1 //===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This file provides Sema routines for C++ access control semantics.
11 //
12 //===----------------------------------------------------------------------===//
13
14 #include "clang/Sema/SemaInternal.h"
15 #include "clang/Sema/DelayedDiagnostic.h"
16 #include "clang/Sema/Initialization.h"
17 #include "clang/Sema/Lookup.h"
18 #include "clang/AST/ASTContext.h"
19 #include "clang/AST/CXXInheritance.h"
20 #include "clang/AST/DeclCXX.h"
21 #include "clang/AST/DeclFriend.h"
22 #include "clang/AST/DependentDiagnostic.h"
23 #include "clang/AST/ExprCXX.h"
24
25 using namespace clang;
26 using namespace sema;
27
28 /// A copy of Sema's enum without AR_delayed.
29 enum AccessResult {
30 AR_accessible,
31 AR_inaccessible,
32 AR_dependent
33 };
34
35 /// SetMemberAccessSpecifier - Set the access specifier of a member.
36 /// Returns true on error (when the previous member decl access specifier
37 /// is different from the new member decl access specifier).
SetMemberAccessSpecifier(NamedDecl * MemberDecl,NamedDecl * PrevMemberDecl,AccessSpecifier LexicalAS)38 bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl,
39 NamedDecl *PrevMemberDecl,
40 AccessSpecifier LexicalAS) {
41 if (!PrevMemberDecl) {
42 // Use the lexical access specifier.
43 MemberDecl->setAccess(LexicalAS);
44 return false;
45 }
46
47 // C++ [class.access.spec]p3: When a member is redeclared its access
48 // specifier must be same as its initial declaration.
49 if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) {
50 Diag(MemberDecl->getLocation(),
51 diag::err_class_redeclared_with_different_access)
52 << MemberDecl << LexicalAS;
53 Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration)
54 << PrevMemberDecl << PrevMemberDecl->getAccess();
55
56 MemberDecl->setAccess(LexicalAS);
57 return true;
58 }
59
60 MemberDecl->setAccess(PrevMemberDecl->getAccess());
61 return false;
62 }
63
FindDeclaringClass(NamedDecl * D)64 static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) {
65 DeclContext *DC = D->getDeclContext();
66
67 // This can only happen at top: enum decls only "publish" their
68 // immediate members.
69 if (isa<EnumDecl>(DC))
70 DC = cast<EnumDecl>(DC)->getDeclContext();
71
72 CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC);
73 while (DeclaringClass->isAnonymousStructOrUnion())
74 DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext());
75 return DeclaringClass;
76 }
77
78 namespace {
79 struct EffectiveContext {
EffectiveContext__anon10a2f84c0111::EffectiveContext80 EffectiveContext() : Inner(0), Dependent(false) {}
81
EffectiveContext__anon10a2f84c0111::EffectiveContext82 explicit EffectiveContext(DeclContext *DC)
83 : Inner(DC),
84 Dependent(DC->isDependentContext()) {
85
86 // C++ [class.access.nest]p1:
87 // A nested class is a member and as such has the same access
88 // rights as any other member.
89 // C++ [class.access]p2:
90 // A member of a class can also access all the names to which
91 // the class has access. A local class of a member function
92 // may access the same names that the member function itself
93 // may access.
94 // This almost implies that the privileges of nesting are transitive.
95 // Technically it says nothing about the local classes of non-member
96 // functions (which can gain privileges through friendship), but we
97 // take that as an oversight.
98 while (true) {
99 if (isa<CXXRecordDecl>(DC)) {
100 CXXRecordDecl *Record = cast<CXXRecordDecl>(DC)->getCanonicalDecl();
101 Records.push_back(Record);
102 DC = Record->getDeclContext();
103 } else if (isa<FunctionDecl>(DC)) {
104 FunctionDecl *Function = cast<FunctionDecl>(DC)->getCanonicalDecl();
105 Functions.push_back(Function);
106 DC = Function->getDeclContext();
107 } else if (DC->isFileContext()) {
108 break;
109 } else {
110 DC = DC->getParent();
111 }
112 }
113 }
114
isDependent__anon10a2f84c0111::EffectiveContext115 bool isDependent() const { return Dependent; }
116
includesClass__anon10a2f84c0111::EffectiveContext117 bool includesClass(const CXXRecordDecl *R) const {
118 R = R->getCanonicalDecl();
119 return std::find(Records.begin(), Records.end(), R)
120 != Records.end();
121 }
122
123 /// Retrieves the innermost "useful" context. Can be null if we're
124 /// doing access-control without privileges.
getInnerContext__anon10a2f84c0111::EffectiveContext125 DeclContext *getInnerContext() const {
126 return Inner;
127 }
128
129 typedef llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator;
130
131 DeclContext *Inner;
132 llvm::SmallVector<FunctionDecl*, 4> Functions;
133 llvm::SmallVector<CXXRecordDecl*, 4> Records;
134 bool Dependent;
135 };
136
137 /// Like sema::AccessedEntity, but kindly lets us scribble all over
138 /// it.
139 struct AccessTarget : public AccessedEntity {
AccessTarget__anon10a2f84c0111::AccessTarget140 AccessTarget(const AccessedEntity &Entity)
141 : AccessedEntity(Entity) {
142 initialize();
143 }
144
AccessTarget__anon10a2f84c0111::AccessTarget145 AccessTarget(ASTContext &Context,
146 MemberNonce _,
147 CXXRecordDecl *NamingClass,
148 DeclAccessPair FoundDecl,
149 QualType BaseObjectType,
150 bool IsUsingDecl = false)
151 : AccessedEntity(Context, Member, NamingClass, FoundDecl, BaseObjectType),
152 IsUsingDeclaration(IsUsingDecl) {
153 initialize();
154 }
155
AccessTarget__anon10a2f84c0111::AccessTarget156 AccessTarget(ASTContext &Context,
157 BaseNonce _,
158 CXXRecordDecl *BaseClass,
159 CXXRecordDecl *DerivedClass,
160 AccessSpecifier Access)
161 : AccessedEntity(Context, Base, BaseClass, DerivedClass, Access) {
162 initialize();
163 }
164
hasInstanceContext__anon10a2f84c0111::AccessTarget165 bool hasInstanceContext() const {
166 return HasInstanceContext;
167 }
168
169 class SavedInstanceContext {
170 public:
~SavedInstanceContext()171 ~SavedInstanceContext() {
172 Target.HasInstanceContext = Has;
173 }
174
175 private:
176 friend struct AccessTarget;
SavedInstanceContext(AccessTarget & Target)177 explicit SavedInstanceContext(AccessTarget &Target)
178 : Target(Target), Has(Target.HasInstanceContext) {}
179 AccessTarget &Target;
180 bool Has;
181 };
182
saveInstanceContext__anon10a2f84c0111::AccessTarget183 SavedInstanceContext saveInstanceContext() {
184 return SavedInstanceContext(*this);
185 }
186
suppressInstanceContext__anon10a2f84c0111::AccessTarget187 void suppressInstanceContext() {
188 HasInstanceContext = false;
189 }
190
resolveInstanceContext__anon10a2f84c0111::AccessTarget191 const CXXRecordDecl *resolveInstanceContext(Sema &S) const {
192 assert(HasInstanceContext);
193 if (CalculatedInstanceContext)
194 return InstanceContext;
195
196 CalculatedInstanceContext = true;
197 DeclContext *IC = S.computeDeclContext(getBaseObjectType());
198 InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl() : 0);
199 return InstanceContext;
200 }
201
getDeclaringClass__anon10a2f84c0111::AccessTarget202 const CXXRecordDecl *getDeclaringClass() const {
203 return DeclaringClass;
204 }
205
206 private:
initialize__anon10a2f84c0111::AccessTarget207 void initialize() {
208 HasInstanceContext = (isMemberAccess() &&
209 !getBaseObjectType().isNull() &&
210 getTargetDecl()->isCXXInstanceMember());
211 CalculatedInstanceContext = false;
212 InstanceContext = 0;
213
214 if (isMemberAccess())
215 DeclaringClass = FindDeclaringClass(getTargetDecl());
216 else
217 DeclaringClass = getBaseClass();
218 DeclaringClass = DeclaringClass->getCanonicalDecl();
219 }
220
221 bool IsUsingDeclaration : 1;
222 bool HasInstanceContext : 1;
223 mutable bool CalculatedInstanceContext : 1;
224 mutable const CXXRecordDecl *InstanceContext;
225 const CXXRecordDecl *DeclaringClass;
226 };
227
228 }
229
230 /// Checks whether one class might instantiate to the other.
MightInstantiateTo(const CXXRecordDecl * From,const CXXRecordDecl * To)231 static bool MightInstantiateTo(const CXXRecordDecl *From,
232 const CXXRecordDecl *To) {
233 // Declaration names are always preserved by instantiation.
234 if (From->getDeclName() != To->getDeclName())
235 return false;
236
237 const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext();
238 const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext();
239 if (FromDC == ToDC) return true;
240 if (FromDC->isFileContext() || ToDC->isFileContext()) return false;
241
242 // Be conservative.
243 return true;
244 }
245
246 /// Checks whether one class is derived from another, inclusively.
247 /// Properly indicates when it couldn't be determined due to
248 /// dependence.
249 ///
250 /// This should probably be donated to AST or at least Sema.
IsDerivedFromInclusive(const CXXRecordDecl * Derived,const CXXRecordDecl * Target)251 static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived,
252 const CXXRecordDecl *Target) {
253 assert(Derived->getCanonicalDecl() == Derived);
254 assert(Target->getCanonicalDecl() == Target);
255
256 if (Derived == Target) return AR_accessible;
257
258 bool CheckDependent = Derived->isDependentContext();
259 if (CheckDependent && MightInstantiateTo(Derived, Target))
260 return AR_dependent;
261
262 AccessResult OnFailure = AR_inaccessible;
263 llvm::SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack
264
265 while (true) {
266 for (CXXRecordDecl::base_class_const_iterator
267 I = Derived->bases_begin(), E = Derived->bases_end(); I != E; ++I) {
268
269 const CXXRecordDecl *RD;
270
271 QualType T = I->getType();
272 if (const RecordType *RT = T->getAs<RecordType>()) {
273 RD = cast<CXXRecordDecl>(RT->getDecl());
274 } else if (const InjectedClassNameType *IT
275 = T->getAs<InjectedClassNameType>()) {
276 RD = IT->getDecl();
277 } else {
278 assert(T->isDependentType() && "non-dependent base wasn't a record?");
279 OnFailure = AR_dependent;
280 continue;
281 }
282
283 RD = RD->getCanonicalDecl();
284 if (RD == Target) return AR_accessible;
285 if (CheckDependent && MightInstantiateTo(RD, Target))
286 OnFailure = AR_dependent;
287
288 Queue.push_back(RD);
289 }
290
291 if (Queue.empty()) break;
292
293 Derived = Queue.back();
294 Queue.pop_back();
295 }
296
297 return OnFailure;
298 }
299
300
MightInstantiateTo(Sema & S,DeclContext * Context,DeclContext * Friend)301 static bool MightInstantiateTo(Sema &S, DeclContext *Context,
302 DeclContext *Friend) {
303 if (Friend == Context)
304 return true;
305
306 assert(!Friend->isDependentContext() &&
307 "can't handle friends with dependent contexts here");
308
309 if (!Context->isDependentContext())
310 return false;
311
312 if (Friend->isFileContext())
313 return false;
314
315 // TODO: this is very conservative
316 return true;
317 }
318
319 // Asks whether the type in 'context' can ever instantiate to the type
320 // in 'friend'.
MightInstantiateTo(Sema & S,CanQualType Context,CanQualType Friend)321 static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) {
322 if (Friend == Context)
323 return true;
324
325 if (!Friend->isDependentType() && !Context->isDependentType())
326 return false;
327
328 // TODO: this is very conservative.
329 return true;
330 }
331
MightInstantiateTo(Sema & S,FunctionDecl * Context,FunctionDecl * Friend)332 static bool MightInstantiateTo(Sema &S,
333 FunctionDecl *Context,
334 FunctionDecl *Friend) {
335 if (Context->getDeclName() != Friend->getDeclName())
336 return false;
337
338 if (!MightInstantiateTo(S,
339 Context->getDeclContext(),
340 Friend->getDeclContext()))
341 return false;
342
343 CanQual<FunctionProtoType> FriendTy
344 = S.Context.getCanonicalType(Friend->getType())
345 ->getAs<FunctionProtoType>();
346 CanQual<FunctionProtoType> ContextTy
347 = S.Context.getCanonicalType(Context->getType())
348 ->getAs<FunctionProtoType>();
349
350 // There isn't any way that I know of to add qualifiers
351 // during instantiation.
352 if (FriendTy.getQualifiers() != ContextTy.getQualifiers())
353 return false;
354
355 if (FriendTy->getNumArgs() != ContextTy->getNumArgs())
356 return false;
357
358 if (!MightInstantiateTo(S,
359 ContextTy->getResultType(),
360 FriendTy->getResultType()))
361 return false;
362
363 for (unsigned I = 0, E = FriendTy->getNumArgs(); I != E; ++I)
364 if (!MightInstantiateTo(S,
365 ContextTy->getArgType(I),
366 FriendTy->getArgType(I)))
367 return false;
368
369 return true;
370 }
371
MightInstantiateTo(Sema & S,FunctionTemplateDecl * Context,FunctionTemplateDecl * Friend)372 static bool MightInstantiateTo(Sema &S,
373 FunctionTemplateDecl *Context,
374 FunctionTemplateDecl *Friend) {
375 return MightInstantiateTo(S,
376 Context->getTemplatedDecl(),
377 Friend->getTemplatedDecl());
378 }
379
MatchesFriend(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * Friend)380 static AccessResult MatchesFriend(Sema &S,
381 const EffectiveContext &EC,
382 const CXXRecordDecl *Friend) {
383 if (EC.includesClass(Friend))
384 return AR_accessible;
385
386 if (EC.isDependent()) {
387 CanQualType FriendTy
388 = S.Context.getCanonicalType(S.Context.getTypeDeclType(Friend));
389
390 for (EffectiveContext::record_iterator
391 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
392 CanQualType ContextTy
393 = S.Context.getCanonicalType(S.Context.getTypeDeclType(*I));
394 if (MightInstantiateTo(S, ContextTy, FriendTy))
395 return AR_dependent;
396 }
397 }
398
399 return AR_inaccessible;
400 }
401
MatchesFriend(Sema & S,const EffectiveContext & EC,CanQualType Friend)402 static AccessResult MatchesFriend(Sema &S,
403 const EffectiveContext &EC,
404 CanQualType Friend) {
405 if (const RecordType *RT = Friend->getAs<RecordType>())
406 return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl()));
407
408 // TODO: we can do better than this
409 if (Friend->isDependentType())
410 return AR_dependent;
411
412 return AR_inaccessible;
413 }
414
415 /// Determines whether the given friend class template matches
416 /// anything in the effective context.
MatchesFriend(Sema & S,const EffectiveContext & EC,ClassTemplateDecl * Friend)417 static AccessResult MatchesFriend(Sema &S,
418 const EffectiveContext &EC,
419 ClassTemplateDecl *Friend) {
420 AccessResult OnFailure = AR_inaccessible;
421
422 // Check whether the friend is the template of a class in the
423 // context chain.
424 for (llvm::SmallVectorImpl<CXXRecordDecl*>::const_iterator
425 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
426 CXXRecordDecl *Record = *I;
427
428 // Figure out whether the current class has a template:
429 ClassTemplateDecl *CTD;
430
431 // A specialization of the template...
432 if (isa<ClassTemplateSpecializationDecl>(Record)) {
433 CTD = cast<ClassTemplateSpecializationDecl>(Record)
434 ->getSpecializedTemplate();
435
436 // ... or the template pattern itself.
437 } else {
438 CTD = Record->getDescribedClassTemplate();
439 if (!CTD) continue;
440 }
441
442 // It's a match.
443 if (Friend == CTD->getCanonicalDecl())
444 return AR_accessible;
445
446 // If the context isn't dependent, it can't be a dependent match.
447 if (!EC.isDependent())
448 continue;
449
450 // If the template names don't match, it can't be a dependent
451 // match.
452 if (CTD->getDeclName() != Friend->getDeclName())
453 continue;
454
455 // If the class's context can't instantiate to the friend's
456 // context, it can't be a dependent match.
457 if (!MightInstantiateTo(S, CTD->getDeclContext(),
458 Friend->getDeclContext()))
459 continue;
460
461 // Otherwise, it's a dependent match.
462 OnFailure = AR_dependent;
463 }
464
465 return OnFailure;
466 }
467
468 /// Determines whether the given friend function matches anything in
469 /// the effective context.
MatchesFriend(Sema & S,const EffectiveContext & EC,FunctionDecl * Friend)470 static AccessResult MatchesFriend(Sema &S,
471 const EffectiveContext &EC,
472 FunctionDecl *Friend) {
473 AccessResult OnFailure = AR_inaccessible;
474
475 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator
476 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
477 if (Friend == *I)
478 return AR_accessible;
479
480 if (EC.isDependent() && MightInstantiateTo(S, *I, Friend))
481 OnFailure = AR_dependent;
482 }
483
484 return OnFailure;
485 }
486
487 /// Determines whether the given friend function template matches
488 /// anything in the effective context.
MatchesFriend(Sema & S,const EffectiveContext & EC,FunctionTemplateDecl * Friend)489 static AccessResult MatchesFriend(Sema &S,
490 const EffectiveContext &EC,
491 FunctionTemplateDecl *Friend) {
492 if (EC.Functions.empty()) return AR_inaccessible;
493
494 AccessResult OnFailure = AR_inaccessible;
495
496 for (llvm::SmallVectorImpl<FunctionDecl*>::const_iterator
497 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) {
498
499 FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate();
500 if (!FTD)
501 FTD = (*I)->getDescribedFunctionTemplate();
502 if (!FTD)
503 continue;
504
505 FTD = FTD->getCanonicalDecl();
506
507 if (Friend == FTD)
508 return AR_accessible;
509
510 if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend))
511 OnFailure = AR_dependent;
512 }
513
514 return OnFailure;
515 }
516
517 /// Determines whether the given friend declaration matches anything
518 /// in the effective context.
MatchesFriend(Sema & S,const EffectiveContext & EC,FriendDecl * FriendD)519 static AccessResult MatchesFriend(Sema &S,
520 const EffectiveContext &EC,
521 FriendDecl *FriendD) {
522 // Whitelist accesses if there's an invalid or unsupported friend
523 // declaration.
524 if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend())
525 return AR_accessible;
526
527 if (TypeSourceInfo *T = FriendD->getFriendType())
528 return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified());
529
530 NamedDecl *Friend
531 = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl());
532
533 // FIXME: declarations with dependent or templated scope.
534
535 if (isa<ClassTemplateDecl>(Friend))
536 return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend));
537
538 if (isa<FunctionTemplateDecl>(Friend))
539 return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend));
540
541 if (isa<CXXRecordDecl>(Friend))
542 return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend));
543
544 assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind");
545 return MatchesFriend(S, EC, cast<FunctionDecl>(Friend));
546 }
547
GetFriendKind(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * Class)548 static AccessResult GetFriendKind(Sema &S,
549 const EffectiveContext &EC,
550 const CXXRecordDecl *Class) {
551 AccessResult OnFailure = AR_inaccessible;
552
553 // Okay, check friends.
554 for (CXXRecordDecl::friend_iterator I = Class->friend_begin(),
555 E = Class->friend_end(); I != E; ++I) {
556 FriendDecl *Friend = *I;
557
558 switch (MatchesFriend(S, EC, Friend)) {
559 case AR_accessible:
560 return AR_accessible;
561
562 case AR_inaccessible:
563 continue;
564
565 case AR_dependent:
566 OnFailure = AR_dependent;
567 break;
568 }
569 }
570
571 // That's it, give up.
572 return OnFailure;
573 }
574
575 namespace {
576
577 /// A helper class for checking for a friend which will grant access
578 /// to a protected instance member.
579 struct ProtectedFriendContext {
580 Sema &S;
581 const EffectiveContext &EC;
582 const CXXRecordDecl *NamingClass;
583 bool CheckDependent;
584 bool EverDependent;
585
586 /// The path down to the current base class.
587 llvm::SmallVector<const CXXRecordDecl*, 20> CurPath;
588
ProtectedFriendContext__anon10a2f84c0211::ProtectedFriendContext589 ProtectedFriendContext(Sema &S, const EffectiveContext &EC,
590 const CXXRecordDecl *InstanceContext,
591 const CXXRecordDecl *NamingClass)
592 : S(S), EC(EC), NamingClass(NamingClass),
593 CheckDependent(InstanceContext->isDependentContext() ||
594 NamingClass->isDependentContext()),
595 EverDependent(false) {}
596
597 /// Check classes in the current path for friendship, starting at
598 /// the given index.
checkFriendshipAlongPath__anon10a2f84c0211::ProtectedFriendContext599 bool checkFriendshipAlongPath(unsigned I) {
600 assert(I < CurPath.size());
601 for (unsigned E = CurPath.size(); I != E; ++I) {
602 switch (GetFriendKind(S, EC, CurPath[I])) {
603 case AR_accessible: return true;
604 case AR_inaccessible: continue;
605 case AR_dependent: EverDependent = true; continue;
606 }
607 }
608 return false;
609 }
610
611 /// Perform a search starting at the given class.
612 ///
613 /// PrivateDepth is the index of the last (least derived) class
614 /// along the current path such that a notional public member of
615 /// the final class in the path would have access in that class.
findFriendship__anon10a2f84c0211::ProtectedFriendContext616 bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) {
617 // If we ever reach the naming class, check the current path for
618 // friendship. We can also stop recursing because we obviously
619 // won't find the naming class there again.
620 if (Cur == NamingClass)
621 return checkFriendshipAlongPath(PrivateDepth);
622
623 if (CheckDependent && MightInstantiateTo(Cur, NamingClass))
624 EverDependent = true;
625
626 // Recurse into the base classes.
627 for (CXXRecordDecl::base_class_const_iterator
628 I = Cur->bases_begin(), E = Cur->bases_end(); I != E; ++I) {
629
630 // If this is private inheritance, then a public member of the
631 // base will not have any access in classes derived from Cur.
632 unsigned BasePrivateDepth = PrivateDepth;
633 if (I->getAccessSpecifier() == AS_private)
634 BasePrivateDepth = CurPath.size() - 1;
635
636 const CXXRecordDecl *RD;
637
638 QualType T = I->getType();
639 if (const RecordType *RT = T->getAs<RecordType>()) {
640 RD = cast<CXXRecordDecl>(RT->getDecl());
641 } else if (const InjectedClassNameType *IT
642 = T->getAs<InjectedClassNameType>()) {
643 RD = IT->getDecl();
644 } else {
645 assert(T->isDependentType() && "non-dependent base wasn't a record?");
646 EverDependent = true;
647 continue;
648 }
649
650 // Recurse. We don't need to clean up if this returns true.
651 CurPath.push_back(RD);
652 if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth))
653 return true;
654 CurPath.pop_back();
655 }
656
657 return false;
658 }
659
findFriendship__anon10a2f84c0211::ProtectedFriendContext660 bool findFriendship(const CXXRecordDecl *Cur) {
661 assert(CurPath.empty());
662 CurPath.push_back(Cur);
663 return findFriendship(Cur, 0);
664 }
665 };
666 }
667
668 /// Search for a class P that EC is a friend of, under the constraint
669 /// InstanceContext <= P <= NamingClass
670 /// and with the additional restriction that a protected member of
671 /// NamingClass would have some natural access in P.
672 ///
673 /// That second condition isn't actually quite right: the condition in
674 /// the standard is whether the target would have some natural access
675 /// in P. The difference is that the target might be more accessible
676 /// along some path not passing through NamingClass. Allowing that
677 /// introduces two problems:
678 /// - It breaks encapsulation because you can suddenly access a
679 /// forbidden base class's members by subclassing it elsewhere.
680 /// - It makes access substantially harder to compute because it
681 /// breaks the hill-climbing algorithm: knowing that the target is
682 /// accessible in some base class would no longer let you change
683 /// the question solely to whether the base class is accessible,
684 /// because the original target might have been more accessible
685 /// because of crazy subclassing.
686 /// So we don't implement that.
GetProtectedFriendKind(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * InstanceContext,const CXXRecordDecl * NamingClass)687 static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC,
688 const CXXRecordDecl *InstanceContext,
689 const CXXRecordDecl *NamingClass) {
690 assert(InstanceContext->getCanonicalDecl() == InstanceContext);
691 assert(NamingClass->getCanonicalDecl() == NamingClass);
692
693 ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass);
694 if (PRC.findFriendship(InstanceContext)) return AR_accessible;
695 if (PRC.EverDependent) return AR_dependent;
696 return AR_inaccessible;
697 }
698
HasAccess(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * NamingClass,AccessSpecifier Access,const AccessTarget & Target)699 static AccessResult HasAccess(Sema &S,
700 const EffectiveContext &EC,
701 const CXXRecordDecl *NamingClass,
702 AccessSpecifier Access,
703 const AccessTarget &Target) {
704 assert(NamingClass->getCanonicalDecl() == NamingClass &&
705 "declaration should be canonicalized before being passed here");
706
707 if (Access == AS_public) return AR_accessible;
708 assert(Access == AS_private || Access == AS_protected);
709
710 AccessResult OnFailure = AR_inaccessible;
711
712 for (EffectiveContext::record_iterator
713 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
714 // All the declarations in EC have been canonicalized, so pointer
715 // equality from this point on will work fine.
716 const CXXRecordDecl *ECRecord = *I;
717
718 // [B2] and [M2]
719 if (Access == AS_private) {
720 if (ECRecord == NamingClass)
721 return AR_accessible;
722
723 if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass))
724 OnFailure = AR_dependent;
725
726 // [B3] and [M3]
727 } else {
728 assert(Access == AS_protected);
729 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) {
730 case AR_accessible: break;
731 case AR_inaccessible: continue;
732 case AR_dependent: OnFailure = AR_dependent; continue;
733 }
734
735 if (!Target.hasInstanceContext())
736 return AR_accessible;
737
738 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
739 if (!InstanceContext) {
740 OnFailure = AR_dependent;
741 continue;
742 }
743
744 // C++ [class.protected]p1:
745 // An additional access check beyond those described earlier in
746 // [class.access] is applied when a non-static data member or
747 // non-static member function is a protected member of its naming
748 // class. As described earlier, access to a protected member is
749 // granted because the reference occurs in a friend or member of
750 // some class C. If the access is to form a pointer to member,
751 // the nested-name-specifier shall name C or a class derived from
752 // C. All other accesses involve a (possibly implicit) object
753 // expression. In this case, the class of the object expression
754 // shall be C or a class derived from C.
755 //
756 // We interpret this as a restriction on [M3]. Most of the
757 // conditions are encoded by not having any instance context.
758 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
759 case AR_accessible: return AR_accessible;
760 case AR_inaccessible: continue;
761 case AR_dependent: OnFailure = AR_dependent; continue;
762 }
763 }
764 }
765
766 // [M3] and [B3] say that, if the target is protected in N, we grant
767 // access if the access occurs in a friend or member of some class P
768 // that's a subclass of N and where the target has some natural
769 // access in P. The 'member' aspect is easy to handle because P
770 // would necessarily be one of the effective-context records, and we
771 // address that above. The 'friend' aspect is completely ridiculous
772 // to implement because there are no restrictions at all on P
773 // *unless* the [class.protected] restriction applies. If it does,
774 // however, we should ignore whether the naming class is a friend,
775 // and instead rely on whether any potential P is a friend.
776 if (Access == AS_protected && Target.hasInstanceContext()) {
777 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
778 if (!InstanceContext) return AR_dependent;
779 switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) {
780 case AR_accessible: return AR_accessible;
781 case AR_inaccessible: return OnFailure;
782 case AR_dependent: return AR_dependent;
783 }
784 llvm_unreachable("impossible friendship kind");
785 }
786
787 switch (GetFriendKind(S, EC, NamingClass)) {
788 case AR_accessible: return AR_accessible;
789 case AR_inaccessible: return OnFailure;
790 case AR_dependent: return AR_dependent;
791 }
792
793 // Silence bogus warnings
794 llvm_unreachable("impossible friendship kind");
795 return OnFailure;
796 }
797
798 /// Finds the best path from the naming class to the declaring class,
799 /// taking friend declarations into account.
800 ///
801 /// C++0x [class.access.base]p5:
802 /// A member m is accessible at the point R when named in class N if
803 /// [M1] m as a member of N is public, or
804 /// [M2] m as a member of N is private, and R occurs in a member or
805 /// friend of class N, or
806 /// [M3] m as a member of N is protected, and R occurs in a member or
807 /// friend of class N, or in a member or friend of a class P
808 /// derived from N, where m as a member of P is public, private,
809 /// or protected, or
810 /// [M4] there exists a base class B of N that is accessible at R, and
811 /// m is accessible at R when named in class B.
812 ///
813 /// C++0x [class.access.base]p4:
814 /// A base class B of N is accessible at R, if
815 /// [B1] an invented public member of B would be a public member of N, or
816 /// [B2] R occurs in a member or friend of class N, and an invented public
817 /// member of B would be a private or protected member of N, or
818 /// [B3] R occurs in a member or friend of a class P derived from N, and an
819 /// invented public member of B would be a private or protected member
820 /// of P, or
821 /// [B4] there exists a class S such that B is a base class of S accessible
822 /// at R and S is a base class of N accessible at R.
823 ///
824 /// Along a single inheritance path we can restate both of these
825 /// iteratively:
826 ///
827 /// First, we note that M1-4 are equivalent to B1-4 if the member is
828 /// treated as a notional base of its declaring class with inheritance
829 /// access equivalent to the member's access. Therefore we need only
830 /// ask whether a class B is accessible from a class N in context R.
831 ///
832 /// Let B_1 .. B_n be the inheritance path in question (i.e. where
833 /// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of
834 /// B_i). For i in 1..n, we will calculate ACAB(i), the access to the
835 /// closest accessible base in the path:
836 /// Access(a, b) = (* access on the base specifier from a to b *)
837 /// Merge(a, forbidden) = forbidden
838 /// Merge(a, private) = forbidden
839 /// Merge(a, b) = min(a,b)
840 /// Accessible(c, forbidden) = false
841 /// Accessible(c, private) = (R is c) || IsFriend(c, R)
842 /// Accessible(c, protected) = (R derived from c) || IsFriend(c, R)
843 /// Accessible(c, public) = true
844 /// ACAB(n) = public
845 /// ACAB(i) =
846 /// let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in
847 /// if Accessible(B_i, AccessToBase) then public else AccessToBase
848 ///
849 /// B is an accessible base of N at R iff ACAB(1) = public.
850 ///
851 /// \param FinalAccess the access of the "final step", or AS_public if
852 /// there is no final step.
853 /// \return null if friendship is dependent
FindBestPath(Sema & S,const EffectiveContext & EC,AccessTarget & Target,AccessSpecifier FinalAccess,CXXBasePaths & Paths)854 static CXXBasePath *FindBestPath(Sema &S,
855 const EffectiveContext &EC,
856 AccessTarget &Target,
857 AccessSpecifier FinalAccess,
858 CXXBasePaths &Paths) {
859 // Derive the paths to the desired base.
860 const CXXRecordDecl *Derived = Target.getNamingClass();
861 const CXXRecordDecl *Base = Target.getDeclaringClass();
862
863 // FIXME: fail correctly when there are dependent paths.
864 bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base),
865 Paths);
866 assert(isDerived && "derived class not actually derived from base");
867 (void) isDerived;
868
869 CXXBasePath *BestPath = 0;
870
871 assert(FinalAccess != AS_none && "forbidden access after declaring class");
872
873 bool AnyDependent = false;
874
875 // Derive the friend-modified access along each path.
876 for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end();
877 PI != PE; ++PI) {
878 AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext();
879
880 // Walk through the path backwards.
881 AccessSpecifier PathAccess = FinalAccess;
882 CXXBasePath::iterator I = PI->end(), E = PI->begin();
883 while (I != E) {
884 --I;
885
886 assert(PathAccess != AS_none);
887
888 // If the declaration is a private member of a base class, there
889 // is no level of friendship in derived classes that can make it
890 // accessible.
891 if (PathAccess == AS_private) {
892 PathAccess = AS_none;
893 break;
894 }
895
896 const CXXRecordDecl *NC = I->Class->getCanonicalDecl();
897
898 AccessSpecifier BaseAccess = I->Base->getAccessSpecifier();
899 PathAccess = std::max(PathAccess, BaseAccess);
900
901 switch (HasAccess(S, EC, NC, PathAccess, Target)) {
902 case AR_inaccessible: break;
903 case AR_accessible:
904 PathAccess = AS_public;
905
906 // Future tests are not against members and so do not have
907 // instance context.
908 Target.suppressInstanceContext();
909 break;
910 case AR_dependent:
911 AnyDependent = true;
912 goto Next;
913 }
914 }
915
916 // Note that we modify the path's Access field to the
917 // friend-modified access.
918 if (BestPath == 0 || PathAccess < BestPath->Access) {
919 BestPath = &*PI;
920 BestPath->Access = PathAccess;
921
922 // Short-circuit if we found a public path.
923 if (BestPath->Access == AS_public)
924 return BestPath;
925 }
926
927 Next: ;
928 }
929
930 assert((!BestPath || BestPath->Access != AS_public) &&
931 "fell out of loop with public path");
932
933 // We didn't find a public path, but at least one path was subject
934 // to dependent friendship, so delay the check.
935 if (AnyDependent)
936 return 0;
937
938 return BestPath;
939 }
940
941 /// Given that an entity has protected natural access, check whether
942 /// access might be denied because of the protected member access
943 /// restriction.
944 ///
945 /// \return true if a note was emitted
TryDiagnoseProtectedAccess(Sema & S,const EffectiveContext & EC,AccessTarget & Target)946 static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC,
947 AccessTarget &Target) {
948 // Only applies to instance accesses.
949 if (!Target.hasInstanceContext())
950 return false;
951 assert(Target.isMemberAccess());
952 NamedDecl *D = Target.getTargetDecl();
953
954 const CXXRecordDecl *DeclaringClass = Target.getDeclaringClass();
955 DeclaringClass = DeclaringClass->getCanonicalDecl();
956
957 for (EffectiveContext::record_iterator
958 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) {
959 const CXXRecordDecl *ECRecord = *I;
960 switch (IsDerivedFromInclusive(ECRecord, DeclaringClass)) {
961 case AR_accessible: break;
962 case AR_inaccessible: continue;
963 case AR_dependent: continue;
964 }
965
966 // The effective context is a subclass of the declaring class.
967 // If that class isn't a superclass of the instance context,
968 // then the [class.protected] restriction applies.
969
970 // To get this exactly right, this might need to be checked more
971 // holistically; it's not necessarily the case that gaining
972 // access here would grant us access overall.
973
974 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S);
975 assert(InstanceContext && "diagnosing dependent access");
976
977 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) {
978 case AR_accessible: continue;
979 case AR_dependent: continue;
980 case AR_inaccessible:
981 S.Diag(D->getLocation(), diag::note_access_protected_restricted)
982 << (InstanceContext != Target.getNamingClass()->getCanonicalDecl())
983 << S.Context.getTypeDeclType(InstanceContext)
984 << S.Context.getTypeDeclType(ECRecord);
985 return true;
986 }
987 }
988
989 return false;
990 }
991
992 /// Diagnose the path which caused the given declaration or base class
993 /// to become inaccessible.
DiagnoseAccessPath(Sema & S,const EffectiveContext & EC,AccessTarget & Entity)994 static void DiagnoseAccessPath(Sema &S,
995 const EffectiveContext &EC,
996 AccessTarget &Entity) {
997 AccessSpecifier Access = Entity.getAccess();
998 const CXXRecordDecl *NamingClass = Entity.getNamingClass();
999 NamingClass = NamingClass->getCanonicalDecl();
1000
1001 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0);
1002 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1003
1004 // Easy case: the decl's natural access determined its path access.
1005 // We have to check against AS_private here in case Access is AS_none,
1006 // indicating a non-public member of a private base class.
1007 if (D && (Access == D->getAccess() || D->getAccess() == AS_private)) {
1008 switch (HasAccess(S, EC, DeclaringClass, D->getAccess(), Entity)) {
1009 case AR_inaccessible: {
1010 if (Access == AS_protected &&
1011 TryDiagnoseProtectedAccess(S, EC, Entity))
1012 return;
1013
1014 // Find an original declaration.
1015 while (D->isOutOfLine()) {
1016 NamedDecl *PrevDecl = 0;
1017 if (VarDecl *VD = dyn_cast<VarDecl>(D))
1018 PrevDecl = VD->getPreviousDeclaration();
1019 else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D))
1020 PrevDecl = FD->getPreviousDeclaration();
1021 else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D))
1022 PrevDecl = TND->getPreviousDeclaration();
1023 else if (TagDecl *TD = dyn_cast<TagDecl>(D)) {
1024 if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName())
1025 break;
1026 PrevDecl = TD->getPreviousDeclaration();
1027 }
1028 if (!PrevDecl) break;
1029 D = PrevDecl;
1030 }
1031
1032 CXXRecordDecl *DeclaringClass = FindDeclaringClass(D);
1033 Decl *ImmediateChild;
1034 if (D->getDeclContext() == DeclaringClass)
1035 ImmediateChild = D;
1036 else {
1037 DeclContext *DC = D->getDeclContext();
1038 while (DC->getParent() != DeclaringClass)
1039 DC = DC->getParent();
1040 ImmediateChild = cast<Decl>(DC);
1041 }
1042
1043 // Check whether there's an AccessSpecDecl preceding this in the
1044 // chain of the DeclContext.
1045 bool Implicit = true;
1046 for (CXXRecordDecl::decl_iterator
1047 I = DeclaringClass->decls_begin(), E = DeclaringClass->decls_end();
1048 I != E; ++I) {
1049 if (*I == ImmediateChild) break;
1050 if (isa<AccessSpecDecl>(*I)) {
1051 Implicit = false;
1052 break;
1053 }
1054 }
1055
1056 S.Diag(D->getLocation(), diag::note_access_natural)
1057 << (unsigned) (Access == AS_protected)
1058 << Implicit;
1059 return;
1060 }
1061
1062 case AR_accessible: break;
1063
1064 case AR_dependent:
1065 llvm_unreachable("can't diagnose dependent access failures");
1066 return;
1067 }
1068 }
1069
1070 CXXBasePaths Paths;
1071 CXXBasePath &Path = *FindBestPath(S, EC, Entity, AS_public, Paths);
1072
1073 CXXBasePath::iterator I = Path.end(), E = Path.begin();
1074 while (I != E) {
1075 --I;
1076
1077 const CXXBaseSpecifier *BS = I->Base;
1078 AccessSpecifier BaseAccess = BS->getAccessSpecifier();
1079
1080 // If this is public inheritance, or the derived class is a friend,
1081 // skip this step.
1082 if (BaseAccess == AS_public)
1083 continue;
1084
1085 switch (GetFriendKind(S, EC, I->Class)) {
1086 case AR_accessible: continue;
1087 case AR_inaccessible: break;
1088 case AR_dependent:
1089 llvm_unreachable("can't diagnose dependent access failures");
1090 }
1091
1092 // Check whether this base specifier is the tighest point
1093 // constraining access. We have to check against AS_private for
1094 // the same reasons as above.
1095 if (BaseAccess == AS_private || BaseAccess >= Access) {
1096
1097 // We're constrained by inheritance, but we want to say
1098 // "declared private here" if we're diagnosing a hierarchy
1099 // conversion and this is the final step.
1100 unsigned diagnostic;
1101 if (D) diagnostic = diag::note_access_constrained_by_path;
1102 else if (I + 1 == Path.end()) diagnostic = diag::note_access_natural;
1103 else diagnostic = diag::note_access_constrained_by_path;
1104
1105 S.Diag(BS->getSourceRange().getBegin(), diagnostic)
1106 << BS->getSourceRange()
1107 << (BaseAccess == AS_protected)
1108 << (BS->getAccessSpecifierAsWritten() == AS_none);
1109
1110 if (D)
1111 S.Diag(D->getLocation(), diag::note_field_decl);
1112
1113 return;
1114 }
1115 }
1116
1117 llvm_unreachable("access not apparently constrained by path");
1118 }
1119
DiagnoseBadAccess(Sema & S,SourceLocation Loc,const EffectiveContext & EC,AccessTarget & Entity)1120 static void DiagnoseBadAccess(Sema &S, SourceLocation Loc,
1121 const EffectiveContext &EC,
1122 AccessTarget &Entity) {
1123 const CXXRecordDecl *NamingClass = Entity.getNamingClass();
1124 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1125 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0);
1126
1127 S.Diag(Loc, Entity.getDiag())
1128 << (Entity.getAccess() == AS_protected)
1129 << (D ? D->getDeclName() : DeclarationName())
1130 << S.Context.getTypeDeclType(NamingClass)
1131 << S.Context.getTypeDeclType(DeclaringClass);
1132 DiagnoseAccessPath(S, EC, Entity);
1133 }
1134
1135 /// MSVC has a bug where if during an using declaration name lookup,
1136 /// the declaration found is unaccessible (private) and that declaration
1137 /// was bring into scope via another using declaration whose target
1138 /// declaration is accessible (public) then no error is generated.
1139 /// Example:
1140 /// class A {
1141 /// public:
1142 /// int f();
1143 /// };
1144 /// class B : public A {
1145 /// private:
1146 /// using A::f;
1147 /// };
1148 /// class C : public B {
1149 /// private:
1150 /// using B::f;
1151 /// };
1152 ///
1153 /// Here, B::f is private so this should fail in Standard C++, but
1154 /// because B::f refers to A::f which is public MSVC accepts it.
IsMicrosoftUsingDeclarationAccessBug(Sema & S,SourceLocation AccessLoc,AccessTarget & Entity)1155 static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S,
1156 SourceLocation AccessLoc,
1157 AccessTarget &Entity) {
1158 if (UsingShadowDecl *Shadow =
1159 dyn_cast<UsingShadowDecl>(Entity.getTargetDecl())) {
1160 const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl();
1161 if (Entity.getTargetDecl()->getAccess() == AS_private &&
1162 (OrigDecl->getAccess() == AS_public ||
1163 OrigDecl->getAccess() == AS_protected)) {
1164 S.Diag(AccessLoc, diag::war_ms_using_declaration_inaccessible)
1165 << Shadow->getUsingDecl()->getQualifiedNameAsString()
1166 << OrigDecl->getQualifiedNameAsString();
1167 return true;
1168 }
1169 }
1170 return false;
1171 }
1172
1173 /// Determines whether the accessed entity is accessible. Public members
1174 /// have been weeded out by this point.
IsAccessible(Sema & S,const EffectiveContext & EC,AccessTarget & Entity)1175 static AccessResult IsAccessible(Sema &S,
1176 const EffectiveContext &EC,
1177 AccessTarget &Entity) {
1178 // Determine the actual naming class.
1179 CXXRecordDecl *NamingClass = Entity.getNamingClass();
1180 while (NamingClass->isAnonymousStructOrUnion())
1181 NamingClass = cast<CXXRecordDecl>(NamingClass->getParent());
1182 NamingClass = NamingClass->getCanonicalDecl();
1183
1184 AccessSpecifier UnprivilegedAccess = Entity.getAccess();
1185 assert(UnprivilegedAccess != AS_public && "public access not weeded out");
1186
1187 // Before we try to recalculate access paths, try to white-list
1188 // accesses which just trade in on the final step, i.e. accesses
1189 // which don't require [M4] or [B4]. These are by far the most
1190 // common forms of privileged access.
1191 if (UnprivilegedAccess != AS_none) {
1192 switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) {
1193 case AR_dependent:
1194 // This is actually an interesting policy decision. We don't
1195 // *have* to delay immediately here: we can do the full access
1196 // calculation in the hope that friendship on some intermediate
1197 // class will make the declaration accessible non-dependently.
1198 // But that's not cheap, and odds are very good (note: assertion
1199 // made without data) that the friend declaration will determine
1200 // access.
1201 return AR_dependent;
1202
1203 case AR_accessible: return AR_accessible;
1204 case AR_inaccessible: break;
1205 }
1206 }
1207
1208 AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext();
1209
1210 // We lower member accesses to base accesses by pretending that the
1211 // member is a base class of its declaring class.
1212 AccessSpecifier FinalAccess;
1213
1214 if (Entity.isMemberAccess()) {
1215 // Determine if the declaration is accessible from EC when named
1216 // in its declaring class.
1217 NamedDecl *Target = Entity.getTargetDecl();
1218 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass();
1219
1220 FinalAccess = Target->getAccess();
1221 switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) {
1222 case AR_accessible:
1223 FinalAccess = AS_public;
1224 break;
1225 case AR_inaccessible: break;
1226 case AR_dependent: return AR_dependent; // see above
1227 }
1228
1229 if (DeclaringClass == NamingClass)
1230 return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible);
1231
1232 Entity.suppressInstanceContext();
1233 } else {
1234 FinalAccess = AS_public;
1235 }
1236
1237 assert(Entity.getDeclaringClass() != NamingClass);
1238
1239 // Append the declaration's access if applicable.
1240 CXXBasePaths Paths;
1241 CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths);
1242 if (!Path)
1243 return AR_dependent;
1244
1245 assert(Path->Access <= UnprivilegedAccess &&
1246 "access along best path worse than direct?");
1247 if (Path->Access == AS_public)
1248 return AR_accessible;
1249 return AR_inaccessible;
1250 }
1251
DelayDependentAccess(Sema & S,const EffectiveContext & EC,SourceLocation Loc,const AccessTarget & Entity)1252 static void DelayDependentAccess(Sema &S,
1253 const EffectiveContext &EC,
1254 SourceLocation Loc,
1255 const AccessTarget &Entity) {
1256 assert(EC.isDependent() && "delaying non-dependent access");
1257 DeclContext *DC = EC.getInnerContext();
1258 assert(DC->isDependentContext() && "delaying non-dependent access");
1259 DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access,
1260 Loc,
1261 Entity.isMemberAccess(),
1262 Entity.getAccess(),
1263 Entity.getTargetDecl(),
1264 Entity.getNamingClass(),
1265 Entity.getBaseObjectType(),
1266 Entity.getDiag());
1267 }
1268
1269 /// Checks access to an entity from the given effective context.
CheckEffectiveAccess(Sema & S,const EffectiveContext & EC,SourceLocation Loc,AccessTarget & Entity)1270 static AccessResult CheckEffectiveAccess(Sema &S,
1271 const EffectiveContext &EC,
1272 SourceLocation Loc,
1273 AccessTarget &Entity) {
1274 assert(Entity.getAccess() != AS_public && "called for public access!");
1275
1276 if (S.getLangOptions().Microsoft &&
1277 IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity))
1278 return AR_accessible;
1279
1280 switch (IsAccessible(S, EC, Entity)) {
1281 case AR_dependent:
1282 DelayDependentAccess(S, EC, Loc, Entity);
1283 return AR_dependent;
1284
1285 case AR_inaccessible:
1286 if (!Entity.isQuiet())
1287 DiagnoseBadAccess(S, Loc, EC, Entity);
1288 return AR_inaccessible;
1289
1290 case AR_accessible:
1291 return AR_accessible;
1292 }
1293
1294 // silence unnecessary warning
1295 llvm_unreachable("invalid access result");
1296 return AR_accessible;
1297 }
1298
CheckAccess(Sema & S,SourceLocation Loc,AccessTarget & Entity)1299 static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc,
1300 AccessTarget &Entity) {
1301 // If the access path is public, it's accessible everywhere.
1302 if (Entity.getAccess() == AS_public)
1303 return Sema::AR_accessible;
1304
1305 if (S.SuppressAccessChecking)
1306 return Sema::AR_accessible;
1307
1308 // If we're currently parsing a declaration, we may need to delay
1309 // access control checking, because our effective context might be
1310 // different based on what the declaration comes out as.
1311 //
1312 // For example, we might be parsing a declaration with a scope
1313 // specifier, like this:
1314 // A::private_type A::foo() { ... }
1315 //
1316 // Or we might be parsing something that will turn out to be a friend:
1317 // void foo(A::private_type);
1318 // void B::foo(A::private_type);
1319 if (S.DelayedDiagnostics.shouldDelayDiagnostics()) {
1320 S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity));
1321 return Sema::AR_delayed;
1322 }
1323
1324 EffectiveContext EC(S.CurContext);
1325 switch (CheckEffectiveAccess(S, EC, Loc, Entity)) {
1326 case AR_accessible: return Sema::AR_accessible;
1327 case AR_inaccessible: return Sema::AR_inaccessible;
1328 case AR_dependent: return Sema::AR_dependent;
1329 }
1330 llvm_unreachable("falling off end");
1331 return Sema::AR_accessible;
1332 }
1333
HandleDelayedAccessCheck(DelayedDiagnostic & DD,Decl * decl)1334 void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *decl) {
1335 // Access control for names used in the declarations of functions
1336 // and function templates should normally be evaluated in the context
1337 // of the declaration, just in case it's a friend of something.
1338 // However, this does not apply to local extern declarations.
1339
1340 DeclContext *DC = decl->getDeclContext();
1341 if (FunctionDecl *fn = dyn_cast<FunctionDecl>(decl)) {
1342 if (!DC->isFunctionOrMethod()) DC = fn;
1343 } else if (FunctionTemplateDecl *fnt = dyn_cast<FunctionTemplateDecl>(decl)) {
1344 // Never a local declaration.
1345 DC = fnt->getTemplatedDecl();
1346 }
1347
1348 EffectiveContext EC(DC);
1349
1350 AccessTarget Target(DD.getAccessData());
1351
1352 if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible)
1353 DD.Triggered = true;
1354 }
1355
HandleDependentAccessCheck(const DependentDiagnostic & DD,const MultiLevelTemplateArgumentList & TemplateArgs)1356 void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD,
1357 const MultiLevelTemplateArgumentList &TemplateArgs) {
1358 SourceLocation Loc = DD.getAccessLoc();
1359 AccessSpecifier Access = DD.getAccess();
1360
1361 Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(),
1362 TemplateArgs);
1363 if (!NamingD) return;
1364 Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(),
1365 TemplateArgs);
1366 if (!TargetD) return;
1367
1368 if (DD.isAccessToMember()) {
1369 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD);
1370 NamedDecl *TargetDecl = cast<NamedDecl>(TargetD);
1371 QualType BaseObjectType = DD.getAccessBaseObjectType();
1372 if (!BaseObjectType.isNull()) {
1373 BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc,
1374 DeclarationName());
1375 if (BaseObjectType.isNull()) return;
1376 }
1377
1378 AccessTarget Entity(Context,
1379 AccessTarget::Member,
1380 NamingClass,
1381 DeclAccessPair::make(TargetDecl, Access),
1382 BaseObjectType);
1383 Entity.setDiag(DD.getDiagnostic());
1384 CheckAccess(*this, Loc, Entity);
1385 } else {
1386 AccessTarget Entity(Context,
1387 AccessTarget::Base,
1388 cast<CXXRecordDecl>(TargetD),
1389 cast<CXXRecordDecl>(NamingD),
1390 Access);
1391 Entity.setDiag(DD.getDiagnostic());
1392 CheckAccess(*this, Loc, Entity);
1393 }
1394 }
1395
CheckUnresolvedLookupAccess(UnresolvedLookupExpr * E,DeclAccessPair Found)1396 Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E,
1397 DeclAccessPair Found) {
1398 if (!getLangOptions().AccessControl ||
1399 !E->getNamingClass() ||
1400 Found.getAccess() == AS_public)
1401 return AR_accessible;
1402
1403 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1404 Found, QualType());
1405 Entity.setDiag(diag::err_access) << E->getSourceRange();
1406
1407 return CheckAccess(*this, E->getNameLoc(), Entity);
1408 }
1409
1410 /// Perform access-control checking on a previously-unresolved member
1411 /// access which has now been resolved to a member.
CheckUnresolvedMemberAccess(UnresolvedMemberExpr * E,DeclAccessPair Found)1412 Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E,
1413 DeclAccessPair Found) {
1414 if (!getLangOptions().AccessControl ||
1415 Found.getAccess() == AS_public)
1416 return AR_accessible;
1417
1418 QualType BaseType = E->getBaseType();
1419 if (E->isArrow())
1420 BaseType = BaseType->getAs<PointerType>()->getPointeeType();
1421
1422 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(),
1423 Found, BaseType);
1424 Entity.setDiag(diag::err_access) << E->getSourceRange();
1425
1426 return CheckAccess(*this, E->getMemberLoc(), Entity);
1427 }
1428
CheckDestructorAccess(SourceLocation Loc,CXXDestructorDecl * Dtor,const PartialDiagnostic & PDiag)1429 Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc,
1430 CXXDestructorDecl *Dtor,
1431 const PartialDiagnostic &PDiag) {
1432 if (!getLangOptions().AccessControl)
1433 return AR_accessible;
1434
1435 // There's never a path involved when checking implicit destructor access.
1436 AccessSpecifier Access = Dtor->getAccess();
1437 if (Access == AS_public)
1438 return AR_accessible;
1439
1440 CXXRecordDecl *NamingClass = Dtor->getParent();
1441 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1442 DeclAccessPair::make(Dtor, Access),
1443 QualType());
1444 Entity.setDiag(PDiag); // TODO: avoid copy
1445
1446 return CheckAccess(*this, Loc, Entity);
1447 }
1448
1449 /// Checks access to a constructor.
CheckConstructorAccess(SourceLocation UseLoc,CXXConstructorDecl * Constructor,const InitializedEntity & Entity,AccessSpecifier Access,bool IsCopyBindingRefToTemp)1450 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1451 CXXConstructorDecl *Constructor,
1452 const InitializedEntity &Entity,
1453 AccessSpecifier Access,
1454 bool IsCopyBindingRefToTemp) {
1455 if (!getLangOptions().AccessControl ||
1456 Access == AS_public)
1457 return AR_accessible;
1458
1459 CXXRecordDecl *NamingClass = Constructor->getParent();
1460 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass,
1461 DeclAccessPair::make(Constructor, Access),
1462 QualType());
1463 PartialDiagnostic PD(PDiag());
1464 switch (Entity.getKind()) {
1465 default:
1466 PD = PDiag(IsCopyBindingRefToTemp
1467 ? diag::ext_rvalue_to_reference_access_ctor
1468 : diag::err_access_ctor);
1469
1470 break;
1471
1472 case InitializedEntity::EK_Base:
1473 PD = PDiag(diag::err_access_base_ctor);
1474 PD << Entity.isInheritedVirtualBase()
1475 << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor);
1476 break;
1477
1478 case InitializedEntity::EK_Member: {
1479 const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl());
1480 PD = PDiag(diag::err_access_field_ctor);
1481 PD << Field->getType() << getSpecialMember(Constructor);
1482 break;
1483 }
1484
1485 }
1486
1487 return CheckConstructorAccess(UseLoc, Constructor, Access, PD);
1488 }
1489
1490 /// Checks access to a constructor.
CheckConstructorAccess(SourceLocation UseLoc,CXXConstructorDecl * Constructor,AccessSpecifier Access,PartialDiagnostic PD)1491 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc,
1492 CXXConstructorDecl *Constructor,
1493 AccessSpecifier Access,
1494 PartialDiagnostic PD) {
1495 if (!getLangOptions().AccessControl ||
1496 Access == AS_public)
1497 return AR_accessible;
1498
1499 CXXRecordDecl *NamingClass = Constructor->getParent();
1500 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass,
1501 DeclAccessPair::make(Constructor, Access),
1502 QualType());
1503 AccessEntity.setDiag(PD);
1504
1505 return CheckAccess(*this, UseLoc, AccessEntity);
1506 }
1507
1508 /// Checks direct (i.e. non-inherited) access to an arbitrary class
1509 /// member.
CheckDirectMemberAccess(SourceLocation UseLoc,NamedDecl * Target,const PartialDiagnostic & Diag)1510 Sema::AccessResult Sema::CheckDirectMemberAccess(SourceLocation UseLoc,
1511 NamedDecl *Target,
1512 const PartialDiagnostic &Diag) {
1513 AccessSpecifier Access = Target->getAccess();
1514 if (!getLangOptions().AccessControl ||
1515 Access == AS_public)
1516 return AR_accessible;
1517
1518 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(Target->getDeclContext());
1519 AccessTarget Entity(Context, AccessTarget::Member, NamingClass,
1520 DeclAccessPair::make(Target, Access),
1521 QualType());
1522 Entity.setDiag(Diag);
1523 return CheckAccess(*this, UseLoc, Entity);
1524 }
1525
1526
1527 /// Checks access to an overloaded operator new or delete.
CheckAllocationAccess(SourceLocation OpLoc,SourceRange PlacementRange,CXXRecordDecl * NamingClass,DeclAccessPair Found,bool Diagnose)1528 Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc,
1529 SourceRange PlacementRange,
1530 CXXRecordDecl *NamingClass,
1531 DeclAccessPair Found,
1532 bool Diagnose) {
1533 if (!getLangOptions().AccessControl ||
1534 !NamingClass ||
1535 Found.getAccess() == AS_public)
1536 return AR_accessible;
1537
1538 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1539 QualType());
1540 if (Diagnose)
1541 Entity.setDiag(diag::err_access)
1542 << PlacementRange;
1543
1544 return CheckAccess(*this, OpLoc, Entity);
1545 }
1546
1547 /// Checks access to an overloaded member operator, including
1548 /// conversion operators.
CheckMemberOperatorAccess(SourceLocation OpLoc,Expr * ObjectExpr,Expr * ArgExpr,DeclAccessPair Found)1549 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc,
1550 Expr *ObjectExpr,
1551 Expr *ArgExpr,
1552 DeclAccessPair Found) {
1553 if (!getLangOptions().AccessControl ||
1554 Found.getAccess() == AS_public)
1555 return AR_accessible;
1556
1557 const RecordType *RT = ObjectExpr->getType()->getAs<RecordType>();
1558 assert(RT && "found member operator but object expr not of record type");
1559 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl());
1560
1561 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1562 ObjectExpr->getType());
1563 Entity.setDiag(diag::err_access)
1564 << ObjectExpr->getSourceRange()
1565 << (ArgExpr ? ArgExpr->getSourceRange() : SourceRange());
1566
1567 return CheckAccess(*this, OpLoc, Entity);
1568 }
1569
CheckAddressOfMemberAccess(Expr * OvlExpr,DeclAccessPair Found)1570 Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr,
1571 DeclAccessPair Found) {
1572 if (!getLangOptions().AccessControl ||
1573 Found.getAccess() == AS_none ||
1574 Found.getAccess() == AS_public)
1575 return AR_accessible;
1576
1577 OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression;
1578 CXXRecordDecl *NamingClass = Ovl->getNamingClass();
1579
1580 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found,
1581 Context.getTypeDeclType(NamingClass));
1582 Entity.setDiag(diag::err_access)
1583 << Ovl->getSourceRange();
1584
1585 return CheckAccess(*this, Ovl->getNameLoc(), Entity);
1586 }
1587
1588 /// Checks access for a hierarchy conversion.
1589 ///
1590 /// \param IsBaseToDerived whether this is a base-to-derived conversion (true)
1591 /// or a derived-to-base conversion (false)
1592 /// \param ForceCheck true if this check should be performed even if access
1593 /// control is disabled; some things rely on this for semantics
1594 /// \param ForceUnprivileged true if this check should proceed as if the
1595 /// context had no special privileges
1596 /// \param ADK controls the kind of diagnostics that are used
CheckBaseClassAccess(SourceLocation AccessLoc,QualType Base,QualType Derived,const CXXBasePath & Path,unsigned DiagID,bool ForceCheck,bool ForceUnprivileged)1597 Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc,
1598 QualType Base,
1599 QualType Derived,
1600 const CXXBasePath &Path,
1601 unsigned DiagID,
1602 bool ForceCheck,
1603 bool ForceUnprivileged) {
1604 if (!ForceCheck && !getLangOptions().AccessControl)
1605 return AR_accessible;
1606
1607 if (Path.Access == AS_public)
1608 return AR_accessible;
1609
1610 CXXRecordDecl *BaseD, *DerivedD;
1611 BaseD = cast<CXXRecordDecl>(Base->getAs<RecordType>()->getDecl());
1612 DerivedD = cast<CXXRecordDecl>(Derived->getAs<RecordType>()->getDecl());
1613
1614 AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD,
1615 Path.Access);
1616 if (DiagID)
1617 Entity.setDiag(DiagID) << Derived << Base;
1618
1619 if (ForceUnprivileged) {
1620 switch (CheckEffectiveAccess(*this, EffectiveContext(),
1621 AccessLoc, Entity)) {
1622 case ::AR_accessible: return Sema::AR_accessible;
1623 case ::AR_inaccessible: return Sema::AR_inaccessible;
1624 case ::AR_dependent: return Sema::AR_dependent;
1625 }
1626 llvm_unreachable("unexpected result from CheckEffectiveAccess");
1627 }
1628 return CheckAccess(*this, AccessLoc, Entity);
1629 }
1630
1631 /// Checks access to all the declarations in the given result set.
CheckLookupAccess(const LookupResult & R)1632 void Sema::CheckLookupAccess(const LookupResult &R) {
1633 assert(getLangOptions().AccessControl
1634 && "performing access check without access control");
1635 assert(R.getNamingClass() && "performing access check without naming class");
1636
1637 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) {
1638 if (I.getAccess() != AS_public) {
1639 AccessTarget Entity(Context, AccessedEntity::Member,
1640 R.getNamingClass(), I.getPair(),
1641 R.getBaseObjectType(), R.isUsingDeclaration());
1642 Entity.setDiag(diag::err_access);
1643 CheckAccess(*this, R.getNameLoc(), Entity);
1644 }
1645 }
1646 }
1647
ActOnStartSuppressingAccessChecks()1648 void Sema::ActOnStartSuppressingAccessChecks() {
1649 assert(!SuppressAccessChecking &&
1650 "Tried to start access check suppression when already started.");
1651 SuppressAccessChecking = true;
1652 }
1653
ActOnStopSuppressingAccessChecks()1654 void Sema::ActOnStopSuppressingAccessChecks() {
1655 assert(SuppressAccessChecking &&
1656 "Tried to stop access check suprression when already stopped.");
1657 SuppressAccessChecking = false;
1658 }
1659