Coverage Report

Created: 2021-01-19 06:58

/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/Analysis/CalledOnceCheck.cpp
Line
Count
Source (jump to first uncovered line)
1
//===- CalledOnceCheck.cpp - Check 'called once' parameters ---------------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
9
#include "clang/Analysis/Analyses/CalledOnceCheck.h"
10
#include "clang/AST/Attr.h"
11
#include "clang/AST/Decl.h"
12
#include "clang/AST/DeclBase.h"
13
#include "clang/AST/Expr.h"
14
#include "clang/AST/ExprObjC.h"
15
#include "clang/AST/OperationKinds.h"
16
#include "clang/AST/ParentMap.h"
17
#include "clang/AST/RecursiveASTVisitor.h"
18
#include "clang/AST/Stmt.h"
19
#include "clang/AST/StmtObjC.h"
20
#include "clang/AST/StmtVisitor.h"
21
#include "clang/AST/Type.h"
22
#include "clang/Analysis/AnalysisDeclContext.h"
23
#include "clang/Analysis/CFG.h"
24
#include "clang/Analysis/FlowSensitive/DataflowWorklist.h"
25
#include "clang/Basic/IdentifierTable.h"
26
#include "clang/Basic/LLVM.h"
27
#include "llvm/ADT/BitVector.h"
28
#include "llvm/ADT/BitmaskEnum.h"
29
#include "llvm/ADT/Optional.h"
30
#include "llvm/ADT/PointerIntPair.h"
31
#include "llvm/ADT/STLExtras.h"
32
#include "llvm/ADT/Sequence.h"
33
#include "llvm/ADT/SmallVector.h"
34
#include "llvm/ADT/StringRef.h"
35
#include "llvm/Support/Casting.h"
36
#include "llvm/Support/Compiler.h"
37
#include "llvm/Support/ErrorHandling.h"
38
#include <memory>
39
40
using namespace clang;
41
42
namespace {
43
static constexpr unsigned EXPECTED_MAX_NUMBER_OF_PARAMS = 2;
44
template <class T>
45
using ParamSizedVector = llvm::SmallVector<T, EXPECTED_MAX_NUMBER_OF_PARAMS>;
46
static constexpr unsigned EXPECTED_NUMBER_OF_BASIC_BLOCKS = 8;
47
template <class T>
48
using CFGSizedVector = llvm::SmallVector<T, EXPECTED_NUMBER_OF_BASIC_BLOCKS>;
49
constexpr llvm::StringLiteral CONVENTIONAL_NAMES[] = {
50
    "completionHandler", "completion", "withCompletionHandler"};
51
constexpr llvm::StringLiteral CONVENTIONAL_SUFFIXES[] = {
52
    "WithCompletionHandler", "WithCompletion"};
53
constexpr llvm::StringLiteral CONVENTIONAL_CONDITIONS[] = {
54
    "error", "cancel", "shouldCall", "done", "OK", "success"};
55
56
class ParameterStatus {
57
public:
58
  // Status kind is basically the main part of parameter's status.
59
  // The kind represents our knowledge (so far) about a tracked parameter
60
  // in the context of this analysis.
61
  //
62
  // Since we want to report on missing and extraneous calls, we need to
63
  // track the fact whether paramater was called or not.  This automatically
64
  // decides two kinds: `NotCalled` and `Called`.
65
  //
66
  // One of the erroneous situations is the case when parameter is called only
67
  // on some of the paths.  We could've considered it `NotCalled`, but we want
68
  // to report double call warnings even if these two calls are not guaranteed
69
  // to happen in every execution.  We also don't want to have it as `Called`
70
  // because not calling tracked parameter on all of the paths is an error
71
  // on its own.  For these reasons, we need to have a separate kind,
72
  // `MaybeCalled`, and change `Called` to `DefinitelyCalled` to avoid
73
  // confusion.
74
  //
75
  // Two violations of calling parameter more than once and not calling it on
76
  // every path are not, however, mutually exclusive.  In situations where both
77
  // violations take place, we prefer to report ONLY double call.  It's always
78
  // harder to pinpoint a bug that has arisen when a user neglects to take the
79
  // right action (and therefore, no action is taken), than when a user takes
80
  // the wrong action.  And, in order to remember that we already reported
81
  // a double call, we need another kind: `Reported`.
82
  //
83
  // Our analysis is intra-procedural and, while in the perfect world,
84
  // developers only use tracked parameters to call them, in the real world,
85
  // the picture might be different.  Parameters can be stored in global
86
  // variables or leaked into other functions that we know nothing about.
87
  // We try to be lenient and trust users.  Another kind `Escaped` reflects
88
  // such situations.  We don't know if it gets called there or not, but we
89
  // should always think of `Escaped` as the best possible option.
90
  //
91
  // Some of the paths in the analyzed functions might end with a call
92
  // to noreturn functions.  Such paths are not required to have parameter
93
  // calls and we want to track that.  For the purposes of better diagnostics,
94
  // we don't want to reuse `Escaped` and, thus, have another kind `NoReturn`.
95
  //
96
  // Additionally, we have `NotVisited` kind that tells us nothing about
97
  // a tracked parameter, but is used for tracking analyzed (aka visited)
98
  // basic blocks.
99
  //
100
  // If we consider `|` to be a JOIN operation of two kinds coming from
101
  // two different paths, the following properties must hold:
102
  //
103
  //   1. for any Kind K: K | K == K
104
  //      Joining two identical kinds should result in the same kind.
105
  //
106
  //   2. for any Kind K: Reported | K == Reported
107
  //      Doesn't matter on which path it was reported, it still is.
108
  //
109
  //   3. for any Kind K: NoReturn | K == K
110
  //      We can totally ignore noreturn paths during merges.
111
  //
112
  //   4. DefinitelyCalled | NotCalled == MaybeCalled
113
  //      Called on one path, not called on another - that's simply
114
  //      a definition for MaybeCalled.
115
  //
116
  //   5. for any Kind K in [DefinitelyCalled, NotCalled, MaybeCalled]:
117
  //      Escaped | K == K
118
  //      Escaped mirrors other statuses after joins.
119
  //      Every situation, when we join any of the listed kinds K,
120
  //      is a violation.  For this reason, in order to assume the
121
  //      best outcome for this escape, we consider it to be the
122
  //      same as the other path.
123
  //
124
  //   6. for any Kind K in [DefinitelyCalled, NotCalled]:
125
  //      MaybeCalled | K == MaybeCalled
126
  //      MaybeCalled should basically stay after almost every join.
127
  enum Kind {
128
    // No-return paths should be absolutely transparent for the analysis.
129
    // 0x0 is the identity element for selected join operation (binary or).
130
    NoReturn = 0x0, /* 0000 */
131
    // Escaped marks situations when marked parameter escaped into
132
    // another function (so we can assume that it was possibly called there).
133
    Escaped = 0x1, /* 0001 */
134
    // Parameter was definitely called once at this point.
135
    DefinitelyCalled = 0x3, /* 0011 */
136
    // Kinds less or equal to NON_ERROR_STATUS are not considered errors.
137
    NON_ERROR_STATUS = DefinitelyCalled,
138
    // Parameter was not yet called.
139
    NotCalled = 0x5, /* 0101 */
140
    // Parameter was not called at least on one path leading to this point,
141
    // while there is also at least one path that it gets called.
142
    MaybeCalled = 0x7, /* 0111 */
143
    // Parameter was not yet analyzed.
144
    NotVisited = 0x8, /* 1000 */
145
    // We already reported a violation and stopped tracking calls for this
146
    // parameter.
147
    Reported = 0x15, /* 1111 */
148
    LLVM_MARK_AS_BITMASK_ENUM(/* LargestValue = */ Reported)
149
  };
150
151
  constexpr ParameterStatus() = default;
152
25.2k
  /* implicit */ ParameterStatus(Kind K) : StatusKind(K) {
153
25.2k
    assert(!seenAnyCalls(K) && "Can't initialize status without a call");
154
25.2k
  }
155
98
  ParameterStatus(Kind K, const Expr *Call) : StatusKind(K), Call(Call) {
156
98
    assert(seenAnyCalls(K) && "This kind is not supposed to have a call");
157
98
  }
158
159
25
  const Expr &getCall() const {
160
25
    assert(seenAnyCalls(getKind()) && "ParameterStatus doesn't have a call");
161
25
    return *Call;
162
25
  }
163
25.5k
  static bool seenAnyCalls(Kind K) {
164
25.5k
    return (K & DefinitelyCalled) == DefinitelyCalled && 
K != Reported151
;
165
25.5k
  }
166
133
  bool seenAnyCalls() const { return seenAnyCalls(getKind()); }
167
168
84
  static bool isErrorStatus(Kind K) { return K > NON_ERROR_STATUS; }
169
12
  bool isErrorStatus() const { return isErrorStatus(getKind()); }
170
171
3.76k
  Kind getKind() const { return StatusKind; }
172
173
89
  void join(const ParameterStatus &Other) {
174
    // If we have a pointer already, let's keep it.
175
    // For the purposes of the analysis, it doesn't really matter
176
    // which call we report.
177
    //
178
    // If we don't have a pointer, let's take whatever gets joined.
179
89
    if (!Call) {
180
47
      Call = Other.Call;
181
47
    }
182
    // Join kinds.
183
89
    StatusKind |= Other.getKind();
184
89
  }
185
186
521
  bool operator==(const ParameterStatus &Other) const {
187
    // We compare only kinds, pointers on their own is only additional
188
    // information.
189
521
    return getKind() == Other.getKind();
190
521
  }
191
192
private:
193
  // It would've been a perfect place to use llvm::PointerIntPair, but
194
  // unfortunately NumLowBitsAvailable for clang::Expr had been reduced to 2.
195
  Kind StatusKind = NotVisited;
196
  const Expr *Call = nullptr;
197
};
198
199
/// State aggregates statuses of all tracked parameters.
200
class State {
201
public:
202
  State(unsigned Size, ParameterStatus::Kind K = ParameterStatus::NotVisited)
203
25.1k
      : ParamData(Size, K) {}
204
205
  /// Return status of a parameter with the given index.
206
  /// \{
207
198
  ParameterStatus &getStatusFor(unsigned Index) { return ParamData[Index]; }
208
386
  const ParameterStatus &getStatusFor(unsigned Index) const {
209
386
    return ParamData[Index];
210
386
  }
211
  /// \}
212
213
  /// Return true if parameter with the given index can be called.
214
0
  bool seenAnyCalls(unsigned Index) const {
215
0
    return getStatusFor(Index).seenAnyCalls();
216
0
  }
217
  /// Return a reference that we consider a call.
218
  ///
219
  /// Should only be used for parameters that can be called.
220
25
  const Expr &getCallFor(unsigned Index) const {
221
25
    return getStatusFor(Index).getCall();
222
25
  }
223
  /// Return status kind of parameter with the given index.
224
313
  ParameterStatus::Kind getKindFor(unsigned Index) const {
225
313
    return getStatusFor(Index).getKind();
226
313
  }
227
228
1.80k
  bool isVisited() const {
229
1.81k
    return llvm::all_of(ParamData, [](const ParameterStatus &S) {
230
1.81k
      return S.getKind() != ParameterStatus::NotVisited;
231
1.81k
    });
232
1.80k
  }
233
234
  // Join other state into the current state.
235
89
  void join(const State &Other) {
236
89
    assert(ParamData.size() == Other.ParamData.size() &&
237
89
           "Couldn't join statuses with different sizes");
238
89
    for (auto Pair : llvm::zip(ParamData, Other.ParamData)) {
239
89
      std::get<0>(Pair).join(std::get<1>(Pair));
240
89
    }
241
89
  }
242
243
  using iterator = ParamSizedVector<ParameterStatus>::iterator;
244
  using const_iterator = ParamSizedVector<ParameterStatus>::const_iterator;
245
246
9
  iterator begin() { return ParamData.begin(); }
247
9
  iterator end() { return ParamData.end(); }
248
249
122
  const_iterator begin() const { return ParamData.begin(); }
250
122
  const_iterator end() const { return ParamData.end(); }
251
252
521
  bool operator==(const State &Other) const {
253
521
    return ParamData == Other.ParamData;
254
521
  }
255
256
private:
257
  ParamSizedVector<ParameterStatus> ParamData;
258
};
259
260
/// A simple class that finds DeclRefExpr in the given expression.
261
///
262
/// However, we don't want to find ANY nested DeclRefExpr skipping whatever
263
/// expressions on our way.  Only certain expressions considered "no-op"
264
/// for our task are indeed skipped.
265
class DeclRefFinder
266
    : public ConstStmtVisitor<DeclRefFinder, const DeclRefExpr *> {
267
public:
268
  /// Find a DeclRefExpr in the given expression.
269
  ///
270
  /// In its most basic form (ShouldRetrieveFromComparisons == false),
271
  /// this function can be simply reduced to the following question:
272
  ///
273
  ///   - If expression E is used as a function argument, could we say
274
  ///     that DeclRefExpr nested in E is used as an argument?
275
  ///
276
  /// According to this rule, we can say that parens, casts and dereferencing
277
  /// (dereferencing only applied to function pointers, but this is our case)
278
  /// can be skipped.
279
  ///
280
  /// When we should look into comparisons the question changes to:
281
  ///
282
  ///   - If expression E is used as a condition, could we say that
283
  ///     DeclRefExpr is being checked?
284
  ///
285
  /// And even though, these are two different questions, they have quite a lot
286
  /// in common.  Actually, we can say that whatever expression answers
287
  /// positively the first question also fits the second question as well.
288
  ///
289
  /// In addition, we skip binary operators == and !=, and unary opeartor !.
290
  static const DeclRefExpr *find(const Expr *E,
291
347
                                 bool ShouldRetrieveFromComparisons = false) {
292
347
    return DeclRefFinder(ShouldRetrieveFromComparisons).Visit(E);
293
347
  }
294
295
293
  const DeclRefExpr *VisitDeclRefExpr(const DeclRefExpr *DR) { return DR; }
296
297
6
  const DeclRefExpr *VisitUnaryOperator(const UnaryOperator *UO) {
298
6
    switch (UO->getOpcode()) {
299
4
    case UO_LNot:
300
      // We care about logical not only if we care about comparisons.
301
4
      if (!ShouldRetrieveFromComparisons)
302
1
        return nullptr;
303
3
      LLVM_FALLTHROUGH;
304
    // Function pointer/references can be dereferenced before a call.
305
    // That doesn't make it, however, any different from a regular call.
306
    // For this reason, dereference operation is a "no-op".
307
5
    case UO_Deref:
308
5
      return Visit(UO->getSubExpr());
309
0
    default:
310
0
      return nullptr;
311
6
    }
312
6
  }
313
314
9
  const DeclRefExpr *VisitBinaryOperator(const BinaryOperator *BO) {
315
9
    if (!ShouldRetrieveFromComparisons)
316
0
      return nullptr;
317
318
9
    switch (BO->getOpcode()) {
319
5
    case BO_EQ:
320
7
    case BO_NE: {
321
7
      const DeclRefExpr *LHS = Visit(BO->getLHS());
322
5
      return LHS ? LHS : 
Visit(BO->getRHS())2
;
323
5
    }
324
2
    default:
325
2
      return nullptr;
326
9
    }
327
9
  }
328
329
4
  const DeclRefExpr *VisitOpaqueValueExpr(const OpaqueValueExpr *OVE) {
330
4
    return Visit(OVE->getSourceExpr());
331
4
  }
332
333
353
  const DeclRefExpr *VisitExpr(const Expr *E) {
334
    // It is a fallback method that gets called whenever the actual type
335
    // of the given expression is not covered.
336
    //
337
    // We first check if we have anything to skip.  And then repeat the whole
338
    // procedure for a nested expression instead.
339
353
    const Expr *DeclutteredExpr = E->IgnoreParenCasts();
340
300
    return E != DeclutteredExpr ? Visit(DeclutteredExpr) : 
nullptr53
;
341
353
  }
342
343
private:
344
  DeclRefFinder(bool ShouldRetrieveFromComparisons)
345
347
      : ShouldRetrieveFromComparisons(ShouldRetrieveFromComparisons) {}
346
347
  bool ShouldRetrieveFromComparisons;
348
};
349
350
const DeclRefExpr *findDeclRefExpr(const Expr *In,
351
347
                                   bool ShouldRetrieveFromComparisons = false) {
352
347
  return DeclRefFinder::find(In, ShouldRetrieveFromComparisons);
353
347
}
354
355
const ParmVarDecl *
356
findReferencedParmVarDecl(const Expr *In,
357
347
                          bool ShouldRetrieveFromComparisons = false) {
358
347
  if (const DeclRefExpr *DR =
359
293
          findDeclRefExpr(In, ShouldRetrieveFromComparisons)) {
360
293
    return dyn_cast<ParmVarDecl>(DR->getDecl());
361
293
  }
362
363
54
  return nullptr;
364
54
}
365
366
/// Return conditions expression of a statement if it has one.
367
399
const Expr *getCondition(const Stmt *S) {
368
399
  if (!S) {
369
295
    return nullptr;
370
295
  }
371
372
104
  if (const auto *If = dyn_cast<IfStmt>(S)) {
373
69
    return If->getCond();
374
69
  }
375
35
  if (const auto *Ternary = dyn_cast<AbstractConditionalOperator>(S)) {
376
2
    return Ternary->getCond();
377
2
  }
378
379
33
  return nullptr;
380
33
}
381
382
/// A small helper class that collects all named identifiers in the given
383
/// expression.  It traverses it recursively, so names from deeper levels
384
/// of the AST will end up in the results.
385
/// Results might have duplicate names, if this is a problem, convert to
386
/// string sets afterwards.
387
class NamesCollector : public RecursiveASTVisitor<NamesCollector> {
388
public:
389
  static constexpr unsigned EXPECTED_NUMBER_OF_NAMES = 5;
390
  using NameCollection =
391
      llvm::SmallVector<llvm::StringRef, EXPECTED_NUMBER_OF_NAMES>;
392
393
0
  static NameCollection collect(const Expr *From) {
394
0
    NamesCollector Impl;
395
0
    Impl.TraverseStmt(const_cast<Expr *>(From));
396
0
    return Impl.Result;
397
0
  }
398
399
0
  bool VisitDeclRefExpr(const DeclRefExpr *E) {
400
0
    Result.push_back(E->getDecl()->getName());
401
0
    return true;
402
0
  }
403
404
0
  bool VisitObjCPropertyRefExpr(const ObjCPropertyRefExpr *E) {
405
0
    llvm::StringRef Name;
406
407
0
    if (E->isImplicitProperty()) {
408
0
      ObjCMethodDecl *PropertyMethodDecl = nullptr;
409
0
      if (E->isMessagingGetter()) {
410
0
        PropertyMethodDecl = E->getImplicitPropertyGetter();
411
0
      } else {
412
0
        PropertyMethodDecl = E->getImplicitPropertySetter();
413
0
      }
414
0
      assert(PropertyMethodDecl &&
415
0
             "Implicit property must have associated declaration");
416
0
      Name = PropertyMethodDecl->getSelector().getNameForSlot(0);
417
0
    } else {
418
0
      assert(E->isExplicitProperty());
419
0
      Name = E->getExplicitProperty()->getName();
420
0
    }
421
422
0
    Result.push_back(Name);
423
0
    return true;
424
0
  }
425
426
private:
427
0
  NamesCollector() = default;
428
  NameCollection Result;
429
};
430
431
/// Check whether the given expression mentions any of conventional names.
432
0
bool mentionsAnyOfConventionalNames(const Expr *E) {
433
0
  NamesCollector::NameCollection MentionedNames = NamesCollector::collect(E);
434
435
0
  return llvm::any_of(MentionedNames, [](llvm::StringRef ConditionName) {
436
0
    return llvm::any_of(
437
0
        CONVENTIONAL_CONDITIONS,
438
0
        [ConditionName](const llvm::StringLiteral &Conventional) {
439
0
          return ConditionName.contains_lower(Conventional);
440
0
        });
441
0
  });
442
0
}
443
444
/// Clarification is a simple pair of a reason why parameter is not called
445
/// on every path and a statement to blame.
446
struct Clarification {
447
  NeverCalledReason Reason;
448
  const Stmt *Location;
449
};
450
451
/// A helper class that can produce a clarification based on the given pair
452
/// of basic blocks.
453
class NotCalledClarifier
454
    : public ConstStmtVisitor<NotCalledClarifier,
455
                              llvm::Optional<Clarification>> {
456
public:
457
  /// The main entrypoint for the class, the function that tries to find the
458
  /// clarification of how to explain which sub-path starts with a CFG edge
459
  /// from Conditional to SuccWithoutCall.
460
  ///
461
  /// This means that this function has one precondition:
462
  ///   SuccWithoutCall should be a successor block for Conditional.
463
  ///
464
  /// Because clarification is not needed for non-trivial pairs of blocks
465
  /// (i.e. SuccWithoutCall is not the only successor), it returns meaningful
466
  /// results only for such cases.  For this very reason, the parent basic
467
  /// block, Conditional, is named that way, so it is clear what kind of
468
  /// block is expected.
469
  static llvm::Optional<Clarification>
470
39
  clarify(const CFGBlock *Conditional, const CFGBlock *SuccWithoutCall) {
471
39
    if (const Stmt *Terminator = Conditional->getTerminatorStmt()) {
472
39
      return NotCalledClarifier{Conditional, SuccWithoutCall}.Visit(Terminator);
473
39
    }
474
0
    return llvm::None;
475
0
  }
476
477
27
  llvm::Optional<Clarification> VisitIfStmt(const IfStmt *If) {
478
27
    return VisitBranchingBlock(If, NeverCalledReason::IfThen);
479
27
  }
480
481
  llvm::Optional<Clarification>
482
1
  VisitAbstractConditionalOperator(const AbstractConditionalOperator *Ternary) {
483
1
    return VisitBranchingBlock(Ternary, NeverCalledReason::IfThen);
484
1
  }
485
486
5
  llvm::Optional<Clarification> VisitSwitchStmt(const SwitchStmt *Switch) {
487
5
    const Stmt *CaseToBlame = SuccInQuestion->getLabel();
488
5
    if (!CaseToBlame) {
489
      // If interesting basic block is not labeled, it means that this
490
      // basic block does not represent any of the cases.
491
1
      return Clarification{NeverCalledReason::SwitchSkipped, Switch};
492
1
    }
493
494
8
    
for (const SwitchCase *Case = Switch->getSwitchCaseList(); 4
Case;
495
8
         
Case = Case->getNextSwitchCase()4
) {
496
8
      if (Case == CaseToBlame) {
497
4
        return Clarification{NeverCalledReason::Switch, Case};
498
4
      }
499
8
    }
500
501
4
    
llvm_unreachable0
("Found unexpected switch structure");
502
4
  }
503
504
2
  llvm::Optional<Clarification> VisitForStmt(const ForStmt *For) {
505
2
    return VisitBranchingBlock(For, NeverCalledReason::LoopEntered);
506
2
  }
507
508
2
  llvm::Optional<Clarification> VisitWhileStmt(const WhileStmt *While) {
509
2
    return VisitBranchingBlock(While, NeverCalledReason::LoopEntered);
510
2
  }
511
512
  llvm::Optional<Clarification>
513
32
  VisitBranchingBlock(const Stmt *Terminator, NeverCalledReason DefaultReason) {
514
32
    assert(Parent->succ_size() == 2 &&
515
32
           "Branching block should have exactly two successors");
516
32
    unsigned SuccessorIndex = getSuccessorIndex(Parent, SuccInQuestion);
517
32
    NeverCalledReason ActualReason =
518
32
        updateForSuccessor(DefaultReason, SuccessorIndex);
519
32
    return Clarification{ActualReason, Terminator};
520
32
  }
521
522
2
  llvm::Optional<Clarification> VisitBinaryOperator(const BinaryOperator *) {
523
    // We don't want to report on short-curcuit logical operations.
524
2
    return llvm::None;
525
2
  }
526
527
0
  llvm::Optional<Clarification> VisitStmt(const Stmt *Terminator) {
528
    // If we got here, we didn't have a visit function for more derived
529
    // classes of statement that this terminator actually belongs to.
530
    //
531
    // This is not a good scenario and should not happen in practice, but
532
    // at least we'll warn the user.
533
0
    return Clarification{NeverCalledReason::FallbackReason, Terminator};
534
0
  }
535
536
  static unsigned getSuccessorIndex(const CFGBlock *Parent,
537
32
                                    const CFGBlock *Child) {
538
32
    CFGBlock::const_succ_iterator It = llvm::find(Parent->succs(), Child);
539
32
    assert(It != Parent->succ_end() &&
540
32
           "Given blocks should be in parent-child relationship");
541
32
    return It - Parent->succ_begin();
542
32
  }
543
544
  static NeverCalledReason
545
  updateForSuccessor(NeverCalledReason ReasonForTrueBranch,
546
32
                     unsigned SuccessorIndex) {
547
32
    assert(SuccessorIndex <= 1);
548
32
    unsigned RawReason =
549
32
        static_cast<unsigned>(ReasonForTrueBranch) + SuccessorIndex;
550
32
    assert(RawReason <=
551
32
           static_cast<unsigned>(NeverCalledReason::LARGEST_VALUE));
552
32
    return static_cast<NeverCalledReason>(RawReason);
553
32
  }
554
555
private:
556
  NotCalledClarifier(const CFGBlock *Parent, const CFGBlock *SuccInQuestion)
557
39
      : Parent(Parent), SuccInQuestion(SuccInQuestion) {}
558
559
  const CFGBlock *Parent, *SuccInQuestion;
560
};
561
562
class CalledOnceChecker : public ConstStmtVisitor<CalledOnceChecker> {
563
public:
564
  static void check(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
565
24.9k
                    bool CheckConventionalParameters) {
566
24.9k
    CalledOnceChecker(AC, Handler, CheckConventionalParameters).check();
567
24.9k
  }
568
569
private:
570
  CalledOnceChecker(AnalysisDeclContext &AC, CalledOnceCheckHandler &Handler,
571
                    bool CheckConventionalParameters)
572
      : FunctionCFG(*AC.getCFG()), AC(AC), Handler(Handler),
573
        CheckConventionalParameters(CheckConventionalParameters),
574
24.9k
        CurrentState(0) {
575
24.9k
    initDataStructures();
576
24.9k
    assert((size() == 0 || !States.empty()) &&
577
24.9k
           "Data structures are inconsistent");
578
24.9k
  }
579
580
  //===----------------------------------------------------------------------===//
581
  //                            Initializing functions
582
  //===----------------------------------------------------------------------===//
583
584
24.9k
  void initDataStructures() {
585
24.9k
    const Decl *AnalyzedDecl = AC.getDecl();
586
587
24.9k
    if (const auto *Function = dyn_cast<FunctionDecl>(AnalyzedDecl)) {
588
18.6k
      findParamsToTrack(Function);
589
6.30k
    } else if (const auto *Method = dyn_cast<ObjCMethodDecl>(AnalyzedDecl)) {
590
5.26k
      findParamsToTrack(Method);
591
1.04k
    } else if (const auto *Block = dyn_cast<BlockDecl>(AnalyzedDecl)) {
592
1.04k
      findCapturesToTrack(Block);
593
1.04k
      findParamsToTrack(Block);
594
1.04k
    }
595
596
    // Have something to track, let's init states for every block from the CFG.
597
24.9k
    if (size() != 0) {
598
129
      States =
599
129
          CFGSizedVector<State>(FunctionCFG.getNumBlockIDs(), State(size()));
600
129
    }
601
24.9k
  }
602
603
1.04k
  void findCapturesToTrack(const BlockDecl *Block) {
604
1.11k
    for (const auto &Capture : Block->captures()) {
605
1.11k
      if (const auto *P = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
606
        // Parameter DeclContext is its owning function or method.
607
208
        const DeclContext *ParamContext = P->getDeclContext();
608
208
        if (shouldBeCalledOnce(ParamContext, P)) {
609
8
          TrackedParams.push_back(P);
610
8
        }
611
208
      }
612
1.11k
    }
613
1.04k
  }
614
615
  template <class FunctionLikeDecl>
616
24.9k
  void findParamsToTrack(const FunctionLikeDecl *Function) {
617
23.7k
    for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
618
23.7k
      if (shouldBeCalledOnce(Function, Index)) {
619
123
        TrackedParams.push_back(Function->getParamDecl(Index));
620
123
      }
621
23.7k
    }
622
24.9k
  }
CalledOnceCheck.cpp:void (anonymous namespace)::CalledOnceChecker::findParamsToTrack<clang::FunctionDecl>(clang::FunctionDecl const*)
Line
Count
Source
616
18.6k
  void findParamsToTrack(const FunctionLikeDecl *Function) {
617
20.9k
    for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
618
20.9k
      if (shouldBeCalledOnce(Function, Index)) {
619
79
        TrackedParams.push_back(Function->getParamDecl(Index));
620
79
      }
621
20.9k
    }
622
18.6k
  }
CalledOnceCheck.cpp:void (anonymous namespace)::CalledOnceChecker::findParamsToTrack<clang::ObjCMethodDecl>(clang::ObjCMethodDecl const*)
Line
Count
Source
616
5.26k
  void findParamsToTrack(const FunctionLikeDecl *Function) {
617
2.54k
    for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
618
2.54k
      if (shouldBeCalledOnce(Function, Index)) {
619
42
        TrackedParams.push_back(Function->getParamDecl(Index));
620
42
      }
621
2.54k
    }
622
5.26k
  }
CalledOnceCheck.cpp:void (anonymous namespace)::CalledOnceChecker::findParamsToTrack<clang::BlockDecl>(clang::BlockDecl const*)
Line
Count
Source
616
1.04k
  void findParamsToTrack(const FunctionLikeDecl *Function) {
617
222
    for (unsigned Index : llvm::seq<unsigned>(0u, Function->param_size())) {
618
222
      if (shouldBeCalledOnce(Function, Index)) {
619
2
        TrackedParams.push_back(Function->getParamDecl(Index));
620
2
      }
621
222
    }
622
1.04k
  }
623
624
  //===----------------------------------------------------------------------===//
625
  //                         Main logic 'check' functions
626
  //===----------------------------------------------------------------------===//
627
628
24.9k
  void check() {
629
    // Nothing to check here: we don't have marked parameters.
630
24.9k
    if (size() == 0 || 
isPossiblyEmptyImpl()129
)
631
24.8k
      return;
632
633
122
    assert(
634
122
        llvm::none_of(States, [](const State &S) { return S.isVisited(); }) &&
635
122
        "None of the blocks should be 'visited' before the analysis");
636
637
    // For our task, both backward and forward approaches suite well.
638
    // However, in order to report better diagnostics, we decided to go with
639
    // backward analysis.
640
    //
641
    // Let's consider the following CFG and how forward and backward analyses
642
    // will work for it.
643
    //
644
    //                  FORWARD:           |                 BACKWARD:
645
    //                    #1               |                     #1
646
    //                +---------+          |               +-----------+
647
    //                |   if    |          |               |MaybeCalled|
648
    //                +---------+          |               +-----------+
649
    //                |NotCalled|          |               |    if     |
650
    //                +---------+          |               +-----------+
651
    //                 /       \           |                 /       \
652
    //         #2     /         \  #3      |         #2     /         \  #3
653
    // +----------------+      +---------+ | +----------------+      +---------+
654
    // |     foo()      |      |   ...   | | |DefinitelyCalled|      |NotCalled|
655
    // +----------------+      +---------+ | +----------------+      +---------+
656
    // |DefinitelyCalled|      |NotCalled| | |     foo()      |      |   ...   |
657
    // +----------------+      +---------+ | +----------------+      +---------+
658
    //                \         /          |                \         /
659
    //                 \  #4   /           |                 \  #4   /
660
    //               +-----------+         |                +---------+
661
    //               |    ...    |         |                |NotCalled|
662
    //               +-----------+         |                +---------+
663
    //               |MaybeCalled|         |                |   ...   |
664
    //               +-----------+         |                +---------+
665
    //
666
    // The most natural way to report lacking call in the block #3 would be to
667
    // message that the false branch of the if statement in the block #1 doesn't
668
    // have a call.  And while with the forward approach we'll need to find a
669
    // least common ancestor or something like that to find the 'if' to blame,
670
    // backward analysis gives it to us out of the box.
671
122
    BackwardDataflowWorklist Worklist(FunctionCFG, AC);
672
673
    // Let's visit EXIT.
674
122
    const CFGBlock *Exit = &FunctionCFG.getExit();
675
122
    assignState(Exit, State(size(), ParameterStatus::NotCalled));
676
122
    Worklist.enqueuePredecessors(Exit);
677
678
521
    while (const CFGBlock *BB = Worklist.dequeue()) {
679
399
      assert(BB && "Worklist should filter out null blocks");
680
399
      check(BB);
681
399
      assert(CurrentState.isVisited() &&
682
399
             "After the check, basic block should be visited");
683
684
      // Traverse successor basic blocks if the status of this block
685
      // has changed.
686
399
      if (assignState(BB, CurrentState)) {
687
397
        Worklist.enqueuePredecessors(BB);
688
397
      }
689
399
    }
690
691
    // Check that we have all tracked parameters at the last block.
692
    // As we are performing a backward version of the analysis,
693
    // it should be the ENTRY block.
694
122
    checkEntry(&FunctionCFG.getEntry());
695
122
  }
696
697
399
  void check(const CFGBlock *BB) {
698
    // We start with a state 'inherited' from all the successors.
699
399
    CurrentState = joinSuccessors(BB);
700
399
    assert(CurrentState.isVisited() &&
701
399
           "Shouldn't start with a 'not visited' state");
702
703
    // This is the 'exit' situation, broken promises are probably OK
704
    // in such scenarios.
705
399
    if (BB->hasNoReturnElement()) {
706
7
      markNoReturn();
707
      // This block still can have calls (even multiple calls) and
708
      // for this reason there is no early return here.
709
7
    }
710
711
    // We use a backward dataflow propagation and for this reason we
712
    // should traverse basic blocks bottom-up.
713
953
    for (const CFGElement &Element : llvm::reverse(*BB)) {
714
953
      if (Optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
715
953
        check(S->getStmt());
716
953
      }
717
953
    }
718
399
  }
719
953
  void check(const Stmt *S) { Visit(S); }
720
721
122
  void checkEntry(const CFGBlock *Entry) {
722
    // We finalize this algorithm with the ENTRY block because
723
    // we use a backward version of the analysis.  This is where
724
    // we can judge that some of the tracked parameters are not called on
725
    // every path from ENTRY to EXIT.
726
727
122
    const State &EntryStatus = getState(Entry);
728
122
    llvm::BitVector NotCalledOnEveryPath(size(), false);
729
122
    llvm::BitVector NotUsedOnEveryPath(size(), false);
730
731
    // Check if there are no calls of the marked parameter at all
732
124
    for (const auto &IndexedStatus : llvm::enumerate(EntryStatus)) {
733
124
      const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
734
735
124
      switch (IndexedStatus.value().getKind()) {
736
18
      case ParameterStatus::NotCalled:
737
        // If there were places where this parameter escapes (aka being used),
738
        // we can provide a more useful diagnostic by pointing at the exact
739
        // branches where it is not even mentioned.
740
18
        if (!hasEverEscaped(IndexedStatus.index())) {
741
          // This parameter is was not used at all, so we should report the
742
          // most generic version of the warning.
743
10
          if (isCaptured(Parameter)) {
744
            // We want to specify that it was captured by the block.
745
0
            Handler.handleCapturedNeverCalled(Parameter, AC.getDecl(),
746
0
                                              !isExplicitlyMarked(Parameter));
747
10
          } else {
748
10
            Handler.handleNeverCalled(Parameter,
749
10
                                      !isExplicitlyMarked(Parameter));
750
10
          }
751
8
        } else {
752
          // Mark it as 'interesting' to figure out which paths don't even
753
          // have escapes.
754
8
          NotUsedOnEveryPath[IndexedStatus.index()] = true;
755
8
        }
756
757
18
        break;
758
26
      case ParameterStatus::MaybeCalled:
759
        // If we have 'maybe called' at this point, we have an error
760
        // that there is at least one path where this parameter
761
        // is not called.
762
        //
763
        // However, reporting the warning with only that information can be
764
        // too vague for the users.  For this reason, we mark such parameters
765
        // as "interesting" for further analysis.
766
26
        NotCalledOnEveryPath[IndexedStatus.index()] = true;
767
26
        break;
768
80
      default:
769
80
        break;
770
124
      }
771
124
    }
772
773
    // Early exit if we don't have parameters for extra analysis.
774
122
    if (NotCalledOnEveryPath.none() && 
NotUsedOnEveryPath.none()96
)
775
88
      return;
776
777
    // We are looking for a pair of blocks A, B so that the following is true:
778
    //   * A is a predecessor of B
779
    //   * B is marked as NotCalled
780
    //   * A has at least one successor marked as either
781
    //     Escaped or DefinitelyCalled
782
    //
783
    // In that situation, it is guaranteed that B is the first block of the path
784
    // where the user doesn't call or use parameter in question.
785
    //
786
    // For this reason, branch A -> B can be used for reporting.
787
    //
788
    // This part of the algorithm is guarded by a condition that the function
789
    // does indeed have a violation of contract.  For this reason, we can
790
    // spend more time to find a good spot to place the warning.
791
    //
792
    // The following algorithm has the worst case complexity of O(V + E),
793
    // where V is the number of basic blocks in FunctionCFG,
794
    //       E is the number of edges between blocks in FunctionCFG.
795
173
    
for (const CFGBlock *BB : FunctionCFG)34
{
796
173
      if (!BB)
797
0
        continue;
798
799
173
      const State &BlockState = getState(BB);
800
801
173
      for (unsigned Index : llvm::seq(0u, size())) {
802
        // We don't want to use 'isLosingCall' here because we want to report
803
        // the following situation as well:
804
        //
805
        //           MaybeCalled
806
        //            |  ...  |
807
        //    MaybeCalled   NotCalled
808
        //
809
        // Even though successor is not 'DefinitelyCalled', it is still useful
810
        // to report it, it is still a path without a call.
811
173
        if (NotCalledOnEveryPath[Index] &&
812
137
            BlockState.getKindFor(Index) == ParameterStatus::MaybeCalled) {
813
814
62
          findAndReportNotCalledBranches(BB, Index);
815
111
        } else if (NotUsedOnEveryPath[Index] &&
816
36
                   isLosingEscape(BlockState, BB, Index)) {
817
818
8
          findAndReportNotCalledBranches(BB, Index, /* IsEscape = */ true);
819
8
        }
820
173
      }
821
173
    }
822
34
  }
823
824
  /// Check potential call of a tracked parameter.
825
147
  void checkDirectCall(const CallExpr *Call) {
826
147
    if (auto Index = getIndexOfCallee(Call)) {
827
111
      processCallFor(*Index, Call);
828
111
    }
829
147
  }
830
831
  /// Check the call expression for being an indirect call of one of the tracked
832
  /// parameters.  It is indirect in the sense that this particular call is not
833
  /// calling the parameter itself, but rather uses it as the argument.
834
  template <class CallLikeExpr>
835
185
  void checkIndirectCall(const CallLikeExpr *CallOrMessage) {
836
    // CallExpr::arguments does not interact nicely with llvm::enumerate.
837
185
    llvm::ArrayRef<const Expr *> Arguments = llvm::makeArrayRef(
838
185
        CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
839
840
    // Let's check if any of the call arguments is a point of interest.
841
66
    for (const auto &Argument : llvm::enumerate(Arguments)) {
842
66
      if (auto Index = getIndexOfExpression(Argument.value())) {
843
38
        ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
844
845
38
        if (shouldBeCalledOnce(CallOrMessage, Argument.index())) {
846
          // If the corresponding parameter is marked as 'called_once' we should
847
          // consider it as a call.
848
19
          processCallFor(*Index, CallOrMessage);
849
19
        } else if (CurrentParamStatus.getKind() == ParameterStatus::NotCalled) {
850
          // Otherwise, we mark this parameter as escaped, which can be
851
          // interpreted both as called or not called depending on the context.
852
12
          CurrentParamStatus = ParameterStatus::Escaped;
853
12
        }
854
        // Otherwise, let's keep the state as it is.
855
38
      }
856
66
    }
857
185
  }
CalledOnceCheck.cpp:void (anonymous namespace)::CalledOnceChecker::checkIndirectCall<clang::CallExpr>(clang::CallExpr const*)
Line
Count
Source
835
147
  void checkIndirectCall(const CallLikeExpr *CallOrMessage) {
836
    // CallExpr::arguments does not interact nicely with llvm::enumerate.
837
147
    llvm::ArrayRef<const Expr *> Arguments = llvm::makeArrayRef(
838
147
        CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
839
840
    // Let's check if any of the call arguments is a point of interest.
841
32
    for (const auto &Argument : llvm::enumerate(Arguments)) {
842
32
      if (auto Index = getIndexOfExpression(Argument.value())) {
843
18
        ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
844
845
18
        if (shouldBeCalledOnce(CallOrMessage, Argument.index())) {
846
          // If the corresponding parameter is marked as 'called_once' we should
847
          // consider it as a call.
848
5
          processCallFor(*Index, CallOrMessage);
849
13
        } else if (CurrentParamStatus.getKind() == ParameterStatus::NotCalled) {
850
          // Otherwise, we mark this parameter as escaped, which can be
851
          // interpreted both as called or not called depending on the context.
852
6
          CurrentParamStatus = ParameterStatus::Escaped;
853
6
        }
854
        // Otherwise, let's keep the state as it is.
855
18
      }
856
32
    }
857
147
  }
CalledOnceCheck.cpp:void (anonymous namespace)::CalledOnceChecker::checkIndirectCall<clang::ObjCMessageExpr>(clang::ObjCMessageExpr const*)
Line
Count
Source
835
38
  void checkIndirectCall(const CallLikeExpr *CallOrMessage) {
836
    // CallExpr::arguments does not interact nicely with llvm::enumerate.
837
38
    llvm::ArrayRef<const Expr *> Arguments = llvm::makeArrayRef(
838
38
        CallOrMessage->getArgs(), CallOrMessage->getNumArgs());
839
840
    // Let's check if any of the call arguments is a point of interest.
841
34
    for (const auto &Argument : llvm::enumerate(Arguments)) {
842
34
      if (auto Index = getIndexOfExpression(Argument.value())) {
843
20
        ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
844
845
20
        if (shouldBeCalledOnce(CallOrMessage, Argument.index())) {
846
          // If the corresponding parameter is marked as 'called_once' we should
847
          // consider it as a call.
848
14
          processCallFor(*Index, CallOrMessage);
849
6
        } else if (CurrentParamStatus.getKind() == ParameterStatus::NotCalled) {
850
          // Otherwise, we mark this parameter as escaped, which can be
851
          // interpreted both as called or not called depending on the context.
852
6
          CurrentParamStatus = ParameterStatus::Escaped;
853
6
        }
854
        // Otherwise, let's keep the state as it is.
855
20
      }
856
34
    }
857
38
  }
858
859
  /// Process call of the parameter with the given index
860
130
  void processCallFor(unsigned Index, const Expr *Call) {
861
130
    ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(Index);
862
863
130
    if (CurrentParamStatus.seenAnyCalls()) {
864
865
      // At this point, this parameter was called, so this is a second call.
866
25
      const ParmVarDecl *Parameter = getParameter(Index);
867
25
      Handler.handleDoubleCall(
868
25
          Parameter, &CurrentState.getCallFor(Index), Call,
869
25
          !isExplicitlyMarked(Parameter),
870
          // We are sure that the second call is definitely
871
          // going to happen if the status is 'DefinitelyCalled'.
872
25
          CurrentParamStatus.getKind() == ParameterStatus::DefinitelyCalled);
873
874
      // Mark this parameter as already reported on, so we don't repeat
875
      // warnings.
876
25
      CurrentParamStatus = ParameterStatus::Reported;
877
878
105
    } else if (CurrentParamStatus.getKind() != ParameterStatus::Reported) {
879
      // If we didn't report anything yet, let's mark this parameter
880
      // as called.
881
98
      ParameterStatus Called(ParameterStatus::DefinitelyCalled, Call);
882
98
      CurrentParamStatus = Called;
883
98
    }
884
130
  }
885
886
  void findAndReportNotCalledBranches(const CFGBlock *Parent, unsigned Index,
887
70
                                      bool IsEscape = false) {
888
113
    for (const CFGBlock *Succ : Parent->succs()) {
889
113
      if (!Succ)
890
0
        continue;
891
892
113
      if (getState(Succ).getKindFor(Index) == ParameterStatus::NotCalled) {
893
39
        assert(Parent->succ_size() >= 2 &&
894
39
               "Block should have at least two successors at this point");
895
39
        if (auto Clarification = NotCalledClarifier::clarify(Parent, Succ)) {
896
37
          const ParmVarDecl *Parameter = getParameter(Index);
897
37
          Handler.handleNeverCalled(Parameter, Clarification->Location,
898
37
                                    Clarification->Reason, !IsEscape,
899
37
                                    !isExplicitlyMarked(Parameter));
900
37
        }
901
39
      }
902
113
    }
903
70
  }
904
905
  //===----------------------------------------------------------------------===//
906
  //                   Predicate functions to check parameters
907
  //===----------------------------------------------------------------------===//
908
909
  /// Return true if parameter is explicitly marked as 'called_once'.
910
24.0k
  static bool isExplicitlyMarked(const ParmVarDecl *Parameter) {
911
24.0k
    return Parameter->hasAttr<CalledOnceAttr>();
912
24.0k
  }
913
914
  /// Return true if the given name matches conventional pattens.
915
153
  static bool isConventional(llvm::StringRef Name) {
916
153
    return llvm::count(CONVENTIONAL_NAMES, Name) != 0;
917
153
  }
918
919
  /// Return true if the given name has conventional suffixes.
920
22
  static bool hasConventionalSuffix(llvm::StringRef Name) {
921
43
    return llvm::any_of(CONVENTIONAL_SUFFIXES, [Name](llvm::StringRef Suffix) {
922
43
      return Name.endswith(Suffix);
923
43
    });
924
22
  }
925
926
  /// Return true if the given type can be used for conventional parameters.
927
81
  static bool isConventional(QualType Ty) {
928
81
    if (!Ty->isBlockPointerType()) {
929
23
      return false;
930
23
    }
931
932
58
    QualType BlockType = Ty->getAs<BlockPointerType>()->getPointeeType();
933
    // Completion handlers should have a block type with void return type.
934
58
    return BlockType->getAs<FunctionType>()->getReturnType()->isVoidType();
935
58
  }
936
937
  /// Return true if the only parameter of the function is conventional.
938
59
  static bool isOnlyParameterConventional(const FunctionDecl *Function) {
939
59
    return Function->getNumParams() == 1 &&
940
12
           hasConventionalSuffix(Function->getName());
941
59
  }
942
943
  /// Return true/false if 'swift_async' attribute states that the given
944
  /// parameter is conventionally called once.
945
  /// Return llvm::None if the given declaration doesn't have 'swift_async'
946
  /// attribute.
947
  static llvm::Optional<bool> isConventionalSwiftAsync(const Decl *D,
948
23.7k
                                                       unsigned ParamIndex) {
949
23.7k
    if (const SwiftAsyncAttr *A = D->getAttr<SwiftAsyncAttr>()) {
950
6
      if (A->getKind() == SwiftAsyncAttr::None) {
951
2
        return false;
952
2
      }
953
954
4
      return A->getCompletionHandlerIndex().getASTIndex() == ParamIndex;
955
4
    }
956
23.7k
    return llvm::None;
957
23.7k
  }
958
959
  /// Return true if the specified selector piece matches conventions.
960
  static bool isConventionalSelectorPiece(Selector MethodSelector,
961
                                          unsigned PieceIndex,
962
48
                                          QualType PieceType) {
963
48
    if (!isConventional(PieceType)) {
964
24
      return false;
965
24
    }
966
967
24
    if (MethodSelector.getNumArgs() == 1) {
968
10
      assert(PieceIndex == 0);
969
10
      return hasConventionalSuffix(MethodSelector.getNameForSlot(0));
970
10
    }
971
972
14
    return isConventional(MethodSelector.getNameForSlot(PieceIndex));
973
14
  }
974
975
23.9k
  bool shouldBeCalledOnce(const ParmVarDecl *Parameter) const {
976
23.9k
    return isExplicitlyMarked(Parameter) ||
977
23.8k
           (CheckConventionalParameters &&
978
139
            isConventional(Parameter->getName()) &&
979
33
            isConventional(Parameter->getType()));
980
23.9k
  }
981
982
  bool shouldBeCalledOnce(const DeclContext *ParamContext,
983
208
                          const ParmVarDecl *Param) {
984
208
    unsigned ParamIndex = Param->getFunctionScopeIndex();
985
208
    if (const auto *Function = dyn_cast<FunctionDecl>(ParamContext)) {
986
175
      return shouldBeCalledOnce(Function, ParamIndex);
987
175
    }
988
33
    if (const auto *Method = dyn_cast<ObjCMethodDecl>(ParamContext)) {
989
29
      return shouldBeCalledOnce(Method, ParamIndex);
990
29
    }
991
4
    return shouldBeCalledOnce(Param);
992
4
  }
993
994
222
  bool shouldBeCalledOnce(const BlockDecl *Block, unsigned ParamIndex) const {
995
222
    return shouldBeCalledOnce(Block->getParamDecl(ParamIndex));
996
222
  }
997
998
  bool shouldBeCalledOnce(const FunctionDecl *Function,
999
21.1k
                          unsigned ParamIndex) const {
1000
21.1k
    if (ParamIndex >= Function->getNumParams()) {
1001
0
      return false;
1002
0
    }
1003
    // 'swift_async' goes first and overrides anything else.
1004
21.1k
    if (auto ConventionalAsync =
1005
0
            isConventionalSwiftAsync(Function, ParamIndex)) {
1006
0
      return ConventionalAsync.getValue();
1007
0
    }
1008
1009
21.1k
    return shouldBeCalledOnce(Function->getParamDecl(ParamIndex)) ||
1010
21.0k
           (CheckConventionalParameters &&
1011
59
            isOnlyParameterConventional(Function));
1012
21.1k
  }
1013
1014
  bool shouldBeCalledOnce(const ObjCMethodDecl *Method,
1015
2.59k
                          unsigned ParamIndex) const {
1016
2.59k
    Selector MethodSelector = Method->getSelector();
1017
2.59k
    if (ParamIndex >= MethodSelector.getNumArgs()) {
1018
5
      return false;
1019
5
    }
1020
1021
    // 'swift_async' goes first and overrides anything else.
1022
2.58k
    if (auto ConventionalAsync = isConventionalSwiftAsync(Method, ParamIndex)) {
1023
6
      return ConventionalAsync.getValue();
1024
6
    }
1025
1026
2.58k
    const ParmVarDecl *Parameter = Method->getParamDecl(ParamIndex);
1027
2.58k
    return shouldBeCalledOnce(Parameter) ||
1028
2.54k
           (CheckConventionalParameters &&
1029
48
            isConventionalSelectorPiece(MethodSelector, ParamIndex,
1030
48
                                        Parameter->getType()));
1031
2.58k
  }
1032
1033
18
  bool shouldBeCalledOnce(const CallExpr *Call, unsigned ParamIndex) const {
1034
18
    const FunctionDecl *Function = Call->getDirectCallee();
1035
18
    return Function && 
shouldBeCalledOnce(Function, ParamIndex)16
;
1036
18
  }
1037
1038
  bool shouldBeCalledOnce(const ObjCMessageExpr *Message,
1039
20
                          unsigned ParamIndex) const {
1040
20
    const ObjCMethodDecl *Method = Message->getMethodDecl();
1041
20
    return Method && ParamIndex < Method->param_size() &&
1042
20
           shouldBeCalledOnce(Method, ParamIndex);
1043
20
  }
1044
1045
  //===----------------------------------------------------------------------===//
1046
  //                               Utility methods
1047
  //===----------------------------------------------------------------------===//
1048
1049
10
  bool isCaptured(const ParmVarDecl *Parameter) const {
1050
10
    if (const BlockDecl *Block = dyn_cast<BlockDecl>(AC.getDecl())) {
1051
1
      return Block->capturesVariable(Parameter);
1052
1
    }
1053
9
    return false;
1054
9
  }
1055
1056
  /// Return true if the analyzed function is actually a default implementation
1057
  /// of the method that has to be overriden.
1058
  ///
1059
  /// These functions can have tracked parameters, but wouldn't call them
1060
  /// because they are not designed to perform any meaningful actions.
1061
  ///
1062
  /// There are a couple of flavors of such default implementations:
1063
  ///   1. Empty methods or methods with a single return statement
1064
  ///   2. Methods that have one block with a call to no return function
1065
  ///   3. Methods with only assertion-like operations
1066
129
  bool isPossiblyEmptyImpl() const {
1067
129
    if (!isa<ObjCMethodDecl>(AC.getDecl())) {
1068
      // We care only about functions that are not supposed to be called.
1069
      // Only methods can be overriden.
1070
87
      return false;
1071
87
    }
1072
1073
    // Case #1 (without return statements)
1074
42
    if (FunctionCFG.size() == 2) {
1075
      // Method has only two blocks: ENTRY and EXIT.
1076
      // This is equivalent to empty function.
1077
1
      return true;
1078
1
    }
1079
1080
    // Case #2
1081
41
    if (FunctionCFG.size() == 3) {
1082
21
      const CFGBlock &Entry = FunctionCFG.getEntry();
1083
21
      if (Entry.succ_empty()) {
1084
0
        return false;
1085
0
      }
1086
1087
21
      const CFGBlock *OnlyBlock = *Entry.succ_begin();
1088
      // Method has only one block, let's see if it has a no-return
1089
      // element.
1090
21
      if (OnlyBlock && OnlyBlock->hasNoReturnElement()) {
1091
0
        return true;
1092
0
      }
1093
      // Fallthrough, CFGs with only one block can fall into #1 and #3 as well.
1094
21
    }
1095
1096
    // Cases #1 (return statements) and #3.
1097
    //
1098
    // It is hard to detect that something is an assertion or came
1099
    // from assertion.  Here we use a simple heuristic:
1100
    //
1101
    //   - If it came from a macro, it can be an assertion.
1102
    //
1103
    // Additionally, we can't assume a number of basic blocks or the CFG's
1104
    // structure because assertions might include loops and conditions.
1105
93
    
return llvm::all_of(FunctionCFG, [](const CFGBlock *BB) 41
{
1106
93
      if (!BB) {
1107
        // Unreachable blocks are totally fine.
1108
0
        return true;
1109
0
      }
1110
1111
      // Return statements can have sub-expressions that are represented as
1112
      // separate statements of a basic block.  We should allow this.
1113
      // This parent map will be initialized with a parent tree for all
1114
      // subexpressions of the block's return statement (if it has one).
1115
93
      std::unique_ptr<ParentMap> ReturnChildren;
1116
1117
93
      return llvm::all_of(
1118
93
          llvm::reverse(*BB), // we should start with return statements, if we
1119
                              // have any, i.e. from the bottom of the block
1120
76
          [&ReturnChildren](const CFGElement &Element) {
1121
76
            if (Optional<CFGStmt> S = Element.getAs<CFGStmt>()) {
1122
76
              const Stmt *SuspiciousStmt = S->getStmt();
1123
1124
76
              if (isa<ReturnStmt>(SuspiciousStmt)) {
1125
                // Let's initialize this structure to test whether
1126
                // some further statement is a part of this return.
1127
5
                ReturnChildren = std::make_unique<ParentMap>(
1128
5
                    const_cast<Stmt *>(SuspiciousStmt));
1129
                // Return statements are allowed as part of #1.
1130
5
                return true;
1131
5
              }
1132
1133
71
              return SuspiciousStmt->getBeginLoc().isMacroID() ||
1134
40
                     (ReturnChildren &&
1135
5
                      ReturnChildren->hasParent(SuspiciousStmt));
1136
71
            }
1137
0
            return true;
1138
0
          });
1139
93
    });
1140
41
  }
1141
1142
  /// Check if parameter with the given index has ever escaped.
1143
18
  bool hasEverEscaped(unsigned Index) const {
1144
45
    return llvm::any_of(States, [Index](const State &StateForOneBB) {
1145
45
      return StateForOneBB.getKindFor(Index) == ParameterStatus::Escaped;
1146
45
    });
1147
18
  }
1148
1149
  /// Return status stored for the given basic block.
1150
  /// \{
1151
929
  State &getState(const CFGBlock *BB) {
1152
929
    assert(BB);
1153
929
    return States[BB->getBlockID()];
1154
929
  }
1155
1.00k
  const State &getState(const CFGBlock *BB) const {
1156
1.00k
    assert(BB);
1157
1.00k
    return States[BB->getBlockID()];
1158
1.00k
  }
1159
  /// \}
1160
1161
  /// Assign status to the given basic block.
1162
  ///
1163
  /// Returns true when the stored status changed.
1164
521
  bool assignState(const CFGBlock *BB, const State &ToAssign) {
1165
521
    State &Current = getState(BB);
1166
521
    if (Current == ToAssign) {
1167
2
      return false;
1168
2
    }
1169
1170
519
    Current = ToAssign;
1171
519
    return true;
1172
519
  }
1173
1174
  /// Join all incoming statuses for the given basic block.
1175
399
  State joinSuccessors(const CFGBlock *BB) const {
1176
399
    auto Succs =
1177
493
        llvm::make_filter_range(BB->succs(), [this](const CFGBlock *Succ) {
1178
493
          return Succ && 
this->getState(Succ).isVisited()490
;
1179
493
        });
1180
    // We came to this block from somewhere after all.
1181
399
    assert(!Succs.empty() &&
1182
399
           "Basic block should have at least one visited successor");
1183
1184
399
    State Result = getState(*Succs.begin());
1185
1186
89
    for (const CFGBlock *Succ : llvm::drop_begin(Succs, 1)) {
1187
89
      Result.join(getState(Succ));
1188
89
    }
1189
1190
399
    if (const Expr *Condition = getCondition(BB->getTerminatorStmt())) {
1191
71
      handleConditional(BB, Condition, Result);
1192
71
    }
1193
1194
399
    return Result;
1195
399
  }
1196
1197
  void handleConditional(const CFGBlock *BB, const Expr *Condition,
1198
71
                         State &ToAlter) const {
1199
71
    handleParameterCheck(BB, Condition, ToAlter);
1200
71
    if (SuppressOnConventionalErrorPaths) {
1201
0
      handleConventionalCheck(BB, Condition, ToAlter);
1202
0
    }
1203
71
  }
1204
1205
  void handleParameterCheck(const CFGBlock *BB, const Expr *Condition,
1206
71
                            State &ToAlter) const {
1207
    // In this function, we try to deal with the following pattern:
1208
    //
1209
    //   if (parameter)
1210
    //     parameter(...);
1211
    //
1212
    // It's not good to show a warning here because clearly 'parameter'
1213
    // couldn't and shouldn't be called on the 'else' path.
1214
    //
1215
    // Let's check if this if statement has a check involving one of
1216
    // the tracked parameters.
1217
71
    if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(
1218
60
            Condition,
1219
60
            /* ShouldRetrieveFromComparisons = */ true)) {
1220
60
      if (const auto Index = getIndex(*Parameter)) {
1221
8
        ParameterStatus &CurrentStatus = ToAlter.getStatusFor(*Index);
1222
1223
        // We don't want to deep dive into semantics of the check and
1224
        // figure out if that check was for null or something else.
1225
        // We simply trust the user that they know what they are doing.
1226
        //
1227
        // For this reason, in the following loop we look for the
1228
        // best-looking option.
1229
12
        for (const CFGBlock *Succ : BB->succs()) {
1230
12
          if (!Succ)
1231
0
            continue;
1232
1233
12
          const ParameterStatus &StatusInSucc =
1234
12
              getState(Succ).getStatusFor(*Index);
1235
1236
12
          if (StatusInSucc.isErrorStatus()) {
1237
4
            continue;
1238
4
          }
1239
1240
          // Let's use this status instead.
1241
8
          CurrentStatus = StatusInSucc;
1242
1243
8
          if (StatusInSucc.getKind() == ParameterStatus::DefinitelyCalled) {
1244
            // This is the best option to have and we already found it.
1245
7
            break;
1246
7
          }
1247
1248
          // If we found 'Escaped' first, we still might find 'DefinitelyCalled'
1249
          // on the other branch.  And we prefer the latter.
1250
8
        }
1251
8
      }
1252
60
    }
1253
71
  }
1254
1255
  void handleConventionalCheck(const CFGBlock *BB, const Expr *Condition,
1256
0
                               State &ToAlter) const {
1257
    // Even when the analysis is technically correct, it is a widespread pattern
1258
    // not to call completion handlers in some scenarios.  These usually have
1259
    // typical conditional names, such as 'error' or 'cancel'.
1260
0
    if (!mentionsAnyOfConventionalNames(Condition)) {
1261
0
      return;
1262
0
    }
1263
1264
0
    for (const auto &IndexedStatus : llvm::enumerate(ToAlter)) {
1265
0
      const ParmVarDecl *Parameter = getParameter(IndexedStatus.index());
1266
      // Conventions do not apply to explicitly marked parameters.
1267
0
      if (isExplicitlyMarked(Parameter)) {
1268
0
        continue;
1269
0
      }
1270
1271
0
      ParameterStatus &CurrentStatus = IndexedStatus.value();
1272
      // If we did find that on one of the branches the user uses the callback
1273
      // and doesn't on the other path, we believe that they know what they are
1274
      // doing and trust them.
1275
      //
1276
      // There are two possible scenarios for that:
1277
      //   1. Current status is 'MaybeCalled' and one of the branches is
1278
      //      'DefinitelyCalled'
1279
      //   2. Current status is 'NotCalled' and one of the branches is 'Escaped'
1280
0
      if (isLosingCall(ToAlter, BB, IndexedStatus.index()) ||
1281
0
          isLosingEscape(ToAlter, BB, IndexedStatus.index())) {
1282
0
        CurrentStatus = ParameterStatus::Escaped;
1283
0
      }
1284
0
    }
1285
0
  }
1286
1287
  bool isLosingCall(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1288
0
                    unsigned ParameterIndex) const {
1289
    // Let's check if the block represents DefinitelyCalled -> MaybeCalled
1290
    // transition.
1291
0
    return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1292
0
                        ParameterStatus::MaybeCalled,
1293
0
                        ParameterStatus::DefinitelyCalled);
1294
0
  }
1295
1296
  bool isLosingEscape(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1297
36
                      unsigned ParameterIndex) const {
1298
    // Let's check if the block represents Escaped -> NotCalled transition.
1299
36
    return isLosingJoin(StateAfterJoin, JoinBlock, ParameterIndex,
1300
36
                        ParameterStatus::NotCalled, ParameterStatus::Escaped);
1301
36
  }
1302
1303
  bool isLosingJoin(const State &StateAfterJoin, const CFGBlock *JoinBlock,
1304
                    unsigned ParameterIndex, ParameterStatus::Kind AfterJoin,
1305
36
                    ParameterStatus::Kind BeforeJoin) const {
1306
36
    assert(!ParameterStatus::isErrorStatus(BeforeJoin) &&
1307
36
           ParameterStatus::isErrorStatus(AfterJoin) &&
1308
36
           "It's not a losing join if statuses do not represent "
1309
36
           "correct-to-error transition");
1310
1311
36
    const ParameterStatus &CurrentStatus =
1312
36
        StateAfterJoin.getStatusFor(ParameterIndex);
1313
1314
36
    return CurrentStatus.getKind() == AfterJoin &&
1315
25
           anySuccessorHasStatus(JoinBlock, ParameterIndex, BeforeJoin);
1316
36
  }
1317
1318
  /// Return true if any of the successors of the given basic block has
1319
  /// a specified status for the given parameter.
1320
  bool anySuccessorHasStatus(const CFGBlock *Parent, unsigned ParameterIndex,
1321
25
                             ParameterStatus::Kind ToFind) const {
1322
25
    return llvm::any_of(
1323
18
        Parent->succs(), [this, ParameterIndex, ToFind](const CFGBlock *Succ) {
1324
18
          return Succ && getState(Succ).getKindFor(ParameterIndex) == ToFind;
1325
18
        });
1326
25
  }
1327
1328
  /// Check given expression that was discovered to escape.
1329
55
  void checkEscapee(const Expr *E) {
1330
55
    if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1331
12
      checkEscapee(*Parameter);
1332
12
    }
1333
55
  }
1334
1335
  /// Check given parameter that was discovered to escape.
1336
24
  void checkEscapee(const ParmVarDecl &Parameter) {
1337
24
    if (auto Index = getIndex(Parameter)) {
1338
19
      ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
1339
1340
19
      if (CurrentParamStatus.getKind() == ParameterStatus::NotCalled) {
1341
16
        CurrentParamStatus = ParameterStatus::Escaped;
1342
16
      }
1343
19
    }
1344
24
  }
1345
1346
  /// Mark all parameters in the current state as 'no-return'.
1347
9
  void markNoReturn() {
1348
9
    for (ParameterStatus &PS : CurrentState) {
1349
9
      PS = ParameterStatus::NoReturn;
1350
9
    }
1351
9
  }
1352
1353
  /// Check if the given assignment represents suppression and act on it.
1354
8
  void checkSuppression(const BinaryOperator *Assignment) {
1355
    // Suppression has the following form:
1356
    //    parameter = 0;
1357
    // 0 can be of any form (NULL, nil, etc.)
1358
8
    if (auto Index = getIndexOfExpression(Assignment->getLHS())) {
1359
1360
      // We don't care what is written in the RHS, it could be whatever
1361
      // we can interpret as 0.
1362
3
      if (auto Constant =
1363
3
              Assignment->getRHS()->IgnoreParenCasts()->getIntegerConstantExpr(
1364
3
                  AC.getASTContext())) {
1365
1366
3
        ParameterStatus &CurrentParamStatus = CurrentState.getStatusFor(*Index);
1367
1368
3
        if (0 == *Constant && CurrentParamStatus.seenAnyCalls()) {
1369
          // Even though this suppression mechanism is introduced to tackle
1370
          // false positives for multiple calls, the fact that the user has
1371
          // to use suppression can also tell us that we couldn't figure out
1372
          // how different paths cancel each other out.  And if that is true,
1373
          // we will most certainly have false positives about parameters not
1374
          // being called on certain paths.
1375
          //
1376
          // For this reason, we abandon tracking this parameter altogether.
1377
3
          CurrentParamStatus = ParameterStatus::Reported;
1378
3
        }
1379
3
      }
1380
3
    }
1381
8
  }
1382
1383
public:
1384
  //===----------------------------------------------------------------------===//
1385
  //                            Tree traversal methods
1386
  //===----------------------------------------------------------------------===//
1387
1388
147
  void VisitCallExpr(const CallExpr *Call) {
1389
    // This call might be a direct call, i.e. a parameter call...
1390
147
    checkDirectCall(Call);
1391
    // ... or an indirect call, i.e. when parameter is an argument.
1392
147
    checkIndirectCall(Call);
1393
147
  }
1394
1395
38
  void VisitObjCMessageExpr(const ObjCMessageExpr *Message) {
1396
    // The most common situation that we are defending against here is
1397
    // copying a tracked parameter.
1398
38
    if (const Expr *Receiver = Message->getInstanceReceiver()) {
1399
38
      checkEscapee(Receiver);
1400
38
    }
1401
    // Message expressions unlike calls, could not be direct.
1402
38
    checkIndirectCall(Message);
1403
38
  }
1404
1405
10
  void VisitBlockExpr(const BlockExpr *Block) {
1406
15
    for (const auto &Capture : Block->getBlockDecl()->captures()) {
1407
      // If a block captures a tracked parameter, it should be
1408
      // considered escaped.
1409
      // On one hand, blocks that do that should definitely call it on
1410
      // every path.  However, it is not guaranteed that the block
1411
      // itself gets called whenever it gets created.
1412
      //
1413
      // Because we don't want to track blocks and whether they get called,
1414
      // we consider such parameters simply escaped.
1415
15
      if (const auto *Param = dyn_cast<ParmVarDecl>(Capture.getVariable())) {
1416
12
        checkEscapee(*Param);
1417
12
      }
1418
15
    }
1419
10
  }
1420
1421
24
  void VisitBinaryOperator(const BinaryOperator *Op) {
1422
24
    if (Op->getOpcode() == clang::BO_Assign) {
1423
      // Let's check if one of the tracked parameters is assigned into
1424
      // something, and if it is we don't want to track extra variables, so we
1425
      // consider it as an escapee.
1426
8
      checkEscapee(Op->getRHS());
1427
1428
      // Let's check whether this assignment is a suppression.
1429
8
      checkSuppression(Op);
1430
8
    }
1431
24
  }
1432
1433
8
  void VisitDeclStmt(const DeclStmt *DS) {
1434
    // Variable initialization is not assignment and should be handled
1435
    // separately.
1436
    //
1437
    // Multiple declarations can be a part of declaration statement.
1438
8
    for (const auto *Declaration : DS->getDeclGroup()) {
1439
8
      if (const auto *Var = dyn_cast<VarDecl>(Declaration)) {
1440
8
        if (Var->getInit()) {
1441
5
          checkEscapee(Var->getInit());
1442
5
        }
1443
8
      }
1444
8
    }
1445
8
  }
1446
1447
13
  void VisitCStyleCastExpr(const CStyleCastExpr *Cast) {
1448
    // We consider '(void)parameter' as a manual no-op escape.
1449
    // It should be used to explicitly tell the analysis that this parameter
1450
    // is intentionally not called on this path.
1451
13
    if (Cast->getType().getCanonicalType()->isVoidType()) {
1452
4
      checkEscapee(Cast->getSubExpr());
1453
4
    }
1454
13
  }
1455
1456
2
  void VisitObjCAtThrowStmt(const ObjCAtThrowStmt *) {
1457
    // It is OK not to call marked parameters on exceptional paths.
1458
2
    markNoReturn();
1459
2
  }
1460
1461
private:
1462
75.4k
  unsigned size() const { return TrackedParams.size(); }
1463
1464
147
  llvm::Optional<unsigned> getIndexOfCallee(const CallExpr *Call) const {
1465
147
    return getIndexOfExpression(Call->getCallee());
1466
147
  }
1467
1468
221
  llvm::Optional<unsigned> getIndexOfExpression(const Expr *E) const {
1469
221
    if (const ParmVarDecl *Parameter = findReferencedParmVarDecl(E)) {
1470
154
      return getIndex(*Parameter);
1471
154
    }
1472
1473
67
    return llvm::None;
1474
67
  }
1475
1476
238
  llvm::Optional<unsigned> getIndex(const ParmVarDecl &Parameter) const {
1477
    // Expected number of parameters that we actually track is 1.
1478
    //
1479
    // Also, the maximum number of declared parameters could not be on a scale
1480
    // of hundreds of thousands.
1481
    //
1482
    // In this setting, linear search seems reasonable and even performs better
1483
    // than bisection.
1484
238
    ParamSizedVector<const ParmVarDecl *>::const_iterator It =
1485
238
        llvm::find(TrackedParams, &Parameter);
1486
1487
238
    if (It != TrackedParams.end()) {
1488
179
      return It - TrackedParams.begin();
1489
179
    }
1490
1491
59
    return llvm::None;
1492
59
  }
1493
1494
186
  const ParmVarDecl *getParameter(unsigned Index) const {
1495
186
    assert(Index < TrackedParams.size());
1496
186
    return TrackedParams[Index];
1497
186
  }
1498
1499
  const CFG &FunctionCFG;
1500
  AnalysisDeclContext &AC;
1501
  CalledOnceCheckHandler &Handler;
1502
  bool CheckConventionalParameters;
1503
  // As of now, we turn this behavior off.  So, we still are going to report
1504
  // missing calls on paths that look like it was intentional.
1505
  // Technically such reports are true positives, but they can make some users
1506
  // grumpy because of the sheer number of warnings.
1507
  // It can be turned back on if we decide that we want to have the other way
1508
  // around.
1509
  bool SuppressOnConventionalErrorPaths = false;
1510
1511
  State CurrentState;
1512
  ParamSizedVector<const ParmVarDecl *> TrackedParams;
1513
  CFGSizedVector<State> States;
1514
};
1515
1516
} // end anonymous namespace
1517
1518
namespace clang {
1519
void checkCalledOnceParameters(AnalysisDeclContext &AC,
1520
                               CalledOnceCheckHandler &Handler,
1521
24.9k
                               bool CheckConventionalParameters) {
1522
24.9k
  CalledOnceChecker::check(AC, Handler, CheckConventionalParameters);
1523
24.9k
}
1524
} // end namespace clang