Spatrick /// 2. Methods that have one block with a call to no return function
1212a9ac8606Spatrick /// 3. Methods with only assertion-like operations
isPossiblyEmptyImpl() const1213a9ac8606Spatrick bool isPossiblyEmptyImpl() const {
1214a9ac8606Spatrick if (!isa<ObjCMethodDecl>(AC.getDecl())) {
1215a9ac8606Spatrick // We care only about functions that are not supposed to be called.
1216a9ac8606Spatrick // Only methods can be overriden.
1217a9ac8606Spatrick return false;
1218a9ac8606Spatrick }
1219a9ac8606Spatrick
1220a9ac8606Spatrick // Case #1 (without return statements)
1221a9ac8606Spatrick if (FunctionCFG.size() == 2) {
1222a9ac8606Spatrick // Method has only two blocks: ENTRY and EXIT.
1223a9ac8606Spatrick // This is equivalent to empty function.
1224a9ac8606Spatrick return true;
1225a9ac8606Spatrick }
1226a9ac8606Spatrick
1227a9ac8606Spatrick // Case #2
1228a9ac8606Spatrick if (FunctionCFG.size() == 3) {
1229a9ac8606Spatrick const CFGBlock &Entry = FunctionCFG.getEntry();
1230a9ac8606Spatrick if (Entry.succ_empty()) {
1231a9ac8606Spatrick return false;
1232a9ac8606Spatrick }
1233a9ac8606Spatrick
1234a9ac8606Spatrick const CFGBlock *OnlyBlock = *Entry.succ_begin();
1235a9ac8606Spatrick // Method has only one block, let's see if it has a no-return
1236a9ac8606Spatrick // element.
1237a9ac8606Spatrick if (OnlyBlock && OnlyBlock->hasNoReturnElement()) {
1238a9ac8606Spatrick return true;
1239a9ac8606Spatrick }
1240a9ac8606Spatrick // Fallthrough, CFGs with only one block can fall into #1 and #3 as well.
1241a9ac8606Spatrick }
1242a9ac8606Spatrick
1243a9ac8606Spatrick // Cases #1 (return statements) and #3.
1244a9ac8606Spatrick //
1245a9ac8606Spatrick // It is hard to detect that something is an assertion or came
1246a9ac8606Spatrick // from assertion. Here we use a simple heuristic:
1247a9ac8606Spatrick //
1248a9ac8606Spatrick // - If it came from a macro, it can be an assertion.
1249a9ac8606Spatrick //
1250a9ac8606Spatrick // Additionally, we can't assume a number of basic blocks or the CFG's
1251a9ac8606Spatrick // structure because assertions might include loops and conditions.
1252a9ac8606Spatrick return llvm::all_of(FunctionCFG, [](const CFGBlock *BB) {
1253a9ac8606Spatrick if (!BB) {
1254a9ac8606Spatrick // Unreachable blocks are totally fine.
1255a9ac8606Spatrick return true;
1256a9ac8606Spatrick }
1257a9ac8606Spatrick
1258a9ac8606Spatrick // Return statements can have sub-expressions that are represented as
1259a9ac8606Spatrick // separate statements of a basic block. We should allow this.
1260a9ac8606Spatrick // This parent map will be initialized with a parent tree for all
1261a9ac8606Spatrick // subexpressions of the block's return statement (if it has one).
1262a9ac8606Spatrick std::unique_ptr<ParentMap> ReturnChildren;
1263a9ac8606Spatrick
1264a9ac8606Spatrick return llvm::all_of(
1265a9ac8606Spatrick llvm::reverse(*BB), // we should start with return statements, if we
1266a9ac8606Spatrick // have any, i.e. from the bottom of the block
1267a9ac8606Spatrick [&ReturnChildren](const CFGElement &Element) {
1268*12c85518Srobert if (std::optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
1269a9ac8606Spatrick const Stmt *SuspiciousStmt = S->getStmt();
1270a9ac8606Spatrick
1271a9ac8606Spatrick if (isa<ReturnStmt>(SuspiciousStmt)) {
1272a9ac8606Spatrick // Let's initialize this structure to test whether
1273a9ac8606Spatrick // some further statement is a part of this return.
1274a9ac8606Spatrick ReturnChildren = std::make_unique<ParentMap>(
1275a9ac8606Spatrick const_cast<Stmt *>(SuspiciousStmt));
1276a9ac8606Spatrick // Return statements are allowed as part of #1.
1277a9ac8606Spatrick return true;
1278a9ac8606Spatrick }
1279a9ac8606Spatrick
1280a9ac8606Spatrick return SuspiciousStmt->getBeginLoc().isMacroID() ||
1281a9ac8606Spatrick (ReturnChildren &&
1282a9ac8606Spatrick ReturnChildren->hasParent(SuspiciousStmt));
1283a9ac8606Spatrick }
1284a9ac8606Spatrick return true;
1285a9ac8606Spatrick });
1286a9ac8606Spatrick });
1287a9ac8606Spatrick }
1288a9ac8606Spatrick
1289a9ac8606Spatrick /// Check if parameter with the given index has ever escaped.
hasEverEscaped(unsigned Index) const1290a9ac8606Spatrick bool hasEverEscaped(unsigned Index) const {
1291a9ac8606Spatrick return llvm::any_of(States, [Index](const State &StateForOneBB) {
1292a9ac8606Spatrick return StateForOneBB.getKindFor(Index) == ParameterStatus::Escaped;
1293a9ac8606Spatrick });
1294a9ac8606Spatrick }
1295a9ac8606Spatrick
1296a9ac8606Spatrick /// Return status stored for the given basic block.
1297a9ac8606Spatrick /// \{
getState(const CFGBlock * BB)1298a9ac8606Spatrick State &getState(const CFGBlock *BB) {
1299a9ac8606Spatrick assert(BB);
1300a9ac8606Spatrick return States[BB->getBlockID()];
1301a9ac8606Spatrick }
getState(const CFGBlock * BB) const1302a9ac8606Spatrick const State &getState(const CFGBlock *BB) const {
1303a9ac8606Spatrick assert(BB);
1304a9ac8606Spatrick return States[BB->getBlockID()];
1305a9ac8606Spatrick }
1306a9ac8606Spatrick /// \}
1307a9ac8606Spatrick
1308a9ac8606Spatrick /// Assign status to the given basic block.
1309a9ac8606Spatrick ///
1310a9ac8606Spatrick /// Returns true when the stored status changed.
assignState(const CFGBlock * BB,const State & ToAssign)1311a9ac8606Spatrick bool assignState(const CFGBlock *BB, const State &ToAssign) {
1312a9ac8606Spatrick State &Current = getState(BB);
1313a9ac8606Spatrick if (Current == ToAssign) {
1314a9ac8606Spatrick return false;
1315a9ac8606Spatrick }
1316a9ac8606Spatrick
1317a9ac8606Spatrick Current = ToAssign;
1318a9ac8606Spatrick return true;
1319a9ac8606Spatrick }
1320a9ac8606Spatrick
1321a9ac8606Spatrick /// Join all incoming statuses for the given basic block.
joinSuccessors(const CFGBlock * BB) const1322a9ac8606Spatrick State joinSuccessors(const CFGBlock *BB) const {
1323a9ac8606Spatrick auto Succs =
1324a9ac8606Spatrick llvm::make_filter_range(BB->succs(), [this](const CFGBlock *Succ) {
1325a9ac8606Spatrick return Succ && this->getState(Succ).isVisited();
1326a9ac8606Spatrick });
1327a9ac8606Spatrick // We came to this block from somewhere after all.
1328a9ac8606Spatrick assert(!Succs.empty() &&
1329a9ac8606Spatrick "Basic block should have at least one visited successor");
1330a9ac8606Spatrick
1331a9ac8606Spatrick State Result = getState(*Succs.begin());
1332a9ac8606Spatrick
1333a9ac8606Spatrick for (const CFGBlock *Succ : llvm::drop_begin(Succs, 1)) {
1334a9ac8606Spatrick Result.join(getState(Succ));
1335a9ac8606Spatrick }
1336a9ac8606Spatrick
1337a9ac8606Spatrick if (const Expr *Condition = getCondition(BB->getTerminatorStmt())) {
1338a9ac8606Spatrick handleConditional(BB, Condition, Result);
1339a9ac8606Spatrick }
1340a9ac8606Spatrick
1341a9ac8606Spatrick return Result;
1342a9ac8606Spatrick }
1343a9ac8606Spatrick
handleConditional(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1344a9ac8606Spatrick void handleConditional(const CFGBlock *BB, const Expr *Condition,
1345a9ac8606Spatrick State &ToAlter) const {
1346a9ac8606Spatrick handleParameterCheck(BB, Condition, ToAlter);
1347a9ac8606Spatrick if (SuppressOnConventionalErrorPaths) {
1348a9ac8606Spatrick handleConventionalCheck(BB, Condition, ToAlter);
1349a9ac8606Spatrick }
1350a9ac8606Spatrick }
1351a9ac8606Spatrick
handleParameterCheck(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1352a9ac8606Spatrick void handleParameterCheck(const CFGBlock *BB, const Expr *Condition,
1353a9ac8606Spatrick State &ToAlter) const {
1354a9ac8606Spatrick // In this function, we try to deal with the following pattern:
1355a9ac8606Spatrick //
1356a9ac8606Spatrick // if (parameter)
1357a9ac8606Spatrick // parameter(...);
1358a9ac8606Spatrick //
1359a9ac8606Spatrick // It's not good to show a warning here because clearly 'parameter'
1360a9ac8606Spatrick // couldn't and shouldn't be called on the 'else' path.
1361a9ac8606Spatrick //
1362a9ac8606Spatrick // Let's check if this if statement has a check involving one of
1363a9ac8606Spatrick // the tracked parameters.
1364a9ac8606Spatrick if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(
1365a9ac8606Spatrick Condition,
1366a9ac8606Spatrick /* ShouldRetrieveFromComparisons = */ true)) {
1367a9ac8606Spatrick if (const auto Index = getIndex(*Parameter)) {
1368a9ac8606Spatrick ParameterStatus &CurrentStatus = ToAlter.getStatusFor(*Index);
1369a9ac8606Spatrick
1370a9ac8606Spatrick // We don't want to deep dive into semantics of the check and
1371a9ac8606Spatrick // figure out if that check was for null or something else.
1372a9ac8606Spatrick // We simply trust the user that they know what they are doing.
1373a9ac8606Spatrick //
1374a9ac8606Spatrick // For this reason, in the following loop we look for the
1375a9ac8606Spatrick // best-looking option.
1376a9ac8606Spatrick for (const CFGBlock *Succ : BB->succs()) {
1377a9ac8606Spatrick if (!Succ)
1378a9ac8606Spatrick continue;
1379a9ac8606Spatrick
1380a9ac8606Spatrick const ParameterStatus &StatusInSucc =
1381a9ac8606Spatrick getState(Succ).getStatusFor(*Index);
1382a9ac8606Spatrick
1383a9ac8606Spatrick if (StatusInSucc.isErrorStatus()) {
1384a9ac8606Spatrick continue;
1385a9ac8606Spatrick }
1386a9ac8606Spatrick
1387a9ac8606Spatrick // Let's use this status instead.
1388a9ac8606Spatrick CurrentStatus = StatusInSucc;
1389a9ac8606Spatrick
1390a9ac8606Spatrick if (StatusInSucc.getKind() == ParameterStatus::DefinitelyCalled) {
1391a9ac8606Spatrick // This is the best option to have and we already found it.
1392a9ac8606Spatrick break;
1393a9ac8606Spatrick }
1394a9ac8606Spatrick
1395a9ac8606Spatrick // If we found 'Escaped' first, we still might find 'DefinitelyCalled'
1396a9ac8606Spatrick // on the other branch. And we prefer the latter.
1397a9ac8606Spatrick }
1398a9ac8606Spatrick }
1399a9ac8606Spatrick }
1400a9ac8606Spatrick }
1401a9ac8606Spatrick
handleConventionalCheck(const CFGBlock * BB,const Expr * Condition,State & ToAlter) const1402a9ac8606Spatrick void handleConventionalCheck(const CFGBlock *BB, const Expr *Condition,
1403a9ac8606Spatrick State &ToAlter) const {
1404a9ac8606Spatrick // Even when the analysis is technically correct, it is a widespread pattern
1405a9ac8606Spatrick // not to call completion handlers in some scenarios. These usually have
1406a9ac8606Spatrick // typical conditional names, such as 'error' or 'cancel'.
1407a9ac8606Spatrick if (!mentionsAnyOfConventionalNames(Condition)) {
1408a9ac8606Spatrick return;
1409a9ac8606Spatrick }
1410a9ac8606Spatrick
1411a9ac8606Spatrick for (const auto &IndexedStatus : llvm::enumerate(ToAlter)) {
1412a9ac8606Spatrick const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
1413a9ac8606Spatrick // Conventions do not apply to explicitly marked parameters.
1414a9ac8606Spatrick if (isExplicitlyMarked(Parameter)) {
1415a9ac8606Spatrick continue;
1416a9ac8606Spatrick }
1417a9ac8606Spatrick
1418a9ac8606Spatrick ParameterStatus &CurrentStatus = IndexedStatus.value();
1419a9ac8606Spatrick // If we did find that on one of the branches the user uses the callback
1420a9ac8606Spatrick // and doesn't on the other path, we believe that they know what they are
1421a9ac8606Spatrick // doing and trust them.
1422a9ac8606Spatrick //
1423a9ac8606Spatrick // There are two possible scenarios for that:
1424a9ac8606Spatrick // 1. Current status is 'MaybeCalled' and one of the branches is
1425a9ac8606Spatrick // 'DefinitelyCalled'
1426a9ac8606Spatrick // 2. Current status is 'NotCalled' and one of the branches is 'Escaped'
1427a9ac8606Spatrick if (isLosingCall(ToAlter, BB, IndexedStatus.index()) ||
1428a9ac8606Spatrick isLosingEscape(ToAlter, BB, IndexedStatus.index())) {
1429a9ac8606Spatrick CurrentStatus = ParameterStatus::Escaped;
1430a9ac8606Spatrick }
1431a9ac8606Spatrick }
1432a9ac8606Spatrick }
1433a9ac8606Spatrick
isLosingCall(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex) const1434a9ac8606Spatrick bool isLosingCall(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1435a9ac8606Spatrick unsigned ParameterIndex) const {
1436a9ac8606Spatrick // Let's check if the block represents DefinitelyCalled -> MaybeCalled
1437a9ac8606Spatrick // transition.
1438a9ac8606Spatrick return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1439a9ac8606Spatrick ParameterStatus::MaybeCalled,
1440a9ac8606Spatrick ParameterStatus::DefinitelyCalled);
1441a9ac8606Spatrick }
1442a9ac8606Spatrick
isLosingEscape(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex) const1443a9ac8606Spatrick bool isLosingEscape(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1444a9ac8606Spatrick unsigned ParameterIndex) const {
1445a9ac8606Spatrick // Let's check if the block represents Escaped -> NotCalled transition.
1446a9ac8606Spatrick return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1447a9ac8606Spatrick ParameterStatus::NotCalled, ParameterStatus::Escaped);
1448a9ac8606Spatrick }
1449a9ac8606Spatrick
isLosingJoin(const State & StateAfterJoin,const CFGBlock * JoinBlock,unsigned ParameterIndex,ParameterStatus::Kind AfterJoin,ParameterStatus::Kind BeforeJoin) const1450a9ac8606Spatrick bool isLosingJoin(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1451a9ac8606Spatrick unsigned ParameterIndex, ParameterStatus::Kind AfterJoin,
1452a9ac8606Spatrick ParameterStatus::Kind BeforeJoin) const {
1453a9ac8606Spatrick assert(!ParameterStatus::isErrorStatus(BeforeJoin) &&
1454a9ac8606Spatrick ParameterStatus::isErrorStatus(AfterJoin) &&
1455a9ac8606Spatrick "It's not a losing join if statuses do not represent "
1456a9ac8606Spatrick "correct-to-error transition");
1457a9ac8606Spatrick
1458a9ac8606Spatrick const ParameterStatus &CurrentStatus =
1459a9ac8606Spatrick StateAfterJoin.getStatusFor(ParameterIndex);
1460a9ac8606Spatrick
1461a9ac8606Spatrick return CurrentStatus.getKind() == AfterJoin &&
1462a9ac8606Spatrick anySuccessorHasStatus(JoinBlock, ParameterIndex, BeforeJoin);
1463a9ac8606Spatrick }
1464a9ac8606Spatrick
1465a9ac8606Spatrick /// Return true if any of the successors of the given basic block has
1466a9ac8606Spatrick /// a specified status for the given parameter.
anySuccessorHasStatus(const CFGBlock * Parent,unsigned ParameterIndex,ParameterStatus::Kind ToFind) const1467a9ac8606Spatrick bool anySuccessorHasStatus(const CFGBlock *Parent, unsigned ParameterIndex,
1468a9ac8606Spatrick ParameterStatus::Kind ToFind) const {
1469a9ac8606Spatrick return llvm::any_of(
1470a9ac8606Spatrick Parent->succs(), [this, ParameterIndex, ToFind](const CFGBlock *Succ) {
1471a9ac8606Spatrick return Succ && getState(Succ).getKindFor(ParameterIndex) == ToFind;
1472a9ac8606Spatrick });
1473a9ac8606Spatrick }
1474a9ac8606Spatrick
1475a9ac8606Spatrick /// Check given expression that was discovered to escape.
checkEscapee(const Expr * E)1476a9ac8606Spatrick void checkEscapee(const Expr *E) {
1477a9ac8606Spatrick if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1478a9ac8606Spatrick checkEscapee(*Parameter);
1479a9ac8606Spatrick }
1480a9ac8606Spatrick }
1481a9ac8606Spatrick
1482a9ac8606Spatrick /// Check given parameter that was discovered to escape.
checkEscapee(const ParmVarDecl & Parameter)1483a9ac8606Spatrick void checkEscapee(const ParmVarDecl &Parameter) {
1484a9ac8606Spatrick if (auto Index = getIndex(Parameter)) {
1485a9ac8606Spatrick processEscapeFor(*Index);
1486a9ac8606Spatrick }
1487a9ac8606Spatrick }
1488a9ac8606Spatrick
1489a9ac8606Spatrick /// Mark all parameters in the current state as 'no-return'.
markNoReturn()1490a9ac8606Spatrick void markNoReturn() {
1491a9ac8606Spatrick for (ParameterStatus &PS : CurrentState) {
1492a9ac8606Spatrick PS = ParameterStatus::NoReturn;
1493a9ac8606Spatrick }
1494a9ac8606Spatrick }
1495a9ac8606Spatrick
1496a9ac8606Spatrick /// Check if the given assignment represents suppression and act on it.
checkSuppression(const BinaryOperator * Assignment)1497a9ac8606Spatrick void checkSuppression(const BinaryOperator *Assignment) {
1498a9ac8606Spatrick // Suppression has the following form:
1499a9ac8606Spatrick // parameter = 0;
1500a9ac8606Spatrick // 0 can be of any form (NULL, nil, etc.)
1501a9ac8606Spatrick if (auto Index = getIndexOfExpression(Assignment->getLHS())) {
1502a9ac8606Spatrick
1503a9ac8606Spatrick // We don't care what is written in the RHS, it could be whatever
1504a9ac8606Spatrick // we can interpret as 0.
1505a9ac8606Spatrick if (auto Constant =
1506a9ac8606Spatrick Assignment->getRHS()->IgnoreParenCasts()->getIntegerConstantExpr(
1507a9ac8606Spatrick AC.getASTContext())) {
1508a9ac8606Spatrick
1509a9ac8606Spatrick ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
1510a9ac8606Spatrick
1511a9ac8606Spatrick if (0 == *Constant && CurrentParamStatus.seenAnyCalls()) {
1512a9ac8606Spatrick // Even though this suppression mechanism is introduced to tackle
1513a9ac8606Spatrick // false positives for multiple calls, the fact that the user has
1514a9ac8606Spatrick // to use suppression can also tell us that we couldn't figure out
1515a9ac8606Spatrick // how different paths cancel each other out. And if that is true,
1516a9ac8606Spatrick // we will most certainly have false positives about parameters not
1517a9ac8606Spatrick // being called on certain paths.
1518a9ac8606Spatrick //
1519a9ac8606Spatrick // For this reason, we abandon tracking this parameter altogether.
1520a9ac8606Spatrick CurrentParamStatus = ParameterStatus::Reported;
1521a9ac8606Spatrick }
1522a9ac8606Spatrick }
1523a9ac8606Spatrick }
1524a9ac8606Spatrick }
1525a9ac8606Spatrick
1526a9ac8606Spatrick public:
1527a9ac8606Spatrick //===----------------------------------------------------------------------===//
1528a9ac8606Spatrick // Tree traversal methods
1529a9ac8606Spatrick //===----------------------------------------------------------------------===//
1530a9ac8606Spatrick
VisitCallExpr(const CallExpr * Call)1531a9ac8606Spatrick void VisitCallExpr(const CallExpr *Call) {
1532a9ac8606Spatrick // This call might be a direct call, i.e. a parameter call...
1533a9ac8606Spatrick checkDirectCall(Call);
1534a9ac8606Spatrick // ... or an indirect call, i.e. when parameter is an argument.
1535a9ac8606Spatrick checkIndirectCall(Call);
1536a9ac8606Spatrick }
1537a9ac8606Spatrick
VisitObjCMessageExpr(const ObjCMessageExpr * Message)1538a9ac8606Spatrick void VisitObjCMessageExpr(const ObjCMessageExpr *Message) {
1539a9ac8606Spatrick // The most common situation that we are defending against here is
1540a9ac8606Spatrick // copying a tracked parameter.
1541a9ac8606Spatrick if (const Expr *Receiver = Message->getInstanceReceiver()) {
1542a9ac8606Spatrick checkEscapee(Receiver);
1543a9ac8606Spatrick }
1544a9ac8606Spatrick // Message expressions unlike calls, could not be direct.
1545a9ac8606Spatrick checkIndirectCall(Message);
1546a9ac8606Spatrick }
1547a9ac8606Spatrick
VisitBlockExpr(const BlockExpr * Block)1548a9ac8606Spatrick void VisitBlockExpr(const BlockExpr *Block) {
1549a9ac8606Spatrick // Block expressions are tricky. It is a very common practice to capture
1550a9ac8606Spatrick // completion handlers by blocks and use them there.
1551a9ac8606Spatrick // For this reason, it is important to analyze blocks and report warnings
1552a9ac8606Spatrick // for completion handler misuse in blocks.
1553a9ac8606Spatrick //
1554a9ac8606Spatrick // However, it can be quite difficult to track how the block itself is being
1555a9ac8606Spatrick // used. The full precise anlysis of that will be similar to alias analysis
1556a9ac8606Spatrick // for completion handlers and can be too heavyweight for a compile-time
1557a9ac8606Spatrick // diagnostic. Instead, we judge about the immediate use of the block.
1558a9ac8606Spatrick //
1559a9ac8606Spatrick // Here, we try to find a call expression where we know due to conventions,
1560a9ac8606Spatrick // annotations, or other reasons that the block is called once and only
1561a9ac8606Spatrick // once.
1562a9ac8606Spatrick const Expr *CalledOnceCallSite = getBlockGuaraneedCallSite(Block);
1563a9ac8606Spatrick
1564a9ac8606Spatrick // We need to report this information to the handler because in the
1565a9ac8606Spatrick // situation when we know that the block is called exactly once, we can be
1566a9ac8606Spatrick // stricter in terms of reported diagnostics.
1567a9ac8606Spatrick if (CalledOnceCallSite) {
1568a9ac8606Spatrick Handler.handleBlockThatIsGuaranteedToBeCalledOnce(Block->getBlockDecl());
1569a9ac8606Spatrick } else {
1570a9ac8606Spatrick Handler.handleBlockWithNoGuarantees(Block->getBlockDecl());
1571a9ac8606Spatrick }
1572a9ac8606Spatrick
1573a9ac8606Spatrick for (const auto &Capture : Block->getBlockDecl()->captures()) {
1574a9ac8606Spatrick if (const auto *Param = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
1575a9ac8606Spatrick if (auto Index = getIndex(*Param)) {
1576a9ac8606Spatrick if (CalledOnceCallSite) {
1577a9ac8606Spatrick // The call site of a block can be considered a call site of the
1578a9ac8606Spatrick // captured parameter we track.
1579a9ac8606Spatrick processCallFor(*Index, CalledOnceCallSite);
1580a9ac8606Spatrick } else {
1581a9ac8606Spatrick // We still should consider this block as an escape for parameter,
1582a9ac8606Spatrick // if we don't know about its call site or the number of time it
1583a9ac8606Spatrick // can be invoked.
1584a9ac8606Spatrick processEscapeFor(*Index);
1585a9ac8606Spatrick }
1586a9ac8606Spatrick }
1587a9ac8606Spatrick }
1588a9ac8606Spatrick }
1589a9ac8606Spatrick }
1590a9ac8606Spatrick
VisitBinaryOperator(const BinaryOperator * Op)1591a9ac8606Spatrick void VisitBinaryOperator(const BinaryOperator *Op) {
1592a9ac8606Spatrick if (Op->getOpcode() == clang::BO_Assign) {
1593a9ac8606Spatrick // Let's check if one of the tracked parameters is assigned into
1594a9ac8606Spatrick // something, and if it is we don't want to track extra variables, so we
1595a9ac8606Spatrick // consider it as an escapee.
1596a9ac8606Spatrick checkEscapee(Op->getRHS());
1597a9ac8606Spatrick
1598a9ac8606Spatrick // Let's check whether this assignment is a suppression.
1599a9ac8606Spatrick checkSuppression(Op);
1600a9ac8606Spatrick }
1601a9ac8606Spatrick }
1602a9ac8606Spatrick
VisitDeclStmt(const DeclStmt * DS)1603a9ac8606Spatrick void VisitDeclStmt(const DeclStmt *DS) {
1604a9ac8606Spatrick // Variable initialization is not assignment and should be handled
1605a9ac8606Spatrick // separately.
1606a9ac8606Spatrick //
1607a9ac8606Spatrick // Multiple declarations can be a part of declaration statement.
1608a9ac8606Spatrick for (const auto *Declaration : DS->getDeclGroup()) {
1609a9ac8606Spatrick if (const auto *Var = dyn_cast<VarDecl>(Declaration)) {
1610a9ac8606Spatrick if (Var->getInit()) {
1611a9ac8606Spatrick checkEscapee(Var->getInit());
1612a9ac8606Spatrick }
1613a9ac8606Spatrick
1614a9ac8606Spatrick if (Var->hasAttr<CleanupAttr>()) {
1615a9ac8606Spatrick FunctionHasCleanupVars = true;
1616a9ac8606Spatrick }
1617a9ac8606Spatrick }
1618a9ac8606Spatrick }
1619a9ac8606Spatrick }
1620a9ac8606Spatrick
VisitCStyleCastExpr(const CStyleCastExpr * Cast)1621a9ac8606Spatrick void VisitCStyleCastExpr(const CStyleCastExpr *Cast) {
1622a9ac8606Spatrick // We consider '(void)parameter' as a manual no-op escape.
1623a9ac8606Spatrick // It should be used to explicitly tell the analysis that this parameter
1624a9ac8606Spatrick // is intentionally not called on this path.
1625a9ac8606Spatrick if (Cast->getType().getCanonicalType()->isVoidType()) {
1626a9ac8606Spatrick checkEscapee(Cast->getSubExpr());
1627a9ac8606Spatrick }
1628a9ac8606Spatrick }
1629a9ac8606Spatrick
VisitObjCAtThrowStmt(const ObjCAtThrowStmt *)1630a9ac8606Spatrick void VisitObjCAtThrowStmt(const ObjCAtThrowStmt *) {
1631a9ac8606Spatrick // It is OK not to call marked parameters on exceptional paths.
1632a9ac8606Spatrick markNoReturn();
1633a9ac8606Spatrick }
1634a9ac8606Spatrick
1635a9ac8606Spatrick private:
size() const1636a9ac8606Spatrick unsigned size() const { return TrackedParams.size(); }
1637a9ac8606Spatrick
getIndexOfCallee(const CallExpr * Call) const1638*12c85518Srobert std::optional<unsigned> getIndexOfCallee(const CallExpr *Call) const {
1639a9ac8606Spatrick return getIndexOfExpression(Call->getCallee());
1640a9ac8606Spatrick }
1641a9ac8606Spatrick
getIndexOfExpression(const Expr * E) const1642*12c85518Srobert std::optional<unsigned> getIndexOfExpression(const Expr *E) const {
1643a9ac8606Spatrick if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1644a9ac8606Spatrick return getIndex(*Parameter);
1645a9ac8606Spatrick }
1646a9ac8606Spatrick
1647*12c85518Srobert return std::nullopt;
1648a9ac8606Spatrick }
1649a9ac8606Spatrick
getIndex(const ParmVarDecl & Parameter) const1650*12c85518Srobert std::optional<unsigned> getIndex(const ParmVarDecl &Parameter) const {
1651a9ac8606Spatrick // Expected number of parameters that we actually track is 1.
1652a9ac8606Spatrick //
1653a9ac8606Spatrick // Also, the maximum number of declared parameters could not be on a scale
1654a9ac8606Spatrick // of hundreds of thousands.
1655a9ac8606Spatrick //
1656a9ac8606Spatrick // In this setting, linear search seems reasonable and even performs better
1657a9ac8606Spatrick // than bisection.
1658a9ac8606Spatrick ParamSizedVector<const ParmVarDecl *>::const_iterator It =
1659a9ac8606Spatrick llvm::find(TrackedParams, &Parameter);
1660a9ac8606Spatrick
1661a9ac8606Spatrick if (It != TrackedParams.end()) {
1662a9ac8606Spatrick return It - TrackedParams.begin();
1663a9ac8606Spatrick }
1664a9ac8606Spatrick
1665*12c85518Srobert return std::nullopt;
1666a9ac8606Spatrick }
1667a9ac8606Spatrick
getParameter(unsigned Index) const1668a9ac8606Spatrick const ParmVarDecl *getParameter(unsigned Index) const {
1669a9ac8606Spatrick assert(Index < TrackedParams.size());
1670a9ac8606Spatrick return TrackedParams[Index];
1671a9ac8606Spatrick }
1672a9ac8606Spatrick
1673a9ac8606Spatrick const CFG &FunctionCFG;
1674a9ac8606Spatrick AnalysisDeclContext &AC;
1675a9ac8606Spatrick CalledOnceCheckHandler &Handler;
1676a9ac8606Spatrick bool CheckConventionalParameters;
1677a9ac8606Spatrick // As of now, we turn this behavior off. So, we still are going to report
1678a9ac8606Spatrick // missing calls on paths that look like it was intentional.
1679a9ac8606Spatrick // Technically such reports are true positives, but they can make some users
1680a9ac8606Spatrick // grumpy because of the sheer number of warnings.
1681a9ac8606Spatrick // It can be turned back on if we decide that we want to have the other way
1682a9ac8606Spatrick // around.
1683a9ac8606Spatrick bool SuppressOnConventionalErrorPaths = false;
1684a9ac8606Spatrick
1685a9ac8606Spatrick // The user can annotate variable declarations with cleanup functions, which
1686a9ac8606Spatrick // essentially imposes a custom destructor logic on that variable.
1687a9ac8606Spatrick // It is possible to use it, however, to call tracked parameters on all exits
1688a9ac8606Spatrick // from the function. For this reason, we track the fact that the function
1689a9ac8606Spatrick // actually has these.
1690a9ac8606Spatrick bool FunctionHasCleanupVars = false;
1691a9ac8606Spatrick
1692a9ac8606Spatrick State CurrentState;
1693a9ac8606Spatrick ParamSizedVector<const ParmVarDecl *> TrackedParams;
1694a9ac8606Spatrick CFGSizedVector<State> States;
1695a9ac8606Spatrick };
1696a9ac8606Spatrick
1697a9ac8606Spatrick } // end anonymous namespace
1698a9ac8606Spatrick
1699a9ac8606Spatrick namespace clang {
checkCalledOnceParameters(AnalysisDeclContext & AC,CalledOnceCheckHandler & Handler,bool CheckConventionalParameters)1700a9ac8606Spatrick void checkCalledOnceParameters(AnalysisDeclContext &AC,
1701a9ac8606Spatrick CalledOnceCheckHandler &Handler,
1702a9ac8606Spatrick bool CheckConventionalParameters) {
1703a9ac8606Spatrick CalledOnceChecker::check(AC, Handler, CheckConventionalParameters);
1704a9ac8606Spatrick }
1705a9ac8606Spatrick } // end namespace clang
1706