1 //=- AnalysisBasedWarnings.cpp - Sema warnings based on libAnalysis -*- C++ -*-=//
3 // The LLVM Compiler Infrastructure
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
8 //===----------------------------------------------------------------------===//
10 // This file defines analysis_warnings::[Policy,Executor].
11 // Together they are used by Sema to issue warnings based on inexpensive
12 // static analysis algorithms in libAnalysis.
14 //===----------------------------------------------------------------------===//
16 #include "clang/Sema/AnalysisBasedWarnings.h"
17 #include "clang/Sema/SemaInternal.h"
18 #include "clang/Sema/ScopeInfo.h"
19 #include "clang/Basic/SourceManager.h"
20 #include "clang/Basic/SourceLocation.h"
21 #include "clang/Lex/Preprocessor.h"
22 #include "clang/AST/DeclObjC.h"
23 #include "clang/AST/DeclCXX.h"
24 #include "clang/AST/ExprObjC.h"
25 #include "clang/AST/ExprCXX.h"
26 #include "clang/AST/StmtObjC.h"
27 #include "clang/AST/StmtCXX.h"
28 #include "clang/AST/EvaluatedExprVisitor.h"
29 #include "clang/AST/StmtVisitor.h"
30 #include "clang/Analysis/AnalysisContext.h"
31 #include "clang/Analysis/CFG.h"
32 #include "clang/Analysis/Analyses/ReachableCode.h"
33 #include "clang/Analysis/Analyses/CFGReachabilityAnalysis.h"
34 #include "clang/Analysis/Analyses/ThreadSafety.h"
35 #include "clang/Analysis/CFGStmtMap.h"
36 #include "clang/Analysis/Analyses/UninitializedValues.h"
37 #include "llvm/ADT/BitVector.h"
38 #include "llvm/ADT/FoldingSet.h"
39 #include "llvm/ADT/ImmutableMap.h"
40 #include "llvm/ADT/PostOrderIterator.h"
41 #include "llvm/ADT/SmallVector.h"
42 #include "llvm/ADT/StringRef.h"
43 #include "llvm/Support/Casting.h"
47 using namespace clang;
49 //===----------------------------------------------------------------------===//
50 // Unreachable code analysis.
51 //===----------------------------------------------------------------------===//
54 class UnreachableCodeHandler : public reachable_code::Callback {
57 UnreachableCodeHandler(Sema &s) : S(s) {}
59 void HandleUnreachable(SourceLocation L, SourceRange R1, SourceRange R2) {
60 S.Diag(L, diag::warn_unreachable) << R1 << R2;
65 /// CheckUnreachable - Check for unreachable code.
66 static void CheckUnreachable(Sema &S, AnalysisContext &AC) {
67 UnreachableCodeHandler UC(S);
68 reachable_code::FindUnreachableCode(AC, UC);
71 //===----------------------------------------------------------------------===//
72 // Check for missing return value.
73 //===----------------------------------------------------------------------===//
75 enum ControlFlowKind {
80 NeverFallThroughOrReturn
83 /// CheckFallThrough - Check that we don't fall off the end of a
84 /// Statement that should return a value.
86 /// \returns AlwaysFallThrough iff we always fall off the end of the statement,
87 /// MaybeFallThrough iff we might or might not fall off the end,
88 /// NeverFallThroughOrReturn iff we never fall off the end of the statement or
89 /// return. We assume NeverFallThrough iff we never fall off the end of the
90 /// statement but we may return. We assume that functions not marked noreturn
92 static ControlFlowKind CheckFallThrough(AnalysisContext &AC) {
93 CFG *cfg = AC.getCFG();
94 if (cfg == 0) return UnknownFallThrough;
96 // The CFG leaves in dead things, and we don't want the dead code paths to
97 // confuse us, so we mark all live things first.
98 llvm::BitVector live(cfg->getNumBlockIDs());
99 unsigned count = reachable_code::ScanReachableFromBlock(&cfg->getEntry(),
102 bool AddEHEdges = AC.getAddEHEdges();
103 if (!AddEHEdges && count != cfg->getNumBlockIDs())
104 // When there are things remaining dead, and we didn't add EH edges
105 // from CallExprs to the catch clauses, we have to go back and
106 // mark them as live.
107 for (CFG::iterator I = cfg->begin(), E = cfg->end(); I != E; ++I) {
109 if (!live[b.getBlockID()]) {
110 if (b.pred_begin() == b.pred_end()) {
111 if (b.getTerminator() && isa<CXXTryStmt>(b.getTerminator()))
112 // When not adding EH edges from calls, catch clauses
113 // can otherwise seem dead. Avoid noting them as dead.
114 count += reachable_code::ScanReachableFromBlock(&b, live);
120 // Now we know what is live, we check the live precessors of the exit block
121 // and look for fall through paths, being careful to ignore normal returns,
122 // and exceptional paths.
123 bool HasLiveReturn = false;
124 bool HasFakeEdge = false;
125 bool HasPlainEdge = false;
126 bool HasAbnormalEdge = false;
128 // Ignore default cases that aren't likely to be reachable because all
129 // enums in a switch(X) have explicit case statements.
130 CFGBlock::FilterOptions FO;
131 FO.IgnoreDefaultsWithCoveredEnums = 1;
133 for (CFGBlock::filtered_pred_iterator
134 I = cfg->getExit().filtered_pred_start_end(FO); I.hasMore(); ++I) {
135 const CFGBlock& B = **I;
136 if (!live[B.getBlockID()])
139 // Skip blocks which contain an element marked as no-return. They don't
140 // represent actually viable edges into the exit block, so mark them as
142 if (B.hasNoReturnElement()) {
143 HasAbnormalEdge = true;
147 // Destructors can appear after the 'return' in the CFG. This is
148 // normal. We need to look pass the destructors for the return
149 // statement (if it exists).
150 CFGBlock::const_reverse_iterator ri = B.rbegin(), re = B.rend();
152 for ( ; ri != re ; ++ri)
153 if (isa<CFGStmt>(*ri))
156 // No more CFGElements in the block?
158 if (B.getTerminator() && isa<CXXTryStmt>(B.getTerminator())) {
159 HasAbnormalEdge = true;
162 // A labeled empty statement, or the entry block...
167 CFGStmt CS = cast<CFGStmt>(*ri);
168 const Stmt *S = CS.getStmt();
169 if (isa<ReturnStmt>(S)) {
170 HasLiveReturn = true;
173 if (isa<ObjCAtThrowStmt>(S)) {
177 if (isa<CXXThrowExpr>(S)) {
181 if (const AsmStmt *AS = dyn_cast<AsmStmt>(S)) {
184 HasLiveReturn = true;
188 if (isa<CXXTryStmt>(S)) {
189 HasAbnormalEdge = true;
192 if (std::find(B.succ_begin(), B.succ_end(), &cfg->getExit())
194 HasAbnormalEdge = true;
202 return NeverFallThrough;
203 return NeverFallThroughOrReturn;
205 if (HasAbnormalEdge || HasFakeEdge || HasLiveReturn)
206 return MaybeFallThrough;
207 // This says AlwaysFallThrough for calls to functions that are not marked
208 // noreturn, that don't return. If people would like this warning to be more
209 // accurate, such functions should be marked as noreturn.
210 return AlwaysFallThrough;
215 struct CheckFallThroughDiagnostics {
216 unsigned diag_MaybeFallThrough_HasNoReturn;
217 unsigned diag_MaybeFallThrough_ReturnsNonVoid;
218 unsigned diag_AlwaysFallThrough_HasNoReturn;
219 unsigned diag_AlwaysFallThrough_ReturnsNonVoid;
220 unsigned diag_NeverFallThroughOrReturn;
222 SourceLocation FuncLoc;
224 static CheckFallThroughDiagnostics MakeForFunction(const Decl *Func) {
225 CheckFallThroughDiagnostics D;
226 D.FuncLoc = Func->getLocation();
227 D.diag_MaybeFallThrough_HasNoReturn =
228 diag::warn_falloff_noreturn_function;
229 D.diag_MaybeFallThrough_ReturnsNonVoid =
230 diag::warn_maybe_falloff_nonvoid_function;
231 D.diag_AlwaysFallThrough_HasNoReturn =
232 diag::warn_falloff_noreturn_function;
233 D.diag_AlwaysFallThrough_ReturnsNonVoid =
234 diag::warn_falloff_nonvoid_function;
236 // Don't suggest that virtual functions be marked "noreturn", since they
237 // might be overridden by non-noreturn functions.
238 bool isVirtualMethod = false;
239 if (const CXXMethodDecl *Method = dyn_cast<CXXMethodDecl>(Func))
240 isVirtualMethod = Method->isVirtual();
242 // Don't suggest that template instantiations be marked "noreturn"
243 bool isTemplateInstantiation = false;
244 if (const FunctionDecl *Function = dyn_cast<FunctionDecl>(Func)) {
245 switch (Function->getTemplateSpecializationKind()) {
247 case TSK_ExplicitSpecialization:
250 case TSK_ImplicitInstantiation:
251 case TSK_ExplicitInstantiationDeclaration:
252 case TSK_ExplicitInstantiationDefinition:
253 isTemplateInstantiation = true;
258 if (!isVirtualMethod && !isTemplateInstantiation)
259 D.diag_NeverFallThroughOrReturn =
260 diag::warn_suggest_noreturn_function;
262 D.diag_NeverFallThroughOrReturn = 0;
268 static CheckFallThroughDiagnostics MakeForBlock() {
269 CheckFallThroughDiagnostics D;
270 D.diag_MaybeFallThrough_HasNoReturn =
271 diag::err_noreturn_block_has_return_expr;
272 D.diag_MaybeFallThrough_ReturnsNonVoid =
273 diag::err_maybe_falloff_nonvoid_block;
274 D.diag_AlwaysFallThrough_HasNoReturn =
275 diag::err_noreturn_block_has_return_expr;
276 D.diag_AlwaysFallThrough_ReturnsNonVoid =
277 diag::err_falloff_nonvoid_block;
278 D.diag_NeverFallThroughOrReturn =
279 diag::warn_suggest_noreturn_block;
284 bool checkDiagnostics(DiagnosticsEngine &D, bool ReturnsVoid,
285 bool HasNoReturn) const {
287 return (ReturnsVoid ||
288 D.getDiagnosticLevel(diag::warn_maybe_falloff_nonvoid_function,
289 FuncLoc) == DiagnosticsEngine::Ignored)
291 D.getDiagnosticLevel(diag::warn_noreturn_function_has_return_expr,
292 FuncLoc) == DiagnosticsEngine::Ignored)
294 D.getDiagnosticLevel(diag::warn_suggest_noreturn_block, FuncLoc)
295 == DiagnosticsEngine::Ignored);
299 return ReturnsVoid && !HasNoReturn
301 D.getDiagnosticLevel(diag::warn_suggest_noreturn_block, FuncLoc)
302 == DiagnosticsEngine::Ignored);
308 /// CheckFallThroughForFunctionDef - Check that we don't fall off the end of a
309 /// function that should return a value. Check that we don't fall off the end
310 /// of a noreturn function. We assume that functions and blocks not marked
311 /// noreturn will return.
312 static void CheckFallThroughForBody(Sema &S, const Decl *D, const Stmt *Body,
313 const BlockExpr *blkExpr,
314 const CheckFallThroughDiagnostics& CD,
315 AnalysisContext &AC) {
317 bool ReturnsVoid = false;
318 bool HasNoReturn = false;
320 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
321 ReturnsVoid = FD->getResultType()->isVoidType();
322 HasNoReturn = FD->hasAttr<NoReturnAttr>() ||
323 FD->getType()->getAs<FunctionType>()->getNoReturnAttr();
325 else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
326 ReturnsVoid = MD->getResultType()->isVoidType();
327 HasNoReturn = MD->hasAttr<NoReturnAttr>();
329 else if (isa<BlockDecl>(D)) {
330 QualType BlockTy = blkExpr->getType();
331 if (const FunctionType *FT =
332 BlockTy->getPointeeType()->getAs<FunctionType>()) {
333 if (FT->getResultType()->isVoidType())
335 if (FT->getNoReturnAttr())
340 DiagnosticsEngine &Diags = S.getDiagnostics();
342 // Short circuit for compilation speed.
343 if (CD.checkDiagnostics(Diags, ReturnsVoid, HasNoReturn))
346 // FIXME: Function try block
347 if (const CompoundStmt *Compound = dyn_cast<CompoundStmt>(Body)) {
348 switch (CheckFallThrough(AC)) {
349 case UnknownFallThrough:
352 case MaybeFallThrough:
354 S.Diag(Compound->getRBracLoc(),
355 CD.diag_MaybeFallThrough_HasNoReturn);
356 else if (!ReturnsVoid)
357 S.Diag(Compound->getRBracLoc(),
358 CD.diag_MaybeFallThrough_ReturnsNonVoid);
360 case AlwaysFallThrough:
362 S.Diag(Compound->getRBracLoc(),
363 CD.diag_AlwaysFallThrough_HasNoReturn);
364 else if (!ReturnsVoid)
365 S.Diag(Compound->getRBracLoc(),
366 CD.diag_AlwaysFallThrough_ReturnsNonVoid);
368 case NeverFallThroughOrReturn:
369 if (ReturnsVoid && !HasNoReturn && CD.diag_NeverFallThroughOrReturn) {
370 if (const FunctionDecl *FD = dyn_cast<FunctionDecl>(D)) {
371 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn)
373 } else if (const ObjCMethodDecl *MD = dyn_cast<ObjCMethodDecl>(D)) {
374 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn)
377 S.Diag(Compound->getLBracLoc(), CD.diag_NeverFallThroughOrReturn);
381 case NeverFallThrough:
387 //===----------------------------------------------------------------------===//
389 //===----------------------------------------------------------------------===//
392 /// ContainsReference - A visitor class to search for references to
393 /// a particular declaration (the needle) within any evaluated component of an
394 /// expression (recursively).
395 class ContainsReference : public EvaluatedExprVisitor<ContainsReference> {
397 const DeclRefExpr *Needle;
400 ContainsReference(ASTContext &Context, const DeclRefExpr *Needle)
401 : EvaluatedExprVisitor<ContainsReference>(Context),
402 FoundReference(false), Needle(Needle) {}
404 void VisitExpr(Expr *E) {
405 // Stop evaluating if we already have a reference.
409 EvaluatedExprVisitor<ContainsReference>::VisitExpr(E);
412 void VisitDeclRefExpr(DeclRefExpr *E) {
414 FoundReference = true;
416 EvaluatedExprVisitor<ContainsReference>::VisitDeclRefExpr(E);
419 bool doesContainReference() const { return FoundReference; }
423 static bool SuggestInitializationFixit(Sema &S, const VarDecl *VD) {
424 // Don't issue a fixit if there is already an initializer.
428 // Suggest possible initialization (if any).
429 const char *initialization = 0;
430 QualType VariableTy = VD->getType().getCanonicalType();
432 if (VariableTy->isObjCObjectPointerType() ||
433 VariableTy->isBlockPointerType()) {
434 // Check if 'nil' is defined.
435 if (S.PP.getMacroInfo(&S.getASTContext().Idents.get("nil")))
436 initialization = " = nil";
438 initialization = " = 0";
440 else if (VariableTy->isRealFloatingType())
441 initialization = " = 0.0";
442 else if (VariableTy->isBooleanType() && S.Context.getLangOptions().CPlusPlus)
443 initialization = " = false";
444 else if (VariableTy->isEnumeralType())
446 else if (VariableTy->isPointerType() || VariableTy->isMemberPointerType()) {
447 if (S.Context.getLangOptions().CPlusPlus0x)
448 initialization = " = nullptr";
449 // Check if 'NULL' is defined.
450 else if (S.PP.getMacroInfo(&S.getASTContext().Idents.get("NULL")))
451 initialization = " = NULL";
453 initialization = " = 0";
455 else if (VariableTy->isScalarType())
456 initialization = " = 0";
458 if (initialization) {
459 SourceLocation loc = S.PP.getLocForEndOfToken(VD->getLocEnd());
460 S.Diag(loc, diag::note_var_fixit_add_initialization) << VD->getDeclName()
461 << FixItHint::CreateInsertion(loc, initialization);
467 /// DiagnoseUninitializedUse -- Helper function for diagnosing uses of an
468 /// uninitialized variable. This manages the different forms of diagnostic
469 /// emitted for particular types of uses. Returns true if the use was diagnosed
470 /// as a warning. If a pariticular use is one we omit warnings for, returns
472 static bool DiagnoseUninitializedUse(Sema &S, const VarDecl *VD,
473 const Expr *E, bool isAlwaysUninit,
474 bool alwaysReportSelfInit = false) {
475 bool isSelfInit = false;
477 if (const DeclRefExpr *DRE = dyn_cast<DeclRefExpr>(E)) {
478 if (isAlwaysUninit) {
479 // Inspect the initializer of the variable declaration which is
480 // being referenced prior to its initialization. We emit
481 // specialized diagnostics for self-initialization, and we
482 // specifically avoid warning about self references which take the
487 // This is used to indicate to GCC that 'x' is intentionally left
488 // uninitialized. Proven code paths which access 'x' in
489 // an uninitialized state after this will still warn.
491 // TODO: Should we suppress maybe-uninitialized warnings for
492 // variables initialized in this way?
493 if (const Expr *Initializer = VD->getInit()) {
494 if (!alwaysReportSelfInit && DRE == Initializer->IgnoreParenImpCasts())
497 ContainsReference CR(S.Context, DRE);
498 CR.Visit(const_cast<Expr*>(Initializer));
499 isSelfInit = CR.doesContainReference();
502 S.Diag(DRE->getLocStart(),
503 diag::warn_uninit_self_reference_in_init)
504 << VD->getDeclName() << VD->getLocation() << DRE->getSourceRange();
506 S.Diag(DRE->getLocStart(), diag::warn_uninit_var)
507 << VD->getDeclName() << DRE->getSourceRange();
510 S.Diag(DRE->getLocStart(), diag::warn_maybe_uninit_var)
511 << VD->getDeclName() << DRE->getSourceRange();
514 const BlockExpr *BE = cast<BlockExpr>(E);
515 S.Diag(BE->getLocStart(),
516 isAlwaysUninit ? diag::warn_uninit_var_captured_by_block
517 : diag::warn_maybe_uninit_var_captured_by_block)
518 << VD->getDeclName();
521 // Report where the variable was declared when the use wasn't within
522 // the initializer of that declaration & we didn't already suggest
523 // an initialization fixit.
524 if (!isSelfInit && !SuggestInitializationFixit(S, VD))
525 S.Diag(VD->getLocStart(), diag::note_uninit_var_def)
526 << VD->getDeclName();
531 typedef std::pair<const Expr*, bool> UninitUse;
535 bool operator()(const UninitUse &a, const UninitUse &b) {
536 SourceLocation aLoc = a.first->getLocStart();
537 SourceLocation bLoc = b.first->getLocStart();
538 return aLoc.getRawEncoding() < bLoc.getRawEncoding();
542 class UninitValsDiagReporter : public UninitVariablesHandler {
544 typedef SmallVector<UninitUse, 2> UsesVec;
545 typedef llvm::DenseMap<const VarDecl *, std::pair<UsesVec*, bool> > UsesMap;
549 UninitValsDiagReporter(Sema &S) : S(S), uses(0) {}
550 ~UninitValsDiagReporter() {
554 std::pair<UsesVec*, bool> &getUses(const VarDecl *vd) {
556 uses = new UsesMap();
558 UsesMap::mapped_type &V = (*uses)[vd];
559 UsesVec *&vec = V.first;
566 void handleUseOfUninitVariable(const Expr *ex, const VarDecl *vd,
567 bool isAlwaysUninit) {
568 getUses(vd).first->push_back(std::make_pair(ex, isAlwaysUninit));
571 void handleSelfInit(const VarDecl *vd) {
572 getUses(vd).second = true;
575 void flushDiagnostics() {
579 for (UsesMap::iterator i = uses->begin(), e = uses->end(); i != e; ++i) {
580 const VarDecl *vd = i->first;
581 const UsesMap::mapped_type &V = i->second;
583 UsesVec *vec = V.first;
584 bool hasSelfInit = V.second;
586 // Specially handle the case where we have uses of an uninitialized
587 // variable, but the root cause is an idiomatic self-init. We want
588 // to report the diagnostic at the self-init since that is the root cause.
589 if (!vec->empty() && hasSelfInit)
590 DiagnoseUninitializedUse(S, vd, vd->getInit()->IgnoreParenCasts(),
591 true, /* alwaysReportSelfInit */ true);
593 // Sort the uses by their SourceLocations. While not strictly
594 // guaranteed to produce them in line/column order, this will provide
595 // a stable ordering.
596 std::sort(vec->begin(), vec->end(), SLocSort());
598 for (UsesVec::iterator vi = vec->begin(), ve = vec->end(); vi != ve;
600 if (DiagnoseUninitializedUse(S, vd, vi->first,
601 /*isAlwaysUninit=*/vi->second))
602 // Skip further diagnostics for this variable. We try to warn only
603 // on the first point at which a variable is used uninitialized.
608 // Release the uses vector.
617 //===----------------------------------------------------------------------===//
619 //===----------------------------------------------------------------------===//
621 namespace thread_safety {
622 typedef std::pair<SourceLocation, PartialDiagnostic> DelayedDiag;
623 typedef llvm::SmallVector<DelayedDiag, 4> DiagList;
625 struct SortDiagBySourceLocation {
627 SortDiagBySourceLocation(Sema &S) : S(S) {}
629 bool operator()(const DelayedDiag &left, const DelayedDiag &right) {
630 // Although this call will be slow, this is only called when outputting
631 // multiple warnings.
632 return S.getSourceManager().isBeforeInTranslationUnit(left.first,
637 class ThreadSafetyReporter : public clang::thread_safety::ThreadSafetyHandler {
642 void warnLockMismatch(unsigned DiagID, Name LockName, SourceLocation Loc) {
643 PartialDiagnostic Warning = S.PDiag(DiagID) << LockName;
644 Warnings.push_back(DelayedDiag(Loc, Warning));
648 ThreadSafetyReporter(Sema &S) : S(S) {}
650 /// \brief Emit all buffered diagnostics in order of sourcelocation.
651 /// We need to output diagnostics produced while iterating through
652 /// the lockset in deterministic order, so this function orders diagnostics
653 /// and outputs them.
654 void emitDiagnostics() {
655 SortDiagBySourceLocation SortDiagBySL(S);
656 sort(Warnings.begin(), Warnings.end(), SortDiagBySL);
657 for (DiagList::iterator I = Warnings.begin(), E = Warnings.end();
659 S.Diag(I->first, I->second);
662 void handleInvalidLockExp(SourceLocation Loc) {
663 PartialDiagnostic Warning = S.PDiag(diag::warn_cannot_resolve_lock) << Loc;
664 Warnings.push_back(DelayedDiag(Loc, Warning));
666 void handleUnmatchedUnlock(Name LockName, SourceLocation Loc) {
667 warnLockMismatch(diag::warn_unlock_but_no_lock, LockName, Loc);
670 void handleDoubleLock(Name LockName, SourceLocation Loc) {
671 warnLockMismatch(diag::warn_double_lock, LockName, Loc);
674 void handleMutexHeldEndOfScope(Name LockName, SourceLocation Loc,
678 case LEK_LockedSomePredecessors:
679 DiagID = diag::warn_lock_at_end_of_scope;
681 case LEK_LockedSomeLoopIterations:
682 DiagID = diag::warn_expecting_lock_held_on_loop;
684 case LEK_LockedAtEndOfFunction:
685 DiagID = diag::warn_no_unlock;
688 warnLockMismatch(DiagID, LockName, Loc);
692 void handleExclusiveAndShared(Name LockName, SourceLocation Loc1,
693 SourceLocation Loc2) {
694 PartialDiagnostic Warning =
695 S.PDiag(diag::warn_lock_exclusive_and_shared) << LockName;
696 PartialDiagnostic Note =
697 S.PDiag(diag::note_lock_exclusive_and_shared) << LockName;
698 Warnings.push_back(DelayedDiag(Loc1, Warning));
699 Warnings.push_back(DelayedDiag(Loc2, Note));
702 void handleNoMutexHeld(const NamedDecl *D, ProtectedOperationKind POK,
703 AccessKind AK, SourceLocation Loc) {
704 assert((POK == POK_VarAccess || POK == POK_VarDereference)
705 && "Only works for variables");
706 unsigned DiagID = POK == POK_VarAccess?
707 diag::warn_variable_requires_any_lock:
708 diag::warn_var_deref_requires_any_lock;
709 PartialDiagnostic Warning = S.PDiag(DiagID)
710 << D->getName() << getLockKindFromAccessKind(AK);
711 Warnings.push_back(DelayedDiag(Loc, Warning));
714 void handleMutexNotHeld(const NamedDecl *D, ProtectedOperationKind POK,
715 Name LockName, LockKind LK, SourceLocation Loc) {
719 DiagID = diag::warn_variable_requires_lock;
721 case POK_VarDereference:
722 DiagID = diag::warn_var_deref_requires_lock;
724 case POK_FunctionCall:
725 DiagID = diag::warn_fun_requires_lock;
728 PartialDiagnostic Warning = S.PDiag(DiagID)
729 << D->getName() << LockName << LK;
730 Warnings.push_back(DelayedDiag(Loc, Warning));
733 void handleFunExcludesLock(Name FunName, Name LockName, SourceLocation Loc) {
734 PartialDiagnostic Warning =
735 S.PDiag(diag::warn_fun_excludes_mutex) << FunName << LockName;
736 Warnings.push_back(DelayedDiag(Loc, Warning));
742 //===----------------------------------------------------------------------===//
743 // AnalysisBasedWarnings - Worker object used by Sema to execute analysis-based
744 // warnings on a function, method, or block.
745 //===----------------------------------------------------------------------===//
747 clang::sema::AnalysisBasedWarnings::Policy::Policy() {
748 enableCheckFallThrough = 1;
749 enableCheckUnreachable = 0;
750 enableThreadSafetyAnalysis = 0;
753 clang::sema::AnalysisBasedWarnings::AnalysisBasedWarnings(Sema &s)
755 NumFunctionsAnalyzed(0),
756 NumFunctionsWithBadCFGs(0),
758 MaxCFGBlocksPerFunction(0),
759 NumUninitAnalysisFunctions(0),
760 NumUninitAnalysisVariables(0),
761 MaxUninitAnalysisVariablesPerFunction(0),
762 NumUninitAnalysisBlockVisits(0),
763 MaxUninitAnalysisBlockVisitsPerFunction(0) {
764 DiagnosticsEngine &D = S.getDiagnostics();
765 DefaultPolicy.enableCheckUnreachable = (unsigned)
766 (D.getDiagnosticLevel(diag::warn_unreachable, SourceLocation()) !=
767 DiagnosticsEngine::Ignored);
768 DefaultPolicy.enableThreadSafetyAnalysis = (unsigned)
769 (D.getDiagnosticLevel(diag::warn_double_lock, SourceLocation()) !=
770 DiagnosticsEngine::Ignored);
774 static void flushDiagnostics(Sema &S, sema::FunctionScopeInfo *fscope) {
775 for (SmallVectorImpl<sema::PossiblyUnreachableDiag>::iterator
776 i = fscope->PossiblyUnreachableDiags.begin(),
777 e = fscope->PossiblyUnreachableDiags.end();
779 const sema::PossiblyUnreachableDiag &D = *i;
785 AnalysisBasedWarnings::IssueWarnings(sema::AnalysisBasedWarnings::Policy P,
786 sema::FunctionScopeInfo *fscope,
787 const Decl *D, const BlockExpr *blkExpr) {
789 // We avoid doing analysis-based warnings when there are errors for
791 // (1) The CFGs often can't be constructed (if the body is invalid), so
792 // don't bother trying.
793 // (2) The code already has problems; running the analysis just takes more
795 DiagnosticsEngine &Diags = S.getDiagnostics();
797 // Do not do any analysis for declarations in system headers if we are
798 // going to just ignore them.
799 if (Diags.getSuppressSystemWarnings() &&
800 S.SourceMgr.isInSystemHeader(D->getLocation()))
803 // For code in dependent contexts, we'll do this at instantiation time.
804 if (cast<DeclContext>(D)->isDependentContext())
807 if (Diags.hasErrorOccurred() || Diags.hasFatalErrorOccurred()) {
808 // Flush out any possibly unreachable diagnostics.
809 flushDiagnostics(S, fscope);
813 const Stmt *Body = D->getBody();
816 AnalysisContext AC(D, 0);
818 // Don't generate EH edges for CallExprs as we'd like to avoid the n^2
819 // explosion for destrutors that can result and the compile time hit.
820 AC.getCFGBuildOptions().PruneTriviallyFalseEdges = true;
821 AC.getCFGBuildOptions().AddEHEdges = false;
822 AC.getCFGBuildOptions().AddInitializers = true;
823 AC.getCFGBuildOptions().AddImplicitDtors = true;
825 // Force that certain expressions appear as CFGElements in the CFG. This
826 // is used to speed up various analyses.
827 // FIXME: This isn't the right factoring. This is here for initial
828 // prototyping, but we need a way for analyses to say what expressions they
829 // expect to always be CFGElements and then fill in the BuildOptions
830 // appropriately. This is essentially a layering violation.
831 if (P.enableCheckUnreachable) {
832 // Unreachable code analysis requires a linearized CFG.
833 AC.getCFGBuildOptions().setAllAlwaysAdd();
836 AC.getCFGBuildOptions()
837 .setAlwaysAdd(Stmt::BinaryOperatorClass)
838 .setAlwaysAdd(Stmt::BlockExprClass)
839 .setAlwaysAdd(Stmt::CStyleCastExprClass)
840 .setAlwaysAdd(Stmt::DeclRefExprClass)
841 .setAlwaysAdd(Stmt::ImplicitCastExprClass)
842 .setAlwaysAdd(Stmt::UnaryOperatorClass);
845 // Construct the analysis context with the specified CFG build options.
847 // Emit delayed diagnostics.
848 if (!fscope->PossiblyUnreachableDiags.empty()) {
849 bool analyzed = false;
851 // Register the expressions with the CFGBuilder.
852 for (SmallVectorImpl<sema::PossiblyUnreachableDiag>::iterator
853 i = fscope->PossiblyUnreachableDiags.begin(),
854 e = fscope->PossiblyUnreachableDiags.end();
856 if (const Stmt *stmt = i->stmt)
857 AC.registerForcedBlockExpression(stmt);
862 for (SmallVectorImpl<sema::PossiblyUnreachableDiag>::iterator
863 i = fscope->PossiblyUnreachableDiags.begin(),
864 e = fscope->PossiblyUnreachableDiags.end();
867 const sema::PossiblyUnreachableDiag &D = *i;
868 bool processed = false;
869 if (const Stmt *stmt = i->stmt) {
870 const CFGBlock *block = AC.getBlockForRegisteredExpression(stmt);
872 if (CFGReverseBlockReachabilityAnalysis *cra = AC.getCFGReachablityAnalysis()) {
873 // Can this block be reached from the entrance?
874 if (cra->isReachable(&AC.getCFG()->getEntry(), block))
880 // Emit the warning anyway if we cannot map to a basic block.
887 flushDiagnostics(S, fscope);
891 // Warning: check missing 'return'
892 if (P.enableCheckFallThrough) {
893 const CheckFallThroughDiagnostics &CD =
894 (isa<BlockDecl>(D) ? CheckFallThroughDiagnostics::MakeForBlock()
895 : CheckFallThroughDiagnostics::MakeForFunction(D));
896 CheckFallThroughForBody(S, D, Body, blkExpr, CD, AC);
899 // Warning: check for unreachable code
900 if (P.enableCheckUnreachable)
901 CheckUnreachable(S, AC);
903 // Check for thread safety violations
904 if (P.enableThreadSafetyAnalysis) {
905 thread_safety::ThreadSafetyReporter Reporter(S);
906 thread_safety::runThreadSafetyAnalysis(AC, Reporter);
907 Reporter.emitDiagnostics();
910 if (Diags.getDiagnosticLevel(diag::warn_uninit_var, D->getLocStart())
911 != DiagnosticsEngine::Ignored ||
912 Diags.getDiagnosticLevel(diag::warn_maybe_uninit_var, D->getLocStart())
913 != DiagnosticsEngine::Ignored) {
914 if (CFG *cfg = AC.getCFG()) {
915 UninitValsDiagReporter reporter(S);
916 UninitVariablesAnalysisStats stats;
917 std::memset(&stats, 0, sizeof(UninitVariablesAnalysisStats));
918 runUninitializedVariablesAnalysis(*cast<DeclContext>(D), *cfg, AC,
921 if (S.CollectStats && stats.NumVariablesAnalyzed > 0) {
922 ++NumUninitAnalysisFunctions;
923 NumUninitAnalysisVariables += stats.NumVariablesAnalyzed;
924 NumUninitAnalysisBlockVisits += stats.NumBlockVisits;
925 MaxUninitAnalysisVariablesPerFunction =
926 std::max(MaxUninitAnalysisVariablesPerFunction,
927 stats.NumVariablesAnalyzed);
928 MaxUninitAnalysisBlockVisitsPerFunction =
929 std::max(MaxUninitAnalysisBlockVisitsPerFunction,
930 stats.NumBlockVisits);
935 // Collect statistics about the CFG if it was built.
936 if (S.CollectStats && AC.isCFGBuilt()) {
937 ++NumFunctionsAnalyzed;
938 if (CFG *cfg = AC.getCFG()) {
939 // If we successfully built a CFG for this context, record some more
940 // detail information about it.
941 NumCFGBlocks += cfg->getNumBlockIDs();
942 MaxCFGBlocksPerFunction = std::max(MaxCFGBlocksPerFunction,
943 cfg->getNumBlockIDs());
945 ++NumFunctionsWithBadCFGs;
950 void clang::sema::AnalysisBasedWarnings::PrintStats() const {
951 llvm::errs() << "\n*** Analysis Based Warnings Stats:\n";
953 unsigned NumCFGsBuilt = NumFunctionsAnalyzed - NumFunctionsWithBadCFGs;
954 unsigned AvgCFGBlocksPerFunction =
955 !NumCFGsBuilt ? 0 : NumCFGBlocks/NumCFGsBuilt;
956 llvm::errs() << NumFunctionsAnalyzed << " functions analyzed ("
957 << NumFunctionsWithBadCFGs << " w/o CFGs).\n"
958 << " " << NumCFGBlocks << " CFG blocks built.\n"
959 << " " << AvgCFGBlocksPerFunction
960 << " average CFG blocks per function.\n"
961 << " " << MaxCFGBlocksPerFunction
962 << " max CFG blocks per function.\n";
964 unsigned AvgUninitVariablesPerFunction = !NumUninitAnalysisFunctions ? 0
965 : NumUninitAnalysisVariables/NumUninitAnalysisFunctions;
966 unsigned AvgUninitBlockVisitsPerFunction = !NumUninitAnalysisFunctions ? 0
967 : NumUninitAnalysisBlockVisits/NumUninitAnalysisFunctions;
968 llvm::errs() << NumUninitAnalysisFunctions
969 << " functions analyzed for uninitialiazed variables\n"
970 << " " << NumUninitAnalysisVariables << " variables analyzed.\n"
971 << " " << AvgUninitVariablesPerFunction
972 << " average variables per function.\n"
973 << " " << MaxUninitAnalysisVariablesPerFunction
974 << " max variables per function.\n"
975 << " " << NumUninitAnalysisBlockVisits << " block visits.\n"
976 << " " << AvgUninitBlockVisitsPerFunction
977 << " average block visits per function.\n"
978 << " " << MaxUninitAnalysisBlockVisitsPerFunction
979 << " max block visits per function.\n";