1 //=- IvarInvalidationChecker.cpp - -*- C++ -------------------------------*-==// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This checker implements annotation driven invalidation checking. If a class 11 // contains a method annotated with 'objc_instance_variable_invalidator', 12 // - (void) foo 13 // __attribute__((annotate("objc_instance_variable_invalidator"))); 14 // all the "ivalidatable" instance variables of this class should be 15 // invalidated. We call an instance variable ivalidatable if it is an object of 16 // a class which contains an invalidation method. There could be multiple 17 // methods annotated with such annotations per class, either one can be used 18 // to invalidate the ivar. An ivar or property are considered to be 19 // invalidated if they are being assigned 'nil' or an invalidation method has 20 // been called on them. An invalidation method should either invalidate all 21 // the ivars or call another invalidation method (on self). 22 // 23 // Partial invalidor annotation allows to addess cases when ivars are 24 // invalidated by other methods, which might or might not be called from 25 // the invalidation method. The checker checks that each invalidation 26 // method and all the partial methods cumulatively invalidate all ivars. 27 // __attribute__((annotate("objc_instance_variable_invalidator_partial"))); 28 // 29 //===----------------------------------------------------------------------===// 30 31 #include "ClangSACheckers.h" 32 #include "clang/AST/Attr.h" 33 #include "clang/AST/DeclObjC.h" 34 #include "clang/AST/StmtVisitor.h" 35 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h" 36 #include "clang/StaticAnalyzer/Core/Checker.h" 37 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h" 38 #include "llvm/ADT/DenseMap.h" 39 #include "llvm/ADT/SetVector.h" 40 #include "llvm/ADT/SmallString.h" 41 42 using namespace clang; 43 using namespace ento; 44 45 namespace { 46 47 struct ChecksFilter { 48 /// Check for missing invalidation method declarations. 49 DefaultBool check_MissingInvalidationMethod; 50 /// Check that all ivars are invalidated. 51 DefaultBool check_InstanceVariableInvalidation; 52 53 CheckName checkName_MissingInvalidationMethod; 54 CheckName checkName_InstanceVariableInvalidation; 55 }; 56 57 class IvarInvalidationCheckerImpl { 58 59 typedef llvm::SmallSetVector<const ObjCMethodDecl*, 2> MethodSet; 60 typedef llvm::DenseMap<const ObjCMethodDecl*, 61 const ObjCIvarDecl*> MethToIvarMapTy; 62 typedef llvm::DenseMap<const ObjCPropertyDecl*, 63 const ObjCIvarDecl*> PropToIvarMapTy; 64 typedef llvm::DenseMap<const ObjCIvarDecl*, 65 const ObjCPropertyDecl*> IvarToPropMapTy; 66 67 68 struct InvalidationInfo { 69 /// Has the ivar been invalidated? 70 bool IsInvalidated; 71 72 /// The methods which can be used to invalidate the ivar. 73 MethodSet InvalidationMethods; 74 75 InvalidationInfo() : IsInvalidated(false) {} 76 void addInvalidationMethod(const ObjCMethodDecl *MD) { 77 InvalidationMethods.insert(MD); 78 } 79 80 bool needsInvalidation() const { 81 return !InvalidationMethods.empty(); 82 } 83 84 bool hasMethod(const ObjCMethodDecl *MD) { 85 if (IsInvalidated) 86 return true; 87 for (MethodSet::iterator I = InvalidationMethods.begin(), 88 E = InvalidationMethods.end(); I != E; ++I) { 89 if (*I == MD) { 90 IsInvalidated = true; 91 return true; 92 } 93 } 94 return false; 95 } 96 }; 97 98 typedef llvm::DenseMap<const ObjCIvarDecl*, InvalidationInfo> IvarSet; 99 100 /// Statement visitor, which walks the method body and flags the ivars 101 /// referenced in it (either directly or via property). 102 class MethodCrawler : public ConstStmtVisitor<MethodCrawler> { 103 /// The set of Ivars which need to be invalidated. 104 IvarSet &IVars; 105 106 /// Flag is set as the result of a message send to another 107 /// invalidation method. 108 bool &CalledAnotherInvalidationMethod; 109 110 /// Property setter to ivar mapping. 111 const MethToIvarMapTy &PropertySetterToIvarMap; 112 113 /// Property getter to ivar mapping. 114 const MethToIvarMapTy &PropertyGetterToIvarMap; 115 116 /// Property to ivar mapping. 117 const PropToIvarMapTy &PropertyToIvarMap; 118 119 /// The invalidation method being currently processed. 120 const ObjCMethodDecl *InvalidationMethod; 121 122 ASTContext &Ctx; 123 124 /// Peel off parens, casts, OpaqueValueExpr, and PseudoObjectExpr. 125 const Expr *peel(const Expr *E) const; 126 127 /// Does this expression represent zero: '0'? 128 bool isZero(const Expr *E) const; 129 130 /// Mark the given ivar as invalidated. 131 void markInvalidated(const ObjCIvarDecl *Iv); 132 133 /// Checks if IvarRef refers to the tracked IVar, if yes, marks it as 134 /// invalidated. 135 void checkObjCIvarRefExpr(const ObjCIvarRefExpr *IvarRef); 136 137 /// Checks if ObjCPropertyRefExpr refers to the tracked IVar, if yes, marks 138 /// it as invalidated. 139 void checkObjCPropertyRefExpr(const ObjCPropertyRefExpr *PA); 140 141 /// Checks if ObjCMessageExpr refers to (is a getter for) the tracked IVar, 142 /// if yes, marks it as invalidated. 143 void checkObjCMessageExpr(const ObjCMessageExpr *ME); 144 145 /// Checks if the Expr refers to an ivar, if yes, marks it as invalidated. 146 void check(const Expr *E); 147 148 public: 149 MethodCrawler(IvarSet &InIVars, 150 bool &InCalledAnotherInvalidationMethod, 151 const MethToIvarMapTy &InPropertySetterToIvarMap, 152 const MethToIvarMapTy &InPropertyGetterToIvarMap, 153 const PropToIvarMapTy &InPropertyToIvarMap, 154 ASTContext &InCtx) 155 : IVars(InIVars), 156 CalledAnotherInvalidationMethod(InCalledAnotherInvalidationMethod), 157 PropertySetterToIvarMap(InPropertySetterToIvarMap), 158 PropertyGetterToIvarMap(InPropertyGetterToIvarMap), 159 PropertyToIvarMap(InPropertyToIvarMap), 160 InvalidationMethod(0), 161 Ctx(InCtx) {} 162 163 void VisitStmt(const Stmt *S) { VisitChildren(S); } 164 165 void VisitBinaryOperator(const BinaryOperator *BO); 166 167 void VisitObjCMessageExpr(const ObjCMessageExpr *ME); 168 169 void VisitChildren(const Stmt *S) { 170 for (Stmt::const_child_range I = S->children(); I; ++I) { 171 if (*I) 172 this->Visit(*I); 173 if (CalledAnotherInvalidationMethod) 174 return; 175 } 176 } 177 }; 178 179 /// Check if the any of the methods inside the interface are annotated with 180 /// the invalidation annotation, update the IvarInfo accordingly. 181 /// \param LookForPartial is set when we are searching for partial 182 /// invalidators. 183 static void containsInvalidationMethod(const ObjCContainerDecl *D, 184 InvalidationInfo &Out, 185 bool LookForPartial); 186 187 /// Check if ivar should be tracked and add to TrackedIvars if positive. 188 /// Returns true if ivar should be tracked. 189 static bool trackIvar(const ObjCIvarDecl *Iv, IvarSet &TrackedIvars, 190 const ObjCIvarDecl **FirstIvarDecl); 191 192 /// Given the property declaration, and the list of tracked ivars, finds 193 /// the ivar backing the property when possible. Returns '0' when no such 194 /// ivar could be found. 195 static const ObjCIvarDecl *findPropertyBackingIvar( 196 const ObjCPropertyDecl *Prop, 197 const ObjCInterfaceDecl *InterfaceD, 198 IvarSet &TrackedIvars, 199 const ObjCIvarDecl **FirstIvarDecl); 200 201 /// Print ivar name or the property if the given ivar backs a property. 202 static void printIvar(llvm::raw_svector_ostream &os, 203 const ObjCIvarDecl *IvarDecl, 204 const IvarToPropMapTy &IvarToPopertyMap); 205 206 void reportNoInvalidationMethod(CheckName CheckName, 207 const ObjCIvarDecl *FirstIvarDecl, 208 const IvarToPropMapTy &IvarToPopertyMap, 209 const ObjCInterfaceDecl *InterfaceD, 210 bool MissingDeclaration) const; 211 void reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD, 212 const IvarToPropMapTy &IvarToPopertyMap, 213 const ObjCMethodDecl *MethodD) const; 214 215 AnalysisManager& Mgr; 216 BugReporter &BR; 217 /// Filter on the checks performed. 218 const ChecksFilter &Filter; 219 220 public: 221 IvarInvalidationCheckerImpl(AnalysisManager& InMgr, 222 BugReporter &InBR, 223 const ChecksFilter &InFilter) : 224 Mgr (InMgr), BR(InBR), Filter(InFilter) {} 225 226 void visit(const ObjCImplementationDecl *D) const; 227 }; 228 229 static bool isInvalidationMethod(const ObjCMethodDecl *M, bool LookForPartial) { 230 for (const auto *Ann : M->specific_attrs<AnnotateAttr>()) { 231 if (!LookForPartial && 232 Ann->getAnnotation() == "objc_instance_variable_invalidator") 233 return true; 234 if (LookForPartial && 235 Ann->getAnnotation() == "objc_instance_variable_invalidator_partial") 236 return true; 237 } 238 return false; 239 } 240 241 void IvarInvalidationCheckerImpl::containsInvalidationMethod( 242 const ObjCContainerDecl *D, InvalidationInfo &OutInfo, bool Partial) { 243 244 if (!D) 245 return; 246 247 assert(!isa<ObjCImplementationDecl>(D)); 248 // TODO: Cache the results. 249 250 // Check all methods. 251 for (ObjCContainerDecl::method_iterator 252 I = D->meth_begin(), 253 E = D->meth_end(); I != E; ++I) { 254 const ObjCMethodDecl *MDI = *I; 255 if (isInvalidationMethod(MDI, Partial)) 256 OutInfo.addInvalidationMethod( 257 cast<ObjCMethodDecl>(MDI->getCanonicalDecl())); 258 } 259 260 // If interface, check all parent protocols and super. 261 if (const ObjCInterfaceDecl *InterfD = dyn_cast<ObjCInterfaceDecl>(D)) { 262 263 // Visit all protocols. 264 for (ObjCInterfaceDecl::protocol_iterator 265 I = InterfD->protocol_begin(), 266 E = InterfD->protocol_end(); I != E; ++I) { 267 containsInvalidationMethod((*I)->getDefinition(), OutInfo, Partial); 268 } 269 270 // Visit all categories in case the invalidation method is declared in 271 // a category. 272 for (ObjCInterfaceDecl::visible_extensions_iterator 273 Ext = InterfD->visible_extensions_begin(), 274 ExtEnd = InterfD->visible_extensions_end(); 275 Ext != ExtEnd; ++Ext) { 276 containsInvalidationMethod(*Ext, OutInfo, Partial); 277 } 278 279 containsInvalidationMethod(InterfD->getSuperClass(), OutInfo, Partial); 280 return; 281 } 282 283 // If protocol, check all parent protocols. 284 if (const ObjCProtocolDecl *ProtD = dyn_cast<ObjCProtocolDecl>(D)) { 285 for (ObjCInterfaceDecl::protocol_iterator 286 I = ProtD->protocol_begin(), 287 E = ProtD->protocol_end(); I != E; ++I) { 288 containsInvalidationMethod((*I)->getDefinition(), OutInfo, Partial); 289 } 290 return; 291 } 292 293 return; 294 } 295 296 bool IvarInvalidationCheckerImpl::trackIvar(const ObjCIvarDecl *Iv, 297 IvarSet &TrackedIvars, 298 const ObjCIvarDecl **FirstIvarDecl) { 299 QualType IvQTy = Iv->getType(); 300 const ObjCObjectPointerType *IvTy = IvQTy->getAs<ObjCObjectPointerType>(); 301 if (!IvTy) 302 return false; 303 const ObjCInterfaceDecl *IvInterf = IvTy->getInterfaceDecl(); 304 305 InvalidationInfo Info; 306 containsInvalidationMethod(IvInterf, Info, /*LookForPartial*/ false); 307 if (Info.needsInvalidation()) { 308 const ObjCIvarDecl *I = cast<ObjCIvarDecl>(Iv->getCanonicalDecl()); 309 TrackedIvars[I] = Info; 310 if (!*FirstIvarDecl) 311 *FirstIvarDecl = I; 312 return true; 313 } 314 return false; 315 } 316 317 const ObjCIvarDecl *IvarInvalidationCheckerImpl::findPropertyBackingIvar( 318 const ObjCPropertyDecl *Prop, 319 const ObjCInterfaceDecl *InterfaceD, 320 IvarSet &TrackedIvars, 321 const ObjCIvarDecl **FirstIvarDecl) { 322 const ObjCIvarDecl *IvarD = 0; 323 324 // Lookup for the synthesized case. 325 IvarD = Prop->getPropertyIvarDecl(); 326 // We only track the ivars/properties that are defined in the current 327 // class (not the parent). 328 if (IvarD && IvarD->getContainingInterface() == InterfaceD) { 329 if (TrackedIvars.count(IvarD)) { 330 return IvarD; 331 } 332 // If the ivar is synthesized we still want to track it. 333 if (trackIvar(IvarD, TrackedIvars, FirstIvarDecl)) 334 return IvarD; 335 } 336 337 // Lookup IVars named "_PropName"or "PropName" among the tracked Ivars. 338 StringRef PropName = Prop->getIdentifier()->getName(); 339 for (IvarSet::const_iterator I = TrackedIvars.begin(), 340 E = TrackedIvars.end(); I != E; ++I) { 341 const ObjCIvarDecl *Iv = I->first; 342 StringRef IvarName = Iv->getName(); 343 344 if (IvarName == PropName) 345 return Iv; 346 347 SmallString<128> PropNameWithUnderscore; 348 { 349 llvm::raw_svector_ostream os(PropNameWithUnderscore); 350 os << '_' << PropName; 351 } 352 if (IvarName == PropNameWithUnderscore.str()) 353 return Iv; 354 } 355 356 // Note, this is a possible source of false positives. We could look at the 357 // getter implementation to find the ivar when its name is not derived from 358 // the property name. 359 return 0; 360 } 361 362 void IvarInvalidationCheckerImpl::printIvar(llvm::raw_svector_ostream &os, 363 const ObjCIvarDecl *IvarDecl, 364 const IvarToPropMapTy &IvarToPopertyMap) { 365 if (IvarDecl->getSynthesize()) { 366 const ObjCPropertyDecl *PD = IvarToPopertyMap.lookup(IvarDecl); 367 assert(PD &&"Do we synthesize ivars for something other than properties?"); 368 os << "Property "<< PD->getName() << " "; 369 } else { 370 os << "Instance variable "<< IvarDecl->getName() << " "; 371 } 372 } 373 374 // Check that the invalidatable interfaces with ivars/properties implement the 375 // invalidation methods. 376 void IvarInvalidationCheckerImpl:: 377 visit(const ObjCImplementationDecl *ImplD) const { 378 // Collect all ivars that need cleanup. 379 IvarSet Ivars; 380 // Record the first Ivar needing invalidation; used in reporting when only 381 // one ivar is sufficient. Cannot grab the first on the Ivars set to ensure 382 // deterministic output. 383 const ObjCIvarDecl *FirstIvarDecl = 0; 384 const ObjCInterfaceDecl *InterfaceD = ImplD->getClassInterface(); 385 386 // Collect ivars declared in this class, its extensions and its implementation 387 ObjCInterfaceDecl *IDecl = const_cast<ObjCInterfaceDecl *>(InterfaceD); 388 for (const ObjCIvarDecl *Iv = IDecl->all_declared_ivar_begin(); Iv; 389 Iv= Iv->getNextIvar()) 390 trackIvar(Iv, Ivars, &FirstIvarDecl); 391 392 // Construct Property/Property Accessor to Ivar maps to assist checking if an 393 // ivar which is backing a property has been reset. 394 MethToIvarMapTy PropSetterToIvarMap; 395 MethToIvarMapTy PropGetterToIvarMap; 396 PropToIvarMapTy PropertyToIvarMap; 397 IvarToPropMapTy IvarToPopertyMap; 398 399 ObjCInterfaceDecl::PropertyMap PropMap; 400 ObjCInterfaceDecl::PropertyDeclOrder PropOrder; 401 InterfaceD->collectPropertiesToImplement(PropMap, PropOrder); 402 403 for (ObjCInterfaceDecl::PropertyMap::iterator 404 I = PropMap.begin(), E = PropMap.end(); I != E; ++I) { 405 const ObjCPropertyDecl *PD = I->second; 406 407 const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterfaceD, Ivars, 408 &FirstIvarDecl); 409 if (!ID) 410 continue; 411 412 // Store the mappings. 413 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl()); 414 PropertyToIvarMap[PD] = ID; 415 IvarToPopertyMap[ID] = PD; 416 417 // Find the setter and the getter. 418 const ObjCMethodDecl *SetterD = PD->getSetterMethodDecl(); 419 if (SetterD) { 420 SetterD = cast<ObjCMethodDecl>(SetterD->getCanonicalDecl()); 421 PropSetterToIvarMap[SetterD] = ID; 422 } 423 424 const ObjCMethodDecl *GetterD = PD->getGetterMethodDecl(); 425 if (GetterD) { 426 GetterD = cast<ObjCMethodDecl>(GetterD->getCanonicalDecl()); 427 PropGetterToIvarMap[GetterD] = ID; 428 } 429 } 430 431 // If no ivars need invalidation, there is nothing to check here. 432 if (Ivars.empty()) 433 return; 434 435 // Find all partial invalidation methods. 436 InvalidationInfo PartialInfo; 437 containsInvalidationMethod(InterfaceD, PartialInfo, /*LookForPartial*/ true); 438 439 // Remove ivars invalidated by the partial invalidation methods. They do not 440 // need to be invalidated in the regular invalidation methods. 441 bool AtImplementationContainsAtLeastOnePartialInvalidationMethod = false; 442 for (MethodSet::iterator 443 I = PartialInfo.InvalidationMethods.begin(), 444 E = PartialInfo.InvalidationMethods.end(); I != E; ++I) { 445 const ObjCMethodDecl *InterfD = *I; 446 447 // Get the corresponding method in the @implementation. 448 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(), 449 InterfD->isInstanceMethod()); 450 if (D && D->hasBody()) { 451 AtImplementationContainsAtLeastOnePartialInvalidationMethod = true; 452 453 bool CalledAnotherInvalidationMethod = false; 454 // The MethodCrowler is going to remove the invalidated ivars. 455 MethodCrawler(Ivars, 456 CalledAnotherInvalidationMethod, 457 PropSetterToIvarMap, 458 PropGetterToIvarMap, 459 PropertyToIvarMap, 460 BR.getContext()).VisitStmt(D->getBody()); 461 // If another invalidation method was called, trust that full invalidation 462 // has occurred. 463 if (CalledAnotherInvalidationMethod) 464 Ivars.clear(); 465 } 466 } 467 468 // If all ivars have been invalidated by partial invalidators, there is 469 // nothing to check here. 470 if (Ivars.empty()) 471 return; 472 473 // Find all invalidation methods in this @interface declaration and parents. 474 InvalidationInfo Info; 475 containsInvalidationMethod(InterfaceD, Info, /*LookForPartial*/ false); 476 477 // Report an error in case none of the invalidation methods are declared. 478 if (!Info.needsInvalidation() && !PartialInfo.needsInvalidation()) { 479 if (Filter.check_MissingInvalidationMethod) 480 reportNoInvalidationMethod(Filter.checkName_MissingInvalidationMethod, 481 FirstIvarDecl, IvarToPopertyMap, InterfaceD, 482 /*MissingDeclaration*/ true); 483 // If there are no invalidation methods, there is no ivar validation work 484 // to be done. 485 return; 486 } 487 488 // Only check if Ivars are invalidated when InstanceVariableInvalidation 489 // has been requested. 490 if (!Filter.check_InstanceVariableInvalidation) 491 return; 492 493 // Check that all ivars are invalidated by the invalidation methods. 494 bool AtImplementationContainsAtLeastOneInvalidationMethod = false; 495 for (MethodSet::iterator I = Info.InvalidationMethods.begin(), 496 E = Info.InvalidationMethods.end(); I != E; ++I) { 497 const ObjCMethodDecl *InterfD = *I; 498 499 // Get the corresponding method in the @implementation. 500 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(), 501 InterfD->isInstanceMethod()); 502 if (D && D->hasBody()) { 503 AtImplementationContainsAtLeastOneInvalidationMethod = true; 504 505 // Get a copy of ivars needing invalidation. 506 IvarSet IvarsI = Ivars; 507 508 bool CalledAnotherInvalidationMethod = false; 509 MethodCrawler(IvarsI, 510 CalledAnotherInvalidationMethod, 511 PropSetterToIvarMap, 512 PropGetterToIvarMap, 513 PropertyToIvarMap, 514 BR.getContext()).VisitStmt(D->getBody()); 515 // If another invalidation method was called, trust that full invalidation 516 // has occurred. 517 if (CalledAnotherInvalidationMethod) 518 continue; 519 520 // Warn on the ivars that were not invalidated by the method. 521 for (IvarSet::const_iterator 522 I = IvarsI.begin(), E = IvarsI.end(); I != E; ++I) 523 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, D); 524 } 525 } 526 527 // Report an error in case none of the invalidation methods are implemented. 528 if (!AtImplementationContainsAtLeastOneInvalidationMethod) { 529 if (AtImplementationContainsAtLeastOnePartialInvalidationMethod) { 530 // Warn on the ivars that were not invalidated by the prrtial 531 // invalidation methods. 532 for (IvarSet::const_iterator 533 I = Ivars.begin(), E = Ivars.end(); I != E; ++I) 534 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, 0); 535 } else { 536 // Otherwise, no invalidation methods were implemented. 537 reportNoInvalidationMethod(Filter.checkName_InstanceVariableInvalidation, 538 FirstIvarDecl, IvarToPopertyMap, InterfaceD, 539 /*MissingDeclaration*/ false); 540 } 541 } 542 } 543 544 void IvarInvalidationCheckerImpl::reportNoInvalidationMethod( 545 CheckName CheckName, const ObjCIvarDecl *FirstIvarDecl, 546 const IvarToPropMapTy &IvarToPopertyMap, 547 const ObjCInterfaceDecl *InterfaceD, bool MissingDeclaration) const { 548 SmallString<128> sbuf; 549 llvm::raw_svector_ostream os(sbuf); 550 assert(FirstIvarDecl); 551 printIvar(os, FirstIvarDecl, IvarToPopertyMap); 552 os << "needs to be invalidated; "; 553 if (MissingDeclaration) 554 os << "no invalidation method is declared for "; 555 else 556 os << "no invalidation method is defined in the @implementation for "; 557 os << InterfaceD->getName(); 558 559 PathDiagnosticLocation IvarDecLocation = 560 PathDiagnosticLocation::createBegin(FirstIvarDecl, BR.getSourceManager()); 561 562 BR.EmitBasicReport(FirstIvarDecl, CheckName, "Incomplete invalidation", 563 categories::CoreFoundationObjectiveC, os.str(), 564 IvarDecLocation); 565 } 566 567 void IvarInvalidationCheckerImpl:: 568 reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD, 569 const IvarToPropMapTy &IvarToPopertyMap, 570 const ObjCMethodDecl *MethodD) const { 571 SmallString<128> sbuf; 572 llvm::raw_svector_ostream os(sbuf); 573 printIvar(os, IvarD, IvarToPopertyMap); 574 os << "needs to be invalidated or set to nil"; 575 if (MethodD) { 576 PathDiagnosticLocation MethodDecLocation = 577 PathDiagnosticLocation::createEnd(MethodD->getBody(), 578 BR.getSourceManager(), 579 Mgr.getAnalysisDeclContext(MethodD)); 580 BR.EmitBasicReport(MethodD, Filter.checkName_InstanceVariableInvalidation, 581 "Incomplete invalidation", 582 categories::CoreFoundationObjectiveC, os.str(), 583 MethodDecLocation); 584 } else { 585 BR.EmitBasicReport( 586 IvarD, Filter.checkName_InstanceVariableInvalidation, 587 "Incomplete invalidation", categories::CoreFoundationObjectiveC, 588 os.str(), 589 PathDiagnosticLocation::createBegin(IvarD, BR.getSourceManager())); 590 } 591 } 592 593 void IvarInvalidationCheckerImpl::MethodCrawler::markInvalidated( 594 const ObjCIvarDecl *Iv) { 595 IvarSet::iterator I = IVars.find(Iv); 596 if (I != IVars.end()) { 597 // If InvalidationMethod is present, we are processing the message send and 598 // should ensure we are invalidating with the appropriate method, 599 // otherwise, we are processing setting to 'nil'. 600 if (!InvalidationMethod || 601 (InvalidationMethod && I->second.hasMethod(InvalidationMethod))) 602 IVars.erase(I); 603 } 604 } 605 606 const Expr *IvarInvalidationCheckerImpl::MethodCrawler::peel(const Expr *E) const { 607 E = E->IgnoreParenCasts(); 608 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E)) 609 E = POE->getSyntacticForm()->IgnoreParenCasts(); 610 if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E)) 611 E = OVE->getSourceExpr()->IgnoreParenCasts(); 612 return E; 613 } 614 615 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCIvarRefExpr( 616 const ObjCIvarRefExpr *IvarRef) { 617 if (const Decl *D = IvarRef->getDecl()) 618 markInvalidated(cast<ObjCIvarDecl>(D->getCanonicalDecl())); 619 } 620 621 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCMessageExpr( 622 const ObjCMessageExpr *ME) { 623 const ObjCMethodDecl *MD = ME->getMethodDecl(); 624 if (MD) { 625 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl()); 626 MethToIvarMapTy::const_iterator IvI = PropertyGetterToIvarMap.find(MD); 627 if (IvI != PropertyGetterToIvarMap.end()) 628 markInvalidated(IvI->second); 629 } 630 } 631 632 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCPropertyRefExpr( 633 const ObjCPropertyRefExpr *PA) { 634 635 if (PA->isExplicitProperty()) { 636 const ObjCPropertyDecl *PD = PA->getExplicitProperty(); 637 if (PD) { 638 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl()); 639 PropToIvarMapTy::const_iterator IvI = PropertyToIvarMap.find(PD); 640 if (IvI != PropertyToIvarMap.end()) 641 markInvalidated(IvI->second); 642 return; 643 } 644 } 645 646 if (PA->isImplicitProperty()) { 647 const ObjCMethodDecl *MD = PA->getImplicitPropertySetter(); 648 if (MD) { 649 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl()); 650 MethToIvarMapTy::const_iterator IvI =PropertyGetterToIvarMap.find(MD); 651 if (IvI != PropertyGetterToIvarMap.end()) 652 markInvalidated(IvI->second); 653 return; 654 } 655 } 656 } 657 658 bool IvarInvalidationCheckerImpl::MethodCrawler::isZero(const Expr *E) const { 659 E = peel(E); 660 661 return (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull) 662 != Expr::NPCK_NotNull); 663 } 664 665 void IvarInvalidationCheckerImpl::MethodCrawler::check(const Expr *E) { 666 E = peel(E); 667 668 if (const ObjCIvarRefExpr *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) { 669 checkObjCIvarRefExpr(IvarRef); 670 return; 671 } 672 673 if (const ObjCPropertyRefExpr *PropRef = dyn_cast<ObjCPropertyRefExpr>(E)) { 674 checkObjCPropertyRefExpr(PropRef); 675 return; 676 } 677 678 if (const ObjCMessageExpr *MsgExpr = dyn_cast<ObjCMessageExpr>(E)) { 679 checkObjCMessageExpr(MsgExpr); 680 return; 681 } 682 } 683 684 void IvarInvalidationCheckerImpl::MethodCrawler::VisitBinaryOperator( 685 const BinaryOperator *BO) { 686 VisitStmt(BO); 687 688 // Do we assign/compare against zero? If yes, check the variable we are 689 // assigning to. 690 BinaryOperatorKind Opcode = BO->getOpcode(); 691 if (Opcode != BO_Assign && 692 Opcode != BO_EQ && 693 Opcode != BO_NE) 694 return; 695 696 if (isZero(BO->getRHS())) { 697 check(BO->getLHS()); 698 return; 699 } 700 701 if (Opcode != BO_Assign && isZero(BO->getLHS())) { 702 check(BO->getRHS()); 703 return; 704 } 705 } 706 707 void IvarInvalidationCheckerImpl::MethodCrawler::VisitObjCMessageExpr( 708 const ObjCMessageExpr *ME) { 709 const ObjCMethodDecl *MD = ME->getMethodDecl(); 710 const Expr *Receiver = ME->getInstanceReceiver(); 711 712 // Stop if we are calling '[self invalidate]'. 713 if (Receiver && isInvalidationMethod(MD, /*LookForPartial*/ false)) 714 if (Receiver->isObjCSelfExpr()) { 715 CalledAnotherInvalidationMethod = true; 716 return; 717 } 718 719 // Check if we call a setter and set the property to 'nil'. 720 if (MD && (ME->getNumArgs() == 1) && isZero(ME->getArg(0))) { 721 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl()); 722 MethToIvarMapTy::const_iterator IvI = PropertySetterToIvarMap.find(MD); 723 if (IvI != PropertySetterToIvarMap.end()) { 724 markInvalidated(IvI->second); 725 return; 726 } 727 } 728 729 // Check if we call the 'invalidation' routine on the ivar. 730 if (Receiver) { 731 InvalidationMethod = MD; 732 check(Receiver->IgnoreParenCasts()); 733 InvalidationMethod = 0; 734 } 735 736 VisitStmt(ME); 737 } 738 } 739 740 // Register the checkers. 741 namespace { 742 743 class IvarInvalidationChecker : 744 public Checker<check::ASTDecl<ObjCImplementationDecl> > { 745 public: 746 ChecksFilter Filter; 747 public: 748 void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr, 749 BugReporter &BR) const { 750 IvarInvalidationCheckerImpl Walker(Mgr, BR, Filter); 751 Walker.visit(D); 752 } 753 }; 754 } 755 756 #define REGISTER_CHECKER(name) \ 757 void ento::register##name(CheckerManager &mgr) { \ 758 IvarInvalidationChecker *checker = \ 759 mgr.registerChecker<IvarInvalidationChecker>(); \ 760 checker->Filter.check_##name = true; \ 761 checker->Filter.checkName_##name = mgr.getCurrentCheckName(); \ 762 } 763 764 REGISTER_CHECKER(InstanceVariableInvalidation) 765 REGISTER_CHECKER(MissingInvalidationMethod) 766 767