Bug Summary

File:build/source/clang/include/clang/Analysis/FlowSensitive/CFGMatchSwitch.h
Warning:line 71, column 12
Potential memory leak

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name UncheckedOptionalAccessModel.cpp -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=none -relaxed-aliasing -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/build/source/build-llvm/tools/clang/stage2-bins -resource-dir /usr/lib/llvm-17/lib/clang/17 -D CLANG_REPOSITORY_STRING="++20230510111145+7df43bdb42ae-1~exp1~20230510111303.1288" -D _DEBUG -D _GLIBCXX_ASSERTIONS -D _GNU_SOURCE -D _LIBCPP_ENABLE_ASSERTIONS -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I tools/clang/lib/Analysis/FlowSensitive/Models -I /build/source/clang/lib/Analysis/FlowSensitive/Models -I /build/source/clang/include -I tools/clang/include -I include -I /build/source/llvm/include -D _FORTIFY_SOURCE=2 -D NDEBUG -U NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/x86_64-linux-gnu/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/backward -internal-isystem /usr/lib/llvm-17/lib/clang/17/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -fmacro-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fmacro-prefix-map=/build/source/= -fcoverage-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fcoverage-prefix-map=/build/source/= -source-date-epoch 1683717183 -O2 -Wno-unused-command-line-argument -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wno-comment -Wno-misleading-indentation -std=c++17 -fdeprecated-macro -fdebug-compilation-dir=/build/source/build-llvm/tools/clang/stage2-bins -fdebug-prefix-map=/build/source/build-llvm/tools/clang/stage2-bins=build-llvm/tools/clang/stage2-bins -fdebug-prefix-map=/build/source/= -ferror-limit 19 -fvisibility-inlines-hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2023-05-10-133810-16478-1 -x c++ /build/source/clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

/build/source/clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp

1//===-- UncheckedOptionalAccessModel.cpp ------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines a dataflow analysis that detects unsafe uses of optional
10// values.
11//
12//===----------------------------------------------------------------------===//
13
14#include "clang/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.h"
15#include "clang/AST/ASTContext.h"
16#include "clang/AST/DeclCXX.h"
17#include "clang/AST/Expr.h"
18#include "clang/AST/ExprCXX.h"
19#include "clang/AST/Stmt.h"
20#include "clang/ASTMatchers/ASTMatchers.h"
21#include "clang/ASTMatchers/ASTMatchersMacros.h"
22#include "clang/Analysis/CFG.h"
23#include "clang/Analysis/FlowSensitive/CFGMatchSwitch.h"
24#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
25#include "clang/Analysis/FlowSensitive/NoopLattice.h"
26#include "clang/Analysis/FlowSensitive/StorageLocation.h"
27#include "clang/Analysis/FlowSensitive/Value.h"
28#include "clang/Basic/SourceLocation.h"
29#include "llvm/ADT/StringRef.h"
30#include "llvm/Support/Casting.h"
31#include "llvm/Support/ErrorHandling.h"
32#include <cassert>
33#include <memory>
34#include <optional>
35#include <utility>
36#include <vector>
37
38namespace clang {
39namespace dataflow {
40
41static bool isTopLevelNamespaceWithName(const NamespaceDecl &NS,
42 llvm::StringRef Name) {
43 return NS.getDeclName().isIdentifier() && NS.getName() == Name &&
44 NS.getParent() != nullptr && NS.getParent()->isTranslationUnit();
45}
46
47static bool hasOptionalClassName(const CXXRecordDecl &RD) {
48 if (!RD.getDeclName().isIdentifier())
49 return false;
50
51 if (RD.getName() == "optional") {
52 if (const auto *N = dyn_cast_or_null<NamespaceDecl>(RD.getDeclContext()))
53 return N->isStdNamespace() || isTopLevelNamespaceWithName(*N, "absl");
54 return false;
55 }
56
57 if (RD.getName() == "Optional") {
58 // Check whether namespace is "::base".
59 const auto *N = dyn_cast_or_null<NamespaceDecl>(RD.getDeclContext());
60 return N != nullptr && isTopLevelNamespaceWithName(*N, "base");
61 }
62
63 return false;
64}
65
66namespace {
67
68using namespace ::clang::ast_matchers;
69using LatticeTransferState = TransferState<NoopLattice>;
70
71AST_MATCHER(CXXRecordDecl, hasOptionalClassNameMatcher)namespace internal { class matcher_hasOptionalClassNameMatcherMatcher
: public ::clang::ast_matchers::internal::MatcherInterface<
CXXRecordDecl> { public: explicit matcher_hasOptionalClassNameMatcherMatcher
() = default; bool matches(const CXXRecordDecl &Node, ::clang
::ast_matchers::internal::ASTMatchFinder *Finder, ::clang::ast_matchers
::internal::BoundNodesTreeBuilder *Builder) const override; }
; } inline ::clang::ast_matchers::internal::Matcher<CXXRecordDecl
> hasOptionalClassNameMatcher() { return ::clang::ast_matchers
::internal::makeMatcher( new internal::matcher_hasOptionalClassNameMatcherMatcher
()); } inline bool internal::matcher_hasOptionalClassNameMatcherMatcher
::matches( const CXXRecordDecl &Node, ::clang::ast_matchers
::internal::ASTMatchFinder *Finder, ::clang::ast_matchers::internal
::BoundNodesTreeBuilder *Builder) const {
72 return hasOptionalClassName(Node);
73}
74
75DeclarationMatcher optionalClass() {
76 return classTemplateSpecializationDecl(
77 hasOptionalClassNameMatcher(),
78 hasTemplateArgument(0, refersToType(type().bind("T"))));
79}
80
81auto optionalOrAliasType() {
82 return hasUnqualifiedDesugaredType(
83 recordType(hasDeclaration(optionalClass())));
84}
85
86/// Matches any of the spellings of the optional types and sugar, aliases, etc.
87auto hasOptionalType() { return hasType(optionalOrAliasType()); }
88
89auto isOptionalMemberCallWithName(
90 llvm::StringRef MemberName,
91 const std::optional<StatementMatcher> &Ignorable = std::nullopt) {
92 auto Exception = unless(Ignorable ? expr(anyOf(*Ignorable, cxxThisExpr()))
93 : cxxThisExpr());
94 return cxxMemberCallExpr(
95 on(expr(Exception,
96 anyOf(hasOptionalType(),
97 hasType(pointerType(pointee(optionalOrAliasType())))))),
98 callee(cxxMethodDecl(hasName(MemberName))));
99}
100
101auto isOptionalOperatorCallWithName(
102 llvm::StringRef operator_name,
103 const std::optional<StatementMatcher> &Ignorable = std::nullopt) {
104 return cxxOperatorCallExpr(
105 hasOverloadedOperatorName(operator_name),
106 callee(cxxMethodDecl(ofClass(optionalClass()))),
107 Ignorable ? callExpr(unless(hasArgument(0, *Ignorable))) : callExpr());
108}
109
110auto isMakeOptionalCall() {
111 return callExpr(
112 callee(functionDecl(hasAnyName(
113 "std::make_optional", "base::make_optional", "absl::make_optional"))),
114 hasOptionalType());
115}
116
117auto nulloptTypeDecl() {
118 return namedDecl(
119 hasAnyName("std::nullopt_t", "absl::nullopt_t", "base::nullopt_t"));
120}
121
122auto hasNulloptType() { return hasType(nulloptTypeDecl()); }
123
124// `optional` or `nullopt_t`
125auto hasAnyOptionalType() {
126 return hasType(hasUnqualifiedDesugaredType(
127 recordType(hasDeclaration(anyOf(nulloptTypeDecl(), optionalClass())))));
128}
129
130auto inPlaceClass() {
131 return recordDecl(
132 hasAnyName("std::in_place_t", "absl::in_place_t", "base::in_place_t"));
133}
134
135auto isOptionalNulloptConstructor() {
136 return cxxConstructExpr(
137 hasOptionalType(),
138 hasDeclaration(cxxConstructorDecl(parameterCountIs(1),
139 hasParameter(0, hasNulloptType()))));
140}
141
142auto isOptionalInPlaceConstructor() {
143 return cxxConstructExpr(hasOptionalType(),
144 hasArgument(0, hasType(inPlaceClass())));
145}
146
147auto isOptionalValueOrConversionConstructor() {
148 return cxxConstructExpr(
149 hasOptionalType(),
150 unless(hasDeclaration(
151 cxxConstructorDecl(anyOf(isCopyConstructor(), isMoveConstructor())))),
152 argumentCountIs(1), hasArgument(0, unless(hasNulloptType())));
153}
154
155auto isOptionalValueOrConversionAssignment() {
156 return cxxOperatorCallExpr(
157 hasOverloadedOperatorName("="),
158 callee(cxxMethodDecl(ofClass(optionalClass()))),
159 unless(hasDeclaration(cxxMethodDecl(
160 anyOf(isCopyAssignmentOperator(), isMoveAssignmentOperator())))),
161 argumentCountIs(2), hasArgument(1, unless(hasNulloptType())));
162}
163
164auto isNulloptConstructor() {
165 return cxxConstructExpr(hasNulloptType(), argumentCountIs(1),
166 hasArgument(0, hasNulloptType()));
167}
168
169auto isOptionalNulloptAssignment() {
170 return cxxOperatorCallExpr(hasOverloadedOperatorName("="),
171 callee(cxxMethodDecl(ofClass(optionalClass()))),
172 argumentCountIs(2),
173 hasArgument(1, hasNulloptType()));
174}
175
176auto isStdSwapCall() {
177 return callExpr(callee(functionDecl(hasName("std::swap"))),
178 argumentCountIs(2), hasArgument(0, hasOptionalType()),
179 hasArgument(1, hasOptionalType()));
180}
181
182auto isStdForwardCall() {
183 return callExpr(callee(functionDecl(hasName("std::forward"))),
184 argumentCountIs(1), hasArgument(0, hasOptionalType()));
185}
186
187constexpr llvm::StringLiteral ValueOrCallID = "ValueOrCall";
188
189auto isValueOrStringEmptyCall() {
190 // `opt.value_or("").empty()`
191 return cxxMemberCallExpr(
192 callee(cxxMethodDecl(hasName("empty"))),
193 onImplicitObjectArgument(ignoringImplicit(
194 cxxMemberCallExpr(on(expr(unless(cxxThisExpr()))),
195 callee(cxxMethodDecl(hasName("value_or"),
196 ofClass(optionalClass()))),
197 hasArgument(0, stringLiteral(hasSize(0))))
198 .bind(ValueOrCallID))));
199}
200
201auto isValueOrNotEqX() {
202 auto ComparesToSame = [](ast_matchers::internal::Matcher<Stmt> Arg) {
203 return hasOperands(
204 ignoringImplicit(
205 cxxMemberCallExpr(on(expr(unless(cxxThisExpr()))),
206 callee(cxxMethodDecl(hasName("value_or"),
207 ofClass(optionalClass()))),
208 hasArgument(0, Arg))
209 .bind(ValueOrCallID)),
210 ignoringImplicit(Arg));
211 };
212
213 // `opt.value_or(X) != X`, for X is `nullptr`, `""`, or `0`. Ideally, we'd
214 // support this pattern for any expression, but the AST does not have a
215 // generic expression comparison facility, so we specialize to common cases
216 // seen in practice. FIXME: define a matcher that compares values across
217 // nodes, which would let us generalize this to any `X`.
218 return binaryOperation(hasOperatorName("!="),
219 anyOf(ComparesToSame(cxxNullPtrLiteralExpr()),
220 ComparesToSame(stringLiteral(hasSize(0))),
221 ComparesToSame(integerLiteral(equals(0)))));
222}
223
224auto isCallReturningOptional() {
225 return callExpr(hasType(qualType(anyOf(
226 optionalOrAliasType(), referenceType(pointee(optionalOrAliasType()))))));
227}
228
229template <typename L, typename R>
230auto isComparisonOperatorCall(L lhs_arg_matcher, R rhs_arg_matcher) {
231 return cxxOperatorCallExpr(
232 anyOf(hasOverloadedOperatorName("=="), hasOverloadedOperatorName("!=")),
233 argumentCountIs(2), hasArgument(0, lhs_arg_matcher),
234 hasArgument(1, rhs_arg_matcher));
235}
236
237// Ensures that `Expr` is mapped to a `BoolValue` and returns it.
238BoolValue &forceBoolValue(Environment &Env, const Expr &Expr) {
239 auto *Value = cast_or_null<BoolValue>(Env.getValue(Expr, SkipPast::None));
240 if (Value != nullptr)
241 return *Value;
242
243 auto &Loc = Env.createStorageLocation(Expr);
244 Value = &Env.makeAtomicBoolValue();
245 Env.setValue(Loc, *Value);
246 Env.setStorageLocation(Expr, Loc);
247 return *Value;
248}
249
250/// Sets `HasValueVal` as the symbolic value that represents the "has_value"
251/// property of the optional value `OptionalVal`.
252void setHasValue(Value &OptionalVal, BoolValue &HasValueVal) {
253 OptionalVal.setProperty("has_value", HasValueVal);
254}
255
256/// Creates a symbolic value for an `optional` value using `HasValueVal` as the
257/// symbolic value of its "has_value" property.
258StructValue &createOptionalValue(Environment &Env, BoolValue &HasValueVal) {
259 auto &OptionalVal = Env.create<StructValue>();
260 setHasValue(OptionalVal, HasValueVal);
261 return OptionalVal;
262}
263
264/// Returns the symbolic value that represents the "has_value" property of the
265/// optional value `OptionalVal`. Returns null if `OptionalVal` is null.
266BoolValue *getHasValue(Environment &Env, Value *OptionalVal) {
267 if (OptionalVal != nullptr) {
268 auto *HasValueVal =
269 cast_or_null<BoolValue>(OptionalVal->getProperty("has_value"));
270 if (HasValueVal == nullptr) {
271 HasValueVal = &Env.makeAtomicBoolValue();
272 OptionalVal->setProperty("has_value", *HasValueVal);
273 }
274 return HasValueVal;
275 }
276 return nullptr;
277}
278
279/// Returns true if and only if `Type` is an optional type.
280bool isOptionalType(QualType Type) {
281 if (!Type->isRecordType())
282 return false;
283 const CXXRecordDecl *D = Type->getAsCXXRecordDecl();
284 return D != nullptr && hasOptionalClassName(*D);
285}
286
287/// Returns the number of optional wrappers in `Type`.
288///
289/// For example, if `Type` is `optional<optional<int>>`, the result of this
290/// function will be 2.
291int countOptionalWrappers(const ASTContext &ASTCtx, QualType Type) {
292 if (!isOptionalType(Type))
293 return 0;
294 return 1 + countOptionalWrappers(
295 ASTCtx,
296 cast<ClassTemplateSpecializationDecl>(Type->getAsRecordDecl())
297 ->getTemplateArgs()
298 .get(0)
299 .getAsType()
300 .getDesugaredType(ASTCtx));
301}
302
303/// Tries to initialize the `optional`'s value (that is, contents), and return
304/// its location. Returns nullptr if the value can't be represented.
305StorageLocation *maybeInitializeOptionalValueMember(QualType Q,
306 Value &OptionalVal,
307 Environment &Env) {
308 // The "value" property represents a synthetic field. As such, it needs
309 // `StorageLocation`, like normal fields (and other variables). So, we model
310 // it with a `ReferenceValue`, since that includes a storage location. Once
311 // the property is set, it will be shared by all environments that access the
312 // `Value` representing the optional (here, `OptionalVal`).
313 if (auto *ValueProp = OptionalVal.getProperty("value")) {
314 auto *ValueRef = clang::cast<ReferenceValue>(ValueProp);
315 auto &ValueLoc = ValueRef->getReferentLoc();
316 if (Env.getValue(ValueLoc) == nullptr) {
317 // The property was previously set, but the value has been lost. This can
318 // happen, for example, because of an environment merge (where the two
319 // environments mapped the property to different values, which resulted in
320 // them both being discarded), or when two blocks in the CFG, with neither
321 // a dominator of the other, visit the same optional value, or even when a
322 // block is revisited during testing to collect per-statement state.
323 // FIXME: This situation means that the optional contents are not shared
324 // between branches and the like. Practically, this lack of sharing
325 // reduces the precision of the model when the contents are relevant to
326 // the check, like another optional or a boolean that influences control
327 // flow.
328 auto *ValueVal = Env.createValue(ValueLoc.getType());
329 if (ValueVal == nullptr)
330 return nullptr;
331 Env.setValue(ValueLoc, *ValueVal);
332 }
333 return &ValueLoc;
334 }
335
336 auto Ty = Q.getNonReferenceType();
337 auto *ValueVal = Env.createValue(Ty);
338 if (ValueVal == nullptr)
339 return nullptr;
340 auto &ValueLoc = Env.createStorageLocation(Ty);
341 Env.setValue(ValueLoc, *ValueVal);
342 auto &ValueRef = Env.create<ReferenceValue>(ValueLoc);
343 OptionalVal.setProperty("value", ValueRef);
344 return &ValueLoc;
345}
346
347void initializeOptionalReference(const Expr *OptionalExpr,
348 const MatchFinder::MatchResult &,
349 LatticeTransferState &State) {
350 if (auto *OptionalVal =
351 State.Env.getValue(*OptionalExpr, SkipPast::Reference)) {
352 if (OptionalVal->getProperty("has_value") == nullptr) {
353 setHasValue(*OptionalVal, State.Env.makeAtomicBoolValue());
354 }
355 }
356}
357
358/// Returns true if and only if `OptionalVal` is initialized and known to be
359/// empty in `Env.
360bool isEmptyOptional(const Value &OptionalVal, const Environment &Env) {
361 auto *HasValueVal =
362 cast_or_null<BoolValue>(OptionalVal.getProperty("has_value"));
363 return HasValueVal != nullptr &&
364 Env.flowConditionImplies(Env.makeNot(*HasValueVal));
365}
366
367/// Returns true if and only if `OptionalVal` is initialized and known to be
368/// non-empty in `Env.
369bool isNonEmptyOptional(const Value &OptionalVal, const Environment &Env) {
370 auto *HasValueVal =
371 cast_or_null<BoolValue>(OptionalVal.getProperty("has_value"));
372 return HasValueVal != nullptr && Env.flowConditionImplies(*HasValueVal);
373}
374
375void transferUnwrapCall(const Expr *UnwrapExpr, const Expr *ObjectExpr,
376 LatticeTransferState &State) {
377 if (auto *OptionalVal =
378 State.Env.getValue(*ObjectExpr, SkipPast::ReferenceThenPointer)) {
379 if (State.Env.getStorageLocation(*UnwrapExpr, SkipPast::None) == nullptr)
380 if (auto *Loc = maybeInitializeOptionalValueMember(
381 UnwrapExpr->getType(), *OptionalVal, State.Env))
382 State.Env.setStorageLocation(*UnwrapExpr, *Loc);
383 }
384}
385
386void transferMakeOptionalCall(const CallExpr *E,
387 const MatchFinder::MatchResult &,
388 LatticeTransferState &State) {
389 auto &Loc = State.Env.createStorageLocation(*E);
390 State.Env.setStorageLocation(*E, Loc);
391 State.Env.setValue(
392 Loc, createOptionalValue(State.Env, State.Env.getBoolLiteralValue(true)));
393}
394
395void transferOptionalHasValueCall(const CXXMemberCallExpr *CallExpr,
396 const MatchFinder::MatchResult &,
397 LatticeTransferState &State) {
398 if (auto *HasValueVal = getHasValue(
399 State.Env, State.Env.getValue(*CallExpr->getImplicitObjectArgument(),
400 SkipPast::ReferenceThenPointer))) {
401 auto &CallExprLoc = State.Env.createStorageLocation(*CallExpr);
402 State.Env.setValue(CallExprLoc, *HasValueVal);
403 State.Env.setStorageLocation(*CallExpr, CallExprLoc);
404 }
405}
406
407/// `ModelPred` builds a logical formula relating the predicate in
408/// `ValueOrPredExpr` to the optional's `has_value` property.
409void transferValueOrImpl(const clang::Expr *ValueOrPredExpr,
410 const MatchFinder::MatchResult &Result,
411 LatticeTransferState &State,
412 BoolValue &(*ModelPred)(Environment &Env,
413 BoolValue &ExprVal,
414 BoolValue &HasValueVal)) {
415 auto &Env = State.Env;
416
417 const auto *ObjectArgumentExpr =
418 Result.Nodes.getNodeAs<clang::CXXMemberCallExpr>(ValueOrCallID)
419 ->getImplicitObjectArgument();
420
421 auto *HasValueVal = getHasValue(
422 State.Env,
423 State.Env.getValue(*ObjectArgumentExpr, SkipPast::ReferenceThenPointer));
424 if (HasValueVal == nullptr)
425 return;
426
427 Env.addToFlowCondition(
428 ModelPred(Env, forceBoolValue(Env, *ValueOrPredExpr), *HasValueVal));
429}
430
431void transferValueOrStringEmptyCall(const clang::Expr *ComparisonExpr,
432 const MatchFinder::MatchResult &Result,
433 LatticeTransferState &State) {
434 return transferValueOrImpl(ComparisonExpr, Result, State,
435 [](Environment &Env, BoolValue &ExprVal,
436 BoolValue &HasValueVal) -> BoolValue & {
437 // If the result is *not* empty, then we know the
438 // optional must have been holding a value. If
439 // `ExprVal` is true, though, we don't learn
440 // anything definite about `has_value`, so we
441 // don't add any corresponding implications to
442 // the flow condition.
443 return Env.makeImplication(Env.makeNot(ExprVal),
444 HasValueVal);
445 });
446}
447
448void transferValueOrNotEqX(const Expr *ComparisonExpr,
449 const MatchFinder::MatchResult &Result,
450 LatticeTransferState &State) {
451 transferValueOrImpl(ComparisonExpr, Result, State,
452 [](Environment &Env, BoolValue &ExprVal,
453 BoolValue &HasValueVal) -> BoolValue & {
454 // We know that if `(opt.value_or(X) != X)` then
455 // `opt.hasValue()`, even without knowing further
456 // details about the contents of `opt`.
457 return Env.makeImplication(ExprVal, HasValueVal);
458 });
459}
460
461void transferCallReturningOptional(const CallExpr *E,
462 const MatchFinder::MatchResult &Result,
463 LatticeTransferState &State) {
464 if (State.Env.getStorageLocation(*E, SkipPast::None) != nullptr)
465 return;
466
467 auto &Loc = State.Env.createStorageLocation(*E);
468 State.Env.setStorageLocation(*E, Loc);
469 State.Env.setValue(
470 Loc, createOptionalValue(State.Env, State.Env.makeAtomicBoolValue()));
471}
472
473void assignOptionalValue(const Expr &E, Environment &Env,
474 BoolValue &HasValueVal) {
475 if (auto *OptionalLoc =
476 Env.getStorageLocation(E, SkipPast::ReferenceThenPointer)) {
477 Env.setValue(*OptionalLoc, createOptionalValue(Env, HasValueVal));
478 }
479}
480
481/// Returns a symbolic value for the "has_value" property of an `optional<T>`
482/// value that is constructed/assigned from a value of type `U` or `optional<U>`
483/// where `T` is constructible from `U`.
484BoolValue &valueOrConversionHasValue(const FunctionDecl &F, const Expr &E,
485 const MatchFinder::MatchResult &MatchRes,
486 LatticeTransferState &State) {
487 assert(F.getTemplateSpecializationArgs() != nullptr)(static_cast <bool> (F.getTemplateSpecializationArgs() !=
nullptr) ? void (0) : __assert_fail ("F.getTemplateSpecializationArgs() != nullptr"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 487, __extension__ __PRETTY_FUNCTION__));
488 assert(F.getTemplateSpecializationArgs()->size() > 0)(static_cast <bool> (F.getTemplateSpecializationArgs()->
size() > 0) ? void (0) : __assert_fail ("F.getTemplateSpecializationArgs()->size() > 0"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 488, __extension__ __PRETTY_FUNCTION__));
489
490 const int TemplateParamOptionalWrappersCount =
491 countOptionalWrappers(*MatchRes.Context, F.getTemplateSpecializationArgs()
492 ->get(0)
493 .getAsType()
494 .getNonReferenceType());
495 const int ArgTypeOptionalWrappersCount = countOptionalWrappers(
496 *MatchRes.Context, E.getType().getNonReferenceType());
497
498 // Check if this is a constructor/assignment call for `optional<T>` with
499 // argument of type `U` such that `T` is constructible from `U`.
500 if (TemplateParamOptionalWrappersCount == ArgTypeOptionalWrappersCount)
501 return State.Env.getBoolLiteralValue(true);
502
503 // This is a constructor/assignment call for `optional<T>` with argument of
504 // type `optional<U>` such that `T` is constructible from `U`.
505 if (auto *HasValueVal =
506 getHasValue(State.Env, State.Env.getValue(E, SkipPast::Reference)))
507 return *HasValueVal;
508 return State.Env.makeAtomicBoolValue();
509}
510
511void transferValueOrConversionConstructor(
512 const CXXConstructExpr *E, const MatchFinder::MatchResult &MatchRes,
513 LatticeTransferState &State) {
514 assert(E->getNumArgs() > 0)(static_cast <bool> (E->getNumArgs() > 0) ? void (
0) : __assert_fail ("E->getNumArgs() > 0", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 514, __extension__ __PRETTY_FUNCTION__));
515
516 assignOptionalValue(*E, State.Env,
517 valueOrConversionHasValue(*E->getConstructor(),
518 *E->getArg(0), MatchRes,
519 State));
520}
521
522void transferAssignment(const CXXOperatorCallExpr *E, BoolValue &HasValueVal,
523 LatticeTransferState &State) {
524 assert(E->getNumArgs() > 0)(static_cast <bool> (E->getNumArgs() > 0) ? void (
0) : __assert_fail ("E->getNumArgs() > 0", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 524, __extension__ __PRETTY_FUNCTION__));
525
526 auto *OptionalLoc =
527 State.Env.getStorageLocation(*E->getArg(0), SkipPast::Reference);
528 if (OptionalLoc == nullptr)
529 return;
530
531 State.Env.setValue(*OptionalLoc, createOptionalValue(State.Env, HasValueVal));
532
533 // Assign a storage location for the whole expression.
534 State.Env.setStorageLocation(*E, *OptionalLoc);
535}
536
537void transferValueOrConversionAssignment(
538 const CXXOperatorCallExpr *E, const MatchFinder::MatchResult &MatchRes,
539 LatticeTransferState &State) {
540 assert(E->getNumArgs() > 1)(static_cast <bool> (E->getNumArgs() > 1) ? void (
0) : __assert_fail ("E->getNumArgs() > 1", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 540, __extension__ __PRETTY_FUNCTION__));
541 transferAssignment(E,
542 valueOrConversionHasValue(*E->getDirectCallee(),
543 *E->getArg(1), MatchRes, State),
544 State);
545}
546
547void transferNulloptAssignment(const CXXOperatorCallExpr *E,
548 const MatchFinder::MatchResult &,
549 LatticeTransferState &State) {
550 transferAssignment(E, State.Env.getBoolLiteralValue(false), State);
551}
552
553void transferSwap(const Expr &E1, SkipPast E1Skip, const Expr &E2,
554 Environment &Env) {
555 // We account for cases where one or both of the optionals are not modeled,
556 // either lacking associated storage locations, or lacking values associated
557 // to such storage locations.
558 auto *Loc1 = Env.getStorageLocation(E1, E1Skip);
559 auto *Loc2 = Env.getStorageLocation(E2, SkipPast::Reference);
560
561 if (Loc1 == nullptr) {
562 if (Loc2 != nullptr)
563 Env.setValue(*Loc2, createOptionalValue(Env, Env.makeAtomicBoolValue()));
564 return;
565 }
566 if (Loc2 == nullptr) {
567 Env.setValue(*Loc1, createOptionalValue(Env, Env.makeAtomicBoolValue()));
568 return;
569 }
570
571 // Both expressions have locations, though they may not have corresponding
572 // values. In that case, we create a fresh value at this point. Note that if
573 // two branches both do this, they will not share the value, but it at least
574 // allows for local reasoning about the value. To avoid the above, we would
575 // need *lazy* value allocation.
576 // FIXME: allocate values lazily, instead of just creating a fresh value.
577 auto *Val1 = Env.getValue(*Loc1);
578 if (Val1 == nullptr)
579 Val1 = &createOptionalValue(Env, Env.makeAtomicBoolValue());
580
581 auto *Val2 = Env.getValue(*Loc2);
582 if (Val2 == nullptr)
583 Val2 = &createOptionalValue(Env, Env.makeAtomicBoolValue());
584
585 Env.setValue(*Loc1, *Val2);
586 Env.setValue(*Loc2, *Val1);
587}
588
589void transferSwapCall(const CXXMemberCallExpr *E,
590 const MatchFinder::MatchResult &,
591 LatticeTransferState &State) {
592 assert(E->getNumArgs() == 1)(static_cast <bool> (E->getNumArgs() == 1) ? void (0
) : __assert_fail ("E->getNumArgs() == 1", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 592, __extension__ __PRETTY_FUNCTION__));
593 transferSwap(*E->getImplicitObjectArgument(), SkipPast::ReferenceThenPointer,
594 *E->getArg(0), State.Env);
595}
596
597void transferStdSwapCall(const CallExpr *E, const MatchFinder::MatchResult &,
598 LatticeTransferState &State) {
599 assert(E->getNumArgs() == 2)(static_cast <bool> (E->getNumArgs() == 2) ? void (0
) : __assert_fail ("E->getNumArgs() == 2", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 599, __extension__ __PRETTY_FUNCTION__));
600 transferSwap(*E->getArg(0), SkipPast::Reference, *E->getArg(1), State.Env);
601}
602
603void transferStdForwardCall(const CallExpr *E, const MatchFinder::MatchResult &,
604 LatticeTransferState &State) {
605 assert(E->getNumArgs() == 1)(static_cast <bool> (E->getNumArgs() == 1) ? void (0
) : __assert_fail ("E->getNumArgs() == 1", "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 605, __extension__ __PRETTY_FUNCTION__));
606
607 StorageLocation *LocRet = State.Env.getStorageLocation(*E, SkipPast::None);
608 if (LocRet != nullptr)
609 return;
610
611 StorageLocation *LocArg =
612 State.Env.getStorageLocation(*E->getArg(0), SkipPast::Reference);
613
614 if (LocArg == nullptr)
615 return;
616
617 Value *ValArg = State.Env.getValue(*LocArg);
618 if (ValArg == nullptr)
619 ValArg = &createOptionalValue(State.Env, State.Env.makeAtomicBoolValue());
620
621 // Create a new storage location
622 LocRet = &State.Env.createStorageLocation(*E);
623 State.Env.setStorageLocation(*E, *LocRet);
624
625 State.Env.setValue(*LocRet, *ValArg);
626}
627
628BoolValue &evaluateEquality(Environment &Env, BoolValue &EqVal, BoolValue &LHS,
629 BoolValue &RHS) {
630 // Logically, an optional<T> object is composed of two values - a `has_value`
631 // bit and a value of type T. Equality of optional objects compares both
632 // values. Therefore, merely comparing the `has_value` bits isn't sufficient:
633 // when two optional objects are engaged, the equality of their respective
634 // values of type T matters. Since we only track the `has_value` bits, we
635 // can't make any conclusions about equality when we know that two optional
636 // objects are engaged.
637 //
638 // We express this as two facts about the equality:
639 // a) EqVal => (LHS & RHS) v (!RHS & !LHS)
640 // If they are equal, then either both are set or both are unset.
641 // b) (!LHS & !RHS) => EqVal
642 // If neither is set, then they are equal.
643 // We rewrite b) as !EqVal => (LHS v RHS), for a more compact formula.
644 return Env.makeAnd(
645 Env.makeImplication(
646 EqVal, Env.makeOr(Env.makeAnd(LHS, RHS),
647 Env.makeAnd(Env.makeNot(LHS), Env.makeNot(RHS)))),
648 Env.makeImplication(Env.makeNot(EqVal), Env.makeOr(LHS, RHS)));
649}
650
651void transferOptionalAndOptionalCmp(const clang::CXXOperatorCallExpr *CmpExpr,
652 const MatchFinder::MatchResult &,
653 LatticeTransferState &State) {
654 Environment &Env = State.Env;
655 auto *CmpValue = &forceBoolValue(Env, *CmpExpr);
656 if (auto *LHasVal = getHasValue(
657 Env, Env.getValue(*CmpExpr->getArg(0), SkipPast::Reference)))
658 if (auto *RHasVal = getHasValue(
659 Env, Env.getValue(*CmpExpr->getArg(1), SkipPast::Reference))) {
660 if (CmpExpr->getOperator() == clang::OO_ExclaimEqual)
661 CmpValue = &State.Env.makeNot(*CmpValue);
662 Env.addToFlowCondition(
663 evaluateEquality(Env, *CmpValue, *LHasVal, *RHasVal));
664 }
665}
666
667void transferOptionalAndValueCmp(const clang::CXXOperatorCallExpr *CmpExpr,
668 const clang::Expr *E, Environment &Env) {
669 auto *CmpValue = &forceBoolValue(Env, *CmpExpr);
670 if (auto *HasVal = getHasValue(Env, Env.getValue(*E, SkipPast::Reference))) {
671 if (CmpExpr->getOperator() == clang::OO_ExclaimEqual)
672 CmpValue = &Env.makeNot(*CmpValue);
673 Env.addToFlowCondition(evaluateEquality(Env, *CmpValue, *HasVal,
674 Env.getBoolLiteralValue(true)));
675 }
676}
677
678std::optional<StatementMatcher>
679ignorableOptional(const UncheckedOptionalAccessModelOptions &Options) {
680 if (Options.IgnoreSmartPointerDereference) {
681 auto SmartPtrUse = expr(ignoringParenImpCasts(cxxOperatorCallExpr(
682 anyOf(hasOverloadedOperatorName("->"), hasOverloadedOperatorName("*")),
683 unless(hasArgument(0, expr(hasOptionalType()))))));
684 return expr(
685 anyOf(SmartPtrUse, memberExpr(hasObjectExpression(SmartPtrUse))));
686 }
687 return std::nullopt;
688}
689
690StatementMatcher
691valueCall(const std::optional<StatementMatcher> &IgnorableOptional) {
692 return isOptionalMemberCallWithName("value", IgnorableOptional);
693}
694
695StatementMatcher
696valueOperatorCall(const std::optional<StatementMatcher> &IgnorableOptional) {
697 return expr(anyOf(isOptionalOperatorCallWithName("*", IgnorableOptional),
698 isOptionalOperatorCallWithName("->", IgnorableOptional)));
699}
700
701auto buildTransferMatchSwitch() {
702 // FIXME: Evaluate the efficiency of matchers. If using matchers results in a
703 // lot of duplicated work (e.g. string comparisons), consider providing APIs
704 // that avoid it through memoization.
705 return CFGMatchSwitchBuilder<LatticeTransferState>()
706 // Attach a symbolic "has_value" state to optional values that we see for
707 // the first time.
708 .CaseOfCFGStmt<Expr>(
709 expr(anyOf(declRefExpr(), memberExpr()), hasOptionalType()),
710 initializeOptionalReference)
711
712 // make_optional
713 .CaseOfCFGStmt<CallExpr>(isMakeOptionalCall(), transferMakeOptionalCall)
714
715 // optional::optional (in place)
716 .CaseOfCFGStmt<CXXConstructExpr>(
717 isOptionalInPlaceConstructor(),
718 [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
719 LatticeTransferState &State) {
720 assignOptionalValue(*E, State.Env,
721 State.Env.getBoolLiteralValue(true));
722 })
723 // nullopt_t::nullopt_t
724 .CaseOfCFGStmt<CXXConstructExpr>(
725 isNulloptConstructor(),
726 [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
727 LatticeTransferState &State) {
728 assignOptionalValue(*E, State.Env,
729 State.Env.getBoolLiteralValue(false));
730 })
731 // optional::optional(nullopt_t)
732 .CaseOfCFGStmt<CXXConstructExpr>(
733 isOptionalNulloptConstructor(),
734 [](const CXXConstructExpr *E, const MatchFinder::MatchResult &,
735 LatticeTransferState &State) {
736 assignOptionalValue(*E, State.Env,
737 State.Env.getBoolLiteralValue(false));
738 })
739 // optional::optional (value/conversion)
740 .CaseOfCFGStmt<CXXConstructExpr>(isOptionalValueOrConversionConstructor(),
741 transferValueOrConversionConstructor)
742
743 // optional::operator=
744 .CaseOfCFGStmt<CXXOperatorCallExpr>(
745 isOptionalValueOrConversionAssignment(),
746 transferValueOrConversionAssignment)
747 .CaseOfCFGStmt<CXXOperatorCallExpr>(isOptionalNulloptAssignment(),
748 transferNulloptAssignment)
749
750 // optional::value
751 .CaseOfCFGStmt<CXXMemberCallExpr>(
752 valueCall(std::nullopt),
753 [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
754 LatticeTransferState &State) {
755 transferUnwrapCall(E, E->getImplicitObjectArgument(), State);
756 })
757
758 // optional::operator*, optional::operator->
759 .CaseOfCFGStmt<CallExpr>(valueOperatorCall(std::nullopt),
760 [](const CallExpr *E,
761 const MatchFinder::MatchResult &,
762 LatticeTransferState &State) {
763 transferUnwrapCall(E, E->getArg(0), State);
764 })
765
766 // optional::has_value
767 .CaseOfCFGStmt<CXXMemberCallExpr>(
768 isOptionalMemberCallWithName("has_value"),
769 transferOptionalHasValueCall)
770
771 // optional::operator bool
772 .CaseOfCFGStmt<CXXMemberCallExpr>(
773 isOptionalMemberCallWithName("operator bool"),
774 transferOptionalHasValueCall)
775
776 // optional::emplace
777 .CaseOfCFGStmt<CXXMemberCallExpr>(
778 isOptionalMemberCallWithName("emplace"),
779 [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
780 LatticeTransferState &State) {
781 assignOptionalValue(*E->getImplicitObjectArgument(), State.Env,
782 State.Env.getBoolLiteralValue(true));
783 })
784
785 // optional::reset
786 .CaseOfCFGStmt<CXXMemberCallExpr>(
787 isOptionalMemberCallWithName("reset"),
788 [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
789 LatticeTransferState &State) {
790 assignOptionalValue(*E->getImplicitObjectArgument(), State.Env,
791 State.Env.getBoolLiteralValue(false));
792 })
793
794 // optional::swap
795 .CaseOfCFGStmt<CXXMemberCallExpr>(isOptionalMemberCallWithName("swap"),
796 transferSwapCall)
797
798 // std::swap
799 .CaseOfCFGStmt<CallExpr>(isStdSwapCall(), transferStdSwapCall)
800
801 // std::forward
802 .CaseOfCFGStmt<CallExpr>(isStdForwardCall(), transferStdForwardCall)
803
804 // opt.value_or("").empty()
805 .CaseOfCFGStmt<Expr>(isValueOrStringEmptyCall(),
806 transferValueOrStringEmptyCall)
807
808 // opt.value_or(X) != X
809 .CaseOfCFGStmt<Expr>(isValueOrNotEqX(), transferValueOrNotEqX)
810
811 // Comparisons (==, !=):
812 .CaseOfCFGStmt<CXXOperatorCallExpr>(
813 isComparisonOperatorCall(hasAnyOptionalType(), hasAnyOptionalType()),
814 transferOptionalAndOptionalCmp)
815 .CaseOfCFGStmt<CXXOperatorCallExpr>(
816 isComparisonOperatorCall(hasOptionalType(),
817 unless(hasAnyOptionalType())),
818 [](const clang::CXXOperatorCallExpr *Cmp,
819 const MatchFinder::MatchResult &, LatticeTransferState &State) {
820 transferOptionalAndValueCmp(Cmp, Cmp->getArg(0), State.Env);
821 })
822 .CaseOfCFGStmt<CXXOperatorCallExpr>(
823 isComparisonOperatorCall(unless(hasAnyOptionalType()),
824 hasOptionalType()),
825 [](const clang::CXXOperatorCallExpr *Cmp,
826 const MatchFinder::MatchResult &, LatticeTransferState &State) {
827 transferOptionalAndValueCmp(Cmp, Cmp->getArg(1), State.Env);
828 })
829
830 // returns optional
831 .CaseOfCFGStmt<CallExpr>(isCallReturningOptional(),
832 transferCallReturningOptional)
833
834 .Build();
835}
836
837std::vector<SourceLocation> diagnoseUnwrapCall(const Expr *UnwrapExpr,
838 const Expr *ObjectExpr,
839 const Environment &Env) {
840 if (auto *OptionalVal =
841 Env.getValue(*ObjectExpr, SkipPast::ReferenceThenPointer)) {
842 auto *Prop = OptionalVal->getProperty("has_value");
843 if (auto *HasValueVal = cast_or_null<BoolValue>(Prop)) {
844 if (Env.flowConditionImplies(*HasValueVal))
845 return {};
846 }
847 }
848
849 // Record that this unwrap is *not* provably safe.
850 // FIXME: include either the name of the optional (if applicable) or a source
851 // range of the access for easier interpretation of the result.
852 return {ObjectExpr->getBeginLoc()};
853}
854
855auto buildDiagnoseMatchSwitch(
856 const UncheckedOptionalAccessModelOptions &Options) {
857 // FIXME: Evaluate the efficiency of matchers. If using matchers results in a
858 // lot of duplicated work (e.g. string comparisons), consider providing APIs
859 // that avoid it through memoization.
860 auto IgnorableOptional = ignorableOptional(Options);
861 return CFGMatchSwitchBuilder<const Environment, std::vector<SourceLocation>>()
2
Calling 'CFGMatchSwitchBuilder::Build'
862 // optional::value
863 .CaseOfCFGStmt<CXXMemberCallExpr>(
864 valueCall(IgnorableOptional),
865 [](const CXXMemberCallExpr *E, const MatchFinder::MatchResult &,
866 const Environment &Env) {
867 return diagnoseUnwrapCall(E, E->getImplicitObjectArgument(), Env);
868 })
869
870 // optional::operator*, optional::operator->
871 .CaseOfCFGStmt<CallExpr>(
872 valueOperatorCall(IgnorableOptional),
873 [](const CallExpr *E, const MatchFinder::MatchResult &,
874 const Environment &Env) {
875 return diagnoseUnwrapCall(E, E->getArg(0), Env);
876 })
877 .Build();
878}
879
880} // namespace
881
882ast_matchers::DeclarationMatcher
883UncheckedOptionalAccessModel::optionalClassDecl() {
884 return optionalClass();
885}
886
887UncheckedOptionalAccessModel::UncheckedOptionalAccessModel(ASTContext &Ctx)
888 : DataflowAnalysis<UncheckedOptionalAccessModel, NoopLattice>(Ctx),
889 TransferMatchSwitch(buildTransferMatchSwitch()) {}
890
891void UncheckedOptionalAccessModel::transfer(const CFGElement &Elt,
892 NoopLattice &L, Environment &Env) {
893 LatticeTransferState State(L, Env);
894 TransferMatchSwitch(Elt, getASTContext(), State);
895}
896
897ComparisonResult UncheckedOptionalAccessModel::compare(
898 QualType Type, const Value &Val1, const Environment &Env1,
899 const Value &Val2, const Environment &Env2) {
900 if (!isOptionalType(Type))
901 return ComparisonResult::Unknown;
902 bool MustNonEmpty1 = isNonEmptyOptional(Val1, Env1);
903 bool MustNonEmpty2 = isNonEmptyOptional(Val2, Env2);
904 if (MustNonEmpty1 && MustNonEmpty2)
905 return ComparisonResult::Same;
906 // If exactly one is true, then they're different, no reason to check whether
907 // they're definitely empty.
908 if (MustNonEmpty1 || MustNonEmpty2)
909 return ComparisonResult::Different;
910 // Check if they're both definitely empty.
911 return (isEmptyOptional(Val1, Env1) && isEmptyOptional(Val2, Env2))
912 ? ComparisonResult::Same
913 : ComparisonResult::Different;
914}
915
916bool UncheckedOptionalAccessModel::merge(QualType Type, const Value &Val1,
917 const Environment &Env1,
918 const Value &Val2,
919 const Environment &Env2,
920 Value &MergedVal,
921 Environment &MergedEnv) {
922 if (!isOptionalType(Type))
923 return true;
924 // FIXME: uses same approach as join for `BoolValues`. Requires non-const
925 // values, though, so will require updating the interface.
926 auto &HasValueVal = MergedEnv.makeAtomicBoolValue();
927 bool MustNonEmpty1 = isNonEmptyOptional(Val1, Env1);
928 bool MustNonEmpty2 = isNonEmptyOptional(Val2, Env2);
929 if (MustNonEmpty1 && MustNonEmpty2)
930 MergedEnv.addToFlowCondition(HasValueVal);
931 else if (
932 // Only make the costly calls to `isEmptyOptional` if we got "unknown"
933 // (false) for both calls to `isNonEmptyOptional`.
934 !MustNonEmpty1 && !MustNonEmpty2 && isEmptyOptional(Val1, Env1) &&
935 isEmptyOptional(Val2, Env2))
936 MergedEnv.addToFlowCondition(MergedEnv.makeNot(HasValueVal));
937 setHasValue(MergedVal, HasValueVal);
938 return true;
939}
940
941Value *UncheckedOptionalAccessModel::widen(QualType Type, Value &Prev,
942 const Environment &PrevEnv,
943 Value &Current,
944 Environment &CurrentEnv) {
945 switch (compare(Type, Prev, PrevEnv, Current, CurrentEnv)) {
946 case ComparisonResult::Same:
947 return &Prev;
948 case ComparisonResult::Different:
949 if (auto *PrevHasVal =
950 cast_or_null<BoolValue>(Prev.getProperty("has_value"))) {
951 if (isa<TopBoolValue>(PrevHasVal))
952 return &Prev;
953 }
954 if (auto *CurrentHasVal =
955 cast_or_null<BoolValue>(Current.getProperty("has_value"))) {
956 if (isa<TopBoolValue>(CurrentHasVal))
957 return &Current;
958 }
959 return &createOptionalValue(CurrentEnv, CurrentEnv.makeTopBoolValue());
960 case ComparisonResult::Unknown:
961 return nullptr;
962 }
963 llvm_unreachable("all cases covered in switch")::llvm::llvm_unreachable_internal("all cases covered in switch"
, "clang/lib/Analysis/FlowSensitive/Models/UncheckedOptionalAccessModel.cpp"
, 963);
964}
965
966UncheckedOptionalAccessDiagnoser::UncheckedOptionalAccessDiagnoser(
967 UncheckedOptionalAccessModelOptions Options)
968 : DiagnoseMatchSwitch(buildDiagnoseMatchSwitch(Options)) {}
1
Calling 'buildDiagnoseMatchSwitch'
969
970std::vector<SourceLocation> UncheckedOptionalAccessDiagnoser::diagnose(
971 ASTContext &Ctx, const CFGElement *Elt, const Environment &Env) {
972 return DiagnoseMatchSwitch(*Elt, Ctx, Env);
973}
974
975} // namespace dataflow
976} // namespace clang

/build/source/clang/include/clang/Analysis/FlowSensitive/CFGMatchSwitch.h

1//===---- CFGMatchSwitch.h --------------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines the `CFGMatchSwitch` abstraction for building a "switch"
10// statement for control flow graph elements. Each case of the switch is
11// defined by an ASTMatcher which is applied on the AST node contained in the
12// input `CFGElement`.
13//
14// Currently, the `CFGMatchSwitch` only handles `CFGElement`s of
15// `Kind::Statement` and `Kind::Initializer`.
16//
17//===----------------------------------------------------------------------===//
18
19#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_
20#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_
21
22#include "clang/AST/ASTContext.h"
23#include "clang/AST/Stmt.h"
24#include "clang/Analysis/CFG.h"
25#include "clang/Analysis/FlowSensitive/MatchSwitch.h"
26#include <functional>
27#include <utility>
28
29namespace clang {
30namespace dataflow {
31
32template <typename State, typename Result = void>
33using CFGMatchSwitch =
34 std::function<Result(const CFGElement &, ASTContext &, State &)>;
35
36/// Collects cases of a "match switch": a collection of matchers paired with
37/// callbacks, which together define a switch that can be applied to an AST node
38/// contained in a CFG element.
39template <typename State, typename Result = void> class CFGMatchSwitchBuilder {
40public:
41 /// Registers an action `A` for `CFGStmt`s that will be triggered by the match
42 /// of the pattern `M` against the `Stmt` contained in the input `CFGStmt`.
43 ///
44 /// Requirements:
45 ///
46 /// `NodeT` should be derived from `Stmt`.
47 template <typename NodeT>
48 CFGMatchSwitchBuilder &&
49 CaseOfCFGStmt(MatchSwitchMatcher<Stmt> M,
50 MatchSwitchAction<NodeT, State, Result> A) && {
51 std::move(StmtBuilder).template CaseOf<NodeT>(M, A);
52 return std::move(*this);
53 }
54
55 /// Registers an action `A` for `CFGInitializer`s that will be triggered by
56 /// the match of the pattern `M` against the `CXXCtorInitializer` contained in
57 /// the input `CFGInitializer`.
58 ///
59 /// Requirements:
60 ///
61 /// `NodeT` should be derived from `CXXCtorInitializer`.
62 template <typename NodeT>
63 CFGMatchSwitchBuilder &&
64 CaseOfCFGInit(MatchSwitchMatcher<CXXCtorInitializer> M,
65 MatchSwitchAction<NodeT, State, Result> A) && {
66 std::move(InitBuilder).template CaseOf<NodeT>(M, A);
67 return std::move(*this);
68 }
69
70 CFGMatchSwitch<State, Result> Build() && {
71 return [StmtMS = std::move(StmtBuilder).Build(),
13
Potential memory leak
72 InitMS = std::move(InitBuilder).Build()](const CFGElement &Element,
3
Calling 'ASTMatchSwitchBuilder::Build'
12
Returned allocated memory
73 ASTContext &Context,
74 State &S) -> Result {
75 switch (Element.getKind()) {
76 case CFGElement::Initializer:
77 return InitMS(*Element.castAs<CFGInitializer>().getInitializer(),
78 Context, S);
79 case CFGElement::Statement:
80 case CFGElement::Constructor:
81 case CFGElement::CXXRecordTypedCall:
82 return StmtMS(*Element.castAs<CFGStmt>().getStmt(), Context, S);
83 default:
84 // FIXME: Handle other kinds of CFGElement.
85 return Result();
86 }
87 };
88 }
89
90private:
91 ASTMatchSwitchBuilder<Stmt, State, Result> StmtBuilder;
92 ASTMatchSwitchBuilder<CXXCtorInitializer, State, Result> InitBuilder;
93};
94
95} // namespace dataflow
96} // namespace clang
97
98#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_CFGMATCHSWITCH_H_

/build/source/clang/include/clang/Analysis/FlowSensitive/MatchSwitch.h

1//===---- MatchSwitch.h -----------------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines the `ASTMatchSwitch` abstraction for building a "switch"
10// statement, where each case of the switch is defined by an AST matcher. The
11// cases are considered in order, like pattern matching in functional
12// languages.
13//
14// Currently, the design is catered towards simplifying the implementation of
15// `DataflowAnalysis` transfer functions. Based on experience here, this
16// library may be generalized and moved to ASTMatchers.
17//
18//===----------------------------------------------------------------------===//
19//
20// FIXME: Rename to ASTMatchSwitch.h
21
22#ifndef LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_
23#define LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_
24
25#include "clang/AST/ASTContext.h"
26#include "clang/AST/Stmt.h"
27#include "clang/ASTMatchers/ASTMatchFinder.h"
28#include "clang/ASTMatchers/ASTMatchers.h"
29#include "clang/Analysis/FlowSensitive/DataflowEnvironment.h"
30#include "llvm/ADT/StringRef.h"
31#include <functional>
32#include <string>
33#include <type_traits>
34#include <utility>
35#include <vector>
36
37namespace clang {
38namespace dataflow {
39
40/// A common form of state shared between the cases of a transfer function.
41template <typename LatticeT> struct TransferState {
42 TransferState(LatticeT &Lattice, Environment &Env)
43 : Lattice(Lattice), Env(Env) {}
44
45 /// Current lattice element.
46 LatticeT &Lattice;
47 Environment &Env;
48};
49
50/// A read-only version of TransferState.
51template <typename LatticeT> struct TransferStateForDiagnostics {
52 TransferStateForDiagnostics(const LatticeT &Lattice, const Environment &Env)
53 : Lattice(Lattice), Env(Env) {}
54
55 /// Current lattice element.
56 const LatticeT &Lattice;
57 const Environment &Env;
58};
59
60template <typename T>
61using MatchSwitchMatcher = ast_matchers::internal::Matcher<T>;
62
63template <typename T, typename State, typename Result = void>
64using MatchSwitchAction = std::function<Result(
65 const T *, const ast_matchers::MatchFinder::MatchResult &, State &)>;
66
67template <typename BaseT, typename State, typename Result = void>
68using ASTMatchSwitch =
69 std::function<Result(const BaseT &, ASTContext &, State &)>;
70
71/// Collects cases of a "match switch": a collection of matchers paired with
72/// callbacks, which together define a switch that can be applied to a node
73/// whose type derives from `BaseT`. This structure can simplify the definition
74/// of `transfer` functions that rely on pattern-matching.
75///
76/// For example, consider an analysis that handles particular function calls. It
77/// can define the `ASTMatchSwitch` once, in the constructor of the analysis,
78/// and then reuse it each time that `transfer` is called, with a fresh state
79/// value.
80///
81/// \code
82/// ASTMatchSwitch<Stmt, TransferState<MyLattice> BuildSwitch() {
83/// return ASTMatchSwitchBuilder<TransferState<MyLattice>>()
84/// .CaseOf(callExpr(callee(functionDecl(hasName("foo")))), TransferFooCall)
85/// .CaseOf(callExpr(argumentCountIs(2),
86/// callee(functionDecl(hasName("bar")))),
87/// TransferBarCall)
88/// .Build();
89/// }
90/// \endcode
91template <typename BaseT, typename State, typename Result = void>
92class ASTMatchSwitchBuilder {
93public:
94 /// Registers an action that will be triggered by the match of a pattern
95 /// against the input statement.
96 ///
97 /// Requirements:
98 ///
99 /// `NodeT` should be derived from `BaseT`.
100 template <typename NodeT>
101 ASTMatchSwitchBuilder &&CaseOf(MatchSwitchMatcher<BaseT> M,
102 MatchSwitchAction<NodeT, State, Result> A) && {
103 static_assert(std::is_base_of<BaseT, NodeT>::value,
104 "NodeT must be derived from BaseT.");
105 Matchers.push_back(std::move(M));
106 Actions.push_back(
107 [A = std::move(A)](const BaseT *Node,
108 const ast_matchers::MatchFinder::MatchResult &R,
109 State &S) { return A(cast<NodeT>(Node), R, S); });
110 return std::move(*this);
111 }
112
113 ASTMatchSwitch<BaseT, State, Result> Build() && {
114 return [Matcher = BuildMatcher(), Actions = std::move(Actions)](
4
Calling constructor for 'function<std::vector<clang::SourceLocation> (const clang::CXXCtorInitializer &, clang::ASTContext &, const clang::dataflow::Environment &)>'
11
Returning from constructor for 'function<std::vector<clang::SourceLocation> (const clang::CXXCtorInitializer &, clang::ASTContext &, const clang::dataflow::Environment &)>'
115 const BaseT &Node, ASTContext &Context, State &S) -> Result {
116 auto Results = ast_matchers::matchDynamic(Matcher, Node, Context);
117 if (Results.empty()) {
118 return Result();
119 }
120 // Look through the map for the first binding of the form "TagN..." use
121 // that to select the action.
122 for (const auto &Element : Results[0].getMap()) {
123 llvm::StringRef ID(Element.first);
124 size_t Index = 0;
125 if (ID.consume_front("Tag") && !ID.getAsInteger(10, Index) &&
126 Index < Actions.size()) {
127 return Actions[Index](
128 &Node,
129 ast_matchers::MatchFinder::MatchResult(Results[0], &Context), S);
130 }
131 }
132 return Result();
133 };
134 }
135
136private:
137 ast_matchers::internal::DynTypedMatcher BuildMatcher() {
138 using ast_matchers::anything;
139 using ast_matchers::stmt;
140 using ast_matchers::unless;
141 using ast_matchers::internal::DynTypedMatcher;
142 if (Matchers.empty())
143 return stmt(unless(anything()));
144 for (int I = 0, N = Matchers.size(); I < N; ++I) {
145 std::string Tag = ("Tag" + llvm::Twine(I)).str();
146 // Many matchers are not bindable, so ensure that tryBind will work.
147 Matchers[I].setAllowBind(true);
148 auto M = *Matchers[I].tryBind(Tag);
149 // Each anyOf explicitly controls the traversal kind. The anyOf itself is
150 // set to `TK_AsIs` to ensure no nodes are skipped, thereby deferring to
151 // the kind of the branches. Then, each branch is either left as is, if
152 // the kind is already set, or explicitly set to `TK_AsIs`. We choose this
153 // setting because it is the default interpretation of matchers.
154 Matchers[I] =
155 !M.getTraversalKind() ? M.withTraversalKind(TK_AsIs) : std::move(M);
156 }
157 // The matcher type on the cases ensures that `Expr` kind is compatible with
158 // all of the matchers.
159 return DynTypedMatcher::constructVariadic(
160 DynTypedMatcher::VO_AnyOf, ASTNodeKind::getFromNodeKind<BaseT>(),
161 std::move(Matchers));
162 }
163
164 std::vector<ast_matchers::internal::DynTypedMatcher> Matchers;
165 std::vector<MatchSwitchAction<BaseT, State, Result>> Actions;
166};
167
168} // namespace dataflow
169} // namespace clang
170#endif // LLVM_CLANG_ANALYSIS_FLOWSENSITIVE_MATCHSWITCH_H_

/usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/bits/std_function.h

1// Implementation of std::function -*- C++ -*-
2
3// Copyright (C) 2004-2020 Free Software Foundation, Inc.
4//
5// This file is part of the GNU ISO C++ Library. This library is free
6// software; you can redistribute it and/or modify it under the
7// terms of the GNU General Public License as published by the
8// Free Software Foundation; either version 3, or (at your option)
9// any later version.
10
11// This library is distributed in the hope that it will be useful,
12// but WITHOUT ANY WARRANTY; without even the implied warranty of
13// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14// GNU General Public License for more details.
15
16// Under Section 7 of GPL version 3, you are granted additional
17// permissions described in the GCC Runtime Library Exception, version
18// 3.1, as published by the Free Software Foundation.
19
20// You should have received a copy of the GNU General Public License and
21// a copy of the GCC Runtime Library Exception along with this program;
22// see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
23// <http://www.gnu.org/licenses/>.
24
25/** @file include/bits/std_function.h
26 * This is an internal header file, included by other library headers.
27 * Do not attempt to use it directly. @headername{functional}
28 */
29
30#ifndef _GLIBCXX_STD_FUNCTION_H1
31#define _GLIBCXX_STD_FUNCTION_H1 1
32
33#pragma GCC system_header
34
35#if __cplusplus201703L < 201103L
36# include <bits/c++0x_warning.h>
37#else
38
39#if __cpp_rtti199711L
40# include <typeinfo>
41#endif
42#include <bits/stl_function.h>
43#include <bits/invoke.h>
44#include <bits/refwrap.h>
45#include <bits/functexcept.h>
46
47namespace std _GLIBCXX_VISIBILITY(default)__attribute__ ((__visibility__ ("default")))
48{
49_GLIBCXX_BEGIN_NAMESPACE_VERSION
50
51 /**
52 * @brief Exception class thrown when class template function's
53 * operator() is called with an empty target.
54 * @ingroup exceptions
55 */
56 class bad_function_call : public std::exception
57 {
58 public:
59 virtual ~bad_function_call() noexcept;
60
61 const char* what() const noexcept;
62 };
63
64 /**
65 * Trait identifying "location-invariant" types, meaning that the
66 * address of the object (or any of its members) will not escape.
67 * Trivially copyable types are location-invariant and users can
68 * specialize this trait for other types.
69 */
70 template<typename _Tp>
71 struct __is_location_invariant
72 : is_trivially_copyable<_Tp>::type
73 { };
74
75 class _Undefined_class;
76
77 union _Nocopy_types
78 {
79 void* _M_object;
80 const void* _M_const_object;
81 void (*_M_function_pointer)();
82 void (_Undefined_class::*_M_member_pointer)();
83 };
84
85 union [[gnu::may_alias]] _Any_data
86 {
87 void* _M_access() { return &_M_pod_data[0]; }
88 const void* _M_access() const { return &_M_pod_data[0]; }
89
90 template<typename _Tp>
91 _Tp&
92 _M_access()
93 { return *static_cast<_Tp*>(_M_access()); }
94
95 template<typename _Tp>
96 const _Tp&
97 _M_access() const
98 { return *static_cast<const _Tp*>(_M_access()); }
99
100 _Nocopy_types _M_unused;
101 char _M_pod_data[sizeof(_Nocopy_types)];
102 };
103
104 enum _Manager_operation
105 {
106 __get_type_info,
107 __get_functor_ptr,
108 __clone_functor,
109 __destroy_functor
110 };
111
112 template<typename _Signature>
113 class function;
114
115 /// Base class of all polymorphic function object wrappers.
116 class _Function_base
117 {
118 public:
119 static const size_t _M_max_size = sizeof(_Nocopy_types);
120 static const size_t _M_max_align = __alignof__(_Nocopy_types);
121
122 template<typename _Functor>
123 class _Base_manager
124 {
125 protected:
126 static const bool __stored_locally =
127 (__is_location_invariant<_Functor>::value
128 && sizeof(_Functor) <= _M_max_size
129 && __alignof__(_Functor) <= _M_max_align
130 && (_M_max_align % __alignof__(_Functor) == 0));
131
132 typedef integral_constant<bool, __stored_locally> _Local_storage;
133
134 // Retrieve a pointer to the function object
135 static _Functor*
136 _M_get_pointer(const _Any_data& __source)
137 {
138 if _GLIBCXX17_CONSTEXPRconstexpr (__stored_locally)
139 {
140 const _Functor& __f = __source._M_access<_Functor>();
141 return const_cast<_Functor*>(std::__addressof(__f));
142 }
143 else // have stored a pointer
144 return __source._M_access<_Functor*>();
145 }
146
147 // Clone a location-invariant function object that fits within
148 // an _Any_data structure.
149 static void
150 _M_clone(_Any_data& __dest, const _Any_data& __source, true_type)
151 {
152 ::new (__dest._M_access()) _Functor(__source._M_access<_Functor>());
153 }
154
155 // Clone a function object that is not location-invariant or
156 // that cannot fit into an _Any_data structure.
157 static void
158 _M_clone(_Any_data& __dest, const _Any_data& __source, false_type)
159 {
160 __dest._M_access<_Functor*>() =
161 new _Functor(*__source._M_access<const _Functor*>());
162 }
163
164 // Destroying a location-invariant object may still require
165 // destruction.
166 static void
167 _M_destroy(_Any_data& __victim, true_type)
168 {
169 __victim._M_access<_Functor>().~_Functor();
170 }
171
172 // Destroying an object located on the heap.
173 static void
174 _M_destroy(_Any_data& __victim, false_type)
175 {
176 delete __victim._M_access<_Functor*>();
177 }
178
179 public:
180 static bool
181 _M_manager(_Any_data& __dest, const _Any_data& __source,
182 _Manager_operation __op)
183 {
184 switch (__op)
185 {
186#if __cpp_rtti199711L
187 case __get_type_info:
188 __dest._M_access<const type_info*>() = &typeid(_Functor);
189 break;
190#endif
191 case __get_functor_ptr:
192 __dest._M_access<_Functor*>() = _M_get_pointer(__source);
193 break;
194
195 case __clone_functor:
196 _M_clone(__dest, __source, _Local_storage());
197 break;
198
199 case __destroy_functor:
200 _M_destroy(__dest, _Local_storage());
201 break;
202 }
203 return false;
204 }
205
206 static void
207 _M_init_functor(_Any_data& __functor, _Functor&& __f)
208 { _M_init_functor(__functor, std::move(__f), _Local_storage()); }
7
Calling '_Base_manager::_M_init_functor'
9
Returned allocated memory
209
210 template<typename _Signature>
211 static bool
212 _M_not_empty_function(const function<_Signature>& __f)
213 { return static_cast<bool>(__f); }
214
215 template<typename _Tp>
216 static bool
217 _M_not_empty_function(_Tp* __fp)
218 { return __fp != nullptr; }
219
220 template<typename _Class, typename _Tp>
221 static bool
222 _M_not_empty_function(_Tp _Class::* __mp)
223 { return __mp != nullptr; }
224
225 template<typename _Tp>
226 static bool
227 _M_not_empty_function(const _Tp&)
228 { return true; }
229
230 private:
231 static void
232 _M_init_functor(_Any_data& __functor, _Functor&& __f, true_type)
233 { ::new (__functor._M_access()) _Functor(std::move(__f)); }
234
235 static void
236 _M_init_functor(_Any_data& __functor, _Functor&& __f, false_type)
237 { __functor._M_access<_Functor*>() = new _Functor(std::move(__f)); }
8
Memory is allocated
238 };
239
240 _Function_base() : _M_manager(nullptr) { }
241
242 ~_Function_base()
243 {
244 if (_M_manager)
245 _M_manager(_M_functor, _M_functor, __destroy_functor);
246 }
247
248 bool _M_empty() const { return !_M_manager; }
249
250 typedef bool (*_Manager_type)(_Any_data&, const _Any_data&,
251 _Manager_operation);
252
253 _Any_data _M_functor;
254 _Manager_type _M_manager;
255 };
256
257 template<typename _Signature, typename _Functor>
258 class _Function_handler;
259
260 template<typename _Res, typename _Functor, typename... _ArgTypes>
261 class _Function_handler<_Res(_ArgTypes...), _Functor>
262 : public _Function_base::_Base_manager<_Functor>
263 {
264 typedef _Function_base::_Base_manager<_Functor> _Base;
265
266 public:
267 static bool
268 _M_manager(_Any_data& __dest, const _Any_data& __source,
269 _Manager_operation __op)
270 {
271 switch (__op)
272 {
273#if __cpp_rtti199711L
274 case __get_type_info:
275 __dest._M_access<const type_info*>() = &typeid(_Functor);
276 break;
277#endif
278 case __get_functor_ptr:
279 __dest._M_access<_Functor*>() = _Base::_M_get_pointer(__source);
280 break;
281
282 default:
283 _Base::_M_manager(__dest, __source, __op);
284 }
285 return false;
286 }
287
288 static _Res
289 _M_invoke(const _Any_data& __functor, _ArgTypes&&... __args)
290 {
291 return std::__invoke_r<_Res>(*_Base::_M_get_pointer(__functor),
292 std::forward<_ArgTypes>(__args)...);
293 }
294 };
295
296 /**
297 * @brief Primary class template for std::function.
298 * @ingroup functors
299 *
300 * Polymorphic function wrapper.
301 */
302 template<typename _Res, typename... _ArgTypes>
303 class function<_Res(_ArgTypes...)>
304 : public _Maybe_unary_or_binary_function<_Res, _ArgTypes...>,
305 private _Function_base
306 {
307 template<typename _Func,
308 typename _Res2 = __invoke_result<_Func&, _ArgTypes...>>
309 struct _Callable
310 : __is_invocable_impl<_Res2, _Res>::type
311 { };
312
313 // Used so the return type convertibility checks aren't done when
314 // performing overload resolution for copy construction/assignment.
315 template<typename _Tp>
316 struct _Callable<function, _Tp> : false_type { };
317
318 template<typename _Cond, typename _Tp>
319 using _Requires = typename enable_if<_Cond::value, _Tp>::type;
320
321 public:
322 typedef _Res result_type;
323
324 // [3.7.2.1] construct/copy/destroy
325
326 /**
327 * @brief Default construct creates an empty function call wrapper.
328 * @post @c !(bool)*this
329 */
330 function() noexcept
331 : _Function_base() { }
332
333 /**
334 * @brief Creates an empty function call wrapper.
335 * @post @c !(bool)*this
336 */
337 function(nullptr_t) noexcept
338 : _Function_base() { }
339
340 /**
341 * @brief %Function copy constructor.
342 * @param __x A %function object with identical call signature.
343 * @post @c bool(*this) == bool(__x)
344 *
345 * The newly-created %function contains a copy of the target of @a
346 * __x (if it has one).
347 */
348 function(const function& __x);
349
350 /**
351 * @brief %Function move constructor.
352 * @param __x A %function object rvalue with identical call signature.
353 *
354 * The newly-created %function contains the target of @a __x
355 * (if it has one).
356 */
357 function(function&& __x) noexcept : _Function_base()
358 {
359 __x.swap(*this);
360 }
361
362 /**
363 * @brief Builds a %function that targets a copy of the incoming
364 * function object.
365 * @param __f A %function object that is callable with parameters of
366 * type @c T1, @c T2, ..., @c TN and returns a value convertible
367 * to @c Res.
368 *
369 * The newly-created %function object will target a copy of
370 * @a __f. If @a __f is @c reference_wrapper<F>, then this function
371 * object will contain a reference to the function object @c
372 * __f.get(). If @a __f is a NULL function pointer or NULL
373 * pointer-to-member, the newly-created object will be empty.
374 *
375 * If @a __f is a non-NULL function pointer or an object of type @c
376 * reference_wrapper<F>, this function will not throw.
377 */
378 template<typename _Functor,
379 typename = _Requires<__not_<is_same<_Functor, function>>, void>,
380 typename = _Requires<_Callable<_Functor>, void>>
381 function(_Functor);
382
383 /**
384 * @brief %Function assignment operator.
385 * @param __x A %function with identical call signature.
386 * @post @c (bool)*this == (bool)x
387 * @returns @c *this
388 *
389 * The target of @a __x is copied to @c *this. If @a __x has no
390 * target, then @c *this will be empty.
391 *
392 * If @a __x targets a function pointer or a reference to a function
393 * object, then this operation will not throw an %exception.
394 */
395 function&
396 operator=(const function& __x)
397 {
398 function(__x).swap(*this);
399 return *this;
400 }
401
402 /**
403 * @brief %Function move-assignment operator.
404 * @param __x A %function rvalue with identical call signature.
405 * @returns @c *this
406 *
407 * The target of @a __x is moved to @c *this. If @a __x has no
408 * target, then @c *this will be empty.
409 *
410 * If @a __x targets a function pointer or a reference to a function
411 * object, then this operation will not throw an %exception.
412 */
413 function&
414 operator=(function&& __x) noexcept
415 {
416 function(std::move(__x)).swap(*this);
417 return *this;
418 }
419
420 /**
421 * @brief %Function assignment to zero.
422 * @post @c !(bool)*this
423 * @returns @c *this
424 *
425 * The target of @c *this is deallocated, leaving it empty.
426 */
427 function&
428 operator=(nullptr_t) noexcept
429 {
430 if (_M_manager)
431 {
432 _M_manager(_M_functor, _M_functor, __destroy_functor);
433 _M_manager = nullptr;
434 _M_invoker = nullptr;
435 }
436 return *this;
437 }
438
439 /**
440 * @brief %Function assignment to a new target.
441 * @param __f A %function object that is callable with parameters of
442 * type @c T1, @c T2, ..., @c TN and returns a value convertible
443 * to @c Res.
444 * @return @c *this
445 *
446 * This %function object wrapper will target a copy of @a
447 * __f. If @a __f is @c reference_wrapper<F>, then this function
448 * object will contain a reference to the function object @c
449 * __f.get(). If @a __f is a NULL function pointer or NULL
450 * pointer-to-member, @c this object will be empty.
451 *
452 * If @a __f is a non-NULL function pointer or an object of type @c
453 * reference_wrapper<F>, this function will not throw.
454 */
455 template<typename _Functor>
456 _Requires<_Callable<typename decay<_Functor>::type>, function&>
457 operator=(_Functor&& __f)
458 {
459 function(std::forward<_Functor>(__f)).swap(*this);
460 return *this;
461 }
462
463 /// @overload
464 template<typename _Functor>
465 function&
466 operator=(reference_wrapper<_Functor> __f) noexcept
467 {
468 function(__f).swap(*this);
469 return *this;
470 }
471
472 // [3.7.2.2] function modifiers
473
474 /**
475 * @brief Swap the targets of two %function objects.
476 * @param __x A %function with identical call signature.
477 *
478 * Swap the targets of @c this function object and @a __f. This
479 * function will not throw an %exception.
480 */
481 void swap(function& __x) noexcept
482 {
483 std::swap(_M_functor, __x._M_functor);
484 std::swap(_M_manager, __x._M_manager);
485 std::swap(_M_invoker, __x._M_invoker);
486 }
487
488 // [3.7.2.3] function capacity
489
490 /**
491 * @brief Determine if the %function wrapper has a target.
492 *
493 * @return @c true when this %function object contains a target,
494 * or @c false when it is empty.
495 *
496 * This function will not throw an %exception.
497 */
498 explicit operator bool() const noexcept
499 { return !_M_empty(); }
500
501 // [3.7.2.4] function invocation
502
503 /**
504 * @brief Invokes the function targeted by @c *this.
505 * @returns the result of the target.
506 * @throws bad_function_call when @c !(bool)*this
507 *
508 * The function call operator invokes the target function object
509 * stored by @c this.
510 */
511 _Res operator()(_ArgTypes... __args) const;
512
513#if __cpp_rtti199711L
514 // [3.7.2.5] function target access
515 /**
516 * @brief Determine the type of the target of this function object
517 * wrapper.
518 *
519 * @returns the type identifier of the target function object, or
520 * @c typeid(void) if @c !(bool)*this.
521 *
522 * This function will not throw an %exception.
523 */
524 const type_info& target_type() const noexcept;
525
526 /**
527 * @brief Access the stored target function object.
528 *
529 * @return Returns a pointer to the stored target function object,
530 * if @c typeid(_Functor).equals(target_type()); otherwise, a NULL
531 * pointer.
532 *
533 * This function does not throw exceptions.
534 *
535 * @{
536 */
537 template<typename _Functor> _Functor* target() noexcept;
538
539 template<typename _Functor> const _Functor* target() const noexcept;
540 // @}
541#endif
542
543 private:
544 using _Invoker_type = _Res (*)(const _Any_data&, _ArgTypes&&...);
545 _Invoker_type _M_invoker;
546 };
547
548#if __cpp_deduction_guides201703L >= 201606
549 template<typename>
550 struct __function_guide_helper
551 { };
552
553 template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
554 struct __function_guide_helper<
555 _Res (_Tp::*) (_Args...) noexcept(_Nx)
556 >
557 { using type = _Res(_Args...); };
558
559 template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
560 struct __function_guide_helper<
561 _Res (_Tp::*) (_Args...) & noexcept(_Nx)
562 >
563 { using type = _Res(_Args...); };
564
565 template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
566 struct __function_guide_helper<
567 _Res (_Tp::*) (_Args...) const noexcept(_Nx)
568 >
569 { using type = _Res(_Args...); };
570
571 template<typename _Res, typename _Tp, bool _Nx, typename... _Args>
572 struct __function_guide_helper<
573 _Res (_Tp::*) (_Args...) const & noexcept(_Nx)
574 >
575 { using type = _Res(_Args...); };
576
577 template<typename _Res, typename... _ArgTypes>
578 function(_Res(*)(_ArgTypes...)) -> function<_Res(_ArgTypes...)>;
579
580 template<typename _Functor, typename _Signature = typename
581 __function_guide_helper<decltype(&_Functor::operator())>::type>
582 function(_Functor) -> function<_Signature>;
583#endif
584
585 // Out-of-line member definitions.
586 template<typename _Res, typename... _ArgTypes>
587 function<_Res(_ArgTypes...)>::
588 function(const function& __x)
589 : _Function_base()
590 {
591 if (static_cast<bool>(__x))
592 {
593 __x._M_manager(_M_functor, __x._M_functor, __clone_functor);
594 _M_invoker = __x._M_invoker;
595 _M_manager = __x._M_manager;
596 }
597 }
598
599 template<typename _Res, typename... _ArgTypes>
600 template<typename _Functor, typename, typename>
601 function<_Res(_ArgTypes...)>::
602 function(_Functor __f)
603 : _Function_base()
604 {
605 typedef _Function_handler<_Res(_ArgTypes...), _Functor> _My_handler;
606
607 if (_My_handler::_M_not_empty_function(__f))
5
Taking true branch
608 {
609 _My_handler::_M_init_functor(_M_functor, std::move(__f));
6
Calling '_Base_manager::_M_init_functor'
10
Returned allocated memory
610 _M_invoker = &_My_handler::_M_invoke;
611 _M_manager = &_My_handler::_M_manager;
612 }
613 }
614
615 template<typename _Res, typename... _ArgTypes>
616 _Res
617 function<_Res(_ArgTypes...)>::
618 operator()(_ArgTypes... __args) const
619 {
620 if (_M_empty())
621 __throw_bad_function_call();
622 return _M_invoker(_M_functor, std::forward<_ArgTypes>(__args)...);
623 }
624
625#if __cpp_rtti199711L
626 template<typename _Res, typename... _ArgTypes>
627 const type_info&
628 function<_Res(_ArgTypes...)>::
629 target_type() const noexcept
630 {
631 if (_M_manager)
632 {
633 _Any_data __typeinfo_result;
634 _M_manager(__typeinfo_result, _M_functor, __get_type_info);
635 return *__typeinfo_result._M_access<const type_info*>();
636 }
637 else
638 return typeid(void);
639 }
640
641 template<typename _Res, typename... _ArgTypes>
642 template<typename _Functor>
643 _Functor*
644 function<_Res(_ArgTypes...)>::
645 target() noexcept
646 {
647 const function* __const_this = this;
648 const _Functor* __func = __const_this->template target<_Functor>();
649 return const_cast<_Functor*>(__func);
650 }
651
652 template<typename _Res, typename... _ArgTypes>
653 template<typename _Functor>
654 const _Functor*
655 function<_Res(_ArgTypes...)>::
656 target() const noexcept
657 {
658 if (typeid(_Functor) == target_type() && _M_manager)
659 {
660 _Any_data __ptr;
661 _M_manager(__ptr, _M_functor, __get_functor_ptr);
662 return __ptr._M_access<const _Functor*>();
663 }
664 else
665 return nullptr;
666 }
667#endif
668
669 // [20.7.15.2.6] null pointer comparisons
670
671 /**
672 * @brief Compares a polymorphic function object wrapper against 0
673 * (the NULL pointer).
674 * @returns @c true if the wrapper has no target, @c false otherwise
675 *
676 * This function will not throw an %exception.
677 */
678 template<typename _Res, typename... _Args>
679 inline bool
680 operator==(const function<_Res(_Args...)>& __f, nullptr_t) noexcept
681 { return !static_cast<bool>(__f); }
682
683#if __cpp_impl_three_way_comparison < 201907L
684 /// @overload
685 template<typename _Res, typename... _Args>
686 inline bool
687 operator==(nullptr_t, const function<_Res(_Args...)>& __f) noexcept
688 { return !static_cast<bool>(__f); }
689
690 /**
691 * @brief Compares a polymorphic function object wrapper against 0
692 * (the NULL pointer).
693 * @returns @c false if the wrapper has no target, @c true otherwise
694 *
695 * This function will not throw an %exception.
696 */
697 template<typename _Res, typename... _Args>
698 inline bool
699 operator!=(const function<_Res(_Args...)>& __f, nullptr_t) noexcept
700 { return static_cast<bool>(__f); }
701
702 /// @overload
703 template<typename _Res, typename... _Args>
704 inline bool
705 operator!=(nullptr_t, const function<_Res(_Args...)>& __f) noexcept
706 { return static_cast<bool>(__f); }
707#endif
708
709 // [20.7.15.2.7] specialized algorithms
710
711 /**
712 * @brief Swap the targets of two polymorphic function object wrappers.
713 *
714 * This function will not throw an %exception.
715 */
716 // _GLIBCXX_RESOLVE_LIB_DEFECTS
717 // 2062. Effect contradictions w/o no-throw guarantee of std::function swaps
718 template<typename _Res, typename... _Args>
719 inline void
720 swap(function<_Res(_Args...)>& __x, function<_Res(_Args...)>& __y) noexcept
721 { __x.swap(__y); }
722
723#if __cplusplus201703L >= 201703L
724 namespace __detail::__variant
725 {
726 template<typename> struct _Never_valueless_alt; // see <variant>
727
728 // Provide the strong exception-safety guarantee when emplacing a
729 // function into a variant.
730 template<typename _Signature>
731 struct _Never_valueless_alt<std::function<_Signature>>
732 : std::true_type
733 { };
734 } // namespace __detail::__variant
735#endif // C++17
736
737_GLIBCXX_END_NAMESPACE_VERSION
738} // namespace std
739
740#endif // C++11
741#endif // _GLIBCXX_STD_FUNCTION_H