Coverage Report

Created: 2020-09-22 08:39

/Users/buildslave/jenkins/workspace/coverage/llvm-project/clang/lib/Sema/SemaAccess.cpp
Line
Count
Source (jump to first uncovered line)
1
//===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// This file provides Sema routines for C++ access control semantics.
10
//
11
//===----------------------------------------------------------------------===//
12
13
#include "clang/Basic/Specifiers.h"
14
#include "clang/Sema/SemaInternal.h"
15
#include "clang/AST/ASTContext.h"
16
#include "clang/AST/CXXInheritance.h"
17
#include "clang/AST/DeclCXX.h"
18
#include "clang/AST/DeclFriend.h"
19
#include "clang/AST/DeclObjC.h"
20
#include "clang/AST/DependentDiagnostic.h"
21
#include "clang/AST/ExprCXX.h"
22
#include "clang/Sema/DelayedDiagnostic.h"
23
#include "clang/Sema/Initialization.h"
24
#include "clang/Sema/Lookup.h"
25
26
using namespace clang;
27
using namespace sema;
28
29
/// A copy of Sema's enum without AR_delayed.
30
enum AccessResult {
31
  AR_accessible,
32
  AR_inaccessible,
33
  AR_dependent
34
};
35
36
/// SetMemberAccessSpecifier - Set the access specifier of a member.
37
/// Returns true on error (when the previous member decl access specifier
38
/// is different from the new member decl access specifier).
39
bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
40
                                    NamedDecl *PrevMemberDecl,
41
62.1k
                                    AccessSpecifier LexicalAS) {
42
62.1k
  if (!PrevMemberDecl) {
43
    // Use the lexical access specifier.
44
61.0k
    MemberDecl->setAccess(LexicalAS);
45
61.0k
    return false;
46
61.0k
  }
47
48
  // C++ [class.access.spec]p3: When a member is redeclared its access
49
  // specifier must be same as its initial declaration.
50
1.13k
  if (LexicalAS != AS_none && 
LexicalAS != PrevMemberDecl->getAccess()105
) {
51
4
    Diag(MemberDecl->getLocation(),
52
4
         diag::err_class_redeclared_with_different_access)
53
4
      << MemberDecl << LexicalAS;
54
4
    Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
55
4
      << PrevMemberDecl << PrevMemberDecl->getAccess();
56
57
4
    MemberDecl->setAccess(LexicalAS);
58
4
    return true;
59
4
  }
60
61
1.12k
  MemberDecl->setAccess(PrevMemberDecl->getAccess());
62
1.12k
  return false;
63
1.12k
}
64
65
1.14M
static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) {
66
1.14M
  DeclContext *DC = D->getDeclContext();
67
68
  // This can only happen at top: enum decls only "publish" their
69
  // immediate members.
70
1.14M
  if (isa<EnumDecl>(DC))
71
11.0k
    DC = cast<EnumDecl>(DC)->getDeclContext();
72
73
1.14M
  CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC);
74
1.14M
  while (DeclaringClass->isAnonymousStructOrUnion())
75
0
    DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext());
76
1.14M
  return DeclaringClass;
77
1.14M
}
78
79
namespace {
80
struct EffectiveContext {
81
15
  EffectiveContext() : Inner(nullptr), Dependent(false) {}
82
83
  explicit EffectiveContext(DeclContext *DC)
84
    : Inner(DC),
85
903k
      Dependent(DC->isDependentContext()) {
86
87
    // C++11 [class.access.nest]p1:
88
    //   A nested class is a member and as such has the same access
89
    //   rights as any other member.
90
    // C++11 [class.access]p2:
91
    //   A member of a class can also access all the names to which
92
    //   the class has access.  A local class of a member function
93
    //   may access the same names that the member function itself
94
    //   may access.
95
    // This almost implies that the privileges of nesting are transitive.
96
    // Technically it says nothing about the local classes of non-member
97
    // functions (which can gain privileges through friendship), but we
98
    // take that as an oversight.
99
2.57M
    while (true) {
100
      // We want to add canonical declarations to the EC lists for
101
      // simplicity of checking, but we need to walk up through the
102
      // actual current DC chain.  Otherwise, something like a local
103
      // extern or friend which happens to be the canonical
104
      // declaration will really mess us up.
105
106
2.57M
      if (isa<CXXRecordDecl>(DC)) {
107
917k
        CXXRecordDecl *Record = cast<CXXRecordDecl>(DC);
108
917k
        Records.push_back(Record->getCanonicalDecl());
109
917k
        DC = Record->getDeclContext();
110
1.65M
      } else if (isa<FunctionDecl>(DC)) {
111
738k
        FunctionDecl *Function = cast<FunctionDecl>(DC);
112
738k
        Functions.push_back(Function->getCanonicalDecl());
113
738k
        if (Function->getFriendObjectKind())
114
5.62k
          DC = Function->getLexicalDeclContext();
115
733k
        else
116
733k
          DC = Function->getDeclContext();
117
914k
      } else if (DC->isFileContext()) {
118
903k
        break;
119
10.9k
      } else {
120
10.9k
        DC = DC->getParent();
121
10.9k
      }
122
2.57M
    }
123
903k
  }
124
125
96.6k
  bool isDependent() const { return Dependent; }
126
127
9.25k
  bool includesClass(const CXXRecordDecl *R) const {
128
9.25k
    R = R->getCanonicalDecl();
129
9.25k
    return llvm::find(Records, R) != Records.end();
130
9.25k
  }
131
132
  /// Retrieves the innermost "useful" context.  Can be null if we're
133
  /// doing access-control without privileges.
134
97
  DeclContext *getInnerContext() const {
135
97
    return Inner;
136
97
  }
137
138
  typedef SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator;
139
140
  DeclContext *Inner;
141
  SmallVector<FunctionDecl*, 4> Functions;
142
  SmallVector<CXXRecordDecl*, 4> Records;
143
  bool Dependent;
144
};
145
146
/// Like sema::AccessedEntity, but kindly lets us scribble all over
147
/// it.
148
struct AccessTarget : public AccessedEntity {
149
  AccessTarget(const AccessedEntity &Entity)
150
234k
    : AccessedEntity(Entity) {
151
234k
    initialize();
152
234k
  }
153
154
  AccessTarget(ASTContext &Context,
155
               MemberNonce _,
156
               CXXRecordDecl *NamingClass,
157
               DeclAccessPair FoundDecl,
158
               QualType BaseObjectType)
159
    : AccessedEntity(Context.getDiagAllocator(), Member, NamingClass,
160
903k
                     FoundDecl, BaseObjectType) {
161
903k
    initialize();
162
903k
  }
163
164
  AccessTarget(ASTContext &Context,
165
               BaseNonce _,
166
               CXXRecordDecl *BaseClass,
167
               CXXRecordDecl *DerivedClass,
168
               AccessSpecifier Access)
169
    : AccessedEntity(Context.getDiagAllocator(), Base, BaseClass, DerivedClass,
170
15.2k
                     Access) {
171
15.2k
    initialize();
172
15.2k
  }
173
174
167k
  bool isInstanceMember() const {
175
167k
    return (isMemberAccess() && 
getTargetDecl()->isCXXInstanceMember()167k
);
176
167k
  }
177
178
166k
  bool hasInstanceContext() const {
179
166k
    return HasInstanceContext;
180
166k
  }
181
182
  class SavedInstanceContext {
183
  public:
184
    SavedInstanceContext(SavedInstanceContext &&S)
185
0
        : Target(S.Target), Has(S.Has) {
186
0
      S.Target = nullptr;
187
0
    }
188
73.3k
    ~SavedInstanceContext() {
189
73.3k
      if (Target)
190
73.3k
        Target->HasInstanceContext = Has;
191
73.3k
    }
192
193
  private:
194
    friend struct AccessTarget;
195
    explicit SavedInstanceContext(AccessTarget &Target)
196
73.3k
        : Target(&Target), Has(Target.HasInstanceContext) {}
197
    AccessTarget *Target;
198
    bool Has;
199
  };
200
201
73.3k
  SavedInstanceContext saveInstanceContext() {
202
73.3k
    return SavedInstanceContext(*this);
203
73.3k
  }
204
205
59.2k
  void suppressInstanceContext() {
206
59.2k
    HasInstanceContext = false;
207
59.2k
  }
208
209
53.2k
  const CXXRecordDecl *resolveInstanceContext(Sema &S) const {
210
53.2k
    assert(HasInstanceContext);
211
53.2k
    if (CalculatedInstanceContext)
212
561
      return InstanceContext;
213
214
52.7k
    CalculatedInstanceContext = true;
215
52.7k
    DeclContext *IC = S.computeDeclContext(getBaseObjectType());
216
52.7k
    InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl()
217
0
                          : nullptr);
218
52.7k
    return InstanceContext;
219
52.7k
  }
220
221
78.7k
  const CXXRecordDecl *getDeclaringClass() const {
222
78.7k
    return DeclaringClass;
223
78.7k
  }
224
225
  /// The "effective" naming class is the canonical non-anonymous
226
  /// class containing the actual naming class.
227
903k
  const CXXRecordDecl *getEffectiveNamingClass() const {
228
903k
    const CXXRecordDecl *namingClass = getNamingClass();
229
903k
    while (namingClass->isAnonymousStructOrUnion())
230
0
      namingClass = cast<CXXRecordDecl>(namingClass->getParent());
231
903k
    return namingClass->getCanonicalDecl();
232
903k
  }
233
234
private:
235
1.15M
  void initialize() {
236
1.15M
    HasInstanceContext = (isMemberAccess() &&
237
1.13M
                          !getBaseObjectType().isNull() &&
238
513k
                          getTargetDecl()->isCXXInstanceMember());
239
1.15M
    CalculatedInstanceContext = false;
240
1.15M
    InstanceContext = nullptr;
241
242
1.15M
    if (isMemberAccess())
243
1.13M
      DeclaringClass = FindDeclaringClass(getTargetDecl());
244
15.3k
    else
245
15.3k
      DeclaringClass = getBaseClass();
246
1.15M
    DeclaringClass = DeclaringClass->getCanonicalDecl();
247
1.15M
  }
248
249
  bool HasInstanceContext : 1;
250
  mutable bool CalculatedInstanceContext : 1;
251
  mutable const CXXRecordDecl *InstanceContext;
252
  const CXXRecordDecl *DeclaringClass;
253
};
254
255
}
256
257
/// Checks whether one class might instantiate to the other.
258
static bool MightInstantiateTo(const CXXRecordDecl *From,
259
5.92k
                               const CXXRecordDecl *To) {
260
  // Declaration names are always preserved by instantiation.
261
5.92k
  if (From->getDeclName() != To->getDeclName())
262
5.83k
    return false;
263
264
94
  const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext();
265
94
  const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext();
266
94
  if (FromDC == ToDC) 
return true86
;
267
8
  if (FromDC->isFileContext() || ToDC->isFileContext()) 
return false0
;
268
269
  // Be conservative.
270
8
  return true;
271
8
}
272
273
/// Checks whether one class is derived from another, inclusively.
274
/// Properly indicates when it couldn't be determined due to
275
/// dependence.
276
///
277
/// This should probably be donated to AST or at least Sema.
278
static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived,
279
219k
                                           const CXXRecordDecl *Target) {
280
219k
  assert(Derived->getCanonicalDecl() == Derived);
281
219k
  assert(Target->getCanonicalDecl() == Target);
282
283
219k
  if (Derived == Target) 
return AR_accessible160k
;
284
285
58.7k
  bool CheckDependent = Derived->isDependentContext();
286
58.7k
  if (CheckDependent && 
MightInstantiateTo(Derived, Target)1.70k
)
287
24
    return AR_dependent;
288
289
58.6k
  AccessResult OnFailure = AR_inaccessible;
290
58.6k
  SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack
291
292
59.3k
  while (true) {
293
59.3k
    if (Derived->isDependentContext() && 
!Derived->hasDefinition()1.68k
&&
294
1
        !Derived->isLambda())
295
1
      return AR_dependent;
296
297
59.3k
    for (const auto &I : Derived->bases()) {
298
57.7k
      const CXXRecordDecl *RD;
299
300
57.7k
      QualType T = I.getType();
301
57.7k
      if (const RecordType *RT = T->getAs<RecordType>()) {
302
57.7k
        RD = cast<CXXRecordDecl>(RT->getDecl());
303
12
      } else if (const InjectedClassNameType *IT
304
0
                   = T->getAs<InjectedClassNameType>()) {
305
0
        RD = IT->getDecl();
306
12
      } else {
307
12
        assert(T->isDependentType() && "non-dependent base wasn't a record?");
308
12
        OnFailure = AR_dependent;
309
12
        continue;
310
12
      }
311
312
57.7k
      RD = RD->getCanonicalDecl();
313
57.7k
      if (RD == Target) 
return AR_accessible56.7k
;
314
1.04k
      if (CheckDependent && 
MightInstantiateTo(RD, Target)185
)
315
0
        OnFailure = AR_dependent;
316
317
1.04k
      Queue.push_back(RD);
318
1.04k
    }
319
320
2.58k
    if (Queue.empty()) 
break1.95k
;
321
322
632
    Derived = Queue.pop_back_val();
323
632
  }
324
325
1.95k
  return OnFailure;
326
58.6k
}
327
328
329
static bool MightInstantiateTo(Sema &S, DeclContext *Context,
330
45
                               DeclContext *Friend) {
331
45
  if (Friend == Context)
332
33
    return true;
333
334
12
  assert(!Friend->isDependentContext() &&
335
12
         "can't handle friends with dependent contexts here");
336
337
12
  if (!Context->isDependentContext())
338
10
    return false;
339
340
2
  if (Friend->isFileContext())
341
0
    return false;
342
343
  // TODO: this is very conservative
344
2
  return true;
345
2
}
346
347
// Asks whether the type in 'context' can ever instantiate to the type
348
// in 'friend'.
349
70
static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) {
350
70
  if (Friend == Context)
351
34
    return true;
352
353
36
  if (!Friend->isDependentType() && !Context->isDependentType())
354
0
    return false;
355
356
  // TODO: this is very conservative.
357
36
  return true;
358
36
}
359
360
static bool MightInstantiateTo(Sema &S,
361
                               FunctionDecl *Context,
362
1.92k
                               FunctionDecl *Friend) {
363
1.92k
  if (Context->getDeclName() != Friend->getDeclName())
364
1.87k
    return false;
365
366
42
  if (!MightInstantiateTo(S,
367
42
                          Context->getDeclContext(),
368
42
                          Friend->getDeclContext()))
369
7
    return false;
370
371
35
  CanQual<FunctionProtoType> FriendTy
372
35
    = S.Context.getCanonicalType(Friend->getType())
373
35
         ->getAs<FunctionProtoType>();
374
35
  CanQual<FunctionProtoType> ContextTy
375
35
    = S.Context.getCanonicalType(Context->getType())
376
35
         ->getAs<FunctionProtoType>();
377
378
  // There isn't any way that I know of to add qualifiers
379
  // during instantiation.
380
35
  if (FriendTy.getQualifiers() != ContextTy.getQualifiers())
381
0
    return false;
382
383
35
  if (FriendTy->getNumParams() != ContextTy->getNumParams())
384
0
    return false;
385
386
35
  if (!MightInstantiateTo(S, ContextTy->getReturnType(),
387
35
                          FriendTy->getReturnType()))
388
0
    return false;
389
390
70
  
for (unsigned I = 0, E = FriendTy->getNumParams(); 35
I != E;
++I35
)
391
35
    if (!MightInstantiateTo(S, ContextTy->getParamType(I),
392
35
                            FriendTy->getParamType(I)))
393
0
      return false;
394
395
35
  return true;
396
35
}
397
398
static bool MightInstantiateTo(Sema &S,
399
                               FunctionTemplateDecl *Context,
400
1.62k
                               FunctionTemplateDecl *Friend) {
401
1.62k
  return MightInstantiateTo(S,
402
1.62k
                            Context->getTemplatedDecl(),
403
1.62k
                            Friend->getTemplatedDecl());
404
1.62k
}
405
406
static AccessResult MatchesFriend(Sema &S,
407
                                  const EffectiveContext &EC,
408
9.25k
                                  const CXXRecordDecl *Friend) {
409
9.25k
  if (EC.includesClass(Friend))
410
3.37k
    return AR_accessible;
411
412
5.88k
  if (EC.isDependent()) {
413
29
    for (const CXXRecordDecl *Context : EC.Records) {
414
29
      if (MightInstantiateTo(Context, Friend))
415
10
        return AR_dependent;
416
29
    }
417
376
  }
418
419
5.87k
  return AR_inaccessible;
420
5.88k
}
421
422
static AccessResult MatchesFriend(Sema &S,
423
                                  const EffectiveContext &EC,
424
9.25k
                                  CanQualType Friend) {
425
9.25k
  if (const RecordType *RT = Friend->getAs<RecordType>())
426
9.25k
    return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl()));
427
428
  // TODO: we can do better than this
429
0
  if (Friend->isDependentType())
430
0
    return AR_dependent;
431
432
0
  return AR_inaccessible;
433
0
}
434
435
/// Determines whether the given friend class template matches
436
/// anything in the effective context.
437
static AccessResult MatchesFriend(Sema &S,
438
                                  const EffectiveContext &EC,
439
6.91k
                                  ClassTemplateDecl *Friend) {
440
6.91k
  AccessResult OnFailure = AR_inaccessible;
441
442
  // Check whether the friend is the template of a class in the
443
  // context chain.
444
6.91k
  for (SmallVectorImpl<CXXRecordDecl*>::const_iterator
445
12.6k
         I = EC.Records.begin(), E = EC.Records.end(); I != E; 
++I5.78k
) {
446
7.42k
    CXXRecordDecl *Record = *I;
447
448
    // Figure out whether the current class has a template:
449
7.42k
    ClassTemplateDecl *CTD;
450
451
    // A specialization of the template...
452
7.42k
    if (isa<ClassTemplateSpecializationDecl>(Record)) {
453
3.14k
      CTD = cast<ClassTemplateSpecializationDecl>(Record)
454
3.14k
        ->getSpecializedTemplate();
455
456
    // ... or the template pattern itself.
457
4.27k
    } else {
458
4.27k
      CTD = Record->getDescribedClassTemplate();
459
4.27k
      if (!CTD) 
continue552
;
460
6.87k
    }
461
462
    // It's a match.
463
6.87k
    if (Friend == CTD->getCanonicalDecl())
464
1.64k
      return AR_accessible;
465
466
    // If the context isn't dependent, it can't be a dependent match.
467
5.23k
    if (!EC.isDependent())
468
2.23k
      continue;
469
470
    // If the template names don't match, it can't be a dependent
471
    // match.
472
2.99k
    if (CTD->getDeclName() != Friend->getDeclName())
473
2.99k
      continue;
474
475
    // If the class's context can't instantiate to the friend's
476
    // context, it can't be a dependent match.
477
3
    if (!MightInstantiateTo(S, CTD->getDeclContext(),
478
3
                            Friend->getDeclContext()))
479
3
      continue;
480
481
    // Otherwise, it's a dependent match.
482
0
    OnFailure = AR_dependent;
483
0
  }
484
485
5.27k
  return OnFailure;
486
6.91k
}
487
488
/// Determines whether the given friend function matches anything in
489
/// the effective context.
490
static AccessResult MatchesFriend(Sema &S,
491
                                  const EffectiveContext &EC,
492
5.36k
                                  FunctionDecl *Friend) {
493
5.36k
  AccessResult OnFailure = AR_inaccessible;
494
495
5.36k
  for (SmallVectorImpl<FunctionDecl*>::const_iterator
496
9.56k
         I = EC.Functions.begin(), E = EC.Functions.end(); I != E; 
++I4.19k
) {
497
5.35k
    if (Friend == *I)
498
1.15k
      return AR_accessible;
499
500
4.19k
    if (EC.isDependent() && 
MightInstantiateTo(S, *I, Friend)300
)
501
35
      OnFailure = AR_dependent;
502
4.19k
  }
503
504
4.21k
  return OnFailure;
505
5.36k
}
506
507
/// Determines whether the given friend function template matches
508
/// anything in the effective context.
509
static AccessResult MatchesFriend(Sema &S,
510
                                  const EffectiveContext &EC,
511
23.9k
                                  FunctionTemplateDecl *Friend) {
512
23.9k
  if (EC.Functions.empty()) 
return AR_inaccessible46
;
513
514
23.8k
  AccessResult OnFailure = AR_inaccessible;
515
516
23.8k
  for (SmallVectorImpl<FunctionDecl*>::const_iterator
517
45.4k
         I = EC.Functions.begin(), E = EC.Functions.end(); I != E; 
++I21.5k
) {
518
519
23.8k
    FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate();
520
23.8k
    if (!FTD)
521
12.3k
      FTD = (*I)->getDescribedFunctionTemplate();
522
23.8k
    if (!FTD)
523
10.0k
      continue;
524
525
13.8k
    FTD = FTD->getCanonicalDecl();
526
527
13.8k
    if (Friend == FTD)
528
2.27k
      return AR_accessible;
529
530
11.5k
    if (EC.isDependent() && 
MightInstantiateTo(S, FTD, Friend)1.62k
)
531
0
      OnFailure = AR_dependent;
532
11.5k
  }
533
534
21.5k
  return OnFailure;
535
23.8k
}
536
537
/// Determines whether the given friend declaration matches anything
538
/// in the effective context.
539
static AccessResult MatchesFriend(Sema &S,
540
                                  const EffectiveContext &EC,
541
45.4k
                                  FriendDecl *FriendD) {
542
  // Whitelist accesses if there's an invalid or unsupported friend
543
  // declaration.
544
45.4k
  if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend())
545
36
    return AR_accessible;
546
547
45.4k
  if (TypeSourceInfo *T = FriendD->getFriendType())
548
9.25k
    return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified());
549
550
36.1k
  NamedDecl *Friend
551
36.1k
    = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl());
552
553
  // FIXME: declarations with dependent or templated scope.
554
555
36.1k
  if (isa<ClassTemplateDecl>(Friend))
556
6.91k
    return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend));
557
558
29.2k
  if (isa<FunctionTemplateDecl>(Friend))
559
23.9k
    return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend));
560
561
5.36k
  if (isa<CXXRecordDecl>(Friend))
562
0
    return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend));
563
564
5.36k
  assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind");
565
5.36k
  return MatchesFriend(S, EC, cast<FunctionDecl>(Friend));
566
5.36k
}
567
568
static AccessResult GetFriendKind(Sema &S,
569
                                  const EffectiveContext &EC,
570
83.4k
                                  const CXXRecordDecl *Class) {
571
83.4k
  AccessResult OnFailure = AR_inaccessible;
572
573
  // Okay, check friends.
574
45.4k
  for (auto *Friend : Class->friends()) {
575
45.4k
    switch (MatchesFriend(S, EC, Friend)) {
576
8.47k
    case AR_accessible:
577
8.47k
      return AR_accessible;
578
579
36.9k
    case AR_inaccessible:
580
36.9k
      continue;
581
582
45
    case AR_dependent:
583
45
      OnFailure = AR_dependent;
584
45
      break;
585
45.4k
    }
586
45.4k
  }
587
588
  // That's it, give up.
589
74.9k
  return OnFailure;
590
83.4k
}
591
592
namespace {
593
594
/// A helper class for checking for a friend which will grant access
595
/// to a protected instance member.
596
struct ProtectedFriendContext {
597
  Sema &S;
598
  const EffectiveContext &EC;
599
  const CXXRecordDecl *NamingClass;
600
  bool CheckDependent;
601
  bool EverDependent;
602
603
  /// The path down to the current base class.
604
  SmallVector<const CXXRecordDecl*, 20> CurPath;
605
606
  ProtectedFriendContext(Sema &S, const EffectiveContext &EC,
607
                         const CXXRecordDecl *InstanceContext,
608
                         const CXXRecordDecl *NamingClass)
609
    : S(S), EC(EC), NamingClass(NamingClass),
610
      CheckDependent(InstanceContext->isDependentContext() ||
611
                     NamingClass->isDependentContext()),
612
672
      EverDependent(false) {}
613
614
  /// Check classes in the current path for friendship, starting at
615
  /// the given index.
616
654
  bool checkFriendshipAlongPath(unsigned I) {
617
654
    assert(I < CurPath.size());
618
1.49k
    for (unsigned E = CurPath.size(); I != E; 
++I843
) {
619
935
      switch (GetFriendKind(S, EC, CurPath[I])) {
620
92
      case AR_accessible:   return true;
621
843
      case AR_inaccessible: continue;
622
0
      case AR_dependent:    EverDependent = true; continue;
623
935
      }
624
935
    }
625
562
    return false;
626
654
  }
627
628
  /// Perform a search starting at the given class.
629
  ///
630
  /// PrivateDepth is the index of the last (least derived) class
631
  /// along the current path such that a notional public member of
632
  /// the final class in the path would have access in that class.
633
985
  bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) {
634
    // If we ever reach the naming class, check the current path for
635
    // friendship.  We can also stop recursing because we obviously
636
    // won't find the naming class there again.
637
985
    if (Cur == NamingClass)
638
654
      return checkFriendshipAlongPath(PrivateDepth);
639
640
331
    if (CheckDependent && 
MightInstantiateTo(Cur, NamingClass)0
)
641
0
      EverDependent = true;
642
643
    // Recurse into the base classes.
644
313
    for (const auto &I : Cur->bases()) {
645
      // If this is private inheritance, then a public member of the
646
      // base will not have any access in classes derived from Cur.
647
313
      unsigned BasePrivateDepth = PrivateDepth;
648
313
      if (I.getAccessSpecifier() == AS_private)
649
33
        BasePrivateDepth = CurPath.size() - 1;
650
651
313
      const CXXRecordDecl *RD;
652
653
313
      QualType T = I.getType();
654
313
      if (const RecordType *RT = T->getAs<RecordType>()) {
655
313
        RD = cast<CXXRecordDecl>(RT->getDecl());
656
0
      } else if (const InjectedClassNameType *IT
657
0
                   = T->getAs<InjectedClassNameType>()) {
658
0
        RD = IT->getDecl();
659
0
      } else {
660
0
        assert(T->isDependentType() && "non-dependent base wasn't a record?");
661
0
        EverDependent = true;
662
0
        continue;
663
0
      }
664
665
      // Recurse.  We don't need to clean up if this returns true.
666
313
      CurPath.push_back(RD);
667
313
      if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth))
668
209
        return true;
669
104
      CurPath.pop_back();
670
104
    }
671
672
122
    return false;
673
331
  }
674
675
672
  bool findFriendship(const CXXRecordDecl *Cur) {
676
672
    assert(CurPath.empty());
677
672
    CurPath.push_back(Cur);
678
672
    return findFriendship(Cur, 0);
679
672
  }
680
};
681
}
682
683
/// Search for a class P that EC is a friend of, under the constraint
684
///   InstanceContext <= P
685
/// if InstanceContext exists, or else
686
///   NamingClass <= P
687
/// and with the additional restriction that a protected member of
688
/// NamingClass would have some natural access in P, which implicitly
689
/// imposes the constraint that P <= NamingClass.
690
///
691
/// This isn't quite the condition laid out in the standard.
692
/// Instead of saying that a notional protected member of NamingClass
693
/// would have to have some natural access in P, it says the actual
694
/// target has to have some natural access in P, which opens up the
695
/// possibility that the target (which is not necessarily a member
696
/// of NamingClass) might be more accessible along some path not
697
/// passing through it.  That's really a bad idea, though, because it
698
/// introduces two problems:
699
///   - Most importantly, it breaks encapsulation because you can
700
///     access a forbidden base class's members by directly subclassing
701
///     it elsewhere.
702
///   - It also makes access substantially harder to compute because it
703
///     breaks the hill-climbing algorithm: knowing that the target is
704
///     accessible in some base class would no longer let you change
705
///     the question solely to whether the base class is accessible,
706
///     because the original target might have been more accessible
707
///     because of crazy subclassing.
708
/// So we don't implement that.
709
static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC,
710
                                           const CXXRecordDecl *InstanceContext,
711
872
                                           const CXXRecordDecl *NamingClass) {
712
872
  assert(InstanceContext == nullptr ||
713
872
         InstanceContext->getCanonicalDecl() == InstanceContext);
714
872
  assert(NamingClass->getCanonicalDecl() == NamingClass);
715
716
  // If we don't have an instance context, our constraints give us
717
  // that NamingClass <= P <= NamingClass, i.e. P == NamingClass.
718
  // This is just the usual friendship check.
719
872
  if (!InstanceContext) 
return GetFriendKind(S, EC, NamingClass)200
;
720
721
672
  ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass);
722
672
  if (PRC.findFriendship(InstanceContext)) 
return AR_accessible92
;
723
580
  if (PRC.EverDependent) 
return AR_dependent0
;
724
580
  return AR_inaccessible;
725
580
}
726
727
static AccessResult HasAccess(Sema &S,
728
                              const EffectiveContext &EC,
729
                              const CXXRecordDecl *NamingClass,
730
                              AccessSpecifier Access,
731
970k
                              const AccessTarget &Target) {
732
970k
  assert(NamingClass->getCanonicalDecl() == NamingClass &&
733
970k
         "declaration should be canonicalized before being passed here");
734
735
970k
  if (Access == AS_public) 
return AR_accessible58.1k
;
736
911k
  assert(Access == AS_private || Access == AS_protected);
737
738
911k
  AccessResult OnFailure = AR_inaccessible;
739
740
911k
  for (EffectiveContext::record_iterator
741
983k
         I = EC.Records.begin(), E = EC.Records.end(); I != E; 
++I71.6k
) {
742
    // All the declarations in EC have been canonicalized, so pointer
743
    // equality from this point on will work fine.
744
900k
    const CXXRecordDecl *ECRecord = *I;
745
746
    // [B2] and [M2]
747
900k
    if (Access == AS_private) {
748
733k
      if (ECRecord == NamingClass)
749
663k
        return AR_accessible;
750
751
69.6k
      if (EC.isDependent() && 
MightInstantiateTo(ECRecord, NamingClass)4.00k
)
752
60
        OnFailure = AR_dependent;
753
754
    // [B3] and [M3]
755
166k
    } else {
756
166k
      assert(Access == AS_protected);
757
166k
      switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
758
165k
      case AR_accessible: break;
759
1.76k
      case AR_inaccessible: continue;
760
37
      case AR_dependent: OnFailure = AR_dependent; continue;
761
165k
      }
762
763
      // C++ [class.protected]p1:
764
      //   An additional access check beyond those described earlier in
765
      //   [class.access] is applied when a non-static data member or
766
      //   non-static member function is a protected member of its naming
767
      //   class.  As described earlier, access to a protected member is
768
      //   granted because the reference occurs in a friend or member of
769
      //   some class C.  If the access is to form a pointer to member,
770
      //   the nested-name-specifier shall name C or a class derived from
771
      //   C. All other accesses involve a (possibly implicit) object
772
      //   expression. In this case, the class of the object expression
773
      //   shall be C or a class derived from C.
774
      //
775
      // We interpret this as a restriction on [M3].
776
777
      // In this part of the code, 'C' is just our context class ECRecord.
778
779
      // These rules are different if we don't have an instance context.
780
165k
      if (!Target.hasInstanceContext()) {
781
        // If it's not an instance member, these restrictions don't apply.
782
112k
        if (!Target.isInstanceMember()) 
return AR_accessible112k
;
783
784
        // If it's an instance member, use the pointer-to-member rule
785
        // that the naming class has to be derived from the effective
786
        // context.
787
788
        // Emulate a MSVC bug where the creation of pointer-to-member
789
        // to protected member of base class is allowed but only from
790
        // static member functions.
791
82
        if (S.getLangOpts().MSVCCompat && 
!EC.Functions.empty()4
)
792
4
          if (CXXMethodDecl* MD = dyn_cast<CXXMethodDecl>(EC.Functions.front()))
793
4
            if (MD->isStatic()) 
return AR_accessible1
;
794
795
        // Despite the standard's confident wording, there is a case
796
        // where you can have an instance member that's neither in a
797
        // pointer-to-member expression nor in a member access:  when
798
        // it names a field in an unevaluated context that can't be an
799
        // implicit member.  Pending clarification, we just apply the
800
        // same naming-class restriction here.
801
        //   FIXME: we're probably not correctly adding the
802
        //   protected-member restriction when we retroactively convert
803
        //   an expression to being evaluated.
804
805
        // We know that ECRecord derives from NamingClass.  The
806
        // restriction says to check whether NamingClass derives from
807
        // ECRecord, but that's not really necessary: two distinct
808
        // classes can't be recursively derived from each other.  So
809
        // along this path, we just need to check whether the classes
810
        // are equal.
811
81
        if (NamingClass == ECRecord) 
return AR_accessible25
;
812
813
        // Otherwise, this context class tells us nothing;  on to the next.
814
56
        continue;
815
56
      }
816
817
52.5k
      assert(Target.isInstanceMember());
818
819
52.5k
      const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
820
52.5k
      if (!InstanceContext) {
821
0
        OnFailure = AR_dependent;
822
0
        continue;
823
0
      }
824
825
52.5k
      switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
826
52.4k
      case AR_accessible: return AR_accessible;
827
113
      case AR_inaccessible: continue;
828
0
      case AR_dependent: OnFailure = AR_dependent; continue;
829
52.5k
      }
830
52.5k
    }
831
900k
  }
832
833
  // [M3] and [B3] say that, if the target is protected in N, we grant
834
  // access if the access occurs in a friend or member of some class P
835
  // that's a subclass of N and where the target has some natural
836
  // access in P.  The 'member' aspect is easy to handle because P
837
  // would necessarily be one of the effective-context records, and we
838
  // address that above.  The 'friend' aspect is completely ridiculous
839
  // to implement because there are no restrictions at all on P
840
  // *unless* the [class.protected] restriction applies.  If it does,
841
  // however, we should ignore whether the naming class is a friend,
842
  // and instead rely on whether any potential P is a friend.
843
83.1k
  if (Access == AS_protected && 
Target.isInstanceMember()2.55k
) {
844
    // Compute the instance context if possible.
845
872
    const CXXRecordDecl *InstanceContext = nullptr;
846
872
    if (Target.hasInstanceContext()) {
847
672
      InstanceContext = Target.resolveInstanceContext(S);
848
672
      if (!InstanceContext) 
return AR_dependent0
;
849
872
    }
850
851
872
    switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) {
852
95
    case AR_accessible: return AR_accessible;
853
777
    case AR_inaccessible: return OnFailure;
854
0
    case AR_dependent: return AR_dependent;
855
0
    }
856
0
    llvm_unreachable("impossible friendship kind");
857
0
  }
858
859
82.2k
  switch (GetFriendKind(S, EC, NamingClass)) {
860
8.38k
  case AR_accessible: return AR_accessible;
861
73.8k
  case AR_inaccessible: return OnFailure;
862
45
  case AR_dependent: return AR_dependent;
863
0
  }
864
865
  // Silence bogus warnings
866
0
  llvm_unreachable("impossible friendship kind");
867
0
}
868
869
/// Finds the best path from the naming class to the declaring class,
870
/// taking friend declarations into account.
871
///
872
/// C++0x [class.access.base]p5:
873
///   A member m is accessible at the point R when named in class N if
874
///   [M1] m as a member of N is public, or
875
///   [M2] m as a member of N is private, and R occurs in a member or
876
///        friend of class N, or
877
///   [M3] m as a member of N is protected, and R occurs in a member or
878
///        friend of class N, or in a member or friend of a class P
879
///        derived from N, where m as a member of P is public, private,
880
///        or protected, or
881
///   [M4] there exists a base class B of N that is accessible at R, and
882
///        m is accessible at R when named in class B.
883
///
884
/// C++0x [class.access.base]p4:
885
///   A base class B of N is accessible at R, if
886
///   [B1] an invented public member of B would be a public member of N, or
887
///   [B2] R occurs in a member or friend of class N, and an invented public
888
///        member of B would be a private or protected member of N, or
889
///   [B3] R occurs in a member or friend of a class P derived from N, and an
890
///        invented public member of B would be a private or protected member
891
///        of P, or
892
///   [B4] there exists a class S such that B is a base class of S accessible
893
///        at R and S is a base class of N accessible at R.
894
///
895
/// Along a single inheritance path we can restate both of these
896
/// iteratively:
897
///
898
/// First, we note that M1-4 are equivalent to B1-4 if the member is
899
/// treated as a notional base of its declaring class with inheritance
900
/// access equivalent to the member's access.  Therefore we need only
901
/// ask whether a class B is accessible from a class N in context R.
902
///
903
/// Let B_1 .. B_n be the inheritance path in question (i.e. where
904
/// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of
905
/// B_i).  For i in 1..n, we will calculate ACAB(i), the access to the
906
/// closest accessible base in the path:
907
///   Access(a, b) = (* access on the base specifier from a to b *)
908
///   Merge(a, forbidden) = forbidden
909
///   Merge(a, private) = forbidden
910
///   Merge(a, b) = min(a,b)
911
///   Accessible(c, forbidden) = false
912
///   Accessible(c, private) = (R is c) || IsFriend(c, R)
913
///   Accessible(c, protected) = (R derived from c) || IsFriend(c, R)
914
///   Accessible(c, public) = true
915
///   ACAB(n) = public
916
///   ACAB(i) =
917
///     let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in
918
///     if Accessible(B_i, AccessToBase) then public else AccessToBase
919
///
920
/// B is an accessible base of N at R iff ACAB(1) = public.
921
///
922
/// \param FinalAccess the access of the "final step", or AS_public if
923
///   there is no final step.
924
/// \return null if friendship is dependent
925
static CXXBasePath *FindBestPath(Sema &S,
926
                                 const EffectiveContext &EC,
927
                                 AccessTarget &Target,
928
                                 AccessSpecifier FinalAccess,
929
1.28k
                                 CXXBasePaths &Paths) {
930
  // Derive the paths to the desired base.
931
1.28k
  const CXXRecordDecl *Derived = Target.getNamingClass();
932
1.28k
  const CXXRecordDecl *Base = Target.getDeclaringClass();
933
934
  // FIXME: fail correctly when there are dependent paths.
935
1.28k
  bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base),
936
1.28k
                                          Paths);
937
1.28k
  assert(isDerived && "derived class not actually derived from base");
938
1.28k
  (void) isDerived;
939
940
1.28k
  CXXBasePath *BestPath = nullptr;
941
942
1.28k
  assert(FinalAccess != AS_none && "forbidden access after declaring class");
943
944
1.28k
  bool AnyDependent = false;
945
946
  // Derive the friend-modified access along each path.
947
1.28k
  for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end();
948
2.15k
         PI != PE; 
++PI866
) {
949
1.29k
    AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext();
950
951
    // Walk through the path backwards.
952
1.29k
    AccessSpecifier PathAccess = FinalAccess;
953
1.29k
    CXXBasePath::iterator I = PI->end(), E = PI->begin();
954
2.78k
    while (I != E) {
955
1.79k
      --I;
956
957
1.79k
      assert(PathAccess != AS_none);
958
959
      // If the declaration is a private member of a base class, there
960
      // is no level of friendship in derived classes that can make it
961
      // accessible.
962
1.79k
      if (PathAccess == AS_private) {
963
297
        PathAccess = AS_none;
964
297
        break;
965
297
      }
966
967
1.49k
      const CXXRecordDecl *NC = I->Class->getCanonicalDecl();
968
969
1.49k
      AccessSpecifier BaseAccess = I->Base->getAccessSpecifier();
970
1.49k
      PathAccess = std::max(PathAccess, BaseAccess);
971
972
1.49k
      switch (HasAccess(S, EC, NC, PathAccess, Target)) {
973
804
      case AR_inaccessible: break;
974
691
      case AR_accessible:
975
691
        PathAccess = AS_public;
976
977
        // Future tests are not against members and so do not have
978
        // instance context.
979
691
        Target.suppressInstanceContext();
980
691
        break;
981
0
      case AR_dependent:
982
0
        AnyDependent = true;
983
0
        goto Next;
984
1.49k
      }
985
1.49k
    }
986
987
    // Note that we modify the path's Access field to the
988
    // friend-modified access.
989
1.29k
    if (BestPath == nullptr || 
PathAccess < BestPath->Access6
) {
990
1.29k
      BestPath = &*PI;
991
1.29k
      BestPath->Access = PathAccess;
992
993
      // Short-circuit if we found a public path.
994
1.29k
      if (BestPath->Access == AS_public)
995
424
        return BestPath;
996
866
    }
997
998
866
  Next: ;
999
866
  }
1000
1001
860
  assert((!BestPath || BestPath->Access != AS_public) &&
1002
860
         "fell out of loop with public path");
1003
1004
  // We didn't find a public path, but at least one path was subject
1005
  // to dependent friendship, so delay the check.
1006
860
  if (AnyDependent)
1007
0
    return nullptr;
1008
1009
860
  return BestPath;
1010
860
}
1011
1012
/// Given that an entity has protected natural access, check whether
1013
/// access might be denied because of the protected member access
1014
/// restriction.
1015
///
1016
/// \return true if a note was emitted
1017
static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC,
1018
208
                                       AccessTarget &Target) {
1019
  // Only applies to instance accesses.
1020
208
  if (!Target.isInstanceMember())
1021
59
    return false;
1022
1023
149
  assert(Target.isMemberAccess());
1024
1025
149
  const CXXRecordDecl *NamingClass = Target.getEffectiveNamingClass();
1026
1027
149
  for (EffectiveContext::record_iterator
1028
187
         I = EC.Records.begin(), E = EC.Records.end(); I != E; 
++I38
) {
1029
73
    const CXXRecordDecl *ECRecord = *I;
1030
73
    switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
1031
35
    case AR_accessible: break;
1032
38
    case AR_inaccessible: continue;
1033
0
    case AR_dependent: continue;
1034
35
    }
1035
1036
    // The effective context is a subclass of the declaring class.
1037
    // Check whether the [class.protected] restriction is limiting
1038
    // access.
1039
1040
    // To get this exactly right, this might need to be checked more
1041
    // holistically;  it's not necessarily the case that gaining
1042
    // access here would grant us access overall.
1043
1044
35
    NamedDecl *D = Target.getTargetDecl();
1045
1046
    // If we don't have an instance context, [class.protected] says the
1047
    // naming class has to equal the context class.
1048
35
    if (!Target.hasInstanceContext()) {
1049
      // If it does, the restriction doesn't apply.
1050
12
      if (NamingClass == ECRecord) 
continue0
;
1051
1052
      // TODO: it would be great to have a fixit here, since this is
1053
      // such an obvious error.
1054
12
      S.Diag(D->getLocation(), diag::note_access_protected_restricted_noobject)
1055
12
        << S.Context.getTypeDeclType(ECRecord);
1056
12
      return true;
1057
12
    }
1058
1059
23
    const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
1060
23
    assert(InstanceContext && "diagnosing dependent access");
1061
1062
23
    switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
1063
0
    case AR_accessible: continue;
1064
0
    case AR_dependent: continue;
1065
23
    case AR_inaccessible:
1066
23
      break;
1067
23
    }
1068
1069
    // Okay, the restriction seems to be what's limiting us.
1070
1071
    // Use a special diagnostic for constructors and destructors.
1072
23
    if (isa<CXXConstructorDecl>(D) || 
isa<CXXDestructorDecl>(D)20
||
1073
17
        (isa<FunctionTemplateDecl>(D) &&
1074
0
         isa<CXXConstructorDecl>(
1075
6
                cast<FunctionTemplateDecl>(D)->getTemplatedDecl()))) {
1076
6
      return S.Diag(D->getLocation(),
1077
6
                    diag::note_access_protected_restricted_ctordtor)
1078
6
             << isa<CXXDestructorDecl>(D->getAsFunction());
1079
6
    }
1080
1081
    // Otherwise, use the generic diagnostic.
1082
17
    return S.Diag(D->getLocation(),
1083
17
                  diag::note_access_protected_restricted_object)
1084
17
           << S.Context.getTypeDeclType(ECRecord);
1085
17
  }
1086
1087
114
  return false;
1088
149
}
1089
1090
/// We are unable to access a given declaration due to its direct
1091
/// access control;  diagnose that.
1092
static void diagnoseBadDirectAccess(Sema &S,
1093
                                    const EffectiveContext &EC,
1094
4.48k
                                    AccessTarget &entity) {
1095
4.48k
  assert(entity.isMemberAccess());
1096
4.48k
  NamedDecl *D = entity.getTargetDecl();
1097
1098
4.48k
  if (D->getAccess() == AS_protected &&
1099
208
      TryDiagnoseProtectedAccess(S, EC, entity))
1100
35
    return;
1101
1102
  // Find an original declaration.
1103
4.47k
  
while (4.44k
D->isOutOfLine()) {
1104
28
    NamedDecl *PrevDecl = nullptr;
1105
28
    if (VarDecl *VD = dyn_cast<VarDecl>(D))
1106
4
      PrevDecl = VD->getPreviousDecl();
1107
24
    else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
1108
20
      PrevDecl = FD->getPreviousDecl();
1109
4
    else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D))
1110
0
      PrevDecl = TND->getPreviousDecl();
1111
4
    else if (TagDecl *TD = dyn_cast<TagDecl>(D)) {
1112
4
      if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName())
1113
0
        break;
1114
4
      PrevDecl = TD->getPreviousDecl();
1115
4
    }
1116
28
    if (!PrevDecl) 
break0
;
1117
28
    D = PrevDecl;
1118
28
  }
1119
1120
4.44k
  CXXRecordDecl *DeclaringClass = FindDeclaringClass(D);
1121
4.44k
  Decl *ImmediateChild;
1122
4.44k
  if (D->getDeclContext() == DeclaringClass)
1123
4.44k
    ImmediateChild = D;
1124
6
  else {
1125
6
    DeclContext *DC = D->getDeclContext();
1126
6
    while (DC->getParent() != DeclaringClass)
1127
0
      DC = DC->getParent();
1128
6
    ImmediateChild = cast<Decl>(DC);
1129
6
  }
1130
1131
  // Check whether there's an AccessSpecDecl preceding this in the
1132
  // chain of the DeclContext.
1133
4.44k
  bool isImplicit = true;
1134
13.0k
  for (const auto *I : DeclaringClass->decls()) {
1135
13.0k
    if (I == ImmediateChild) 
break3.95k
;
1136
9.05k
    if (isa<AccessSpecDecl>(I)) {
1137
496
      isImplicit = false;
1138
496
      break;
1139
496
    }
1140
9.05k
  }
1141
1142
4.44k
  S.Diag(D->getLocation(), diag::note_access_natural)
1143
4.44k
    << (unsigned) (D->getAccess() == AS_protected)
1144
4.44k
    << isImplicit;
1145
4.44k
}
1146
1147
/// Diagnose the path which caused the given declaration or base class
1148
/// to become inaccessible.
1149
static void DiagnoseAccessPath(Sema &S,
1150
                               const EffectiveContext &EC,
1151
4.78k
                               AccessTarget &entity) {
1152
  // Save the instance context to preserve invariants.
1153
4.78k
  AccessTarget::SavedInstanceContext _ = entity.saveInstanceContext();
1154
1155
  // This basically repeats the main algorithm but keeps some more
1156
  // information.
1157
1158
  // The natural access so far.
1159
4.78k
  AccessSpecifier accessSoFar = AS_public;
1160
1161
  // Check whether we have special rights to the declaring class.
1162
4.78k
  if (entity.isMemberAccess()) {
1163
4.61k
    NamedDecl *D = entity.getTargetDecl();
1164
4.61k
    accessSoFar = D->getAccess();
1165
4.61k
    const CXXRecordDecl *declaringClass = entity.getDeclaringClass();
1166
1167
4.61k
    switch (HasAccess(S, EC, declaringClass, accessSoFar, entity)) {
1168
    // If the declaration is accessible when named in its declaring
1169
    // class, then we must be constrained by the path.
1170
128
    case AR_accessible:
1171
128
      accessSoFar = AS_public;
1172
128
      entity.suppressInstanceContext();
1173
128
      break;
1174
1175
4.48k
    case AR_inaccessible:
1176
4.48k
      if (accessSoFar == AS_private ||
1177
213
          declaringClass == entity.getEffectiveNamingClass())
1178
4.43k
        return diagnoseBadDirectAccess(S, EC, entity);
1179
53
      break;
1180
1181
0
    case AR_dependent:
1182
0
      llvm_unreachable("cannot diagnose dependent access");
1183
352
    }
1184
352
  }
1185
1186
352
  CXXBasePaths paths;
1187
352
  CXXBasePath &path = *FindBestPath(S, EC, entity, accessSoFar, paths);
1188
352
  assert(path.Access != AS_public);
1189
1190
352
  CXXBasePath::iterator i = path.end(), e = path.begin();
1191
352
  CXXBasePath::iterator constrainingBase = i;
1192
481
  while (i != e) {
1193
379
    --i;
1194
1195
379
    assert(accessSoFar != AS_none && accessSoFar != AS_private);
1196
1197
    // Is the entity accessible when named in the deriving class, as
1198
    // modified by the base specifier?
1199
379
    const CXXRecordDecl *derivingClass = i->Class->getCanonicalDecl();
1200
379
    const CXXBaseSpecifier *base = i->Base;
1201
1202
    // If the access to this base is worse than the access we have to
1203
    // the declaration, remember it.
1204
379
    AccessSpecifier baseAccess = base->getAccessSpecifier();
1205
379
    if (baseAccess > accessSoFar) {
1206
304
      constrainingBase = i;
1207
304
      accessSoFar = baseAccess;
1208
304
    }
1209
1210
379
    switch (HasAccess(S, EC, derivingClass, accessSoFar, entity)) {
1211
360
    case AR_inaccessible: break;
1212
19
    case AR_accessible:
1213
19
      accessSoFar = AS_public;
1214
19
      entity.suppressInstanceContext();
1215
19
      constrainingBase = nullptr;
1216
19
      break;
1217
0
    case AR_dependent:
1218
0
      llvm_unreachable("cannot diagnose dependent access");
1219
379
    }
1220
1221
    // If this was private inheritance, but we don't have access to
1222
    // the deriving class, we're done.
1223
379
    if (accessSoFar == AS_private) {
1224
250
      assert(baseAccess == AS_private);
1225
250
      assert(constrainingBase == i);
1226
250
      break;
1227
250
    }
1228
379
  }
1229
1230
  // If we don't have a constraining base, the access failure must be
1231
  // due to the original declaration.
1232
352
  if (constrainingBase == path.end())
1233
48
    return diagnoseBadDirectAccess(S, EC, entity);
1234
1235
  // We're constrained by inheritance, but we want to say
1236
  // "declared private here" if we're diagnosing a hierarchy
1237
  // conversion and this is the final step.
1238
304
  unsigned diagnostic;
1239
304
  if (entity.isMemberAccess() ||
1240
171
      constrainingBase + 1 != path.end()) {
1241
141
    diagnostic = diag::note_access_constrained_by_path;
1242
163
  } else {
1243
163
    diagnostic = diag::note_access_natural;
1244
163
  }
1245
1246
304
  const CXXBaseSpecifier *base = constrainingBase->Base;
1247
1248
304
  S.Diag(base->getSourceRange().getBegin(), diagnostic)
1249
304
    << base->getSourceRange()
1250
304
    << (base->getAccessSpecifier() == AS_protected)
1251
304
    << (base->getAccessSpecifierAsWritten() == AS_none);
1252
1253
304
  if (entity.isMemberAccess())
1254
133
    S.Diag(entity.getTargetDecl()->getLocation(),
1255
133
           diag::note_member_declared_at);
1256
304
}
1257
1258
static void DiagnoseBadAccess(Sema &S, SourceLocation Loc,
1259
                              const EffectiveContext &EC,
1260
4.78k
                              AccessTarget &Entity) {
1261
4.78k
  const CXXRecordDecl *NamingClass = Entity.getNamingClass();
1262
4.78k
  const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1263
4.61k
  NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 
nullptr171
);
1264
1265
4.78k
  S.Diag(Loc, Entity.getDiag())
1266
4.78k
    << (Entity.getAccess() == AS_protected)
1267
4.61k
    << (D ? D->getDeclName() : 
DeclarationName()171
)
1268
4.78k
    << S.Context.getTypeDeclType(NamingClass)
1269
4.78k
    << S.Context.getTypeDeclType(DeclaringClass);
1270
4.78k
  DiagnoseAccessPath(S, EC, Entity);
1271
4.78k
}
1272
1273
/// MSVC has a bug where if during an using declaration name lookup,
1274
/// the declaration found is unaccessible (private) and that declaration
1275
/// was bring into scope via another using declaration whose target
1276
/// declaration is accessible (public) then no error is generated.
1277
/// Example:
1278
///   class A {
1279
///   public:
1280
///     int f();
1281
///   };
1282
///   class B : public A {
1283
///   private:
1284
///     using A::f;
1285
///   };
1286
///   class C : public B {
1287
///   private:
1288
///     using B::f;
1289
///   };
1290
///
1291
/// Here, B::f is private so this should fail in Standard C++, but
1292
/// because B::f refers to A::f which is public MSVC accepts it.
1293
static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S,
1294
                                                 SourceLocation AccessLoc,
1295
15
                                                 AccessTarget &Entity) {
1296
15
  if (UsingShadowDecl *Shadow =
1297
2
                         dyn_cast<UsingShadowDecl>(Entity.getTargetDecl())) {
1298
2
    const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl();
1299
2
    if (Entity.getTargetDecl()->getAccess() == AS_private &&
1300
2
        (OrigDecl->getAccess() == AS_public ||
1301
2
         
OrigDecl->getAccess() == AS_protected0
)) {
1302
2
      S.Diag(AccessLoc, diag::ext_ms_using_declaration_inaccessible)
1303
2
        << Shadow->getUsingDecl()->getQualifiedNameAsString()
1304
2
        << OrigDecl->getQualifiedNameAsString();
1305
2
      return true;
1306
2
    }
1307
13
  }
1308
13
  return false;
1309
13
}
1310
1311
/// Determines whether the accessed entity is accessible.  Public members
1312
/// have been weeded out by this point.
1313
static AccessResult IsAccessible(Sema &S,
1314
                                 const EffectiveContext &EC,
1315
903k
                                 AccessTarget &Entity) {
1316
  // Determine the actual naming class.
1317
903k
  const CXXRecordDecl *NamingClass = Entity.getEffectiveNamingClass();
1318
1319
903k
  AccessSpecifier UnprivilegedAccess = Entity.getAccess();
1320
903k
  assert(UnprivilegedAccess != AS_public && "public access not weeded out");
1321
1322
  // Before we try to recalculate access paths, try to white-list
1323
  // accesses which just trade in on the final step, i.e. accesses
1324
  // which don't require [M4] or [B4]. These are by far the most
1325
  // common forms of privileged access.
1326
903k
  if (UnprivilegedAccess != AS_none) {
1327
896k
    switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) {
1328
97
    case AR_dependent:
1329
      // This is actually an interesting policy decision.  We don't
1330
      // *have* to delay immediately here: we can do the full access
1331
      // calculation in the hope that friendship on some intermediate
1332
      // class will make the declaration accessible non-dependently.
1333
      // But that's not cheap, and odds are very good (note: assertion
1334
      // made without data) that the friend declaration will determine
1335
      // access.
1336
97
      return AR_dependent;
1337
1338
836k
    case AR_accessible: return AR_accessible;
1339
60.2k
    case AR_inaccessible: break;
1340
67.2k
    }
1341
67.2k
  }
1342
1343
67.2k
  AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext();
1344
1345
  // We lower member accesses to base accesses by pretending that the
1346
  // member is a base class of its declaring class.
1347
67.2k
  AccessSpecifier FinalAccess;
1348
1349
67.2k
  if (Entity.isMemberAccess()) {
1350
    // Determine if the declaration is accessible from EC when named
1351
    // in its declaring class.
1352
67.0k
    NamedDecl *Target = Entity.getTargetDecl();
1353
67.0k
    const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1354
1355
67.0k
    FinalAccess = Target->getAccess();
1356
67.0k
    switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) {
1357
58.4k
    case AR_accessible:
1358
      // Target is accessible at EC when named in its declaring class.
1359
      // We can now hill-climb and simply check whether the declaring
1360
      // class is accessible as a base of the naming class.  This is
1361
      // equivalent to checking the access of a notional public
1362
      // member with no instance context.
1363
58.4k
      FinalAccess = AS_public;
1364
58.4k
      Entity.suppressInstanceContext();
1365
58.4k
      break;
1366
8.65k
    case AR_inaccessible: break;
1367
0
    case AR_dependent: return AR_dependent; // see above
1368
67.0k
    }
1369
1370
67.0k
    if (DeclaringClass == NamingClass)
1371
66.3k
      return (FinalAccess == AS_public ? 
AR_accessible57.8k
:
AR_inaccessible8.51k
);
1372
201
  } else {
1373
201
    FinalAccess = AS_public;
1374
201
  }
1375
1376
932
  assert(Entity.getDeclaringClass() != NamingClass);
1377
1378
  // Append the declaration's access if applicable.
1379
932
  CXXBasePaths Paths;
1380
932
  CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths);
1381
932
  if (!Path)
1382
0
    return AR_dependent;
1383
1384
932
  assert(Path->Access <= UnprivilegedAccess &&
1385
932
         "access along best path worse than direct?");
1386
932
  if (Path->Access == AS_public)
1387
424
    return AR_accessible;
1388
508
  return AR_inaccessible;
1389
508
}
1390
1391
static void DelayDependentAccess(Sema &S,
1392
                                 const EffectiveContext &EC,
1393
                                 SourceLocation Loc,
1394
97
                                 const AccessTarget &Entity) {
1395
97
  assert(EC.isDependent() && "delaying non-dependent access");
1396
97
  DeclContext *DC = EC.getInnerContext();
1397
97
  assert(DC->isDependentContext() && "delaying non-dependent access");
1398
97
  DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access,
1399
97
                              Loc,
1400
97
                              Entity.isMemberAccess(),
1401
97
                              Entity.getAccess(),
1402
97
                              Entity.getTargetDecl(),
1403
97
                              Entity.getNamingClass(),
1404
97
                              Entity.getBaseObjectType(),
1405
97
                              Entity.getDiag());
1406
97
}
1407
1408
/// Checks access to an entity from the given effective context.
1409
static AccessResult CheckEffectiveAccess(Sema &S,
1410
                                         const EffectiveContext &EC,
1411
                                         SourceLocation Loc,
1412
901k
                                         AccessTarget &Entity) {
1413
901k
  assert(Entity.getAccess() != AS_public && "called for public access!");
1414
1415
901k
  switch (IsAccessible(S, EC, Entity)) {
1416
97
  case AR_dependent:
1417
97
    DelayDependentAccess(S, EC, Loc, Entity);
1418
97
    return AR_dependent;
1419
1420
8.95k
  case AR_inaccessible:
1421
8.95k
    if (S.getLangOpts().MSVCCompat &&
1422
15
        IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity))
1423
2
      return AR_accessible;
1424
8.94k
    if (!Entity.isQuiet())
1425
4.78k
      DiagnoseBadAccess(S, Loc, EC, Entity);
1426
8.94k
    return AR_inaccessible;
1427
1428
892k
  case AR_accessible:
1429
892k
    return AR_accessible;
1430
0
  }
1431
1432
  // silence unnecessary warning
1433
0
  llvm_unreachable("invalid access result");
1434
0
}
1435
1436
static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc,
1437
916k
                                      AccessTarget &Entity) {
1438
  // If the access path is public, it's accessible everywhere.
1439
916k
  if (Entity.getAccess() == AS_public)
1440
0
    return Sema::AR_accessible;
1441
1442
  // If we're currently parsing a declaration, we may need to delay
1443
  // access control checking, because our effective context might be
1444
  // different based on what the declaration comes out as.
1445
  //
1446
  // For example, we might be parsing a declaration with a scope
1447
  // specifier, like this:
1448
  //   A::private_type A::foo() { ... }
1449
  //
1450
  // Or we might be parsing something that will turn out to be a friend:
1451
  //   void foo(A::private_type);
1452
  //   void B::foo(A::private_type);
1453
916k
  if (S.DelayedDiagnostics.shouldDelayDiagnostics()) {
1454
250k
    S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity));
1455
250k
    return Sema::AR_delayed;
1456
250k
  }
1457
1458
666k
  EffectiveContext EC(S.CurContext);
1459
666k
  switch (CheckEffectiveAccess(S, EC, Loc, Entity)) {
1460
657k
  case AR_accessible: return Sema::AR_accessible;
1461
8.51k
  case AR_inaccessible: return Sema::AR_inaccessible;
1462
86
  case AR_dependent: return Sema::AR_dependent;
1463
0
  }
1464
0
  llvm_unreachable("invalid access result");
1465
0
}
1466
1467
234k
void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *D) {
1468
  // Access control for names used in the declarations of functions
1469
  // and function templates should normally be evaluated in the context
1470
  // of the declaration, just in case it's a friend of something.
1471
  // However, this does not apply to local extern declarations.
1472
1473
234k
  DeclContext *DC = D->getDeclContext();
1474
234k
  if (D->isLocalExternDecl()) {
1475
10
    DC = D->getLexicalDeclContext();
1476
234k
  } else if (FunctionDecl *FN = dyn_cast<FunctionDecl>(D)) {
1477
53.0k
    DC = FN;
1478
181k
  } else if (TemplateDecl *TD = dyn_cast<TemplateDecl>(D)) {
1479
43.7k
    DC = cast<DeclContext>(TD->getTemplatedDecl());
1480
43.7k
  }
1481
1482
234k
  EffectiveContext EC(DC);
1483
1484
234k
  AccessTarget Target(DD.getAccessData());
1485
1486
234k
  if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible)
1487
404
    DD.Triggered = true;
1488
234k
}
1489
1490
void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD,
1491
140
                        const MultiLevelTemplateArgumentList &TemplateArgs) {
1492
140
  SourceLocation Loc = DD.getAccessLoc();
1493
140
  AccessSpecifier Access = DD.getAccess();
1494
1495
140
  Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(),
1496
140
                                       TemplateArgs);
1497
140
  if (!NamingD) 
return0
;
1498
140
  Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(),
1499
140
                                       TemplateArgs);
1500
140
  if (!TargetD) 
return0
;
1501
1502
140
  if (DD.isAccessToMember()) {
1503
140
    CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD);
1504
140
    NamedDecl *TargetDecl = cast<NamedDecl>(TargetD);
1505
140
    QualType BaseObjectType = DD.getAccessBaseObjectType();
1506
140
    if (!BaseObjectType.isNull()) {
1507
131
      BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc,
1508
131
                                 DeclarationName());
1509
131
      if (BaseObjectType.isNull()) 
return0
;
1510
140
    }
1511
1512
140
    AccessTarget Entity(Context,
1513
140
                        AccessTarget::Member,
1514
140
                        NamingClass,
1515
140
                        DeclAccessPair::make(TargetDecl, Access),
1516
140
                        BaseObjectType);
1517
140
    Entity.setDiag(DD.getDiagnostic());
1518
140
    CheckAccess(*this, Loc, Entity);
1519
0
  } else {
1520
0
    AccessTarget Entity(Context,
1521
0
                        AccessTarget::Base,
1522
0
                        cast<CXXRecordDecl>(TargetD),
1523
0
                        cast<CXXRecordDecl>(NamingD),
1524
0
                        Access);
1525
0
    Entity.setDiag(DD.getDiagnostic());
1526
0
    CheckAccess(*this, Loc, Entity);
1527
0
  }
1528
140
}
1529
1530
Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
1531
601k
                                                     DeclAccessPair Found) {
1532
601k
  if (!getLangOpts().AccessControl ||
1533
565k
      !E->getNamingClass() ||
1534
58.4k
      Found.getAccess() == AS_public)
1535
593k
    return AR_accessible;
1536
1537
7.98k
  AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1538
7.98k
                      Found, QualType());
1539
7.98k
  Entity.setDiag(diag::err_access) << E->getSourceRange();
1540
1541
7.98k
  return CheckAccess(*this, E->getNameLoc(), Entity);
1542
7.98k
}
1543
1544
/// Perform access-control checking on a previously-unresolved member
1545
/// access which has now been resolved to a member.
1546
Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
1547
70.4k
                                                     DeclAccessPair Found) {
1548
70.4k
  if (!getLangOpts().AccessControl ||
1549
66.7k
      Found.getAccess() == AS_public)
1550
60.9k
    return AR_accessible;
1551
1552
9.44k
  QualType BaseType = E->getBaseType();
1553
9.44k
  if (E->isArrow())
1554
9.19k
    BaseType = BaseType->castAs<PointerType>()->getPointeeType();
1555
1556
9.44k
  AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1557
9.44k
                      Found, BaseType);
1558
9.44k
  Entity.setDiag(diag::err_access) << E->getSourceRange();
1559
1560
9.44k
  return CheckAccess(*this, E->getMemberLoc(), Entity);
1561
9.44k
}
1562
1563
/// Is the given member accessible for the purposes of deciding whether to
1564
/// define a special member function as deleted?
1565
bool Sema::isMemberAccessibleForDeletion(CXXRecordDecl *NamingClass,
1566
                                         DeclAccessPair Found,
1567
                                         QualType ObjectType,
1568
                                         SourceLocation Loc,
1569
244k
                                         const PartialDiagnostic &Diag) {
1570
  // Fast path.
1571
244k
  if (Found.getAccess() == AS_public || 
!getLangOpts().AccessControl63.3k
)
1572
182k
    return true;
1573
1574
61.6k
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1575
61.6k
                      ObjectType);
1576
1577
  // Suppress diagnostics.
1578
61.6k
  Entity.setDiag(Diag);
1579
1580
61.6k
  switch (CheckAccess(*this, Loc, Entity)) {
1581
57.6k
  case AR_accessible: return true;
1582
3.99k
  case AR_inaccessible: return false;
1583
0
  case AR_dependent: llvm_unreachable("dependent for =delete computation");
1584
0
  case AR_delayed: llvm_unreachable("cannot delay =delete computation");
1585
0
  }
1586
0
  llvm_unreachable("bad access result");
1587
0
}
1588
1589
Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc,
1590
                                               CXXDestructorDecl *Dtor,
1591
                                               const PartialDiagnostic &PDiag,
1592
269k
                                               QualType ObjectTy) {
1593
269k
  if (!getLangOpts().AccessControl)
1594
2.40k
    return AR_accessible;
1595
1596
  // There's never a path involved when checking implicit destructor access.
1597
267k
  AccessSpecifier Access = Dtor->getAccess();
1598
267k
  if (Access == AS_public)
1599
264k
    return AR_accessible;
1600
1601
2.62k
  CXXRecordDecl *NamingClass = Dtor->getParent();
1602
2.62k
  if (ObjectTy.isNull()) 
ObjectTy = Context.getTypeDeclType(NamingClass)162
;
1603
1604
2.62k
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1605
2.62k
                      DeclAccessPair::make(Dtor, Access),
1606
2.62k
                      ObjectTy);
1607
2.62k
  Entity.setDiag(PDiag); // TODO: avoid copy
1608
1609
2.62k
  return CheckAccess(*this, Loc, Entity);
1610
2.62k
}
1611
1612
/// Checks access to a constructor.
1613
Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1614
                                                CXXConstructorDecl *Constructor,
1615
                                                DeclAccessPair Found,
1616
                                                const InitializedEntity &Entity,
1617
327k
                                                bool IsCopyBindingRefToTemp) {
1618
327k
  if (!getLangOpts().AccessControl || 
Found.getAccess() == AS_public325k
)
1619
320k
    return AR_accessible;
1620
1621
6.94k
  PartialDiagnostic PD(PDiag());
1622
6.94k
  switch (Entity.getKind()) {
1623
3.98k
  default:
1624
3.98k
    PD = PDiag(IsCopyBindingRefToTemp
1625
7
                 ? diag::ext_rvalue_to_reference_access_ctor
1626
3.97k
                 : diag::err_access_ctor);
1627
1628
3.98k
    break;
1629
1630
2.93k
  case InitializedEntity::EK_Base:
1631
2.93k
    PD = PDiag(diag::err_access_base_ctor);
1632
2.93k
    PD << Entity.isInheritedVirtualBase()
1633
2.93k
       << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor);
1634
2.93k
    break;
1635
1636
24
  case InitializedEntity::EK_Member: {
1637
24
    const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl());
1638
24
    PD = PDiag(diag::err_access_field_ctor);
1639
24
    PD << Field->getType() << getSpecialMember(Constructor);
1640
24
    break;
1641
0
  }
1642
1643
2
  case InitializedEntity::EK_LambdaCapture: {
1644
2
    StringRef VarName = Entity.getCapturedVarName();
1645
2
    PD = PDiag(diag::err_access_lambda_capture);
1646
2
    PD << VarName << Entity.getType() << getSpecialMember(Constructor);
1647
2
    break;
1648
6.94k
  }
1649
1650
6.94k
  }
1651
1652
6.94k
  return CheckConstructorAccess(UseLoc, Constructor, Found, Entity, PD);
1653
6.94k
}
1654
1655
/// Checks access to a constructor.
1656
Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1657
                                                CXXConstructorDecl *Constructor,
1658
                                                DeclAccessPair Found,
1659
                                                const InitializedEntity &Entity,
1660
6.98k
                                                const PartialDiagnostic &PD) {
1661
6.98k
  if (!getLangOpts().AccessControl ||
1662
6.98k
      Found.getAccess() == AS_public)
1663
34
    return AR_accessible;
1664
1665
6.95k
  CXXRecordDecl *NamingClass = Constructor->getParent();
1666
1667
  // Initializing a base sub-object is an instance method call on an
1668
  // object of the derived class.  Otherwise, we have an instance method
1669
  // call on an object of the constructed type.
1670
  //
1671
  // FIXME: If we have a parent, we're initializing the base class subobject
1672
  // in aggregate initialization. It's not clear whether the object class
1673
  // should be the base class or the derived class in that case.
1674
6.95k
  CXXRecordDecl *ObjectClass;
1675
6.95k
  if ((Entity.getKind() == InitializedEntity::EK_Base ||
1676
4.01k
       Entity.getKind() == InitializedEntity::EK_Delegating) &&
1677
3.14k
      !Entity.getParent()) {
1678
3.13k
    ObjectClass = cast<CXXConstructorDecl>(CurContext)->getParent();
1679
3.81k
  } else if (auto *Shadow =
1680
12
                 dyn_cast<ConstructorUsingShadowDecl>(Found.getDecl())) {
1681
    // If we're using an inheriting constructor to construct an object,
1682
    // the object class is the derived class, not the base class.
1683
12
    ObjectClass = Shadow->getParent();
1684
3.80k
  } else {
1685
3.80k
    ObjectClass = NamingClass;
1686
3.80k
  }
1687
1688
6.95k
  AccessTarget AccessEntity(
1689
6.95k
      Context, AccessTarget::Member, NamingClass,
1690
6.95k
      DeclAccessPair::make(Constructor, Found.getAccess()),
1691
6.95k
      Context.getTypeDeclType(ObjectClass));
1692
6.95k
  AccessEntity.setDiag(PD);
1693
1694
6.95k
  return CheckAccess(*this, UseLoc, AccessEntity);
1695
6.95k
}
1696
1697
/// Checks access to an overloaded operator new or delete.
1698
Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc,
1699
                                               SourceRange PlacementRange,
1700
                                               CXXRecordDecl *NamingClass,
1701
                                               DeclAccessPair Found,
1702
7.51k
                                               bool Diagnose) {
1703
7.51k
  if (!getLangOpts().AccessControl ||
1704
7.42k
      !NamingClass ||
1705
597
      Found.getAccess() == AS_public)
1706
7.49k
    return AR_accessible;
1707
1708
23
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1709
23
                      QualType());
1710
23
  if (Diagnose)
1711
17
    Entity.setDiag(diag::err_access)
1712
17
      << PlacementRange;
1713
1714
23
  return CheckAccess(*this, OpLoc, Entity);
1715
23
}
1716
1717
/// Checks access to a member.
1718
Sema::AccessResult Sema::CheckMemberAccess(SourceLocation UseLoc,
1719
                                           CXXRecordDecl *NamingClass,
1720
1.93k
                                           DeclAccessPair Found) {
1721
1.93k
  if (!getLangOpts().AccessControl ||
1722
1.93k
      !NamingClass ||
1723
824
      Found.getAccess() == AS_public)
1724
1.76k
    return AR_accessible;
1725
1726
175
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1727
175
                      Found, QualType());
1728
1729
175
  return CheckAccess(*this, UseLoc, Entity);
1730
175
}
1731
1732
/// Checks implicit access to a member in a structured binding.
1733
Sema::AccessResult
1734
Sema::CheckStructuredBindingMemberAccess(SourceLocation UseLoc,
1735
                                         CXXRecordDecl *DecomposedClass,
1736
327
                                         DeclAccessPair Field) {
1737
327
  if (!getLangOpts().AccessControl ||
1738
327
      Field.getAccess() == AS_public)
1739
312
    return AR_accessible;
1740
1741
15
  AccessTarget Entity(Context, AccessTarget::Member, DecomposedClass, Field,
1742
15
                      Context.getRecordType(DecomposedClass));
1743
15
  Entity.setDiag(diag::err_decomp_decl_inaccessible_field);
1744
1745
15
  return CheckAccess(*this, UseLoc, Entity);
1746
15
}
1747
1748
/// Checks access to an overloaded member operator, including
1749
/// conversion operators.
1750
Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1751
                                                   Expr *ObjectExpr,
1752
                                                   Expr *ArgExpr,
1753
85.4k
                                                   DeclAccessPair Found) {
1754
85.4k
  if (!getLangOpts().AccessControl ||
1755
84.1k
      Found.getAccess() == AS_public)
1756
83.7k
    return AR_accessible;
1757
1758
1.63k
  const RecordType *RT = ObjectExpr->getType()->castAs<RecordType>();
1759
1.63k
  CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl());
1760
1761
1.63k
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1762
1.63k
                      ObjectExpr->getType());
1763
1.63k
  Entity.setDiag(diag::err_access)
1764
1.63k
    << ObjectExpr->getSourceRange()
1765
1.54k
    << (ArgExpr ? ArgExpr->getSourceRange() : 
SourceRange()92
);
1766
1767
1.63k
  return CheckAccess(*this, OpLoc, Entity);
1768
1.63k
}
1769
1770
/// Checks access to the target of a friend declaration.
1771
360
Sema::AccessResult Sema::CheckFriendAccess(NamedDecl *target) {
1772
360
  assert(isa<CXXMethodDecl>(target->getAsFunction()));
1773
1774
  // Friendship lookup is a redeclaration lookup, so there's never an
1775
  // inheritance path modifying access.
1776
360
  AccessSpecifier access = target->getAccess();
1777
1778
360
  if (!getLangOpts().AccessControl || access == AS_public)
1779
337
    return AR_accessible;
1780
1781
23
  CXXMethodDecl *method = cast<CXXMethodDecl>(target->getAsFunction());
1782
1783
23
  AccessTarget entity(Context, AccessTarget::Member,
1784
23
                      cast<CXXRecordDecl>(target->getDeclContext()),
1785
23
                      DeclAccessPair::make(target, access),
1786
23
                      /*no instance context*/ QualType());
1787
23
  entity.setDiag(diag::err_access_friend_function)
1788
21
      << (method->getQualifier() ? method->getQualifierLoc().getSourceRange()
1789
2
                                 : method->getNameInfo().getSourceRange());
1790
1791
  // We need to bypass delayed-diagnostics because we might be called
1792
  // while the ParsingDeclarator is active.
1793
23
  EffectiveContext EC(CurContext);
1794
23
  switch (CheckEffectiveAccess(*this, EC, target->getLocation(), entity)) {
1795
8
  case ::AR_accessible: return Sema::AR_accessible;
1796
13
  case ::AR_inaccessible: return Sema::AR_inaccessible;
1797
2
  case ::AR_dependent: return Sema::AR_dependent;
1798
0
  }
1799
0
  llvm_unreachable("invalid access result");
1800
0
}
1801
1802
Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr,
1803
1.38k
                                                    DeclAccessPair Found) {
1804
1.38k
  if (!getLangOpts().AccessControl ||
1805
1.38k
      Found.getAccess() == AS_none ||
1806
282
      Found.getAccess() == AS_public)
1807
1.31k
    return AR_accessible;
1808
1809
69
  OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression;
1810
69
  CXXRecordDecl *NamingClass = Ovl->getNamingClass();
1811
1812
69
  AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1813
69
                      /*no instance context*/ QualType());
1814
69
  Entity.setDiag(diag::err_access)
1815
69
    << Ovl->getSourceRange();
1816
1817
69
  return CheckAccess(*this, Ovl->getNameLoc(), Entity);
1818
69
}
1819
1820
/// Checks access for a hierarchy conversion.
1821
///
1822
/// \param ForceCheck true if this check should be performed even if access
1823
///     control is disabled;  some things rely on this for semantics
1824
/// \param ForceUnprivileged true if this check should proceed as if the
1825
///     context had no special privileges
1826
Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc,
1827
                                              QualType Base,
1828
                                              QualType Derived,
1829
                                              const CXXBasePath &Path,
1830
                                              unsigned DiagID,
1831
                                              bool ForceCheck,
1832
37.0k
                                              bool ForceUnprivileged) {
1833
37.0k
  if (!ForceCheck && 
!getLangOpts().AccessControl36.9k
)
1834
2.37k
    return AR_accessible;
1835
1836
34.6k
  if (Path.Access == AS_public)
1837
19.3k
    return AR_accessible;
1838
1839
15.2k
  CXXRecordDecl *BaseD, *DerivedD;
1840
15.2k
  BaseD = cast<CXXRecordDecl>(Base->castAs<RecordType>()->getDecl());
1841
15.2k
  DerivedD = cast<CXXRecordDecl>(Derived->castAs<RecordType>()->getDecl());
1842
1843
15.2k
  AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD,
1844
15.2k
                      Path.Access);
1845
15.2k
  if (DiagID)
1846
15.2k
    Entity.setDiag(DiagID) << Derived << Base;
1847
1848
15.2k
  if (ForceUnprivileged) {
1849
15
    switch (CheckEffectiveAccess(*this, EffectiveContext(),
1850
15
                                 AccessLoc, Entity)) {
1851
0
    case ::AR_accessible: return Sema::AR_accessible;
1852
15
    case ::AR_inaccessible: return Sema::AR_inaccessible;
1853
0
    case ::AR_dependent: return Sema::AR_dependent;
1854
0
    }
1855
0
    llvm_unreachable("unexpected result from CheckEffectiveAccess");
1856
0
  }
1857
15.2k
  return CheckAccess(*this, AccessLoc, Entity);
1858
15.2k
}
1859
1860
/// Checks access to all the declarations in the given result set.
1861
4.33M
void Sema::CheckLookupAccess(const LookupResult &R) {
1862
4.33M
  assert(getLangOpts().AccessControl
1863
4.33M
         && "performing access check without access control");
1864
4.33M
  assert(R.getNamingClass() && "performing access check without naming class");
1865
1866
8.83M
  for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; 
++I4.49M
) {
1867
4.49M
    if (I.getAccess() != AS_public) {
1868
810k
      AccessTarget Entity(Context, AccessedEntity::Member,
1869
810k
                          R.getNamingClass(), I.getPair(),
1870
810k
                          R.getBaseObjectType());
1871
810k
      Entity.setDiag(diag::err_access);
1872
810k
      CheckAccess(*this, R.getNameLoc(), Entity);
1873
810k
    }
1874
4.49M
  }
1875
4.33M
}
1876
1877
/// Checks access to Target from the given class. The check will take access
1878
/// specifiers into account, but no member access expressions and such.
1879
///
1880
/// \param Target the declaration to check if it can be accessed
1881
/// \param NamingClass the class in which the lookup was started.
1882
/// \param BaseType type of the left side of member access expression.
1883
///        \p BaseType and \p NamingClass are used for C++ access control.
1884
///        Depending on the lookup case, they should be set to the following:
1885
///        - lhs.target (member access without a qualifier):
1886
///          \p BaseType and \p NamingClass are both the type of 'lhs'.
1887
///        - lhs.X::target (member access with a qualifier):
1888
///          BaseType is the type of 'lhs', NamingClass is 'X'
1889
///        - X::target (qualified lookup without member access):
1890
///          BaseType is null, NamingClass is 'X'.
1891
///        - target (unqualified lookup).
1892
///          BaseType is null, NamingClass is the parent class of 'target'.
1893
/// \return true if the Target is accessible from the Class, false otherwise.
1894
bool Sema::IsSimplyAccessible(NamedDecl *Target, CXXRecordDecl *NamingClass,
1895
16.8k
                              QualType BaseType) {
1896
  // Perform the C++ accessibility checks first.
1897
16.8k
  if (Target->isCXXClassMember() && 
NamingClass2.15k
) {
1898
2.12k
    if (!getLangOpts().CPlusPlus)
1899
0
      return false;
1900
    // The unprivileged access is AS_none as we don't know how the member was
1901
    // accessed, which is described by the access in DeclAccessPair.
1902
    // `IsAccessible` will examine the actual access of Target (i.e.
1903
    // Decl->getAccess()) when calculating the access.
1904
2.12k
    AccessTarget Entity(Context, AccessedEntity::Member, NamingClass,
1905
2.12k
                        DeclAccessPair::make(Target, AS_none), BaseType);
1906
2.12k
    EffectiveContext EC(CurContext);
1907
2.12k
    return ::IsAccessible(*this, EC, Entity) != ::AR_inaccessible;
1908
2.12k
  }
1909
1910
14.7k
  if (ObjCIvarDecl *Ivar = dyn_cast<ObjCIvarDecl>(Target)) {
1911
    // @public and @package ivars are always accessible.
1912
76
    if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Public ||
1913
66
        Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Package)
1914
10
      return true;
1915
1916
    // If we are inside a class or category implementation, determine the
1917
    // interface we're in.
1918
66
    ObjCInterfaceDecl *ClassOfMethodDecl = nullptr;
1919
66
    if (ObjCMethodDecl *MD = getCurMethodDecl())
1920
56
      ClassOfMethodDecl =  MD->getClassInterface();
1921
10
    else if (FunctionDecl *FD = getCurFunctionDecl()) {
1922
10
      if (ObjCImplDecl *Impl
1923
0
            = dyn_cast<ObjCImplDecl>(FD->getLexicalDeclContext())) {
1924
0
        if (ObjCImplementationDecl *IMPD
1925
0
              = dyn_cast<ObjCImplementationDecl>(Impl))
1926
0
          ClassOfMethodDecl = IMPD->getClassInterface();
1927
0
        else if (ObjCCategoryImplDecl* CatImplClass
1928
0
                   = dyn_cast<ObjCCategoryImplDecl>(Impl))
1929
0
          ClassOfMethodDecl = CatImplClass->getClassInterface();
1930
0
      }
1931
10
    }
1932
1933
    // If we're not in an interface, this ivar is inaccessible.
1934
66
    if (!ClassOfMethodDecl)
1935
10
      return false;
1936
1937
    // If we're inside the same interface that owns the ivar, we're fine.
1938
56
    if (declaresSameEntity(ClassOfMethodDecl, Ivar->getContainingInterface()))
1939
50
      return true;
1940
1941
    // If the ivar is private, it's inaccessible.
1942
6
    if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Private)
1943
3
      return false;
1944
1945
3
    return Ivar->getContainingInterface()->isSuperClassOf(ClassOfMethodDecl);
1946
3
  }
1947
1948
14.6k
  return true;
1949
14.6k
}