1 //=- IvarInvalidationChecker.cpp - -*- C++ -------------------------------*-==//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This checker implements annotation driven invalidation checking. If a class
11 // contains a method annotated with 'objc_instance_variable_invalidator',
12 // - (void) foo
13 // __attribute__((annotate("objc_instance_variable_invalidator")));
14 // all the "ivalidatable" instance variables of this class should be
15 // invalidated. We call an instance variable ivalidatable if it is an object of
16 // a class which contains an invalidation method. There could be multiple
17 // methods annotated with such annotations per class, either one can be used
18 // to invalidate the ivar. An ivar or property are considered to be
19 // invalidated if they are being assigned 'nil' or an invalidation method has
20 // been called on them. An invalidation method should either invalidate all
21 // the ivars or call another invalidation method (on self).
22 //
23 // Partial invalidor annotation allows to addess cases when ivars are
24 // invalidated by other methods, which might or might not be called from
25 // the invalidation method. The checker checks that each invalidation
26 // method and all the partial methods cumulatively invalidate all ivars.
27 // __attribute__((annotate("objc_instance_variable_invalidator_partial")));
28 //
29 //===----------------------------------------------------------------------===//
30
31 #include "ClangSACheckers.h"
32 #include "clang/AST/Attr.h"
33 #include "clang/AST/DeclObjC.h"
34 #include "clang/AST/StmtVisitor.h"
35 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
36 #include "clang/StaticAnalyzer/Core/Checker.h"
37 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
38 #include "llvm/ADT/DenseMap.h"
39 #include "llvm/ADT/SetVector.h"
40 #include "llvm/ADT/SmallString.h"
41
42 using namespace clang;
43 using namespace ento;
44
45 namespace {
46
47 struct ChecksFilter {
48 /// Check for missing invalidation method declarations.
49 DefaultBool check_MissingInvalidationMethod;
50 /// Check that all ivars are invalidated.
51 DefaultBool check_InstanceVariableInvalidation;
52 };
53
54 class IvarInvalidationCheckerImpl {
55
56 typedef llvm::SmallSetVector<const ObjCMethodDecl*, 2> MethodSet;
57 typedef llvm::DenseMap<const ObjCMethodDecl*,
58 const ObjCIvarDecl*> MethToIvarMapTy;
59 typedef llvm::DenseMap<const ObjCPropertyDecl*,
60 const ObjCIvarDecl*> PropToIvarMapTy;
61 typedef llvm::DenseMap<const ObjCIvarDecl*,
62 const ObjCPropertyDecl*> IvarToPropMapTy;
63
64
65 struct InvalidationInfo {
66 /// Has the ivar been invalidated?
67 bool IsInvalidated;
68
69 /// The methods which can be used to invalidate the ivar.
70 MethodSet InvalidationMethods;
71
InvalidationInfo__anon0e4eb0630111::IvarInvalidationCheckerImpl::InvalidationInfo72 InvalidationInfo() : IsInvalidated(false) {}
addInvalidationMethod__anon0e4eb0630111::IvarInvalidationCheckerImpl::InvalidationInfo73 void addInvalidationMethod(const ObjCMethodDecl *MD) {
74 InvalidationMethods.insert(MD);
75 }
76
needsInvalidation__anon0e4eb0630111::IvarInvalidationCheckerImpl::InvalidationInfo77 bool needsInvalidation() const {
78 return !InvalidationMethods.empty();
79 }
80
hasMethod__anon0e4eb0630111::IvarInvalidationCheckerImpl::InvalidationInfo81 bool hasMethod(const ObjCMethodDecl *MD) {
82 if (IsInvalidated)
83 return true;
84 for (MethodSet::iterator I = InvalidationMethods.begin(),
85 E = InvalidationMethods.end(); I != E; ++I) {
86 if (*I == MD) {
87 IsInvalidated = true;
88 return true;
89 }
90 }
91 return false;
92 }
93 };
94
95 typedef llvm::DenseMap<const ObjCIvarDecl*, InvalidationInfo> IvarSet;
96
97 /// Statement visitor, which walks the method body and flags the ivars
98 /// referenced in it (either directly or via property).
99 class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
100 /// The set of Ivars which need to be invalidated.
101 IvarSet &IVars;
102
103 /// Flag is set as the result of a message send to another
104 /// invalidation method.
105 bool &CalledAnotherInvalidationMethod;
106
107 /// Property setter to ivar mapping.
108 const MethToIvarMapTy &PropertySetterToIvarMap;
109
110 /// Property getter to ivar mapping.
111 const MethToIvarMapTy &PropertyGetterToIvarMap;
112
113 /// Property to ivar mapping.
114 const PropToIvarMapTy &PropertyToIvarMap;
115
116 /// The invalidation method being currently processed.
117 const ObjCMethodDecl *InvalidationMethod;
118
119 ASTContext &Ctx;
120
121 /// Peel off parens, casts, OpaqueValueExpr, and PseudoObjectExpr.
122 const Expr *peel(const Expr *E) const;
123
124 /// Does this expression represent zero: '0'?
125 bool isZero(const Expr *E) const;
126
127 /// Mark the given ivar as invalidated.
128 void markInvalidated(const ObjCIvarDecl *Iv);
129
130 /// Checks if IvarRef refers to the tracked IVar, if yes, marks it as
131 /// invalidated.
132 void checkObjCIvarRefExpr(const ObjCIvarRefExpr *IvarRef);
133
134 /// Checks if ObjCPropertyRefExpr refers to the tracked IVar, if yes, marks
135 /// it as invalidated.
136 void checkObjCPropertyRefExpr(const ObjCPropertyRefExpr *PA);
137
138 /// Checks if ObjCMessageExpr refers to (is a getter for) the tracked IVar,
139 /// if yes, marks it as invalidated.
140 void checkObjCMessageExpr(const ObjCMessageExpr *ME);
141
142 /// Checks if the Expr refers to an ivar, if yes, marks it as invalidated.
143 void check(const Expr *E);
144
145 public:
MethodCrawler(IvarSet & InIVars,bool & InCalledAnotherInvalidationMethod,const MethToIvarMapTy & InPropertySetterToIvarMap,const MethToIvarMapTy & InPropertyGetterToIvarMap,const PropToIvarMapTy & InPropertyToIvarMap,ASTContext & InCtx)146 MethodCrawler(IvarSet &InIVars,
147 bool &InCalledAnotherInvalidationMethod,
148 const MethToIvarMapTy &InPropertySetterToIvarMap,
149 const MethToIvarMapTy &InPropertyGetterToIvarMap,
150 const PropToIvarMapTy &InPropertyToIvarMap,
151 ASTContext &InCtx)
152 : IVars(InIVars),
153 CalledAnotherInvalidationMethod(InCalledAnotherInvalidationMethod),
154 PropertySetterToIvarMap(InPropertySetterToIvarMap),
155 PropertyGetterToIvarMap(InPropertyGetterToIvarMap),
156 PropertyToIvarMap(InPropertyToIvarMap),
157 InvalidationMethod(0),
158 Ctx(InCtx) {}
159
VisitStmt(const Stmt * S)160 void VisitStmt(const Stmt *S) { VisitChildren(S); }
161
162 void VisitBinaryOperator(const BinaryOperator *BO);
163
164 void VisitObjCMessageExpr(const ObjCMessageExpr *ME);
165
VisitChildren(const Stmt * S)166 void VisitChildren(const Stmt *S) {
167 for (Stmt::const_child_range I = S->children(); I; ++I) {
168 if (*I)
169 this->Visit(*I);
170 if (CalledAnotherInvalidationMethod)
171 return;
172 }
173 }
174 };
175
176 /// Check if the any of the methods inside the interface are annotated with
177 /// the invalidation annotation, update the IvarInfo accordingly.
178 /// \param LookForPartial is set when we are searching for partial
179 /// invalidators.
180 static void containsInvalidationMethod(const ObjCContainerDecl *D,
181 InvalidationInfo &Out,
182 bool LookForPartial);
183
184 /// Check if ivar should be tracked and add to TrackedIvars if positive.
185 /// Returns true if ivar should be tracked.
186 static bool trackIvar(const ObjCIvarDecl *Iv, IvarSet &TrackedIvars,
187 const ObjCIvarDecl **FirstIvarDecl);
188
189 /// Given the property declaration, and the list of tracked ivars, finds
190 /// the ivar backing the property when possible. Returns '0' when no such
191 /// ivar could be found.
192 static const ObjCIvarDecl *findPropertyBackingIvar(
193 const ObjCPropertyDecl *Prop,
194 const ObjCInterfaceDecl *InterfaceD,
195 IvarSet &TrackedIvars,
196 const ObjCIvarDecl **FirstIvarDecl);
197
198 /// Print ivar name or the property if the given ivar backs a property.
199 static void printIvar(llvm::raw_svector_ostream &os,
200 const ObjCIvarDecl *IvarDecl,
201 const IvarToPropMapTy &IvarToPopertyMap);
202
203 void reportNoInvalidationMethod(const ObjCIvarDecl *FirstIvarDecl,
204 const IvarToPropMapTy &IvarToPopertyMap,
205 const ObjCInterfaceDecl *InterfaceD,
206 bool MissingDeclaration) const;
207 void reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
208 const IvarToPropMapTy &IvarToPopertyMap,
209 const ObjCMethodDecl *MethodD) const;
210
211 AnalysisManager& Mgr;
212 BugReporter &BR;
213 /// Filter on the checks performed.
214 const ChecksFilter &Filter;
215
216 public:
IvarInvalidationCheckerImpl(AnalysisManager & InMgr,BugReporter & InBR,const ChecksFilter & InFilter)217 IvarInvalidationCheckerImpl(AnalysisManager& InMgr,
218 BugReporter &InBR,
219 const ChecksFilter &InFilter) :
220 Mgr (InMgr), BR(InBR), Filter(InFilter) {}
221
222 void visit(const ObjCImplementationDecl *D) const;
223 };
224
isInvalidationMethod(const ObjCMethodDecl * M,bool LookForPartial)225 static bool isInvalidationMethod(const ObjCMethodDecl *M, bool LookForPartial) {
226 for (specific_attr_iterator<AnnotateAttr>
227 AI = M->specific_attr_begin<AnnotateAttr>(),
228 AE = M->specific_attr_end<AnnotateAttr>(); AI != AE; ++AI) {
229 const AnnotateAttr *Ann = *AI;
230 if (!LookForPartial &&
231 Ann->getAnnotation() == "objc_instance_variable_invalidator")
232 return true;
233 if (LookForPartial &&
234 Ann->getAnnotation() == "objc_instance_variable_invalidator_partial")
235 return true;
236 }
237 return false;
238 }
239
containsInvalidationMethod(const ObjCContainerDecl * D,InvalidationInfo & OutInfo,bool Partial)240 void IvarInvalidationCheckerImpl::containsInvalidationMethod(
241 const ObjCContainerDecl *D, InvalidationInfo &OutInfo, bool Partial) {
242
243 if (!D)
244 return;
245
246 assert(!isa<ObjCImplementationDecl>(D));
247 // TODO: Cache the results.
248
249 // Check all methods.
250 for (ObjCContainerDecl::method_iterator
251 I = D->meth_begin(),
252 E = D->meth_end(); I != E; ++I) {
253 const ObjCMethodDecl *MDI = *I;
254 if (isInvalidationMethod(MDI, Partial))
255 OutInfo.addInvalidationMethod(
256 cast<ObjCMethodDecl>(MDI->getCanonicalDecl()));
257 }
258
259 // If interface, check all parent protocols and super.
260 if (const ObjCInterfaceDecl *InterfD = dyn_cast<ObjCInterfaceDecl>(D)) {
261
262 // Visit all protocols.
263 for (ObjCInterfaceDecl::protocol_iterator
264 I = InterfD->protocol_begin(),
265 E = InterfD->protocol_end(); I != E; ++I) {
266 containsInvalidationMethod((*I)->getDefinition(), OutInfo, Partial);
267 }
268
269 // Visit all categories in case the invalidation method is declared in
270 // a category.
271 for (ObjCInterfaceDecl::visible_extensions_iterator
272 Ext = InterfD->visible_extensions_begin(),
273 ExtEnd = InterfD->visible_extensions_end();
274 Ext != ExtEnd; ++Ext) {
275 containsInvalidationMethod(*Ext, OutInfo, Partial);
276 }
277
278 containsInvalidationMethod(InterfD->getSuperClass(), OutInfo, Partial);
279 return;
280 }
281
282 // If protocol, check all parent protocols.
283 if (const ObjCProtocolDecl *ProtD = dyn_cast<ObjCProtocolDecl>(D)) {
284 for (ObjCInterfaceDecl::protocol_iterator
285 I = ProtD->protocol_begin(),
286 E = ProtD->protocol_end(); I != E; ++I) {
287 containsInvalidationMethod((*I)->getDefinition(), OutInfo, Partial);
288 }
289 return;
290 }
291
292 return;
293 }
294
trackIvar(const ObjCIvarDecl * Iv,IvarSet & TrackedIvars,const ObjCIvarDecl ** FirstIvarDecl)295 bool IvarInvalidationCheckerImpl::trackIvar(const ObjCIvarDecl *Iv,
296 IvarSet &TrackedIvars,
297 const ObjCIvarDecl **FirstIvarDecl) {
298 QualType IvQTy = Iv->getType();
299 const ObjCObjectPointerType *IvTy = IvQTy->getAs<ObjCObjectPointerType>();
300 if (!IvTy)
301 return false;
302 const ObjCInterfaceDecl *IvInterf = IvTy->getInterfaceDecl();
303
304 InvalidationInfo Info;
305 containsInvalidationMethod(IvInterf, Info, /*LookForPartial*/ false);
306 if (Info.needsInvalidation()) {
307 const ObjCIvarDecl *I = cast<ObjCIvarDecl>(Iv->getCanonicalDecl());
308 TrackedIvars[I] = Info;
309 if (!*FirstIvarDecl)
310 *FirstIvarDecl = I;
311 return true;
312 }
313 return false;
314 }
315
findPropertyBackingIvar(const ObjCPropertyDecl * Prop,const ObjCInterfaceDecl * InterfaceD,IvarSet & TrackedIvars,const ObjCIvarDecl ** FirstIvarDecl)316 const ObjCIvarDecl *IvarInvalidationCheckerImpl::findPropertyBackingIvar(
317 const ObjCPropertyDecl *Prop,
318 const ObjCInterfaceDecl *InterfaceD,
319 IvarSet &TrackedIvars,
320 const ObjCIvarDecl **FirstIvarDecl) {
321 const ObjCIvarDecl *IvarD = 0;
322
323 // Lookup for the synthesized case.
324 IvarD = Prop->getPropertyIvarDecl();
325 // We only track the ivars/properties that are defined in the current
326 // class (not the parent).
327 if (IvarD && IvarD->getContainingInterface() == InterfaceD) {
328 if (TrackedIvars.count(IvarD)) {
329 return IvarD;
330 }
331 // If the ivar is synthesized we still want to track it.
332 if (trackIvar(IvarD, TrackedIvars, FirstIvarDecl))
333 return IvarD;
334 }
335
336 // Lookup IVars named "_PropName"or "PropName" among the tracked Ivars.
337 StringRef PropName = Prop->getIdentifier()->getName();
338 for (IvarSet::const_iterator I = TrackedIvars.begin(),
339 E = TrackedIvars.end(); I != E; ++I) {
340 const ObjCIvarDecl *Iv = I->first;
341 StringRef IvarName = Iv->getName();
342
343 if (IvarName == PropName)
344 return Iv;
345
346 SmallString<128> PropNameWithUnderscore;
347 {
348 llvm::raw_svector_ostream os(PropNameWithUnderscore);
349 os << '_' << PropName;
350 }
351 if (IvarName == PropNameWithUnderscore.str())
352 return Iv;
353 }
354
355 // Note, this is a possible source of false positives. We could look at the
356 // getter implementation to find the ivar when its name is not derived from
357 // the property name.
358 return 0;
359 }
360
printIvar(llvm::raw_svector_ostream & os,const ObjCIvarDecl * IvarDecl,const IvarToPropMapTy & IvarToPopertyMap)361 void IvarInvalidationCheckerImpl::printIvar(llvm::raw_svector_ostream &os,
362 const ObjCIvarDecl *IvarDecl,
363 const IvarToPropMapTy &IvarToPopertyMap) {
364 if (IvarDecl->getSynthesize()) {
365 const ObjCPropertyDecl *PD = IvarToPopertyMap.lookup(IvarDecl);
366 assert(PD &&"Do we synthesize ivars for something other than properties?");
367 os << "Property "<< PD->getName() << " ";
368 } else {
369 os << "Instance variable "<< IvarDecl->getName() << " ";
370 }
371 }
372
373 // Check that the invalidatable interfaces with ivars/properties implement the
374 // invalidation methods.
375 void IvarInvalidationCheckerImpl::
visit(const ObjCImplementationDecl * ImplD) const376 visit(const ObjCImplementationDecl *ImplD) const {
377 // Collect all ivars that need cleanup.
378 IvarSet Ivars;
379 // Record the first Ivar needing invalidation; used in reporting when only
380 // one ivar is sufficient. Cannot grab the first on the Ivars set to ensure
381 // deterministic output.
382 const ObjCIvarDecl *FirstIvarDecl = 0;
383 const ObjCInterfaceDecl *InterfaceD = ImplD->getClassInterface();
384
385 // Collect ivars declared in this class, its extensions and its implementation
386 ObjCInterfaceDecl *IDecl = const_cast<ObjCInterfaceDecl *>(InterfaceD);
387 for (const ObjCIvarDecl *Iv = IDecl->all_declared_ivar_begin(); Iv;
388 Iv= Iv->getNextIvar())
389 trackIvar(Iv, Ivars, &FirstIvarDecl);
390
391 // Construct Property/Property Accessor to Ivar maps to assist checking if an
392 // ivar which is backing a property has been reset.
393 MethToIvarMapTy PropSetterToIvarMap;
394 MethToIvarMapTy PropGetterToIvarMap;
395 PropToIvarMapTy PropertyToIvarMap;
396 IvarToPropMapTy IvarToPopertyMap;
397
398 ObjCInterfaceDecl::PropertyMap PropMap;
399 ObjCInterfaceDecl::PropertyDeclOrder PropOrder;
400 InterfaceD->collectPropertiesToImplement(PropMap, PropOrder);
401
402 for (ObjCInterfaceDecl::PropertyMap::iterator
403 I = PropMap.begin(), E = PropMap.end(); I != E; ++I) {
404 const ObjCPropertyDecl *PD = I->second;
405
406 const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterfaceD, Ivars,
407 &FirstIvarDecl);
408 if (!ID)
409 continue;
410
411 // Store the mappings.
412 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
413 PropertyToIvarMap[PD] = ID;
414 IvarToPopertyMap[ID] = PD;
415
416 // Find the setter and the getter.
417 const ObjCMethodDecl *SetterD = PD->getSetterMethodDecl();
418 if (SetterD) {
419 SetterD = cast<ObjCMethodDecl>(SetterD->getCanonicalDecl());
420 PropSetterToIvarMap[SetterD] = ID;
421 }
422
423 const ObjCMethodDecl *GetterD = PD->getGetterMethodDecl();
424 if (GetterD) {
425 GetterD = cast<ObjCMethodDecl>(GetterD->getCanonicalDecl());
426 PropGetterToIvarMap[GetterD] = ID;
427 }
428 }
429
430 // If no ivars need invalidation, there is nothing to check here.
431 if (Ivars.empty())
432 return;
433
434 // Find all partial invalidation methods.
435 InvalidationInfo PartialInfo;
436 containsInvalidationMethod(InterfaceD, PartialInfo, /*LookForPartial*/ true);
437
438 // Remove ivars invalidated by the partial invalidation methods. They do not
439 // need to be invalidated in the regular invalidation methods.
440 bool AtImplementationContainsAtLeastOnePartialInvalidationMethod = false;
441 for (MethodSet::iterator
442 I = PartialInfo.InvalidationMethods.begin(),
443 E = PartialInfo.InvalidationMethods.end(); I != E; ++I) {
444 const ObjCMethodDecl *InterfD = *I;
445
446 // Get the corresponding method in the @implementation.
447 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
448 InterfD->isInstanceMethod());
449 if (D && D->hasBody()) {
450 AtImplementationContainsAtLeastOnePartialInvalidationMethod = true;
451
452 bool CalledAnotherInvalidationMethod = false;
453 // The MethodCrowler is going to remove the invalidated ivars.
454 MethodCrawler(Ivars,
455 CalledAnotherInvalidationMethod,
456 PropSetterToIvarMap,
457 PropGetterToIvarMap,
458 PropertyToIvarMap,
459 BR.getContext()).VisitStmt(D->getBody());
460 // If another invalidation method was called, trust that full invalidation
461 // has occurred.
462 if (CalledAnotherInvalidationMethod)
463 Ivars.clear();
464 }
465 }
466
467 // If all ivars have been invalidated by partial invalidators, there is
468 // nothing to check here.
469 if (Ivars.empty())
470 return;
471
472 // Find all invalidation methods in this @interface declaration and parents.
473 InvalidationInfo Info;
474 containsInvalidationMethod(InterfaceD, Info, /*LookForPartial*/ false);
475
476 // Report an error in case none of the invalidation methods are declared.
477 if (!Info.needsInvalidation() && !PartialInfo.needsInvalidation()) {
478 if (Filter.check_MissingInvalidationMethod)
479 reportNoInvalidationMethod(FirstIvarDecl, IvarToPopertyMap, InterfaceD,
480 /*MissingDeclaration*/ true);
481 // If there are no invalidation methods, there is no ivar validation work
482 // to be done.
483 return;
484 }
485
486 // Only check if Ivars are invalidated when InstanceVariableInvalidation
487 // has been requested.
488 if (!Filter.check_InstanceVariableInvalidation)
489 return;
490
491 // Check that all ivars are invalidated by the invalidation methods.
492 bool AtImplementationContainsAtLeastOneInvalidationMethod = false;
493 for (MethodSet::iterator I = Info.InvalidationMethods.begin(),
494 E = Info.InvalidationMethods.end(); I != E; ++I) {
495 const ObjCMethodDecl *InterfD = *I;
496
497 // Get the corresponding method in the @implementation.
498 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
499 InterfD->isInstanceMethod());
500 if (D && D->hasBody()) {
501 AtImplementationContainsAtLeastOneInvalidationMethod = true;
502
503 // Get a copy of ivars needing invalidation.
504 IvarSet IvarsI = Ivars;
505
506 bool CalledAnotherInvalidationMethod = false;
507 MethodCrawler(IvarsI,
508 CalledAnotherInvalidationMethod,
509 PropSetterToIvarMap,
510 PropGetterToIvarMap,
511 PropertyToIvarMap,
512 BR.getContext()).VisitStmt(D->getBody());
513 // If another invalidation method was called, trust that full invalidation
514 // has occurred.
515 if (CalledAnotherInvalidationMethod)
516 continue;
517
518 // Warn on the ivars that were not invalidated by the method.
519 for (IvarSet::const_iterator
520 I = IvarsI.begin(), E = IvarsI.end(); I != E; ++I)
521 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, D);
522 }
523 }
524
525 // Report an error in case none of the invalidation methods are implemented.
526 if (!AtImplementationContainsAtLeastOneInvalidationMethod) {
527 if (AtImplementationContainsAtLeastOnePartialInvalidationMethod) {
528 // Warn on the ivars that were not invalidated by the prrtial
529 // invalidation methods.
530 for (IvarSet::const_iterator
531 I = Ivars.begin(), E = Ivars.end(); I != E; ++I)
532 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, 0);
533 } else {
534 // Otherwise, no invalidation methods were implemented.
535 reportNoInvalidationMethod(FirstIvarDecl, IvarToPopertyMap, InterfaceD,
536 /*MissingDeclaration*/ false);
537 }
538 }
539 }
540
541 void IvarInvalidationCheckerImpl::
reportNoInvalidationMethod(const ObjCIvarDecl * FirstIvarDecl,const IvarToPropMapTy & IvarToPopertyMap,const ObjCInterfaceDecl * InterfaceD,bool MissingDeclaration) const542 reportNoInvalidationMethod(const ObjCIvarDecl *FirstIvarDecl,
543 const IvarToPropMapTy &IvarToPopertyMap,
544 const ObjCInterfaceDecl *InterfaceD,
545 bool MissingDeclaration) const {
546 SmallString<128> sbuf;
547 llvm::raw_svector_ostream os(sbuf);
548 assert(FirstIvarDecl);
549 printIvar(os, FirstIvarDecl, IvarToPopertyMap);
550 os << "needs to be invalidated; ";
551 if (MissingDeclaration)
552 os << "no invalidation method is declared for ";
553 else
554 os << "no invalidation method is defined in the @implementation for ";
555 os << InterfaceD->getName();
556
557 PathDiagnosticLocation IvarDecLocation =
558 PathDiagnosticLocation::createBegin(FirstIvarDecl, BR.getSourceManager());
559
560 BR.EmitBasicReport(FirstIvarDecl, "Incomplete invalidation",
561 categories::CoreFoundationObjectiveC, os.str(),
562 IvarDecLocation);
563 }
564
565 void IvarInvalidationCheckerImpl::
reportIvarNeedsInvalidation(const ObjCIvarDecl * IvarD,const IvarToPropMapTy & IvarToPopertyMap,const ObjCMethodDecl * MethodD) const566 reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
567 const IvarToPropMapTy &IvarToPopertyMap,
568 const ObjCMethodDecl *MethodD) const {
569 SmallString<128> sbuf;
570 llvm::raw_svector_ostream os(sbuf);
571 printIvar(os, IvarD, IvarToPopertyMap);
572 os << "needs to be invalidated or set to nil";
573 if (MethodD) {
574 PathDiagnosticLocation MethodDecLocation =
575 PathDiagnosticLocation::createEnd(MethodD->getBody(),
576 BR.getSourceManager(),
577 Mgr.getAnalysisDeclContext(MethodD));
578 BR.EmitBasicReport(MethodD, "Incomplete invalidation",
579 categories::CoreFoundationObjectiveC, os.str(),
580 MethodDecLocation);
581 } else {
582 BR.EmitBasicReport(IvarD, "Incomplete invalidation",
583 categories::CoreFoundationObjectiveC, os.str(),
584 PathDiagnosticLocation::createBegin(IvarD,
585 BR.getSourceManager()));
586
587 }
588 }
589
markInvalidated(const ObjCIvarDecl * Iv)590 void IvarInvalidationCheckerImpl::MethodCrawler::markInvalidated(
591 const ObjCIvarDecl *Iv) {
592 IvarSet::iterator I = IVars.find(Iv);
593 if (I != IVars.end()) {
594 // If InvalidationMethod is present, we are processing the message send and
595 // should ensure we are invalidating with the appropriate method,
596 // otherwise, we are processing setting to 'nil'.
597 if (!InvalidationMethod ||
598 (InvalidationMethod && I->second.hasMethod(InvalidationMethod)))
599 IVars.erase(I);
600 }
601 }
602
peel(const Expr * E) const603 const Expr *IvarInvalidationCheckerImpl::MethodCrawler::peel(const Expr *E) const {
604 E = E->IgnoreParenCasts();
605 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E))
606 E = POE->getSyntacticForm()->IgnoreParenCasts();
607 if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E))
608 E = OVE->getSourceExpr()->IgnoreParenCasts();
609 return E;
610 }
611
checkObjCIvarRefExpr(const ObjCIvarRefExpr * IvarRef)612 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCIvarRefExpr(
613 const ObjCIvarRefExpr *IvarRef) {
614 if (const Decl *D = IvarRef->getDecl())
615 markInvalidated(cast<ObjCIvarDecl>(D->getCanonicalDecl()));
616 }
617
checkObjCMessageExpr(const ObjCMessageExpr * ME)618 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCMessageExpr(
619 const ObjCMessageExpr *ME) {
620 const ObjCMethodDecl *MD = ME->getMethodDecl();
621 if (MD) {
622 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
623 MethToIvarMapTy::const_iterator IvI = PropertyGetterToIvarMap.find(MD);
624 if (IvI != PropertyGetterToIvarMap.end())
625 markInvalidated(IvI->second);
626 }
627 }
628
checkObjCPropertyRefExpr(const ObjCPropertyRefExpr * PA)629 void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCPropertyRefExpr(
630 const ObjCPropertyRefExpr *PA) {
631
632 if (PA->isExplicitProperty()) {
633 const ObjCPropertyDecl *PD = PA->getExplicitProperty();
634 if (PD) {
635 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
636 PropToIvarMapTy::const_iterator IvI = PropertyToIvarMap.find(PD);
637 if (IvI != PropertyToIvarMap.end())
638 markInvalidated(IvI->second);
639 return;
640 }
641 }
642
643 if (PA->isImplicitProperty()) {
644 const ObjCMethodDecl *MD = PA->getImplicitPropertySetter();
645 if (MD) {
646 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
647 MethToIvarMapTy::const_iterator IvI =PropertyGetterToIvarMap.find(MD);
648 if (IvI != PropertyGetterToIvarMap.end())
649 markInvalidated(IvI->second);
650 return;
651 }
652 }
653 }
654
isZero(const Expr * E) const655 bool IvarInvalidationCheckerImpl::MethodCrawler::isZero(const Expr *E) const {
656 E = peel(E);
657
658 return (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull)
659 != Expr::NPCK_NotNull);
660 }
661
check(const Expr * E)662 void IvarInvalidationCheckerImpl::MethodCrawler::check(const Expr *E) {
663 E = peel(E);
664
665 if (const ObjCIvarRefExpr *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {
666 checkObjCIvarRefExpr(IvarRef);
667 return;
668 }
669
670 if (const ObjCPropertyRefExpr *PropRef = dyn_cast<ObjCPropertyRefExpr>(E)) {
671 checkObjCPropertyRefExpr(PropRef);
672 return;
673 }
674
675 if (const ObjCMessageExpr *MsgExpr = dyn_cast<ObjCMessageExpr>(E)) {
676 checkObjCMessageExpr(MsgExpr);
677 return;
678 }
679 }
680
VisitBinaryOperator(const BinaryOperator * BO)681 void IvarInvalidationCheckerImpl::MethodCrawler::VisitBinaryOperator(
682 const BinaryOperator *BO) {
683 VisitStmt(BO);
684
685 // Do we assign/compare against zero? If yes, check the variable we are
686 // assigning to.
687 BinaryOperatorKind Opcode = BO->getOpcode();
688 if (Opcode != BO_Assign &&
689 Opcode != BO_EQ &&
690 Opcode != BO_NE)
691 return;
692
693 if (isZero(BO->getRHS())) {
694 check(BO->getLHS());
695 return;
696 }
697
698 if (Opcode != BO_Assign && isZero(BO->getLHS())) {
699 check(BO->getRHS());
700 return;
701 }
702 }
703
VisitObjCMessageExpr(const ObjCMessageExpr * ME)704 void IvarInvalidationCheckerImpl::MethodCrawler::VisitObjCMessageExpr(
705 const ObjCMessageExpr *ME) {
706 const ObjCMethodDecl *MD = ME->getMethodDecl();
707 const Expr *Receiver = ME->getInstanceReceiver();
708
709 // Stop if we are calling '[self invalidate]'.
710 if (Receiver && isInvalidationMethod(MD, /*LookForPartial*/ false))
711 if (Receiver->isObjCSelfExpr()) {
712 CalledAnotherInvalidationMethod = true;
713 return;
714 }
715
716 // Check if we call a setter and set the property to 'nil'.
717 if (MD && (ME->getNumArgs() == 1) && isZero(ME->getArg(0))) {
718 MD = cast<ObjCMethodDecl>(MD->getCanonicalDecl());
719 MethToIvarMapTy::const_iterator IvI = PropertySetterToIvarMap.find(MD);
720 if (IvI != PropertySetterToIvarMap.end()) {
721 markInvalidated(IvI->second);
722 return;
723 }
724 }
725
726 // Check if we call the 'invalidation' routine on the ivar.
727 if (Receiver) {
728 InvalidationMethod = MD;
729 check(Receiver->IgnoreParenCasts());
730 InvalidationMethod = 0;
731 }
732
733 VisitStmt(ME);
734 }
735 }
736
737 // Register the checkers.
738 namespace {
739
740 class IvarInvalidationChecker :
741 public Checker<check::ASTDecl<ObjCImplementationDecl> > {
742 public:
743 ChecksFilter Filter;
744 public:
checkASTDecl(const ObjCImplementationDecl * D,AnalysisManager & Mgr,BugReporter & BR) const745 void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
746 BugReporter &BR) const {
747 IvarInvalidationCheckerImpl Walker(Mgr, BR, Filter);
748 Walker.visit(D);
749 }
750 };
751 }
752
753 #define REGISTER_CHECKER(name) \
754 void ento::register##name(CheckerManager &mgr) {\
755 mgr.registerChecker<IvarInvalidationChecker>()->Filter.check_##name = true;\
756 }
757
758 REGISTER_CHECKER(InstanceVariableInvalidation)
759 REGISTER_CHECKER(MissingInvalidationMethod)
760
761