1 //=- DirectIvarAssignment.cpp - Check rules on ObjC properties -*- C++ ----*-==//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // Check that Objective C properties are set with the setter, not though a
11 // direct assignment.
12 //
13 // Two versions of a checker exist: one that checks all methods and the other
14 // that only checks the methods annotated with
15 // __attribute__((annotate("objc_no_direct_instance_variable_assignment")))
16 //
17 // The checker does not warn about assignments to Ivars, annotated with
18 // __attribute__((objc_allow_direct_instance_variable_assignment"))). This
19 // annotation serves as a false positive suppression mechanism for the
20 // checker. The annotation is allowed on properties and Ivars.
21 //
22 //===----------------------------------------------------------------------===//
23
24 #include "ClangSACheckers.h"
25 #include "clang/AST/Attr.h"
26 #include "clang/AST/DeclObjC.h"
27 #include "clang/AST/StmtVisitor.h"
28 #include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
29 #include "clang/StaticAnalyzer/Core/Checker.h"
30 #include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
31 #include "llvm/ADT/DenseMap.h"
32
33 using namespace clang;
34 using namespace ento;
35
36 namespace {
37
38 /// The default method filter, which is used to filter out the methods on which
39 /// the check should not be performed.
40 ///
41 /// Checks for the init, dealloc, and any other functions that might be allowed
42 /// to perform direct instance variable assignment based on their name.
43 struct MethodFilter {
~MethodFilter__anon8593c0000111::MethodFilter44 virtual ~MethodFilter() {}
operator ()__anon8593c0000111::MethodFilter45 virtual bool operator()(ObjCMethodDecl *M) {
46 if (M->getMethodFamily() == OMF_init ||
47 M->getMethodFamily() == OMF_dealloc ||
48 M->getMethodFamily() == OMF_copy ||
49 M->getMethodFamily() == OMF_mutableCopy ||
50 M->getSelector().getNameForSlot(0).find("init") != StringRef::npos ||
51 M->getSelector().getNameForSlot(0).find("Init") != StringRef::npos)
52 return true;
53 return false;
54 }
55 };
56
57 static MethodFilter DefaultMethodFilter;
58
59 class DirectIvarAssignment :
60 public Checker<check::ASTDecl<ObjCImplementationDecl> > {
61
62 typedef llvm::DenseMap<const ObjCIvarDecl*,
63 const ObjCPropertyDecl*> IvarToPropertyMapTy;
64
65 /// A helper class, which walks the AST and locates all assignments to ivars
66 /// in the given function.
67 class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
68 const IvarToPropertyMapTy &IvarToPropMap;
69 const ObjCMethodDecl *MD;
70 const ObjCInterfaceDecl *InterfD;
71 BugReporter &BR;
72 LocationOrAnalysisDeclContext DCtx;
73
74 public:
MethodCrawler(const IvarToPropertyMapTy & InMap,const ObjCMethodDecl * InMD,const ObjCInterfaceDecl * InID,BugReporter & InBR,AnalysisDeclContext * InDCtx)75 MethodCrawler(const IvarToPropertyMapTy &InMap, const ObjCMethodDecl *InMD,
76 const ObjCInterfaceDecl *InID,
77 BugReporter &InBR, AnalysisDeclContext *InDCtx)
78 : IvarToPropMap(InMap), MD(InMD), InterfD(InID), BR(InBR), DCtx(InDCtx) {}
79
VisitStmt(const Stmt * S)80 void VisitStmt(const Stmt *S) { VisitChildren(S); }
81
82 void VisitBinaryOperator(const BinaryOperator *BO);
83
VisitChildren(const Stmt * S)84 void VisitChildren(const Stmt *S) {
85 for (Stmt::const_child_range I = S->children(); I; ++I)
86 if (*I)
87 this->Visit(*I);
88 }
89 };
90
91 public:
92 MethodFilter *ShouldSkipMethod;
93
DirectIvarAssignment()94 DirectIvarAssignment() : ShouldSkipMethod(&DefaultMethodFilter) {}
95
96 void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
97 BugReporter &BR) const;
98 };
99
findPropertyBackingIvar(const ObjCPropertyDecl * PD,const ObjCInterfaceDecl * InterD,ASTContext & Ctx)100 static const ObjCIvarDecl *findPropertyBackingIvar(const ObjCPropertyDecl *PD,
101 const ObjCInterfaceDecl *InterD,
102 ASTContext &Ctx) {
103 // Check for synthesized ivars.
104 ObjCIvarDecl *ID = PD->getPropertyIvarDecl();
105 if (ID)
106 return ID;
107
108 ObjCInterfaceDecl *NonConstInterD = const_cast<ObjCInterfaceDecl*>(InterD);
109
110 // Check for existing "_PropName".
111 ID = NonConstInterD->lookupInstanceVariable(PD->getDefaultSynthIvarName(Ctx));
112 if (ID)
113 return ID;
114
115 // Check for existing "PropName".
116 IdentifierInfo *PropIdent = PD->getIdentifier();
117 ID = NonConstInterD->lookupInstanceVariable(PropIdent);
118
119 return ID;
120 }
121
checkASTDecl(const ObjCImplementationDecl * D,AnalysisManager & Mgr,BugReporter & BR) const122 void DirectIvarAssignment::checkASTDecl(const ObjCImplementationDecl *D,
123 AnalysisManager& Mgr,
124 BugReporter &BR) const {
125 const ObjCInterfaceDecl *InterD = D->getClassInterface();
126
127
128 IvarToPropertyMapTy IvarToPropMap;
129
130 // Find all properties for this class.
131 for (ObjCInterfaceDecl::prop_iterator I = InterD->prop_begin(),
132 E = InterD->prop_end(); I != E; ++I) {
133 ObjCPropertyDecl *PD = *I;
134
135 // Find the corresponding IVar.
136 const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterD,
137 Mgr.getASTContext());
138
139 if (!ID)
140 continue;
141
142 // Store the IVar to property mapping.
143 IvarToPropMap[ID] = PD;
144 }
145
146 if (IvarToPropMap.empty())
147 return;
148
149 for (ObjCImplementationDecl::instmeth_iterator I = D->instmeth_begin(),
150 E = D->instmeth_end(); I != E; ++I) {
151
152 ObjCMethodDecl *M = *I;
153 AnalysisDeclContext *DCtx = Mgr.getAnalysisDeclContext(M);
154
155 if ((*ShouldSkipMethod)(M))
156 continue;
157
158 const Stmt *Body = M->getBody();
159 assert(Body);
160
161 MethodCrawler MC(IvarToPropMap, M->getCanonicalDecl(), InterD, BR, DCtx);
162 MC.VisitStmt(Body);
163 }
164 }
165
isAnnotatedToAllowDirectAssignment(const Decl * D)166 static bool isAnnotatedToAllowDirectAssignment(const Decl *D) {
167 for (specific_attr_iterator<AnnotateAttr>
168 AI = D->specific_attr_begin<AnnotateAttr>(),
169 AE = D->specific_attr_end<AnnotateAttr>(); AI != AE; ++AI) {
170 const AnnotateAttr *Ann = *AI;
171 if (Ann->getAnnotation() ==
172 "objc_allow_direct_instance_variable_assignment")
173 return true;
174 }
175 return false;
176 }
177
VisitBinaryOperator(const BinaryOperator * BO)178 void DirectIvarAssignment::MethodCrawler::VisitBinaryOperator(
179 const BinaryOperator *BO) {
180 if (!BO->isAssignmentOp())
181 return;
182
183 const ObjCIvarRefExpr *IvarRef =
184 dyn_cast<ObjCIvarRefExpr>(BO->getLHS()->IgnoreParenCasts());
185
186 if (!IvarRef)
187 return;
188
189 if (const ObjCIvarDecl *D = IvarRef->getDecl()) {
190 IvarToPropertyMapTy::const_iterator I = IvarToPropMap.find(D);
191
192 if (I != IvarToPropMap.end()) {
193 const ObjCPropertyDecl *PD = I->second;
194 // Skip warnings on Ivars, annotated with
195 // objc_allow_direct_instance_variable_assignment. This annotation serves
196 // as a false positive suppression mechanism for the checker. The
197 // annotation is allowed on properties and ivars.
198 if (isAnnotatedToAllowDirectAssignment(PD) ||
199 isAnnotatedToAllowDirectAssignment(D))
200 return;
201
202 ObjCMethodDecl *GetterMethod =
203 InterfD->getInstanceMethod(PD->getGetterName());
204 ObjCMethodDecl *SetterMethod =
205 InterfD->getInstanceMethod(PD->getSetterName());
206
207 if (SetterMethod && SetterMethod->getCanonicalDecl() == MD)
208 return;
209
210 if (GetterMethod && GetterMethod->getCanonicalDecl() == MD)
211 return;
212
213 BR.EmitBasicReport(MD,
214 "Property access",
215 categories::CoreFoundationObjectiveC,
216 "Direct assignment to an instance variable backing a property; "
217 "use the setter instead", PathDiagnosticLocation(IvarRef,
218 BR.getSourceManager(),
219 DCtx));
220 }
221 }
222 }
223 }
224
225 // Register the checker that checks for direct accesses in all functions,
226 // except for the initialization and copy routines.
registerDirectIvarAssignment(CheckerManager & mgr)227 void ento::registerDirectIvarAssignment(CheckerManager &mgr) {
228 mgr.registerChecker<DirectIvarAssignment>();
229 }
230
231 // Register the checker that checks for direct accesses in functions annotated
232 // with __attribute__((annotate("objc_no_direct_instance_variable_assignment"))).
233 namespace {
234 struct InvalidatorMethodFilter : MethodFilter {
~InvalidatorMethodFilter__anon8593c0000211::InvalidatorMethodFilter235 virtual ~InvalidatorMethodFilter() {}
operator ()__anon8593c0000211::InvalidatorMethodFilter236 virtual bool operator()(ObjCMethodDecl *M) {
237 for (specific_attr_iterator<AnnotateAttr>
238 AI = M->specific_attr_begin<AnnotateAttr>(),
239 AE = M->specific_attr_end<AnnotateAttr>(); AI != AE; ++AI) {
240 const AnnotateAttr *Ann = *AI;
241 if (Ann->getAnnotation() == "objc_no_direct_instance_variable_assignment")
242 return false;
243 }
244 return true;
245 }
246 };
247
248 InvalidatorMethodFilter AttrFilter;
249 }
250
registerDirectIvarAssignmentForAnnotatedFunctions(CheckerManager & mgr)251 void ento::registerDirectIvarAssignmentForAnnotatedFunctions(
252 CheckerManager &mgr) {
253 mgr.registerChecker<DirectIvarAssignment>()->ShouldSkipMethod = &AttrFilter;
254 }
255