1 //===---- SemaAccess.cpp - C++ Access Control -------------------*- C++ -*-===// 2 // 3 // The LLVM Compiler Infrastructure 4 // 5 // This file is distributed under the University of Illinois Open Source 6 // License. See LICENSE.TXT for details. 7 // 8 //===----------------------------------------------------------------------===// 9 // 10 // This file provides Sema routines for C++ access control semantics. 11 // 12 //===----------------------------------------------------------------------===// 13 14 #include "clang/Sema/SemaInternal.h" 15 #include "clang/AST/ASTContext.h" 16 #include "clang/AST/CXXInheritance.h" 17 #include "clang/AST/DeclCXX.h" 18 #include "clang/AST/DeclFriend.h" 19 #include "clang/AST/DeclObjC.h" 20 #include "clang/AST/DependentDiagnostic.h" 21 #include "clang/AST/ExprCXX.h" 22 #include "clang/Sema/DelayedDiagnostic.h" 23 #include "clang/Sema/Initialization.h" 24 #include "clang/Sema/Lookup.h" 25 26 using namespace clang; 27 using namespace sema; 28 29 /// A copy of Sema's enum without AR_delayed. 30 enum AccessResult { 31 AR_accessible, 32 AR_inaccessible, 33 AR_dependent 34 }; 35 36 /// SetMemberAccessSpecifier - Set the access specifier of a member. 37 /// Returns true on error (when the previous member decl access specifier 38 /// is different from the new member decl access specifier). SetMemberAccessSpecifier(NamedDecl * MemberDecl,NamedDecl * PrevMemberDecl,AccessSpecifier LexicalAS)39 bool Sema::SetMemberAccessSpecifier(NamedDecl *MemberDecl, 40 NamedDecl *PrevMemberDecl, 41 AccessSpecifier LexicalAS) { 42 if (!PrevMemberDecl) { 43 // Use the lexical access specifier. 44 MemberDecl->setAccess(LexicalAS); 45 return false; 46 } 47 48 // C++ [class.access.spec]p3: When a member is redeclared its access 49 // specifier must be same as its initial declaration. 50 if (LexicalAS != AS_none && LexicalAS != PrevMemberDecl->getAccess()) { 51 Diag(MemberDecl->getLocation(), 52 diag::err_class_redeclared_with_different_access) 53 << MemberDecl << LexicalAS; 54 Diag(PrevMemberDecl->getLocation(), diag::note_previous_access_declaration) 55 << PrevMemberDecl << PrevMemberDecl->getAccess(); 56 57 MemberDecl->setAccess(LexicalAS); 58 return true; 59 } 60 61 MemberDecl->setAccess(PrevMemberDecl->getAccess()); 62 return false; 63 } 64 FindDeclaringClass(NamedDecl * D)65 static CXXRecordDecl *FindDeclaringClass(NamedDecl *D) { 66 DeclContext *DC = D->getDeclContext(); 67 68 // This can only happen at top: enum decls only "publish" their 69 // immediate members. 70 if (isa<EnumDecl>(DC)) 71 DC = cast<EnumDecl>(DC)->getDeclContext(); 72 73 CXXRecordDecl *DeclaringClass = cast<CXXRecordDecl>(DC); 74 while (DeclaringClass->isAnonymousStructOrUnion()) 75 DeclaringClass = cast<CXXRecordDecl>(DeclaringClass->getDeclContext()); 76 return DeclaringClass; 77 } 78 79 namespace { 80 struct EffectiveContext { EffectiveContext__anon54dfadaf0111::EffectiveContext81 EffectiveContext() : Inner(0), Dependent(false) {} 82 EffectiveContext__anon54dfadaf0111::EffectiveContext83 explicit EffectiveContext(DeclContext *DC) 84 : Inner(DC), 85 Dependent(DC->isDependentContext()) { 86 87 // C++ [class.access.nest]p1: 88 // A nested class is a member and as such has the same access 89 // rights as any other member. 90 // C++ [class.access]p2: 91 // A member of a class can also access all the names to which 92 // the class has access. A local class of a member function 93 // may access the same names that the member function itself 94 // may access. 95 // This almost implies that the privileges of nesting are transitive. 96 // Technically it says nothing about the local classes of non-member 97 // functions (which can gain privileges through friendship), but we 98 // take that as an oversight. 99 while (true) { 100 // We want to add canonical declarations to the EC lists for 101 // simplicity of checking, but we need to walk up through the 102 // actual current DC chain. Otherwise, something like a local 103 // extern or friend which happens to be the canonical 104 // declaration will really mess us up. 105 106 if (isa<CXXRecordDecl>(DC)) { 107 CXXRecordDecl *Record = cast<CXXRecordDecl>(DC); 108 Records.push_back(Record->getCanonicalDecl()); 109 DC = Record->getDeclContext(); 110 } else if (isa<FunctionDecl>(DC)) { 111 FunctionDecl *Function = cast<FunctionDecl>(DC); 112 Functions.push_back(Function->getCanonicalDecl()); 113 if (Function->getFriendObjectKind()) 114 DC = Function->getLexicalDeclContext(); 115 else 116 DC = Function->getDeclContext(); 117 } else if (DC->isFileContext()) { 118 break; 119 } else { 120 DC = DC->getParent(); 121 } 122 } 123 } 124 isDependent__anon54dfadaf0111::EffectiveContext125 bool isDependent() const { return Dependent; } 126 includesClass__anon54dfadaf0111::EffectiveContext127 bool includesClass(const CXXRecordDecl *R) const { 128 R = R->getCanonicalDecl(); 129 return std::find(Records.begin(), Records.end(), R) 130 != Records.end(); 131 } 132 133 /// Retrieves the innermost "useful" context. Can be null if we're 134 /// doing access-control without privileges. getInnerContext__anon54dfadaf0111::EffectiveContext135 DeclContext *getInnerContext() const { 136 return Inner; 137 } 138 139 typedef SmallVectorImpl<CXXRecordDecl*>::const_iterator record_iterator; 140 141 DeclContext *Inner; 142 SmallVector<FunctionDecl*, 4> Functions; 143 SmallVector<CXXRecordDecl*, 4> Records; 144 bool Dependent; 145 }; 146 147 /// Like sema::AccessedEntity, but kindly lets us scribble all over 148 /// it. 149 struct AccessTarget : public AccessedEntity { AccessTarget__anon54dfadaf0111::AccessTarget150 AccessTarget(const AccessedEntity &Entity) 151 : AccessedEntity(Entity) { 152 initialize(); 153 } 154 AccessTarget__anon54dfadaf0111::AccessTarget155 AccessTarget(ASTContext &Context, 156 MemberNonce _, 157 CXXRecordDecl *NamingClass, 158 DeclAccessPair FoundDecl, 159 QualType BaseObjectType) 160 : AccessedEntity(Context.getDiagAllocator(), Member, NamingClass, 161 FoundDecl, BaseObjectType) { 162 initialize(); 163 } 164 AccessTarget__anon54dfadaf0111::AccessTarget165 AccessTarget(ASTContext &Context, 166 BaseNonce _, 167 CXXRecordDecl *BaseClass, 168 CXXRecordDecl *DerivedClass, 169 AccessSpecifier Access) 170 : AccessedEntity(Context.getDiagAllocator(), Base, BaseClass, DerivedClass, 171 Access) { 172 initialize(); 173 } 174 isInstanceMember__anon54dfadaf0111::AccessTarget175 bool isInstanceMember() const { 176 return (isMemberAccess() && getTargetDecl()->isCXXInstanceMember()); 177 } 178 hasInstanceContext__anon54dfadaf0111::AccessTarget179 bool hasInstanceContext() const { 180 return HasInstanceContext; 181 } 182 183 class SavedInstanceContext { 184 public: ~SavedInstanceContext()185 ~SavedInstanceContext() { 186 Target.HasInstanceContext = Has; 187 } 188 189 private: 190 friend struct AccessTarget; SavedInstanceContext(AccessTarget & Target)191 explicit SavedInstanceContext(AccessTarget &Target) 192 : Target(Target), Has(Target.HasInstanceContext) {} 193 AccessTarget &Target; 194 bool Has; 195 }; 196 saveInstanceContext__anon54dfadaf0111::AccessTarget197 SavedInstanceContext saveInstanceContext() { 198 return SavedInstanceContext(*this); 199 } 200 suppressInstanceContext__anon54dfadaf0111::AccessTarget201 void suppressInstanceContext() { 202 HasInstanceContext = false; 203 } 204 resolveInstanceContext__anon54dfadaf0111::AccessTarget205 const CXXRecordDecl *resolveInstanceContext(Sema &S) const { 206 assert(HasInstanceContext); 207 if (CalculatedInstanceContext) 208 return InstanceContext; 209 210 CalculatedInstanceContext = true; 211 DeclContext *IC = S.computeDeclContext(getBaseObjectType()); 212 InstanceContext = (IC ? cast<CXXRecordDecl>(IC)->getCanonicalDecl() : 0); 213 return InstanceContext; 214 } 215 getDeclaringClass__anon54dfadaf0111::AccessTarget216 const CXXRecordDecl *getDeclaringClass() const { 217 return DeclaringClass; 218 } 219 220 /// The "effective" naming class is the canonical non-anonymous 221 /// class containing the actual naming class. getEffectiveNamingClass__anon54dfadaf0111::AccessTarget222 const CXXRecordDecl *getEffectiveNamingClass() const { 223 const CXXRecordDecl *namingClass = getNamingClass(); 224 while (namingClass->isAnonymousStructOrUnion()) 225 namingClass = cast<CXXRecordDecl>(namingClass->getParent()); 226 return namingClass->getCanonicalDecl(); 227 } 228 229 private: initialize__anon54dfadaf0111::AccessTarget230 void initialize() { 231 HasInstanceContext = (isMemberAccess() && 232 !getBaseObjectType().isNull() && 233 getTargetDecl()->isCXXInstanceMember()); 234 CalculatedInstanceContext = false; 235 InstanceContext = 0; 236 237 if (isMemberAccess()) 238 DeclaringClass = FindDeclaringClass(getTargetDecl()); 239 else 240 DeclaringClass = getBaseClass(); 241 DeclaringClass = DeclaringClass->getCanonicalDecl(); 242 } 243 244 bool HasInstanceContext : 1; 245 mutable bool CalculatedInstanceContext : 1; 246 mutable const CXXRecordDecl *InstanceContext; 247 const CXXRecordDecl *DeclaringClass; 248 }; 249 250 } 251 252 /// Checks whether one class might instantiate to the other. MightInstantiateTo(const CXXRecordDecl * From,const CXXRecordDecl * To)253 static bool MightInstantiateTo(const CXXRecordDecl *From, 254 const CXXRecordDecl *To) { 255 // Declaration names are always preserved by instantiation. 256 if (From->getDeclName() != To->getDeclName()) 257 return false; 258 259 const DeclContext *FromDC = From->getDeclContext()->getPrimaryContext(); 260 const DeclContext *ToDC = To->getDeclContext()->getPrimaryContext(); 261 if (FromDC == ToDC) return true; 262 if (FromDC->isFileContext() || ToDC->isFileContext()) return false; 263 264 // Be conservative. 265 return true; 266 } 267 268 /// Checks whether one class is derived from another, inclusively. 269 /// Properly indicates when it couldn't be determined due to 270 /// dependence. 271 /// 272 /// This should probably be donated to AST or at least Sema. IsDerivedFromInclusive(const CXXRecordDecl * Derived,const CXXRecordDecl * Target)273 static AccessResult IsDerivedFromInclusive(const CXXRecordDecl *Derived, 274 const CXXRecordDecl *Target) { 275 assert(Derived->getCanonicalDecl() == Derived); 276 assert(Target->getCanonicalDecl() == Target); 277 278 if (Derived == Target) return AR_accessible; 279 280 bool CheckDependent = Derived->isDependentContext(); 281 if (CheckDependent && MightInstantiateTo(Derived, Target)) 282 return AR_dependent; 283 284 AccessResult OnFailure = AR_inaccessible; 285 SmallVector<const CXXRecordDecl*, 8> Queue; // actually a stack 286 287 while (true) { 288 if (Derived->isDependentContext() && !Derived->hasDefinition()) 289 return AR_dependent; 290 291 for (CXXRecordDecl::base_class_const_iterator 292 I = Derived->bases_begin(), E = Derived->bases_end(); I != E; ++I) { 293 294 const CXXRecordDecl *RD; 295 296 QualType T = I->getType(); 297 if (const RecordType *RT = T->getAs<RecordType>()) { 298 RD = cast<CXXRecordDecl>(RT->getDecl()); 299 } else if (const InjectedClassNameType *IT 300 = T->getAs<InjectedClassNameType>()) { 301 RD = IT->getDecl(); 302 } else { 303 assert(T->isDependentType() && "non-dependent base wasn't a record?"); 304 OnFailure = AR_dependent; 305 continue; 306 } 307 308 RD = RD->getCanonicalDecl(); 309 if (RD == Target) return AR_accessible; 310 if (CheckDependent && MightInstantiateTo(RD, Target)) 311 OnFailure = AR_dependent; 312 313 Queue.push_back(RD); 314 } 315 316 if (Queue.empty()) break; 317 318 Derived = Queue.back(); 319 Queue.pop_back(); 320 } 321 322 return OnFailure; 323 } 324 325 MightInstantiateTo(Sema & S,DeclContext * Context,DeclContext * Friend)326 static bool MightInstantiateTo(Sema &S, DeclContext *Context, 327 DeclContext *Friend) { 328 if (Friend == Context) 329 return true; 330 331 assert(!Friend->isDependentContext() && 332 "can't handle friends with dependent contexts here"); 333 334 if (!Context->isDependentContext()) 335 return false; 336 337 if (Friend->isFileContext()) 338 return false; 339 340 // TODO: this is very conservative 341 return true; 342 } 343 344 // Asks whether the type in 'context' can ever instantiate to the type 345 // in 'friend'. MightInstantiateTo(Sema & S,CanQualType Context,CanQualType Friend)346 static bool MightInstantiateTo(Sema &S, CanQualType Context, CanQualType Friend) { 347 if (Friend == Context) 348 return true; 349 350 if (!Friend->isDependentType() && !Context->isDependentType()) 351 return false; 352 353 // TODO: this is very conservative. 354 return true; 355 } 356 MightInstantiateTo(Sema & S,FunctionDecl * Context,FunctionDecl * Friend)357 static bool MightInstantiateTo(Sema &S, 358 FunctionDecl *Context, 359 FunctionDecl *Friend) { 360 if (Context->getDeclName() != Friend->getDeclName()) 361 return false; 362 363 if (!MightInstantiateTo(S, 364 Context->getDeclContext(), 365 Friend->getDeclContext())) 366 return false; 367 368 CanQual<FunctionProtoType> FriendTy 369 = S.Context.getCanonicalType(Friend->getType()) 370 ->getAs<FunctionProtoType>(); 371 CanQual<FunctionProtoType> ContextTy 372 = S.Context.getCanonicalType(Context->getType()) 373 ->getAs<FunctionProtoType>(); 374 375 // There isn't any way that I know of to add qualifiers 376 // during instantiation. 377 if (FriendTy.getQualifiers() != ContextTy.getQualifiers()) 378 return false; 379 380 if (FriendTy->getNumArgs() != ContextTy->getNumArgs()) 381 return false; 382 383 if (!MightInstantiateTo(S, 384 ContextTy->getResultType(), 385 FriendTy->getResultType())) 386 return false; 387 388 for (unsigned I = 0, E = FriendTy->getNumArgs(); I != E; ++I) 389 if (!MightInstantiateTo(S, 390 ContextTy->getArgType(I), 391 FriendTy->getArgType(I))) 392 return false; 393 394 return true; 395 } 396 MightInstantiateTo(Sema & S,FunctionTemplateDecl * Context,FunctionTemplateDecl * Friend)397 static bool MightInstantiateTo(Sema &S, 398 FunctionTemplateDecl *Context, 399 FunctionTemplateDecl *Friend) { 400 return MightInstantiateTo(S, 401 Context->getTemplatedDecl(), 402 Friend->getTemplatedDecl()); 403 } 404 MatchesFriend(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * Friend)405 static AccessResult MatchesFriend(Sema &S, 406 const EffectiveContext &EC, 407 const CXXRecordDecl *Friend) { 408 if (EC.includesClass(Friend)) 409 return AR_accessible; 410 411 if (EC.isDependent()) { 412 CanQualType FriendTy 413 = S.Context.getCanonicalType(S.Context.getTypeDeclType(Friend)); 414 415 for (EffectiveContext::record_iterator 416 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 417 CanQualType ContextTy 418 = S.Context.getCanonicalType(S.Context.getTypeDeclType(*I)); 419 if (MightInstantiateTo(S, ContextTy, FriendTy)) 420 return AR_dependent; 421 } 422 } 423 424 return AR_inaccessible; 425 } 426 MatchesFriend(Sema & S,const EffectiveContext & EC,CanQualType Friend)427 static AccessResult MatchesFriend(Sema &S, 428 const EffectiveContext &EC, 429 CanQualType Friend) { 430 if (const RecordType *RT = Friend->getAs<RecordType>()) 431 return MatchesFriend(S, EC, cast<CXXRecordDecl>(RT->getDecl())); 432 433 // TODO: we can do better than this 434 if (Friend->isDependentType()) 435 return AR_dependent; 436 437 return AR_inaccessible; 438 } 439 440 /// Determines whether the given friend class template matches 441 /// anything in the effective context. MatchesFriend(Sema & S,const EffectiveContext & EC,ClassTemplateDecl * Friend)442 static AccessResult MatchesFriend(Sema &S, 443 const EffectiveContext &EC, 444 ClassTemplateDecl *Friend) { 445 AccessResult OnFailure = AR_inaccessible; 446 447 // Check whether the friend is the template of a class in the 448 // context chain. 449 for (SmallVectorImpl<CXXRecordDecl*>::const_iterator 450 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 451 CXXRecordDecl *Record = *I; 452 453 // Figure out whether the current class has a template: 454 ClassTemplateDecl *CTD; 455 456 // A specialization of the template... 457 if (isa<ClassTemplateSpecializationDecl>(Record)) { 458 CTD = cast<ClassTemplateSpecializationDecl>(Record) 459 ->getSpecializedTemplate(); 460 461 // ... or the template pattern itself. 462 } else { 463 CTD = Record->getDescribedClassTemplate(); 464 if (!CTD) continue; 465 } 466 467 // It's a match. 468 if (Friend == CTD->getCanonicalDecl()) 469 return AR_accessible; 470 471 // If the context isn't dependent, it can't be a dependent match. 472 if (!EC.isDependent()) 473 continue; 474 475 // If the template names don't match, it can't be a dependent 476 // match. 477 if (CTD->getDeclName() != Friend->getDeclName()) 478 continue; 479 480 // If the class's context can't instantiate to the friend's 481 // context, it can't be a dependent match. 482 if (!MightInstantiateTo(S, CTD->getDeclContext(), 483 Friend->getDeclContext())) 484 continue; 485 486 // Otherwise, it's a dependent match. 487 OnFailure = AR_dependent; 488 } 489 490 return OnFailure; 491 } 492 493 /// Determines whether the given friend function matches anything in 494 /// the effective context. MatchesFriend(Sema & S,const EffectiveContext & EC,FunctionDecl * Friend)495 static AccessResult MatchesFriend(Sema &S, 496 const EffectiveContext &EC, 497 FunctionDecl *Friend) { 498 AccessResult OnFailure = AR_inaccessible; 499 500 for (SmallVectorImpl<FunctionDecl*>::const_iterator 501 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) { 502 if (Friend == *I) 503 return AR_accessible; 504 505 if (EC.isDependent() && MightInstantiateTo(S, *I, Friend)) 506 OnFailure = AR_dependent; 507 } 508 509 return OnFailure; 510 } 511 512 /// Determines whether the given friend function template matches 513 /// anything in the effective context. MatchesFriend(Sema & S,const EffectiveContext & EC,FunctionTemplateDecl * Friend)514 static AccessResult MatchesFriend(Sema &S, 515 const EffectiveContext &EC, 516 FunctionTemplateDecl *Friend) { 517 if (EC.Functions.empty()) return AR_inaccessible; 518 519 AccessResult OnFailure = AR_inaccessible; 520 521 for (SmallVectorImpl<FunctionDecl*>::const_iterator 522 I = EC.Functions.begin(), E = EC.Functions.end(); I != E; ++I) { 523 524 FunctionTemplateDecl *FTD = (*I)->getPrimaryTemplate(); 525 if (!FTD) 526 FTD = (*I)->getDescribedFunctionTemplate(); 527 if (!FTD) 528 continue; 529 530 FTD = FTD->getCanonicalDecl(); 531 532 if (Friend == FTD) 533 return AR_accessible; 534 535 if (EC.isDependent() && MightInstantiateTo(S, FTD, Friend)) 536 OnFailure = AR_dependent; 537 } 538 539 return OnFailure; 540 } 541 542 /// Determines whether the given friend declaration matches anything 543 /// in the effective context. MatchesFriend(Sema & S,const EffectiveContext & EC,FriendDecl * FriendD)544 static AccessResult MatchesFriend(Sema &S, 545 const EffectiveContext &EC, 546 FriendDecl *FriendD) { 547 // Whitelist accesses if there's an invalid or unsupported friend 548 // declaration. 549 if (FriendD->isInvalidDecl() || FriendD->isUnsupportedFriend()) 550 return AR_accessible; 551 552 if (TypeSourceInfo *T = FriendD->getFriendType()) 553 return MatchesFriend(S, EC, T->getType()->getCanonicalTypeUnqualified()); 554 555 NamedDecl *Friend 556 = cast<NamedDecl>(FriendD->getFriendDecl()->getCanonicalDecl()); 557 558 // FIXME: declarations with dependent or templated scope. 559 560 if (isa<ClassTemplateDecl>(Friend)) 561 return MatchesFriend(S, EC, cast<ClassTemplateDecl>(Friend)); 562 563 if (isa<FunctionTemplateDecl>(Friend)) 564 return MatchesFriend(S, EC, cast<FunctionTemplateDecl>(Friend)); 565 566 if (isa<CXXRecordDecl>(Friend)) 567 return MatchesFriend(S, EC, cast<CXXRecordDecl>(Friend)); 568 569 assert(isa<FunctionDecl>(Friend) && "unknown friend decl kind"); 570 return MatchesFriend(S, EC, cast<FunctionDecl>(Friend)); 571 } 572 GetFriendKind(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * Class)573 static AccessResult GetFriendKind(Sema &S, 574 const EffectiveContext &EC, 575 const CXXRecordDecl *Class) { 576 AccessResult OnFailure = AR_inaccessible; 577 578 // Okay, check friends. 579 for (CXXRecordDecl::friend_iterator I = Class->friend_begin(), 580 E = Class->friend_end(); I != E; ++I) { 581 FriendDecl *Friend = *I; 582 583 switch (MatchesFriend(S, EC, Friend)) { 584 case AR_accessible: 585 return AR_accessible; 586 587 case AR_inaccessible: 588 continue; 589 590 case AR_dependent: 591 OnFailure = AR_dependent; 592 break; 593 } 594 } 595 596 // That's it, give up. 597 return OnFailure; 598 } 599 600 namespace { 601 602 /// A helper class for checking for a friend which will grant access 603 /// to a protected instance member. 604 struct ProtectedFriendContext { 605 Sema &S; 606 const EffectiveContext &EC; 607 const CXXRecordDecl *NamingClass; 608 bool CheckDependent; 609 bool EverDependent; 610 611 /// The path down to the current base class. 612 SmallVector<const CXXRecordDecl*, 20> CurPath; 613 ProtectedFriendContext__anon54dfadaf0211::ProtectedFriendContext614 ProtectedFriendContext(Sema &S, const EffectiveContext &EC, 615 const CXXRecordDecl *InstanceContext, 616 const CXXRecordDecl *NamingClass) 617 : S(S), EC(EC), NamingClass(NamingClass), 618 CheckDependent(InstanceContext->isDependentContext() || 619 NamingClass->isDependentContext()), 620 EverDependent(false) {} 621 622 /// Check classes in the current path for friendship, starting at 623 /// the given index. checkFriendshipAlongPath__anon54dfadaf0211::ProtectedFriendContext624 bool checkFriendshipAlongPath(unsigned I) { 625 assert(I < CurPath.size()); 626 for (unsigned E = CurPath.size(); I != E; ++I) { 627 switch (GetFriendKind(S, EC, CurPath[I])) { 628 case AR_accessible: return true; 629 case AR_inaccessible: continue; 630 case AR_dependent: EverDependent = true; continue; 631 } 632 } 633 return false; 634 } 635 636 /// Perform a search starting at the given class. 637 /// 638 /// PrivateDepth is the index of the last (least derived) class 639 /// along the current path such that a notional public member of 640 /// the final class in the path would have access in that class. findFriendship__anon54dfadaf0211::ProtectedFriendContext641 bool findFriendship(const CXXRecordDecl *Cur, unsigned PrivateDepth) { 642 // If we ever reach the naming class, check the current path for 643 // friendship. We can also stop recursing because we obviously 644 // won't find the naming class there again. 645 if (Cur == NamingClass) 646 return checkFriendshipAlongPath(PrivateDepth); 647 648 if (CheckDependent && MightInstantiateTo(Cur, NamingClass)) 649 EverDependent = true; 650 651 // Recurse into the base classes. 652 for (CXXRecordDecl::base_class_const_iterator 653 I = Cur->bases_begin(), E = Cur->bases_end(); I != E; ++I) { 654 655 // If this is private inheritance, then a public member of the 656 // base will not have any access in classes derived from Cur. 657 unsigned BasePrivateDepth = PrivateDepth; 658 if (I->getAccessSpecifier() == AS_private) 659 BasePrivateDepth = CurPath.size() - 1; 660 661 const CXXRecordDecl *RD; 662 663 QualType T = I->getType(); 664 if (const RecordType *RT = T->getAs<RecordType>()) { 665 RD = cast<CXXRecordDecl>(RT->getDecl()); 666 } else if (const InjectedClassNameType *IT 667 = T->getAs<InjectedClassNameType>()) { 668 RD = IT->getDecl(); 669 } else { 670 assert(T->isDependentType() && "non-dependent base wasn't a record?"); 671 EverDependent = true; 672 continue; 673 } 674 675 // Recurse. We don't need to clean up if this returns true. 676 CurPath.push_back(RD); 677 if (findFriendship(RD->getCanonicalDecl(), BasePrivateDepth)) 678 return true; 679 CurPath.pop_back(); 680 } 681 682 return false; 683 } 684 findFriendship__anon54dfadaf0211::ProtectedFriendContext685 bool findFriendship(const CXXRecordDecl *Cur) { 686 assert(CurPath.empty()); 687 CurPath.push_back(Cur); 688 return findFriendship(Cur, 0); 689 } 690 }; 691 } 692 693 /// Search for a class P that EC is a friend of, under the constraint 694 /// InstanceContext <= P 695 /// if InstanceContext exists, or else 696 /// NamingClass <= P 697 /// and with the additional restriction that a protected member of 698 /// NamingClass would have some natural access in P, which implicitly 699 /// imposes the constraint that P <= NamingClass. 700 /// 701 /// This isn't quite the condition laid out in the standard. 702 /// Instead of saying that a notional protected member of NamingClass 703 /// would have to have some natural access in P, it says the actual 704 /// target has to have some natural access in P, which opens up the 705 /// possibility that the target (which is not necessarily a member 706 /// of NamingClass) might be more accessible along some path not 707 /// passing through it. That's really a bad idea, though, because it 708 /// introduces two problems: 709 /// - Most importantly, it breaks encapsulation because you can 710 /// access a forbidden base class's members by directly subclassing 711 /// it elsewhere. 712 /// - It also makes access substantially harder to compute because it 713 /// breaks the hill-climbing algorithm: knowing that the target is 714 /// accessible in some base class would no longer let you change 715 /// the question solely to whether the base class is accessible, 716 /// because the original target might have been more accessible 717 /// because of crazy subclassing. 718 /// So we don't implement that. GetProtectedFriendKind(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * InstanceContext,const CXXRecordDecl * NamingClass)719 static AccessResult GetProtectedFriendKind(Sema &S, const EffectiveContext &EC, 720 const CXXRecordDecl *InstanceContext, 721 const CXXRecordDecl *NamingClass) { 722 assert(InstanceContext == 0 || 723 InstanceContext->getCanonicalDecl() == InstanceContext); 724 assert(NamingClass->getCanonicalDecl() == NamingClass); 725 726 // If we don't have an instance context, our constraints give us 727 // that NamingClass <= P <= NamingClass, i.e. P == NamingClass. 728 // This is just the usual friendship check. 729 if (!InstanceContext) return GetFriendKind(S, EC, NamingClass); 730 731 ProtectedFriendContext PRC(S, EC, InstanceContext, NamingClass); 732 if (PRC.findFriendship(InstanceContext)) return AR_accessible; 733 if (PRC.EverDependent) return AR_dependent; 734 return AR_inaccessible; 735 } 736 HasAccess(Sema & S,const EffectiveContext & EC,const CXXRecordDecl * NamingClass,AccessSpecifier Access,const AccessTarget & Target)737 static AccessResult HasAccess(Sema &S, 738 const EffectiveContext &EC, 739 const CXXRecordDecl *NamingClass, 740 AccessSpecifier Access, 741 const AccessTarget &Target) { 742 assert(NamingClass->getCanonicalDecl() == NamingClass && 743 "declaration should be canonicalized before being passed here"); 744 745 if (Access == AS_public) return AR_accessible; 746 assert(Access == AS_private || Access == AS_protected); 747 748 AccessResult OnFailure = AR_inaccessible; 749 750 for (EffectiveContext::record_iterator 751 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 752 // All the declarations in EC have been canonicalized, so pointer 753 // equality from this point on will work fine. 754 const CXXRecordDecl *ECRecord = *I; 755 756 // [B2] and [M2] 757 if (Access == AS_private) { 758 if (ECRecord == NamingClass) 759 return AR_accessible; 760 761 if (EC.isDependent() && MightInstantiateTo(ECRecord, NamingClass)) 762 OnFailure = AR_dependent; 763 764 // [B3] and [M3] 765 } else { 766 assert(Access == AS_protected); 767 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) { 768 case AR_accessible: break; 769 case AR_inaccessible: continue; 770 case AR_dependent: OnFailure = AR_dependent; continue; 771 } 772 773 // C++ [class.protected]p1: 774 // An additional access check beyond those described earlier in 775 // [class.access] is applied when a non-static data member or 776 // non-static member function is a protected member of its naming 777 // class. As described earlier, access to a protected member is 778 // granted because the reference occurs in a friend or member of 779 // some class C. If the access is to form a pointer to member, 780 // the nested-name-specifier shall name C or a class derived from 781 // C. All other accesses involve a (possibly implicit) object 782 // expression. In this case, the class of the object expression 783 // shall be C or a class derived from C. 784 // 785 // We interpret this as a restriction on [M3]. 786 787 // In this part of the code, 'C' is just our context class ECRecord. 788 789 // These rules are different if we don't have an instance context. 790 if (!Target.hasInstanceContext()) { 791 // If it's not an instance member, these restrictions don't apply. 792 if (!Target.isInstanceMember()) return AR_accessible; 793 794 // If it's an instance member, use the pointer-to-member rule 795 // that the naming class has to be derived from the effective 796 // context. 797 798 // Emulate a MSVC bug where the creation of pointer-to-member 799 // to protected member of base class is allowed but only from 800 // static member functions. 801 if (S.getLangOpts().MicrosoftMode && !EC.Functions.empty()) 802 if (CXXMethodDecl* MD = dyn_cast<CXXMethodDecl>(EC.Functions.front())) 803 if (MD->isStatic()) return AR_accessible; 804 805 // Despite the standard's confident wording, there is a case 806 // where you can have an instance member that's neither in a 807 // pointer-to-member expression nor in a member access: when 808 // it names a field in an unevaluated context that can't be an 809 // implicit member. Pending clarification, we just apply the 810 // same naming-class restriction here. 811 // FIXME: we're probably not correctly adding the 812 // protected-member restriction when we retroactively convert 813 // an expression to being evaluated. 814 815 // We know that ECRecord derives from NamingClass. The 816 // restriction says to check whether NamingClass derives from 817 // ECRecord, but that's not really necessary: two distinct 818 // classes can't be recursively derived from each other. So 819 // along this path, we just need to check whether the classes 820 // are equal. 821 if (NamingClass == ECRecord) return AR_accessible; 822 823 // Otherwise, this context class tells us nothing; on to the next. 824 continue; 825 } 826 827 assert(Target.isInstanceMember()); 828 829 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S); 830 if (!InstanceContext) { 831 OnFailure = AR_dependent; 832 continue; 833 } 834 835 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) { 836 case AR_accessible: return AR_accessible; 837 case AR_inaccessible: continue; 838 case AR_dependent: OnFailure = AR_dependent; continue; 839 } 840 } 841 } 842 843 // [M3] and [B3] say that, if the target is protected in N, we grant 844 // access if the access occurs in a friend or member of some class P 845 // that's a subclass of N and where the target has some natural 846 // access in P. The 'member' aspect is easy to handle because P 847 // would necessarily be one of the effective-context records, and we 848 // address that above. The 'friend' aspect is completely ridiculous 849 // to implement because there are no restrictions at all on P 850 // *unless* the [class.protected] restriction applies. If it does, 851 // however, we should ignore whether the naming class is a friend, 852 // and instead rely on whether any potential P is a friend. 853 if (Access == AS_protected && Target.isInstanceMember()) { 854 // Compute the instance context if possible. 855 const CXXRecordDecl *InstanceContext = 0; 856 if (Target.hasInstanceContext()) { 857 InstanceContext = Target.resolveInstanceContext(S); 858 if (!InstanceContext) return AR_dependent; 859 } 860 861 switch (GetProtectedFriendKind(S, EC, InstanceContext, NamingClass)) { 862 case AR_accessible: return AR_accessible; 863 case AR_inaccessible: return OnFailure; 864 case AR_dependent: return AR_dependent; 865 } 866 llvm_unreachable("impossible friendship kind"); 867 } 868 869 switch (GetFriendKind(S, EC, NamingClass)) { 870 case AR_accessible: return AR_accessible; 871 case AR_inaccessible: return OnFailure; 872 case AR_dependent: return AR_dependent; 873 } 874 875 // Silence bogus warnings 876 llvm_unreachable("impossible friendship kind"); 877 } 878 879 /// Finds the best path from the naming class to the declaring class, 880 /// taking friend declarations into account. 881 /// 882 /// C++0x [class.access.base]p5: 883 /// A member m is accessible at the point R when named in class N if 884 /// [M1] m as a member of N is public, or 885 /// [M2] m as a member of N is private, and R occurs in a member or 886 /// friend of class N, or 887 /// [M3] m as a member of N is protected, and R occurs in a member or 888 /// friend of class N, or in a member or friend of a class P 889 /// derived from N, where m as a member of P is public, private, 890 /// or protected, or 891 /// [M4] there exists a base class B of N that is accessible at R, and 892 /// m is accessible at R when named in class B. 893 /// 894 /// C++0x [class.access.base]p4: 895 /// A base class B of N is accessible at R, if 896 /// [B1] an invented public member of B would be a public member of N, or 897 /// [B2] R occurs in a member or friend of class N, and an invented public 898 /// member of B would be a private or protected member of N, or 899 /// [B3] R occurs in a member or friend of a class P derived from N, and an 900 /// invented public member of B would be a private or protected member 901 /// of P, or 902 /// [B4] there exists a class S such that B is a base class of S accessible 903 /// at R and S is a base class of N accessible at R. 904 /// 905 /// Along a single inheritance path we can restate both of these 906 /// iteratively: 907 /// 908 /// First, we note that M1-4 are equivalent to B1-4 if the member is 909 /// treated as a notional base of its declaring class with inheritance 910 /// access equivalent to the member's access. Therefore we need only 911 /// ask whether a class B is accessible from a class N in context R. 912 /// 913 /// Let B_1 .. B_n be the inheritance path in question (i.e. where 914 /// B_1 = N, B_n = B, and for all i, B_{i+1} is a direct base class of 915 /// B_i). For i in 1..n, we will calculate ACAB(i), the access to the 916 /// closest accessible base in the path: 917 /// Access(a, b) = (* access on the base specifier from a to b *) 918 /// Merge(a, forbidden) = forbidden 919 /// Merge(a, private) = forbidden 920 /// Merge(a, b) = min(a,b) 921 /// Accessible(c, forbidden) = false 922 /// Accessible(c, private) = (R is c) || IsFriend(c, R) 923 /// Accessible(c, protected) = (R derived from c) || IsFriend(c, R) 924 /// Accessible(c, public) = true 925 /// ACAB(n) = public 926 /// ACAB(i) = 927 /// let AccessToBase = Merge(Access(B_i, B_{i+1}), ACAB(i+1)) in 928 /// if Accessible(B_i, AccessToBase) then public else AccessToBase 929 /// 930 /// B is an accessible base of N at R iff ACAB(1) = public. 931 /// 932 /// \param FinalAccess the access of the "final step", or AS_public if 933 /// there is no final step. 934 /// \return null if friendship is dependent FindBestPath(Sema & S,const EffectiveContext & EC,AccessTarget & Target,AccessSpecifier FinalAccess,CXXBasePaths & Paths)935 static CXXBasePath *FindBestPath(Sema &S, 936 const EffectiveContext &EC, 937 AccessTarget &Target, 938 AccessSpecifier FinalAccess, 939 CXXBasePaths &Paths) { 940 // Derive the paths to the desired base. 941 const CXXRecordDecl *Derived = Target.getNamingClass(); 942 const CXXRecordDecl *Base = Target.getDeclaringClass(); 943 944 // FIXME: fail correctly when there are dependent paths. 945 bool isDerived = Derived->isDerivedFrom(const_cast<CXXRecordDecl*>(Base), 946 Paths); 947 assert(isDerived && "derived class not actually derived from base"); 948 (void) isDerived; 949 950 CXXBasePath *BestPath = 0; 951 952 assert(FinalAccess != AS_none && "forbidden access after declaring class"); 953 954 bool AnyDependent = false; 955 956 // Derive the friend-modified access along each path. 957 for (CXXBasePaths::paths_iterator PI = Paths.begin(), PE = Paths.end(); 958 PI != PE; ++PI) { 959 AccessTarget::SavedInstanceContext _ = Target.saveInstanceContext(); 960 961 // Walk through the path backwards. 962 AccessSpecifier PathAccess = FinalAccess; 963 CXXBasePath::iterator I = PI->end(), E = PI->begin(); 964 while (I != E) { 965 --I; 966 967 assert(PathAccess != AS_none); 968 969 // If the declaration is a private member of a base class, there 970 // is no level of friendship in derived classes that can make it 971 // accessible. 972 if (PathAccess == AS_private) { 973 PathAccess = AS_none; 974 break; 975 } 976 977 const CXXRecordDecl *NC = I->Class->getCanonicalDecl(); 978 979 AccessSpecifier BaseAccess = I->Base->getAccessSpecifier(); 980 PathAccess = std::max(PathAccess, BaseAccess); 981 982 switch (HasAccess(S, EC, NC, PathAccess, Target)) { 983 case AR_inaccessible: break; 984 case AR_accessible: 985 PathAccess = AS_public; 986 987 // Future tests are not against members and so do not have 988 // instance context. 989 Target.suppressInstanceContext(); 990 break; 991 case AR_dependent: 992 AnyDependent = true; 993 goto Next; 994 } 995 } 996 997 // Note that we modify the path's Access field to the 998 // friend-modified access. 999 if (BestPath == 0 || PathAccess < BestPath->Access) { 1000 BestPath = &*PI; 1001 BestPath->Access = PathAccess; 1002 1003 // Short-circuit if we found a public path. 1004 if (BestPath->Access == AS_public) 1005 return BestPath; 1006 } 1007 1008 Next: ; 1009 } 1010 1011 assert((!BestPath || BestPath->Access != AS_public) && 1012 "fell out of loop with public path"); 1013 1014 // We didn't find a public path, but at least one path was subject 1015 // to dependent friendship, so delay the check. 1016 if (AnyDependent) 1017 return 0; 1018 1019 return BestPath; 1020 } 1021 1022 /// Given that an entity has protected natural access, check whether 1023 /// access might be denied because of the protected member access 1024 /// restriction. 1025 /// 1026 /// \return true if a note was emitted TryDiagnoseProtectedAccess(Sema & S,const EffectiveContext & EC,AccessTarget & Target)1027 static bool TryDiagnoseProtectedAccess(Sema &S, const EffectiveContext &EC, 1028 AccessTarget &Target) { 1029 // Only applies to instance accesses. 1030 if (!Target.isInstanceMember()) 1031 return false; 1032 1033 assert(Target.isMemberAccess()); 1034 1035 const CXXRecordDecl *NamingClass = Target.getEffectiveNamingClass(); 1036 1037 for (EffectiveContext::record_iterator 1038 I = EC.Records.begin(), E = EC.Records.end(); I != E; ++I) { 1039 const CXXRecordDecl *ECRecord = *I; 1040 switch (IsDerivedFromInclusive(ECRecord, NamingClass)) { 1041 case AR_accessible: break; 1042 case AR_inaccessible: continue; 1043 case AR_dependent: continue; 1044 } 1045 1046 // The effective context is a subclass of the declaring class. 1047 // Check whether the [class.protected] restriction is limiting 1048 // access. 1049 1050 // To get this exactly right, this might need to be checked more 1051 // holistically; it's not necessarily the case that gaining 1052 // access here would grant us access overall. 1053 1054 NamedDecl *D = Target.getTargetDecl(); 1055 1056 // If we don't have an instance context, [class.protected] says the 1057 // naming class has to equal the context class. 1058 if (!Target.hasInstanceContext()) { 1059 // If it does, the restriction doesn't apply. 1060 if (NamingClass == ECRecord) continue; 1061 1062 // TODO: it would be great to have a fixit here, since this is 1063 // such an obvious error. 1064 S.Diag(D->getLocation(), diag::note_access_protected_restricted_noobject) 1065 << S.Context.getTypeDeclType(ECRecord); 1066 return true; 1067 } 1068 1069 const CXXRecordDecl *InstanceContext = Target.resolveInstanceContext(S); 1070 assert(InstanceContext && "diagnosing dependent access"); 1071 1072 switch (IsDerivedFromInclusive(InstanceContext, ECRecord)) { 1073 case AR_accessible: continue; 1074 case AR_dependent: continue; 1075 case AR_inaccessible: 1076 break; 1077 } 1078 1079 // Okay, the restriction seems to be what's limiting us. 1080 1081 // Use a special diagnostic for constructors and destructors. 1082 if (isa<CXXConstructorDecl>(D) || isa<CXXDestructorDecl>(D) || 1083 (isa<FunctionTemplateDecl>(D) && 1084 isa<CXXConstructorDecl>( 1085 cast<FunctionTemplateDecl>(D)->getTemplatedDecl()))) { 1086 S.Diag(D->getLocation(), diag::note_access_protected_restricted_ctordtor) 1087 << isa<CXXDestructorDecl>(D); 1088 return true; 1089 } 1090 1091 // Otherwise, use the generic diagnostic. 1092 S.Diag(D->getLocation(), diag::note_access_protected_restricted_object) 1093 << S.Context.getTypeDeclType(ECRecord); 1094 return true; 1095 } 1096 1097 return false; 1098 } 1099 1100 /// We are unable to access a given declaration due to its direct 1101 /// access control; diagnose that. diagnoseBadDirectAccess(Sema & S,const EffectiveContext & EC,AccessTarget & entity)1102 static void diagnoseBadDirectAccess(Sema &S, 1103 const EffectiveContext &EC, 1104 AccessTarget &entity) { 1105 assert(entity.isMemberAccess()); 1106 NamedDecl *D = entity.getTargetDecl(); 1107 1108 if (D->getAccess() == AS_protected && 1109 TryDiagnoseProtectedAccess(S, EC, entity)) 1110 return; 1111 1112 // Find an original declaration. 1113 while (D->isOutOfLine()) { 1114 NamedDecl *PrevDecl = 0; 1115 if (VarDecl *VD = dyn_cast<VarDecl>(D)) 1116 PrevDecl = VD->getPreviousDecl(); 1117 else if (FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) 1118 PrevDecl = FD->getPreviousDecl(); 1119 else if (TypedefNameDecl *TND = dyn_cast<TypedefNameDecl>(D)) 1120 PrevDecl = TND->getPreviousDecl(); 1121 else if (TagDecl *TD = dyn_cast<TagDecl>(D)) { 1122 if (isa<RecordDecl>(D) && cast<RecordDecl>(D)->isInjectedClassName()) 1123 break; 1124 PrevDecl = TD->getPreviousDecl(); 1125 } 1126 if (!PrevDecl) break; 1127 D = PrevDecl; 1128 } 1129 1130 CXXRecordDecl *DeclaringClass = FindDeclaringClass(D); 1131 Decl *ImmediateChild; 1132 if (D->getDeclContext() == DeclaringClass) 1133 ImmediateChild = D; 1134 else { 1135 DeclContext *DC = D->getDeclContext(); 1136 while (DC->getParent() != DeclaringClass) 1137 DC = DC->getParent(); 1138 ImmediateChild = cast<Decl>(DC); 1139 } 1140 1141 // Check whether there's an AccessSpecDecl preceding this in the 1142 // chain of the DeclContext. 1143 bool isImplicit = true; 1144 for (CXXRecordDecl::decl_iterator 1145 I = DeclaringClass->decls_begin(), E = DeclaringClass->decls_end(); 1146 I != E; ++I) { 1147 if (*I == ImmediateChild) break; 1148 if (isa<AccessSpecDecl>(*I)) { 1149 isImplicit = false; 1150 break; 1151 } 1152 } 1153 1154 S.Diag(D->getLocation(), diag::note_access_natural) 1155 << (unsigned) (D->getAccess() == AS_protected) 1156 << isImplicit; 1157 } 1158 1159 /// Diagnose the path which caused the given declaration or base class 1160 /// to become inaccessible. DiagnoseAccessPath(Sema & S,const EffectiveContext & EC,AccessTarget & entity)1161 static void DiagnoseAccessPath(Sema &S, 1162 const EffectiveContext &EC, 1163 AccessTarget &entity) { 1164 // Save the instance context to preserve invariants. 1165 AccessTarget::SavedInstanceContext _ = entity.saveInstanceContext(); 1166 1167 // This basically repeats the main algorithm but keeps some more 1168 // information. 1169 1170 // The natural access so far. 1171 AccessSpecifier accessSoFar = AS_public; 1172 1173 // Check whether we have special rights to the declaring class. 1174 if (entity.isMemberAccess()) { 1175 NamedDecl *D = entity.getTargetDecl(); 1176 accessSoFar = D->getAccess(); 1177 const CXXRecordDecl *declaringClass = entity.getDeclaringClass(); 1178 1179 switch (HasAccess(S, EC, declaringClass, accessSoFar, entity)) { 1180 // If the declaration is accessible when named in its declaring 1181 // class, then we must be constrained by the path. 1182 case AR_accessible: 1183 accessSoFar = AS_public; 1184 entity.suppressInstanceContext(); 1185 break; 1186 1187 case AR_inaccessible: 1188 if (accessSoFar == AS_private || 1189 declaringClass == entity.getEffectiveNamingClass()) 1190 return diagnoseBadDirectAccess(S, EC, entity); 1191 break; 1192 1193 case AR_dependent: 1194 llvm_unreachable("cannot diagnose dependent access"); 1195 } 1196 } 1197 1198 CXXBasePaths paths; 1199 CXXBasePath &path = *FindBestPath(S, EC, entity, accessSoFar, paths); 1200 assert(path.Access != AS_public); 1201 1202 CXXBasePath::iterator i = path.end(), e = path.begin(); 1203 CXXBasePath::iterator constrainingBase = i; 1204 while (i != e) { 1205 --i; 1206 1207 assert(accessSoFar != AS_none && accessSoFar != AS_private); 1208 1209 // Is the entity accessible when named in the deriving class, as 1210 // modified by the base specifier? 1211 const CXXRecordDecl *derivingClass = i->Class->getCanonicalDecl(); 1212 const CXXBaseSpecifier *base = i->Base; 1213 1214 // If the access to this base is worse than the access we have to 1215 // the declaration, remember it. 1216 AccessSpecifier baseAccess = base->getAccessSpecifier(); 1217 if (baseAccess > accessSoFar) { 1218 constrainingBase = i; 1219 accessSoFar = baseAccess; 1220 } 1221 1222 switch (HasAccess(S, EC, derivingClass, accessSoFar, entity)) { 1223 case AR_inaccessible: break; 1224 case AR_accessible: 1225 accessSoFar = AS_public; 1226 entity.suppressInstanceContext(); 1227 constrainingBase = 0; 1228 break; 1229 case AR_dependent: 1230 llvm_unreachable("cannot diagnose dependent access"); 1231 } 1232 1233 // If this was private inheritance, but we don't have access to 1234 // the deriving class, we're done. 1235 if (accessSoFar == AS_private) { 1236 assert(baseAccess == AS_private); 1237 assert(constrainingBase == i); 1238 break; 1239 } 1240 } 1241 1242 // If we don't have a constraining base, the access failure must be 1243 // due to the original declaration. 1244 if (constrainingBase == path.end()) 1245 return diagnoseBadDirectAccess(S, EC, entity); 1246 1247 // We're constrained by inheritance, but we want to say 1248 // "declared private here" if we're diagnosing a hierarchy 1249 // conversion and this is the final step. 1250 unsigned diagnostic; 1251 if (entity.isMemberAccess() || 1252 constrainingBase + 1 != path.end()) { 1253 diagnostic = diag::note_access_constrained_by_path; 1254 } else { 1255 diagnostic = diag::note_access_natural; 1256 } 1257 1258 const CXXBaseSpecifier *base = constrainingBase->Base; 1259 1260 S.Diag(base->getSourceRange().getBegin(), diagnostic) 1261 << base->getSourceRange() 1262 << (base->getAccessSpecifier() == AS_protected) 1263 << (base->getAccessSpecifierAsWritten() == AS_none); 1264 1265 if (entity.isMemberAccess()) 1266 S.Diag(entity.getTargetDecl()->getLocation(), diag::note_field_decl); 1267 } 1268 DiagnoseBadAccess(Sema & S,SourceLocation Loc,const EffectiveContext & EC,AccessTarget & Entity)1269 static void DiagnoseBadAccess(Sema &S, SourceLocation Loc, 1270 const EffectiveContext &EC, 1271 AccessTarget &Entity) { 1272 const CXXRecordDecl *NamingClass = Entity.getNamingClass(); 1273 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass(); 1274 NamedDecl *D = (Entity.isMemberAccess() ? Entity.getTargetDecl() : 0); 1275 1276 S.Diag(Loc, Entity.getDiag()) 1277 << (Entity.getAccess() == AS_protected) 1278 << (D ? D->getDeclName() : DeclarationName()) 1279 << S.Context.getTypeDeclType(NamingClass) 1280 << S.Context.getTypeDeclType(DeclaringClass); 1281 DiagnoseAccessPath(S, EC, Entity); 1282 } 1283 1284 /// MSVC has a bug where if during an using declaration name lookup, 1285 /// the declaration found is unaccessible (private) and that declaration 1286 /// was bring into scope via another using declaration whose target 1287 /// declaration is accessible (public) then no error is generated. 1288 /// Example: 1289 /// class A { 1290 /// public: 1291 /// int f(); 1292 /// }; 1293 /// class B : public A { 1294 /// private: 1295 /// using A::f; 1296 /// }; 1297 /// class C : public B { 1298 /// private: 1299 /// using B::f; 1300 /// }; 1301 /// 1302 /// Here, B::f is private so this should fail in Standard C++, but 1303 /// because B::f refers to A::f which is public MSVC accepts it. IsMicrosoftUsingDeclarationAccessBug(Sema & S,SourceLocation AccessLoc,AccessTarget & Entity)1304 static bool IsMicrosoftUsingDeclarationAccessBug(Sema& S, 1305 SourceLocation AccessLoc, 1306 AccessTarget &Entity) { 1307 if (UsingShadowDecl *Shadow = 1308 dyn_cast<UsingShadowDecl>(Entity.getTargetDecl())) { 1309 const NamedDecl *OrigDecl = Entity.getTargetDecl()->getUnderlyingDecl(); 1310 if (Entity.getTargetDecl()->getAccess() == AS_private && 1311 (OrigDecl->getAccess() == AS_public || 1312 OrigDecl->getAccess() == AS_protected)) { 1313 S.Diag(AccessLoc, diag::ext_ms_using_declaration_inaccessible) 1314 << Shadow->getUsingDecl()->getQualifiedNameAsString() 1315 << OrigDecl->getQualifiedNameAsString(); 1316 return true; 1317 } 1318 } 1319 return false; 1320 } 1321 1322 /// Determines whether the accessed entity is accessible. Public members 1323 /// have been weeded out by this point. IsAccessible(Sema & S,const EffectiveContext & EC,AccessTarget & Entity)1324 static AccessResult IsAccessible(Sema &S, 1325 const EffectiveContext &EC, 1326 AccessTarget &Entity) { 1327 // Determine the actual naming class. 1328 const CXXRecordDecl *NamingClass = Entity.getEffectiveNamingClass(); 1329 1330 AccessSpecifier UnprivilegedAccess = Entity.getAccess(); 1331 assert(UnprivilegedAccess != AS_public && "public access not weeded out"); 1332 1333 // Before we try to recalculate access paths, try to white-list 1334 // accesses which just trade in on the final step, i.e. accesses 1335 // which don't require [M4] or [B4]. These are by far the most 1336 // common forms of privileged access. 1337 if (UnprivilegedAccess != AS_none) { 1338 switch (HasAccess(S, EC, NamingClass, UnprivilegedAccess, Entity)) { 1339 case AR_dependent: 1340 // This is actually an interesting policy decision. We don't 1341 // *have* to delay immediately here: we can do the full access 1342 // calculation in the hope that friendship on some intermediate 1343 // class will make the declaration accessible non-dependently. 1344 // But that's not cheap, and odds are very good (note: assertion 1345 // made without data) that the friend declaration will determine 1346 // access. 1347 return AR_dependent; 1348 1349 case AR_accessible: return AR_accessible; 1350 case AR_inaccessible: break; 1351 } 1352 } 1353 1354 AccessTarget::SavedInstanceContext _ = Entity.saveInstanceContext(); 1355 1356 // We lower member accesses to base accesses by pretending that the 1357 // member is a base class of its declaring class. 1358 AccessSpecifier FinalAccess; 1359 1360 if (Entity.isMemberAccess()) { 1361 // Determine if the declaration is accessible from EC when named 1362 // in its declaring class. 1363 NamedDecl *Target = Entity.getTargetDecl(); 1364 const CXXRecordDecl *DeclaringClass = Entity.getDeclaringClass(); 1365 1366 FinalAccess = Target->getAccess(); 1367 switch (HasAccess(S, EC, DeclaringClass, FinalAccess, Entity)) { 1368 case AR_accessible: 1369 // Target is accessible at EC when named in its declaring class. 1370 // We can now hill-climb and simply check whether the declaring 1371 // class is accessible as a base of the naming class. This is 1372 // equivalent to checking the access of a notional public 1373 // member with no instance context. 1374 FinalAccess = AS_public; 1375 Entity.suppressInstanceContext(); 1376 break; 1377 case AR_inaccessible: break; 1378 case AR_dependent: return AR_dependent; // see above 1379 } 1380 1381 if (DeclaringClass == NamingClass) 1382 return (FinalAccess == AS_public ? AR_accessible : AR_inaccessible); 1383 } else { 1384 FinalAccess = AS_public; 1385 } 1386 1387 assert(Entity.getDeclaringClass() != NamingClass); 1388 1389 // Append the declaration's access if applicable. 1390 CXXBasePaths Paths; 1391 CXXBasePath *Path = FindBestPath(S, EC, Entity, FinalAccess, Paths); 1392 if (!Path) 1393 return AR_dependent; 1394 1395 assert(Path->Access <= UnprivilegedAccess && 1396 "access along best path worse than direct?"); 1397 if (Path->Access == AS_public) 1398 return AR_accessible; 1399 return AR_inaccessible; 1400 } 1401 DelayDependentAccess(Sema & S,const EffectiveContext & EC,SourceLocation Loc,const AccessTarget & Entity)1402 static void DelayDependentAccess(Sema &S, 1403 const EffectiveContext &EC, 1404 SourceLocation Loc, 1405 const AccessTarget &Entity) { 1406 assert(EC.isDependent() && "delaying non-dependent access"); 1407 DeclContext *DC = EC.getInnerContext(); 1408 assert(DC->isDependentContext() && "delaying non-dependent access"); 1409 DependentDiagnostic::Create(S.Context, DC, DependentDiagnostic::Access, 1410 Loc, 1411 Entity.isMemberAccess(), 1412 Entity.getAccess(), 1413 Entity.getTargetDecl(), 1414 Entity.getNamingClass(), 1415 Entity.getBaseObjectType(), 1416 Entity.getDiag()); 1417 } 1418 1419 /// Checks access to an entity from the given effective context. CheckEffectiveAccess(Sema & S,const EffectiveContext & EC,SourceLocation Loc,AccessTarget & Entity)1420 static AccessResult CheckEffectiveAccess(Sema &S, 1421 const EffectiveContext &EC, 1422 SourceLocation Loc, 1423 AccessTarget &Entity) { 1424 assert(Entity.getAccess() != AS_public && "called for public access!"); 1425 1426 if (S.getLangOpts().MicrosoftMode && 1427 IsMicrosoftUsingDeclarationAccessBug(S, Loc, Entity)) 1428 return AR_accessible; 1429 1430 switch (IsAccessible(S, EC, Entity)) { 1431 case AR_dependent: 1432 DelayDependentAccess(S, EC, Loc, Entity); 1433 return AR_dependent; 1434 1435 case AR_inaccessible: 1436 if (!Entity.isQuiet()) 1437 DiagnoseBadAccess(S, Loc, EC, Entity); 1438 return AR_inaccessible; 1439 1440 case AR_accessible: 1441 return AR_accessible; 1442 } 1443 1444 // silence unnecessary warning 1445 llvm_unreachable("invalid access result"); 1446 } 1447 CheckAccess(Sema & S,SourceLocation Loc,AccessTarget & Entity)1448 static Sema::AccessResult CheckAccess(Sema &S, SourceLocation Loc, 1449 AccessTarget &Entity) { 1450 // If the access path is public, it's accessible everywhere. 1451 if (Entity.getAccess() == AS_public) 1452 return Sema::AR_accessible; 1453 1454 // If we're currently parsing a declaration, we may need to delay 1455 // access control checking, because our effective context might be 1456 // different based on what the declaration comes out as. 1457 // 1458 // For example, we might be parsing a declaration with a scope 1459 // specifier, like this: 1460 // A::private_type A::foo() { ... } 1461 // 1462 // Or we might be parsing something that will turn out to be a friend: 1463 // void foo(A::private_type); 1464 // void B::foo(A::private_type); 1465 if (S.DelayedDiagnostics.shouldDelayDiagnostics()) { 1466 S.DelayedDiagnostics.add(DelayedDiagnostic::makeAccess(Loc, Entity)); 1467 return Sema::AR_delayed; 1468 } 1469 1470 EffectiveContext EC(S.CurContext); 1471 switch (CheckEffectiveAccess(S, EC, Loc, Entity)) { 1472 case AR_accessible: return Sema::AR_accessible; 1473 case AR_inaccessible: return Sema::AR_inaccessible; 1474 case AR_dependent: return Sema::AR_dependent; 1475 } 1476 llvm_unreachable("falling off end"); 1477 } 1478 HandleDelayedAccessCheck(DelayedDiagnostic & DD,Decl * decl)1479 void Sema::HandleDelayedAccessCheck(DelayedDiagnostic &DD, Decl *decl) { 1480 // Access control for names used in the declarations of functions 1481 // and function templates should normally be evaluated in the context 1482 // of the declaration, just in case it's a friend of something. 1483 // However, this does not apply to local extern declarations. 1484 1485 DeclContext *DC = decl->getDeclContext(); 1486 if (FunctionDecl *fn = dyn_cast<FunctionDecl>(decl)) { 1487 if (!DC->isFunctionOrMethod()) DC = fn; 1488 } else if (FunctionTemplateDecl *fnt = dyn_cast<FunctionTemplateDecl>(decl)) { 1489 // Never a local declaration. 1490 DC = fnt->getTemplatedDecl(); 1491 } 1492 1493 EffectiveContext EC(DC); 1494 1495 AccessTarget Target(DD.getAccessData()); 1496 1497 if (CheckEffectiveAccess(*this, EC, DD.Loc, Target) == ::AR_inaccessible) 1498 DD.Triggered = true; 1499 } 1500 HandleDependentAccessCheck(const DependentDiagnostic & DD,const MultiLevelTemplateArgumentList & TemplateArgs)1501 void Sema::HandleDependentAccessCheck(const DependentDiagnostic &DD, 1502 const MultiLevelTemplateArgumentList &TemplateArgs) { 1503 SourceLocation Loc = DD.getAccessLoc(); 1504 AccessSpecifier Access = DD.getAccess(); 1505 1506 Decl *NamingD = FindInstantiatedDecl(Loc, DD.getAccessNamingClass(), 1507 TemplateArgs); 1508 if (!NamingD) return; 1509 Decl *TargetD = FindInstantiatedDecl(Loc, DD.getAccessTarget(), 1510 TemplateArgs); 1511 if (!TargetD) return; 1512 1513 if (DD.isAccessToMember()) { 1514 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(NamingD); 1515 NamedDecl *TargetDecl = cast<NamedDecl>(TargetD); 1516 QualType BaseObjectType = DD.getAccessBaseObjectType(); 1517 if (!BaseObjectType.isNull()) { 1518 BaseObjectType = SubstType(BaseObjectType, TemplateArgs, Loc, 1519 DeclarationName()); 1520 if (BaseObjectType.isNull()) return; 1521 } 1522 1523 AccessTarget Entity(Context, 1524 AccessTarget::Member, 1525 NamingClass, 1526 DeclAccessPair::make(TargetDecl, Access), 1527 BaseObjectType); 1528 Entity.setDiag(DD.getDiagnostic()); 1529 CheckAccess(*this, Loc, Entity); 1530 } else { 1531 AccessTarget Entity(Context, 1532 AccessTarget::Base, 1533 cast<CXXRecordDecl>(TargetD), 1534 cast<CXXRecordDecl>(NamingD), 1535 Access); 1536 Entity.setDiag(DD.getDiagnostic()); 1537 CheckAccess(*this, Loc, Entity); 1538 } 1539 } 1540 CheckUnresolvedLookupAccess(UnresolvedLookupExpr * E,DeclAccessPair Found)1541 Sema::AccessResult Sema::CheckUnresolvedLookupAccess(UnresolvedLookupExpr *E, 1542 DeclAccessPair Found) { 1543 if (!getLangOpts().AccessControl || 1544 !E->getNamingClass() || 1545 Found.getAccess() == AS_public) 1546 return AR_accessible; 1547 1548 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(), 1549 Found, QualType()); 1550 Entity.setDiag(diag::err_access) << E->getSourceRange(); 1551 1552 return CheckAccess(*this, E->getNameLoc(), Entity); 1553 } 1554 1555 /// Perform access-control checking on a previously-unresolved member 1556 /// access which has now been resolved to a member. CheckUnresolvedMemberAccess(UnresolvedMemberExpr * E,DeclAccessPair Found)1557 Sema::AccessResult Sema::CheckUnresolvedMemberAccess(UnresolvedMemberExpr *E, 1558 DeclAccessPair Found) { 1559 if (!getLangOpts().AccessControl || 1560 Found.getAccess() == AS_public) 1561 return AR_accessible; 1562 1563 QualType BaseType = E->getBaseType(); 1564 if (E->isArrow()) 1565 BaseType = BaseType->getAs<PointerType>()->getPointeeType(); 1566 1567 AccessTarget Entity(Context, AccessTarget::Member, E->getNamingClass(), 1568 Found, BaseType); 1569 Entity.setDiag(diag::err_access) << E->getSourceRange(); 1570 1571 return CheckAccess(*this, E->getMemberLoc(), Entity); 1572 } 1573 1574 /// Is the given special member function accessible for the purposes of 1575 /// deciding whether to define a special member function as deleted? isSpecialMemberAccessibleForDeletion(CXXMethodDecl * decl,AccessSpecifier access,QualType objectType)1576 bool Sema::isSpecialMemberAccessibleForDeletion(CXXMethodDecl *decl, 1577 AccessSpecifier access, 1578 QualType objectType) { 1579 // Fast path. 1580 if (access == AS_public || !getLangOpts().AccessControl) return true; 1581 1582 AccessTarget entity(Context, AccessTarget::Member, decl->getParent(), 1583 DeclAccessPair::make(decl, access), objectType); 1584 1585 // Suppress diagnostics. 1586 entity.setDiag(PDiag()); 1587 1588 switch (CheckAccess(*this, SourceLocation(), entity)) { 1589 case AR_accessible: return true; 1590 case AR_inaccessible: return false; 1591 case AR_dependent: llvm_unreachable("dependent for =delete computation"); 1592 case AR_delayed: llvm_unreachable("cannot delay =delete computation"); 1593 } 1594 llvm_unreachable("bad access result"); 1595 } 1596 CheckDestructorAccess(SourceLocation Loc,CXXDestructorDecl * Dtor,const PartialDiagnostic & PDiag,QualType ObjectTy)1597 Sema::AccessResult Sema::CheckDestructorAccess(SourceLocation Loc, 1598 CXXDestructorDecl *Dtor, 1599 const PartialDiagnostic &PDiag, 1600 QualType ObjectTy) { 1601 if (!getLangOpts().AccessControl) 1602 return AR_accessible; 1603 1604 // There's never a path involved when checking implicit destructor access. 1605 AccessSpecifier Access = Dtor->getAccess(); 1606 if (Access == AS_public) 1607 return AR_accessible; 1608 1609 CXXRecordDecl *NamingClass = Dtor->getParent(); 1610 if (ObjectTy.isNull()) ObjectTy = Context.getTypeDeclType(NamingClass); 1611 1612 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, 1613 DeclAccessPair::make(Dtor, Access), 1614 ObjectTy); 1615 Entity.setDiag(PDiag); // TODO: avoid copy 1616 1617 return CheckAccess(*this, Loc, Entity); 1618 } 1619 1620 /// Checks access to a constructor. CheckConstructorAccess(SourceLocation UseLoc,CXXConstructorDecl * Constructor,const InitializedEntity & Entity,AccessSpecifier Access,bool IsCopyBindingRefToTemp)1621 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc, 1622 CXXConstructorDecl *Constructor, 1623 const InitializedEntity &Entity, 1624 AccessSpecifier Access, 1625 bool IsCopyBindingRefToTemp) { 1626 if (!getLangOpts().AccessControl || Access == AS_public) 1627 return AR_accessible; 1628 1629 PartialDiagnostic PD(PDiag()); 1630 switch (Entity.getKind()) { 1631 default: 1632 PD = PDiag(IsCopyBindingRefToTemp 1633 ? diag::ext_rvalue_to_reference_access_ctor 1634 : diag::err_access_ctor); 1635 1636 break; 1637 1638 case InitializedEntity::EK_Base: 1639 PD = PDiag(diag::err_access_base_ctor); 1640 PD << Entity.isInheritedVirtualBase() 1641 << Entity.getBaseSpecifier()->getType() << getSpecialMember(Constructor); 1642 break; 1643 1644 case InitializedEntity::EK_Member: { 1645 const FieldDecl *Field = cast<FieldDecl>(Entity.getDecl()); 1646 PD = PDiag(diag::err_access_field_ctor); 1647 PD << Field->getType() << getSpecialMember(Constructor); 1648 break; 1649 } 1650 1651 case InitializedEntity::EK_LambdaCapture: { 1652 const VarDecl *Var = Entity.getCapturedVar(); 1653 PD = PDiag(diag::err_access_lambda_capture); 1654 PD << Var->getName() << Entity.getType() << getSpecialMember(Constructor); 1655 break; 1656 } 1657 1658 } 1659 1660 return CheckConstructorAccess(UseLoc, Constructor, Entity, Access, PD); 1661 } 1662 1663 /// Checks access to a constructor. CheckConstructorAccess(SourceLocation UseLoc,CXXConstructorDecl * Constructor,const InitializedEntity & Entity,AccessSpecifier Access,const PartialDiagnostic & PD)1664 Sema::AccessResult Sema::CheckConstructorAccess(SourceLocation UseLoc, 1665 CXXConstructorDecl *Constructor, 1666 const InitializedEntity &Entity, 1667 AccessSpecifier Access, 1668 const PartialDiagnostic &PD) { 1669 if (!getLangOpts().AccessControl || 1670 Access == AS_public) 1671 return AR_accessible; 1672 1673 CXXRecordDecl *NamingClass = Constructor->getParent(); 1674 1675 // Initializing a base sub-object is an instance method call on an 1676 // object of the derived class. Otherwise, we have an instance method 1677 // call on an object of the constructed type. 1678 CXXRecordDecl *ObjectClass; 1679 if (Entity.getKind() == InitializedEntity::EK_Base) { 1680 ObjectClass = cast<CXXConstructorDecl>(CurContext)->getParent(); 1681 } else { 1682 ObjectClass = NamingClass; 1683 } 1684 1685 AccessTarget AccessEntity(Context, AccessTarget::Member, NamingClass, 1686 DeclAccessPair::make(Constructor, Access), 1687 Context.getTypeDeclType(ObjectClass)); 1688 AccessEntity.setDiag(PD); 1689 1690 return CheckAccess(*this, UseLoc, AccessEntity); 1691 } 1692 1693 /// Checks access to an overloaded operator new or delete. CheckAllocationAccess(SourceLocation OpLoc,SourceRange PlacementRange,CXXRecordDecl * NamingClass,DeclAccessPair Found,bool Diagnose)1694 Sema::AccessResult Sema::CheckAllocationAccess(SourceLocation OpLoc, 1695 SourceRange PlacementRange, 1696 CXXRecordDecl *NamingClass, 1697 DeclAccessPair Found, 1698 bool Diagnose) { 1699 if (!getLangOpts().AccessControl || 1700 !NamingClass || 1701 Found.getAccess() == AS_public) 1702 return AR_accessible; 1703 1704 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1705 QualType()); 1706 if (Diagnose) 1707 Entity.setDiag(diag::err_access) 1708 << PlacementRange; 1709 1710 return CheckAccess(*this, OpLoc, Entity); 1711 } 1712 1713 /// Checks access to an overloaded member operator, including 1714 /// conversion operators. CheckMemberOperatorAccess(SourceLocation OpLoc,Expr * ObjectExpr,Expr * ArgExpr,DeclAccessPair Found)1715 Sema::AccessResult Sema::CheckMemberOperatorAccess(SourceLocation OpLoc, 1716 Expr *ObjectExpr, 1717 Expr *ArgExpr, 1718 DeclAccessPair Found) { 1719 if (!getLangOpts().AccessControl || 1720 Found.getAccess() == AS_public) 1721 return AR_accessible; 1722 1723 const RecordType *RT = ObjectExpr->getType()->castAs<RecordType>(); 1724 CXXRecordDecl *NamingClass = cast<CXXRecordDecl>(RT->getDecl()); 1725 1726 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1727 ObjectExpr->getType()); 1728 Entity.setDiag(diag::err_access) 1729 << ObjectExpr->getSourceRange() 1730 << (ArgExpr ? ArgExpr->getSourceRange() : SourceRange()); 1731 1732 return CheckAccess(*this, OpLoc, Entity); 1733 } 1734 1735 /// Checks access to the target of a friend declaration. CheckFriendAccess(NamedDecl * target)1736 Sema::AccessResult Sema::CheckFriendAccess(NamedDecl *target) { 1737 assert(isa<CXXMethodDecl>(target) || 1738 (isa<FunctionTemplateDecl>(target) && 1739 isa<CXXMethodDecl>(cast<FunctionTemplateDecl>(target) 1740 ->getTemplatedDecl()))); 1741 1742 // Friendship lookup is a redeclaration lookup, so there's never an 1743 // inheritance path modifying access. 1744 AccessSpecifier access = target->getAccess(); 1745 1746 if (!getLangOpts().AccessControl || access == AS_public) 1747 return AR_accessible; 1748 1749 CXXMethodDecl *method = dyn_cast<CXXMethodDecl>(target); 1750 if (!method) 1751 method = cast<CXXMethodDecl>( 1752 cast<FunctionTemplateDecl>(target)->getTemplatedDecl()); 1753 assert(method->getQualifier()); 1754 1755 AccessTarget entity(Context, AccessTarget::Member, 1756 cast<CXXRecordDecl>(target->getDeclContext()), 1757 DeclAccessPair::make(target, access), 1758 /*no instance context*/ QualType()); 1759 entity.setDiag(diag::err_access_friend_function) 1760 << method->getQualifierLoc().getSourceRange(); 1761 1762 // We need to bypass delayed-diagnostics because we might be called 1763 // while the ParsingDeclarator is active. 1764 EffectiveContext EC(CurContext); 1765 switch (CheckEffectiveAccess(*this, EC, target->getLocation(), entity)) { 1766 case AR_accessible: return Sema::AR_accessible; 1767 case AR_inaccessible: return Sema::AR_inaccessible; 1768 case AR_dependent: return Sema::AR_dependent; 1769 } 1770 llvm_unreachable("falling off end"); 1771 } 1772 CheckAddressOfMemberAccess(Expr * OvlExpr,DeclAccessPair Found)1773 Sema::AccessResult Sema::CheckAddressOfMemberAccess(Expr *OvlExpr, 1774 DeclAccessPair Found) { 1775 if (!getLangOpts().AccessControl || 1776 Found.getAccess() == AS_none || 1777 Found.getAccess() == AS_public) 1778 return AR_accessible; 1779 1780 OverloadExpr *Ovl = OverloadExpr::find(OvlExpr).Expression; 1781 CXXRecordDecl *NamingClass = Ovl->getNamingClass(); 1782 1783 AccessTarget Entity(Context, AccessTarget::Member, NamingClass, Found, 1784 /*no instance context*/ QualType()); 1785 Entity.setDiag(diag::err_access) 1786 << Ovl->getSourceRange(); 1787 1788 return CheckAccess(*this, Ovl->getNameLoc(), Entity); 1789 } 1790 1791 /// Checks access for a hierarchy conversion. 1792 /// 1793 /// \param ForceCheck true if this check should be performed even if access 1794 /// control is disabled; some things rely on this for semantics 1795 /// \param ForceUnprivileged true if this check should proceed as if the 1796 /// context had no special privileges CheckBaseClassAccess(SourceLocation AccessLoc,QualType Base,QualType Derived,const CXXBasePath & Path,unsigned DiagID,bool ForceCheck,bool ForceUnprivileged)1797 Sema::AccessResult Sema::CheckBaseClassAccess(SourceLocation AccessLoc, 1798 QualType Base, 1799 QualType Derived, 1800 const CXXBasePath &Path, 1801 unsigned DiagID, 1802 bool ForceCheck, 1803 bool ForceUnprivileged) { 1804 if (!ForceCheck && !getLangOpts().AccessControl) 1805 return AR_accessible; 1806 1807 if (Path.Access == AS_public) 1808 return AR_accessible; 1809 1810 CXXRecordDecl *BaseD, *DerivedD; 1811 BaseD = cast<CXXRecordDecl>(Base->getAs<RecordType>()->getDecl()); 1812 DerivedD = cast<CXXRecordDecl>(Derived->getAs<RecordType>()->getDecl()); 1813 1814 AccessTarget Entity(Context, AccessTarget::Base, BaseD, DerivedD, 1815 Path.Access); 1816 if (DiagID) 1817 Entity.setDiag(DiagID) << Derived << Base; 1818 1819 if (ForceUnprivileged) { 1820 switch (CheckEffectiveAccess(*this, EffectiveContext(), 1821 AccessLoc, Entity)) { 1822 case ::AR_accessible: return Sema::AR_accessible; 1823 case ::AR_inaccessible: return Sema::AR_inaccessible; 1824 case ::AR_dependent: return Sema::AR_dependent; 1825 } 1826 llvm_unreachable("unexpected result from CheckEffectiveAccess"); 1827 } 1828 return CheckAccess(*this, AccessLoc, Entity); 1829 } 1830 1831 /// Checks access to all the declarations in the given result set. CheckLookupAccess(const LookupResult & R)1832 void Sema::CheckLookupAccess(const LookupResult &R) { 1833 assert(getLangOpts().AccessControl 1834 && "performing access check without access control"); 1835 assert(R.getNamingClass() && "performing access check without naming class"); 1836 1837 for (LookupResult::iterator I = R.begin(), E = R.end(); I != E; ++I) { 1838 if (I.getAccess() != AS_public) { 1839 AccessTarget Entity(Context, AccessedEntity::Member, 1840 R.getNamingClass(), I.getPair(), 1841 R.getBaseObjectType()); 1842 Entity.setDiag(diag::err_access); 1843 CheckAccess(*this, R.getNameLoc(), Entity); 1844 } 1845 } 1846 } 1847 1848 /// Checks access to Decl from the given class. The check will take access 1849 /// specifiers into account, but no member access expressions and such. 1850 /// 1851 /// \param Decl the declaration to check if it can be accessed 1852 /// \param Ctx the class/context from which to start the search 1853 /// \return true if the Decl is accessible from the Class, false otherwise. IsSimplyAccessible(NamedDecl * Decl,DeclContext * Ctx)1854 bool Sema::IsSimplyAccessible(NamedDecl *Decl, DeclContext *Ctx) { 1855 if (CXXRecordDecl *Class = dyn_cast<CXXRecordDecl>(Ctx)) { 1856 if (!Decl->isCXXClassMember()) 1857 return true; 1858 1859 QualType qType = Class->getTypeForDecl()->getCanonicalTypeInternal(); 1860 AccessTarget Entity(Context, AccessedEntity::Member, Class, 1861 DeclAccessPair::make(Decl, Decl->getAccess()), 1862 qType); 1863 if (Entity.getAccess() == AS_public) 1864 return true; 1865 1866 EffectiveContext EC(CurContext); 1867 return ::IsAccessible(*this, EC, Entity) != ::AR_inaccessible; 1868 } 1869 1870 if (ObjCIvarDecl *Ivar = dyn_cast<ObjCIvarDecl>(Decl)) { 1871 // @public and @package ivars are always accessible. 1872 if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Public || 1873 Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Package) 1874 return true; 1875 1876 1877 1878 // If we are inside a class or category implementation, determine the 1879 // interface we're in. 1880 ObjCInterfaceDecl *ClassOfMethodDecl = 0; 1881 if (ObjCMethodDecl *MD = getCurMethodDecl()) 1882 ClassOfMethodDecl = MD->getClassInterface(); 1883 else if (FunctionDecl *FD = getCurFunctionDecl()) { 1884 if (ObjCImplDecl *Impl 1885 = dyn_cast<ObjCImplDecl>(FD->getLexicalDeclContext())) { 1886 if (ObjCImplementationDecl *IMPD 1887 = dyn_cast<ObjCImplementationDecl>(Impl)) 1888 ClassOfMethodDecl = IMPD->getClassInterface(); 1889 else if (ObjCCategoryImplDecl* CatImplClass 1890 = dyn_cast<ObjCCategoryImplDecl>(Impl)) 1891 ClassOfMethodDecl = CatImplClass->getClassInterface(); 1892 } 1893 } 1894 1895 // If we're not in an interface, this ivar is inaccessible. 1896 if (!ClassOfMethodDecl) 1897 return false; 1898 1899 // If we're inside the same interface that owns the ivar, we're fine. 1900 if (declaresSameEntity(ClassOfMethodDecl, Ivar->getContainingInterface())) 1901 return true; 1902 1903 // If the ivar is private, it's inaccessible. 1904 if (Ivar->getCanonicalAccessControl() == ObjCIvarDecl::Private) 1905 return false; 1906 1907 return Ivar->getContainingInterface()->isSuperClassOf(ClassOfMethodDecl); 1908 } 1909 1910 return true; 1911 } 1912