Bug Summary

File:clang/lib/StaticAnalyzer/Checkers/IvarInvalidationChecker.cpp
Warning:line 347, column 7
Called C++ object pointer is null

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-pc-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name IvarInvalidationChecker.cpp -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=cplusplus -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -analyzer-config-compatibility-mode=true -mrelocation-model pic -pic-level 2 -mframe-pointer=none -relaxed-aliasing -fmath-errno -fno-rounding-math -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -ffunction-sections -fdata-sections -fcoverage-compilation-dir=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/tools/clang/lib/StaticAnalyzer/Checkers -resource-dir /usr/lib/llvm-14/lib/clang/14.0.0 -D _GNU_SOURCE -D __STDC_CONSTANT_MACROS -D __STDC_FORMAT_MACROS -D __STDC_LIMIT_MACROS -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/tools/clang/lib/StaticAnalyzer/Checkers -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/clang/lib/StaticAnalyzer/Checkers -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/clang/include -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/tools/clang/include -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/include -I /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/llvm/include -D NDEBUG -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/x86_64-linux-gnu/c++/10 -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../include/c++/10/backward -internal-isystem /usr/lib/llvm-14/lib/clang/14.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-linux-gnu/10/../../../../x86_64-linux-gnu/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -O2 -Wno-unused-parameter -Wwrite-strings -Wno-missing-field-initializers -Wno-long-long -Wno-maybe-uninitialized -Wno-class-memaccess -Wno-redundant-move -Wno-pessimizing-move -Wno-noexcept-type -Wno-comment -std=c++14 -fdeprecated-macro -fdebug-compilation-dir=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/build-llvm/tools/clang/lib/StaticAnalyzer/Checkers -fdebug-prefix-map=/build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e=. -ferror-limit 19 -fvisibility-inlines-hidden -stack-protector 2 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -analyzer-config stable-report-filename=true -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2021-09-04-040900-46481-1 -x c++ /build/llvm-toolchain-snapshot-14~++20210903100615+fd66b44ec19e/clang/lib/StaticAnalyzer/Checkers/IvarInvalidationChecker.cpp
1//===- IvarInvalidationChecker.cpp ------------------------------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This checker implements annotation driven invalidation checking. If a class
10// contains a method annotated with 'objc_instance_variable_invalidator',
11// - (void) foo
12// __attribute__((annotate("objc_instance_variable_invalidator")));
13// all the "ivalidatable" instance variables of this class should be
14// invalidated. We call an instance variable ivalidatable if it is an object of
15// a class which contains an invalidation method. There could be multiple
16// methods annotated with such annotations per class, either one can be used
17// to invalidate the ivar. An ivar or property are considered to be
18// invalidated if they are being assigned 'nil' or an invalidation method has
19// been called on them. An invalidation method should either invalidate all
20// the ivars or call another invalidation method (on self).
21//
22// Partial invalidor annotation allows to address cases when ivars are
23// invalidated by other methods, which might or might not be called from
24// the invalidation method. The checker checks that each invalidation
25// method and all the partial methods cumulatively invalidate all ivars.
26// __attribute__((annotate("objc_instance_variable_invalidator_partial")));
27//
28//===----------------------------------------------------------------------===//
29
30#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
31#include "clang/AST/Attr.h"
32#include "clang/AST/DeclObjC.h"
33#include "clang/AST/StmtVisitor.h"
34#include "clang/StaticAnalyzer/Core/BugReporter/BugReporter.h"
35#include "clang/StaticAnalyzer/Core/Checker.h"
36#include "clang/StaticAnalyzer/Core/PathSensitive/AnalysisManager.h"
37#include "llvm/ADT/DenseMap.h"
38#include "llvm/ADT/SetVector.h"
39#include "llvm/ADT/SmallString.h"
40
41using namespace clang;
42using namespace ento;
43
44namespace {
45struct ChecksFilter {
46 /// Check for missing invalidation method declarations.
47 DefaultBool check_MissingInvalidationMethod;
48 /// Check that all ivars are invalidated.
49 DefaultBool check_InstanceVariableInvalidation;
50
51 CheckerNameRef checkName_MissingInvalidationMethod;
52 CheckerNameRef checkName_InstanceVariableInvalidation;
53};
54
55class IvarInvalidationCheckerImpl {
56 typedef llvm::SmallSetVector<const ObjCMethodDecl*, 2> MethodSet;
57 typedef llvm::DenseMap<const ObjCMethodDecl*,
58 const ObjCIvarDecl*> MethToIvarMapTy;
59 typedef llvm::DenseMap<const ObjCPropertyDecl*,
60 const ObjCIvarDecl*> PropToIvarMapTy;
61 typedef llvm::DenseMap<const ObjCIvarDecl*,
62 const ObjCPropertyDecl*> IvarToPropMapTy;
63
64 struct InvalidationInfo {
65 /// Has the ivar been invalidated?
66 bool IsInvalidated;
67
68 /// The methods which can be used to invalidate the ivar.
69 MethodSet InvalidationMethods;
70
71 InvalidationInfo() : IsInvalidated(false) {}
72 void addInvalidationMethod(const ObjCMethodDecl *MD) {
73 InvalidationMethods.insert(MD);
74 }
75
76 bool needsInvalidation() const {
77 return !InvalidationMethods.empty();
14
Assuming the condition is false
15
Returning zero, which participates in a condition later
18
Assuming the condition is false
19
Returning zero, which participates in a condition later
78 }
79
80 bool hasMethod(const ObjCMethodDecl *MD) {
81 if (IsInvalidated)
82 return true;
83 for (MethodSet::iterator I = InvalidationMethods.begin(),
84 E = InvalidationMethods.end(); I != E; ++I) {
85 if (*I == MD) {
86 IsInvalidated = true;
87 return true;
88 }
89 }
90 return false;
91 }
92 };
93
94 typedef llvm::DenseMap<const ObjCIvarDecl*, InvalidationInfo> IvarSet;
95
96 /// Statement visitor, which walks the method body and flags the ivars
97 /// referenced in it (either directly or via property).
98 class MethodCrawler : public ConstStmtVisitor<MethodCrawler> {
99 /// The set of Ivars which need to be invalidated.
100 IvarSet &IVars;
101
102 /// Flag is set as the result of a message send to another
103 /// invalidation method.
104 bool &CalledAnotherInvalidationMethod;
105
106 /// Property setter to ivar mapping.
107 const MethToIvarMapTy &PropertySetterToIvarMap;
108
109 /// Property getter to ivar mapping.
110 const MethToIvarMapTy &PropertyGetterToIvarMap;
111
112 /// Property to ivar mapping.
113 const PropToIvarMapTy &PropertyToIvarMap;
114
115 /// The invalidation method being currently processed.
116 const ObjCMethodDecl *InvalidationMethod;
117
118 ASTContext &Ctx;
119
120 /// Peel off parens, casts, OpaqueValueExpr, and PseudoObjectExpr.
121 const Expr *peel(const Expr *E) const;
122
123 /// Does this expression represent zero: '0'?
124 bool isZero(const Expr *E) const;
125
126 /// Mark the given ivar as invalidated.
127 void markInvalidated(const ObjCIvarDecl *Iv);
128
129 /// Checks if IvarRef refers to the tracked IVar, if yes, marks it as
130 /// invalidated.
131 void checkObjCIvarRefExpr(const ObjCIvarRefExpr *IvarRef);
132
133 /// Checks if ObjCPropertyRefExpr refers to the tracked IVar, if yes, marks
134 /// it as invalidated.
135 void checkObjCPropertyRefExpr(const ObjCPropertyRefExpr *PA);
136
137 /// Checks if ObjCMessageExpr refers to (is a getter for) the tracked IVar,
138 /// if yes, marks it as invalidated.
139 void checkObjCMessageExpr(const ObjCMessageExpr *ME);
140
141 /// Checks if the Expr refers to an ivar, if yes, marks it as invalidated.
142 void check(const Expr *E);
143
144 public:
145 MethodCrawler(IvarSet &InIVars,
146 bool &InCalledAnotherInvalidationMethod,
147 const MethToIvarMapTy &InPropertySetterToIvarMap,
148 const MethToIvarMapTy &InPropertyGetterToIvarMap,
149 const PropToIvarMapTy &InPropertyToIvarMap,
150 ASTContext &InCtx)
151 : IVars(InIVars),
152 CalledAnotherInvalidationMethod(InCalledAnotherInvalidationMethod),
153 PropertySetterToIvarMap(InPropertySetterToIvarMap),
154 PropertyGetterToIvarMap(InPropertyGetterToIvarMap),
155 PropertyToIvarMap(InPropertyToIvarMap),
156 InvalidationMethod(nullptr),
157 Ctx(InCtx) {}
158
159 void VisitStmt(const Stmt *S) { VisitChildren(S); }
160
161 void VisitBinaryOperator(const BinaryOperator *BO);
162
163 void VisitObjCMessageExpr(const ObjCMessageExpr *ME);
164
165 void VisitChildren(const Stmt *S) {
166 for (const auto *Child : S->children()) {
167 if (Child)
168 this->Visit(Child);
169 if (CalledAnotherInvalidationMethod)
170 return;
171 }
172 }
173 };
174
175 /// Check if the any of the methods inside the interface are annotated with
176 /// the invalidation annotation, update the IvarInfo accordingly.
177 /// \param LookForPartial is set when we are searching for partial
178 /// invalidators.
179 static void containsInvalidationMethod(const ObjCContainerDecl *D,
180 InvalidationInfo &Out,
181 bool LookForPartial);
182
183 /// Check if ivar should be tracked and add to TrackedIvars if positive.
184 /// Returns true if ivar should be tracked.
185 static bool trackIvar(const ObjCIvarDecl *Iv, IvarSet &TrackedIvars,
186 const ObjCIvarDecl **FirstIvarDecl);
187
188 /// Given the property declaration, and the list of tracked ivars, finds
189 /// the ivar backing the property when possible. Returns '0' when no such
190 /// ivar could be found.
191 static const ObjCIvarDecl *findPropertyBackingIvar(
192 const ObjCPropertyDecl *Prop,
193 const ObjCInterfaceDecl *InterfaceD,
194 IvarSet &TrackedIvars,
195 const ObjCIvarDecl **FirstIvarDecl);
196
197 /// Print ivar name or the property if the given ivar backs a property.
198 static void printIvar(llvm::raw_svector_ostream &os,
199 const ObjCIvarDecl *IvarDecl,
200 const IvarToPropMapTy &IvarToPopertyMap);
201
202 void reportNoInvalidationMethod(CheckerNameRef CheckName,
203 const ObjCIvarDecl *FirstIvarDecl,
204 const IvarToPropMapTy &IvarToPopertyMap,
205 const ObjCInterfaceDecl *InterfaceD,
206 bool MissingDeclaration) const;
207
208 void reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
209 const IvarToPropMapTy &IvarToPopertyMap,
210 const ObjCMethodDecl *MethodD) const;
211
212 AnalysisManager& Mgr;
213 BugReporter &BR;
214 /// Filter on the checks performed.
215 const ChecksFilter &Filter;
216
217public:
218 IvarInvalidationCheckerImpl(AnalysisManager& InMgr,
219 BugReporter &InBR,
220 const ChecksFilter &InFilter) :
221 Mgr (InMgr), BR(InBR), Filter(InFilter) {}
222
223 void visit(const ObjCImplementationDecl *D) const;
224};
225
226static bool isInvalidationMethod(const ObjCMethodDecl *M, bool LookForPartial) {
227 for (const auto *Ann : M->specific_attrs<AnnotateAttr>()) {
228 if (!LookForPartial &&
229 Ann->getAnnotation() == "objc_instance_variable_invalidator")
230 return true;
231 if (LookForPartial &&
232 Ann->getAnnotation() == "objc_instance_variable_invalidator_partial")
233 return true;
234 }
235 return false;
236}
237
238void IvarInvalidationCheckerImpl::containsInvalidationMethod(
239 const ObjCContainerDecl *D, InvalidationInfo &OutInfo, bool Partial) {
240
241 if (!D)
242 return;
243
244 assert(!isa<ObjCImplementationDecl>(D))(static_cast<void> (0));
245 // TODO: Cache the results.
246
247 // Check all methods.
248 for (const auto *MDI : D->methods())
249 if (isInvalidationMethod(MDI, Partial))
250 OutInfo.addInvalidationMethod(
251 cast<ObjCMethodDecl>(MDI->getCanonicalDecl()));
252
253 // If interface, check all parent protocols and super.
254 if (const ObjCInterfaceDecl *InterfD = dyn_cast<ObjCInterfaceDecl>(D)) {
255
256 // Visit all protocols.
257 for (const auto *I : InterfD->protocols())
258 containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
259
260 // Visit all categories in case the invalidation method is declared in
261 // a category.
262 for (const auto *Ext : InterfD->visible_extensions())
263 containsInvalidationMethod(Ext, OutInfo, Partial);
264
265 containsInvalidationMethod(InterfD->getSuperClass(), OutInfo, Partial);
266 return;
267 }
268
269 // If protocol, check all parent protocols.
270 if (const ObjCProtocolDecl *ProtD = dyn_cast<ObjCProtocolDecl>(D)) {
271 for (const auto *I : ProtD->protocols()) {
272 containsInvalidationMethod(I->getDefinition(), OutInfo, Partial);
273 }
274 return;
275 }
276}
277
278bool IvarInvalidationCheckerImpl::trackIvar(const ObjCIvarDecl *Iv,
279 IvarSet &TrackedIvars,
280 const ObjCIvarDecl **FirstIvarDecl) {
281 QualType IvQTy = Iv->getType();
282 const ObjCObjectPointerType *IvTy = IvQTy->getAs<ObjCObjectPointerType>();
283 if (!IvTy)
284 return false;
285 const ObjCInterfaceDecl *IvInterf = IvTy->getInterfaceDecl();
286
287 InvalidationInfo Info;
288 containsInvalidationMethod(IvInterf, Info, /*LookForPartial*/ false);
289 if (Info.needsInvalidation()) {
290 const ObjCIvarDecl *I = cast<ObjCIvarDecl>(Iv->getCanonicalDecl());
291 TrackedIvars[I] = Info;
292 if (!*FirstIvarDecl)
293 *FirstIvarDecl = I;
294 return true;
295 }
296 return false;
297}
298
299const ObjCIvarDecl *IvarInvalidationCheckerImpl::findPropertyBackingIvar(
300 const ObjCPropertyDecl *Prop,
301 const ObjCInterfaceDecl *InterfaceD,
302 IvarSet &TrackedIvars,
303 const ObjCIvarDecl **FirstIvarDecl) {
304 const ObjCIvarDecl *IvarD = nullptr;
305
306 // Lookup for the synthesized case.
307 IvarD = Prop->getPropertyIvarDecl();
308 // We only track the ivars/properties that are defined in the current
309 // class (not the parent).
310 if (IvarD && IvarD->getContainingInterface() == InterfaceD) {
311 if (TrackedIvars.count(IvarD)) {
312 return IvarD;
313 }
314 // If the ivar is synthesized we still want to track it.
315 if (trackIvar(IvarD, TrackedIvars, FirstIvarDecl))
316 return IvarD;
317 }
318
319 // Lookup IVars named "_PropName"or "PropName" among the tracked Ivars.
320 StringRef PropName = Prop->getIdentifier()->getName();
321 for (IvarSet::const_iterator I = TrackedIvars.begin(),
322 E = TrackedIvars.end(); I != E; ++I) {
323 const ObjCIvarDecl *Iv = I->first;
324 StringRef IvarName = Iv->getName();
325
326 if (IvarName == PropName)
327 return Iv;
328
329 SmallString<128> PropNameWithUnderscore;
330 {
331 llvm::raw_svector_ostream os(PropNameWithUnderscore);
332 os << '_' << PropName;
333 }
334 if (IvarName == PropNameWithUnderscore)
335 return Iv;
336 }
337
338 // Note, this is a possible source of false positives. We could look at the
339 // getter implementation to find the ivar when its name is not derived from
340 // the property name.
341 return nullptr;
342}
343
344void IvarInvalidationCheckerImpl::printIvar(llvm::raw_svector_ostream &os,
345 const ObjCIvarDecl *IvarDecl,
346 const IvarToPropMapTy &IvarToPopertyMap) {
347 if (IvarDecl->getSynthesize()) {
28
Called C++ object pointer is null
348 const ObjCPropertyDecl *PD = IvarToPopertyMap.lookup(IvarDecl);
349 assert(PD &&"Do we synthesize ivars for something other than properties?")(static_cast<void> (0));
350 os << "Property "<< PD->getName() << " ";
351 } else {
352 os << "Instance variable "<< IvarDecl->getName() << " ";
353 }
354}
355
356// Check that the invalidatable interfaces with ivars/properties implement the
357// invalidation methods.
358void IvarInvalidationCheckerImpl::
359visit(const ObjCImplementationDecl *ImplD) const {
360 // Collect all ivars that need cleanup.
361 IvarSet Ivars;
362 // Record the first Ivar needing invalidation; used in reporting when only
363 // one ivar is sufficient. Cannot grab the first on the Ivars set to ensure
364 // deterministic output.
365 const ObjCIvarDecl *FirstIvarDecl = nullptr;
2
'FirstIvarDecl' initialized to a null pointer value
366 const ObjCInterfaceDecl *InterfaceD = ImplD->getClassInterface();
367
368 // Collect ivars declared in this class, its extensions and its implementation
369 ObjCInterfaceDecl *IDecl = const_cast<ObjCInterfaceDecl *>(InterfaceD);
370 for (const ObjCIvarDecl *Iv = IDecl->all_declared_ivar_begin(); Iv;
3
Loop condition is false. Execution jumps to the end of the function
371 Iv= Iv->getNextIvar())
372 trackIvar(Iv, Ivars, &FirstIvarDecl);
373
374 // Construct Property/Property Accessor to Ivar maps to assist checking if an
375 // ivar which is backing a property has been reset.
376 MethToIvarMapTy PropSetterToIvarMap;
377 MethToIvarMapTy PropGetterToIvarMap;
378 PropToIvarMapTy PropertyToIvarMap;
379 IvarToPropMapTy IvarToPopertyMap;
380
381 ObjCInterfaceDecl::PropertyMap PropMap;
382 ObjCInterfaceDecl::PropertyDeclOrder PropOrder;
383 InterfaceD->collectPropertiesToImplement(PropMap, PropOrder);
384
385 for (ObjCInterfaceDecl::PropertyMap::iterator
4
Loop condition is false. Execution continues on line 416
386 I = PropMap.begin(), E = PropMap.end(); I != E; ++I) {
387 const ObjCPropertyDecl *PD = I->second;
388 if (PD->isClassProperty())
389 continue;
390
391 const ObjCIvarDecl *ID = findPropertyBackingIvar(PD, InterfaceD, Ivars,
392 &FirstIvarDecl);
393 if (!ID)
394 continue;
395
396 // Store the mappings.
397 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
398 PropertyToIvarMap[PD] = ID;
399 IvarToPopertyMap[ID] = PD;
400
401 // Find the setter and the getter.
402 const ObjCMethodDecl *SetterD = PD->getSetterMethodDecl();
403 if (SetterD) {
404 SetterD = SetterD->getCanonicalDecl();
405 PropSetterToIvarMap[SetterD] = ID;
406 }
407
408 const ObjCMethodDecl *GetterD = PD->getGetterMethodDecl();
409 if (GetterD) {
410 GetterD = GetterD->getCanonicalDecl();
411 PropGetterToIvarMap[GetterD] = ID;
412 }
413 }
414
415 // If no ivars need invalidation, there is nothing to check here.
416 if (Ivars.empty())
5
Assuming the condition is false
6
Taking false branch
417 return;
418
419 // Find all partial invalidation methods.
420 InvalidationInfo PartialInfo;
421 containsInvalidationMethod(InterfaceD, PartialInfo, /*LookForPartial*/ true);
422
423 // Remove ivars invalidated by the partial invalidation methods. They do not
424 // need to be invalidated in the regular invalidation methods.
425 bool AtImplementationContainsAtLeastOnePartialInvalidationMethod = false;
426 for (MethodSet::iterator
8
Loop condition is true. Entering loop body
10
Loop condition is false. Execution continues on line 454
427 I = PartialInfo.InvalidationMethods.begin(),
428 E = PartialInfo.InvalidationMethods.end(); I != E; ++I) {
7
Assuming 'I' is not equal to 'E'
429 const ObjCMethodDecl *InterfD = *I;
430
431 // Get the corresponding method in the @implementation.
432 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
433 InterfD->isInstanceMethod());
434 if (D && D->hasBody()) {
9
Assuming 'D' is null
435 AtImplementationContainsAtLeastOnePartialInvalidationMethod = true;
436
437 bool CalledAnotherInvalidationMethod = false;
438 // The MethodCrowler is going to remove the invalidated ivars.
439 MethodCrawler(Ivars,
440 CalledAnotherInvalidationMethod,
441 PropSetterToIvarMap,
442 PropGetterToIvarMap,
443 PropertyToIvarMap,
444 BR.getContext()).VisitStmt(D->getBody());
445 // If another invalidation method was called, trust that full invalidation
446 // has occurred.
447 if (CalledAnotherInvalidationMethod)
448 Ivars.clear();
449 }
450 }
451
452 // If all ivars have been invalidated by partial invalidators, there is
453 // nothing to check here.
454 if (Ivars.empty())
11
Assuming the condition is false
12
Taking false branch
455 return;
456
457 // Find all invalidation methods in this @interface declaration and parents.
458 InvalidationInfo Info;
459 containsInvalidationMethod(InterfaceD, Info, /*LookForPartial*/ false);
460
461 // Report an error in case none of the invalidation methods are declared.
462 if (!Info.needsInvalidation() && !PartialInfo.needsInvalidation()) {
13
Calling 'InvalidationInfo::needsInvalidation'
16
Returning from 'InvalidationInfo::needsInvalidation'
17
Calling 'InvalidationInfo::needsInvalidation'
20
Returning from 'InvalidationInfo::needsInvalidation'
21
Taking true branch
463 if (Filter.check_MissingInvalidationMethod)
22
Assuming the condition is true
23
Taking true branch
464 reportNoInvalidationMethod(Filter.checkName_MissingInvalidationMethod,
25
Calling 'IvarInvalidationCheckerImpl::reportNoInvalidationMethod'
465 FirstIvarDecl, IvarToPopertyMap, InterfaceD,
24
Passing null pointer value via 2nd parameter 'FirstIvarDecl'
466 /*MissingDeclaration*/ true);
467 // If there are no invalidation methods, there is no ivar validation work
468 // to be done.
469 return;
470 }
471
472 // Only check if Ivars are invalidated when InstanceVariableInvalidation
473 // has been requested.
474 if (!Filter.check_InstanceVariableInvalidation)
475 return;
476
477 // Check that all ivars are invalidated by the invalidation methods.
478 bool AtImplementationContainsAtLeastOneInvalidationMethod = false;
479 for (MethodSet::iterator I = Info.InvalidationMethods.begin(),
480 E = Info.InvalidationMethods.end(); I != E; ++I) {
481 const ObjCMethodDecl *InterfD = *I;
482
483 // Get the corresponding method in the @implementation.
484 const ObjCMethodDecl *D = ImplD->getMethod(InterfD->getSelector(),
485 InterfD->isInstanceMethod());
486 if (D && D->hasBody()) {
487 AtImplementationContainsAtLeastOneInvalidationMethod = true;
488
489 // Get a copy of ivars needing invalidation.
490 IvarSet IvarsI = Ivars;
491
492 bool CalledAnotherInvalidationMethod = false;
493 MethodCrawler(IvarsI,
494 CalledAnotherInvalidationMethod,
495 PropSetterToIvarMap,
496 PropGetterToIvarMap,
497 PropertyToIvarMap,
498 BR.getContext()).VisitStmt(D->getBody());
499 // If another invalidation method was called, trust that full invalidation
500 // has occurred.
501 if (CalledAnotherInvalidationMethod)
502 continue;
503
504 // Warn on the ivars that were not invalidated by the method.
505 for (IvarSet::const_iterator
506 I = IvarsI.begin(), E = IvarsI.end(); I != E; ++I)
507 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, D);
508 }
509 }
510
511 // Report an error in case none of the invalidation methods are implemented.
512 if (!AtImplementationContainsAtLeastOneInvalidationMethod) {
513 if (AtImplementationContainsAtLeastOnePartialInvalidationMethod) {
514 // Warn on the ivars that were not invalidated by the prrtial
515 // invalidation methods.
516 for (IvarSet::const_iterator
517 I = Ivars.begin(), E = Ivars.end(); I != E; ++I)
518 reportIvarNeedsInvalidation(I->first, IvarToPopertyMap, nullptr);
519 } else {
520 // Otherwise, no invalidation methods were implemented.
521 reportNoInvalidationMethod(Filter.checkName_InstanceVariableInvalidation,
522 FirstIvarDecl, IvarToPopertyMap, InterfaceD,
523 /*MissingDeclaration*/ false);
524 }
525 }
526}
527
528void IvarInvalidationCheckerImpl::reportNoInvalidationMethod(
529 CheckerNameRef CheckName, const ObjCIvarDecl *FirstIvarDecl,
530 const IvarToPropMapTy &IvarToPopertyMap,
531 const ObjCInterfaceDecl *InterfaceD, bool MissingDeclaration) const {
532 SmallString<128> sbuf;
533 llvm::raw_svector_ostream os(sbuf);
534 assert(FirstIvarDecl)(static_cast<void> (0));
535 printIvar(os, FirstIvarDecl, IvarToPopertyMap);
26
Passing null pointer value via 2nd parameter 'IvarDecl'
27
Calling 'IvarInvalidationCheckerImpl::printIvar'
536 os << "needs to be invalidated; ";
537 if (MissingDeclaration)
538 os << "no invalidation method is declared for ";
539 else
540 os << "no invalidation method is defined in the @implementation for ";
541 os << InterfaceD->getName();
542
543 PathDiagnosticLocation IvarDecLocation =
544 PathDiagnosticLocation::createBegin(FirstIvarDecl, BR.getSourceManager());
545
546 BR.EmitBasicReport(FirstIvarDecl, CheckName, "Incomplete invalidation",
547 categories::CoreFoundationObjectiveC, os.str(),
548 IvarDecLocation);
549}
550
551void IvarInvalidationCheckerImpl::
552reportIvarNeedsInvalidation(const ObjCIvarDecl *IvarD,
553 const IvarToPropMapTy &IvarToPopertyMap,
554 const ObjCMethodDecl *MethodD) const {
555 SmallString<128> sbuf;
556 llvm::raw_svector_ostream os(sbuf);
557 printIvar(os, IvarD, IvarToPopertyMap);
558 os << "needs to be invalidated or set to nil";
559 if (MethodD) {
560 PathDiagnosticLocation MethodDecLocation =
561 PathDiagnosticLocation::createEnd(MethodD->getBody(),
562 BR.getSourceManager(),
563 Mgr.getAnalysisDeclContext(MethodD));
564 BR.EmitBasicReport(MethodD, Filter.checkName_InstanceVariableInvalidation,
565 "Incomplete invalidation",
566 categories::CoreFoundationObjectiveC, os.str(),
567 MethodDecLocation);
568 } else {
569 BR.EmitBasicReport(
570 IvarD, Filter.checkName_InstanceVariableInvalidation,
571 "Incomplete invalidation", categories::CoreFoundationObjectiveC,
572 os.str(),
573 PathDiagnosticLocation::createBegin(IvarD, BR.getSourceManager()));
574 }
575}
576
577void IvarInvalidationCheckerImpl::MethodCrawler::markInvalidated(
578 const ObjCIvarDecl *Iv) {
579 IvarSet::iterator I = IVars.find(Iv);
580 if (I != IVars.end()) {
581 // If InvalidationMethod is present, we are processing the message send and
582 // should ensure we are invalidating with the appropriate method,
583 // otherwise, we are processing setting to 'nil'.
584 if (!InvalidationMethod || I->second.hasMethod(InvalidationMethod))
585 IVars.erase(I);
586 }
587}
588
589const Expr *IvarInvalidationCheckerImpl::MethodCrawler::peel(const Expr *E) const {
590 E = E->IgnoreParenCasts();
591 if (const PseudoObjectExpr *POE = dyn_cast<PseudoObjectExpr>(E))
592 E = POE->getSyntacticForm()->IgnoreParenCasts();
593 if (const OpaqueValueExpr *OVE = dyn_cast<OpaqueValueExpr>(E))
594 E = OVE->getSourceExpr()->IgnoreParenCasts();
595 return E;
596}
597
598void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCIvarRefExpr(
599 const ObjCIvarRefExpr *IvarRef) {
600 if (const Decl *D = IvarRef->getDecl())
601 markInvalidated(cast<ObjCIvarDecl>(D->getCanonicalDecl()));
602}
603
604void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCMessageExpr(
605 const ObjCMessageExpr *ME) {
606 const ObjCMethodDecl *MD = ME->getMethodDecl();
607 if (MD) {
608 MD = MD->getCanonicalDecl();
609 MethToIvarMapTy::const_iterator IvI = PropertyGetterToIvarMap.find(MD);
610 if (IvI != PropertyGetterToIvarMap.end())
611 markInvalidated(IvI->second);
612 }
613}
614
615void IvarInvalidationCheckerImpl::MethodCrawler::checkObjCPropertyRefExpr(
616 const ObjCPropertyRefExpr *PA) {
617
618 if (PA->isExplicitProperty()) {
619 const ObjCPropertyDecl *PD = PA->getExplicitProperty();
620 if (PD) {
621 PD = cast<ObjCPropertyDecl>(PD->getCanonicalDecl());
622 PropToIvarMapTy::const_iterator IvI = PropertyToIvarMap.find(PD);
623 if (IvI != PropertyToIvarMap.end())
624 markInvalidated(IvI->second);
625 return;
626 }
627 }
628
629 if (PA->isImplicitProperty()) {
630 const ObjCMethodDecl *MD = PA->getImplicitPropertySetter();
631 if (MD) {
632 MD = MD->getCanonicalDecl();
633 MethToIvarMapTy::const_iterator IvI =PropertyGetterToIvarMap.find(MD);
634 if (IvI != PropertyGetterToIvarMap.end())
635 markInvalidated(IvI->second);
636 return;
637 }
638 }
639}
640
641bool IvarInvalidationCheckerImpl::MethodCrawler::isZero(const Expr *E) const {
642 E = peel(E);
643
644 return (E->isNullPointerConstant(Ctx, Expr::NPC_ValueDependentIsNotNull)
645 != Expr::NPCK_NotNull);
646}
647
648void IvarInvalidationCheckerImpl::MethodCrawler::check(const Expr *E) {
649 E = peel(E);
650
651 if (const ObjCIvarRefExpr *IvarRef = dyn_cast<ObjCIvarRefExpr>(E)) {
652 checkObjCIvarRefExpr(IvarRef);
653 return;
654 }
655
656 if (const ObjCPropertyRefExpr *PropRef = dyn_cast<ObjCPropertyRefExpr>(E)) {
657 checkObjCPropertyRefExpr(PropRef);
658 return;
659 }
660
661 if (const ObjCMessageExpr *MsgExpr = dyn_cast<ObjCMessageExpr>(E)) {
662 checkObjCMessageExpr(MsgExpr);
663 return;
664 }
665}
666
667void IvarInvalidationCheckerImpl::MethodCrawler::VisitBinaryOperator(
668 const BinaryOperator *BO) {
669 VisitStmt(BO);
670
671 // Do we assign/compare against zero? If yes, check the variable we are
672 // assigning to.
673 BinaryOperatorKind Opcode = BO->getOpcode();
674 if (Opcode != BO_Assign &&
675 Opcode != BO_EQ &&
676 Opcode != BO_NE)
677 return;
678
679 if (isZero(BO->getRHS())) {
680 check(BO->getLHS());
681 return;
682 }
683
684 if (Opcode != BO_Assign && isZero(BO->getLHS())) {
685 check(BO->getRHS());
686 return;
687 }
688}
689
690void IvarInvalidationCheckerImpl::MethodCrawler::VisitObjCMessageExpr(
691 const ObjCMessageExpr *ME) {
692 const ObjCMethodDecl *MD = ME->getMethodDecl();
693 const Expr *Receiver = ME->getInstanceReceiver();
694
695 // Stop if we are calling '[self invalidate]'.
696 if (Receiver && isInvalidationMethod(MD, /*LookForPartial*/ false))
697 if (Receiver->isObjCSelfExpr()) {
698 CalledAnotherInvalidationMethod = true;
699 return;
700 }
701
702 // Check if we call a setter and set the property to 'nil'.
703 if (MD && (ME->getNumArgs() == 1) && isZero(ME->getArg(0))) {
704 MD = MD->getCanonicalDecl();
705 MethToIvarMapTy::const_iterator IvI = PropertySetterToIvarMap.find(MD);
706 if (IvI != PropertySetterToIvarMap.end()) {
707 markInvalidated(IvI->second);
708 return;
709 }
710 }
711
712 // Check if we call the 'invalidation' routine on the ivar.
713 if (Receiver) {
714 InvalidationMethod = MD;
715 check(Receiver->IgnoreParenCasts());
716 InvalidationMethod = nullptr;
717 }
718
719 VisitStmt(ME);
720}
721} // end anonymous namespace
722
723// Register the checkers.
724namespace {
725class IvarInvalidationChecker :
726 public Checker<check::ASTDecl<ObjCImplementationDecl> > {
727public:
728 ChecksFilter Filter;
729public:
730 void checkASTDecl(const ObjCImplementationDecl *D, AnalysisManager& Mgr,
731 BugReporter &BR) const {
732 IvarInvalidationCheckerImpl Walker(Mgr, BR, Filter);
733 Walker.visit(D);
1
Calling 'IvarInvalidationCheckerImpl::visit'
734 }
735};
736} // end anonymous namespace
737
738void ento::registerIvarInvalidationModeling(CheckerManager &mgr) {
739 mgr.registerChecker<IvarInvalidationChecker>();
740}
741
742bool ento::shouldRegisterIvarInvalidationModeling(const CheckerManager &mgr) {
743 return true;
744}
745
746#define REGISTER_CHECKER(name)void ento::registername(CheckerManager &mgr) { IvarInvalidationChecker
*checker = mgr.getChecker<IvarInvalidationChecker>(); checker
->Filter.check_name = true; checker->Filter.checkName_name
= mgr.getCurrentCheckerName(); } bool ento::shouldRegistername
(const CheckerManager &mgr) { return true; } \
747 void ento::register##name(CheckerManager &mgr) { \
748 IvarInvalidationChecker *checker = \
749 mgr.getChecker<IvarInvalidationChecker>(); \
750 checker->Filter.check_##name = true; \
751 checker->Filter.checkName_##name = mgr.getCurrentCheckerName(); \
752 } \
753 \
754 bool ento::shouldRegister##name(const CheckerManager &mgr) { return true; }
755
756REGISTER_CHECKER(InstanceVariableInvalidation)void ento::registerInstanceVariableInvalidation(CheckerManager
&mgr) { IvarInvalidationChecker *checker = mgr.getChecker
<IvarInvalidationChecker>(); checker->Filter.check_InstanceVariableInvalidation
= true; checker->Filter.checkName_InstanceVariableInvalidation
= mgr.getCurrentCheckerName(); } bool ento::shouldRegisterInstanceVariableInvalidation
(const CheckerManager &mgr) { return true; }
757REGISTER_CHECKER(MissingInvalidationMethod)void ento::registerMissingInvalidationMethod(CheckerManager &
mgr) { IvarInvalidationChecker *checker = mgr.getChecker<IvarInvalidationChecker
>(); checker->Filter.check_MissingInvalidationMethod = true
; checker->Filter.checkName_MissingInvalidationMethod = mgr
.getCurrentCheckerName(); } bool ento::shouldRegisterMissingInvalidationMethod
(const CheckerManager &mgr) { return true; }